zama-ai · eudelins-zama · Nov 19, 2025 · Nov 18, 2025 · Nov 19, 2025
@@ -89,11 +89,6 @@ jobs:
         run: |
           ./fhevm-cli test input-proof
 
-      - name: Public Decryption test
-        working-directory: test-suite/fhevm
-        run: |
-          ./fhevm-cli test public-decryption
-
       - name: User Decryption test
         working-directory: test-suite/fhevm
         run: |

@@ -157,11 +157,6 @@ jobs:
         run: |
           ./fhevm-cli test input-proof
 
-      - name: Public Decryption test
-        working-directory: test-suite/fhevm
-        run: |
-          timeout 5m ./fhevm-cli test public-decryption
-
       - name: User Decryption test
         working-directory: test-suite/fhevm
         run: |

@@ -5,6 +5,7 @@ This repository provides a docker based setup to locally run an integration of Z
 For overview of the system, architecture and details on individual components, refer to our [documentation](https://docs.zama.ai/fhevm).
 
 ## Main features
+
 KMS can be configured to two modes:
 
 - Centralized
@@ -23,10 +24,10 @@ KMS can be configured to two modes:
   - [Reporting Security Issues](#reporting-security-issues)
 - [Support](#support)
 
-
 ## Get started
 
 ### Quickstart
+
 The test suite offers a unified CLI for all operations:
 
 ```sh
@@ -40,7 +41,8 @@ cd test-suite/fhevm
 # Trivial
 ./fhevm-cli test user-decryption
 # Trivial
-./fhevm-cli test public-decryption
+./fhevm-cli test public-decrypt-http-mixed
+./fhevm-cli test public-decrypt-http-ebool
 ./fhevm-cli test erc20
 
 # Upgrade a specific service
@@ -68,14 +70,16 @@ Therefore, for external developers or anyone setting up the stack for the first
 ```
 
 This command instructs Docker Compose to:
+
 1.  Build the images locally using the `Dockerfile` and context specified in the respective `docker-compose/*.yml` files for each service. This process uses the source code available in your local checkout (or cloned sub-repositories).
 2.  Tag the newly built images with the versions specified in the `fhevm-cli` script.
 3.  Then, start the services using these freshly built local images.
 
 **Why `--build` is essential for external developers:**
-*   **Image Access:** Since pre-built images are private, `--build` allows you to construct the necessary images from the publicly available source code.
-*   **Local Modifications:** If you have made local changes to any of the Dockerfiles or the build context of a service (e.g., you've cloned one of the sub-repositories like `fhevm-contracts` or `fhevm-coprocessor` into the expected relative paths and made changes), `--build` ensures these changes are incorporated.
-*   **Ensuring Correct Setup:** It guarantees that you are running with images built directly from the provided source, eliminating discrepancies that could arise from attempting to pull non-existent or inaccessible public images.
+
+- **Image Access:** Since pre-built images are private, `--build` allows you to construct the necessary images from the publicly available source code.
+- **Local Modifications:** If you have made local changes to any of the Dockerfiles or the build context of a service (e.g., you've cloned one of the sub-repositories like `fhevm-contracts` or `fhevm-coprocessor` into the expected relative paths and made changes), `--build` ensures these changes are incorporated.
+- **Ensuring Correct Setup:** It guarantees that you are running with images built directly from the provided source, eliminating discrepancies that could arise from attempting to pull non-existent or inaccessible public images.
 
 🚧 **In summary:** Until public images are made available, external users should always use `./fhevm-cli deploy --build` to ensure a successful deployment.
 
@@ -90,6 +94,7 @@ This document outlines security best practices for the FHEVM project, particular
 Our repository contains example environment files `env/staging` that include sensitive values like private keys, mnemonics, and API keys. **These values are for testing purposes only** and should never be used in production environments.
 
 For production deployments:
+
 - **Do not** use the same keys, passwords, or mnemonics that appear in the example files
 - **Do not** commit actual production secrets to any repository
 - **Do** use a proper secrets management solution:
@@ -99,6 +104,7 @@ For production deployments:
   - Kubernetes Secrets (with proper encryption)
 
 Example of replacing sensitive data in production:
+
 ```bash
 # Replace test mnemonic with environment variable reference
 # TEST: MNEMONIC=coyote sketch defense hover finger envelope celery urge panther venue verb cheese
@@ -108,6 +114,7 @@ MNEMONIC=${PRODUCTION_MNEMONIC}
 # TEST: TX_SENDER_PRIVATE_KEY=0x8f82b3f482c19a95ac29c82cf048c076ed0de2530c64a73f2d2d7d1e64b5cc6e
 TX_SENDER_PRIVATE_KEY=${SECURE_PRIVATE_KEY}
 ```
+
 #### Development environment
 
 When developing locally:
@@ -117,8 +124,8 @@ When developing locally:
 - Consider using environment-specific configuration files (dev, staging, prod)
 - Use fake/test data for local development whenever possible
 
-
 #### Common sensitive data
+
 The following values should NEVER be committed to repositories:
 
 - Private keys
@@ -128,6 +135,7 @@ The following values should NEVER be committed to repositories:
 - JWT secrets
 
 ### Reporting security issues
+
 Please report security vulnerabilities to `[email protected]` rather than creating public issues.
 
 Include:
@@ -137,7 +145,6 @@ Include:
 - Potential impact
 - Suggested mitigation (if any)
 
-
 ## Support
 
 <a target="_blank" href="https://community.zama.ai">

@@ -1,45 +1,46 @@
 environment: development
 
-http_endpoint: "0.0.0.0:3000"
-
-transaction:
-  private_key_fhevm: FHEVM_PRIVATE_KEY
-  private_key_gateway: GATEWAY_PRIVATE_KEY
-  gas_limit: 150000
-  max_priority_fee: 2000000000
-  timeout_secs: 60
-  confirmations: 1
-  retry:
-    enabled: false
-    max_attempts: 3
-    base_delay_secs: 2
-    max_delay_secs: 60
-  ciphertext_check_retry:
-    enabled: false
-    max_attempts: 75
-    base_delay_secs: 3
-    max_delay_secs: 225
-
-metrics_endpoint: "0.0.0.0:9898"
-http_metrics:
-  histogram_buckets: [0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 40]
+gateway:
+  listener:
+    ws_reconnect_config:
+      max_attempts: 20
+      retry_interval_ms: 500
+  tx_engine:
+    private_key: GATEWAY_PRIVATE_KEY
+    max_concurrency: 100
+    retry:
+      max_attempts: 100
+      retry_interval_ms: 500
+  readiness_checker:
+    max_concurrency: 100
+    retry:
+      max_attempts: 30
+      # The time is treated as seconds in code, even the config name has _ms suffix.
+      # This will be fixed in next rc, until then treat the value as seconds.
+      retry_interval_ms: 2
 
+http:
+  endpoint: "0.0.0.0:3000"
+  rate_limit_post_endpoints:
+    requests_per_second: 30
+    burst_size: 30
+    retry_after_seconds: 5
+    jitter_max_ms: 2000
+  metrics:
+    histogram_buckets: [0, 0.5, 1, 1.25, 1.5, 1.75, 2, 2.5, 3, 3.5, 4, 5, 6, 7, 8, 10, 12, 14, 16, 18, 20, 25, 30]
 
 log:
-  # Log level should be set using RUST_LOG environment variable
-  # Choose format: compact, pretty, or json
-  format: "pretty"
-  # Show source code location for debugging
-  show_file_line: false
-  # Show thread IDs for concurrency debugging
+  format: "compact"
+  show_file_line: true
   show_thread_ids: false
-  # Include timestamps in logs
   show_timestamp: true
-  # Optional: Set specific log levels for different modules
+  show_target: true
+
+metrics:
+  endpoint: "0.0.0.0:9898"
 
-db_path_rocksdb: "./.database"
+storage:
+  db_path_rocksdb: "./.database"
 
-# Development-specific settings
 development:
-  # Enable for detailed error messages
-  verbose_errors: true
+  verbose_errors: true
@@ -10,11 +10,13 @@ CHAIN_ID_GATEWAY=54321
 # =============================================================================
 # IMPORTANT: For testing only - move to secure storage in production
 MNEMONIC=coyote sketch defense hover finger envelope celery urge panther venue verb cheese
-DEPLOYER_PRIVATE_KEY=0xe746bc71f6bee141a954e6a49bc9384d334e393a7ea1e70b50241cb2e78e9e4c # accounts[1]
-TX_SENDER_PRIVATE_KEY=0xcb97ef45d352446a6adf810cf8f63c73ada027160c271da9bb8cfcb3d944d257 # accounts[3] (relayer account)
+# accounts[1] - Gateway
+DEPLOYER_PRIVATE_KEY=0xe746bc71f6bee141a954e6a49bc9384d334e393a7ea1e70b50241cb2e78e9e4c
+# accounts[3] - Gateway (relayer account)
+TX_SENDER_PRIVATE_KEY=0xcb97ef45d352446a6adf810cf8f63c73ada027160c271da9bb8cfcb3d944d257
 
 # =============================================================================
-# EXPECTED MOCKED PAYMENT BRIDGING CONTRACT ADDRESSES 
+# EXPECTED MOCKED PAYMENT BRIDGING CONTRACT ADDRESSES
 # =============================================================================
 ZAMA_OFT_ADDRESS=0x5ffdaAB0373E62E2ea2944776209aEf29E631A64
 

@@ -6,10 +6,11 @@ RPC_URL=http://gateway-node:8546
 CHAIN_ID_GATEWAY=54321
 
 # =============================================================================
-# EXPECTED MOCKED PAYMENT BRIDGING CONTRACT ADDRESSES 
+# EXPECTED MOCKED PAYMENT BRIDGING CONTRACT ADDRESSES
 # =============================================================================
 ZAMA_OFT_ADDRESS=0x5ffdaAB0373E62E2ea2944776209aEf29E631A64
-FEES_SENDER_TO_BURNER_ADDRESS=0x0000111122223333444455556666777788889999 # (address) (can be anything except address(0))
+# (address) (can be anything except address(0))
+FEES_SENDER_TO_BURNER_ADDRESS=0x0000111122223333444455556666777788889999
 
 # =============================================================================
 # EXPECTED GATEWAY CONTRACT ADDRESSES
@@ -23,8 +24,10 @@ PAUSER_SET_ADDRESS=0xfd79448E3cf99F7838B4F19d94C0B5b2471Acfaf
 # =============================================================================
 # IMPORTANT: For testing only - move to secure storage in production
 MNEMONIC=coyote sketch defense hover finger envelope celery urge panther venue verb cheese
-DEPLOYER_ADDRESS=0xCf28E90D4A6dB23c34E1881aEF5fd9fF2e478634 # accounts[1]
-DEPLOYER_PRIVATE_KEY=0xe746bc71f6bee141a954e6a49bc9384d334e393a7ea1e70b50241cb2e78e9e4c # accounts[1]
+# accounts[1] - Gateway
+DEPLOYER_ADDRESS=0xCf28E90D4A6dB23c34E1881aEF5fd9fF2e478634
+# accounts[1] - Gateway
+DEPLOYER_PRIVATE_KEY=0xe746bc71f6bee141a954e6a49bc9384d334e393a7ea1e70b50241cb2e78e9e4c
 
 # =============================================================================
 # PROTOCOL CONFIGURATION
@@ -48,8 +51,8 @@ COPROCESSOR_THRESHOLD=1
 
 NUM_KMS_NODES=1
 
-# KMS Node 1
-KMS_TX_SENDER_ADDRESS_0=0x31de9c8ac5ecd5eaceddddee531e9bad8ac9c2a5 # account[0] (address)
+# KMS Node 1 (accounts[0] - Gateway)
+KMS_TX_SENDER_ADDRESS_0=0x31de9c8ac5ecd5eaceddddee531e9bad8ac9c2a5
 KMS_SIGNER_ADDRESS_0=0xb575E4834b183ad6bBD5Ff57d54D1dbc678fc870
 KMS_NODE_IP_ADDRESS_0=
 KMS_NODE_STORAGE_URL_0=http://minio:9000/kms-public
@@ -60,9 +63,9 @@ KMS_NODE_STORAGE_URL_0=http://minio:9000/kms-public
 NUM_COPROCESSORS=1
 
 # Coprocessor 1
-# Coprocessor addresses are the transaction senders' addresses
-COPROCESSOR_TX_SENDER_ADDRESS_0=0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD # accounts[5]
-COPROCESSOR_SIGNER_ADDRESS_0=0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD # accounts[5]
+# Coprocessor addresses are the transaction senders' addresses (accounts[5] - Gateway)
+COPROCESSOR_TX_SENDER_ADDRESS_0=0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD
+COPROCESSOR_SIGNER_ADDRESS_0=0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD
 COPROCESSOR_S3_BUCKET_URL_0=http://minio:9000/ct128
 
 # =============================================================================
@@ -71,9 +74,9 @@ COPROCESSOR_S3_BUCKET_URL_0=http://minio:9000/ct128
 NUM_CUSTODIANS=1
 
 # Custodian 1
-# Custodian addresses are the transaction senders' addresses
-CUSTODIAN_TX_SENDER_ADDRESS_0="0x6764Bf471F841dDdc804A03e97Cb76b135faA54c" # accounts[6]
-CUSTODIAN_SIGNER_ADDRESS_0="0x6764Bf471F841dDdc804A03e97Cb76b135faA54c" # accounts[6]
+# Custodian addresses are the transaction senders' addresses (accounts[6] - Gateway)
+CUSTODIAN_TX_SENDER_ADDRESS_0="0x6764Bf471F841dDdc804A03e97Cb76b135faA54c"
+CUSTODIAN_SIGNER_ADDRESS_0="0x6764Bf471F841dDdc804A03e97Cb76b135faA54c"
 CUSTODIAN_ENCRYPTION_KEY_0="0xea8b8b710d770493a41b588808ea8e09d986561f73d523227718233f3b4742de793f18a9885136a9e7054b00ba0050a17f0c7d1bf180aaff5ece0fa3343afb1b"
 
 # =============================================================================
@@ -93,13 +96,16 @@ HOST_CHAIN_WEBSITE_0=
 # =============================================================================
 NUM_PAUSERS="1"
 
-# Pauser 1
-PAUSER_ADDRESS_0="0x34B344B40eA9Ef21Da5653468a072780d19B1fa4" # accounts[7] (address)
+# Pauser 1 (accounts[7] - Gateway)
+PAUSER_ADDRESS_0="0x34B344B40eA9Ef21Da5653468a072780d19B1fa4"
 
 # =============================================================================
 # ProtocolPayment
 # =============================================================================
 # The prices are in $ZAMA base unit (using 18 decimals)
-INPUT_VERIFICATION_PRICE="10000000000000000000" # (uint256, 10 $ZAMA)
-PUBLIC_DECRYPTION_PRICE="10000000000000000000"  # (uint256, 10 $ZAMA)
-USER_DECRYPTION_PRICE="1000000000000000000" # (uint256, 1 $ZAMA)
+# (uint256, 10 $ZAMA)
+INPUT_VERIFICATION_PRICE="10000000000000000000"
+# (uint256, 1 $ZAMA)
+PUBLIC_DECRYPTION_PRICE="1000000000000000000"
+# (uint256, 1 $ZAMA)
+USER_DECRYPTION_PRICE="1000000000000000000"
@@ -11,7 +11,8 @@ PAUSER_SET_CONTRACT_ADDRESS=0x52054F36036811ca418be59e41Fc6DD1b9e4F4c8
 # =============================================================================
 # IMPORTANT: For testing only - move to secure storage in production
 MNEMONIC=adapt mosquito move limb mobile illegal tree voyage juice mosquito burger raise father hope layer
-DEPLOYER_PRIVATE_KEY=2d24c36c57e6bfbf90c43173481cc00edcbd1a3922de5e5fdb9aba5fc4e0fafd # accounts[9] - Host
+# accounts[9] - Host
+DEPLOYER_PRIVATE_KEY=2d24c36c57e6bfbf90c43173481cc00edcbd1a3922de5e5fdb9aba5fc4e0fafd
 
 # =============================================================================
 # CONTRACT ADDRESSES
@@ -41,5 +42,5 @@ COPROCESSOR_SIGNER_ADDRESS_0=0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD
 # =============================================================================
 NUM_PAUSERS="1"
 
-# Pauser 1
-PAUSER_ADDRESS_0="0xa44366bAA26296c1409AD1e284264212029F02f1" # accounts[2] (address)
+# Pauser 1 (accounts[2] - Host)
+PAUSER_ADDRESS_0="0xa44366bAA26296c1409AD1e284264212029F02f1"
@@ -2,35 +2,23 @@
 # WALLET CONFIGURATION - SENSITIVE
 # =============================================================================
 # IMPORTANT: For testing only - move to secure storage in production
-APP_TRANSACTION__PRIVATE_KEY_FHEVM=0x2e014a0b381171ae1ec813ccb82e1d9fed7e6cf2d860844e43e4ac072bf0e50a # accounts[3] - gateway
-APP_TRANSACTION__PRIVATE_KEY_GATEWAY=0xcb97ef45d352446a6adf810cf8f63c73ada027160c271da9bb8cfcb3d944d257 # accounts[3] - gateway
-
+# accounts[3] - Gateway
+APP_GATEWAY__TX_ENGINE__PRIVATE_KEY=0xcb97ef45d352446a6adf810cf8f63c73ada027160c271da9bb8cfcb3d944d257
 
 # Key URL configuration
 APP_KEYURL__FHE_PUBLIC_KEY__DATA_ID="fhe-public-key-data-id"
 APP_KEYURL__FHE_PUBLIC_KEY__URL=http://minio:9000/kms-public/PUB/PublicKey/0400000000000000000000000000000000000000000000000000000000000001
 APP_KEYURL__CRS__DATA_ID="crs-data-id"
 APP_KEYURL__CRS__URL=http://minio:9000/kms-public/PUB/CRS/0500000000000000000000000000000000000000000000000000000000000001
 
-
 # Network configuration
-APP_NETWORKS__FHEVM__WS_URL="ws://host-node:8545"
-APP_NETWORKS__FHEVM__HTTP_URL="http://host-node:8545"
-APP_NETWORKS__FHEVM__CHAIN_ID=12345
-APP_NETWORKS__FHEVM__RETRY_DELAY=1000
-APP_NETWORKS__FHEVM__MAX_RECONNECTION_ATTEMPTS=3
-
-APP_NETWORKS__GATEWAY__WS_URL="ws://gateway-node:8546"
-APP_NETWORKS__GATEWAY__HTTP_URL="http://gateway-node:8546"
-APP_NETWORKS__GATEWAY__CHAIN_ID=54321
-APP_NETWORKS__GATEWAY__RETRY_DELAY=1000
-APP_NETWORKS__GATEWAY__MAX_RECONNECTION_ATTEMPTS=3
-
+APP_GATEWAY__BLOCKCHAIN_RPC__WS_URL="ws://gateway-node:8546"
+APP_GATEWAY__BLOCKCHAIN_RPC__HTTP_URL="http://gateway-node:8546"
+APP_GATEWAY__BLOCKCHAIN_RPC__CHAIN_ID=54321
 
 # Contract addresses
-APP_CONTRACTS__DECRYPTION_ORACLE_ADDRESS=0xD0fA6194Db6cfCDF733c64F1F272AeA66e968D3C
-APP_CONTRACTS__DECRYPTION_ADDRESS=0x35760912360E875DA50D40a74305575c23D55783
-APP_CONTRACTS__INPUT_VERIFICATION_ADDRESS=0x1ceFA8E3F3271358218B52c33929Cf76078004c1
-APP_CONTRACTS__USER_DECRYPT_SHARES_THRESHOLD=1
+APP_GATEWAY__CONTRACTS__DECRYPTION_ADDRESS=0x35760912360E875DA50D40a74305575c23D55783
+APP_GATEWAY__CONTRACTS__INPUT_VERIFICATION_ADDRESS=0x1ceFA8E3F3271358218B52c33929Cf76078004c1
+APP_GATEWAY__CONTRACTS__USER_DECRYPT_SHARES_THRESHOLD=1
 
 RUST_LOG=info
@@ -37,7 +37,7 @@ export HOST_VERSION=${HOST_VERSION:-"v0.10.0-3"}
 
 # Other services.
 export CORE_VERSION=${CORE_VERSION:-"v0.12.4"}
-export RELAYER_VERSION=${RELAYER_VERSION:-"v0.5.0-2"}
+export RELAYER_VERSION=${RELAYER_VERSION:-"v0.6.0"}
 export TEST_SUITE_VERSION=${TEST_SUITE_VERSION:-"ca47672"}
 
 
@@ -75,7 +75,8 @@ function usage {
   echo -e "  ${PURPLE}./fhevm-cli deploy --build${RESET}"
   echo -e "  ${PURPLE}./fhevm-cli test input-proof${RESET}"
   echo -e "  ${PURPLE}./fhevm-cli test user-decryption ${RESET}"
-  echo -e "  ${PURPLE}./fhevm-cli test public-decryption -n staging${RESET}"
+  echo -e "  ${PURPLE}./fhevm-cli test public-decrypt-http-ebool ${RESET}"
+  echo -e "  ${PURPLE}./fhevm-cli test public-decrypt-http-mixed -n staging${RESET}"
   echo -e "  ${PURPLE}./fhevm-cli test erc20${RESET}"
   echo -e "  ${PURPLE}./fhevm-cli upgrade coprocessor${RESET}"
   echo -e "${BLUE}============================================================${RESET}"