### 🛡️ Critical Security Hardening & Architecture Overhaul
**Anti-Piracy & Integrity:**
- **Server-Side AI Generation:** Direct Google Gemini API calls are completely removed from the client side. The plugin now proxies all generative AI requests securely through the LuminaHub enterprise backend. This eliminates the possibility of "model swapping" or overriding API keys via nulled code.
- **Challenge-Response Identity Verification:** The plugin now verifies the identity of the LuminaHub backend during license activation and renewal using a cryptographically signed nonce. This blocks "fake server" emulators that spoof `/api/validate-license`.
- **Dynamic Endpoint Obfuscation:** Critical API endpoints are generated dynamically in memory, preventing script kiddies from bypassing the server by doing simple string replacements of `
https://luminaseo.in` in the source code.
- **Strict Domain Binding:** Licenses are now permanently bound to the first registered domain on the backend. Activation attempts from a different domain using the same key will be blocked.
- **Forensics Reporting:** Added a forensic logging endpoint (`/api/forensics/nulled-report`). If an administrator rejects a nulled plugin via the dashboard, the domain, IP, and plugin fingerprint are sent to the LuminaHub backend for immediate DMCA takedown processing.
- **Salt Rotation:** The cryptographic salt (`LUMINASEO_PRO_HASH_SALT`) has been rotated to `v1.8.0`. All existing localized signatures are invalidated, forcing a genuine server check-in upon update.
**Bug Fixes:**
- Removed hardcoded local fallback secrets (`LUMINASEO_SECURE_SALT_2026`) that could be exploited in offline mode.
- Improved error handling and graceful failures during AI server overload.
