#3998 fix(cypher): MERGE with unbound label-only endpoint creates fresh node

[robfrank]

$(cat <<'EOF'

Summary

Fixes #3998.

MERGE (p)-[r:WORKS_AT {since: 2020}]->(c:Company) with c unbound incorrectly reused an existing Company node instead of creating a new one, contradicting Neo4j semantics.

Root cause: MergeStep.mergePathAll() called findNode() independently for each unbound endpoint, which returned the first existing node of that label. It then searched for an edge between the pre-resolved anchor and that node, found none, and created the edge to the wrong existing node.

Fix: Replaced the pre-resolution approach with a traversal-based algorithm:

• findAllMatchingPaths() starts from any pre-bound anchor node and uses DFS (traverseFromNode + traverseEdgesFromVertex) to find complete matching paths by edge traversal.
• Unbound endpoints are matched by label/property only after being reached via a qualifying edge - never by independent lookup.
• createNewPath() creates fresh nodes for every unbound position when no complete path is found.
• Removed now-unused private methods findNode(), findAllEdges(), findEdge().

Test plan

• unboundLabelOnlyEndpointCreatesNewNodeWhenSameLabelExists - main bug case: existing Company must not be reused
• unboundLabelOnlyEndpointCreatesNodeWhenNoSameLabelExists - control: no prior node, creates one
• explicitlyBoundEndpointStillReusesExistingNode - control: bound via MATCH, must reuse
• unboundLabelOnlyEndpointCreatesNewNodeWithMultipleExistingSameLabel - two existing Companies, creates a third
• secondMergeReusesCreatedPathAndDoesNotCreateAnotherNode - idempotency
• All 25 existing MERGE tests pass (including OpenCypherMergeActionsTest and MatchIdThenMergeRelationshipRegression)
• Full OpenCypher* test suite passes (pre-existing TCK Match4 failure is unrelated)

🤖 Generated with Claude Code
EOF
)

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

🟢 Coverage 91.06% diff coverage · -7.80% coverage variation

Metric	Results
Coverage variation	✅ -7.80% coverage variation
Diff coverage	✅ 91.06% diff coverage

View coverage diff in Codacy

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (4ad4748)	120048	88335	73.58%
Head commit (4077cc6)	151288 (+31240)	99515 (+11180)	65.78% (-7.80%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#4005)	123	112	91.06%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[gemini-code-assist]

Code Review

This pull request refactors the MERGE path execution logic to resolve issue #3998, ensuring that unbound endpoint variables are resolved via edge traversal rather than independent node lookups. The changes introduce a recursive DFS walker for path matching and a dedicated path creation method. Feedback includes addressing a missing direction check in undirected relationship traversals when the anchor is unbound, handling potential conflicts between forced vertices and existing variable bindings, and optimizing node label matching by using instanceOf instead of retrieving all labels.

[gemini-code-assist]

The vertex resolution logic should explicitly handle potential conflicts between a forcedVertex (arriving from an edge traversal) and an existing variable binding. If both are present, they must be identical for the path to match. If only the binding is present, it should be used as the anchor for the current step.

    Vertex vertex = forcedVertex;
    if (nodePattern.getVariable() != null) {
      final Object bound = currentResult.getProperty(nodePattern.getVariable());
      if (bound instanceof Vertex v) {
        if (vertex != null && !vertex.equals(v))
          return;
        vertex = v;
      }
    }

[robfrank]

Fixed. Changed if (vertex == null && nodePattern.getVariable() != null) to unconditionally check the bound variable. When forcedVertex is non-null and differs from the bound value, the method returns immediately. The terminal-node check already handled the 2-node case; this closes the gap for intermediate nodes in 3+ hop paths. Added preBoundIntermediateNodeIsRespectedDuringPathTraversal which sets up alice->dave->carol and a standalone bob, then MATCH (alice),(bob) MERGE (alice)-[:KNOWS]->(bob)-[:KNOWS]->(carol) - verifying the alice->bob edge is created rather than the dave path being silently accepted.

[codecov]

Codecov Report

❌ Patch coverage is 72.35772% with 34 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.79%. Comparing base (4ad4748) to head (4077cc6).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...edb/query/opencypher/executor/steps/MergeStep.java	72.35%	11 Missing and 23 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4005      +/-   ##
==========================================
+ Coverage   64.59%   64.79%   +0.19%     
==========================================
  Files        1597     1597              
  Lines      120048   120049       +1     
  Branches    25551    25551              
==========================================
+ Hits        77545    77785     +240     
+ Misses      31743    31492     -251     
- Partials    10760    10772      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.