chore: bump grovedb to develop (352c2f55)

[QuantumExplorer]

Issue being fixed or feature implemented

Brings the grovedb dependency up to the latest develop (352c2f5504fba8795e8ed1056753bfd73c13b4cc) so we can pick up the new sum-tree work and related element/op surface that has landed upstream.

HEAD of grovedb develop is 4 commits ahead of our previous pin 7a649386:

• grovedb#666 — feat(grovedb,merk,element): add Element::NotCountedOrSummed wrapper for combined sum+count opt-out
• grovedb#667 — feat(grovedb,element): add Element::ReferenceWithSumItem variant + RefreshReferenceWithSumItem batch op
• grovedb#668 — ci: drop broken self-hosted macOS runner, run sharded on Ubuntu directly (no platform impact)
• grovedb#661 — feat: add Element::ProvableSumTree + AggregateSumOnRange query

What was done?

Dependency bump

Updated the rev for every grovedb-family git dep in the six platform Cargo.tomls (rs-drive, rs-drive-abci, rs-sdk, rs-dpp, rs-platform-version, rs-platform-wallet) and refreshed Cargo.lock for all 15 grovedb sub-crates.

API-surface adaptations

The bump exposed three breaking API changes that needed thin call-site fixes:

1. QualifiedGroveDbOp::refresh_reference_op gained a non_counted: bool argument (from grovedb#667).
   rs-drive's wrapper LowLevelDriveOperation::refresh_reference_for_known_path_key_reference_info (packages/rs-drive/src/fees/op.rs) now passes false for the new flag. Drive's refresh path only ever produces plain (counted) references — the new ReferenceWithSumItem / non-counted shapes aren't used by platform yet — so hard-coding false preserves prior behavior exactly.

2. TreeType::ProvableSumTree variant added (from grovedb#661).
   Two exhaustive matches needed a new arm: LowLevelDriveOperationTreeTypeConverter::empty_tree_operation_for_known_path_key (packages/rs-drive/src/fees/op.rs) and Drive::grove_insert_empty_tree_v0 (packages/rs-drive/src/util/grove_operations/grove_insert_empty_tree/v0/mod.rs). Both now route to Element::empty_provable_sum_tree[_with_flags](), mirroring the existing ProvableCountTree arms. Each arm gets a dedicated unit test covering the new variant.

3. Three new Element variants (NotCountedOrSummed, ReferenceWithSumItem, ProvableSumTree) added to format_element_data / format_element_type in packages/rs-sdk-ffi/src/system/queries/path_elements.rs, so the JSON renderer for dash_sdk_system_get_path_elements stays exhaustive.

4. QueryItem::AggregateSumOnRange variant added (from grovedb#661) — handled in packages/wasm-drive-verify/src/state_transition/state_transition_execution_path_queries/token_transition.rs with an arm that mirrors the existing AggregateCountOnRange "unsupported in token-transition path queries" error.

Proof-fixture trim (-1 byte × 2 files)

Two recorded SDK proof fixtures had to be re-canonicalized after the bump:

packages/rs-sdk/tests/vectors/test_token_pre_programmed_distributions_absent/msg_*.json    (-45 B on disk)
packages/rs-sdk/tests/vectors/test_token_pre_programmed_distributions_present/msg_*.json   (-45 B on disk)

GitHub displays them as "Binary file not shown" because the rs-sdk vector format uses a literal \x00 separator between the captured request and response JSONs, which trips git's binary-detection heuristic. The actual change in each fixture is exactly one byte removed from the tail of .version.v0.result.proof.grovedb_proof. The 45-byte file-size delta is purely the JSON re-encoding cost: removing the trailing array element 1 shortens the inner JSON by 14 chars (,\n 1), and that 14-byte string is then expressed in the outer "Ok":[…] byte array as 14 fewer comma-separated integers (10,32,32,32,32,32,32,32,32,32,32,32,32,49, ≈ 45 chars).

Why the trailing byte was there

The proofs in those fixtures are GroveDBProof::V1 envelopes (empirically verified: first byte 0x01, bincode-decodes as GroveDBProof::V1(LayerProof) consuming all but the trailing byte). V1 proofs first shipped on Dash Platform at protocol v7 (Medusa) via grovedb#513 and apps#3177 — both landed 2026-03-06. At that point V1 had the shape:

// grovedb @ V1's first ~5 days (before #647)
pub struct GroveDBProofV1 {
    pub root_layer: LayerProof,
    pub prove_options: ProveOptions,   // ← trailing struct
}

ProveOptions is a single bool (decrease_limit_on_empty_sub_query_result, default true), which bincode encodes as one byte 0x01.

On 2026-03-11, grovedb#647 — fix: remove ProveOptions from V1 proofs to close result-truncation attack — dropped the field. A malicious prover could otherwise set the option to true even when the original query specified false, causing the verifier to consume its result limit faster and return fewer results than actually exist. Removing the field from the wire format meant the verifier now uses ProveOptions::default() instead.

On 2026-03-14 (3 commits behind #647), apps#3246 (feat(rs-sdk): implement getTokenPreProgrammedDistributions query) recorded these fixtures against drive-abci built with grovedb dd99ed1d — the pre-#647 V1 shape. Each captured proof therefore carries a single trailing 0x01 byte that is no longer part of V1's encoded representation.

Every grovedb bump since then kept working because the verifier called bincode::decode_from_slice(proof, config) and silently discarded leftover bytes. The current bump pulls in decode_grovedb_proof_canonical, which rejects any decode that leaves bytes unconsumed — exposing the 8-week-old artifact for the first time.

Why trimming is safe

The trailing ProveOptions byte was never bound into the proof's cryptographic state:

• decode_grovedb_proof_canonical's own docstring describes the trailing-byte tolerance gap as "harmless for the chain-bound correctness guarantee" — the decoded GroveDBProof and the root hash it commits to are unchanged.
• Drive's should_prove_and_verify_pre_programmed_distributions round-trip test passes against the bumped grovedb, confirming the canonical 650-byte form verifies cleanly with the exact same root hash.
• Empirical check: bincode::decode_from_slice::<GroveDBProof, _>(proof_651_bytes, config) succeeds, consumes 650 bytes, and re-encoding the decoded value produces byte-for-byte the same 650-byte prefix.

The trim brings the cached fixtures in line with what current drive-abci actually emits, so they stay useful as a regression check rather than rotting further with each future grovedb update.

How Has This Been Tested?

• The two previously-failing dash-sdk fixture-replay tests now pass against the bumped grovedb with no verifier-side workaround:
  • dash-sdk::fetch::tokens::token_pre_programmed_distributions::test_token_pre_programmed_distributions_present
  • dash-sdk::fetch::tokens::token_pre_programmed_distributions::test_token_pre_programmed_distributions_absent
• Their rs-sdk-ffi mirrors also pass:
  • rs-sdk-ffi::token::test_token_pre_programmed_distributions
  • rs-sdk-ffi::token::test_token_pre_programmed_distributions_absent
• cargo test -p drive --lib verify --features server — 240/240 pass (covers every drive-side proof verification path; proves the fixture trim doesn't disturb any other proof).
• cargo test -p drive --lib util::grove_operations::grove_insert_empty_tree — 6/6 (includes the new ProvableSumTree arm).
• cargo test -p drive --lib fees::op::tests::empty_tree_operation_for_known_path_key_provable_sum_tree — 1/1 (covers the second ProvableSumTree arm; raised patch coverage from 95% to 100% on the new lines).
• cargo check --workspace --all-features and cargo clippy -p drive -p wasm-drive-verify -p rs-sdk-ffi --all-features --no-deps — clean.
• cargo fmt --all applied.

Breaking Changes

None for platform consumers. The grovedb on-disk encoding for variants that existed in the previous pin is unchanged (the new variants NotCountedOrSummed=17, ReferenceWithSumItem=18, ProvableSumTree=19 were appended). Drive's public refresh_reference_for_known_path_key_reference_info wrapper keeps the same signature.

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have added "!" to the title and described breaking changes in the corresponding section if my code contains any
• I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

• I have assigned this pull request to a milestone

🤖 Generated with Claude Code

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR pins all grovedb-family dependencies across the platform to a new commit (352c2f...) that introduces ProvableSumTree and ReferenceWithSumItem element types. The codebase is extended to support these new variants in empty-tree operations, reference refresh logic, and SDK JSON serialization, with query-type validation added for token-transition paths.

Changes

GroveDB Dependency and ProvableSumTree Support

Layer / File(s)	Summary
GroveDB dependency revisions across packages packages/rs-dpp/Cargo.toml, packages/rs-drive-abci/Cargo.toml, packages/rs-drive/Cargo.toml, packages/rs-platform-version/Cargo.toml, packages/rs-platform-wallet/Cargo.toml, packages/rs-sdk/Cargo.toml	All grovedb and grovedb-commitment-tree git dependencies updated to the new commit hash (352c2f...) across six package manifests, including main and dev-dependencies.
ProvableSumTree element support in core operations packages/rs-drive/src/fees/op.rs, packages/rs-drive/src/util/grove_operations/grove_insert_empty_tree/v0/mod.rs	ProvableSumTree variant handling added to empty-tree insertion (grove_insert_empty_tree_v0) and empty-tree creation in fee calculations (TreeType::empty_tree_operation_for_known_path_key); refresh-reference operation hardcoded to false for plain/countable references only.
SDK/FFI serialization for new element types packages/rs-sdk-ffi/src/system/queries/path_elements.rs, packages/wasm-drive-verify/src/state_transition/state_transition_execution_path_queries/token_transition.rs	Path-element JSON formatters updated to serialize ReferenceWithSumItem and Provable* variants (including ProvableSumTree); wrapper types consolidated from NonCounted/NotSummed to NotCountedOrSummed; AggregateSumOnRange query type rejection added to token-transition path validation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• shumkov

Poem

🐰 A grovedb grows with types anew,
Sum trees and references in the dew,
From pins to schemas, all aligned,
The platform's elements redesigned,
Hopping forward, features shine! 🌱

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the primary change: bumping grovedb dependencies to a specific commit, which aligns with the detailed PR objectives covering dependency updates across multiple Cargo.toml files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/hopeful-allen-c6b170

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[thepastaclaw]

Review Gate

Commit: f133297d

• ✅ Debounce: 74m ago (need 30m)

• ⏳ CI checks: build failure: Swift SDK build / Swift SDK and Example build (warnings as errors)

• ✅ CodeRabbit review: comment found

• ✅ Off-peak hours: off-peak (03:12 AM PT Sunday)

• Run review now (check to override)

[coderabbitai]

🧹 Nitpick comments (1)

packages/rs-drive/src/util/grove_operations/grove_insert_empty_tree/v0/mod.rs (1)

31-31: ⚡ Quick win

Add a test for the new ProvableSumTree branch.

The new match arm in Line 31 is not covered by this module’s current tests, so this mapping can regress silently.

Proposed test addition

@@
     #[test]
+    fn test_grove_insert_empty_tree_provable_sum() {
+        let drive = setup_drive(None);
+        let pv = PlatformVersion::latest();
+        let tx = drive.grove.start_transaction();
+
+        drive
+            .grove_insert_empty_tree_v0(
+                SubtreePath::empty(),
+                b"provable_sum",
+                TreeType::ProvableSumTree,
+                Some(&tx),
+                None,
+                &mut vec![],
+                &pv.drive,
+            )
+            .expect("expected to insert root tree");
+
+        let mut query_ops = vec![];
+        let element = drive
+            .grove_get_raw(
+                SubtreePath::empty(),
+                b"provable_sum",
+                DirectQueryType::StatefulDirectQuery,
+                Some(&tx),
+                &mut query_ops,
+                &pv.drive,
+            )
+            .expect("expected to get element");
+
+        assert!(
+            matches!(element, Some(Element::ProvableSumTree(..))),
+            "Expected a provable sum tree element after insert"
+        );
+    }
+
+    #[test]
     fn test_grove_insert_empty_tree_count_sum() {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/rs-drive/src/util/grove_operations/grove_insert_empty_tree/v0/mod.rs`
at line 31, Add a unit test that exercises the new TreeType::ProvableSumTree
match arm so it can't regress: call the public function in this module that
performs the match (the function containing the TreeType -> Element mapping in
grove_insert_empty_tree v0) with TreeType::ProvableSumTree and assert the
returned Element equals Element::empty_provable_sum_tree(); place the test
alongside the module's other tests (or in the module's #[cfg(test)] tests) so it
runs in CI.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@packages/rs-drive/src/util/grove_operations/grove_insert_empty_tree/v0/mod.rs`:
- Line 31: Add a unit test that exercises the new TreeType::ProvableSumTree
match arm so it can't regress: call the public function in this module that
performs the match (the function containing the TreeType -> Element mapping in
grove_insert_empty_tree v0) with TreeType::ProvableSumTree and assert the
returned Element equals Element::empty_provable_sum_tree(); place the test
alongside the module's other tests (or in the module's #[cfg(test)] tests) so it
runs in CI.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 05fb9d9d-6498-4669-b957-3108dfc6bc44

📥 Commits

Reviewing files that changed from the base of the PR and between 61bca22 and 322f210.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (10)

• packages/rs-dpp/Cargo.toml
• packages/rs-drive-abci/Cargo.toml
• packages/rs-drive/Cargo.toml
• packages/rs-drive/src/fees/op.rs
• packages/rs-drive/src/util/grove_operations/grove_insert_empty_tree/v0/mod.rs
• packages/rs-platform-version/Cargo.toml
• packages/rs-platform-wallet/Cargo.toml
• packages/rs-sdk-ffi/src/system/queries/path_elements.rs
• packages/rs-sdk/Cargo.toml
• packages/wasm-drive-verify/src/state_transition/state_transition_execution_path_queries/token_transition.rs

[QuantumExplorer]

Reviewed

[codecov]

Codecov Report

❌ Patch coverage is 77.77778% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 88.05%. Comparing base (187d46c) to head (f133297).
⚠️ Report is 4 commits behind head on v3.1-dev.

Files with missing lines	Patch %	Lines
packages/rs-drive/src/fees/op.rs	82.35%	3 Missing ⚠️
...grove_operations/grove_insert_empty_tree/v0/mod.rs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##           v3.1-dev    #3656      +/-   ##
============================================
- Coverage     88.07%   88.05%   -0.02%     
============================================
  Files          2521     2521              
  Lines        308681   308781     +100     
============================================
+ Hits         271879   271908      +29     
- Misses        36802    36873      +71     

Components	Coverage Δ
dpp	88.01% <ø> (ø)
drive	87.03% <77.77%> (-0.05%)	⬇️
drive-abci	90.05% <ø> (ø)
sdk	∅ <ø> (∅)
dapi-client	∅ <ø> (∅)
platform-version	∅ <ø> (∅)
platform-value	92.17% <ø> (ø)
platform-wallet	∅ <ø> (∅)
drive-proof-verifier	53.13% <ø> (-0.10%)	⬇️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.