@novaqore/ai 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Novaqore
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,306 @@
+<h1 align="center">NovaQore AI</h1>
+
+<p align="center">
+  <img src="assets/logo.png" alt="NovaQore AI" width="120" />
+  <br><br>
+  <strong>@novaqore/ai</strong>
+  <br>
+  The world's first private, quantum-encrypted LLM client.
+  <br><br>
+  <a href="https://www.npmjs.com/package/@novaqore/ai"><img src="https://img.shields.io/npm/v/@novaqore/ai?color=blue&label=npm" alt="npm version" /></a>
+  <a href="https://github.com/novaqore/ai/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-green" alt="license" /></a>
+  <a href="https://img.shields.io/node/v/@novaqore/ai"><img src="https://img.shields.io/node/v/@novaqore/ai?color=brightgreen" alt="node version" /></a>
+  <a href="https://discord.gg/novaqore"><img src="https://img.shields.io/discord/1234567890?color=5865F2&label=discord&logo=discord&logoColor=white" alt="Discord" /></a>
+  <br><br>
+  <a href="https://novaqore.ai/developer"><strong>🔑 Get Your Quantum Keys</strong></a> &nbsp;|&nbsp;
+  <a href="https://novaqore.ai"><strong>🌐 Website</strong></a> &nbsp;|&nbsp;
+  <a href="https://novaqore.ai/roadmap"><strong>🗺️ Roadmap</strong></a> &nbsp;|&nbsp;
+  <a href="https://novaqore.ai/white-papers"><strong>📄 White Papers</strong></a>
+</p>
+
+---
+
+## The first private, quantum-encrypted LLMs
+
+### The problem
+
+AI is eating the world, and the world is feeding it everything. Customer names, home addresses, credit card numbers, medical records, legal documents, internal business strategy, private conversations. All of it is being sent to large language models every day by millions of developers and businesses.
+
+Most people assume HTTPS keeps that data safe. It does not. HTTPS encrypts the connection between your machine and the server, but that protection has limits. Corporate firewalls and network proxies routinely perform TLS inspection, decrypting and re-encrypting traffic so they can read everything passing through. Load balancers and CDNs terminate TLS at the edge, meaning your data sits in plaintext inside the provider's infrastructure. A compromised certificate or a stolen private key breaks the entire chain. The AI provider itself sees all of your data in the clear on their servers, and in most cases they log it, store it, and reserve the right to use it.
+
+And then there is the future. Quantum computers are advancing fast. Attackers and nation-states are already recording encrypted internet traffic today with the intention of decrypting it later once quantum hardware catches up. This is called "harvest now, decrypt later," and it is not theoretical. It is happening. Every sensitive prompt you send over standard HTTPS today is a liability tomorrow.
+
+### The solution
+
+NovaQore AI is a private LLM client created by [NovaQore](https://novaqore.ai). We built it because HTTPS alone is not enough to protect what people are feeding into AI.
+
+**We run our own large language models on 🇺🇸 US-based infrastructure.** No third-party AI providers. No data leaving the country. No shared multi-tenant GPU clusters where your prompts sit next to someone else's. Our servers, our models, our network.
+
+**Every request is encrypted end-to-end with post-quantum cryptography.** Before your data ever leaves your machine, it is locked using **CRYSTALS-Kyber** (Kyber1024 key encapsulation) and **AES-256-GCM**. This is not HTTPS. This is an additional layer of encryption on top of it. Even if someone breaks the TLS connection, intercepts traffic at a proxy, or sits inside the network infrastructure, they see nothing but random bytes. The server decrypts your prompt only in memory, runs the model, encrypts the response with the same shared secret, and sends it back. Fresh cryptographic keys are generated for every single request. Nothing is reused. Nothing is cached. Nothing is logged.
+
+**The encryption is quantum-safe.** CRYSTALS-Kyber is a NIST-standardized post-quantum algorithm. Even if a future quantum computer could break today's TLS, it cannot break Kyber. Your data is protected now and it stays protected decades from now.
+
+This is not a proxy. This is not a wrapper. This is a fully private AI pipeline from your code to our GPUs, with post-quantum encryption at every step.
+
+### What a traditional LLM request looks like
+
+```
+POST /v1/chat/completions
+x-api-key: sk-NqR7xT9vKmLpWz3bYhUd    <- your key, fully exposed
+x-uid: usr_8f3a1b2c
+
+{ "messages": [{ "role": "user", "content": "What is the meaning of life?" }] }
+```
+
+Everything is readable. Your key, your identity, your prompt.
+
+### What the same request looks like through NovaQore AI
+
+```
+POST /v1/chat/completions
+
+{
+  "uid": "usr_8f3a1b2c",
+  "keyId": "OnHODAr8kb6r5iUaZk6",
+  "ciphertext": "K3mVpQ8xTz1Rf5wNyB7uHcLgA0jXoE4sDi9vMaG2kY...==",
+  "encrypted": "mNx8Kv2QpLrT5wYzBf1HcOjXgA4sEi7uDa9RtM3kWb...=="
+}
+```
+
+Random bytes. No API key. No readable content. The response comes back encrypted the same way.
+
+---
+
+## Who is NovaQore AI for
+
+### ✅ Built for
+
+- ✅ **Healthcare and medical companies** handling patient data, HIPAA-regulated workflows, and clinical AI
+- ✅ **Financial institutions** processing sensitive transactions, risk models, and customer data
+- ✅ **Legal firms** working with privileged communications, contracts, and case strategy
+- ✅ **Government agencies** that require data sovereignty and classified-level privacy
+- ✅ **Defense contractors** building AI into systems where exposure is not an option
+- ✅ **Enterprise teams** with internal data that cannot leave a controlled pipeline
+- ✅ **Startups with proprietary IP** who need AI without leaking trade secrets to third-party providers
+- ✅ **Developers building for regulated industries** where compliance requires encryption at rest and in transit
+- ✅ **Anyone who believes their AI conversations are nobody else's business**
+
+### ❌ Not built for
+
+- ❌ Illegal activity of any kind
+- ❌ Spying, stalking, or surveillance
+- ❌ Generating content that exploits or harms others
+- ❌ Mass data collection or scraping
+- ❌ Anything that violates local, state, or federal law
+
+---
+
+## What makes NovaQore AI different
+
+| | Traditional LLM API | NovaQore AI |
+|---|---|---|
+| Your prompts | Plaintext, readable by anyone in the middle | Quantum-encrypted, unreadable in transit |
+| Your API key | Exposed in headers on every request | Never sent. Replaced by quantum handshake |
+| Key exchange | None | Kyber1024 (post-quantum safe) |
+| Per-request keys | No, same key forever | Yes, fresh keys every single call |
+| Infrastructure | Shared, third-party, often overseas | Dedicated 🇺🇸 US-based servers |
+| Quantum-safe | No | Yes |
+
+---
+
+## Install
+
+```bash
+npm install @novaqore/ai
+```
+
+```javascript
+// CommonJS
+const NovaQoreAI = require("@novaqore/ai");
+
+// ES Module
+import NovaQoreAI from "@novaqore/ai";
+```
+
+---
+
+## Quick Start
+
+Get your quantum keys from the [developer dashboard](https://novaqore.ai/developer).
+
+### 1. Drop in your service file and go
+
+Download your `novaqore-ai-service-*.json` and drop it in your project root:
+
+```javascript
+import NovaQoreAI from "@novaqore/ai";
+
+const nq = new NovaQoreAI();
+
+const res = await nq.chat([
+  { role: "user", content: "Hello" }
+]);
+
+console.log(res.choices[0].message.content);
+```
+
+NovaQore AI auto-detects the service file. If no service file is found, it falls back to environment variables automatically.
+
+### 2. Or pass the path explicitly
+
+```javascript
+const nq = new NovaQoreAI("./novaqore-ai-service-MkT3xYpLqN8vRwS1.json");
+```
+
+### 3. Or use environment variables
+
+```env
+NOVAQORE_UID=your-user-id
+NOVAQORE_QUANTUM_KEY=your-base64-quantum-key
+NOVAQORE_KEY_ID=your-key-id
+```
+
+```javascript
+const nq = new NovaQoreAI({
+  uid: process.env.NOVAQORE_UID,
+  quantumKey: process.env.NOVAQORE_QUANTUM_KEY,
+  keyId: process.env.NOVAQORE_KEY_ID,
+});
+```
+
+If you call `new NovaQoreAI()` with no arguments and no service file is present, it will automatically read from these environment variables.
+
+---
+
+## Examples
+
+### System prompt
+
+```javascript
+const res = await nq.chat([
+  { role: "system", content: "You are a helpful assistant that responds in haikus." },
+  { role: "user", content: "Tell me about the ocean" }
+]);
+```
+
+### Tool use
+
+```javascript
+const res = await nq.chat(
+  [{ role: "user", content: "What's the weather in NYC?" }],
+  {
+    tools: [
+      {
+        type: "function",
+        function: {
+          name: "get_weather",
+          description: "Get weather for a location",
+          parameters: {
+            type: "object",
+            properties: {
+              location: { type: "string", description: "City name" }
+            },
+            required: ["location"]
+          }
+        }
+      }
+    ]
+  }
+);
+
+const toolCall = res.choices[0].message.tool_calls[0];
+console.log(toolCall.function.name);       // "get_weather"
+console.log(toolCall.function.arguments);  // '{"location":"New York City"}'
+```
+
+### Streaming
+
+```javascript
+const stream = await nq.chat(
+  [{ role: "user", content: "Tell me about the ocean" }],
+  { stream: true }
+);
+
+for await (const chunk of stream) {
+  const content = chunk.choices[0]?.delta?.content || "";
+  process.stdout.write(content);
+}
+console.log();
+```
+
+### Options
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `temperature` | float | - | Sampling temperature (0-2) |
+| `stream` | bool | `false` | Stream response |
+| `tools` | array | - | Tool definitions |
+| `tool_choice` | string | - | Tool selection mode |
+
+### Health check
+
+```javascript
+const status = await nq.health();
+```
+
+---
+
+## Zero Dependencies
+
+NovaQore AI vendors all of its cryptographic libraries. Kyber1024 and SHA-3 are bundled directly in `lib/`. There are no external npm dependencies. No supply chain risk. The only requirement is Node 18 or higher.
+
+---
+
+## Roadmap
+
+We are actively building the next generation of private AI infrastructure. Multi-model support, streaming encryption, and more.
+
+**[View the Roadmap](https://novaqore.ai/roadmap)**
+
+---
+
+## White Papers
+
+Technical deep dives into the cryptography, architecture, and threat models behind NovaQore AI. How we protect your data, why we chose Kyber1024, and what post-quantum safety actually means in practice.
+
+**[Read the White Papers](https://novaqore.ai/white-papers)**
+
+---
+
+## Community
+
+We are building this in the open. Join us.
+
+<p>
+  <a href="https://discord.gg/novaqore"><strong>Discord</strong></a> &nbsp;|&nbsp;
+  <a href="https://x.com/novaqore"><strong>X (Twitter)</strong></a> &nbsp;|&nbsp;
+  <a href="https://tiktok.com/@novaqore"><strong>TikTok</strong></a> &nbsp;|&nbsp;
+  <a href="https://youtube.com/@novaqore"><strong>YouTube</strong></a>
+</p>
+
+---
+
+## Credits
+
+- [CRYSTALS-Kyber](https://github.com/antontutoveanu/crystals-kyber-javascript) - Post-quantum key encapsulation (Kyber1024)
+- [sha3](https://github.com/phusion/node-sha3) - Keccak/SHA-3 hashing
+
+## Disclaimer
+
+NovaQore AI is provided as-is. We do not store your conversations. We do not log your prompts or responses. We do not use your data to train models. Your messages are encrypted on your machine, decrypted only long enough to run the model, and the response is encrypted before it leaves our server. We do not have access to the content of your requests and we do not keep copies.
+
+We built NovaQore AI to give people and businesses a genuinely private way to use AI. That said, NovaQore AI is not a tool for illegal activity. We do not tolerate unlawful use of our service. While we cannot see your data, we will cooperate with law enforcement when presented with a valid legal order as required by law.
+
+By using NovaQore AI, you agree to use it responsibly and in compliance with all applicable laws.
+
+## License
+
+MIT
+
+---
+
+<p align="center">
+  <a href="https://chat.novaqore.ai"><strong>💬 Start Chat — Quantum-Private AI</strong></a>
+  <br><br>
+  Powered by <a href="https://novaqore.ai">NovaQore Tech</a>
+</p>

package/index.js

@@ -0,0 +1,186 @@
+const { Encrypt1024 } = require("./lib/kyber1024");
+const crypto = require("crypto");
+const fs = require("fs");
+const path = require("path");
+
+const BASE_URL = "https://api.novaqore.ai";
+const { version } = require("./package.json");
+
+class NovaQoreAI {
+  #uid;
+  #quantumKey;
+  #keyId;
+
+  constructor(config) {
+    if (config === undefined) {
+      const files = fs.readdirSync(process.cwd()).filter(f => f.startsWith("novaqore-ai-service-") && f.endsWith(".json"));
+      if (files.length > 0) {
+        config = JSON.parse(fs.readFileSync(path.resolve(files[0]), "utf-8"));
+      } else {
+        config = {
+          uid: process.env.NOVAQORE_UID,
+          quantumKey: process.env.NOVAQORE_QUANTUM_KEY,
+          keyId: process.env.NOVAQORE_KEY_ID,
+        };
+      }
+    } else if (typeof config === "string") {
+      const filePath = path.resolve(config);
+      if (!fs.existsSync(filePath)) {
+        throw new Error(`Service file not found: ${filePath}`);
+      }
+      config = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+    }
+    if (!config || typeof config !== "object") {
+      throw new Error("NovaQoreAI requires { uid, quantumKey, keyId }");
+    }
+    if (!config.uid) {
+      throw new Error("uid is required");
+    }
+    if (!config.quantumKey) {
+      throw new Error("quantumKey is required");
+    }
+    if (!config.keyId) {
+      throw new Error("keyId is required");
+    }
+    this.#uid = config.uid;
+    this.#quantumKey = config.quantumKey;
+    this.#keyId = config.keyId;
+    this.version = version;
+    this.description = "NovaQore AI - Quantum-encrypted LLM client by NovaQore";
+    this.methods = ["chat", "health"];
+  }
+
+  async #encryptPayload(payload) {
+    const quantumKey = new Uint8Array(Buffer.from(this.#quantumKey, "base64"));
+
+    const [ciphertext, sharedSecret] = await Encrypt1024(quantumKey);
+
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv("aes-256-gcm", Buffer.from(sharedSecret), iv);
+    const plaintext = Buffer.from(JSON.stringify(payload), "utf-8");
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const tag = cipher.getAuthTag();
+
+    const packed = Buffer.concat([iv, encrypted, tag]);
+
+    return {
+      ciphertext: Buffer.from(ciphertext).toString("base64"),
+      encrypted: packed.toString("base64"),
+      sharedSecret: Buffer.from(sharedSecret),
+    };
+  }
+
+  #decryptResponse(encryptedB64, sharedSecret) {
+    const buf = Buffer.from(encryptedB64, "base64");
+    const iv = buf.subarray(0, 12);
+    const tag = buf.subarray(buf.length - 16);
+    const ciphertext = buf.subarray(12, buf.length - 16);
+    const decipher = crypto.createDecipheriv("aes-256-gcm", sharedSecret, iv);
+    decipher.setAuthTag(tag);
+    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return JSON.parse(decrypted.toString("utf-8"));
+  }
+
+  async chat(messages, options = {}) {
+    if (!messages || !Array.isArray(messages) || messages.length === 0) {
+      throw new Error("Messages must be a non-empty array");
+    }
+
+    try {
+      const payload = {
+        messages,
+        temperature: options.temperature,
+        stream: options.stream || false,
+        ...(options.tools && { tools: options.tools }),
+        ...(options.tool_choice && { tool_choice: options.tool_choice }),
+      };
+
+      const { ciphertext, encrypted, sharedSecret } = await this.#encryptPayload(payload);
+
+      const res = await fetch(`${BASE_URL}/v1/chat/completions`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          uid: this.#uid,
+          keyId: this.#keyId,
+          ciphertext,
+          encrypted,
+        }),
+      });
+
+      if (!res.ok) {
+        const body = await res.text();
+        try {
+          const parsed = JSON.parse(body);
+          throw new Error(parsed.error || `Request failed with status ${res.status}`);
+        } catch (e) {
+          if (e.message && !e.message.includes("JSON")) throw e;
+          throw new Error(`Request failed with status ${res.status}`);
+        }
+      }
+
+      if (options.stream) {
+        return this.#readStream(res, sharedSecret);
+      }
+
+      const { encrypted: encryptedResponse } = await res.json();
+      return this.#decryptResponse(encryptedResponse, sharedSecret);
+    } catch (err) {
+      if (err.message) throw err;
+      throw new Error("Failed to connect to NovaQore AI");
+    }
+  }
+
+  async *#readStream(res, sharedSecret) {
+    const decoder = new TextDecoder();
+    const reader = res.body.getReader();
+    let buffer = "";
+    let expectedSeq = 0;
+
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+
+      const lines = buffer.split("\n");
+      buffer = lines.pop();
+
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || !trimmed.startsWith("data: ")) continue;
+        const data = trimmed.slice(6);
+
+        if (data === "[DONE]") return;
+
+        const { encrypted } = JSON.parse(data);
+        const chunk = this.#decryptResponse(encrypted, sharedSecret);
+
+        if (chunk.seq !== expectedSeq) {
+          throw new Error(`Chunk out of order: expected ${expectedSeq}, got ${chunk.seq}`);
+        }
+        expectedSeq++;
+
+        yield chunk;
+      }
+    }
+  }
+
+  async health() {
+    try {
+      const res = await fetch(`${BASE_URL}/health`, {
+        headers: {
+          "x-uid": this.#uid,
+        },
+      });
+      if (!res.ok) {
+        throw new Error(`Health check failed with status ${res.status}`);
+      }
+      return res.json();
+    } catch (err) {
+      if (err.message) throw err;
+      throw new Error("Failed to connect to NovaQore AI");
+    }
+  }
+}
+
+module.exports = NovaQoreAI;