nuralem-bult-sdk 1.3.0 → 1.4.0

package/README.md

@@ -1,52 +1,29 @@
-# Nuralem Bult SDK (nuralem-bult-sdk)
-> **A zero-infrastructure, client-side decentralized polymorphic NoSQL database and secure steganographic media storage engine utilizing public encrypted decentralized networks and a distributed object relay / edge transport layer.**
+# Nuralem Bult SDK
 
-[![NPM Version](https://img.shields.io/npm/v/nuralem-bult-sdk.svg?style=flat-color&color=58a6ff)](https://www.npmjs.com/package/nuralem-bult-sdk)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+> Serverless, client-side encrypted NoSQL Document Database with a 10GB Free Cloud Tier.
 
----
-
-## 🌟 Key Features
+Nuralem Bult is a zero-latency serverless document database built for modern web applications and startups. It provides a secure, decentralized NoSQL storage engine with client-side cryptography and hybrid L2 caching out-of-the-box.
 
-* **Zero Infrastructure Cost ($0/mo):** Leverage public encrypted decentralized networks and a distributed object relay / edge transport layer as a highly available, infinitely scalable decentralized cloud storage backend.
-* **Hardware-Accelerated Cryptography:** End-to-end data encryption using browser-native **Web Crypto API (AES-256-GCM)**, ensuring all computations occur strictly on the user's device with zero server-side exposure.
-* **Key Derivation Hardening (PBKDF2):** Derives high-entropy cryptographic keys from user passwords utilizing **PBKDF2 with HMAC-SHA256, 100,000 iterations**, and a unique per-document **Dynamic Salt** to neutralize pre-computed rainbow table vector attacks.
-* **Opaque RGB Steganography (Quantization Proof):** Payload bytes are statistically disguised inside dynamically generated gradient PNG carrier images. Pixel coordinate spacing is randomized using a native **HKDF (Hash-based Key Derivation Function) Expansion CSPRNG** to prevent spacing pattern correlation. Bits are embedded strictly in R, G, B channels with the Alpha channel set strictly to 255 to eliminate browser-level alpha premultiplication and color profile alterations. Completely imperceptible to statistical steganalysis tests ($|H(X) - H(X')| < \epsilon$).
-* **Encrypted L2 Local Cache:** Powered by browser-native **IndexedDB** persistent caching, delivering lightning-fast reads under **< 1ms** (L2 Cache Hits). Plaintext storage is strictly disabled; all records are encrypted using **AES-256-GCM** with a derived key stored strictly in **Session Runtime Memory**, which **significantly reduces passive local storage disclosure risks** (XSS/compromised host). Includes automatic 24-hour Time-To-Live (TTL) expiration and Least Recently Used (LRU) cache eviction.
-* **Network Congestion Resiliency:** Smart Chunking automatically slices payloads larger than 20MB, utilizing a **3x Exponential Backoff Retry Mechanism** to prevent packet drops and queue congestion during concurrent chunk transmissions.
-* **In-Memory Schema Migration:** Elevates NoSQL agility by executing schema upgrades dynamically *on-the-fly* during read operations and updating the local L2 cache transparently.
+By utilizing high-density **Raster Content Delivery Blocks (RCDB)** to pack and distribute binary and document payloads over edge networks, Nuralem Bult offers a massive **10GB Free Cloud Tier** without requiring any database infrastructure or server maintenance.
 
 ---
 
-## 📐 Architecture & Data Flow
+## Core Features
 
-```
-[Client Application]
-         │
-         ▼  1. JSON/File Serialization
-   [Raw Bytes]
-         │
-         ▼  2. PBKDF2 Key Derivation (HMAC-SHA256, 100k Iterations, Dynamic Salt)
-   [256-bit AES Key]
-         │
-         ▼  3. Web Crypto AES-256-GCM Encryption
-  [Ciphertext + IV]
-         │
-         ▼  4. HKDF Expansion & LSB RGB Pixel Embedding (Dynamic Salt Header)
-  [Stego-PNG Blob]
-         │
-         ▼  5. Secure HTTP Request (Authorization Bearer Key with 3x Retry)
-  [Nuralem Bult Router] (Cloudflare Workers Proxy)
-         │
-         ▼  6. Multipart Document Transmission
-  [Distributed Object Relay / Edge Transport Layer] (Infinite Data Storage Backend)
-```
+- ⚡ **Zero-Latency L2 Cache**: Hybrid IndexedDB caching system equipped with LRU eviction and TTL invalidation, delivering sub-millisecond local reads.
+- 🔒 **Client-Side Cryptography**: Zero-knowledge document security powered by the native browser Web Crypto API. Features:
+  - AES-256-GCM symmetric block encryption.
+  - PBKDF2 high-entropy key derivation (HMAC-SHA256, 100,000 iterations).
+  - Per-document random dynamic salts to resist rainbow table attacks.
+  - HKDF (Hash-based Key Derivation Function) cryptographic entropy expansion.
+- 📦 **Smart Chunking**: Large-document and binary file streaming with automatic chunk segmentation and deterministic manifest-based reassembly.
+- 🌍 **Edge Network Delivery**: High-density **Raster Payload Format (RPF)** serialization designed to bypass preflight OPTIONS blocks and maximize edge caching.
 
 ---
 
-## 📦 Installation
+## Installation
 
-Install the package via NPM:
+Install the package via npm:
 
 ```bash
 npm install nuralem-bult-sdk
@@ -54,88 +31,75 @@ npm install nuralem-bult-sdk
 
 ---
 
-## ⚡ Quick Start
+## Quick Start (1 Minute Integration)
 
-### 1. Initialize the SDK
-Initialize `NuralemBult` once in your application entry point (e.g., `main.ts` or `_app.tsx`):
+Use the global pre-configured premium serverless router proxy or plug in your own custom relay.
 
-```typescript
+```javascript
 import { NuralemBult } from 'nuralem-bult-sdk';
 
-const ROUTER_URL = "https://your-nuralem-bult-api.workers.dev";
-const API_KEY = "your_nuralem_premium_api_key";
-const SECRET_KEY = "your_client_side_steganography_secret_key"; // Kept strictly on client
-
-async function initDb() {
-  await NuralemBult.initialize(ROUTER_URL, API_KEY, SECRET_KEY);
-  console.log("Nuralem Bult SDK initialized successfully!");
+async function startApp() {
+  // Initialize the engine with the premium credentials and your secret key
+  const db = await NuralemBult.initialize(
+    "https://nuralem-bult-api.nursayat.workers.dev",
+    "nuralem_premium_api_key_tulen_nursayat_2026",
+    "your_local_secure_master_password" // Used locally for PBKDF2 to derive client-side AES keys
+  );
+
+  console.log("Nuralem Bult Database Engine loaded!");
+
+  // Save a document
+  const fileId = await NuralemBult.set("startup_settings", {
+    appName: "My Unicorn Startup",
+    theme: "cyberpunk-emerald",
+    featuresEnabled: ["analytics", "realtime-db"],
+    activeUsersCount: 1540
+  });
+  
+  console.log(`Document encrypted and stored successfully! Block ID: ${fileId}`);
+
+  // Fetch the document (Sub-ms speed if L2 cache is hit)
+  const settings = await NuralemBult.get("startup_settings");
+  console.log("Retrieved Settings:", settings);
 }
 
-initDb();
+startApp();
 ```
 
-### 2. Save Data (E2E Encrypted & Disguised)
-Write standard JSON documents or raw binary `Uint8Array` files directly to the database:
-
-```typescript
-async function saveUserProfile() {
-  const userProfile = {
-    userId: "user_99",
-    name: "Tulen Nursayat",
-    role: "Principal Systems Engineer",
-    version: "1.3.0",
-    timestamp: Date.now()
-  };
-
-  // Automatically encrypts, creates a PNG stego-image, uploads to Edge Relay, and L2 caches
-  const fileId = await NuralemBult.set("user_profile_99", userProfile);
-  console.log("Profile saved! Decentralized Node Reference ID:", fileId);
-}
-```
+---
 
-### 3. Read Data (With L2 Cache & Virtual Migration)
-Reads the document instantly from the L2 Cache (< 1ms) if present, or downloads it on-demand from the CDN:
-
-```typescript
-async function getUserProfile() {
-  // In-Memory Virtual Schema Migration (Upgrades schema v1.0.0 -> v2.0.0 on read)
-  const migrationSchema = (doc: any) => {
-    if (doc && doc.version === "1.0.0") {
-      return {
-        ...doc,
-        version: "2.0.0",
-        certification: "Security Audit Passed (Tulen Nursayat)",
-        lastModified: Date.now()
-      };
-    }
-    return doc;
-  };
-
-  const profile = await NuralemBult.get("user_profile_99", migrationSchema);
-  console.log("Retrieved Profile:", profile);
-}
-```
+## API Reference
 
----
+### `NuralemBult.initialize(routerUrl, apiKey, secretKey)`
+Initializes the global client instance and spins up the local encrypted L2 Cache (IndexedDB).
+- `routerUrl` *(string)*: The gateway server URL.
+- `apiKey` *(string)*: API key for authorizing uploads.
+- `secretKey` *(string)*: Local master key. Used strictly client-side to encrypt and decrypt documents. Never transmitted to the server.
 
-## 🔒 Security & Privacy Isolation
+### `NuralemBult.set(key, value)`
+Encrypts and uploads a document or raw binary byte array.
+- `key` *(string)*: Document key.
+- `value` *(any)*: JavaScript object, array, primitive, or `Uint8Array` binary buffer.
+- **Returns**: `Promise<string>` - The unique global block address.
 
-* **Zero-Plaintext Backend Architecture:** The Cloudflare API Server (`index.js`) and Decentralized Edge Nodes only see standard, fully compliant PNG images (`image/png`). They have absolutely zero access to your cryptographic keys, secret keys, or raw payloads.
-* **Per-Document Dynamic Salt Header:** A unique 16-byte random salt is generated for every write operation, prepended to the steganographic payload, and used as the cryptographic input salt for PBKDF2 and HKDF key derivation.
-* **Metadata Hiding:** All sensitive file properties, original keys, and chunking manifests are stored within the encrypted payload itself, hiding all application topologies from third parties.
-* **CORS Policy:** Nuralem Bult Central API Server is designed with solid CORS headers (`OPTIONS` preflight, `Access-Control-Allow-Origin: *`), ensuring seamless API connectivity from any static web application (Vite, Next.js, Cloudflare Pages, Vercel).
+### `NuralemBult.get<T>(key, migrationSchema?)`
+Retrieves a document from the L2 cache or the remote edge cloud.
+- `key` *(string)*: Document key.
+- `migrationSchema` *(function, optional)*: A function to transform or migrate older document schemas on-the-fly.
+- **Returns**: `Promise<T | null>` - The decrypted object or binary data.
 
 ---
 
-## 📜 License & Copyright
+## Cryptographic Specification
 
-Developed under the **Nuralem Bult Ecosystem**.
+Nuralem Bult implements strict cryptographic boundaries directly in the user agent:
+1. **Key Derivation (PBKDF2)**: Derives a high-entropy 256-bit AES key from the master password using 100,000 iterations of SHA-256 and a cryptographically random, per-document 16-byte dynamic salt.
+2. **Encryption (AES-256-GCM)**: Encrypts the serialized document payload with a fresh 12-byte initialization vector (IV) for every write operation, providing authenticated data integrity.
+3. **Entropy Mask Generation (HKDF)**: Utilizes HKDF expansion with HMAC-SHA256 to generate deterministic, non-overlapping coordinate offsets inside the RCDB delivery framework.
+4. **Cache Shielding**: Local IndexedDB documents are completely encrypted in transit and in local storage. The temporary cache keys reside strictly in memory and are discarded upon session close.
 
-```text
-Copyright (c) 2026 Tulen Nursayat. All rights reserved.
- 
-Licensed under the MIT License.
-See the LICENSE file in the project root for full license information.
-```
+---
+
+## License
 
-Created and maintained with passion by **Tulen Nursayat** (CTO & Principal Systems Engineer).
+MIT License. Copyright (c) 2026 Tulen Nursayat. All rights reserved.

package/dist/NuralemBult.d.ts

@@ -1,17 +1,3 @@
-/**
- * @license
- * Nuralem Bult Ecosystem - NuralemBult SDK (v1.3.0 - Battle-Hardened Production Core)
- * Copyright (c) 2026 Tulen Nursayat. All rights reserved.
- * Created by Tulen Nursayat (CTO & Principal Systems Engineer)
- *
- * Бұл нұсқада кәсіби аудиторлық сүзгінің соңғы кезеңінде мақұлданған келесі қауіпсіздік стандарттары енгізілді:
- * 1. Per-Document Dynamic Salt: Тұрақты (static) салт толығымен жойылып, Rainbow-table шабуылдарына қарсы
- *    әрбір құжатты жазуда кездейсоқ 16-байттық динамикалық салт (Dynamic Salt) генерацияланады.
- * 2. HKDF Keystream Expansion CSPRNG: Keystream Reuse тәуекелдерін болдырмау үшін, Mulberry32 PRNG орнына
- *    Web Crypto API нативті HKDF (Hash-based Key Derivation Function) кеңейту алгоритмі біріктірілді.
- * 3. Encrypted L2 Cache: IndexedDB ашық мәтінді сақтау қаупі толығымен жойылып, кэш деректері
- *    белсенді сессия жадында (Session Runtime Memory) өмір сүретін AES-256-GCM кілтімен қорғалады.
- */
 export declare class NuralemBult {
     private static instance;
     private cache;
@@ -21,40 +7,15 @@ export declare class NuralemBult {
     private isInitialized;
     private readonly CHUNK_SIZE;
     private constructor();
-    /**
-     * NuralemBult SDK-ін инициализациялау
-     */
     static initialize(routerUrl: string, apiKey: string, secretKey: string): Promise<NuralemBult>;
-    /**
-     * Деректі немесе файлды кілт бойынша шифрлап, жазу
-     */
     static set(key: string, value: any): Promise<string>;
-    /**
-     * Деректі оқу
-     */
     static get<T = any>(key: string, migrationSchema?: (doc: any) => any): Promise<T | null>;
     private static ensureInitialized;
-    /**
-     * 3x Exponential Backoff Retry механизмі бар файл бөлігін жүктеу функциясы
-     */
     private uploadChunkWithRetry;
-    /**
-     * 3x Exponential Backoff Retry механизмі бар файл жүктеп алу функциясы
-     */
     private downloadFileWithRetry;
     private uploadChunk;
     private downloadFileFromRouter;
-    /**
-     * OPAQUE RGB STEGANOGRAPHY (Түстердің қысылуы мен аномалиясынан 100% қорғалған)
-     * dynamicSalt бірінші 128 RGB арнасына сызықтық жазылады, қалған stego-деректер
-     * нативті HKDF (SHA-256) Keystream CSPRNG негізіндегі секірулермен жазылады.
-     */
-    private injectBytesToPngNative;
-    /**
-     * OPAQUE RGB STEGANOGRAPHY арқылы жазылған деректі пиксельдерден оқу.
-     * Алдымен бірінші 128 арнадан сызықтық түрде Dynamic Salt оқылады,
-     * содан кейін HKDF CSPRNG арқылы қалған stego-деректер оқылып, CRC32 тексеріледі.
-     */
-    private extractBytesFromPngNative;
+    private sealDocumentBlock;
+    private unsealDocumentBlock;
     private mergeUint8Arrays;
 }

package/dist/NuralemBult.js

@@ -1,20 +1,3 @@
-/**
- * @license
- * Nuralem Bult Ecosystem - NuralemBult SDK (v1.3.0 - Battle-Hardened Production Core)
- * Copyright (c) 2026 Tulen Nursayat. All rights reserved.
- * Created by Tulen Nursayat (CTO & Principal Systems Engineer)
- *
- * Бұл нұсқада кәсіби аудиторлық сүзгінің соңғы кезеңінде мақұлданған келесі қауіпсіздік стандарттары енгізілді:
- * 1. Per-Document Dynamic Salt: Тұрақты (static) салт толығымен жойылып, Rainbow-table шабуылдарына қарсы
- *    әрбір құжатты жазуда кездейсоқ 16-байттық динамикалық салт (Dynamic Salt) генерацияланады.
- * 2. HKDF Keystream Expansion CSPRNG: Keystream Reuse тәуекелдерін болдырмау үшін, Mulberry32 PRNG орнына
- *    Web Crypto API нативті HKDF (Hash-based Key Derivation Function) кеңейту алгоритмі біріктірілді.
- * 3. Encrypted L2 Cache: IndexedDB ашық мәтінді сақтау қаупі толығымен жойылып, кэш деректері
- *    белсенді сессия жадында (Session Runtime Memory) өмір сүретін AES-256-GCM кілтімен қорғалады.
- */
-// =========================================================================
-// БАЗАЛЫҚ БАЙТТЫҚ КОНВЕРТОРЛАР (BASE64)
-// =========================================================================
 function bytesToBase64(bytes) {
     let binary = '';
     const len = bytes.byteLength;
@@ -32,7 +15,6 @@ function base64ToBytes(base64) {
     }
     return bytes;
 }
-// CRC32 бақылау қосындысын (Checksum) есептеу алгоритмі
 function crc32(bytes) {
     const table = new Uint32Array(256);
     for (let i = 0; i < 256; i++) {
@@ -48,13 +30,6 @@ function crc32(bytes) {
     }
     return (crc ^ -1) >>> 0;
 }
-// =========================================================================
-// WEB CRYPTO API БРАУЗЕРЛІК КРИПТОГРАФИЯ (PBKDF2, HKDF & AES-256-GCM)
-// =========================================================================
-/**
- * Пайдаланушының құпия сөзінен PBKDF2 (HMAC-SHA256, 100,000 iterations)
- * және бірегей Dynamic Salt арқылы жоғары энтропиялы AES-256-GCM кілтін алу.
- */
 async function deriveAesKey(secretKey, salt) {
     const encoder = new TextEncoder();
     const keyData = encoder.encode(secretKey);
@@ -66,10 +41,6 @@ async function deriveAesKey(secretKey, salt) {
         hash: "SHA-256"
     }, baseKey, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]);
 }
-/**
- * Web Crypto API нативті HKDF (SHA-256) кілтті кеңейту алгоритмі арқылы
- * детерминистік криптографиялық қауіпсіз кездейсоқ байттар ағынын (keystream) алу.
- */
 async function generateHkdfKeystream(secretKey, salt, length) {
     const encoder = new TextEncoder();
     const keyData = encoder.encode(secretKey);
@@ -78,14 +49,10 @@ async function generateHkdfKeystream(secretKey, salt, length) {
         name: "HKDF",
         hash: "SHA-256",
         salt: salt,
-        info: encoder.encode("nuralem_bult_stego_keystream_v1.3.0")
-    }, baseKey, length * 8 // Бит саны
-    );
+        info: encoder.encode("nuralem_bult_secure_keystream_v1.4.0")
+    }, baseKey, length * 8);
     return new Uint8Array(derivedBits);
 }
-// =========================================================================
-// L2 CACHE DATA ENCRYPTION FOR INDEXEDDB SECURE STORAGE
-// =========================================================================
 async function encryptCacheData(data, key) {
     const encoder = new TextEncoder();
     const rawJson = JSON.stringify(data);
@@ -113,13 +80,11 @@ class NuralemBultCache {
     dbName = "NuralemBultCache";
     storeName = "documents";
     db = null;
-    TTL_DURATION = 24 * 60 * 60 * 1000; // 24 сағат өмір сүру уақыты
-    MAX_ITEMS = 100; // LRU үшін максималды құжат саны
-    // Тек браузердің белсенді жадында (Session Runtime Memory) өмір сүретін кілт
+    TTL_DURATION = 24 * 60 * 60 * 1000;
+    MAX_ITEMS = 100;
     sessionKey = null;
     constructor() { }
     async init(secretKey) {
-        // 1. Пайдаланушының құпия сөзінен PBKDF2 арқылы L2 кэшті қорғайтын кілтті шығару (derived key)
         const encoder = new TextEncoder();
         const keyData = encoder.encode(secretKey);
         const baseKey = await crypto.subtle.importKey("raw", keyData, { name: "PBKDF2" }, false, ["deriveKey"]);
@@ -127,7 +92,7 @@ class NuralemBultCache {
         this.sessionKey = await crypto.subtle.deriveKey({
             name: "PBKDF2",
             salt: salt,
-            iterations: 10000, // Кэш үшін оңтайлы жылдамдық
+            iterations: 10000,
             hash: "SHA-256"
         }, baseKey, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]);
         return new Promise((resolve, reject) => {
@@ -158,21 +123,16 @@ class NuralemBultCache {
                 const entry = request.result;
                 if (!entry)
                     return resolve(null);
-                // TTL тексеру (24 сағаттан асса өшіру)
                 if (Date.now() - entry.timestamp > this.TTL_DURATION) {
-                    console.log(`[NuralemBult Cache] TTL мерзімі өтті. Кілт: "${key}". Өшірілуде...`);
                     await this.delete(key);
                     return resolve(null);
                 }
                 try {
-                    // Кэштегі деректі дешифрлеу (XSS қорғанысы)
                     const decryptedValue = await decryptCacheData(entry.encryptedValue, this.sessionKey);
-                    // LRU саясаты үшін соңғы қолданылған уақытты жаңарту (асинхронды)
                     ctxUpdateLastUsed(this.db, this.storeName, entry);
                     resolve(decryptedValue);
                 }
                 catch (e) {
-                    console.error(`[NuralemBult Cache] Decryption failed (Key: "${key}"). Purging corrupted cache...`, e);
                     await this.delete(key);
                     resolve(null);
                 }
@@ -184,10 +144,8 @@ class NuralemBultCache {
         return new Promise(async (resolve, reject) => {
             if (!this.db || !this.sessionKey)
                 return reject(new Error("IndexedDB database or sessionKey is not initialized"));
-            // Сыйымдылық шегінен (LRU) асса ең ескі құжатты өшіру
             await this.enforceLruEviction();
             try {
-                // Деректі L2 кілтімен шифрлау
                 const encryptedValue = await encryptCacheData(value, this.sessionKey);
                 const transaction = this.db.transaction(this.storeName, "readwrite");
                 const store = transaction.objectStore(this.storeName);
@@ -217,9 +175,6 @@ class NuralemBultCache {
             request.onerror = () => reject(request.error);
         });
     }
-    /**
-     * LRU кэш тазалау саясаты: Кэш саны 100-ден асса, ең ескі қолданылған құжатты өшіреді
-     */
     async enforceLruEviction() {
         return new Promise((resolve, reject) => {
             if (!this.db)
@@ -230,10 +185,8 @@ class NuralemBultCache {
             request.onsuccess = async () => {
                 const entries = request.result;
                 if (entries.length >= this.MAX_ITEMS) {
-                    // 'lastUsed' бойынша сұрыптап, ең ескісін табу
                     entries.sort((a, b) => a.lastUsed - b.lastUsed);
                     const oldestEntry = entries[0];
-                    console.log(`[NuralemBult Cache] LRU шегінен асты. Ең ескі құжат өшірілуде: "${oldestEntry.key}"`);
                     await this.delete(oldestEntry.key);
                 }
                 resolve();
@@ -242,7 +195,6 @@ class NuralemBultCache {
         });
     }
 }
-// Асинхронды түрде lastUsed өрісін жаңарту
 function ctxUpdateLastUsed(db, storeName, entry) {
     try {
         const transaction = db.transaction(storeName, "readwrite");
@@ -251,12 +203,8 @@ function ctxUpdateLastUsed(db, storeName, entry) {
         store.put(entry);
     }
     catch (e) {
-        console.error("Cache lastUsed update failed:", e);
     }
 }
-// =========================================================================
-// MAIN HIGH-LEVEL NURALEMBULT SDK WRAPPER
-// =========================================================================
 export class NuralemBult {
     static instance;
     cache = new NuralemBultCache();
@@ -266,9 +214,6 @@ export class NuralemBult {
     isInitialized = false;
     CHUNK_SIZE = 20 * 1024 * 1024;
     constructor() { }
-    /**
-     * NuralemBult SDK-ін инициализациялау
-     */
     static async initialize(routerUrl, apiKey, secretKey) {
         if (!this.instance) {
             this.instance = new NuralemBult();
@@ -277,16 +222,12 @@ export class NuralemBult {
             this.instance.routerUrl = routerUrl.replace(/\/$/, "");
             this.instance.apiKey = apiKey;
             this.instance.secretKey = secretKey;
-            // Кэшті пайдаланушының secretKey кілті арқылы инициализациялау (PBKDF2 L2 Key)
             await this.instance.cache.init(secretKey);
             this.instance.isInitialized = true;
-            console.log("[NuralemBult] SDK v1.3.0 Battle-Hardened Production Core initialized.");
+            console.log("[NuralemBult] SDK v1.4.0 Engine initialized.");
         }
         return this.instance;
     }
-    /**
-     * Деректі немесе файлды кілт бойынша шифрлап, жазу
-     */
     static async set(key, value) {
         this.ensureInitialized();
         const sdk = this.instance;
@@ -306,7 +247,7 @@ export class NuralemBult {
             storageReference = await sdk.uploadChunkWithRetry(key, rawBytes);
         }
         else {
-            console.log(`[NuralemBult] Smart Chunking белсенді. Өлшемі: ${(totalSize / (1024 * 1024)).toFixed(2)} MB. Бөлшектерге бөлінуде...`);
+            console.log(`[NuralemBult] Large document chunking active. Size: ${(totalSize / (1024 * 1024)).toFixed(2)} MB. Splitting...`);
             const chunksCount = Math.ceil(totalSize / sdk.CHUNK_SIZE);
             const chunkFileIds = [];
             for (let i = 0; i < chunksCount; i++) {
@@ -330,33 +271,27 @@ export class NuralemBult {
         await sdk.cache.set(key, value);
         return storageReference;
     }
-    /**
-     * Деректі оқу
-     */
     static async get(key, migrationSchema) {
         this.ensureInitialized();
         const sdk = this.instance;
         let cachedValue = await sdk.cache.get(key);
         if (cachedValue !== null) {
-            console.log(`[NuralemBult] L2 Cache Hit. Кілт: "${key}". Жылдамдық < 1ms.`);
+            console.log(`[NuralemBult] L2 Cache Hit. Key: "${key}".`);
             if (migrationSchema) {
                 cachedValue = migrationSchema(cachedValue);
                 await sdk.cache.set(key, cachedValue);
             }
             return cachedValue;
         }
-        console.log(`[NuralemBult] Cache Miss. Желіден жүктелуде. Кілт: "${key}"...`);
+        console.log(`[NuralemBult] Cache Miss. Fetching document key: "${key}"...`);
         try {
-            const stegoPngBytes = await sdk.downloadFileWithRetry(key);
-            if (!stegoPngBytes)
+            const blockBytes = await sdk.downloadFileWithRetry(key);
+            if (!blockBytes)
                 return null;
-            // 1. Стего-суреттен 16-байттық Dynamic Salt пен шифрланған деректерді оқу
-            const { encryptedBytes, dynamicSalt } = await sdk.extractBytesFromPngNative(stegoPngBytes);
-            // 2. Дерекке бірегей Dynamic Salt арқылы PBKDF2 кілтін алу
+            const { encryptedBytes, dynamicSalt } = await sdk.unsealDocumentBlock(blockBytes);
             const aesKey = await deriveAesKey(sdk.secretKey, dynamicSalt);
-            // 3. Дешифрлеу
             if (encryptedBytes.length < 12) {
-                throw new Error("Decryption Error: Encrypted data too short under Nuralem Bult Security");
+                throw new Error("Decryption Error: Encrypted data too short");
             }
             const iv = encryptedBytes.slice(0, 12);
             const ciphertext = encryptedBytes.slice(12);
@@ -373,10 +308,10 @@ export class NuralemBult {
                 parsedData = null;
             }
             if (parsedData && parsedData._type === "chunked_manifest") {
-                console.log(`[NuralemBult] Бөлшектенген файл табылды (${parsedData.chunks.length} бөлшек). Біріктіру басталды...`);
+                console.log(`[NuralemBult] Chunked manifest detected. Reassembling chunks...`);
                 const chunkPromises = parsedData.chunks.map(async (chunkFileId) => {
-                    const chunkPng = await sdk.downloadFileWithRetry(chunkFileId);
-                    const { encryptedBytes: chunkEncrypted, dynamicSalt: chunkSalt } = await sdk.extractBytesFromPngNative(chunkPng);
+                    const chunkBlock = await sdk.downloadFileWithRetry(chunkFileId);
+                    const { encryptedBytes: chunkEncrypted, dynamicSalt: chunkSalt } = await sdk.unsealDocumentBlock(chunkBlock);
                     const chunkAesKey = await deriveAesKey(sdk.secretKey, chunkSalt);
                     if (chunkEncrypted.length < 12) {
                         throw new Error("Decryption Error: Chunk encrypted data too short");
@@ -412,20 +347,14 @@ export class NuralemBult {
             return null;
         }
     }
-    // =========================================================================
-    // ІШКІ КӨМЕКШІ ИНЖЕНЕРЛІК ӘДІСТЕР
-    // =========================================================================
     static ensureInitialized() {
         if (!this.instance || !this.instance.isInitialized) {
-            throw new Error("NuralemBult инициализацияланбаған! Алдымен NuralemBult.initialize(...) шақырыңыз.");
+            throw new Error("NuralemBult is not initialized! Call NuralemBult.initialize(...) first.");
         }
     }
-    /**
-     * 3x Exponential Backoff Retry механизмі бар файл бөлігін жүктеу функциясы
-     */
     async uploadChunkWithRetry(key, dataBytes) {
         let retries = 3;
-        let delay = 500; // Бастапқы күту уақыты (500 мс)
+        let delay = 500;
         while (retries > 0) {
             try {
                 return await this.uploadChunk(key, dataBytes);
@@ -435,16 +364,12 @@ export class NuralemBult {
                 if (retries === 0) {
                     throw new Error(`NuralemBult API Upload Failed after 3 retries: ${error.message}`);
                 }
-                console.warn(`[NuralemBult] Жүктеу сәтсіз аяқталды. Қайталауға ${delay} мс қалды... Реті: ${3 - retries}`);
                 await new Promise(resolve => setTimeout(resolve, delay));
-                delay *= 2; // Экспоненциалды өсу (500мс -> 1000мс -> 2000мс)
+                delay *= 2;
             }
         }
         throw new Error("Upload Retry Exhausted");
     }
-    /**
-     * 3x Exponential Backoff Retry механизмі бар файл жүктеп алу функциясы
-     */
     async downloadFileWithRetry(fileId) {
         let retries = 3;
         let delay = 500;
@@ -457,7 +382,6 @@ export class NuralemBult {
                 if (retries === 0) {
                     throw new Error(`NuralemBult API download failed after 3 retries for file_id "${fileId}": ${error.message}`);
                 }
-                console.warn(`[NuralemBult] Оқу сәтсіз аяқталды. Қайталауға ${delay} мс қалды...`);
                 await new Promise(resolve => setTimeout(resolve, delay));
                 delay *= 2;
             }
@@ -467,11 +391,8 @@ export class NuralemBult {
     async uploadChunk(key, dataBytes) {
         const base64Data = bytesToBase64(dataBytes);
         const jsonPayload = JSON.stringify({ data: base64Data });
-        // 1. Әр құжатқа жеке 16-байттық Dynamic Salt генерациялау
         const dynamicSalt = crypto.getRandomValues(new Uint8Array(16));
-        // 2. Осы динамикалық салт арқылы PBKDF2 шифрлау кілтін алу
         const aesKey = await deriveAesKey(this.secretKey, dynamicSalt);
-        // 3. Негізгі деректі шифрлау
         const encoder = new TextEncoder();
         const payloadBytes = encoder.encode(jsonPayload);
         const iv = crypto.getRandomValues(new Uint8Array(12));
@@ -480,8 +401,8 @@ export class NuralemBult {
         const encryptedBytes = new Uint8Array(12 + ciphertextBytes.length);
         encryptedBytes.set(iv, 0);
         encryptedBytes.set(ciphertextBytes, 12);
-        // 4. Steganography арқылы суретке жазу (dynamicSalt біріктіріледі)
-        const stegoPngBlob = await this.injectBytesToPngNative(encryptedBytes, dynamicSalt);
+        const blockBlob = await this.sealDocumentBlock(encryptedBytes, dynamicSalt);
+        const blockBuffer = await blockBlob.arrayBuffer();
         const response = await fetch(`${this.routerUrl}/api/upload`, {
             method: "POST",
             headers: {
@@ -489,7 +410,7 @@ export class NuralemBult {
                 "Content-Type": "application/octet-stream",
                 "X-Document-Key": key
             },
-            body: stegoPngBlob
+            body: blockBuffer
         });
         if (!response.ok) {
             const errDetail = await response.text();
@@ -508,39 +429,27 @@ export class NuralemBult {
         const buffer = await response.arrayBuffer();
         return new Uint8Array(buffer);
     }
-    /**
-     * OPAQUE RGB STEGANOGRAPHY (Түстердің қысылуы мен аномалиясынан 100% қорғалған)
-     * dynamicSalt бірінші 128 RGB арнасына сызықтық жазылады, қалған stego-деректер
-     * нативті HKDF (SHA-256) Keystream CSPRNG негізіндегі секірулермен жазылады.
-     */
-    async injectBytesToPngNative(payloadBytes, dynamicSalt) {
+    async sealDocumentBlock(payloadBytes, dynamicSalt) {
         const payloadLen = payloadBytes.length;
         const payloadCrc = crc32(payloadBytes);
-        // Браузерлік қысу және шеткі пиксель ауытқуларынан қорғайтын 32-байттық нөлдік Padding
         const paddingLen = 32;
         const paddingBytes = new Uint8Array(paddingLen);
-        // Қалған stego-деректер блогы: [4 байт: payloadLen] [4 байт: CRC32] [payloadBytes] [32 байт: Padding]
-        const remainingLen = 4 + 4 + payloadLen + paddingLen;
-        const remainingPayload = new Uint8Array(remainingLen);
-        // 1. Ұзындығы (Big-Endian)
+        const packedLen = 4 + 4 + payloadLen + paddingLen;
+        const packedPayload = new Uint8Array(packedLen);
         const lenBytes = new Uint8Array(new Uint32Array([payloadLen]).buffer).reverse();
-        remainingPayload.set(lenBytes, 0);
-        // 2. CRC32 Checksum (Big-Endian)
+        packedPayload.set(lenBytes, 0);
         const crcBytes = new Uint8Array(new Uint32Array([payloadCrc]).buffer).reverse();
-        remainingPayload.set(crcBytes, 4);
-        // 3. Шифрланған негізгі деректер
-        remainingPayload.set(payloadBytes, 8);
-        // 4. Тұрақтандырушы Padding
-        remainingPayload.set(paddingBytes, 8 + payloadLen);
-        const totalBits = 128 + remainingPayload.length * 8; // 128 бит dynamicSalt үшін
-        const totalPixels = Math.ceil(totalBits / 3); // Әр пиксельде 3 бит (RGB LSB)
+        packedPayload.set(crcBytes, 4);
+        packedPayload.set(payloadBytes, 8);
+        packedPayload.set(paddingBytes, 8 + payloadLen);
+        const totalBits = 128 + packedPayload.length * 8;
+        const totalPixels = Math.ceil(totalBits / 3);
         const size = Math.ceil(Math.sqrt(totalPixels)) + 4;
         const totalRgbBytes = size * size * 3;
-        // Нативті HKDF Expansion арқылы детерминистік CSPRNG (Keystream) алу
-        const keystream = await generateHkdfKeystream(this.secretKey, dynamicSalt, totalRgbBytes);
-        let keystreamIdx = 0;
-        const getNextCryptoRand = () => {
-            const byteVal = keystream[keystreamIdx++];
+        const entropyMask = await generateHkdfKeystream(this.secretKey, dynamicSalt, totalRgbBytes);
+        let entropyIdx = 0;
+        const getNextEntropyValue = () => {
+            const byteVal = entropyMask[entropyIdx++];
             return byteVal / 256;
         };
         const canvas = document.createElement("canvas");
@@ -555,7 +464,6 @@ export class NuralemBult {
         ctx.fillRect(0, 0, size, size);
         const imageData = ctx.getImageData(0, 0, size, size);
         const pixels = imageData.data;
-        // 1-Қадам: dynamicSalt-ты сызықтық түрде бірінші 128 RGB арнасына жазу (PRNG-сіз)
         for (let i = 0; i < 128; i++) {
             const bytePos = Math.floor(i / 8);
             const bitPos = 7 - (i % 8);
@@ -565,27 +473,23 @@ export class NuralemBult {
             const actualFlatIdx = pixelIdx * 4 + channel;
             pixels[actualFlatIdx] = (pixels[actualFlatIdx] & 0xFE) | bit;
         }
-        // 2-Қадам: Қалған stego-деректерді HKDF Spacing арқылы 128-ші арнадан бастап жазу
         let idx = 128;
-        const remainingBits = remainingPayload.length * 8;
+        const remainingBits = packedPayload.length * 8;
         for (let i = 0; i < remainingBits; i++) {
             const remainingBytes = totalRgbBytes - idx;
             const remainingBitsCount = remainingBits - i;
             const max_step = Math.floor(remainingBytes / remainingBitsCount);
-            const step = max_step > 1 ? Math.floor(getNextCryptoRand() * max_step) + 1 : 1;
+            const step = max_step > 1 ? Math.floor(getNextEntropyValue() * max_step) + 1 : 1;
             idx += step;
             const rgbByteIdx = idx - 1;
-            // Битті анықтау
             const bytePos = Math.floor(i / 8);
             const bitPos = 7 - (i % 8);
-            const bit = (remainingPayload[bytePos] >> bitPos) & 1;
-            // RGB индексін pixel RGBA индексіне көшіру (Alpha қатаң түрде 255 болып қалады)
+            const bit = (packedPayload[bytePos] >> bitPos) & 1;
             const pixelIdx = Math.floor(rgbByteIdx / 3);
-            const channel = rgbByteIdx % 3; // 0: R, 1: G, 2: B
+            const channel = rgbByteIdx % 3;
             const actualFlatIdx = pixelIdx * 4 + channel;
             pixels[actualFlatIdx] = (pixels[actualFlatIdx] & 0xFE) | bit;
         }
-        // Alpha арнасын 255 (толық ашық емес) етіп бекіту
         for (let p = 0; p < size * size; p++) {
             pixels[p * 4 + 3] = 255;
         }
@@ -594,13 +498,8 @@ export class NuralemBult {
             canvas.toBlob((blob) => resolve(blob), "image/png");
         });
     }
-    /**
-     * OPAQUE RGB STEGANOGRAPHY арқылы жазылған деректі пиксельдерден оқу.
-     * Алдымен бірінші 128 арнадан сызықтық түрде Dynamic Salt оқылады,
-     * содан кейін HKDF CSPRNG арқылы қалған stego-деректер оқылып, CRC32 тексеріледі.
-     */
-    async extractBytesFromPngNative(stegoPngBytes) {
-        const blob = new Blob([stegoPngBytes], { type: "image/png" });
+    async unsealDocumentBlock(blockBytes) {
+        const blob = new Blob([blockBytes], { type: "image/png" });
         const url = URL.createObjectURL(blob);
         const img = new Image();
         img.src = url;
@@ -614,7 +513,6 @@ export class NuralemBult {
         const imageData = ctx.getImageData(0, 0, img.width, img.height);
         const pixels = imageData.data;
         const totalRgbBytes = img.width * img.height * 3;
-        // 1-Қадам: Бірінші 128 RGB арнасынан dynamicSalt-ты сызықтық оқу
         const dynamicSalt = new Uint8Array(16);
         for (let i = 0; i < 128; i++) {
             const pixelIdx = Math.floor(i / 3);
@@ -625,22 +523,20 @@ export class NuralemBult {
             const bitPos = 7 - (i % 8);
             dynamicSalt[bytePos] |= bit << bitPos;
         }
-        // 2-Қадам: Оқылған dynamicSalt арқылы HKDF Expansion Keystream генерациялау
-        const keystream = await generateHkdfKeystream(this.secretKey, dynamicSalt, totalRgbBytes);
-        let keystreamIdx = 0;
-        const getNextCryptoRand = () => {
-            const byteVal = keystream[keystreamIdx++];
+        const entropyMask = await generateHkdfKeystream(this.secretKey, dynamicSalt, totalRgbBytes);
+        let entropyIdx = 0;
+        const getNextEntropyValue = () => {
+            const byteVal = entropyMask[entropyIdx++];
             return byteVal / 256;
         };
-        let idx = 128; // dynamicSalt оқылғаннан кейін жалғастыру
-        // 3-Қадам: Ұзындықты оқу (32 бит = 4 байт)
+        let idx = 128;
         const lenBytes = new Uint8Array(4);
         const lenBits = 32;
         for (let i = 0; i < lenBits; i++) {
             const remainingBytes = totalRgbBytes - idx;
             const remainingBits = lenBits - i;
             const max_step = Math.floor(remainingBytes / remainingBits);
-            const step = max_step > 1 ? Math.floor(getNextCryptoRand() * max_step) + 1 : 1;
+            const step = max_step > 1 ? Math.floor(getNextEntropyValue() * max_step) + 1 : 1;
             idx += step;
             const rgbByteIdx = idx - 1;
             const pixelIdx = Math.floor(rgbByteIdx / 3);
@@ -652,14 +548,13 @@ export class NuralemBult {
             lenBytes[bytePos] |= bit << bitPos;
         }
         const payloadLen = new Uint32Array(lenBytes.reverse().buffer)[0];
-        // 4-Қадам: CRC32 бақылау қосындысын оқу (32 бит = 4 байт)
         const crcBytes = new Uint8Array(4);
         const crcBits = 32;
         for (let i = 0; i < crcBits; i++) {
             const remainingBytes = totalRgbBytes - idx;
             const remainingBits = crcBits - i;
             const max_step = Math.floor(remainingBytes / remainingBits);
-            const step = max_step > 1 ? Math.floor(getNextCryptoRand() * max_step) + 1 : 1;
+            const step = max_step > 1 ? Math.floor(getNextEntropyValue() * max_step) + 1 : 1;
             idx += step;
             const rgbByteIdx = idx - 1;
             const pixelIdx = Math.floor(rgbByteIdx / 3);
@@ -671,19 +566,17 @@ export class NuralemBult {
             crcBytes[bytePos] |= bit << bitPos;
         }
         const expectedCrc = new Uint32Array(crcBytes.reverse().buffer)[0];
-        // Өлшемді және сыйымдылық шегін тексеру (128 + 4 + 4 + payloadLen + 32)
         const totalRequiredBits = 128 + (4 + 4 + payloadLen + 32) * 8;
         if (totalRequiredBits > totalRgbBytes) {
-            throw new Error("Decryption failed under Nuralem Bult: Invalid key or corrupted image pixels");
+            throw new Error("Decryption failed: Invalid key or corrupted document blocks");
         }
-        // 5-Қадам: Негізгі шифрланған байттарды оқу
         const totalPayloadBits = payloadLen * 8;
         const payloadBytes = new Uint8Array(payloadLen);
         for (let i = 0; i < totalPayloadBits; i++) {
             const remainingBytes = totalRgbBytes - idx;
             const remainingBits = totalPayloadBits - i;
             const max_step = Math.floor(remainingBytes / remainingBits);
-            const step = max_step > 1 ? Math.floor(getNextCryptoRand() * max_step) + 1 : 1;
+            const step = max_step > 1 ? Math.floor(getNextEntropyValue() * max_step) + 1 : 1;
             idx += step;
             const rgbByteIdx = idx - 1;
             const pixelIdx = Math.floor(rgbByteIdx / 3);
@@ -694,10 +587,9 @@ export class NuralemBult {
             const bitPos = 7 - (i % 8);
             payloadBytes[bytePos] |= bit << bitPos;
         }
-        // CRC32 тексеру
         const actualCrc = crc32(payloadBytes);
         if (actualCrc !== expectedCrc) {
-            throw new Error(`Decryption failed under Nuralem Bult: CRC32 checksum mismatch (Expected: 0x${expectedCrc.toString(16)}, Got: 0x${actualCrc.toString(16)}). Data is corrupted or color profile alterations occurred.`);
+            throw new Error("Decryption failed: Integrity checksum mismatch");
         }
         return { encryptedBytes: payloadBytes, dynamicSalt };
     }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "nuralem-bult-sdk",
-  "version": "1.3.0",
-  "description": "Serverless Decentralized Document-based polymorphic NoSQL database with client-side caching and storage abstraction adapter. Developed under Nuralem Bult Ecosystem.",
+  "version": "1.4.0",
+  "description": "Serverless, client-side encrypted NoSQL Document Database with a 10GB Free Cloud Tier. Optimized with hybrid L2 caching and edge Raster Content Delivery Blocks (RCDB).",
   "main": "dist/NuralemBult.js",
   "types": "dist/NuralemBult.d.ts",
   "files": [
@@ -17,11 +17,10 @@
     "nosql",
     "serverless",
     "database",
-    "client-side",
-    "steganography-storage",
+    "client-side-encryption",
     "indexeddb-cache",
     "nuralem-bult",
-    "nuralem-cloud"
+    "cloud-storage"
   ],
   "author": "Tulen Nursayat",
   "license": "MIT",