feat(types): add Element::ProvableSumTree variant + NotSummed twin extension

Phase 1 of the ProvableSumTree feature — the missing parallel to
ProvableCountTree that bakes the per-node sum into the node hash, making
aggregate-sum range queries cryptographically verifiable. This commit adds
the types-only foundation (no hash divergence yet — Phase 2 will introduce
node_hash_with_sum and the new proof Node variants).

DISCRIMINANTS

- Element::ProvableSumTree at variant index 17 / bincode discriminant 17
  (next free after the NotSummed wrapper byte at 16). This will renumber
  to 19 when PR #657 (CountIndexedTree) lands and reclaims 17/18.
- NonCountedProvableSumTree = 0x80 | 17 = 145.
- The NonCounted twin range widened from 0x80..=0x8F (4-bit base) to
  0x80..=0x9F (5-bit base) — is_non_counted() now checks the top 3 bits
  (& 0xe0 == 0x80) instead of the top 4. Existing twins 128..=142 stay put.
- The NotSummed twin scheme rebases analogously: prefix 0xb0 -> 0xa0,
  base mask 0x0F -> 0x1F, family range 0xA0..=0xBF. Existing twins move:
  NotSummedSumTree                180 -> 164
  NotSummedBigSumTree             181 -> 165
  NotSummedCountSumTree           183 -> 167
  NotSummedProvableCountSumTree   186 -> 170
  Plus the new NotSummedProvableSumTree = 0xa0 | 17 = 177.
  Safe because V1 is pre-shipping. is_not_summed() now uses & 0xe0 == 0xa0.

NEW APIS

- ElementType::ProvableSumTree, ElementType::NonCountedProvableSumTree,
  ElementType::NotSummedProvableSumTree.
- TreeType::ProvableSumTree (discriminant 11, is_sum_bearing = true,
  allows_sum_item = true, inner_node_type = ProvableSumNode).
- NodeType::ProvableSumNode and TreeFeatureType::ProvableSummedMerkNode(i64)
  with encode tag byte 7 and a parallel zero_sum() helper alongside
  zero_count().
- Element::new_provable_sum_tree*, empty_provable_sum_tree*, plus helpers
  (as_provable_sum_tree_value, is_provable_sum_tree).
- Element::NotSummed now accepts ProvableSumTree as a sum-tree inner type
  (constructor, serialize, deserialize).

PROOF DISPATCH

ProvableSumTree joins the "provable aggregate parent" family alongside
ProvableCountTree / ProvableCountSumTree in ElementType::proof_node_type:
subtree children use KvValueHashFeatureType and item children use KvCount.

PHASE-1 SCOPE BOUNDARIES

ProvableSumTree behaves identically to SumTree for storage, aggregation,
and hashing in Phase 1. The divergent node_hash_with_sum and the new
proof Node variants (KVSum, KVHashSum, etc.) land in Phase 2.
TreeFeatureType::ProvableSummedMerkNode maps to AggregateData::Sum at the
Element/aggregate level for now; Phase 2 may introduce a dedicated variant
once the hash diverges.

Workspace cargo test --all-features green (1497+ tests).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: QuantumExplorer

grovedb-element/src/element/constructor.rs

@@ -290,6 +290,42 @@ impl Element {
         Element::ProvableCountSumTree(maybe_root_key, count_value, sum_value, flags)
     }
 
+    /// Set element to default empty provable sum tree without flags.
+    ///
+    /// `ProvableSumTree` is the sum analogue of `ProvableCountTree`: it
+    /// bakes the per-node sum into the node hash so that aggregate-sum
+    /// range queries can be cryptographically verified.
+    pub fn empty_provable_sum_tree() -> Self {
+        Element::new_provable_sum_tree(Default::default())
+    }
+
+    /// Set element to default empty provable sum tree with flags.
+    pub fn empty_provable_sum_tree_with_flags(flags: Option<ElementFlags>) -> Self {
+        Element::new_provable_sum_tree_with_flags(Default::default(), flags)
+    }
+
+    /// Set element to a provable sum tree without flags.
+    pub fn new_provable_sum_tree(maybe_root_key: Option<Vec<u8>>) -> Self {
+        Element::ProvableSumTree(maybe_root_key, 0, None)
+    }
+
+    /// Set element to a provable sum tree with flags.
+    pub fn new_provable_sum_tree_with_flags(
+        maybe_root_key: Option<Vec<u8>>,
+        flags: Option<ElementFlags>,
+    ) -> Self {
+        Element::ProvableSumTree(maybe_root_key, 0, flags)
+    }
+
+    /// Set element to a provable sum tree with flags and sum value.
+    pub fn new_provable_sum_tree_with_flags_and_sum_value(
+        maybe_root_key: Option<Vec<u8>>,
+        sum_value: SumValue,
+        flags: Option<ElementFlags>,
+    ) -> Self {
+        Element::ProvableSumTree(maybe_root_key, sum_value, flags)
+    }
+
     /// Set element to an empty commitment tree.
     ///
     /// Returns `InvalidInput` if `chunk_power > 31`.
@@ -422,19 +458,21 @@ impl Element {
     /// parent sum tree's running sum when inserted. Counts (if any) still
     /// propagate.
     ///
-    /// Only the four sum-tree variants are accepted: `SumTree`, `BigSumTree`,
-    /// `CountSumTree`, `ProvableCountSumTree`. Any other element — including
-    /// items, sum items, references, non-sum trees, and any wrapper
-    /// (`NonCounted`, `NotSummed`) — is rejected with `InvalidInput`.
+    /// Only the five sum-tree variants are accepted: `SumTree`, `BigSumTree`,
+    /// `CountSumTree`, `ProvableCountSumTree`, `ProvableSumTree`. Any other
+    /// element — including items, sum items, references, non-sum trees, and
+    /// any wrapper (`NonCounted`, `NotSummed`) — is rejected with
+    /// `InvalidInput`.
     pub fn new_not_summed(inner: Element) -> Result<Self, ElementError> {
         match inner {
             Element::SumTree(..)
             | Element::BigSumTree(..)
             | Element::CountSumTree(..)
-            | Element::ProvableCountSumTree(..) => Ok(Element::NotSummed(Box::new(inner))),
+            | Element::ProvableCountSumTree(..)
+            | Element::ProvableSumTree(..) => Ok(Element::NotSummed(Box::new(inner))),
             _ => Err(ElementError::InvalidInput(
                 "NotSummed inner element must be a sum-tree variant (SumTree, BigSumTree, \
-                 CountSumTree, or ProvableCountSumTree)",
+                 CountSumTree, ProvableCountSumTree, or ProvableSumTree)",
             )),
         }
     }

grovedb-element/src/element/helpers.rs

@@ -71,7 +71,8 @@ impl Element {
             | Element::ItemWithSumItem(_, sum_value, _)
             | Element::SumTree(_, sum_value, _)
             | Element::CountSumTree(_, _, sum_value, _)
-            | Element::ProvableCountSumTree(_, _, sum_value, _) => *sum_value,
+            | Element::ProvableCountSumTree(_, _, sum_value, _)
+            | Element::ProvableSumTree(_, sum_value, _) => *sum_value,
             _ => 0,
         }
     }
@@ -107,7 +108,8 @@ impl Element {
             Element::NotSummed(inner) => (inner.count_value_or_default(), 0),
             Element::SumItem(sum_value, _)
             | Element::ItemWithSumItem(_, sum_value, _)
-            | Element::SumTree(_, sum_value, _) => (1, *sum_value),
+            | Element::SumTree(_, sum_value, _)
+            | Element::ProvableSumTree(_, sum_value, _) => (1, *sum_value),
             Element::CountTree(_, count_value, _) => (*count_value, 0),
             Element::CountSumTree(_, count_value, sum_value, _)
             | Element::ProvableCountSumTree(_, count_value, sum_value, _) => {
@@ -129,7 +131,8 @@ impl Element {
             | Element::ItemWithSumItem(_, sum_value, _)
             | Element::SumTree(_, sum_value, _)
             | Element::CountSumTree(_, _, sum_value, _)
-            | Element::ProvableCountSumTree(_, _, sum_value, _) => *sum_value as i128,
+            | Element::ProvableCountSumTree(_, _, sum_value, _)
+            | Element::ProvableSumTree(_, sum_value, _) => *sum_value as i128,
             Element::BigSumTree(_, sum_value, _) => *sum_value,
             _ => 0,
         }
@@ -212,6 +215,31 @@ impl Element {
         matches!(self.underlying(), Element::BigSumTree(..))
     }
 
+    /// Check if the element is a provable sum tree. Looks through wrappers.
+    pub fn is_provable_sum_tree(&self) -> bool {
+        matches!(self.underlying(), Element::ProvableSumTree(..))
+    }
+
+    /// Decoded sum value from a `ProvableSumTree`. Looks through wrappers.
+    pub fn as_provable_sum_tree_value(&self) -> Result<i64, ElementError> {
+        match self.underlying() {
+            Element::ProvableSumTree(_, value, _) => Ok(*value),
+            _ => Err(ElementError::WrongElementType(
+                "expected a provable sum tree",
+            )),
+        }
+    }
+
+    /// Owned variant of [`as_provable_sum_tree_value`].
+    pub fn into_provable_sum_tree_value(self) -> Result<i64, ElementError> {
+        match self.into_underlying() {
+            Element::ProvableSumTree(_, value, _) => Ok(value),
+            _ => Err(ElementError::WrongElementType(
+                "expected a provable sum tree",
+            )),
+        }
+    }
+
     /// Check if the element is a tree but not a sum tree. Looks through
     /// `NonCounted`.
     pub fn is_basic_tree(&self) -> bool {
@@ -229,6 +257,7 @@ impl Element {
                 | Element::CountSumTree(..)
                 | Element::ProvableCountTree(..)
                 | Element::ProvableCountSumTree(..)
+                | Element::ProvableSumTree(..)
                 | Element::CommitmentTree(..)
                 | Element::MmrTree(..)
                 | Element::BulkAppendTree(..)
@@ -307,6 +336,7 @@ impl Element {
                 | Element::CountSumTree(Some(_), ..)
                 | Element::ProvableCountTree(Some(_), ..)
                 | Element::ProvableCountSumTree(Some(_), ..)
+                | Element::ProvableSumTree(Some(_), ..)
                 | Element::CommitmentTree(..)
                 | Element::MmrTree(..)
                 | Element::BulkAppendTree(..)
@@ -331,6 +361,7 @@ impl Element {
                 | Element::CountSumTree(Some(_), ..)
                 | Element::ProvableCountTree(Some(_), ..)
                 | Element::ProvableCountSumTree(Some(_), ..)
+                | Element::ProvableSumTree(Some(_), ..)
         )
     }
 
@@ -389,6 +420,7 @@ impl Element {
             | Element::CountSumTree(.., flags)
             | Element::ProvableCountTree(.., flags)
             | Element::ProvableCountSumTree(.., flags)
+            | Element::ProvableSumTree(.., flags)
             | Element::ItemWithSumItem(.., flags)
             | Element::CommitmentTree(.., flags)
             | Element::MmrTree(.., flags)
@@ -412,6 +444,7 @@ impl Element {
             | Element::CountSumTree(.., flags)
             | Element::ProvableCountTree(.., flags)
             | Element::ProvableCountSumTree(.., flags)
+            | Element::ProvableSumTree(.., flags)
             | Element::ItemWithSumItem(.., flags)
             | Element::CommitmentTree(.., flags)
             | Element::MmrTree(.., flags)
@@ -435,6 +468,7 @@ impl Element {
             | Element::CountSumTree(.., flags)
             | Element::ProvableCountTree(.., flags)
             | Element::ProvableCountSumTree(.., flags)
+            | Element::ProvableSumTree(.., flags)
             | Element::ItemWithSumItem(.., flags)
             | Element::CommitmentTree(.., flags)
             | Element::MmrTree(.., flags)
@@ -458,6 +492,7 @@ impl Element {
             | Element::CountSumTree(.., flags)
             | Element::ProvableCountTree(.., flags)
             | Element::ProvableCountSumTree(.., flags)
+            | Element::ProvableSumTree(.., flags)
             | Element::ItemWithSumItem(.., flags)
             | Element::CommitmentTree(.., flags)
             | Element::MmrTree(.., flags)

grovedb-element/src/element/mod.rs

@@ -140,20 +140,26 @@ pub enum Element {
     /// at construction and at deserialization.
     NonCounted(Box<Element>),
     /// Not-summed wrapper: contains a sum-bearing tree variant (`SumTree`,
-    /// `BigSumTree`, `CountSumTree`, `ProvableCountSumTree`) and behaves
-    /// identically to it for storage, hashing, and its own internal sum
-    /// aggregate, but contributes 0 to its parent sum tree's running sum
-    /// when inserted. Counts still propagate.
+    /// `BigSumTree`, `CountSumTree`, `ProvableCountSumTree`,
+    /// `ProvableSumTree`) and behaves identically to it for storage,
+    /// hashing, and its own internal sum aggregate, but contributes 0 to
+    /// its parent sum tree's running sum when inserted. Counts still
+    /// propagate.
     ///
     /// May only be inserted into sum-bearing trees (`SumTree`, `BigSumTree`,
-    /// `CountSumTree`, `ProvableCountSumTree`).
+    /// `CountSumTree`, `ProvableCountSumTree`, `ProvableSumTree`).
     ///
     /// Invariants (enforced at construction, serialization, and
     /// deserialization):
-    /// - The inner element MUST be one of the four sum-tree variants above.
+    /// - The inner element MUST be one of the five sum-tree variants above.
     /// - A `NotSummed` may not wrap another `NotSummed`, a `NonCounted`, or
     ///   any non-tree element.
     NotSummed(Box<Element>),
+    /// Same as Element::SumTree but includes the per-node sum in the
+    /// cryptographic state. This mirrors `ProvableCountTree` but for sums,
+    /// allowing aggregate-sum range queries to be cryptographically verified
+    /// by including the sum in each node hash.
+    ProvableSumTree(Option<Vec<u8>>, SumValue, Option<ElementFlags>),
 }
 
 pub fn hex_to_ascii(hex_value: &[u8]) -> String {
@@ -345,6 +351,17 @@ impl fmt::Display for Element {
             Element::NotSummed(inner) => {
                 write!(f, "NotSummed({})", inner)
             }
+            Element::ProvableSumTree(root_key, sum_value, flags) => {
+                write!(
+                    f,
+                    "ProvableSumTree({}, {}{})",
+                    root_key.as_ref().map_or("None".to_string(), hex::encode),
+                    sum_value,
+                    flags
+                        .as_ref()
+                        .map_or(String::new(), |f| format!(", flags: {:?}", f))
+                )
+            }
         }
     }
 }
@@ -373,6 +390,7 @@ impl Element {
             Element::MmrTree(..) => ElementType::MmrTree,
             Element::BulkAppendTree(..) => ElementType::BulkAppendTree,
             Element::DenseAppendOnlyFixedSizeTree(..) => ElementType::DenseAppendOnlyFixedSizeTree,
+            Element::ProvableSumTree(..) => ElementType::ProvableSumTree,
             Element::NonCounted(inner) => match inner.element_type() {
                 ElementType::Item => ElementType::NonCountedItem,
                 ElementType::Reference => ElementType::NonCountedReference,
@@ -391,6 +409,7 @@ impl Element {
                 ElementType::DenseAppendOnlyFixedSizeTree => {
                     ElementType::NonCountedDenseAppendOnlyFixedSizeTree
                 }
+                ElementType::ProvableSumTree => ElementType::NonCountedProvableSumTree,
                 // Inner is always a base type — nested wrappers are
                 // forbidden at construction and (de)serialization.
                 already_non_counted => already_non_counted,
@@ -400,7 +419,8 @@ impl Element {
                 ElementType::BigSumTree => ElementType::NotSummedBigSumTree,
                 ElementType::CountSumTree => ElementType::NotSummedCountSumTree,
                 ElementType::ProvableCountSumTree => ElementType::NotSummedProvableCountSumTree,
-                // Inner is always one of the 4 sum-tree variants above —
+                ElementType::ProvableSumTree => ElementType::NotSummedProvableSumTree,
+                // Inner is always one of the five sum-tree variants above —
                 // construction and (de)serialization forbid anything else.
                 // Returning the inner type is the safest fallback for the
                 // unreachable case.
@@ -437,11 +457,12 @@ impl Element {
                 Element::SumTree(..)
                 | Element::BigSumTree(..)
                 | Element::CountSumTree(..)
-                | Element::ProvableCountSumTree(..) => {}
+                | Element::ProvableCountSumTree(..)
+                | Element::ProvableSumTree(..) => {}
                 _ => {
                     return Err(crate::error::ElementError::InvalidInput(
                         "NotSummed inner element must be a sum-tree variant (SumTree, \
-                         BigSumTree, CountSumTree, or ProvableCountSumTree)",
+                         BigSumTree, CountSumTree, ProvableCountSumTree, or ProvableSumTree)",
                     ));
                 }
             },
@@ -514,6 +535,7 @@ mod serde_impl {
         DenseAppendOnlyFixedSizeTree(u16, u8, Option<ElementFlags>),
         NonCounted(Box<ElementShadow>),
         NotSummed(Box<ElementShadow>),
+        ProvableSumTree(Option<Vec<u8>>, SumValue, Option<ElementFlags>),
     }
 
     impl From<ElementShadow> for Element {
@@ -544,6 +566,7 @@ mod serde_impl {
                 ElementShadow::NotSummed(inner) => {
                     Element::NotSummed(Box::new(Element::from(*inner)))
                 }
+                ElementShadow::ProvableSumTree(k, s, f) => Element::ProvableSumTree(k, s, f),
             }
         }
     }
@@ -702,8 +725,8 @@ mod tests {
 
     #[test]
     fn element_type_resolves_not_summed_twins() {
-        // The four sum-tree variants each map to their NotSummed twin.
-        let cases: [(Element, ElementType); 4] = [
+        // The five sum-tree variants each map to their NotSummed twin.
+        let cases: [(Element, ElementType); 5] = [
             (
                 Element::NotSummed(Box::new(Element::SumTree(None, 0, None))),
                 ElementType::NotSummedSumTree,
@@ -720,6 +743,10 @@ mod tests {
                 Element::NotSummed(Box::new(Element::ProvableCountSumTree(None, 0, 0, None))),
                 ElementType::NotSummedProvableCountSumTree,
             ),
+            (
+                Element::NotSummed(Box::new(Element::ProvableSumTree(None, 0, None))),
+                ElementType::NotSummedProvableSumTree,
+            ),
         ];
         for (element, expected) in cases {
             assert_eq!(element.element_type(), expected);

grovedb-element/src/element/serialize.rs

@@ -39,7 +39,8 @@ impl Element {
                 Element::SumTree(..)
                 | Element::BigSumTree(..)
                 | Element::CountSumTree(..)
-                | Element::ProvableCountSumTree(..) => {}
+                | Element::ProvableCountSumTree(..)
+                | Element::ProvableSumTree(..) => {}
                 _ => {
                     return Err(ElementError::CorruptedData(
                         "NotSummed inner must be a sum-tree variant".to_string(),
@@ -116,7 +117,8 @@ impl Element {
                 Element::SumTree(..)
                 | Element::BigSumTree(..)
                 | Element::CountSumTree(..)
-                | Element::ProvableCountSumTree(..) => {}
+                | Element::ProvableCountSumTree(..)
+                | Element::ProvableSumTree(..) => {}
                 _ => {
                     return Err(ElementError::CorruptedData(
                         "deserialized NotSummed with non-sum-tree inner".to_string(),

grovedb-element/src/element/visualize.rs

@@ -186,6 +186,17 @@ impl Visualize for Element {
                 drawer = inner.visualize(drawer)?;
                 drawer.write(b")")?;
             }
+            Element::ProvableSumTree(root_key, value, flags) => {
+                drawer.write(b"provable_sum_tree: ")?;
+                drawer = root_key.as_deref().visualize(drawer)?;
+                drawer.write(format!(" {value}").as_bytes())?;
+
+                if let Some(f) = flags
+                    && !f.is_empty()
+                {
+                    drawer = f.visualize(drawer)?;
+                }
+            }
         }
         Ok(drawer)
     }