fix: allow parent tree info count-offset proofs

[thepastaclaw]

Fix parent-tree-info count-offset proof verification

Summary

• Allow verify_query_get_parent_tree_info_with_options to reach the shared
  V0/V1 proof-envelope offset gate instead of rejecting offsets before proof
  decoding.
• Keep V0 parent-tree-info offset queries rejected through the shared gate.
• Add a V1 regression proving offset-paginated parent-tree-info verification
  succeeds for provable count trees.

Fixes #707.

Validation

• cargo test -p grovedb verify_v1_get_parent_tree_info_with_offset_succeeds --lib
• cargo test -p grovedb verify_v0_get_parent_tree_info_with_offset_errors --lib
• Code review gate: code-review dashpay/grovedb upstream/develop refs/remotes/local/fix-parent-tree-count-offset "Fix grovedb#707 by allowing parent-tree-info verification with offset-paginated V1 count proofs while preserving V0 rejection; adds V0 rejection and V1 success regressions" → ship

Summary by CodeRabbit

• Bug Fixes

  • Proof verification now properly handles offset-based queries instead of rejecting them prematurely, delegating validation to centralized logic.

• Tests

  • Strengthened error validation for offset handling in proof verification tests.
  • Added test coverage for offset pagination support in proof verification.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b8301f36-5774-4d07-9ca0-dfe42718b576

📥 Commits

Reviewing files that changed from the base of the PR and between 9f67e8c and fe6cf44.

📒 Files selected for processing (2)

• grovedb/src/operations/proof/verify.rs
• grovedb/src/tests/proof_coverage_tests.rs

💤 Files with no reviewable changes (1)

• grovedb/src/operations/proof/verify.rs

---

📝 Walkthrough

Walkthrough

This PR addresses an audit finding by removing the early offset validation in parent-tree-info proof verification. The centralized envelope gate now uniformly applies V0 rejection and V1 acceptance of offset queries. Tests verify V0 still correctly rejects offset-bearing queries while V1 accepts and returns correctly paginated results.

Changes

Offset validation centralization

Layer / File(s)	Summary
Remove early offset validation grovedb/src/operations/proof/verify.rs	The Error::NotSupported pre-check for offset queries was removed from verify_query_get_parent_tree_info_with_options, deferring offset validation to the shared envelope gate in verify_proof_internal.
V0 offset rejection test grovedb/src/tests/proof_coverage_tests.rs	Refactored verify_v0_get_parent_tree_info_with_offset_errors to generate a non-offset proof, assert V0 envelope format under GROVE_V2, construct a separate offset-bearing query, and verify it returns Error::NotSupported from the centralized gate.
V1 offset pagination test grovedb/src/tests/proof_coverage_tests.rs	Added verify_v1_get_parent_tree_info_with_offset_succeeds to verify offset-paginated parent-tree-info queries succeed under V1, returning the correct feature type and keys for the offset+limit window over a 15-item ProvableCountTree.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A gate stood firm, rejecting all offsets with haste,
But V1 proofs cried out, "Don't make us wait!"
Now shared gates decide what each version can do—
V0 still says "no," while V1 breaks through. 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: allow parent tree info count-offset proofs' accurately summarizes the main change: removing the early offset rejection to allow count-offset proofs in parent tree info verification.
Linked Issues check	✅ Passed	The pull request fulfills all coding requirements from issue #707: removes unconditional early offset rejection in verify_query_get_parent_tree_info_with_options, preserves V0 rejection through shared gate, and adds both V1 success and V0 error regression tests.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the linked issue requirements: modifications to offset handling in verify.rs and corresponding test updates in proof_coverage_tests.rs, with no unrelated alterations.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[thepastaclaw]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[thepastaclaw]

✅ Review complete (commit fe6cf44)

[thepastaclaw]

Code Review

Targeted change correctly removes a redundant early offset reject from verify_query_get_parent_tree_info_with_options and delegates to the shared V0-rejects/V1-relaxes envelope gate. However, the newly-enabled V1 path inherits a latent bug: combining absence_proofs_for_non_existing_searched_keys: true with a non-zero offset on a V1 envelope causes query.terminal_keys(limit, ...) (offset-unaware) to rewrite valid results into false absences. The PR newly exposes this consensus-relevant misbehavior through the parent-tree-info entry point, and the fix belongs in the shared V1 absence-proof block so it covers all entry points.

🔴 1 blocking

1 additional finding(s) omitted (not in diff).

🤖 Prompt for all review comments with AI agents

These findings are from an automated code review. Verify each finding against the current code and only fix it if needed.

In `grovedb/src/operations/proof/verify.rs`:
- [BLOCKING] grovedb/src/operations/proof/verify.rs:370-375: V1 absence-proof rewrite is offset-unaware and produces false absences
  After this PR, `verify_query_get_parent_tree_info_with_options` can reach V1 count-offset verification, and `verify_query_with_options` already does. Both still accept `absence_proofs_for_non_existing_searched_keys: true` together with a non-zero offset. The V1 verifier returns the offset page (e.g. keys `f,g,h` for `offset=5, limit=3` on a narrow range), but the absence-proof block then calls `query.terminal_keys(max_results, ...)`, which is offset-unaware — `Query::terminal_keys_inner` (grovedb-query/src/query.rs:361) only enumerates the first `limit` searched keys from the range item and never consults `SizedQuery::offset`. The terminal keys it produces (e.g. `a,b,c`) miss every entry in the result set, so the final rewrite emits `(path, a, None), (path, b, None), (path, c, None)` — false absence proofs for keys that actually exist. Because absence-proof verification is consensus-critical, this needs to be rejected at the shared V1 absence-proof entry until terminal-key generation is made offset-aware. Centralizing the reject in `verify_proof_v1_internal` (rather than only in the parent-tree-info entry point) covers both call sites uniformly.