Properly test FLE with crypt_shared

[comandeo-mongo]

When MONGO_RUBY_DRIVER_CRYPT_SHARED_LIB_PATH is set, the driver correctly skips creating a mongocryptd_client in favour of crypt_shared, but several tests assumed mongocryptd_client would always be non-nil, and others triggered an "An existing crypt_shared library is loaded by the application" error from libmongocrypt when multiple handles loaded the library via different mechanisms in the same process.

To fix this, tests that must exercise the mongocryptd path are now wrapped in without_crypt_shared_lib_path, which both prevents the nil-client crashes and eliminates the conflicting load attempts by ensuring those handles never call setopt_set_crypt_shared_lib_path_override at all.

The auto_encryption_reconnect_spec receives a top-level around hook for this; the two broken assertions in client_construction_spec are separately guarded or made nil-safe with .compact.

A new FLE=mongocryptd Evergreen configuration is also introduced that loads libmongocrypt via the helper gem but skips downloading crypt_shared, giving explicit CI coverage of the mongocryptd path without duplicating the full test matrix.

[Copilot]

Pull request overview

This PR updates the CSFLE test suite to correctly handle environments where crypt_shared is used (via MONGO_RUBY_DRIVER_CRYPT_SHARED_LIB_PATH), and introduces explicit CI coverage for the mongocryptd-only backend to prevent regressions.

Changes:

• Add a disable_crypt_shared_lib_search option to Mongo::Crypt::Handle (wired through AutoEncrypter) and update spec helpers to avoid libmongocrypt conflicting-load errors in a shared process.
• Adjust specs that assume mongocryptd_client is always present: wrap mongocryptd-only specs in without_crypt_shared_lib_path, guard assertions, and nil-safe arrays.
• Add an Evergreen FLE=mongocryptd axis/buildvariant and update Gemfile/test runner logic to support it.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
spec/support/utils.rb	Ensures consistent crypt_shared loading mechanism or suppresses $SYSTEM search in specific test contexts.
spec/support/spec_config.rb	Adds suppress_crypt_shared_lib_search? to signal when to disable crypt_shared $SYSTEM search.
spec/support/crypt.rb	Updates shared FLE helper extra options to avoid conflicting crypt_shared load paths.
spec/mongo/client_construction_spec.rb	Makes client construction specs robust to crypt_shared vs mongocryptd behavior differences.
spec/integration/client_side_encryption/data_key_spec.rb	Broadens error expectation to accommodate crypt_shared error class differences.
spec/integration/client_side_encryption/bypass_mongocryptd_spawn_spec.rb	Forces mongocryptd path by disabling crypt_shared $SYSTEM search.
spec/integration/client_side_encryption/auto_encryption_reconnect_spec.rb	Wraps reconnect tests to explicitly exercise mongocryptd-only behavior.
spec/integration/client_side_encryption/auto_encryption_mongocryptd_spawn_spec.rb	Prevents crypt_shared $SYSTEM search to avoid cross-spec load conflicts.
lib/mongo/crypt/handle.rb	Implements disable_crypt_shared_lib_search behavior in handle initialization.
lib/mongo/crypt/auto_encrypter.rb	Passes disable_crypt_shared_lib_search from extra_options into the handle.
gemfiles/standard.rb	Enables libmongocrypt-helper gem for both FLE=helper and FLE=mongocryptd.
.evergreen/run-tests.sh	Skips crypt_shared download for mongocryptd-only config and changes cmake install condition.
.evergreen/config/standard.yml.erb	Adds fle-mongocryptd buildvariant matrix entry.
.evergreen/config/axes.yml.erb	Adds mongocryptd value to the fle axis.
.evergreen/config.yml	Mirrors new fle axis value and adds the fle-mongocryptd buildvariant.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.