trekoon 0.4.1 → 0.4.2

package/src/sync/service.ts

@@ -44,7 +44,7 @@ function isSyncFieldValueSupported(tableName: string, fieldName: string, value:
   return value === null && isSyncNullableStringField(tableName, fieldName);
 }
 
-function isCursorStale(db: Database, cursorToken: string, sourceBranch: string): boolean {
+export function isCursorStale(db: Database, cursorToken: string, sourceBranch: string): boolean {
   if (cursorToken === "0:") {
     return false;
   }
@@ -57,10 +57,8 @@ function isCursorStale(db: Database, cursorToken: string, sourceBranch: string):
     return false;
   }
 
-  // Check if the event referenced by the cursor still exists.
-  // If the cursor references a specific event id, check for it.
-  // Otherwise, check if any event at or after the cursor timestamp exists
-  // on the source branch.
+  // Check if the event referenced by the cursor still exists in the live
+  // events table. If found, the cursor position is valid.
   if (id.length > 0) {
     const row = db
       .query("SELECT id FROM events WHERE id = ? LIMIT 1;")
@@ -70,20 +68,56 @@ function isCursorStale(db: Database, cursorToken: string, sourceBranch: string):
     }
   }
 
-  // The referenced event is gone. Check if there are any events on the
-  // source branch at or after the cursor timestamp — if not, the cursor
-  // may simply be at the end of the stream.
+  // Compute the earliest retained created_at on the cursor's source branch
+  // across both the live events table and event_archive (pruned events). If
+  // the cursor predates that minimum, history before the cursor on this
+  // branch has been lost and re-bootstrap is required.
+  //
+  // Scoping by git_branch is essential: a global MIN would falsely report
+  // staleness on branch B simply because branch A has older retained events
+  // than the cursor on B.
+  const minRow = db
+    .query(
+      `SELECT MIN(min_ts) AS min_ts FROM (
+         SELECT MIN(created_at) AS min_ts FROM events WHERE git_branch = ?
+         UNION ALL
+         SELECT MIN(created_at) AS min_ts FROM event_archive WHERE git_branch = ?
+       );`,
+    )
+    .get(sourceBranch, sourceBranch) as { min_ts: number | null } | null;
+
+  const minTs: number | null = minRow?.min_ts ?? null;
+
+  // If there are no events at all, the cursor may simply be ahead of an
+  // empty log — not stale.
+  if (minTs === null) {
+    return false;
+  }
+
+  // Cursor predates the earliest retained event: the history window has
+  // been pruned past the cursor's position.
+  if (createdAt < minTs) {
+    return true;
+  }
+
+  // The referenced event is gone but the cursor timestamp is within the
+  // retained window. Check if there are any events on the source branch at
+  // or after the cursor timestamp across both tables — if there are, events
+  // between the cursor and the oldest remaining event were pruned.
   const newerRow = db
     .query(
-      `SELECT id FROM events
-       WHERE git_branch = ? AND created_at >= ?
+      `SELECT id FROM (
+         SELECT id, created_at FROM events
+         WHERE git_branch = ? AND created_at >= ?
+         UNION ALL
+         SELECT id, created_at FROM event_archive
+         WHERE git_branch = ? AND created_at >= ?
+       )
        ORDER BY created_at ASC, id ASC
        LIMIT 1;`,
     )
-    .get(sourceBranch, createdAt) as { id: string } | null;
+    .get(sourceBranch, createdAt, sourceBranch, createdAt) as { id: string } | null;
 
-  // If there are newer events but our referenced event is gone,
-  // events between the cursor and the oldest remaining event were pruned.
   return newerRow !== null;
 }
 
@@ -119,6 +153,24 @@ interface ConflictRow {
   readonly resolution: string;
   readonly created_at: number;
   readonly updated_at: number;
+  readonly worktree_path: string;
+  readonly current_branch: string;
+}
+
+/**
+ * Worktree+branch scope under which a conflict is recorded. Required so that
+ * cleanup, listing, and resolution paths can isolate conflicts that two
+ * sibling worktrees independently observed on the same entity. Without this
+ * scoping a `removeConflictsForEntityIds` from worktree A's pull would erase
+ * worktree B's pending conflicts on the same entity.
+ */
+interface ConflictScope {
+  readonly worktreePath: string;
+  readonly currentBranch: string;
+}
+
+function scopeFromGitContext(git: { worktreePath: string; branchName: string | null }): ConflictScope {
+  return { worktreePath: git.worktreePath, currentBranch: git.branchName ?? "" };
 }
 
 interface ResolutionEventPayload {
@@ -127,6 +179,17 @@ interface ResolutionEventPayload {
   readonly field: string;
   readonly resolution: string;
   readonly value?: string | null;
+  /**
+   * Worktree+branch scope of the conflict row that was resolved on the
+   * emitter side. Receivers use these (combined with their OWN active
+   * scope) to ensure a single shared `source_event_id` does not cause one
+   * worktree's resolution to clobber a sibling worktree's pending row.
+   *
+   * Optional for back-compat with events emitted before scope-aware
+   * resolution was introduced.
+   */
+  readonly worktree_path?: string;
+  readonly current_branch?: string;
 }
 
 interface ResolutionWriteContext {
@@ -319,10 +382,18 @@ function saveCursor(
   });
 }
 
-function countPendingConflicts(db: Database): number {
+function countPendingConflicts(db: Database, scope: ConflictScope): number {
   const row = db
-    .query("SELECT COUNT(*) AS count FROM sync_conflicts WHERE resolution = 'pending';")
-    .get() as { count: number } | null;
+    .query(
+      `
+      SELECT COUNT(*) AS count
+      FROM sync_conflicts
+      WHERE resolution = 'pending'
+        AND worktree_path = ?
+        AND current_branch = ?;
+      `,
+    )
+    .get(scope.worktreePath, scope.currentBranch) as { count: number } | null;
 
   return row?.count ?? 0;
 }
@@ -428,18 +499,197 @@ function dependencyEventIdentity(event: StoredEvent): DependencyEventIdentity |
   return dependencyEventIdentityFromFields(payloadValidation.fields);
 }
 
+/**
+ * Memoized lookup table for "ours" field values keyed by
+ * `${entity_kind}|${entity_id}|${field_name}` on the current branch.
+ *
+ * Entries:
+ *   - undefined: not yet probed
+ *   - {found:false}: probed, no event on currentBranch touches this field
+ *   - {found:true,value}: probed, most recent serialized local value found
+ */
+type OursLookupResult =
+  | { readonly found: false }
+  | { readonly found: true; readonly value: string | null };
+
+type OursValueCache = Map<string, OursLookupResult>;
+
+function createOursValueCache(): OursValueCache {
+  return new Map<string, OursLookupResult>();
+}
+
+function oursCacheKey(entityKind: string, entityId: string, fieldName: string): string {
+  return `${entityKind}|${entityId}|${fieldName}`;
+}
+
+// Safe field-name guard for use in JSON1 path strings. We only inline
+// fieldName into a `$.fields.<name>` path; any non-identifier character
+// would either break the path syntax or invite injection-like surprises.
+const SAFE_FIELD_NAME_PATTERN = /^[A-Za-z_][A-Za-z0-9_]*$/;
+
+function isSafeJsonPathField(fieldName: string): boolean {
+  return SAFE_FIELD_NAME_PATTERN.test(fieldName);
+}
+
+/**
+ * Fast O(1)-per-call probe (after first lookup is memoized) for the most
+ * recent local-branch event that touched a given (entity, field).
+ *
+ * Uses the `idx_events_entity_branch_cursor` index plus SQLite JSON1
+ * (`json_type`) to find the newest event whose payload has the field key,
+ * with a single LIMIT 1 query — replacing the previous unbounded batched
+ * history walk.
+ *
+ * Returns undefined when no event on `currentBranch` for `(entityKind,
+ * entityId)` has the field in its payload; otherwise the serialized
+ * local value (matching `serializeValue(payload.fields[field])`).
+ */
+function lookupOursFieldValue(
+  localDb: Database,
+  cache: OursValueCache,
+  currentBranch: string,
+  entityKind: string,
+  entityId: string,
+  fieldName: string,
+): string | null | undefined {
+  const key = oursCacheKey(entityKind, entityId, fieldName);
+  const cached = cache.get(key);
+  if (cached !== undefined) {
+    return cached.found ? cached.value : undefined;
+  }
+
+  // json_type returns SQL NULL only when the JSON path does not exist.
+  // It returns the string 'null' when the field is explicitly null —
+  // we treat that as a real value (matching the legacy walk's behavior
+  // where only `typeof undefined` skipped a key).
+  //
+  // Defense-in-depth: pass fieldName as a SQLite bind value rather than
+  // interpolating it into the JS path string. The caller already gates
+  // fieldName via SAFE_FIELD_NAME_PATTERN, but binding ensures the value
+  // is never spliced into the path expression on the JS side. SQLite
+  // concatenates `'$.fields.' || ?` server-side; if the bound value were
+  // somehow malformed, the JSON-path parser rejects the whole expression
+  // (`bad JSON path`) instead of silently widening the query.
+  const row = localDb
+    .query(
+      `
+      SELECT json_extract(payload, '$.fields.' || ?) AS value,
+             json_type(payload, '$.fields.' || ?) AS jt
+      FROM events
+      WHERE entity_kind = ?
+        AND entity_id = ?
+        AND git_branch = ?
+        AND json_type(payload, '$.fields.' || ?) IS NOT NULL
+      ORDER BY created_at DESC, id DESC
+      LIMIT 1;
+      `,
+    )
+    .get(fieldName, fieldName, entityKind, entityId, currentBranch, fieldName) as
+    | { value: unknown; jt: string | null }
+    | null;
+
+  if (row === null || row.jt === null) {
+    cache.set(key, { found: false });
+    return undefined;
+  }
+
+  // Reconstruct serialized local value matching
+  // `serializeValue(JSON.parse(payload).fields[field])`.
+  // For JSON nulls, json_extract returns SQL NULL; we represent ours as "null".
+  // For other types we re-serialize using JSON.stringify on the JSON-extracted value.
+  const ours: string | null = row.jt === "null" ? "null" : JSON.stringify(row.value);
+
+  cache.set(key, { found: true, value: ours });
+  return ours;
+}
+
 function entityFieldConflict(
   localDb: Database,
+  currentBranch: string | null,
   sourceBranch: string,
   event: StoredEvent,
   fieldName: string,
   incomingValue: unknown,
+  oursCache: OursValueCache,
 ): { oursValue: string | null; theirsValue: string | null } | null {
+  // Detached HEAD has no named branch — no local-branch events can conflict.
+  if (currentBranch === null) {
+    return null;
+  }
+
+  // Current-row short-circuit: live entity already matches the incoming
+  // value, so applying the incoming event is a no-op — no conflict possible.
+  //
+  // Only valid when the local row exists. If the row was deleted locally
+  // currentEntityFieldValue returns `undefined`, which serializeValue maps
+  // to `null` — that would falsely match an incoming `null` field and mask
+  // a real conflict (delete vs. concurrent update). When the row is gone
+  // we must fall through to the history walk so the local delete event is
+  // discovered and reported as a conflict against the incoming non-delete.
   const currentValue = currentEntityFieldValue(localDb, event.entity_kind, event.entity_id, fieldName);
-  if (serializeValue(currentValue) === serializeValue(incomingValue)) {
+  const theirsValue = serializeValue(incomingValue);
+  if (typeof currentValue !== "undefined" && serializeValue(currentValue) === theirsValue) {
+    return null;
+  }
+
+  // Dependency events use identity-tuple matching (entity_id can be reused
+  // across distinct dependencies). Fall back to the legacy filtered scan;
+  // dependency events are bounded by per-entity history depth and not the
+  // hot path that the optimization targets. Same fallback applies for
+  // payload field names that can't safely be inlined into a JSON1 path
+  // (defense in depth — the canonical SYNC_ALLOWED_FIELDS are all simple
+  // identifiers, but incoming payloads are not strictly schema-checked).
+  const incomingDependencyIdentity = dependencyEventIdentity(event);
+  if (incomingDependencyIdentity !== null || !isSafeJsonPathField(fieldName)) {
+    return entityFieldConflictHistoryWalk(
+      localDb,
+      currentBranch,
+      event,
+      fieldName,
+      theirsValue,
+      incomingDependencyIdentity,
+    );
+  }
+
+  // Fast path: indexed + memoized probe for "most recent local event
+  // touching this field on this entity".
+  const oursValue = lookupOursFieldValue(
+    localDb,
+    oursCache,
+    currentBranch,
+    event.entity_kind,
+    event.entity_id,
+    fieldName,
+  );
+
+  if (oursValue === undefined) {
+    return null;
+  }
+
+  if (oursValue === theirsValue) {
     return null;
   }
 
+  return { oursValue, theirsValue };
+}
+
+/**
+ * Slow-path conflict detection. Preserves the legacy batched history walk
+ * for two cases:
+ *   1. Dependency events — identity (source/depends_on tuple) must match
+ *      the incoming event because distinct dependencies can share an
+ *      entity_id. A static-field probe is not sufficient.
+ *   2. Field names that cannot safely be inlined into a JSON1 path — falls
+ *      back to JS-side payload parsing instead of a json_type SQL probe.
+ */
+function entityFieldConflictHistoryWalk(
+  localDb: Database,
+  currentBranch: string,
+  event: StoredEvent,
+  fieldName: string,
+  theirsValue: string | null,
+  incomingDependencyIdentity: DependencyEventIdentity | null,
+): { oursValue: string | null; theirsValue: string | null } | null {
   let beforeCreatedAt = Number.MAX_SAFE_INTEGER;
   let beforeId = "\uffff";
 
@@ -451,7 +701,7 @@ function entityFieldConflict(
       FROM events
       WHERE entity_kind = ?
         AND entity_id = ?
-        AND (git_branch IS NULL OR git_branch != ?)
+        AND git_branch = ?
         AND (
           created_at < ?
           OR (created_at = ? AND id < ?)
@@ -463,15 +713,13 @@ function entityFieldConflict(
       .all(
         event.entity_kind,
         event.entity_id,
-        sourceBranch,
+        currentBranch,
         beforeCreatedAt,
         beforeCreatedAt,
         beforeId,
         CONFLICT_HISTORY_SCAN_BATCH_SIZE,
       ) as LocalEntityEventRow[];
 
-    const incomingDependencyIdentity = dependencyEventIdentity(event);
-
     if (rows.length === 0) {
       return null;
     }
@@ -503,7 +751,6 @@ function entityFieldConflict(
       }
 
       const oursValue = serializeValue(localValue);
-      const theirsValue = serializeValue(incomingValue);
 
       if (oursValue !== theirsValue) {
         return {
@@ -525,6 +772,7 @@ function createConflict(
   fieldName: string,
   oursValue: string | null,
   theirsValue: string | null,
+  scope: ConflictScope,
   resolution: string = "pending",
 ): void {
   const now: number = Date.now();
@@ -534,11 +782,19 @@ function createConflict(
       SELECT id, resolution, ours_value, theirs_value
       FROM sync_conflicts
       WHERE event_id = ? AND entity_kind = ? AND entity_id = ? AND field_name = ?
+        AND worktree_path = ? AND current_branch = ?
       ORDER BY CASE WHEN resolution = 'pending' THEN 0 ELSE 1 END, created_at ASC, id ASC
       LIMIT 1;
       `,
     )
-    .get(event.id, event.entity_kind, event.entity_id, fieldName) as
+    .get(
+      event.id,
+      event.entity_kind,
+      event.entity_id,
+      fieldName,
+      scope.worktreePath,
+      scope.currentBranch,
+    ) as
     | { id: string; resolution: string; ours_value: string | null; theirs_value: string | null }
     | null;
 
@@ -580,32 +836,72 @@ function createConflict(
       resolution,
       created_at,
       updated_at,
-      version
-    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1);
+      version,
+      worktree_path,
+      current_branch
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, ?, ?);
     `,
-  ).run(randomUUID(), event.id, event.entity_kind, event.entity_id, fieldName, oursValue, theirsValue, resolution, now, now);
+  ).run(
+    randomUUID(),
+    event.id,
+    event.entity_kind,
+    event.entity_id,
+    fieldName,
+    oursValue,
+    theirsValue,
+    resolution,
+    now,
+    now,
+    scope.worktreePath,
+    scope.currentBranch,
+  );
 }
 
 function findConflictForResolutionEvent(
   db: Database,
   event: StoredEvent,
   payload: ResolutionEventPayload,
+  receiverScope: ConflictScope,
 ): ConflictRow | null {
+  // Scope-isolated resolve: a single (event_id, entity, field) tuple can
+  // have multiple sync_conflicts rows — one per observer worktree+branch.
+  // The receiver only resolves its OWN scoped row. If the payload carries
+  // an emitter scope (new, scope-aware events), require it to match the
+  // receiver — cross-scope events are a no-op so a resolve in worktree A
+  // never mutates worktree B's row.
+  if (
+    typeof payload.worktree_path === "string" &&
+    typeof payload.current_branch === "string" &&
+    (payload.worktree_path !== receiverScope.worktreePath ||
+      payload.current_branch !== receiverScope.currentBranch)
+  ) {
+    return null;
+  }
+
   if (typeof payload.source_event_id === "string" && payload.source_event_id.length > 0) {
     const bySourceEvent = db
       .query(
         `
-        SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at
+        SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at, worktree_path, current_branch
         FROM sync_conflicts
         WHERE event_id = ?
           AND entity_kind = ?
           AND entity_id = ?
           AND field_name = ?
+          AND worktree_path = ?
+          AND current_branch = ?
         ORDER BY CASE WHEN resolution = 'pending' THEN 0 ELSE 1 END, created_at ASC, id ASC
         LIMIT 1;
         `,
       )
-      .get(payload.source_event_id, event.entity_kind, event.entity_id, payload.field) as ConflictRow | null;
+      .get(
+        payload.source_event_id,
+        event.entity_kind,
+        event.entity_id,
+        payload.field,
+        receiverScope.worktreePath,
+        receiverScope.currentBranch,
+      ) as ConflictRow | null;
 
     if (bySourceEvent) {
       return bySourceEvent;
@@ -619,23 +915,63 @@ function findConflictForResolutionEvent(
   return db
     .query(
       `
-      SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at
+      SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at, worktree_path, current_branch
       FROM sync_conflicts
       WHERE id = ?
         AND entity_kind = ?
         AND entity_id = ?
         AND field_name = ?
+        AND worktree_path = ?
+        AND current_branch = ?
       LIMIT 1;
       `,
     )
-    .get(payload.conflict_id, event.entity_kind, event.entity_id, payload.field) as ConflictRow | null;
+    .get(
+      payload.conflict_id,
+      event.entity_kind,
+      event.entity_id,
+      payload.field,
+      receiverScope.worktreePath,
+      receiverScope.currentBranch,
+    ) as ConflictRow | null;
 }
 
 function removeDependenciesTouchingNode(db: Database, nodeId: string): void {
   db.query("DELETE FROM dependencies WHERE source_id = ? OR depends_on_id = ?;").run(nodeId, nodeId);
 }
 
-function removeTaskSubtree(db: Database, taskId: string): void {
+function removeConflictsForEntityIds(
+  db: Database,
+  entityKind: string,
+  entityIds: readonly string[],
+  scope: ConflictScope,
+  excludeConflictId?: string,
+): void {
+  if (entityIds.length === 0) {
+    return;
+  }
+  const placeholders = entityIds.map(() => "?").join(", ");
+  if (excludeConflictId !== undefined) {
+    db.query(
+      `DELETE FROM sync_conflicts
+       WHERE entity_kind = ?
+         AND entity_id IN (${placeholders})
+         AND worktree_path = ?
+         AND current_branch = ?
+         AND id != ?;`,
+    ).run(entityKind, ...entityIds, scope.worktreePath, scope.currentBranch, excludeConflictId);
+  } else {
+    db.query(
+      `DELETE FROM sync_conflicts
+       WHERE entity_kind = ?
+         AND entity_id IN (${placeholders})
+         AND worktree_path = ?
+         AND current_branch = ?;`,
+    ).run(entityKind, ...entityIds, scope.worktreePath, scope.currentBranch);
+  }
+}
+
+function removeTaskSubtree(db: Database, taskId: string): Array<{ id: string }> {
   const subtasks = db
     .query("SELECT id FROM subtasks WHERE task_id = ? ORDER BY created_at ASC, id ASC;")
     .all(taskId) as Array<{ id: string }>;
@@ -646,6 +982,7 @@ function removeTaskSubtree(db: Database, taskId: string): void {
 
   db.query("DELETE FROM subtasks WHERE task_id = ?;").run(taskId);
   removeDependenciesTouchingNode(db, taskId);
+  return subtasks;
 }
 
 function applyPendingDeleteCascadeResolution(db: Database, conflict: ConflictRow): void {
@@ -670,12 +1007,25 @@ function applyPendingDeleteCascadeResolution(db: Database, conflict: ConflictRow
   }
 }
 
+function scopeFromConflictRow(conflict: ConflictRow): ConflictScope {
+  return { worktreePath: conflict.worktree_path, currentBranch: conflict.current_branch };
+}
+
 function applyConflictTheirsResolution(db: Database, conflict: ConflictRow): void {
+  // Cleanup is scoped to the conflict's own worktree+branch so resolving a
+  // conflict in this worktree does not erase peer worktrees' pending
+  // conflicts on the same entity.
+  const scope: ConflictScope = scopeFromConflictRow(conflict);
+
   if (conflict.field_name === "__delete__") {
     if (conflict.entity_kind === "task") {
-      removeTaskSubtree(db, conflict.entity_id);
+      const subtasks = removeTaskSubtree(db, conflict.entity_id);
+      const subtaskIds = subtasks.map((s) => s.id);
+      removeConflictsForEntityIds(db, "subtask", subtaskIds, scope, conflict.id);
+      removeConflictsForEntityIds(db, "task", [conflict.entity_id], scope, conflict.id);
     } else if (conflict.entity_kind === "subtask") {
       removeDependenciesTouchingNode(db, conflict.entity_id);
+      removeConflictsForEntityIds(db, "subtask", [conflict.entity_id], scope, conflict.id);
     }
     applyPendingDeleteCascadeResolution(db, conflict);
     deleteSingleEntity(db, conflict.entity_kind, conflict.entity_id, { allowMissing: true });
@@ -687,7 +1037,11 @@ function applyConflictTheirsResolution(db: Database, conflict: ConflictRow): voi
   });
 }
 
-function applyIncomingResolutionEvent(db: Database, event: StoredEvent): boolean {
+function applyIncomingResolutionEvent(
+  db: Database,
+  event: StoredEvent,
+  receiverScope: ConflictScope,
+): boolean {
   const parsed = parseJsonObject(event.payload);
   if (!parsed) {
     return false;
@@ -704,7 +1058,7 @@ function applyIncomingResolutionEvent(db: Database, event: StoredEvent): boolean
     return false;
   }
 
-  const conflict = findConflictForResolutionEvent(db, event, resolutionPayload);
+  const conflict = findConflictForResolutionEvent(db, event, resolutionPayload, receiverScope);
   if (!conflict) {
     return false;
   }
@@ -739,16 +1093,16 @@ function applyIncomingResolutionEvent(db: Database, event: StoredEvent): boolean
   return updated.changes > 0;
 }
 
-function hasLocalEntityEdits(db: Database, entityKind: string, entityId: string, sourceBranch: string): boolean {
+function hasLocalEntityEdits(db: Database, entityKind: string, entityId: string, currentBranch: string): boolean {
   const row = db
     .query(
-      `SELECT 1 FROM events WHERE entity_kind = ? AND entity_id = ? AND (git_branch IS NULL OR git_branch != ?) LIMIT 1;`,
+      `SELECT 1 FROM events WHERE entity_kind = ? AND entity_id = ? AND git_branch = ? LIMIT 1;`,
     )
-    .get(entityKind, entityId, sourceBranch);
+    .get(entityKind, entityId, currentBranch);
   return row !== null;
 }
 
-function hasLocalDependencyEditsTouchingNodes(db: Database, nodeIds: readonly string[], sourceBranch: string): boolean {
+function hasLocalDependencyEditsTouchingNodes(db: Database, nodeIds: readonly string[], currentBranch: string): boolean {
   if (nodeIds.length === 0) {
     return false;
   }
@@ -762,7 +1116,7 @@ function hasLocalDependencyEditsTouchingNodes(db: Database, nodeIds: readonly st
         SELECT 1
         FROM events
         WHERE entity_kind = 'dependency'
-          AND (git_branch IS NULL OR git_branch != ?)
+          AND git_branch = ?
           AND (
             json_extract(payload, '$.fields.source_id') IN (${placeholders})
             OR json_extract(payload, '$.fields.depends_on_id') IN (${placeholders})
@@ -770,7 +1124,7 @@ function hasLocalDependencyEditsTouchingNodes(db: Database, nodeIds: readonly st
         LIMIT 1;
         `,
       )
-      .get(sourceBranch, ...chunk, ...chunk);
+      .get(currentBranch, ...chunk, ...chunk);
 
     if (row !== null) {
       return true;
@@ -782,7 +1136,7 @@ function hasLocalDependencyEditsTouchingNodes(db: Database, nodeIds: readonly st
 
 function hasLocalDependencyEditsForIdentity(
   db: Database,
-  sourceBranch: string,
+  currentBranch: string,
   identity: DependencyEventIdentity,
 ): boolean {
   const row = db
@@ -791,7 +1145,7 @@ function hasLocalDependencyEditsForIdentity(
       SELECT 1
       FROM events
       WHERE entity_kind = 'dependency'
-        AND (git_branch IS NULL OR git_branch != ?)
+        AND git_branch = ?
         AND json_extract(payload, '$.fields.source_id') = ?
         AND json_extract(payload, '$.fields.source_kind') = ?
         AND json_extract(payload, '$.fields.depends_on_id') = ?
@@ -799,7 +1153,7 @@ function hasLocalDependencyEditsForIdentity(
       LIMIT 1;
       `,
     )
-    .get(sourceBranch, identity.sourceId, identity.sourceKind, identity.dependsOnId, identity.dependsOnKind);
+    .get(currentBranch, identity.sourceId, identity.sourceKind, identity.dependsOnId, identity.dependsOnKind);
 
   return row !== null;
 }
@@ -824,7 +1178,7 @@ function dependencyRowExistsForIdentity(db: Database, identity: DependencyEventI
 
 function latestLocalDependencyOperationForIdentity(
   db: Database,
-  sourceBranch: string,
+  currentBranch: string,
   identity: DependencyEventIdentity,
 ): string | null {
   const row = db
@@ -833,7 +1187,7 @@ function latestLocalDependencyOperationForIdentity(
       SELECT operation
       FROM events
       WHERE entity_kind = 'dependency'
-        AND (git_branch IS NULL OR git_branch != ?)
+        AND git_branch = ?
         AND json_extract(payload, '$.fields.source_id') = ?
         AND json_extract(payload, '$.fields.source_kind') = ?
         AND json_extract(payload, '$.fields.depends_on_id') = ?
@@ -842,7 +1196,7 @@ function latestLocalDependencyOperationForIdentity(
       LIMIT 1;
       `,
     )
-    .get(sourceBranch, identity.sourceId, identity.sourceKind, identity.dependsOnId, identity.dependsOnKind) as
+    .get(currentBranch, identity.sourceId, identity.sourceKind, identity.dependsOnId, identity.dependsOnKind) as
     | { operation: string }
     | null;
 
@@ -851,7 +1205,7 @@ function latestLocalDependencyOperationForIdentity(
 
 function hasLocalDependencyRemovalForIdentity(
   db: Database,
-  sourceBranch: string,
+  currentBranch: string,
   identity: DependencyEventIdentity,
 ): boolean {
   const row = db
@@ -861,7 +1215,7 @@ function hasLocalDependencyRemovalForIdentity(
       FROM events
       WHERE entity_kind = 'dependency'
         AND operation = 'dependency.removed'
-        AND (git_branch IS NULL OR git_branch != ?)
+        AND git_branch = ?
         AND json_extract(payload, '$.fields.source_id') = ?
         AND json_extract(payload, '$.fields.depends_on_id') = ?
         AND (
@@ -875,12 +1229,17 @@ function hasLocalDependencyRemovalForIdentity(
       LIMIT 1;
       `,
     )
-    .get(sourceBranch, identity.sourceId, identity.dependsOnId, identity.sourceKind, identity.dependsOnKind);
+    .get(currentBranch, identity.sourceId, identity.dependsOnId, identity.sourceKind, identity.dependsOnKind);
 
   return row !== null;
 }
 
-function hasLocalDependencyDeleteConflict(db: Database, event: StoredEvent, sourceBranch: string): boolean {
+function hasLocalDependencyDeleteConflict(db: Database, event: StoredEvent, currentBranch: string | null): boolean {
+  // Detached HEAD has no named branch — no local-branch events can conflict.
+  if (currentBranch === null) {
+    return false;
+  }
+
   const identity = dependencyEventIdentity(event);
   if (identity === null) {
     return false;
@@ -890,21 +1249,26 @@ function hasLocalDependencyDeleteConflict(db: Database, event: StoredEvent, sour
     return false;
   }
 
-  const latestOperation = latestLocalDependencyOperationForIdentity(db, sourceBranch, identity);
+  const latestOperation = latestLocalDependencyOperationForIdentity(db, currentBranch, identity);
   if (latestOperation === ENTITY_OPERATIONS.dependency.removed) {
     return false;
   }
 
-  return hasLocalDependencyEditsForIdentity(db, sourceBranch, identity);
+  return hasLocalDependencyEditsForIdentity(db, currentBranch, identity);
 }
 
-function hasLocalDeleteCascadeEdits(db: Database, event: StoredEvent, sourceBranch: string): boolean {
-  if (hasLocalEntityEdits(db, event.entity_kind, event.entity_id, sourceBranch)) {
+function hasLocalDeleteCascadeEdits(db: Database, event: StoredEvent, currentBranch: string | null): boolean {
+  // Detached HEAD has no named branch — no local-branch events can conflict.
+  if (currentBranch === null) {
+    return false;
+  }
+
+  if (hasLocalEntityEdits(db, event.entity_kind, event.entity_id, currentBranch)) {
     return true;
   }
 
   if (event.entity_kind === "subtask") {
-    return hasLocalDependencyEditsTouchingNodes(db, [event.entity_id], sourceBranch);
+    return hasLocalDependencyEditsTouchingNodes(db, [event.entity_id], currentBranch);
   }
 
   if (event.entity_kind !== "task") {
@@ -917,12 +1281,12 @@ function hasLocalDeleteCascadeEdits(db: Database, event: StoredEvent, sourceBran
   const subtaskIds = subtaskRows.map((row) => row.id);
 
   for (const subtaskId of subtaskIds) {
-    if (hasLocalEntityEdits(db, "subtask", subtaskId, sourceBranch)) {
+    if (hasLocalEntityEdits(db, "subtask", subtaskId, currentBranch)) {
       return true;
     }
   }
 
-  return hasLocalDependencyEditsTouchingNodes(db, [event.entity_id, ...subtaskIds], sourceBranch);
+  return hasLocalDependencyEditsTouchingNodes(db, [event.entity_id, ...subtaskIds], currentBranch);
 }
 
 function rowExists(db: Database, tableName: string, id: string): boolean {
@@ -1122,7 +1486,12 @@ function applyUpdatePatch(db: Database, event: StoredEvent, fields: Record<strin
   return true;
 }
 
-function applyDelete(db: Database, event: StoredEvent, fields: Record<string, unknown>): boolean {
+function applyDelete(
+  db: Database,
+  event: StoredEvent,
+  fields: Record<string, unknown>,
+  scope: ConflictScope,
+): boolean {
   const tableName = tableForEntityKind(event.entity_kind);
   if (!tableName) {
     return false;
@@ -1140,16 +1509,22 @@ function applyDelete(db: Database, event: StoredEvent, fields: Record<string, un
   }
 
   if (event.entity_kind === "task") {
-    removeTaskSubtree(db, event.entity_id);
+    const subtasks = removeTaskSubtree(db, event.entity_id);
+    const subtaskIds = subtasks.map((s) => s.id);
+    removeConflictsForEntityIds(db, "subtask", subtaskIds, scope);
+    removeConflictsForEntityIds(db, "task", [event.entity_id], scope);
   } else if (event.entity_kind === "subtask") {
     removeDependenciesTouchingNode(db, event.entity_id);
+    removeConflictsForEntityIds(db, "subtask", [event.entity_id], scope);
+  } else {
+    removeConflictsForEntityIds(db, event.entity_kind, [event.entity_id], scope);
   }
 
   db.query(`DELETE FROM ${tableName} WHERE id = ?;`).run(event.entity_id);
   return true;
 }
 
-function hasPendingDeleteConflict(db: Database, sourceEventId: string): boolean {
+function hasPendingDeleteConflict(db: Database, sourceEventId: string, scope: ConflictScope): boolean {
   const row = db
     .query(
       `
@@ -1158,10 +1533,12 @@ function hasPendingDeleteConflict(db: Database, sourceEventId: string): boolean
       WHERE event_id = ?
         AND field_name = '__delete__'
         AND resolution = 'pending'
+        AND worktree_path = ?
+        AND current_branch = ?
       LIMIT 1;
       `,
     )
-    .get(sourceEventId);
+    .get(sourceEventId, scope.worktreePath, scope.currentBranch);
 
   return row !== null;
 }
@@ -1171,23 +1548,36 @@ function pendingDeleteConflictSourceEventId(fields: Record<string, unknown>): st
   return typeof sourceEventId === "string" && sourceEventId.length > 0 ? sourceEventId : null;
 }
 
-function shouldWithholdDeleteCascadeEvent(db: Database, event: StoredEvent, fields: Record<string, unknown>): boolean {
+function shouldWithholdDeleteCascadeEvent(
+  db: Database,
+  event: StoredEvent,
+  fields: Record<string, unknown>,
+  scope: ConflictScope,
+): boolean {
   const sourceEventId = pendingDeleteConflictSourceEventId(fields);
   if (!sourceEventId) {
     return false;
   }
 
-  const isDeleteCascadeEvent = event.operation === "dependency.removed" || event.operation === "subtask.deleted";
+  const isDeleteCascadeEvent =
+    event.operation === "dependency.removed"
+    || event.operation === "subtask.deleted"
+    || event.operation === "task.deleted";
   if (!isDeleteCascadeEvent) {
     return false;
   }
 
-  return hasPendingDeleteConflict(db, sourceEventId);
+  return hasPendingDeleteConflict(db, sourceEventId, scope);
 }
 
-function applyEntityFields(db: Database, event: StoredEvent, fields: Record<string, unknown>): boolean {
+function applyEntityFields(
+  db: Database,
+  event: StoredEvent,
+  fields: Record<string, unknown>,
+  scope: ConflictScope,
+): boolean {
   if (event.operation.endsWith(".deleted") || event.operation === "dependency.removed") {
-    return applyDelete(db, event, fields);
+    return applyDelete(db, event, fields, scope);
   }
 
   if (event.operation.endsWith(".created") || event.operation === "dependency.added") {
@@ -1277,7 +1667,7 @@ export function syncStatus(cwd: string, sourceBranch: string): SyncStatusSummary
       sourceBranch,
       ahead: countAhead(storage.db, git.branchName, sourceBranch),
       behind: onSourceBranch ? 0 : countBranchEventsSince(storage.db, sourceBranch, cursorToken),
-      pendingConflicts: countPendingConflicts(storage.db),
+      pendingConflicts: countPendingConflicts(storage.db, scopeFromGitContext(git)),
       sameBranch: onSourceBranch,
       git,
     };
@@ -1303,32 +1693,44 @@ export function syncPull(cwd: string, sourceBranch: string): PullSummary {
       let lastEventAt: number | null = cursor?.last_event_at ?? null;
       let scannedEvents = 0;
 
-      writeTransaction(storage.db, (): void => {
-        while (true) {
-          const incomingEvents = queryBranchEventsSinceBatch(
-            storage.db,
-            sourceBranch,
-            lastToken ?? cursorToken,
-            SYNC_PULL_BATCH_SIZE,
-          ) as StoredEvent[];
-
-          if (incomingEvents.length === 0) {
-            break;
-          }
+      // Chunked write transactions: each batch of SYNC_PULL_BATCH_SIZE
+      // events is committed in its own transaction so the write lock is
+      // never held across multiple batches. On crash, the cursor reflects
+      // the last fully-committed batch and the next pull resumes there.
+      while (true) {
+        const incomingEvents = queryBranchEventsSinceBatch(
+          storage.db,
+          sourceBranch,
+          lastToken ?? cursorToken,
+          SYNC_PULL_BATCH_SIZE,
+        ) as StoredEvent[];
 
-          scannedEvents += incomingEvents.length;
+        if (incomingEvents.length === 0) {
+          break;
+        }
 
+        const batchResult = writeTransaction(storage.db, (): { token: string | null; eventAt: number | null } => {
+          let token: string | null = lastToken;
+          let eventAt: number | null = lastEventAt;
           for (const incoming of incomingEvents) {
             storeEvent(storage.db, incoming);
-            lastToken = cursorTokenFromEvent(incoming);
-            lastEventAt = incoming.created_at;
+            token = cursorTokenFromEvent(incoming);
+            eventAt = incoming.created_at;
           }
-        }
+          if (token) {
+            saveCursor(storage.db, git.worktreePath, sourceBranch, token, eventAt);
+          }
+          return { token, eventAt };
+        });
+
+        scannedEvents += incomingEvents.length;
+        lastToken = batchResult.token;
+        lastEventAt = batchResult.eventAt;
 
-        if (lastToken) {
-          saveCursor(storage.db, git.worktreePath, sourceBranch, lastToken, lastEventAt);
+        if (incomingEvents.length < SYNC_PULL_BATCH_SIZE) {
+          break;
         }
-      });
+      }
 
       return {
         sourceBranch,
@@ -1360,71 +1762,106 @@ export function syncPull(cwd: string, sourceBranch: string): PullSummary {
     let lastEventAt: number | null = cursor?.last_event_at ?? null;
     let scannedEvents = 0;
 
-    writeTransaction(storage.db, (): void => {
-      while (true) {
-        const incomingEvents = queryBranchEventsSinceBatch(
-          storage.db,
-          sourceBranch,
-          lastToken ?? cursorToken,
-          SYNC_PULL_BATCH_SIZE,
-        ) as StoredEvent[];
+    // Per-pull memoization for "ours" field-value lookups. Reused across
+    // every incoming event so repeated probes of the same (entity, field)
+    // are O(1) after first hit.
+    const oursCache = createOursValueCache();
+
+    // Conflict scope: every conflict / cleanup created by this pull is
+    // tagged with the current worktree+branch so peer worktrees observing
+    // the same entity own their own row set and cannot erase each other.
+    const conflictScope: ConflictScope = scopeFromGitContext(git);
+
+    // Chunked write transactions: each batch of SYNC_PULL_BATCH_SIZE
+    // events is processed inside its own writeTransaction. The cursor and
+    // lastEventAt are persisted at the end of each batch, so a crash mid-
+    // pull leaves a consistent cursor pointing at the last fully-committed
+    // batch and the next pull resumes from there. The write lock is no
+    // longer held across multiple batches.
+    while (true) {
+      const incomingEvents = queryBranchEventsSinceBatch(
+        storage.db,
+        sourceBranch,
+        lastToken ?? cursorToken,
+        SYNC_PULL_BATCH_SIZE,
+      ) as StoredEvent[];
 
-        if (incomingEvents.length === 0) {
-          break;
-        }
+      if (incomingEvents.length === 0) {
+        break;
+      }
 
-        scannedEvents += incomingEvents.length;
+      interface BatchResult {
+        readonly appliedDelta: number;
+        readonly createdConflictsDelta: number;
+        readonly malformedPayloadDelta: number;
+        readonly applyRejectedDelta: number;
+        readonly quarantinedDelta: number;
+        readonly conflictEventsDelta: number;
+        readonly token: string | null;
+        readonly eventAt: number | null;
+      }
+
+      const batchResult: BatchResult = writeTransaction(storage.db, (): BatchResult => {
+        let appliedDelta = 0;
+        let createdConflictsDelta = 0;
+        let malformedPayloadDelta = 0;
+        let applyRejectedDelta = 0;
+        let quarantinedDelta = 0;
+        let conflictEventsDelta = 0;
+        let token: string | null = lastToken;
+        let eventAt: number | null = lastEventAt;
 
         for (const incoming of incomingEvents) {
           if (incoming.operation === "resolve_conflict") {
-            if (applyIncomingResolutionEvent(storage.db, incoming)) {
-              appliedEvents += 1;
+            if (applyIncomingResolutionEvent(storage.db, incoming, conflictScope)) {
+              appliedDelta += 1;
             }
             storeEvent(storage.db, incoming);
-            lastToken = cursorTokenFromEvent(incoming);
-            lastEventAt = incoming.created_at;
+            token = cursorTokenFromEvent(incoming);
+            eventAt = incoming.created_at;
             continue;
           }
 
           const payloadValidation = parsePayload(incoming.payload);
 
           if (!payloadValidation.ok) {
-            malformedPayloadEvents += 1;
-            quarantinedEvents += 1;
+            malformedPayloadDelta += 1;
+            quarantinedDelta += 1;
             createConflict(
               storage.db,
               incoming,
               "__payload__",
               null,
               payloadValidation.reason ?? "Invalid payload",
+              conflictScope,
               "invalid",
             );
-            createdConflicts += 1;
+            createdConflictsDelta += 1;
             storeEvent(storage.db, incoming);
-            lastToken = cursorTokenFromEvent(incoming);
-            lastEventAt = incoming.created_at;
+            token = cursorTokenFromEvent(incoming);
+            eventAt = incoming.created_at;
             continue;
           }
 
           const payload: EventPayload = { fields: payloadValidation.fields };
 
-          if (shouldWithholdDeleteCascadeEvent(storage.db, incoming, payload.fields)) {
+          if (shouldWithholdDeleteCascadeEvent(storage.db, incoming, payload.fields, conflictScope)) {
             storeEvent(storage.db, incoming);
-            lastToken = cursorTokenFromEvent(incoming);
-            lastEventAt = incoming.created_at;
+            token = cursorTokenFromEvent(incoming);
+            eventAt = incoming.created_at;
             continue;
           }
 
           const isDeleteWithLocalEdits =
-            (incoming.operation.endsWith(".deleted") && hasLocalDeleteCascadeEdits(storage.db, incoming, sourceBranch)) ||
-            (incoming.operation === "dependency.removed" && hasLocalDependencyDeleteConflict(storage.db, incoming, sourceBranch));
+            (incoming.operation.endsWith(".deleted") && hasLocalDeleteCascadeEdits(storage.db, incoming, git.branchName)) ||
+            (incoming.operation === "dependency.removed" && hasLocalDependencyDeleteConflict(storage.db, incoming, git.branchName));
           if (isDeleteWithLocalEdits) {
-            createConflict(storage.db, incoming, "__delete__", null, "Entity deleted on source branch");
-            createdConflicts += 1;
-            conflictEvents += 1;
+            createConflict(storage.db, incoming, "__delete__", null, "Entity deleted on source branch", conflictScope);
+            createdConflictsDelta += 1;
+            conflictEventsDelta += 1;
             storeEvent(storage.db, incoming);
-            lastToken = cursorTokenFromEvent(incoming);
-            lastEventAt = incoming.created_at;
+            token = cursorTokenFromEvent(incoming);
+            eventAt = incoming.created_at;
             continue;
           }
 
@@ -1437,47 +1874,88 @@ export function syncPull(cwd: string, sourceBranch: string): PullSummary {
               continue;
             }
 
-            const conflict = entityFieldConflict(storage.db, sourceBranch, incoming, fieldName, value);
+            const conflict = entityFieldConflict(
+              storage.db,
+              git.branchName,
+              sourceBranch,
+              incoming,
+              fieldName,
+              value,
+              oursCache,
+            );
 
             if (conflict) {
               withheldConflictCount += 1;
-              conflictEvents += 1;
-              createConflict(storage.db, incoming, fieldName, conflict.oursValue, conflict.theirsValue);
-              createdConflicts += 1;
+              conflictEventsDelta += 1;
+              createConflict(
+                storage.db,
+                incoming,
+                fieldName,
+                conflict.oursValue,
+                conflict.theirsValue,
+                conflictScope,
+              );
+              createdConflictsDelta += 1;
               continue;
             }
 
             fieldsToApply[fieldName] = value;
           }
 
-          if (applyEntityFields(storage.db, incoming, fieldsToApply)) {
-            appliedEvents += 1;
+          if (applyEntityFields(storage.db, incoming, fieldsToApply, conflictScope)) {
+            appliedDelta += 1;
           } else if (applyReplayedCreateWithConflicts(storage.db, incoming, fieldsToApply, withheldConflictCount)) {
-            appliedEvents += 1;
+            appliedDelta += 1;
           } else {
-            applyRejectedEvents += 1;
-            quarantinedEvents += 1;
+            applyRejectedDelta += 1;
+            quarantinedDelta += 1;
             createConflict(
               storage.db,
               incoming,
               "__apply__",
               null,
               `Rejected event ${incoming.operation} for ${incoming.entity_kind}`,
+              conflictScope,
               "invalid",
             );
-            createdConflicts += 1;
+            createdConflictsDelta += 1;
           }
 
           storeEvent(storage.db, incoming);
-          lastToken = cursorTokenFromEvent(incoming);
-          lastEventAt = incoming.created_at;
+          token = cursorTokenFromEvent(incoming);
+          eventAt = incoming.created_at;
+        }
+
+        if (token) {
+          saveCursor(storage.db, git.worktreePath, sourceBranch, token, eventAt);
         }
-      }
 
-      if (lastToken) {
-        saveCursor(storage.db, git.worktreePath, sourceBranch, lastToken, lastEventAt);
+        return {
+          appliedDelta,
+          createdConflictsDelta,
+          malformedPayloadDelta,
+          applyRejectedDelta,
+          quarantinedDelta,
+          conflictEventsDelta,
+          token,
+          eventAt,
+        };
+      });
+
+      scannedEvents += incomingEvents.length;
+      appliedEvents += batchResult.appliedDelta;
+      createdConflicts += batchResult.createdConflictsDelta;
+      malformedPayloadEvents += batchResult.malformedPayloadDelta;
+      applyRejectedEvents += batchResult.applyRejectedDelta;
+      quarantinedEvents += batchResult.quarantinedDelta;
+      conflictEvents += batchResult.conflictEventsDelta;
+      lastToken = batchResult.token;
+      lastEventAt = batchResult.eventAt;
+
+      if (incomingEvents.length < SYNC_PULL_BATCH_SIZE) {
+        break;
       }
-    });
+    }
 
     const errorHints: string[] = buildSyncErrorHints({
       malformedPayloadEvents,
@@ -1651,6 +2129,12 @@ function appendResolutionEvent(
       field: conflict.field_name,
       resolution,
       value: resolvedValue,
+      // Embed the resolved row's scope so receivers can audit which
+      // worktree/branch performed the resolution. Receivers still
+      // intersect against their OWN active scope when looking up the
+      // local row to mutate.
+      worktree_path: conflict.worktree_path,
+      current_branch: conflict.current_branch,
     }),
     gitBranch,
     gitHead,
@@ -1661,19 +2145,30 @@ function appendResolutionEvent(
 
 export function listSyncConflicts(cwd: string, mode: SyncConflictMode): SyncConflictListItem[] {
   const storage = openTrekoonDatabase(cwd);
+  const git = resolveGitContext(cwd);
+  const scope: ConflictScope = scopeFromGitContext(git);
 
   try {
-    const whereClause = mode === "pending" ? "WHERE resolution = 'pending'" : "";
+    // Conflicts are scoped to the worktree+branch that recorded them. Each
+    // worktree only sees its own pending/resolved conflicts so peer
+    // worktrees on the same shared DB don't bleed into one another.
+    const conditions: string[] = ["worktree_path = ?", "current_branch = ?"];
+    const params: string[] = [scope.worktreePath, scope.currentBranch];
+
+    if (mode === "pending") {
+      conditions.push("resolution = 'pending'");
+    }
+
     return storage.db
       .query(
         `
-        SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at
+        SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at, worktree_path, current_branch
         FROM sync_conflicts
-        ${whereClause}
+        WHERE ${conditions.join(" AND ")}
         ORDER BY created_at ASC;
         `,
       )
-      .all() as SyncConflictListItem[];
+      .all(...params) as SyncConflictListItem[];
   } finally {
     storage.close();
   }
@@ -1686,7 +2181,7 @@ export function getSyncConflict(cwd: string, conflictId: string): SyncConflictDe
     const conflict = storage.db
       .query(
         `
-        SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at
+        SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at, worktree_path, current_branch
         FROM sync_conflicts
         WHERE id = ?
         LIMIT 1;
@@ -1740,7 +2235,7 @@ function lookupPendingConflict(db: Database, conflictId: string): ConflictRow {
   const conflict = db
     .query(
       `
-      SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at
+      SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at, worktree_path, current_branch
       FROM sync_conflicts
       WHERE id = ?
       LIMIT 1;
@@ -1818,17 +2313,22 @@ export function syncResolvePreview(cwd: string, conflictId: string, resolution:
 function queryPendingConflictIds(
   db: Database,
   filters: ResolveAllQueryFilters,
+  scope: ConflictScope,
 ): readonly string[] {
-  const conditions: string[] = ["resolution = 'pending'"];
-  const params: string[] = [];
+  const conditions: string[] = [
+    "c.resolution = 'pending'",
+    "c.worktree_path = ?",
+    "c.current_branch = ?",
+  ];
+  const params: string[] = [scope.worktreePath, scope.currentBranch];
 
   if (filters.entityId !== undefined) {
-    conditions.push("entity_id = ?");
+    conditions.push("c.entity_id = ?");
     params.push(filters.entityId);
   }
 
   if (filters.fieldName !== undefined) {
-    conditions.push("field_name = ?");
+    conditions.push("c.field_name = ?");
     params.push(filters.fieldName);
   }
 
@@ -1836,7 +2336,7 @@ function queryPendingConflictIds(
     SELECT c.id
     FROM sync_conflicts c
     LEFT JOIN events e ON e.id = c.event_id
-    WHERE ${conditions.map((condition) => condition.replaceAll("resolution", "c.resolution").replaceAll("entity_id", "c.entity_id").replaceAll("field_name", "c.field_name")).join(" AND ")}
+    WHERE ${conditions.join(" AND ")}
     ORDER BY COALESCE(e.created_at, c.created_at) ASC, COALESCE(e.id, c.event_id) ASC, c.created_at ASC, c.id ASC;
   `;
 
@@ -1852,7 +2352,7 @@ function queryPendingConflictsByIds(db: Database, conflictIds: readonly string[]
   const rows = db
     .query(
       `
-      SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at
+      SELECT id, event_id, entity_kind, entity_id, field_name, ours_value, theirs_value, resolution, created_at, updated_at, worktree_path, current_branch
       FROM sync_conflicts
       WHERE resolution = 'pending' AND id IN (${placeholders});
       `,
@@ -1880,9 +2380,10 @@ export function syncResolveAll(
   try {
     persistGitContext(storage.db, git);
 
+    const scope: ConflictScope = scopeFromGitContext(git);
     const resolvedIds: string[] = writeTransaction(storage.db, (): string[] => {
       const expectedConflictIds = options.expectedConflictIds;
-      const orderedConflictIds = expectedConflictIds ?? queryPendingConflictIds(storage.db, filters);
+      const orderedConflictIds = expectedConflictIds ?? queryPendingConflictIds(storage.db, filters, scope);
 
       if (orderedConflictIds.length === 0) {
         throw new DomainError({
@@ -1936,10 +2437,12 @@ export function syncResolveAllPreview(
   filters: ResolveAllQueryFilters,
 ): ResolveAllPreviewSummary {
   const storage = openTrekoonDatabase(cwd);
+  const git = resolveGitContext(cwd);
+  const scope: ConflictScope = scopeFromGitContext(git);
   const normalizedFilters: ResolveAllFilters = normalizeResolveAllFilters(filters);
 
   try {
-    const conflictIds = queryPendingConflictIds(storage.db, filters);
+    const conflictIds = queryPendingConflictIds(storage.db, filters, scope);
 
     if (conflictIds.length === 0) {
       throw new DomainError({