xypriss 8.2.0 → 9.0.1

package/LICENSE

@@ -1,4 +1,4 @@
-NEHONIX Open Source License (NOSL) v1.0
+NEHONIX Open Source License (Nehonix OSL (NOSL)) v1.0
 
 Copyright (c) 2025 NEHONIX - www.nehonix.com
 

package/README.md

@@ -5,7 +5,7 @@
 
 [![npm version](https://badge.fury.io/js/xypriss.svg)](https://badge.fury.io/js/xypriss)
 [![TypeScript](https://img.shields.io/badge/TypeScript-007ACC?style=flat&logo=typescript&logoColor=white)](https://www.typescriptlang.org/)
-[![License: NOSL](https://img.shields.io/badge/License-NOSL-blue.svg)](https://dll.nehonix.com/licenses/NOSL)
+[![License: Nehonix OSL (NOSL)](https://img.shields.io/badge/License-Nehonix OSL (NOSL)-blue.svg)](https://dll.nehonix.com/licenses/NOSL)
 [![Powered by Nehonix](https://img.shields.io/badge/Powered%20by-Nehonix-blue?style=flat&logo=data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMjQiIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTEyIDJMMTMuMDkgOC4yNkwyMCA5TDEzLjA5IDE1Ljc0TDEyIDIyTDEwLjkxIDE1Ljc0TDQgOUwxMC45MSA4LjI2TDEyIDJaIiBmaWxsPSJ3aGl0ZSIvPgo8L3N2Zz4K)](https://nehonix.com)
 
 [Quick Start](https://xypriss.nehonix.com/docs/QUICK_START) • [Documentation](https://xypriss.nehonix.com/docs/) • [Examples](https://xypriss.nehonix.com/docs/EXAMPLES) • [API Reference](https://xypriss.nehonix.com/docs/api-reference)
@@ -18,42 +18,45 @@
 
 ## Overview
 
-XyPriss is a **Hybrid Enterprise-Grade Web Framework** that bridges the power of **Rust** with the flexibility of **TypeScript**.
+XyPriss is an **Enterprise-Grade Hybrid Web Framework** that combines the raw performance of compiled native binaries with the productivity and flexibility of **TypeScript**. It is designed for teams that require both operational speed and developer velocity, without compromise.
 
 ### Cross-Platform Foundation
 
-At its core, XyPriss is engineered for universal high-performance. We provide native Rust binaries (XFPM & XHSC) for:
+XyPriss ships pre-compiled native binaries for all major platforms. No additional toolchains, compilers, or runtime dependencies are required.
 
-| OS          | Architecture            | Status           |
-| ----------- | ----------------------- | ---------------- |
-| **Linux**   | x86_64 (AMD64)          | ✅ Supported     |
-| **Linux**   | aarch64 (ARM64)         | ✅ Supported     |
-| **Windows** | x86_64 (AMD64)          | ✅ Supported     |
-| **Windows** | aarch64 (ARM64)         | ✅ Supported     |
-| **macOS**   | x86_64 (Intel)          | 🛠️ Source-only\* |
-| **macOS**   | aarch64 (Apple Silicon) | 🛠️ Source-only\* |
+| OS          | Architecture            | Status    |
+| ----------- | ----------------------- | --------- |
+| **Linux**   | x86_64 (AMD64)          | Supported |
+| **Linux**   | aarch64 (ARM64)         | Supported |
+| **Windows** | x86_64 (AMD64)          | Supported |
+| **Windows** | aarch64 (ARM64)         | Supported |
+| **macOS**   | x86_64 (Intel)          | Supported |
+| **macOS**   | aarch64 (Apple Silicon) | Supported |
 
-_We are committed to future-proofing our engine for emerging architectures like RISC-V._
+### Architecture
 
-At its heart lies **XHSC (XyPriss Hybrid Server Core)**, a high-performance Rust engine that handles low-level networking, advanced routing, and system telemetry. This unique hybrid architecture allows developers to build secure, scalable applications using TypeScript while benefiting from Rust's raw performance and multi-core efficiency.
+At the center of XyPriss lies **XHSC (XyPriss Hyper-System Core)** — the native engine responsible for low-level HTTP networking, high-speed radix routing, filesystem operations, real-time system telemetry, and inter-process communication. XHSC is written in Go for maximum portability and ships as a single statically-linked binary per platform with zero external dependencies.
 
-### Architecture & Tools
+The framework operates on a layered architecture:
 
-XyPriss operates on a unified strategy:
+1. **XHSC (Native Engine):** Handles the HTTP/S stack, advanced radix routing, filesystem I/O, process monitoring, and real-time hardware telemetry. It acts as the high-speed gateway for all incoming traffic and system operations.
+2. **Node.js Runtime:** Provides the enterprise-ready application layer where developers define business logic, security middleware, and data processing pipelines using TypeScript.
+3. **XFPM (XyPriss Fast Package Manager):** A high-performance, Rust-powered package manager optimized for the XyPriss ecosystem. Provides ultra-fast dependency resolution, extraction, and caching. [Learn more about XFPM](https://xypriss.nehonix.com/docs/xfpm?kw=XFPM%20is%20the%20high-performance).
 
-1.  **XHSC (Rust Engine):** Manages the HTTP/S stack, ultra-fast radix routing, and real-time hardware monitoring. It acts as the high-speed gateway for all incoming traffic.
-2.  **Node.js Runtime:** Provides the enterprise-ready application layer where developers manage business logic, security middlewares, and data processing using TypeScript.
-3.  **XFPM (XyPriss Fast Package Manager):** Our ultra-fast, Rust-powered developer tool. **We highly recommend using `xfpm` for all operations.** It provides optimized resolution, ultra-fast extraction, and caching tailored for the XyPriss ecosystem. [Learn more about XFPM](https://xypriss.nehonix.com/docs/xfpm?kw=XFPM%20is%20the%20high-performance).
+This separation allows each layer to operate in its optimal domain: compiled native code for performance-critical paths, TypeScript for rapid application development.
 
 ### Core Features
 
-- **High Performance XHSC Engine** - Independent Rust server core implementation with multi-core clustering support and high-precision system telemetry.
-- **Security-First Architecture** - 12+ built-in security middleware modules including CSRF protection, XSS prevention, and intelligent rate limiting.
-- **Advanced Radix Routing** - Ultra-fast routing system powered by Rust, capable of handling complex path matching with microsecond latency.
-- **File Upload Management** - Production-ready multipart/form-data handling with automatic validation and error handling.
-- **Extensible Plugin System** - Permission-based plugin architecture with lifecycle hooks and security controls.
-- **Native Production Integration** - Built for automated deployments and SSL management via [XyNginC](https://github.com/Nehonix-Team/xynginc).
-- **Multi-Server Support** - Run multiple server instances with isolated configurations and security policies.
+- **XHSC Native Engine** — Statically-linked system core with multi-core clustering, IPC bridge, and high-precision hardware telemetry across all supported platforms.
+- **XEMS Session Security** — AES-256-GCM encrypted in-memory session store powered by a dedicated native Golang sidecar. Provides opaque tokens, per-request atomic rotation, sandboxed namespaces, and optional hardware-bound persistence — with zero external dependencies.
+- **Security-First Architecture** — 12+ built-in security middleware modules including CSRF protection, XSS prevention, and intelligent rate limiting.
+- **Advanced Radix Routing** — Ultra-fast routing system capable of complex path matching with microsecond latency.
+- **Real-Time System Intelligence** — Native access to CPU, memory, disk, network, battery, and process metrics directly from the application layer.
+- **Filesystem Engine** — High-performance file operations including recursive copy, directory sync, content hashing, duplicate detection, and real-time file watching.
+- **File Upload Management** — Production-ready multipart/form-data handling with automatic validation and error handling.
+- **Extensible Plugin System** — Permission-based plugin architecture with lifecycle hooks and security controls.
+- **Native Production Integration** — Built for automated deployments and SSL management via [XyNginC](https://github.com/Nehonix-Team/xynginc).
+- **Multi-Server Support** — Run multiple server instances with isolated configurations and security policies.
 
 ---
 
@@ -130,13 +133,13 @@ app.start();
 - [Examples](https://xypriss.nehonix.com/docs/EXAMPLES) - Practical code examples
 - [Features Overview](https://xypriss.nehonix.com/docs/FEATURES_OVERVIEW) - Comprehensive feature list
 
-### Core Guides
+### Security
 
-- [Routing](https://xypriss.nehonix.com/docs/ROUTING) - Route configuration and middleware
-- [Security](https://xypriss.nehonix.com/docs/SECURITY) - Security features and best practices
-- [File Upload](./docs/FILE_UPLOAD_GUIDE.md) - File upload handling
-- [Configuration](https://xypriss.nehonix.com/docs/CONFIGURATION) - Complete configuration reference
-- [Multi-Server](https://xypriss.nehonix.com/docs/MULTI_SERVER) - Multi-server deployment
+- [Security Overview](./docs/security/SECURITY.md) - Security features and best practices
+- [**XEMS — Secure Sessions & Temporary Storage**](./docs/XEMS_TUTORIAL.md) - AES-256-GCM encrypted sessions, OTP flows, token rotation
+- [Route-Based Security](./docs/security/ROUTE_BASED_SECURITY.md) - Per-route security policies
+- [Request Signature Auth](./docs/security/request-signature-auth.md) - API key authentication
+- [CORS Configuration](./docs/security/advanced-cors-regexp.md) - Advanced CORS with RegExp patterns
 
 ### Plugin System
 
@@ -159,6 +162,40 @@ app.start();
 
 XyPriss is built with security as a fundamental design principle. The framework implements multiple layers of protection and follows industry best practices for secure web application development.
 
+### XEMS — Encrypted Memory Store
+
+[XEMS](https://github.com/Nehonix-Team/XyPriss-XEMS) is the built-in session security layer. Unlike cookie-based JWT, XEMS stores all session data **server-side inside a native Go sidecar process**, encrypted with AES-256-GCM. The client only ever holds a random opaque token.
+
+```typescript
+import { createServer, xems } from "xypriss";
+
+const app = createServer({
+    server: {
+        xems: {
+            enable: true, // Enable the XEMS middleware
+            ttl: "15m", // Session lifetime
+            autoRotation: true, // Rotate token on every request
+            gracePeriod: 1000, // ms the old token stays valid (concurrent requests)
+        },
+    },
+});
+
+// Login — create an encrypted session
+app.post("/auth/login", async (req, res) => {
+    // ... verify credentials
+    await res.xLink({ userId: user.id, role: user.role }); // session created
+    res.json({ success: true });
+});
+
+// Protected route — session auto-decrypted
+app.get("/profile", (req, res) => {
+    if (!req.session) return res.status(401).json({ error: "Unauthorized" });
+    res.json({ user: req.session }); // { userId, role }
+});
+```
+
+**[Full XEMS Guide →](./docs/XEMS_TUTORIAL.md)**
+
 ### Security Disclosure Policy
 
 While we maintain rigorous security standards, we acknowledge that vulnerabilities may exist. We encourage responsible disclosure of security issues.
@@ -227,7 +264,7 @@ If XyPriss has been valuable for your projects, consider:
 
 ## License
 
-XyPriss is licensed under the [NOSL License](https://dll.nehonix.com/licenses/NOSL).
+XyPriss is licensed under the [Nehonix OSL (Nehonix OSL (NOSL)) License](https://dll.nehonix.com/licenses/NOSL).
 
 ---