feat(host-contracts): add decryption signature invalidation to ACL

[obatirou]

Closes https://github.com/zama-ai/fhevm-internal/issues/1304

[PanGan21]

Will the kms-connector side be updated in another pr? Other than this I think it is lgtm!

[obatirou]

Will the kms-connector side be updated in another pr? Other than this I think it is lgtm!

Yes, there is an on-going KMS connector PR that will fix those test
We can ignore them for now

[maksymsur]

@claude /pr-review

[Copilot]

Pull request overview

This PR adds an on-chain mechanism in ACL for users to invalidate previously issued decryption signatures (by setting a per-account “invalidated before” timestamp), and updates the surrounding ecosystem (tests, selectors docs, and Rust bindings) to reflect the new ACL version and event surface.

Changes:

• Add invalidateDecryptionSignaturesBefore(uint256) plus decryptionSignatureInvalidatedBefore(address) storage/getter and corresponding DecryptionSignaturesInvalidated event + custom errors to ACL.
• Bump ACL/reinitializer versions and update upgrade/version assertions in Hardhat + Foundry tests (and example upgraded ACL contracts).
• Update generated/interface artifacts (Rust event bindings, selector docs) to include the new event/selectors.

Reviewed changes

Copilot reviewed 10 out of 12 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
host-contracts/contracts/ACL.sol	Adds invalidation timestamp storage, setter/getter, errors; bumps ACL minor + reinitializer and renames reinitializer entrypoint.
host-contracts/contracts/ACLEvents.sol	Adds DecryptionSignaturesInvalidated event definition and NatSpec.
host-contracts/docs/contract_selectors.txt	Documents new ACL function selectors, event signature hash, and new error selectors; updates reinitializer function name/selector.
host-contracts/test/acl/acl.t.sol	Adds Foundry tests covering invalidation defaulting/monotonicity/future timestamps/paused behavior/denied accounts; refactors _allowHandle helper.
host-contracts/test/upgrades/upgrades.ts	Updates expected getVersion() strings across proxy upgrade test flow.
host-contracts/test/fhevm-foundry/TestHostContractsDeployerTestUtils.t.sol	Updates expected deployed ACL version string in deployer utility test.
host-contracts/test/coprocessorUtils.ts	Clarifies operator precedence for shift operations when deriving plaintext from events.
host-contracts/examples/ACLUpgradedExample.sol	Bumps example upgraded ACL version to v0.5.0.
host-contracts/examples/ACLUpgradedExample2.sol	Bumps example upgraded ACL version to v0.6.0.
host-contracts/rust_bindings/src/acl_events.rs	Extends Rust event bindings/interface to include DecryptionSignaturesInvalidated.
host-contracts/rust_bindings/Cargo.lock	Adds lockfile for the Rust bindings crate dependencies (for reproducible builds).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[maksymsur]

LGTM as well!