refactor(test-suite): refactor negative ACL e2e tests into consistent pattern

[zmalatrax]

Closes https://github.com/zama-ai/fhevm-internal/issues/1152

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for e427987.

🟢 All jobs passed!

But CI Insights is watching 👀

[eudelins-zama]

@claude /pr-review

[claude]

Claude finished @eudelins-zama's request. — View run

[claude]

[AUTOMATED]

Code Review

PR: refactor(test-suite): refactor negative ACL e2e tests into consistent pattern

Summary

This PR refactors negative (failure-path) ACL e2e tests across 4 test files into a consistent describe('negative', ...) pattern, adds a negative-acl test type to the CLI, and adds a corresponding CI workflow step. The changes are well-structured and maintain test correctness.

Review Results

Agent	Focus	Findings
Bug Hunter (×2)	Bugs & security	✅ No issues found
Guideline Compliance	Convention adherence	✅ No violations found
Error Handling Auditor	Silent failures	✅ No issues found

Analysis Highlights

Grep pattern safety (-g "negative"): Verified that the Mocha grep pattern "negative" used by the new negative-acl test type will only match the four newly introduced describe('negative', ...) blocks. No existing test names in the e2e suite contain the substring "negative", so there is no risk of accidentally running unintended tests.

Test state preservation: Each extracted negative test properly sets up its own state or correctly relies on the shared before/beforeEach hooks from the parent describe block. Specifically:

• EncryptedERC20.ts: The new standalone test correctly replicates the mint + transfer setup from the original positive test
• userDecryption.ts: All four extracted tests re-obtain handles and generate fresh keypairs; shared contract state from the before hook is sufficient
• delegatedUserDecryption.ts: Pure structural wrap with no logic changes
• httpPublicDecrypt.ts: The xBool → xUint8 change is functionally equivalent for testing ACL rejection

Error handling in tests: The try/catch patterns used in negative tests are safe — expect.fail() throws AssertionError with messages that would never match the specific error strings being asserted in catch blocks.

No issues found. Checked for bugs, guideline compliance, and error handling.

[claude]

The review has been posted. Here's a summary:

---

Code Review Summary — PR #2101

PR: refactor(test-suite): refactor negative ACL e2e tests into consistent pattern

Verdict: ✅ Approved

All four specialized review agents (2× Bug Hunter, Guideline Compliance, Error Handling Auditor) found no issues meeting the high-confidence threshold (≥80/100).

Key Points Verified

1. Grep pattern safety — The -g "negative" Mocha grep pattern will only match the four newly introduced describe('negative', ...) blocks. No existing tests contain "negative" in their names.

2. Test state preservation — Each extracted negative test correctly sets up its own state or properly relies on shared before/beforeEach hooks. No test logic was lost in the refactoring.

3. xBool → xUint8 change — Functionally equivalent for testing ACL rejection (the FHE type is irrelevant to the public-decryption ACL check).

4. Error handling patterns — The try/catch blocks in negative tests are safe and cannot accidentally swallow test framework assertion failures.

[eudelins-zama]

LGTM

[zmalatrax]

@mergify queue

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-03-16 08:33 UTC · Rule: main
• ✅ Checks passed · on draft merge queue: embarking main (cc70478) and #2101 together #2116
• ✅ Merged — 2026-03-16 10:08 UTC · at e427987a74b796846a952e1cf3eee1e6b85941a3

This pull request spent 1 hour 34 minutes 56 seconds in the queue, including 34 minutes 44 seconds running CI.

Required conditions to merge

• #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • refactor(test-suite): refactor negative ACL e2e tests into consistent pattern #2101
• #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • refactor(test-suite): refactor negative ACL e2e tests into consistent pattern #2101
• #review-threads-unresolved = 0 [🛡 GitHub branch protection]
  • refactor(test-suite): refactor negative ACL e2e tests into consistent pattern #2101
• branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
  • refactor(test-suite): refactor negative ACL e2e tests into consistent pattern #2101
• check-success = run-e2e-tests / fhevm-e2e-test
• any of [🛡 GitHub branch protection]:
  • check-success = common-pull-request/lint (bpr)
  • check-neutral = common-pull-request/lint (bpr)
  • check-skipped = common-pull-request/lint (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = coprocessor-cargo-listener-tests/cargo-tests (bpr)
  • check-neutral = coprocessor-cargo-listener-tests/cargo-tests (bpr)
  • check-success = coprocessor-cargo-listener-tests/cargo-tests (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = coprocessor-cargo-test/cargo-tests (bpr)
  • check-neutral = coprocessor-cargo-test/cargo-tests (bpr)
  • check-success = coprocessor-cargo-test/cargo-tests (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = coprocessor-dependency-analysis/dependencies-check (bpr)
  • check-neutral = coprocessor-dependency-analysis/dependencies-check (bpr)
  • check-success = coprocessor-dependency-analysis/dependencies-check (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = gateway-contracts-deployment-tests/sc-deploy (bpr)
  • check-neutral = gateway-contracts-deployment-tests/sc-deploy (bpr)
  • check-success = gateway-contracts-deployment-tests/sc-deploy (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = kms-connector-tests/test-connector (bpr)
  • check-neutral = kms-connector-tests/test-connector (bpr)
  • check-success = kms-connector-tests/test-connector (bpr)