feat(test-suite): replace fhevm bash cli with Bun runtime

[Eikix]

Closes https://github.com/zama-ai/fhevm-internal/issues/1042

Summary

Replace the legacy test-suite/fhevm/fhevm-cli bash workflow with a Bun-native TypeScript CLI.

The new CLI makes target selection, runtime generation, resume, local builds, upgrade flows, and multicopro scenarios explicit and reproducible instead of relying on bash defaults and workflow-specific behavior.

User-facing changes

• boot explicit targets:
  • latest-supported
  • latest-main
  • sha --sha <git-sha>
  • devnet
  • testnet
  • mainnet
• treat latest-supported as a tracked maintained bundle profile:
  • test-suite/fhevm/profiles/latest-supported.json
• keep latest-main as the moving mainline baseline:
  • newest complete repo-owned main SHA bundle at or after the simple-ACL floor
  • non-repo companions come from the mainline defaults in src/presets.ts
• lock every resolved bundle under .fhevm/locks
• persist runtime state under .fhevm/state.json
• support full-group local overrides for:
  • coprocessor
  • kms-connector
  • gateway-contracts
  • host-contracts
  • test-suite
• support per-service overrides only for runtime groups:
  • coprocessor
  • kms-connector
  • test-suite
• support --build as the full local-workspace path:
  • normal stacks: full local workspace, including coprocessor
  • scenario runs: full local workspace except coprocessor, which stays scenario-driven
• support upgrade <group> for active runtime overrides:
  • coprocessor
  • kms-connector
  • test-suite
• replace the old multicopro CLI flags with explicit scenario files:
  • fhevm-cli up --scenario ./scenarios/two-of-two.yaml
• keep --override coprocessor as the fast local-dev shorthand
• keep deploy as an alias for up
• remove doctor in favor of up --dry-run

Architecture

Tracked inputs are now split by ownership:

• test-suite/fhevm/docker-compose/: base compose truth
• test-suite/fhevm/templates/: tracked templates rendered by the CLI
• test-suite/fhevm/static/: tracked config mounted as-is
• test-suite/fhevm/scenarios/: checked-in consensus/matrix inputs
• test-suite/fhevm/profiles/: tracked maintained bundle profiles

Generated runtime output lives under .fhevm/:

• .fhevm/env/
• .fhevm/config/
• .fhevm/compose/
• .fhevm/addresses/
• .fhevm/locks/
• .fhevm/state.json

The runtime flow is now:

1. resolve the target/profile bundle
2. apply version env overrides
3. resolve the coprocessor scenario or --override coprocessor shorthand
4. build a normalized runtime plan
5. render env/config/compose artifacts
6. run the step-based pipeline with resume support

The code is split around that model:

• src/resolve.ts
• src/scenario.ts
• src/runtime-plan.ts
• src/render-env.ts
• src/render-config.ts
• src/render-compose.ts
• src/pipeline.ts

Tracked compose files are the default runtime truth. .fhevm/compose/ now contains selective overrides instead of full generated replacements for every component. Coprocessor topology remains the structural exception.

Compatibility and targeting

• latest-main and sha are hard-cut to the simple-ACL era and fail before the supported floor
• exact sha resolution requires a complete repo-owned image set and a commit that exists on main
• latest-main resolves repo-owned services from main; src/presets.ts supplies the non-repo companion baseline for the common mainline path
• src/compat.ts is kept focused on cross-era protection:
  • known-invalid bundle pairs
  • legacy runtime shims
  • target resolution anchors

CI contract

• reusable e2e now always boots latest-main with the checked-in two-of-two scenario
• manual workflow dispatch defaults to build=true, so a human dispatch naturally validates the checked out branch from source
• merge-queue orchestration passes build=false explicitly and overlays repo-owned *_VERSION env vars only for components whose Docker build succeeded
• skipped component builds leave those overrides unset, so they naturally stay on the latest-main baseline
• merge queue fails before e2e if a required repo-owned build reports a non-skipped failure
• operators e2e uses the same latest-main baseline and scenario model

Quality and reliability improvements

• replace the monolithic bash runtime with typed services and tests
• make runtime artifact regeneration deterministic for resume, upgrade, and teardown
• make Docker/preflight failures surface clearly instead of degrading into misleading output
• fix lock-file boots, exact SHA handling, runtime error rendering, and stale state handling
• add scenario parsing/validation for consensus workflows
• keep state persistence normalized by deriving topology from scenario on load instead of persisting both authorities
• port the ciphertext-drift path off bash into shared TS/Bun code

Validation

Verified on the current branch state:

• bun run check
• bun test (322 tests)
• repeated local QA and live-stack validation across:
  • baseline lifecycle
  • resume / regenerate paths
  • local override flows
  • full local-workspace --build dry-runs
  • upgrade coprocessor
  • scenario-driven multicopro boot paths
  • latest-main dry-runs and scenario dry-runs

Notes

• latest-supported is now a tracked maintained profile, not a dynamic “latest release” resolver.
• latest-main is the moving baseline for PR validation and local mainline testing.
• --scenario remains the explicit consensus/matrix interface.
• --override coprocessor remains the fast local e2e path.
• --build is the full local-workspace path.

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for 89296fd.

❌ Job Failures

Pipeline	Job	Health on main	Retries	🔍 CI Insights	📄 Logs
coprocessor-cargo-test	coprocessor-cargo-test/cargo-tests (bpr)		0	View	View

[eudelins-zama]

Just a small note to say it would be nice to merge this feature branch first to avoid handling conflicts with this one 😇

[Eikix]

@claude /pr-review

[PanGan21]

@cla-bot check

[cla-bot]

The cla-bot has been summoned, and re-checked this pull request!

[Eikix]

Opened a sacrificial draft PR to exercise the merge-queue-style E2E orchestration on the same head commit as this PR: #2087

It is draft-only and should not be merged. Once we have the workflow signal, we can close it.

[Eikix]

@claude /pr-review

[claude]

Claude timed out while processing the request. — View run

[Eikix]

Go back to always()

[Eikix]

can we use the short form here ./fhevm-cli up --target latest-main --scenario two-of-two

[Eikix]

use always()