fix(rust): reject dangling sequence update keys

rgbkrk · rgbkrk · commit eb8ffc24ed1d · 2026-05-11T01:44:25.000-07:00
diff --git a/rust/automerge/src/op_set2/change/batch.rs b/rust/automerge/src/op_set2/change/batch.rs
@@ -917,48 +917,54 @@ impl BatchApply {
         let mut edges_by_obj: SmallHashMap<ObjId, SmallHashMap<ElemId, Vec<ElemId>>> =
             HashMap::default();
         let mut inserts_by_obj: SmallHashMap<ObjId, Vec<(ElemId, ElemId)>> = HashMap::default();
+        let mut references_by_obj: SmallHashMap<ObjId, Vec<ElemId>> = HashMap::default();
 
         for ops in imported {
             for op in ops {
-                if !op.insert() {
-                    continue;
-                }
                 if let KeyRef::Seq(key) = op.key() {
                     let key = *key;
-                    let id = ElemId(op.id());
-                    edges_by_obj
-                        .entry(op.bld.obj)
-                        .or_default()
-                        .entry(key)
-                        .or_default()
-                        .push(id);
-                    inserts_by_obj
-                        .entry(op.bld.obj)
-                        .or_default()
-                        .push((id, key));
+                    if op.insert() {
+                        let id = ElemId(op.id());
+                        edges_by_obj
+                            .entry(op.bld.obj)
+                            .or_default()
+                            .entry(key)
+                            .or_default()
+                            .push(id);
+                        inserts_by_obj
+                            .entry(op.bld.obj)
+                            .or_default()
+                            .push((id, key));
+                    } else {
+                        references_by_obj.entry(op.bld.obj).or_default().push(key);
+                    }
                 }
             }
         }
 
-        for (obj, inserts) in inserts_by_obj {
+        let mut sequence_objs: HashSet<ObjId> = inserts_by_obj.keys().copied().collect();
+        sequence_objs.extend(references_by_obj.keys().copied());
+
+        for obj in sequence_objs {
             let mut reachable = HashSet::new();
             let mut queue = VecDeque::from([ElemId::head()]);
 
+            let mut existing_candidates = HashSet::new();
             if let Some(edges) = edges_by_obj.get(&obj) {
-                for key in edges.keys() {
-                    if key.is_head() {
-                        continue;
-                    }
-                    if let (Some(doc_key), Some(doc_obj)) = (
-                        Self::elem_id_in_current_doc(*key, actors, doc),
-                        Self::obj_id_in_current_doc(obj, actors, doc),
-                    ) {
-                        if let Some((op, _)) =
-                            doc.ops().find_op_by_id_and_vis_slow(&doc_key.0, None)
-                        {
-                            if op.obj == doc_obj && op.insert {
-                                queue.push_back(*key);
-                            }
+                existing_candidates.extend(edges.keys().copied().filter(|key| !key.is_head()));
+            }
+            if let Some(references) = references_by_obj.get(&obj) {
+                existing_candidates.extend(references.iter().copied().filter(|key| !key.is_head()));
+            }
+
+            for key in existing_candidates {
+                if let (Some(doc_key), Some(doc_obj)) = (
+                    Self::elem_id_in_current_doc(key, actors, doc),
+                    Self::obj_id_in_current_doc(obj, actors, doc),
+                ) {
+                    if let Some((op, _)) = doc.ops().find_op_by_id_and_vis_slow(&doc_key.0, None) {
+                        if op.obj == doc_obj && op.insert {
+                            queue.push_back(key);
                         }
                     }
                 }
@@ -974,11 +980,23 @@ impl BatchApply {
                 }
             }
 
-            for (id, key) in inserts {
-                if !reachable.contains(&id) {
-                    return Err(AutomergeError::InvalidSeqKey(Self::format_elem_id(
-                        key, actors,
-                    )));
+            if let Some(inserts) = inserts_by_obj.remove(&obj) {
+                for (id, key) in inserts {
+                    if !reachable.contains(&id) {
+                        return Err(AutomergeError::InvalidSeqKey(Self::format_elem_id(
+                            key, actors,
+                        )));
+                    }
+                }
+            }
+
+            if let Some(references) = references_by_obj.remove(&obj) {
+                for key in references {
+                    if !reachable.contains(&key) || key.is_head() {
+                        return Err(AutomergeError::InvalidSeqKey(Self::format_elem_id(
+                            key, actors,
+                        )));
+                    }
                 }
             }
         }
diff --git a/rust/automerge/tests/test.rs b/rust/automerge/tests/test.rs
@@ -1845,6 +1845,138 @@ fn apply_change_with_missing_sequence_insert_key_returns_error_without_panic() {
     );
 }
 
+#[test]
+fn apply_change_with_missing_sequence_update_key_returns_error() -> Result<(), AutomergeError> {
+    let mut doc = Automerge::new();
+    let actor = doc.get_actor().clone();
+    let mut tx = doc.transaction();
+    let list = tx.put_object(ROOT, "list", ObjType::List)?;
+    tx.insert(&list, 0, "seed")?;
+    let (heads, _) = tx.commit();
+
+    let change_actor = ActorId::from(b"change" as &[u8]);
+    let change = ExpandedChange {
+        operations: vec![automerge::legacy::Op {
+            action: automerge::legacy::OpType::Put("orphan".into()),
+            obj: automerge::legacy::ObjectId::Id(automerge::legacy::OpId(1, actor.clone())),
+            key: automerge::legacy::Key::Seq(automerge::legacy::ElementId::Id(
+                automerge::legacy::OpId(999, actor),
+            )),
+            pred: automerge::legacy::SortedVec::new(),
+            insert: false,
+        }],
+        actor_id: change_actor,
+        hash: None,
+        seq: 1,
+        start_op: std::num::NonZeroU64::MIN,
+        time: 0,
+        message: None,
+        deps: heads.into_iter().collect(),
+        extra_bytes: Vec::new(),
+    };
+    let change: Change = change.into();
+    let hash = change.hash();
+
+    let result = doc.apply_changes([change]);
+
+    assert!(
+        matches!(result, Err(AutomergeError::InvalidSeqKey(_))),
+        "expected InvalidSeqKey, got {result:?}"
+    );
+    assert!(!doc.get_heads().contains(&hash));
+    Ok(())
+}
+
+#[test]
+fn apply_change_with_missing_sequence_delete_key_returns_error() -> Result<(), AutomergeError> {
+    let mut doc = Automerge::new();
+    let actor = doc.get_actor().clone();
+    let mut tx = doc.transaction();
+    let list = tx.put_object(ROOT, "list", ObjType::List)?;
+    tx.insert(&list, 0, "seed")?;
+    let (heads, _) = tx.commit();
+
+    let change_actor = ActorId::from(b"change" as &[u8]);
+    let change = ExpandedChange {
+        operations: vec![automerge::legacy::Op {
+            action: automerge::legacy::OpType::Delete,
+            obj: automerge::legacy::ObjectId::Id(automerge::legacy::OpId(1, actor.clone())),
+            key: automerge::legacy::Key::Seq(automerge::legacy::ElementId::Id(
+                automerge::legacy::OpId(999, actor),
+            )),
+            pred: automerge::legacy::SortedVec::new(),
+            insert: false,
+        }],
+        actor_id: change_actor,
+        hash: None,
+        seq: 1,
+        start_op: std::num::NonZeroU64::MIN,
+        time: 0,
+        message: None,
+        deps: heads.into_iter().collect(),
+        extra_bytes: Vec::new(),
+    };
+    let change: Change = change.into();
+    let hash = change.hash();
+
+    let result = doc.apply_changes([change]);
+
+    assert!(
+        matches!(result, Err(AutomergeError::InvalidSeqKey(_))),
+        "expected InvalidSeqKey, got {result:?}"
+    );
+    assert!(!doc.get_heads().contains(&hash));
+    Ok(())
+}
+
+#[test]
+fn apply_change_can_reference_same_batch_sequence_insert() -> Result<(), AutomergeError> {
+    let mut doc = Automerge::new();
+    let actor = doc.get_actor().clone();
+    let mut tx = doc.transaction();
+    let list = tx.put_object(ROOT, "list", ObjType::List)?;
+    let (heads, _) = tx.commit();
+
+    let change_actor = ActorId::from(b"change" as &[u8]);
+    let inserted_id = automerge::legacy::OpId(1, change_actor.clone());
+    let change = ExpandedChange {
+        operations: vec![
+            automerge::legacy::Op {
+                action: automerge::legacy::OpType::Put("new".into()),
+                obj: automerge::legacy::ObjectId::Id(automerge::legacy::OpId(1, actor.clone())),
+                key: automerge::legacy::Key::Seq(automerge::legacy::ElementId::Head),
+                pred: automerge::legacy::SortedVec::new(),
+                insert: true,
+            },
+            automerge::legacy::Op {
+                action: automerge::legacy::OpType::Put("updated".into()),
+                obj: automerge::legacy::ObjectId::Id(automerge::legacy::OpId(1, actor)),
+                key: automerge::legacy::Key::Seq(automerge::legacy::ElementId::Id(
+                    inserted_id.clone(),
+                )),
+                pred: automerge::legacy::SortedVec::from(vec![inserted_id]),
+                insert: false,
+            },
+        ],
+        actor_id: change_actor,
+        hash: None,
+        seq: 1,
+        start_op: std::num::NonZeroU64::MIN,
+        time: 0,
+        message: None,
+        deps: heads.into_iter().collect(),
+        extra_bytes: Vec::new(),
+    };
+
+    doc.apply_changes([change.into()])?;
+
+    let Some((value, _)) = doc.get(&list, 0)? else {
+        panic!("expected list value");
+    };
+    assert_eq!(value.to_str(), Some("updated"));
+    Ok(())
+}
+
 #[test]
 fn can_isolate() -> Result<(), AutomergeError> {
     let mut doc1 = AutoCommit::new();
