chore(kms-connector): enforce acl check

[eudelins-zama]

Closes https://github.com/zama-ai/fhevm-internal/issues/916

[eudelins-zama]

@claude /pr-review

[claude]

Claude finished @eudelins-zama's task in 3m 45s —— View job

---

PR Review Complete

• Pre-review validation
• Gather context (PR summary, guidelines)
• Run parallel review agents
• Validate findings
• Post final review

---

Code Review

No blocking issues found. This PR implements a security hardening change that makes ACL checks mandatory for user decryptions.

Summary of Changes

File	Change
processor.rs	Enforce mandatory ACL check for user decryption (previously skippable with warning)
processor.rs	Remove unused warn import
Cargo.toml	Version bump 0.10.0 → 0.12.0
Cargo.lock	Lockfile updates

Analysis

Security Improvement ✅

• Previously, if tx_hash was missing, the ACL check was skipped with only a warning
• Now, missing tx_hash results in an Irrecoverable error, failing the request properly
• This closes the tracked issue #916

Error Handling ✅

• The ProcessingError::Irrecoverable type is appropriate since a missing tx_hash cannot be fixed by retrying
• The error is properly logged via the existing error handling at line 63
• Events are correctly marked as failed in the database

Code Quality ✅

• Follows existing codebase patterns for ok_or_else() usage
• Error message is clear and actionable
• Unused warn import properly removed

Minor Observation

Nit: Version skips from 0.10.0 to 0.12.0, bypassing 0.11.0. This doesn't block the PR but is worth noting for release tracking purposes.

Deployment Consideration

⚠️ Breaking Change: Any existing user_decryption_requests in production databases with NULL tx_hash values will fail permanently after this update. This is the intended behavior per issue #916, but operators should be aware during upgrades.

---

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for c5b6a2b.

🟢 All jobs passed!

But CI Insights is watching 👀

[maksymsur]

LGTM!

[eudelins-zama]

@Mergifyio queue

[mergify]

queue

✅ The pull request has been merged automatically

Details

The pull request has been merged automatically at 22f7d0f

[mergify]

Merge Queue Status

Rule: main

---

• ✅ Entered queue — 2026-02-09 13:45 UTC
• ✅ Checks passed · on draft merge queue: embarking main (5fa5b7c) and [#1928 + #1944] together #1948
• ✅ Merged — 2026-02-09 16:21 UTC · at c5b6a2b0c1dba94f96ba5bf59910cb4314ebda3d

This pull request spent 2 hours 36 minutes 31 seconds in the queue, including 9 hours 54 minutes 56 seconds running CI.

Required conditions to merge

• #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • fix(coprocessor): make ciphertext compression fallible #1928
  • chore(kms-connector): enforce acl check #1944
• #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • fix(coprocessor): make ciphertext compression fallible #1928
  • chore(kms-connector): enforce acl check #1944
• #review-threads-unresolved = 0 [🛡 GitHub branch protection]
  • fix(coprocessor): make ciphertext compression fallible #1928
  • chore(kms-connector): enforce acl check #1944
• branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
  • fix(coprocessor): make ciphertext compression fallible #1928
  • chore(kms-connector): enforce acl check #1944
• check-success = run-e2e-tests / fhevm-e2e-test
• any of [🛡 GitHub branch protection]:
  • check-success = common-pull-request/lint (bpr)
  • check-neutral = common-pull-request/lint (bpr)
  • check-skipped = common-pull-request/lint (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = coprocessor-cargo-listener-tests/cargo-tests (bpr)
  • check-neutral = coprocessor-cargo-listener-tests/cargo-tests (bpr)
  • check-success = coprocessor-cargo-listener-tests/cargo-tests (bpr)
• any of [🛡 GitHub branch protection]:
  • check-success = coprocessor-cargo-test/cargo-tests (bpr)
  • check-neutral = coprocessor-cargo-test/cargo-tests (bpr)
  • check-skipped = coprocessor-cargo-test/cargo-tests (bpr)
• any of [🛡 GitHub branch protection]:
  • check-success = coprocessor-dependency-analysis/dependencies-check (bpr)
  • check-neutral = coprocessor-dependency-analysis/dependencies-check (bpr)
  • check-skipped = coprocessor-dependency-analysis/dependencies-check (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = gateway-contracts-deployment-tests/sc-deploy (bpr)
  • check-neutral = gateway-contracts-deployment-tests/sc-deploy (bpr)
  • check-success = gateway-contracts-deployment-tests/sc-deploy (bpr)
• any of [🛡 GitHub branch protection]:
  • check-success = kms-connector-tests/test-connector (bpr)
  • check-neutral = kms-connector-tests/test-connector (bpr)
  • check-skipped = kms-connector-tests/test-connector (bpr)