fhevm-acl-lifecycle
FHE ACL Lifecycle
Use this skill when writing, reviewing, or debugging any contract that touches encrypted values on FHEVM. Every encrypted value is a handle managed by the coprocessor, and every handle has its own independent ACL. If you do not manage ACLs deliberately, your encrypted results become unusable.
When To Use
- Writing a contract that performs FHE operations (add, sub, mul, select, comparisons)
- Reviewing whether a contract correctly propagates ACL access after computations
- Debugging "handle not accessible" or decryption failures
- Designing inter-contract flows where encrypted handles cross contract boundaries
- Auditing whether users can actually decrypt values the contract claims to expose
Core Mental Model
Every FHE operation returns a NEW handle. Prior persistent ACL permissions do NOT transfer from input handles to the output handle. The current caller gets transient access to the fresh result
More from z-korp/fhevm-cookbook
fhevm-router
Routes Zama FHEVM tasks to the right official docs path and next step
11fhevm-testing
Use when writing, structuring, or debugging tests for FHEVM contracts. Covers mocked mode vs real protocol, Hardhat decrypt helpers, input encryption in tests, and the false-confidence gap between local and testnet behavior.
11fhevm-control-flow
Use when replacing if/else, require, or any conditional logic that depends on encrypted values in FHEVM. Covers FHE.select as the inline branching primitive, fallback semantics on encrypted conditions, and async public decryption when logic must branch back to plaintext state.
11oz-utils-safemath
Use when you need overflow-safe encrypted arithmetic on euint64 values. Covers the OpenZeppelin FHESafeMath library (tryIncrease, tryDecrease, tryAdd, trySub), uninitialized-handle semantics, and when to prefer it over raw FHE.add / FHE.sub.
11fhevm-public-decryption
Use when implementing two-step public decryption for state-changing operations in FHEVM. Covers makePubliclyDecryptable, off-chain proof retrieval, onchain verification with checkSignatures, and the critical single-step unwrap bug.
11fhevm-cross-contract
Use when passing encrypted handles between contracts, designing multi-contract FHE flows, or debugging handle-not-accessible errors at contract boundaries. Covers allowTransient, allow, permission chains, and factory patterns.
11