Replace server-wins team-memory pull with conflict handling

[romgenie]

Local source: coven-code/issues/13-replace-server-wins-team-memory-pull-with-conflict-handling.md

Summary

Team memory pull currently overwrites local files unconditionally when remote data exists. Hosted review should use explicit conflict handling instead of server-wins writes.

Current Evidence

• team_memory_sync.rs documents "Pull is server-wins: remote content overwrites local files unconditionally."
• pull writes server entries into team_dir after validating paths.
• Push has ETag-based conflict detection, but pull does not preserve local changes if remote differs.

Problem

Server-wins behavior can silently replace local memory with poisoned, stale, or mis-scoped remote memory. In hosted systems, this can corrupt future reviews without an obvious audit trail.

Proposed Design

Add conflict-aware pull:

• Compare local checksum, last-known server checksum, and incoming server checksum.
• If local changed and remote changed, create a conflict record instead of overwriting.
• Preserve both versions for review.
• Record conflicts in the audit ledger.

Conflict states:

• clean apply
• local only
• remote only
• both changed
• rejected unsafe path
• rejected secret

Acceptance Criteria

• Pull no longer overwrites locally changed files without conflict record.
• Tests cover clean pull, remote-only update, local-only update, and both-changed conflict.
• Conflicts are exposed to CLI/API callers.
• Hosted mode treats unresolved conflicts as memory unavailable for review.
• Documentation explains resolution workflow.

Implementation Notes

ETag is still useful, but per-entry checksums are needed for precise merge decisions.