fix: resolve merge conflict with main and add repo links

Resolve merge conflict in SUMMARY.md keeping the renamed
integration-guide.md from main and the Auctions section from
this branch.

Add Hardhat template and OZ confidential contracts repo links
to erc7984.md as requested in PR review.

Author: poppyseedDev

.github/workflows/contracts-upgrade-version-check.yml

@@ -9,7 +9,7 @@ on:
 # This avoids unnecessary reinitializer bumps when multiple PRs modify
 # the same contract between deployments. Keep in sync with *-upgrade-tests.yml.
 env:
-  UPGRADE_FROM_TAG: v0.11.0
+  UPGRADE_FROM_TAG: v0.11.1
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -36,11 +36,13 @@ jobs:
               - .github/workflows/contracts-upgrade-version-check.yml
               - ci/check-upgrade-versions.ts
               - ci/merge-address-constants.ts
+              - ci/upgrade-version-check-lib.ts
               - host-contracts/**
             gateway-contracts:
               - .github/workflows/contracts-upgrade-version-check.yml
               - ci/check-upgrade-versions.ts
               - ci/merge-address-constants.ts
+              - ci/upgrade-version-check-lib.ts
               - gateway-contracts/**
 
   check:

.github/workflows/coprocessor-benchmark-cpu.yml

@@ -172,7 +172,7 @@ jobs:
 
       - name: Start localstack
         run: |
-          docker run --rm -d -p 4566:4566 --name localstack localstack/localstack:latest
+          docker run --rm -d -p 4566:4566 --name localstack localstack/localstack:4.14.0
 
       - name: Run benchmarks on CPU
         run: |

.github/workflows/coprocessor-cargo-tests.yml

@@ -41,6 +41,9 @@ jobs:
       packages: 'read' # Required to read GitHub packages/container registry
       pull-requests: 'write' # Required to post coverage comment on PR
     runs-on: large_ubuntu_16
+    env:
+      CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER: clang
+      RUSTFLAGS: "-C link-arg=-fuse-ld=mold"
     steps:
     - name: Checkout code
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -51,6 +54,25 @@ jobs:
     - name: Checkout LFS objects
       run: git lfs checkout
 
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Login to GitHub Chainguard Registry
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+      with:
+        registry: cgr.dev
+        username: ${{ secrets.CGR_USERNAME }}
+        password: ${{ secrets.CGR_PASSWORD }}
+
+    - name: Start database services (background)
+      run: |
+        nohup docker compose up -d --build db-migration > /tmp/db-init.log 2>&1 &
+      working-directory: coprocessor/fhevm-engine/tfhe-worker
+
     - name: Setup Rust toolchain file
       run: cp coprocessor/fhevm-engine/rust-toolchain.toml .
 
@@ -65,7 +87,7 @@ jobs:
     - name: Install cargo dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install -y protobuf-compiler && \
+        sudo apt-get install -y protobuf-compiler mold clang && \
         cargo install sqlx-cli --version 0.7.2 --no-default-features --features postgres --locked
 
     - name: Install foundry
@@ -81,42 +103,55 @@ jobs:
         key: ${{ runner.os }}-cargo-coverage-${{ hashFiles('**/Cargo.lock') }}
         restore-keys: ${{ runner.os }}-cargo-coverage-
 
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Login to GitHub Chainguard Registry
-      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-      with:
-        registry: cgr.dev
-        username: ${{ secrets.CGR_USERNAME }}
-        password: ${{ secrets.CGR_PASSWORD }}
-
-    - name: Init database
-      run: make init_db
-      working-directory: coprocessor/fhevm-engine/tfhe-worker
-
     - name: Use Node.js
       uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
       with:
         node-version: 20.x
 
     - name: Start localstack
-      run: |
-        docker run --rm -d -p 4566:4566 --name localstack localstack/localstack:latest
+      run: docker run --rm -d -p 4566:4566 --name localstack localstack/localstack:4.14.0
 
     - name: Clean previous coverage data
       run: cargo llvm-cov clean --workspace --profile coverage
       working-directory: coprocessor/fhevm-engine
 
+    - name: Compile tests with coverage instrumentation
+      run: |
+        cargo llvm-cov show-env --sh > /tmp/llvm-cov-env.sh
+        source /tmp/llvm-cov-env.sh
+        DATABASE_URL=postgresql://postgres:postgres@localhost:5432/coprocessor \
+        SQLX_OFFLINE=true \
+        cargo test --no-run --workspace --profile coverage
+      working-directory: coprocessor/fhevm-engine
+
+    - name: Wait for database migration
+      run: |
+        SECONDS=0
+        while ! docker container inspect db-migration > /dev/null 2>&1; do
+          if [ "$SECONDS" -ge 900 ]; then
+            echo "Timed out waiting for db-migration container after 15 minutes"
+            cat /tmp/db-init.log
+            exit 1
+          fi
+          echo "Waiting for db-migration container to be created..."
+          sleep 2
+        done
+        EXIT_CODE=$(docker wait db-migration)
+        if [ "$EXIT_CODE" != "0" ]; then
+          echo "Database migration failed with exit code $EXIT_CODE"
+          docker logs db-migration
+          cat /tmp/db-init.log
+          exit 1
+        fi
+        echo "Database migration completed"
+
     - name: Run tests with coverage
       run: |
+        source /tmp/llvm-cov-env.sh
         DATABASE_URL=postgresql://postgres:postgres@localhost:5432/coprocessor \
         TEST_GLOBAL_LOCALSTACK=1 \
-        cargo llvm-cov --no-report --workspace --profile coverage
+        SQLX_OFFLINE=true \
+        cargo test --workspace --profile coverage
       working-directory: coprocessor/fhevm-engine
 
     - name: Generate coverage report

.github/workflows/coprocessor-gpu-tests.yml

@@ -167,8 +167,9 @@ jobs:
           username: ${{ secrets.CGR_USERNAME }}
           password: ${{ secrets.CGR_PASSWORD }}
 
-      - name: Init database
-        run: make init_db
+      - name: Start database services (background)
+        run: |
+          nohup docker compose up -d --build db-migration > /tmp/db-init.log 2>&1 &
         working-directory: coprocessor/fhevm-engine/tfhe-worker
 
       - name: Use Node.js
@@ -182,6 +183,37 @@ jobs:
         env:
           HARDHAT_NETWORK: hardhat
 
+      - name: Compile GPU test artifacts
+        run: |
+          SQLX_OFFLINE=true cargo test --no-run \
+          -p tfhe-worker \
+          -p sns-worker \
+          -p zkproof-worker \
+          --release \
+          --features=gpu
+        working-directory: coprocessor/fhevm-engine
+
+      - name: Wait for database migration
+        run: |
+          SECONDS=0
+          while ! docker container inspect db-migration > /dev/null 2>&1; do
+            if [ "$SECONDS" -ge 900 ]; then
+              echo "Timed out waiting for db-migration container after 15 minutes"
+              cat /tmp/db-init.log
+              exit 1
+            fi
+            echo "Waiting for db-migration container to be created..."
+            sleep 2
+          done
+          EXIT_CODE=$(docker wait db-migration)
+          if [ "$EXIT_CODE" != "0" ]; then
+            echo "Database migration failed with exit code $EXIT_CODE"
+            docker logs db-migration
+            cat /tmp/db-init.log
+            exit 1
+          fi
+          echo "Database migration completed"
+
       - name: Run GPU tests for the worker services.
         run: |
           export DATABASE_URL=postgresql://postgres:postgres@localhost:5432/coprocessor

.github/workflows/gateway-contracts-upgrade-tests.yml

@@ -16,7 +16,7 @@ concurrency:
 # - RPC_URL: The port should match the one used in the anvil node in the docker-compose.yml file
 env:
   # Bump this tag each release cycle to test upgrades from the previous version
-  UPGRADE_FROM_TAG: v0.11.0
+  UPGRADE_FROM_TAG: v0.11.1
   DOTENV_CONFIG_PATH: .env.example
   HARDHAT_NETWORK: staging
   CHAIN_ID_GATEWAY: 54321

.github/workflows/host-contracts-upgrade-tests.yml

@@ -15,7 +15,7 @@ concurrency:
 # - CHAIN_ID_GATEWAY: The chain ID of the gateway network, used by deployment tasks
 # - RPC_URL: The port should match the one used in the anvil node in the docker-compose.yml file
 env:
-  UPGRADE_FROM_TAG: v0.11.0
+  UPGRADE_FROM_TAG: v0.11.1
   DOTENV_CONFIG_PATH: .env.example
   HARDHAT_NETWORK: staging
   CHAIN_ID_GATEWAY: 54321
@@ -120,6 +120,28 @@ jobs:
           cp -r ../../previous-fhevm/host-contracts/contracts ./previous-contracts
           docker cp fhevm-sc-deploy:/app/addresses ./
 
+      # The regular upgrade loop below only exercises task:upgrade<Contract>, which upgrades the proxy in place.
+      # We also rely on task:prepareUpgradeFHEVMExecutor operationally to deploy a new implementation without
+      # mutating the proxy. This smoke step covers that prepare-only path and guards against regressions where
+      # the task stops deploying correctly or accidentally upgrades the proxy instead of just preparing it.
+      - name: Smoke test prepare-only FHEVMExecutor deployment
+        working-directory: current-fhevm/host-contracts
+        run: |
+          set -euo pipefail
+          git fetch --depth=1 origin "refs/tags/${UPGRADE_FROM_TAG}:refs/tags/${UPGRADE_FROM_TAG}"
+          source addresses/.env.host
+
+          before_impl=$(cast implementation "$FHEVM_EXECUTOR_CONTRACT_ADDRESS" --rpc-url "$RPC_URL")
+
+          npx hardhat task:prepareUpgradeFHEVMExecutor \
+            --upgrade-from-ref "$UPGRADE_FROM_TAG" \
+            --new-implementation contracts/FHEVMExecutor.sol:FHEVMExecutor \
+            --use-internal-proxy-address true \
+            --verify-contract false
+
+          after_impl=$(cast implementation "$FHEVM_EXECUTOR_CONTRACT_ADDRESS" --rpc-url "$RPC_URL")
+          test "$before_impl" = "$after_impl"
+
       - name: Run contract upgrades
         working-directory: current-fhevm/host-contracts
         run: |

.github/workflows/kms-connector-docker-build.yml

@@ -101,7 +101,7 @@ jobs:
           - kms-connector/crates/gw-listener/**
           - kms-connector/crates/utils/**
           - kms-connector/Cargo.*
-          - gateway-contracts/rust-bindings/**
+          - gateway-contracts/rust_bindings/**
 
   check-changes-kms-worker:
     uses: ./.github/workflows/check-changes-for-docker-build.yml
@@ -118,8 +118,8 @@ jobs:
           - kms-connector/crates/kms-worker/**
           - kms-connector/crates/utils/**
           - kms-connector/Cargo.*
-          - gateway-contracts/rust-bindings/**
-          - host-contracts/rust-bindings/**
+          - gateway-contracts/rust_bindings/**
+          - host-contracts/rust_bindings/**
 
   check-changes-tx-sender:
     uses: ./.github/workflows/check-changes-for-docker-build.yml
@@ -136,7 +136,7 @@ jobs:
           - kms-connector/crates/tx-sender/**
           - kms-connector/crates/utils/**
           - kms-connector/Cargo.*
-          - gateway-contracts/rust-bindings/**
+          - gateway-contracts/rust_bindings/**
 
   ########################################################################
   #                        BUILD DECISIONS                               #

.github/workflows/kms-connector-tests.yml

@@ -39,8 +39,8 @@ jobs:
             - kms-connector/connector-db/**
             - kms-connector/crates/**
             - kms-connector/Cargo.*
-            - gateway-contracts/rust-bindings/**
-            - host-contracts/rust-bindings/**
+            - gateway-contracts/rust_bindings/**
+            - host-contracts/rust_bindings/**
 
   start-runner:
     name: kms-connector-tests/start-runner

.github/workflows/test-suite-e2e-operators-tests.yml

@@ -1,7 +1,5 @@
 name: test-suite-e2e-operators-tests
 
-# Github does not support more than 10 inputs for workflow_dispatch:
-# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#providing-inputs
 # Core, relayer and test-suite will use the default versions defined in the `fhevm-cli` script
 on:
   workflow_dispatch:
@@ -47,6 +45,14 @@ on:
         description: "ZKProof Worker Image Version"
         default: ""
         type: string
+      deploy-build:
+        description: "Build local Docker images from the checked out repository before deploy"
+        default: false
+        type: boolean
+      grep:
+        description: "Optional grep pattern to narrow operators tests"
+        default: ""
+        type: string
 
 permissions: {}
 
@@ -127,22 +133,34 @@ jobs:
           TFHE_WORKER_VERSION: ${{ inputs.tfhe_worker_version }}
           SNS_WORKER_VERSION: ${{ inputs.sns_worker_version }}
           ZKPROOF_WORKER_VERSION: ${{ inputs.zkproof_worker_version }}
+          DEPLOY_BUILD: ${{ inputs.deploy-build }}
         run: |
-          ./fhevm-cli deploy --coprocessors 2 --coprocessor-threshold 2
+          if [[ "$DEPLOY_BUILD" == 'true' ]]; then
+            ./fhevm-cli deploy --build --coprocessors 2 --coprocessor-threshold 2
+          else
+            ./fhevm-cli deploy --coprocessors 2 --coprocessor-threshold 2
+          fi
 
       - name: All operators tests
         working-directory: test-suite/fhevm
+        env:
+          GREP: ${{ inputs.grep }}
         run: |
-          ./fhevm-cli test operators
+          if [ -n "$GREP" ]; then
+            ./fhevm-cli test operators -g "$GREP"
+          else
+            ./fhevm-cli test operators
+          fi
 
       - name: Random operators tests
+        if: ${{ inputs.grep == '' }}
         working-directory: test-suite/fhevm
         run: |
           ./fhevm-cli test random
 
       - name: Show logs on test failure
         working-directory: test-suite/fhevm
-        if: always()
+        if: failure()
         run: |
           echo "::group::Relayer Logs"
           ./fhevm-cli logs relayer

.github/workflows/test-suite-e2e-tests.yml

@@ -187,7 +187,17 @@ jobs:
         run: |
           ./fhevm-cli unpause gateway
 
-      # E2E tests after unpausing the Host and Gateway contracts
+      # E2E tests after unpausing the Host and Gateway contracts.
+      
+      # The revert test runs first: it populates the DB, reverts to a midpoint,
+      # and waits for the coprocessor to recover. All subsequent tests then run
+      # against a post-revert DB, providing a stronger guarantee that the
+      # coprocessor works correctly after a state revert.
+      - name: Coprocessor DB state revert test
+        working-directory: test-suite/fhevm
+        run: |
+          ./fhevm-cli test coprocessor-db-state-revert
+
       - name: Input proof test (uint64)
         working-directory: test-suite/fhevm
         run: |