refactor(test-suite): replace fhevm bash cli with lean Bun TS

[Eikix]

Closes https://github.com/zama-ai/fhevm-internal/issues/1042

Supersedes #2066.

#2066 keeps the iteration history and design exploration. This PR is the same final direction with a clean atomic history for review.

Summary

Replace the legacy test-suite/fhevm/fhevm-cli bash flow with a lean Bun/TypeScript CLI.

The new CLI makes target resolution, runtime generation, scenarios, local overrides, resume, upgrade, and test execution explicit instead of spreading that behavior across bash scripts and CI glue.

What changed

• replace the bash CLI/runtime scripts with a Bun/TS implementation under test-suite/fhevm/src
• move tracked runtime inputs into clearer buckets:
  • docker-compose/
  • templates/
  • static/
  • profiles/
  • scenarios/
• keep generated runtime state under .fhevm/ with a hard split between:
  • .fhevm/state
  • .fhevm/runtime
• support explicit targets:
  • latest-supported
  • latest-main
  • sha --sha <git-sha>
  • devnet
  • testnet
  • mainnet
• support local overrides and scenario-driven coprocessor topologies
• keep deploy as an alias for up
• replace doctor with up --dry-run

CI contract

• direct PR e2e boots latest-main --build with the checked-in two-of-two scenario
• PR e2e now runs the bundled ./fhevm-cli test light suite instead of copying those steps in YAML
• orchestrated merge-queue/release validation calls the reusable e2e workflow with build=false
• the reusable e2e workflow is explicitly told when it is running in orchestrated mode
• the workflow now also gates the CLI itself with:
  • bun run check
  • bun test src

Validation

Verified locally on this branch:

• cd test-suite/fhevm && bun run check
• cd test-suite/fhevm && bun test src
• focused live-stack and CI-path validation during the original review cycle

Notes

• latest-supported is now a tracked maintained profile
• latest-main is the moving baseline for local and PR validation
• two-of-two is the canonical checked-in multicopro scenario preset

[github-actions]

Changed Lines Coverage

Coverage of added/modified lines: N/A

Per-file breakdown

Diff Coverage

Diff: origin/main...HEAD, staged and unstaged changes

No lines with coverage information in this diff.

[Eikix]

[AUTOMATED]

Code Review Summary

Reviewed for bugs, guideline compliance, and error handling across all 39 changed files.

Findings

Category	Count	Severity
Bug	1	High — CI correctness
Naming (guideline)	3	Nit
Error handling	3	Medium

The BUILD env var issue in the e2e workflow is the most impactful finding — it causes unnecessary image rebuilds in the orchestrated CI path. The naming and error handling items are non-blocking improvement suggestions.

Overall the PR is well-structured: the compose path migration is consistent, the CI consolidation is clean, and the documentation is thorough.

[Eikix]

[AUTOMATED]

Code Review

Reviewed for bugs, security issues, guideline compliance, and error handling.

Result: 1 issue found (error handling). No bugs or security issues detected.

The CLI is well-structured with thorough input validation, proper async/await patterns, correct shell escaping for sh -lc commands, and a solid typed error hierarchy. The 15-step boot pipeline, state persistence, and resume logic all look correct.

[Eikix]

Mob review comment: print each version of the stack at start

[Eikix]

[AUTOMATED]

Code Review

Reviewed for bugs (2 independent passes), guideline compliance, and error handling.

Bugs: None found. Shell commands use Bun.spawn with argv arrays (no shell injection). SQL uses validated numeric chain IDs and sqlLiteral() escaping. State writes use atomic tmp+rename. Async/await patterns are correct.

Guideline issues: 4 naming nits (abbreviations vs CLAUDE.md naming convention).

Error handling: 3 observability gaps in teardown, cache validation, and container probe paths.

Overall this is solid, well-structured code. No blocking issues.

[tawadaa]

LGTM, excellent work, thanks!

[Eikix]

[AUTOMATED]

Code Review — PR #2134

Reviewed for bugs, guideline compliance, and error handling.

Summary

• 1 bug in multi-chain resume logic (phantom container names cause unnecessary re-runs)
• 1 guideline note about the multi-pass env interpolation engine
• 4 error handling issues where silent .catch(() => undefined) or bare catch {} swallow diagnostics

Overall this is a strong, well-structured rewrite. The issues below are all fixable without major refactoring.

[Eikix]

@Mergifyio queue

[Eikix]

@Mergifyio refresh

[mergify]

queue

☑️ Command queue ignored because it is already running from a previous command.

[mergify]

refresh

✅ Pull request refreshed

[Eikix]

@Mergifyio dequeue

[Eikix]

@Mergifyio queue

[Eikix]

@Mergifyio queue

[mergify]

queue

☑️ Command queue ignored because it is already running from a previous command.

[mergify]

Merge Queue Status

• 🟠 Waiting for queue conditions
• ⏳ Enter queue
• ⏳ Run checks
• ⏳ Merge

Required conditions to enter a queue

• -closed [📌 queue requirement]
• -conflict [📌 queue requirement]
• -draft [📌 queue requirement]
• any of [📌 queue -> configuration change requirements]:
  • -mergify-configuration-changed
  • check-success = Configuration changed
• any of [🔀 queue conditions]:
  • all of [📌 queue conditions of queue rule main]:
    • #approved-reviews-by >= 1 [🛡 GitHub branch protection]
    • #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
    • #review-threads-unresolved = 0 [🛡 GitHub branch protection]
    • base = main
    • branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
    • label!=do-not-merge
    • any of [🛡 GitHub branch protection]:
      • check-success = common-pull-request/lint (bpr)
      • check-neutral = common-pull-request/lint (bpr)
      • check-skipped = common-pull-request/lint (bpr)
    • any of [🛡 GitHub branch protection]:
      • check-success = coprocessor-cargo-test/cargo-tests (bpr)
      • check-neutral = coprocessor-cargo-test/cargo-tests (bpr)
      • check-skipped = coprocessor-cargo-test/cargo-tests (bpr)
    • any of [🛡 GitHub branch protection]:
      • check-success = coprocessor-dependency-analysis/dependencies-check (bpr)
      • check-neutral = coprocessor-dependency-analysis/dependencies-check (bpr)
      • check-skipped = coprocessor-dependency-analysis/dependencies-check (bpr)
    • any of [🛡 GitHub branch protection]:
      • check-skipped = gateway-contracts-deployment-tests/sc-deploy (bpr)
      • check-neutral = gateway-contracts-deployment-tests/sc-deploy (bpr)
      • check-success = gateway-contracts-deployment-tests/sc-deploy (bpr)
    • any of [🛡 GitHub branch protection]:
      • check-skipped = kms-connector-tests/test-connector (bpr)
      • check-neutral = kms-connector-tests/test-connector (bpr)
      • check-success = kms-connector-tests/test-connector (bpr)

[Eikix]

@Mergifyio queue

[mergify]

queue

☑️ Command queue ignored because it is already running from a previous command.

[eudelins-zama]

@Mergifyio refresh

[mergify]

refresh

✅ Pull request refreshed

[eudelins-zama]

@Mergifyio refresh

[mergify]

refresh

✅ Pull request refreshed

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-04-02 18:48 UTC · Rule: main
• ✅ Checks passed · on draft merge queue: embarking main (e3a355c) and #2134 together #2241
• ✅ Merged — 2026-04-02 21:04 UTC · at 366fba768b0c8483b6c8701178cb5ab0909e5a28

This pull request spent 2 hours 15 minutes 54 seconds in the queue, including 1 hour 14 minutes 48 seconds running CI.

Required conditions to merge

• #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • refactor(test-suite): replace fhevm bash cli with lean Bun TS #2134
• #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • refactor(test-suite): replace fhevm bash cli with lean Bun TS #2134
• #review-threads-unresolved = 0 [🛡 GitHub branch protection]
  • refactor(test-suite): replace fhevm bash cli with lean Bun TS #2134
• branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
  • refactor(test-suite): replace fhevm bash cli with lean Bun TS #2134
• check-success = run-e2e-tests / fhevm-e2e-test
• any of [🛡 GitHub branch protection]:
  • check-success = common-pull-request/lint (bpr)
  • check-neutral = common-pull-request/lint (bpr)
  • check-skipped = common-pull-request/lint (bpr)
• any of [🛡 GitHub branch protection]:
  • check-success = coprocessor-cargo-test/cargo-tests (bpr)
  • check-neutral = coprocessor-cargo-test/cargo-tests (bpr)
  • check-skipped = coprocessor-cargo-test/cargo-tests (bpr)
• any of [🛡 GitHub branch protection]:
  • check-success = coprocessor-dependency-analysis/dependencies-check (bpr)
  • check-neutral = coprocessor-dependency-analysis/dependencies-check (bpr)
  • check-skipped = coprocessor-dependency-analysis/dependencies-check (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = gateway-contracts-deployment-tests/sc-deploy (bpr)
  • check-neutral = gateway-contracts-deployment-tests/sc-deploy (bpr)
  • check-success = gateway-contracts-deployment-tests/sc-deploy (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = kms-connector-tests/test-connector (bpr)
  • check-neutral = kms-connector-tests/test-connector (bpr)
  • check-success = kms-connector-tests/test-connector (bpr)