thread:
  author: A
changes:
  - id: A.1.1
    identity: A
    aclSnapshot:
      userStates:
        - identity: A
          encryptionKey: key.Enc.A
          encryptedReadKeys: [key.Read.1]
          permission: admin
    snapshot:
      text: "some text"
    aclChanges:
      - userAdd:
          identity: A
          permission: admin
          encryptionKey: key.Enc.A
          encryptedReadKeys: [key.Read.1]
    changes:
      - textAppend:
          text: "some text"
    readKey: key.Read.1
  - id: A.1.2
    identity: A
    aclChanges:
      - userInvite:
          acceptKey: key.Sign.Onetime1
          encryptionKey: key.Enc.Onetime1
          encryptedReadKeys: [key.Read.1]
          permissions: writer
      - userAdd:
          identity: C
          permission: reader
          encryptionKey: key.Enc.C
          encryptedReadKeys: [ key.Read.1 ]
    readKey: key.Read.1
  - id: A.1.3
    identity: A
    changes:
      - textAppend:
          text: "second"
    readKey: key.Read.1
  - id: B.1.1
    identity: B
    aclChanges:
      - userJoin:
          identity: B
          encryptionKey: key.Enc.B
          acceptSignature: key.Sign.Onetime1
          inviteId: A.1.2
          encryptedReadKeys: [key.Read.1]
    readKey: key.Read.1
  - id: B.1.2
    identity: B
    changes:
      - textAppend:
          text: "first"
    readKey: key.Read.1
  - id: C.1.1
    identity: C
    changes:
      - textAppend:
          text: "third"
    readKey: key.Read.1
keys:
  Enc:
    - A
    - B
    - C
    - D
    - Onetime1
  Sign:
    - A
    - B
    - C
    - D
    - Onetime1
  Read:
    - 1
graph:
  - id: A.1.1
    baseSnapshot: A.1.1
  - id: A.1.2
    baseSnapshot: A.1.1
    aclHeads: [A.1.1]
    treeHeads: [A.1.1]
  - id: B.1.1
    baseSnapshot: A.1.1
    aclHeads: [A.1.2]
    treeHeads: [A.1.2]
  - id: B.1.2
    baseSnapshot: A.1.1
    aclHeads: [B.1.1]
    treeHeads: [B.1.1]
  - id: A.1.3 # this should be invalid, because it is based on one of the invalid changes
    baseSnapshot: A.1.1
    aclHeads: [B.1.1]
    treeHeads: [B.1.2, C.1.1]
  - id: C.1.1 # this should be invalid, because C is a reader
    baseSnapshot: A.1.1
    aclHeads: [B.1.1]
    treeHeads: [B.1.1]
header:
  firstChangeId: A.1.1
  isWorkspace: false
orphans:
  - "A.1.3"
updates:
  - useCase: append
    changes:
    - id: B.1.3
      identity: B
      changes:
        - textAppend:
            text: "second"
      readKey: key.Read.1
    - id: A.1.4
      identity: A
      aclChanges:
        - userAdd:
            identity: D
            permission: writer
            encryptionKey: key.Enc.D
            encryptedReadKeys: [ key.Read.1 ]
      readKey: key.Read.1
    graph:
      - id: B.1.3
        baseSnapshot: A.1.1
        aclHeads: [ B.1.1 ]
        treeHeads: [ B.1.2 ]
      - id: A.1.4
        baseSnapshot: A.1.1
        aclHeads: [ B.1.1 ]
        treeHeads: [ B.1.3 ]
  - useCase: rebuild
    changes:
      - id: A.1.4
        identity: A
        aclChanges:
          - userAdd:
              identity: D
              permission: writer
              encryptionKey: key.Enc.D
              encryptedReadKeys: [ key.Read.1 ]
        readKey: key.Read.1
    graph:
      - id: A.1.4
        baseSnapshot: A.1.1
        aclHeads: [ A.1.1 ]
        treeHeads: [ A.1.1 ]