-Update README.md

ginkelsoft-development · ginkelsoft-development · commit 3372307f549f · 2025-10-09T23:03:09.000+02:00
diff --git a/README.md b/README.md
@@ -21,35 +21,35 @@ When data is fully encrypted, you lose the ability to perform meaningful queries
 
 This package removes that trade-off by introducing a **detached searchable index** that maps encrypted records to deterministic tokens.
 
----\n
+---
 
 ## Key Features
 
-* **Searchable encryption**: Enables exact and prefix-based searches over encrypted data.
-* **Detached search index**: Tokens are stored separately from the main data, reducing exposure risk.
-* **Deterministic hashing with peppering**: Each token is derived from normalized text combined with a secret pepper, preventing reverse-engineering.
-* **No blind indexes in primary tables**: Encrypted fields remain opaque—only hashed references are stored elsewhere.
-* **High scalability**: Indexes can handle millions of records efficiently using native database indexes.
-* **Laravel-native integration**: Fully compatible with Eloquent models, query scopes, and events.
+* **Searchable encryption** — Enables exact and prefix-based searches over encrypted data.
+* **Detached search index** — Tokens are stored separately from the main data, reducing exposure risk.
+* **Deterministic hashing with peppering** — Each token is derived from normalized text combined with a secret pepper.
+* **No blind indexes in primary tables** — Encrypted fields remain opaque; only hashed references are stored elsewhere.
+* **High scalability** — Efficient for millions of records through database indexing.
+* **Laravel-native integration** — Works directly with Eloquent models, query scopes, and model events.
 
 ---
 
 ## How It Works
 
-Each model can declare specific fields as searchable. When the model is saved, a background process normalizes the field value, generates one or more hashed tokens, and stores them in a separate database table named `encrypted_search_index`.
+Each model can declare specific fields as searchable. When the model is saved, the system normalizes the field value, generates one or more hashed tokens, and stores them in a separate table named `encrypted_search_index`.
 
 When you search, the package hashes your input using the same process and retrieves matching model IDs from the index.
 
 ### 1. Token Generation
 
 For each configured field:
 
-* **Exact match token:** A SHA-256 hash of the normalized value plus a secret pepper.
-* **Prefix tokens:** Multiple SHA-256 hashes representing progressive prefixes of the normalized text (e.g., `w`, `wi`, `wie`).
+* **Exact match token:** A SHA-256 hash of the normalized value + secret pepper.
+* **Prefix tokens:** Multiple SHA-256 hashes representing progressive prefixes of the normalized text (e.g. `w`, `wi`, `wie`).
 
 ### 2. Token Storage
 
-All tokens are stored in `encrypted_search_index` with the following structure:
+All tokens are stored in `encrypted_search_index`:
 
 | model_type        | model_id | field      | type   | token  |
 | ----------------- | -------- | ---------- | ------ | ------ |
@@ -65,20 +65,20 @@ Client::encryptedExact('last_names', 'Vermeer')->get();
 Client::encryptedPrefix('first_names', 'Wie')->get();
 ```
 
-These queries use database-level indexes for efficient lookups even on large datasets.
+These use indexed lookups and remain performant even at scale.
 
 ---
 
 ## Security Model
 
-| Threat                  | Mitigation                                                                  |
-| ----------------------- | --------------------------------------------------------------------------- |
-| Database dump or breach | Tokens cannot be reversed to plaintext (salted and peppered SHA-256).       |
-| Statistical analysis    | Tokens are fully detached; frequency analysis yields no useful correlation. |
-| Insider access          | No sensitive data in the index table; encrypted fields remain opaque.       |
-| Leaked `APP_KEY`        | Does not affect token security; the pepper is stored separately in `.env`.  |
+| Threat                  | Mitigation                                                        |
+| ----------------------- | ----------------------------------------------------------------- |
+| Database dump or breach | Tokens cannot be reversed (salted + peppered SHA-256).            |
+| Statistical analysis    | Tokens are detached; frequency analysis yields no correlation.    |
+| Insider access          | No sensitive data in index table; encrypted fields remain opaque. |
+| Leaked `APP_KEY`        | Irrelevant for tokens; pepper is stored separately in `.env`.     |
 
-The system follows a **defense-in-depth** approach: encrypted data remains fully protected, while token search provides limited, controlled visibility for queries.
+This design follows a **defense-in-depth** model: encrypted data stays secure, while search operations remain practical.
 
 ---
 
@@ -90,7 +90,7 @@ php artisan vendor:publish --tag=config
 php artisan migrate
 ```
 
-Update your `.env` file with a unique pepper:
+Then add a unique pepper to your `.env` file:
 
 ```
 SEARCH_PEPPER=your-random-secret-string
@@ -100,7 +100,7 @@ SEARCH_PEPPER=your-random-secret-string
 
 ## Configuration
 
-`config/encrypted-search.php`
+`config/encrypted-search.php`:
 
 ```php
 return [
@@ -131,47 +131,70 @@ class Client extends Model
 }
 ```
 
-When a `Client` record is saved, its searchable tokens are automatically created or updated in the `encrypted_search_index` table.
+When a record is saved, searchable tokens are automatically generated in `encrypted_search_index`.
 
 ### Searching
 
 ```php
-// Exact match search
+// Exact match
 $clients = Client::encryptedExact('last_names', 'Vermeer')->get();
 
-// Prefix match search
+// Prefix match
 $clients = Client::encryptedPrefix('first_names', 'Wie')->get();
 ```
 
 ### Rebuilding the Index
 
-You can rebuild the entire search index using an Artisan command:
+Rebuild indexes via Artisan:
 
 ```bash
 php artisan encryption:index-rebuild "App\\Models\\Client"
 ```
 
-This will reprocess all searchable fields for the specified model.
-
 ---
 
 ## Scalability and Performance
 
-* **Optimized database lookups**: The `encrypted_search_index` table uses compound indexes for fast token-based lookups.
-* **Chunked rebuilds**: The `index-rebuild` command supports chunked processing to handle large datasets efficiently.
-* **Asynchronous rebuilds**: Can be safely run in queues or background jobs.
+* **Indexed database lookups** for efficient token search.
+* **Chunked rebuilds** for large datasets (`--chunk` option).
+* **Queue-compatible** for asynchronous index rebuilds.
 
-Unlike in-memory search systems, this index-based approach scales linearly with the size of your dataset and can efficiently handle millions of records.
+The detached index structure scales linearly and supports millions of records efficiently.
 
 ---
 
-## Compliance
+## Framework Compatibility
+
+| Laravel Version | PHP Version(s) Supported |
+| --------------- | ------------------------ |
+| 8.x             | 8.0 – 8.1                |
+| 9.x             | 8.1 – 8.2                |
+| 10.x            | 8.1 – 8.3                |
+| 11.x            | 8.2 – 8.3                |
+| 12.x            | 8.3+                     |
+
+The package is continuously tested across all supported combinations using GitHub Actions.
+
+---
+
+## Continuous Integration
 
-This approach aligns with major privacy and compliance frameworks:
+This repository includes automated testing for all Laravel 8–12 releases.
+Each test matrix validates functionality on PHP 8.1, 8.2, and 8.3.
+
+Example badge (replace `USERNAME/REPOSITORY` with yours):
+
+```
+![Tests](https://github.com/USERNAME/REPOSITORY/actions/workflows/tests.yml/badge.svg)
+```
+
+---
+
+## Compliance
 
-* GDPR: Minimal data exposure; encrypted and hashed data separation.
-* HIPAA: Ensures ePHI remains protected even in breach scenarios.
-* ISO 27001: Supports layered security controls for data confidentiality.
+* **GDPR** — Encrypted and hashed separation ensures minimal data exposure.
+* **HIPAA** — Meets encryption-at-rest requirements for ePHI.
+* **ISO 27001** — Aligns with confidentiality and cryptographic control standards.
 
 ---
 
