feat: per-project envelope encryption, IDOR protection, material URL proxy, and E2E test suite (#460)

* feat(api): per-project envelope encryption, material URL proxy, and IDOR protection

Encryption architecture:
- AES-256-GCM envelope encryption with per-object random DEKs
- Zero-knowledge key hierarchy: master key embedded in API token
  (sk-ac-{authSecret}.{encryptedMasterKey}), never stored server-side
- HKDF-SHA256 key derivation from auth secret + pepper
- Idempotent RewrapDEK for crash-safe key rotation (O(1), no S3 re-encryption)
- Redis cache encryption with prefix byte scheme (0x00=plain, 0x01=encrypted)
- DB content encryption via EncodeContent/DecodeContent binary framing

Material URL proxy:
- Replaces presigned S3 URLs with Redis-backed decryption proxy
- GET /api/v1/material/{token} — unauthenticated, token is the credential
- Enables transparent download of encrypted S3 objects

IDOR protection:
- Cross-project ownership validation on all resource endpoints
- Defense-in-depth checks at both handler and service layers
- diskRepo.GetByProjectAndID, session.ProjectID guards, S3 key prefix checks

Admin encryption lifecycle:
- POST /admin/v1/project/encrypt — idempotent batch encryption
- POST /admin/v1/project/decrypt — batch decryption
- PUT /admin/v1/project/secret_key (Bearer) — preserves master key
- PUT /admin/v1/project/:id/secret_key (JWT) — blocked for encrypted projects

* feat(core): thread user_kek through Python CORE for end-to-end encryption

- Add crypto.py: AES-256-GCM envelope encryption (Go-compatible wire format)
- S3 client: auto-encrypt/decrypt with user_kek on upload/download
- MQ consumers: hard-fail on invalid KEK (never silent plaintext fallback)
- Skill learner: SkillLearnerCtx carries KEK to all LLM tool handlers
- Artifact data: encode_content/decode_content with binary framing (mirrors Go)
- Sandbox backends: user_kek parameter on all 5 backends (E2B, CF, AWS, Novita, base)
- ORM: encryption_enabled column synced with Go GORM model
- Unit tests: 35+ cases for artifact data including encryption round-trips

* feat(dashboard): encryption settings UI, API key localStorage, and status indicators

- Encryption toggle in Project Settings with confirmation dialogs
- API key save/show/copy/delete via useApiKeyStorage localStorage hook
- ShieldCheck/ShieldX encryption status icons in project selector
- Bearer-authenticated encrypt/decrypt/rotate server actions
- Key rotation auto-saves new key when previous key is stored

* docs: add end-to-end encryption guide

- Envelope encryption architecture and API key format
- Enable/disable encryption steps
- Key rotation (zero-rewrap design) instructions
- Warnings: key loss, disabled text search, disabled dedup

* test: comprehensive E2E test suite and CI improvements

E2E tests (6 new test files, 1864 lines):
- test_encryption.py: 17 tests — lifecycle, upload/download, material URLs,
  key rotation, Redis cache inspection (verifies no plaintext leakage)
- test_project_isolation.py: 20 IDOR regression tests across all endpoints
- test_disk_artifact.py: disk CRUD, artifact ls/grep/glob, session configs
- test_agent_skills.py: ZIP upload, pagination, file download, deletion
- test_learning_spaces.py: CRUD, skill associations, meta JSONB filtering
- test_users.py: user listing, resource counts, cascade delete

CI improvements:
- Parallel Docker image builds (4 images with GHA layer cache)
- .dockerignore for API and CORE to reduce build context
- Dockerfile.e2e: thin test runner image with tests as volume mount
- docker-compose.test.yml: 8-service stack with mock LLM, disabled Argon2

* fix: scope Redis cache by project_id, align KEK hard-fail, and add OSS encryption page

- Scope Redis message parts cache key by project_id to prevent
  cross-project cache collisions (message:parts:{projectID}:{sha256})
- Add update_session_status("failed") in session_message.py on invalid
  KEK decode, matching skill_learner.py's hard-fail pattern
- Add encryption page to OSS dashboard (src/server/ui) with API key
  input and encrypt/decrypt toggle
- Include encryption_enabled in /api/v1/project/configs response

* fix(docker): use encryption-capable default token with pepper

- Update docker-compose default ROOT_API_BEARER_TOKEN to new format
  (auth_secret.encrypted_master_key) so encryption works out of the box
- Add ROOT_SECRET_PEPPER default in docker-compose
- Update EnsureDefaultProjectExists to parse new token format (extract
  auth_secret before the dot for HMAC/PHC hashing)

* fix: align default token with pepper, fix encryption page load error

- Use default pepper "your-secret-pepper" (viper default) for token
  generation instead of a separate pepper — no need for ROOT_SECRET_PEPPER
- Update viper default apiBearerToken to new format matching docker-compose
- Fix encryption page: hide card when initial status fetch fails (e.g.
  Unauthorized), only show error alert

* fix(docker): add ROOT_SECRET_PEPPER to docker-compose

config.yaml uses ${ROOT_SECRET_PEPPER} which os.ExpandEnv resolves to
empty string when the env var is unset, overriding the viper default.
This caused HMAC mismatch (token generated with "your-secret-pepper"
but server used "") resulting in 401 Unauthorized.

* feat(api): compact token format with AES Key Wrap (RFC 3394)

Compress API token from 130 to 76 chars (body) by:
- Reducing auth_secret from 32 to 16 bytes (128-bit, still secure)
- Using AES Key Wrap (RFC 3394) instead of AES-GCM for master key
  wrapping (40 bytes vs 60, no random nonce needed)
- Binary packing version byte + auth + wrapped_mk into single base64url

New format: sk-ac-{base64url(0x01 | auth_16B | aes_kw_40B)} = 82 chars
Old dot-separated and legacy formats remain fully supported.

Includes RFC 3394 test vectors (Section 4.1, 4.3, 4.6).

* refactor: remove dot-separated token format, keep only compact + legacy

The dot-separated format (sk-ac-{auth}.{encrypted_mk}) was never
deployed. Remove it to simplify the codebase:

- Remove WrapMasterKey/UnwrapMasterKey (AES-GCM token wrapping)
- Remove EncryptedMasterKey field from ParsedToken
- Remove dot-parsing branch in ParseProjectToken
- Remove dot-format test cases
- Remove generateRandomSecret (unused after compact format)
- Update Python E2E tests to use compact format with AES Key Wrap

S3 envelope encryption (WrapDEK/UnwrapDEK via AES-GCM) is unchanged.

* chore: update stale token references in auth comment and .env.example

* fix(e2e): update tests for compact token format and project-scoped Redis keys

- test_key_rotation_plain_project: assert 76-char compact body instead of dot
- test_redis_cache_*: include project_id in Redis key lookup to match
  the project-scoped cache key format (message:parts:{project_id}:{sha256})

* fix: change LearningSpaceSession.SessionID from uniqueIndex to index

The uniqueIndex caused a harmless but noisy GORM AutoMigrate error on
every startup: DROP CONSTRAINT uni_learning_space_sessions_session_id
fails because the constraint doesn't exist in the database.

A session can be learned by multiple learning spaces, so uniqueIndex
was semantically wrong. Changed to plain index.

* fix(auth): use dedicated cache struct for Redis project auth to preserve secret fields

model.Project uses json:"-" on SecretKeyHMAC and SecretKeyHashPHC to
prevent API leakage, but this caused these fields to be silently dropped
when cached in Redis. First request (DB hit) succeeded, but subsequent
requests (Redis hit) failed with 401 because Argon2 verification ran
against empty strings.

Introduce projectAuthCache struct with explicit JSON tags for Redis
serialization. Add guard (SecretKeyHMAC != "") to reject stale entries
from the old format.

* feat: expose encrypt/decrypt endpoints on standard API for OSS compatibility

Move encrypt/decrypt logic into shared package-level functions in
handler/encryption.go. Both AdminHandler and ProjectHandler delegate
to these functions, eliminating code duplication.

Register POST /api/v1/project/encrypt and POST /api/v1/project/decrypt
on the standard API router so OSS Docker deployments (which don't run
the admin binary) can use encryption features.

Admin binary retains /admin/v1/project/encrypt and /admin/v1/project/decrypt
for backward compatibility.

E2E tests updated to call the standard API endpoints.

* fix(ui): replace server action file uploads with route handlers

Server actions cannot reliably serialize File objects in Next.js
standalone/docker builds, causing ERR_INCOMPLETE_CHUNKED_ENCODING 500.

- Add route handlers for disk, agent skills, and session message uploads
- Remove File parameters from server actions
- Fix encryption endpoints to use /api/v1 instead of /admin/v1

* fix(docker): set APP_EXTERNALURL default so Load Preview works out of the box

Without a default, buildURL() falls back to container-internal hostname,
producing material URLs unreachable from the browser. Default to
http://localhost:${API_EXPORT_PORT:-8029} for the CLI docker-compose.

* fix(docker): set APP_EXTERNALURL default in server docker-compose

Same fix as the CLI docker-compose — default to
http://localhost:${API_EXPORT_PORT:-8029} instead of empty string.

Author: GenerQAQ

.github/workflows/e2e-test.yaml

@@ -32,10 +32,43 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
 
-      - name: Build Images
+      - name: Build Docker Images (parallel)
         run: |
-          cd src/server
-          docker compose -f docker-compose.test.yml build
+          docker buildx build \
+            --load \
+            --cache-from type=gha,scope=e2e-core \
+            --cache-to type=gha,mode=max,scope=e2e-core \
+            -t acontext-e2e-test-core:latest \
+            ./src/server/core &
+          PID_CORE=$!
+
+          docker buildx build \
+            --load \
+            --cache-from type=gha,scope=e2e-api \
+            --cache-to type=gha,mode=max,scope=e2e-api \
+            -t acontext-e2e-test-api:latest \
+            ./src/server/api/go &
+          PID_API=$!
+
+          docker buildx build \
+            --load \
+            --file ./src/server/api/go/Dockerfile.admin \
+            --cache-from type=gha,scope=e2e-admin \
+            --cache-to type=gha,mode=max,scope=e2e-admin \
+            -t acontext-e2e-test-admin:latest \
+            ./src/server/api/go &
+          PID_ADMIN=$!
+
+          docker buildx build \
+            --load \
+            --cache-from type=gha,scope=e2e-runner \
+            --cache-to type=gha,mode=max,scope=e2e-runner \
+            -t acontext-e2e-test-runner:latest \
+            -f ./src/server/tests/Dockerfile.e2e \
+            ./src/server/tests &
+          PID_RUNNER=$!
+
+          wait $PID_CORE $PID_API $PID_ADMIN $PID_RUNNER
 
       - name: Run E2E Test
         run: |
@@ -47,9 +80,3 @@ jobs:
         run: |
           cd src/server
           docker compose -f docker-compose.test.yml logs
-
-      - name: Teardown
-        if: always()
-        run: |
-          cd src/server
-          docker compose -f docker-compose.test.yml down --timeout 10

AGENTS.md

@@ -98,4 +98,5 @@ All workflows create a GitHub Release with a path-scoped changelog generated by
 ### Update Dashboard and Dashboard OSS at the same time
 - **Dashboard** (`dashboard/`): The hosted/commercial dashboard with authentication (Supabase), organizations, projects, and a mixin-based `AcontextClient`. Routes are scoped under `/project/[id]/...`.
 - **Dashboard OSS** (`src/server/ui/`): The open-source, self-hosted dashboard.
-- When modifying UI features (types, server actions, page components), always apply the equivalent change to both dashboards.
+- When modifying UI features (types, server actions, page components), always apply the equivalent change to both dashboards.
+- **Exception:** Encryption features (encryption settings, API key localStorage, key rotation UI) are commercial-only and do NOT need to be added to Dashboard OSS.

dashboard/.env.example

@@ -4,7 +4,7 @@ NEXT_PUBLIC_BASE_PATH=""
 NEXT_PUBLIC_SUPABASE_URL=your-project-url
 NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=sb_publishable_... or anon key
 
-ACONTEXT_API_BEARER_TOKEN=your-root-api-bearer-token
+ACONTEXT_API_BEARER_TOKEN=AaGyw9Tl9qe4ydDh8qO0xdZNkrobQvwHWFRsnp5a3QtfbaDSDJQeRHxXPr4bGpc0g130EqBSjRNF
 ACONTEXT_PROJECT_BEARER_TOKEN_PREFIX=sk-ac-
 
 NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=xxx

dashboard/app/project/[id]/api-keys/actions.ts

@@ -59,7 +59,7 @@ export async function getSecretKeyHistory(projectId: string) {
  * Rotate (generate new) secret key for a project
  * Returns the full key for one-time display
  */
-export async function rotateSecretKey(projectId: string) {
+export async function rotateSecretKey(projectId: string, apiKey?: string) {
   // Get current user (will redirect if not authenticated)
   const user = await getCurrentUser();
 
@@ -85,9 +85,16 @@ export async function rotateSecretKey(projectId: string) {
   }
 
   try {
-    // Call API to generate new secret key
+    // When an API key is available, use the Bearer route (preserves master key
+    // for encrypted projects).  Otherwise fall back to the admin route, which
+    // will reject the request server-side if the project has encryption enabled.
     const client = new AcontextClient();
-    const fullSecretKey = await client.updateProjectSecretKey(projectId);
+    let fullSecretKey: string;
+    if (apiKey) {
+      fullSecretKey = await client.rotateProjectSecretKey(apiKey);
+    } else {
+      fullSecretKey = await client.rotateProjectSecretKeyAdmin(projectId);
+    }
 
     if (!fullSecretKey) {
       return { error: "Failed to generate secret key" };

dashboard/app/project/[id]/api-keys/api-keys-page-client.tsx

@@ -8,6 +8,11 @@ import {
   RefreshCw,
   AlertTriangle,
   KeyRound,
+  Save,
+  Trash2,
+  Eye,
+  EyeOff,
+  Info,
 } from "lucide-react";
 import { toast } from "sonner";
 import { useTopNavStore } from "@/stores/top-nav";
@@ -54,6 +59,7 @@ import {
 import { rotateSecretKey } from "./actions";
 import { Tabs, TabsContent, TabsList, TabsTrigger } from "@/components/ui/tabs";
 import { CodeEditor } from "@/components/code-editor";
+import { useApiKeyStorage } from "@/lib/hooks/use-api-key-storage";
 
 const SERVICE_URL = "api.acontext.app/api/v1";
 
@@ -88,6 +94,11 @@ export function ApiKeysPageClient({
     "python"
   );
 
+  // Saved API key in localStorage
+  const { apiKey: savedApiKey, hasApiKey: hasSavedApiKey, saveApiKey, removeApiKey } = useApiKeyStorage(project.id);
+  const [apiKeyInput, setApiKeyInput] = useState("");
+  const [showSavedKey, setShowSavedKey] = useState(false);
+
   const isOwner = role === "owner";
   const hasExistingKey = keyRotations.length > 0;
   const latestRotation = keyRotations[0] || null;
@@ -153,12 +164,20 @@ console.log(await client.ping());`,
 
   const performKeyGeneration = () => {
     startTransition(async () => {
-      const result = await rotateSecretKey(project.id);
+      const result = await rotateSecretKey(
+        project.id,
+        savedApiKey ?? undefined,
+      );
       if (result.error) {
         toast.error(result.error);
       } else if (result.secretKey) {
         setNewlyGeneratedKey(result.secretKey);
         setShowKeyDialog(true);
+        // Auto-update localStorage if the user had a saved key
+        if (hasSavedApiKey) {
+          saveApiKey(result.secretKey);
+          toast.info("Saved API key in your browser has been updated with the new key.");
+        }
         router.refresh();
         toast.success(
           hasExistingKey
@@ -429,6 +448,115 @@ IMPORTANT: Store this key securely. It will not be shown again.
             </CardContent>
           </Card>
 
+          {/* Saved API Key Card */}
+          <Card>
+            <CardHeader>
+              <CardTitle className="flex items-center gap-2">
+                <Save className="h-5 w-5" />
+                Saved API Key
+              </CardTitle>
+              <CardDescription>
+                Save your API key in your browser for encryption features.
+                Your API key is stored only in your browser and is never sent to our servers.
+              </CardDescription>
+            </CardHeader>
+            <CardContent className="space-y-4">
+              {hasSavedApiKey ? (
+                <div className="space-y-3">
+                  <div className="space-y-2">
+                    <Label>Current Saved Key</Label>
+                    <div className="flex items-center gap-2">
+                      <Input
+                        value={showSavedKey ? (savedApiKey ?? "") : "****************************************"}
+                        readOnly
+                        className="font-mono text-sm"
+                      />
+                      <Button
+                        variant="outline"
+                        size="icon"
+                        onClick={() => setShowSavedKey(!showSavedKey)}
+                        title={showSavedKey ? "Hide key" : "Show key"}
+                      >
+                        {showSavedKey ? (
+                          <EyeOff className="h-4 w-4" />
+                        ) : (
+                          <Eye className="h-4 w-4" />
+                        )}
+                      </Button>
+                      <Button
+                        variant="outline"
+                        size="icon"
+                        onClick={() => {
+                          if (savedApiKey) {
+                            navigator.clipboard.writeText(savedApiKey);
+                            toast.success("Saved API key copied to clipboard");
+                          }
+                        }}
+                        title="Copy saved key"
+                      >
+                        <Copy className="h-4 w-4" />
+                      </Button>
+                      <Button
+                        variant="destructive"
+                        size="icon"
+                        onClick={() => {
+                          removeApiKey();
+                          setShowSavedKey(false);
+                          toast.success("Saved API key removed from browser");
+                        }}
+                        title="Remove saved key"
+                      >
+                        <Trash2 className="h-4 w-4" />
+                      </Button>
+                    </div>
+                  </div>
+                  <Alert>
+                    <Info className="h-4 w-4" />
+                    <AlertDescription>
+                      Your API key is stored only in your browser. It is used for encryption/decryption operations.
+                    </AlertDescription>
+                  </Alert>
+                </div>
+              ) : (
+                <div className="space-y-3">
+                  <div className="space-y-2">
+                    <Label htmlFor="api-key-input">API Key</Label>
+                    <div className="flex items-center gap-2">
+                      <Input
+                        id="api-key-input"
+                        type="password"
+                        value={apiKeyInput}
+                        onChange={(e) => setApiKeyInput(e.target.value)}
+                        placeholder="Paste your API key here"
+                        className="font-mono text-sm"
+                      />
+                      <Button
+                        onClick={() => {
+                          if (apiKeyInput.trim()) {
+                            saveApiKey(apiKeyInput.trim());
+                            setApiKeyInput("");
+                            toast.success("API key saved to browser");
+                          }
+                        }}
+                        disabled={!apiKeyInput.trim()}
+                      >
+                        <Save className="h-4 w-4" />
+                        Save
+                      </Button>
+                    </div>
+                  </div>
+                  <Alert>
+                    <Info className="h-4 w-4" />
+                    <AlertDescription>
+                      Your API key is stored only in your browser. It is used for encryption/decryption operations.
+                      Save your API key here after generating or rotating it.
+                    </AlertDescription>
+                  </Alert>
+                </div>
+              )}
+            </CardContent>
+          </Card>
+
           {/* Key History Card */}
           {hasExistingKey && (
             <Card>

dashboard/app/project/[id]/settings/general/actions.ts

@@ -146,6 +146,62 @@ export async function getProjectConfigs(
   }
 }
 
+async function toggleProjectEncryption(
+  projectId: string,
+  apiKey: string,
+  action: "encrypt" | "decrypt"
+): Promise<{ success?: boolean; error?: string }> {
+  try {
+    await getCurrentUser();
+
+    const project = await getProject(projectId);
+    if (!project) {
+      return { error: "Project not found" };
+    }
+
+    const membership = await getOrganizationMembershipForCurrentUser(
+      project.organization_id,
+      "role"
+    );
+    if (!membership) {
+      return { error: "Project not found or access denied" };
+    }
+    if (membership.role !== "owner") {
+      return { error: `Only organization owners can ${action === "encrypt" ? "enable" : "disable"} encryption` };
+    }
+
+    const client = new AcontextClient();
+    if (action === "encrypt") {
+      await client.encryptProject(projectId, apiKey);
+    } else {
+      await client.decryptProject(projectId, apiKey);
+    }
+
+    const encodedProjectId = encodeId(projectId);
+    revalidatePath(`/project/${encodedProjectId}`, "layout");
+
+    return { success: true };
+  } catch (error) {
+    return {
+      error: `Failed to ${action} project: ${error instanceof Error ? error.message : "Unknown error"}`,
+    };
+  }
+}
+
+export async function encryptProjectAction(
+  projectId: string,
+  apiKey: string
+): Promise<{ success?: boolean; error?: string }> {
+  return toggleProjectEncryption(projectId, apiKey, "encrypt");
+}
+
+export async function decryptProjectAction(
+  projectId: string,
+  apiKey: string
+): Promise<{ success?: boolean; error?: string }> {
+  return toggleProjectEncryption(projectId, apiKey, "decrypt");
+}
+
 export async function updateProjectConfigs(
   projectId: string,
   configs: Partial<ProjectConfig>