fix(security): remove storekey=insecure encryption bypass

[bbopen]

Summary

• Removes the storekey=insecure option that bypassed encryption
• All data is now encrypted by default
• Tests updated to verify rejection or use proper encryption

Changes

• ensureKeyFromUrl() returns error for storekey=insecure
• keyedCryptoFactory() throws for storekey=insecure
• Removed unused noCrypto and nullCodec classes
• Updated tests to use behavior-based assertions instead of exact CID checks

Test plan

• Tests verify insecure mode is rejected with helpful error
• Existing tests updated to use encryption
• pnpm format passes
• pnpm lint passes
• pnpm test passes (128 files, 1775 tests)
• pnpm build passes

Breaking Change

The storekey=insecure URL parameter is no longer supported. Remove it from any URLs to use automatic key generation.

Fixes ROBUST-03

Summary by CodeRabbit

• Bug Fixes
  • Enforced encryption requirement by rejecting unencrypted storage configuration. The system now rejects attempts to use unencrypted data storage and requires all data to be encrypted, returning a clear error message when unencrypted storage is requested.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR enforces data encryption by rejecting storekey=insecure mode across the codebase. A new ensureKeyFromUrl() method in KeyBag validates keys and explicitly rejects insecure configurations. The keyedCryptoFactory is refactored to require encryption and throw errors for missing or insecure store keys. All tests are updated to expect rejections when using insecure keys or to use valid store keys instead.

Changes

Cohort / File(s)	Summary
Core encryption enforcement core/keybag/key-bag.ts, core/runtime/keyed-crypto.ts	Added ensureKeyFromUrl() method to validate keys and reject storekey=insecure with descriptive error. Refactored keyedCryptoFactory to enforce encryption requirement, remove fallback to unencrypted mode, and reject missing or insecure store keys.
Test updates for insecure key rejection core/tests/blockstore/keyed-crypto-indexeddb-file.test.ts	Rewrote test expectations from accepting insecure store keys to asserting rejection with error message containing "storekey=insecure is no longer supported".
KeyedCryptoStore test refactoring core/tests/blockstore/keyed-crypto.test.ts	Renamed "no crypto" test to "rejects insecure storekey" and updated subsequent tests to use valid store keys ("test-create-key", "test-key-ref", "test-direct-key") instead of "insecure".
Store parameter cleanup core/tests/blockstore/standalone.test.ts	Removed PARAM.STORE_KEY=insecure from URI constructions in peer-log and LedgerOpts data store URIs.
Memory storage and validation updates core/tests/fireproof/attachable.test.ts, core/tests/fireproof/stable-cid.test.ts	Replaced insecure memory base with encrypted storage. Relaxed carLog and memory gateway assertions to validate structure rather than exact contents. Removed insecure storekey test factory from parameterized tests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

• mabels

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main security change: removing the insecure storekey encryption bypass, which aligns perfectly with the changeset's primary objective of enforcing encryption across all data.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}