k9guard 1.0.2 → 1.0.4

package/dist/index.cjs

@@ -0,0 +1,1555 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// index.ts
+var index_exports = {};
+__export(index_exports, {
+  AdaptiveTracker: () => AdaptiveTracker,
+  CustomQuestionGenerator: () => CustomQuestionGenerator,
+  CustomQuestionValidator: () => CustomQuestionValidator,
+  default: () => K9Guard
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/utils/crypto.ts
+var CryptoBuffer = class {
+  buffer;
+  constructor(buffer) {
+    this.buffer = buffer;
+    const proxy = new Proxy(this, {
+      get(target, prop) {
+        if (typeof prop === "string" && !isNaN(Number(prop))) {
+          return target.buffer[Number(prop)];
+        }
+        return target[prop];
+      }
+    });
+    return proxy;
+  }
+  readUInt32LE(offset) {
+    if (offset < 0 || offset + 4 > this.buffer.length) {
+      throw new RangeError("Offset out of bounds");
+    }
+    const b0 = this.buffer[offset];
+    const b1 = this.buffer[offset + 1];
+    const b2 = this.buffer[offset + 2];
+    const b3 = this.buffer[offset + 3];
+    if (b0 === void 0 || b1 === void 0 || b2 === void 0 || b3 === void 0) {
+      throw new RangeError("Buffer read error");
+    }
+    return (b0 | b1 << 8 | b2 << 16 | b3 << 24) >>> 0;
+  }
+  toString(encoding) {
+    if (encoding === "hex") {
+      return Array.from(this.buffer).map((b) => b.toString(16).padStart(2, "0")).join("");
+    }
+    if (encoding === "base64") {
+      const binString = Array.from(this.buffer, (byte) => String.fromCodePoint(byte)).join("");
+      return btoa(binString);
+    }
+    return new TextDecoder().decode(this.buffer);
+  }
+  get length() {
+    return this.buffer.length;
+  }
+  [Symbol.iterator]() {
+    let index = 0;
+    const buffer = this.buffer;
+    return {
+      next() {
+        if (index < buffer.length) {
+          const val = buffer[index++];
+          if (val === void 0) {
+            return { value: 0, done: true };
+          }
+          return { value: val, done: false };
+        }
+        return { value: 0, done: true };
+      }
+    };
+  }
+};
+var CryptoHash = class {
+  chunks = [];
+  update(input) {
+    if (typeof input === "string") {
+      this.chunks.push(new TextEncoder().encode(input));
+    } else {
+      this.chunks.push(input);
+    }
+    return this;
+  }
+  // Pure-JS SHA-256 — used for the synchronous digest path.
+  // Identical output to SubtleCrypto; no external dependency.
+  digest(encoding = "hex") {
+    const combined = this.mergeChunks();
+    const hash = sha256(combined);
+    if (encoding === "hex") {
+      return Array.from(hash).map((b) => b.toString(16).padStart(2, "0")).join("");
+    }
+    if (encoding === "base64") {
+      const binString = Array.from(hash, (b) => String.fromCodePoint(b)).join("");
+      return btoa(binString);
+    }
+    return String.fromCodePoint(...hash);
+  }
+  mergeChunks() {
+    const total = this.chunks.reduce((acc, c) => acc + c.length, 0);
+    const out = new Uint8Array(total);
+    let offset = 0;
+    for (const chunk of this.chunks) {
+      out.set(chunk, offset);
+      offset += chunk.length;
+    }
+    return out;
+  }
+};
+var CryptoUtils = class {
+  static randomBytes(size) {
+    if (size <= 0 || size > 65536) {
+      throw new RangeError("Size must be between 1 and 65536");
+    }
+    const buf = new Uint8Array(size);
+    globalThis.crypto.getRandomValues(buf);
+    return new CryptoBuffer(buf);
+  }
+  static createHash(algorithm) {
+    if (algorithm.toLowerCase() !== "sha256") {
+      throw new Error("Only SHA-256 is supported");
+    }
+    return new CryptoHash();
+  }
+};
+var randomBytes = (size) => CryptoUtils.randomBytes(size);
+var createHash = (algorithm) => CryptoUtils.createHash(algorithm);
+function timingSafeEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a[i] ^ b[i];
+  }
+  return diff === 0;
+}
+var RandomPool = class {
+  buffer;
+  offset;
+  chunkSize;
+  constructor(chunkSize = 2048) {
+    this.chunkSize = chunkSize;
+    this.buffer = new Uint8Array(chunkSize);
+    globalThis.crypto.getRandomValues(this.buffer);
+    this.offset = 0;
+  }
+  refill() {
+    globalThis.crypto.getRandomValues(this.buffer);
+    this.offset = 0;
+  }
+  uint32() {
+    if (this.offset + 4 > this.buffer.length) {
+      this.refill();
+    }
+    const b0 = this.buffer[this.offset];
+    const b1 = this.buffer[this.offset + 1];
+    const b2 = this.buffer[this.offset + 2];
+    const b3 = this.buffer[this.offset + 3];
+    this.offset += 4;
+    return (b0 | b1 << 8 | b2 << 16 | b3 << 24) >>> 0;
+  }
+  byte() {
+    if (this.offset >= this.buffer.length) {
+      this.refill();
+    }
+    const val = this.buffer[this.offset];
+    this.offset += 1;
+    return val;
+  }
+  // uniform float in [0, 1)
+  float() {
+    return this.uint32() / 4294967295;
+  }
+  // uniform integer in [min, max)
+  int(min, max) {
+    return Math.floor(this.float() * (max - min)) + min;
+  }
+};
+var K = [
+  1116352408,
+  1899447441,
+  3049323471,
+  3921009573,
+  961987163,
+  1508970993,
+  2453635748,
+  2870763221,
+  3624381080,
+  310598401,
+  607225278,
+  1426881987,
+  1925078388,
+  2162078206,
+  2614888103,
+  3248222580,
+  3835390401,
+  4022224774,
+  264347078,
+  604807628,
+  770255983,
+  1249150122,
+  1555081692,
+  1996064986,
+  2554220882,
+  2821834349,
+  2952996808,
+  3210313671,
+  3336571891,
+  3584528711,
+  113926993,
+  338241895,
+  666307205,
+  773529912,
+  1294757372,
+  1396182291,
+  1695183700,
+  1986661051,
+  2177026350,
+  2456956037,
+  2730485921,
+  2820302411,
+  3259730800,
+  3345764771,
+  3516065817,
+  3600352804,
+  4094571909,
+  275423344,
+  430227734,
+  506948616,
+  659060556,
+  883997877,
+  958139571,
+  1322822218,
+  1537002063,
+  1747873779,
+  1955562222,
+  2024104815,
+  2227730452,
+  2361852424,
+  2428436474,
+  2756734187,
+  3204031479,
+  3329325298
+];
+function rotr32(x, n) {
+  return x >>> n | x << 32 - n;
+}
+function sha256(data) {
+  let h0 = 1779033703;
+  let h1 = 3144134277;
+  let h2 = 1013904242;
+  let h3 = 2773480762;
+  let h4 = 1359893119;
+  let h5 = 2600822924;
+  let h6 = 528734635;
+  let h7 = 1541459225;
+  const msgLen = data.length;
+  const bitLen = msgLen * 8;
+  const padLen = msgLen + 9 + 63 & ~63;
+  const padded = new Uint8Array(padLen);
+  padded.set(data);
+  padded[msgLen] = 128;
+  const view = new DataView(padded.buffer);
+  view.setUint32(padLen - 4, bitLen >>> 0, false);
+  view.setUint32(padLen - 8, Math.floor(bitLen / 4294967296) >>> 0, false);
+  const w = new Int32Array(64);
+  for (let offset = 0; offset < padLen; offset += 64) {
+    for (let i = 0; i < 16; i++) {
+      w[i] = view.getInt32(offset + i * 4, false);
+    }
+    for (let i = 16; i < 64; i++) {
+      const s0 = rotr32(w[i - 15], 7) ^ rotr32(w[i - 15], 18) ^ w[i - 15] >>> 3;
+      const s1 = rotr32(w[i - 2], 17) ^ rotr32(w[i - 2], 19) ^ w[i - 2] >>> 10;
+      w[i] = w[i - 16] + s0 + w[i - 7] + s1 | 0;
+    }
+    let a = h0, b = h1, c = h2, d = h3;
+    let e = h4, f = h5, g = h6, h = h7;
+    for (let i = 0; i < 64; i++) {
+      const S1 = rotr32(e, 6) ^ rotr32(e, 11) ^ rotr32(e, 25);
+      const ch = e & f ^ ~e & g;
+      const tmp1 = h + S1 + ch + K[i] + w[i] | 0;
+      const S0 = rotr32(a, 2) ^ rotr32(a, 13) ^ rotr32(a, 22);
+      const maj = a & b ^ a & c ^ b & c;
+      const tmp2 = S0 + maj | 0;
+      h = g;
+      g = f;
+      f = e;
+      e = d + tmp1 | 0;
+      d = c;
+      c = b;
+      b = a;
+      a = tmp1 + tmp2 | 0;
+    }
+    h0 = h0 + a | 0;
+    h1 = h1 + b | 0;
+    h2 = h2 + c | 0;
+    h3 = h3 + d | 0;
+    h4 = h4 + e | 0;
+    h5 = h5 + f | 0;
+    h6 = h6 + g | 0;
+    h7 = h7 + h | 0;
+  }
+  const result = new Uint8Array(32);
+  const rv = new DataView(result.buffer);
+  rv.setUint32(0, h0 >>> 0, false);
+  rv.setUint32(4, h1 >>> 0, false);
+  rv.setUint32(8, h2 >>> 0, false);
+  rv.setUint32(12, h3 >>> 0, false);
+  rv.setUint32(16, h4 >>> 0, false);
+  rv.setUint32(20, h5 >>> 0, false);
+  rv.setUint32(24, h6 >>> 0, false);
+  rv.setUint32(28, h7 >>> 0, false);
+  return result;
+}
+
+// src/utils/random.ts
+var Random = class {
+  static getRandomNumber(difficulty) {
+    const buffer = randomBytes(4);
+    const rand = buffer.readUInt32LE(0) / 4294967296;
+    if (difficulty === "easy") {
+      return Math.floor(rand * 10) + 1;
+    }
+    if (difficulty === "medium") {
+      return Math.floor(rand * 50) + 1;
+    }
+    return Math.floor(rand * 100) + 1;
+  }
+  static getRandomOperator() {
+    const operators = ["+", "-", "*", "/"];
+    const buffer = randomBytes(1);
+    const index = buffer[0] % operators.length;
+    return operators[index];
+  }
+  static generateRandomString(difficulty) {
+    const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    let result = "";
+    const length = difficulty === "easy" ? 4 : difficulty === "medium" ? 6 : 8;
+    const buffer = randomBytes(length);
+    for (let i = 0; i < length; i++) {
+      result += chars.charAt(buffer[i] % chars.length);
+    }
+    return result;
+  }
+  static generateNonce() {
+    return randomBytes(16).toString("hex");
+  }
+  static generateSalt() {
+    return randomBytes(8).toString("hex");
+  }
+};
+
+// src/utils/sequenceGenerator.ts
+var SequenceGenerator = class {
+  static generate(difficulty) {
+    if (difficulty === "easy") {
+      const buffer2 = randomBytes(8);
+      const start2 = buffer2.readUInt32LE(0) % 5 + 1;
+      const step = buffer2.readUInt32LE(4) % 3 + 1;
+      const sequence2 = [start2, start2 + step, start2 + 2 * step];
+      const answer2 = start2 + 3 * step;
+      return { question: `${sequence2.join(", ")}, ?`, answer: answer2 };
+    }
+    if (difficulty === "medium") {
+      const letters = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J"];
+      const step = 2;
+      const maxStart2 = letters.length - step * 3 - 1;
+      const buffer2 = randomBytes(4);
+      const start2 = buffer2.readUInt32LE(0) % (maxStart2 + 1);
+      const sequence2 = [letters[start2], letters[start2 + step], letters[start2 + 2 * step]];
+      const answer2 = letters[start2 + 3 * step];
+      return { question: `${sequence2.join(", ")}, ?`, answer: answer2 };
+    }
+    const fibs = [1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144];
+    const buffer = randomBytes(4);
+    const maxStart = fibs.length - 5;
+    const start = buffer.readUInt32LE(0) % (maxStart + 1);
+    const sequence = fibs.slice(start, start + 4);
+    const answer = fibs[start + 4];
+    return { question: `${sequence.join(", ")}, ?`, answer };
+  }
+};
+
+// src/utils/scrambleGenerator.ts
+var ScrambleGenerator = class {
+  static easyWords = [
+    "apple",
+    "cat",
+    "dog",
+    "house",
+    "sun",
+    "moon",
+    "car",
+    "tree",
+    "book",
+    "water"
+  ];
+  static mediumWords = [
+    "apple",
+    "cat",
+    "dog",
+    "house",
+    "sun",
+    "moon",
+    "car",
+    "tree",
+    "book",
+    "water",
+    "bread",
+    "milk",
+    "fish",
+    "bird",
+    "flower",
+    "star",
+    "hand",
+    "eye",
+    "nose",
+    "mouth"
+  ];
+  // hard pool: longer words with uncommon letter patterns to resist guessing
+  static hardWords = [
+    "typescript",
+    "javascript",
+    "algorithm",
+    "encryption",
+    "blockchain",
+    "metamorphosis",
+    "cryptography",
+    "synchronize",
+    "parallelism",
+    "obfuscation",
+    "infrastructure",
+    "authentication",
+    "authorization",
+    "vulnerability",
+    "orchestration"
+  ];
+  static generate(difficulty) {
+    let pool;
+    if (difficulty === "easy") {
+      pool = this.easyWords;
+    } else if (difficulty === "medium") {
+      pool = this.mediumWords;
+    } else {
+      pool = this.hardWords;
+    }
+    const buffer = randomBytes(4);
+    const rand = buffer.readUInt32LE(0) / 4294967295;
+    const word = pool[Math.floor(rand * pool.length)];
+    const scrambled = this.scramble(word);
+    return { question: scrambled, answer: word };
+  }
+  static scramble(word) {
+    const arr = word.split("");
+    const n = arr.length;
+    const batchBuf = randomBytes(n * 4);
+    for (let i = n - 1; i > 0; i--) {
+      const j = batchBuf.readUInt32LE((n - 1 - i) * 4) % (i + 1);
+      [arr[i], arr[j]] = [arr[j], arr[i]];
+    }
+    return arr.join("");
+  }
+};
+
+// src/utils/reverseGenerator.ts
+var ReverseGenerator = class {
+  static easyWords = [
+    "cat",
+    "dog",
+    "sun",
+    "moon",
+    "star",
+    "fish",
+    "bird",
+    "tree",
+    "ball",
+    "book",
+    "door",
+    "lamp",
+    "rock",
+    "leaf",
+    "wind",
+    "fire",
+    "ice",
+    "sky",
+    "sea",
+    "fog",
+    "rain",
+    "snow",
+    "bear",
+    "wolf",
+    "coin",
+    "key",
+    "cup",
+    "pen",
+    "box",
+    "hat",
+    "map",
+    "web"
+  ];
+  static mediumWords = [
+    "apple",
+    "house",
+    "water",
+    "bread",
+    "ocean",
+    "river",
+    "tiger",
+    "eagle",
+    "storm",
+    "cloud",
+    "flame",
+    "frost",
+    "stone",
+    "metal",
+    "glass",
+    "paper",
+    "forest",
+    "desert",
+    "valley",
+    "castle",
+    "bridge",
+    "garden",
+    "market",
+    "temple",
+    "dragon",
+    "wizard",
+    "knight",
+    "shield",
+    "sword",
+    "crown",
+    "jewel",
+    "crystal",
+    "planet",
+    "galaxy",
+    "comet",
+    "nebula",
+    "cipher",
+    "enigma",
+    "puzzle",
+    "riddle",
+    "shadow",
+    "mirror",
+    "portal",
+    "beacon",
+    "anchor",
+    "compass",
+    "lantern",
+    "prism"
+  ];
+  static hardWords = [
+    "typescript",
+    "javascript",
+    "encryption",
+    "cryptography",
+    "algorithm",
+    "infrastructure",
+    "architecture",
+    "authentication",
+    "authorization",
+    "vulnerability",
+    "cybersecurity",
+    "blockchain",
+    "metamorphosis",
+    "constellation",
+    "synchronization",
+    "transformation",
+    "illumination",
+    "orchestration",
+    "denomination",
+    "comprehension",
+    "manifestation",
+    "extraordinary",
+    "revolutionary",
+    "sophisticated",
+    "kaleidoscope",
+    "optimization",
+    "crystallization",
+    "configuration",
+    "implementation",
+    "parallelization",
+    "serialization",
+    "decentralization",
+    "internationalization",
+    "containerization",
+    "virtualization",
+    "obfuscation",
+    "triangulation",
+    "interpolation",
+    "extrapolation",
+    "approximation",
+    "segmentation",
+    "fragmentation",
+    "concatenation",
+    "regeneration",
+    "degeneration"
+  ];
+  static generate(difficulty) {
+    let wordPool;
+    if (difficulty === "hard") {
+      wordPool = this.hardWords;
+    } else if (difficulty === "medium") {
+      wordPool = this.mediumWords;
+    } else {
+      wordPool = this.easyWords;
+    }
+    const buf = randomBytes(4);
+    const rand = buf.readUInt32LE(0) / 4294967295;
+    const text = wordPool[Math.floor(rand * wordPool.length)];
+    const reversed = text.split("").reverse().join("");
+    return { question: reversed, answer: text };
+  }
+};
+
+// src/utils/customQuestionGenerator.ts
+var CustomQuestionGenerator = class {
+  questions;
+  constructor(questions) {
+    this.questions = questions;
+  }
+  generate(difficulty) {
+    const candidates = difficulty ? this.questions.filter((q) => q.difficulty === difficulty) : this.questions;
+    if (candidates.length === 0) {
+      return this.selectRandom(this.questions);
+    }
+    return this.selectRandom(candidates);
+  }
+  selectRandom(questions) {
+    if (questions.length === 0) {
+      return { question: "", answer: "" };
+    }
+    const buffer = randomBytes(4);
+    const index = buffer.readUInt32LE(0) % questions.length;
+    const selected = questions[index];
+    return {
+      question: selected.question,
+      answer: selected.answer
+    };
+  }
+};
+
+// src/validators/customQuestionValidator.ts
+var CustomQuestionValidator = class {
+  static MAX_QUESTIONS = 100;
+  static MAX_QUESTION_LENGTH = 500;
+  static MAX_ANSWER_LENGTH = 200;
+  static MIN_QUESTION_LENGTH = 5;
+  static MIN_ANSWER_LENGTH = 1;
+  static VALID_DIFFICULTY = ["easy", "medium", "hard"];
+  // validates the entire questions array structure and content
+  static validate(questions) {
+    if (!Array.isArray(questions)) {
+      return { valid: false, error: "Questions must be an array" };
+    }
+    if (questions.length === 0) {
+      return { valid: false, error: "At least one question is required" };
+    }
+    if (questions.length > this.MAX_QUESTIONS) {
+      return { valid: false, error: `Maximum ${this.MAX_QUESTIONS} questions allowed` };
+    }
+    for (let i = 0; i < questions.length; i++) {
+      const questionItem = questions[i];
+      const singleValidation = this.validateSingle(questionItem);
+      if (!singleValidation.valid) {
+        return { valid: false, error: `Question ${i + 1}: ${singleValidation.error}` };
+      }
+    }
+    return { valid: true };
+  }
+  static validateSingle(question) {
+    if (typeof question !== "object" || question === null) {
+      return { valid: false, error: "Each question must be an object" };
+    }
+    const q = question;
+    if (typeof q.question !== "string") {
+      return { valid: false, error: "Question text must be a string" };
+    }
+    if (typeof q.answer !== "string") {
+      return { valid: false, error: "Answer must be a string" };
+    }
+    if (typeof q.difficulty !== "string") {
+      return { valid: false, error: "Difficulty must be specified" };
+    }
+    if (!this.VALID_DIFFICULTY.includes(q.difficulty)) {
+      return { valid: false, error: `Difficulty must be one of: ${this.VALID_DIFFICULTY.join(", ")}` };
+    }
+    if (q.question.length < this.MIN_QUESTION_LENGTH) {
+      return { valid: false, error: `Question must be at least ${this.MIN_QUESTION_LENGTH} characters` };
+    }
+    if (q.question.length > this.MAX_QUESTION_LENGTH) {
+      return { valid: false, error: `Question must not exceed ${this.MAX_QUESTION_LENGTH} characters` };
+    }
+    if (q.answer.length < this.MIN_ANSWER_LENGTH) {
+      return { valid: false, error: "Answer cannot be empty" };
+    }
+    if (q.answer.length > this.MAX_ANSWER_LENGTH) {
+      return { valid: false, error: `Answer must not exceed ${this.MAX_ANSWER_LENGTH} characters` };
+    }
+    return { valid: true };
+  }
+  // clean up whitespace from questions and answers
+  static sanitize(questions) {
+    return questions.map((q) => ({
+      question: q.question.trim(),
+      answer: q.answer.trim(),
+      difficulty: q.difficulty
+    }));
+  }
+};
+
+// src/utils/imageGenerator.ts
+var CHAR_POOL_EASY = "ABCDEFGHJKLMNPQRSTUVWXYZ";
+var CHAR_POOL_MEDIUM = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
+var CHAR_POOL_HARD = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
+var SVG_WIDTH = 200;
+var SVG_HEIGHT = 70;
+function escapeXml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+function generateText(pool, charPool, length) {
+  let result = "";
+  for (let i = 0; i < length; i++) {
+    result += charPool[pool.byte() % charPool.length];
+  }
+  return result;
+}
+function renderChar(pool, char, x, baseY, colorHex) {
+  const rotate = pool.int(-25, 25);
+  const offsetY = pool.int(-6, 6);
+  const fontSize = pool.int(22, 30);
+  const opacity = (pool.float() * 0.25 + 0.75).toFixed(2);
+  return `<text x="${x}" y="${baseY + offsetY}" transform="rotate(${rotate},${x},${baseY + offsetY})" font-size="${fontSize}" font-family="monospace" font-weight="bold" fill="${colorHex}" opacity="${opacity}" letter-spacing="2">${escapeXml(char)}</text>`;
+}
+function grayColor(pool) {
+  const v = pool.int(100, 200);
+  return `rgb(${v},${v},${v})`;
+}
+function darkColor(pool) {
+  const r = pool.int(20, 150);
+  const g = pool.int(20, 150);
+  const b = pool.int(20, 150);
+  return `rgb(${r},${g},${b})`;
+}
+function renderNoiseLines(pool, count) {
+  let lines = "";
+  for (let i = 0; i < count; i++) {
+    const x1 = pool.int(0, SVG_WIDTH);
+    const y1 = pool.int(0, SVG_HEIGHT);
+    const x2 = pool.int(0, SVG_WIDTH);
+    const y2 = pool.int(0, SVG_HEIGHT);
+    const strokeWidth = (pool.float() * 1.5 + 0.5).toFixed(1);
+    const color = grayColor(pool);
+    const opacity = (pool.float() * 0.4 + 0.2).toFixed(2);
+    lines += `<line x1="${x1}" y1="${y1}" x2="${x2}" y2="${y2}" stroke="${color}" stroke-width="${strokeWidth}" opacity="${opacity}"/>`;
+  }
+  return lines;
+}
+function renderNoiseDots(pool, count) {
+  let dots = "";
+  for (let i = 0; i < count; i++) {
+    const cx = pool.int(0, SVG_WIDTH);
+    const cy = pool.int(0, SVG_HEIGHT);
+    const r = pool.int(1, 3);
+    const color = grayColor(pool);
+    const opacity = (pool.float() * 0.5 + 0.1).toFixed(2);
+    dots += `<circle cx="${cx}" cy="${cy}" r="${r}" fill="${color}" opacity="${opacity}"/>`;
+  }
+  return dots;
+}
+function renderWavePath(pool) {
+  const amplitude = pool.int(3, 8);
+  const frequency = pool.float() * 0.08 + 0.04;
+  const phaseShift = pool.float() * Math.PI * 2;
+  const strokeColor = grayColor(pool);
+  let d = `M 0 ${SVG_HEIGHT / 2}`;
+  for (let x = 1; x <= SVG_WIDTH; x += 2) {
+    const y = SVG_HEIGHT / 2 + amplitude * Math.sin(frequency * x + phaseShift);
+    d += ` L ${x} ${y.toFixed(2)}`;
+  }
+  return `<path d="${d}" stroke="${strokeColor}" stroke-width="1.5" fill="none" opacity="0.35"/>`;
+}
+function buildSvg(pool, text, difficulty) {
+  const charCount = text.length;
+  const spacing = SVG_WIDTH / (charCount + 1);
+  const baseY = SVG_HEIGHT / 2 + 8;
+  const noiseLineCount = difficulty === "easy" ? 4 : difficulty === "medium" ? 7 : 10;
+  const noiseDotCount = difficulty === "easy" ? 20 : difficulty === "medium" ? 40 : 60;
+  const waveCount = difficulty === "easy" ? 1 : difficulty === "medium" ? 2 : 3;
+  const bgGray = pool.int(235, 250);
+  const background = `<rect width="${SVG_WIDTH}" height="${SVG_HEIGHT}" fill="rgb(${bgGray},${bgGray},${bgGray})" rx="6"/>`;
+  let chars = "";
+  for (let i = 0; i < charCount; i++) {
+    const x = Math.round(spacing * (i + 1));
+    const color = darkColor(pool);
+    chars += renderChar(pool, text[i], x, baseY, color);
+  }
+  let waves = "";
+  for (let i = 0; i < waveCount; i++) {
+    waves += renderWavePath(pool);
+  }
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="${SVG_WIDTH}" height="${SVG_HEIGHT}" viewBox="0 0 ${SVG_WIDTH} ${SVG_HEIGHT}">${background}${renderNoiseDots(pool, noiseDotCount)}${renderNoiseLines(pool, noiseLineCount)}${waves}${chars}</svg>`;
+}
+function svgToDataUri(svg) {
+  const bytes = new TextEncoder().encode(svg);
+  const binString = Array.from(bytes, (b) => String.fromCodePoint(b)).join("");
+  return `data:image/svg+xml;base64,${btoa(binString)}`;
+}
+var ImageGenerator = class {
+  static generate(difficulty) {
+    const pool = new RandomPool(2048);
+    const charPool = difficulty === "easy" ? CHAR_POOL_EASY : difficulty === "medium" ? CHAR_POOL_MEDIUM : CHAR_POOL_HARD;
+    const length = difficulty === "easy" ? 4 : difficulty === "medium" ? 5 : 6;
+    const answer = generateText(pool, charPool, length);
+    const svg = buildSvg(pool, answer, difficulty);
+    const image = svgToDataUri(svg);
+    return {
+      image,
+      answer: answer.toLowerCase(),
+      question: "Type the characters shown in the image"
+    };
+  }
+};
+
+// src/utils/emojiGenerator.ts
+var CATEGORIES = {
+  animals: ["\u{1F436}", "\u{1F431}", "\u{1F42D}", "\u{1F439}", "\u{1F430}", "\u{1F98A}", "\u{1F43B}", "\u{1F43C}", "\u{1F428}", "\u{1F42F}", "\u{1F981}", "\u{1F42E}", "\u{1F437}", "\u{1F438}", "\u{1F435}", "\u{1F992}", "\u{1F993}", "\u{1F418}", "\u{1F427}", "\u{1F985}"],
+  food: ["\u{1F34E}", "\u{1F34A}", "\u{1F34B}", "\u{1F347}", "\u{1F353}", "\u{1F354}", "\u{1F355}", "\u{1F35C}", "\u{1F363}", "\u{1F369}", "\u{1F382}", "\u{1F966}", "\u{1F955}", "\u{1F951}", "\u{1F9C0}", "\u{1F366}", "\u{1F36B}", "\u{1F950}", "\u{1F32E}", "\u{1F371}"],
+  vehicles: ["\u{1F697}", "\u{1F695}", "\u{1F699}", "\u{1F68C}", "\u{1F691}", "\u{1F692}", "\u{1F693}", "\u{1F69C}", "\u{1F3CE}", "\u{1F682}", "\u{1F681}", "\u{1F6E9}", "\u{1F680}", "\u{1F6F8}", "\u{1F6A2}", "\u26F5", "\u{1F6B2}", "\u{1F6F5}", "\u{1F3CD}", "\u{1F69B}"],
+  nature: ["\u{1F338}", "\u{1F33A}", "\u{1F33B}", "\u{1F339}", "\u{1F337}", "\u{1F340}", "\u{1F33F}", "\u{1F331}", "\u{1F332}", "\u{1F333}", "\u{1F341}", "\u{1F342}", "\u{1F30A}", "\u{1F319}", "\u2B50", "\u{1F308}", "\u{1F31E}", "\u{1F30B}", "\u{1F3D4}", "\u{1F33E}"],
+  sports: ["\u26BD", "\u{1F3C0}", "\u{1F3C8}", "\u26BE", "\u{1F3BE}", "\u{1F3D0}", "\u{1F3C9}", "\u{1F3B1}", "\u{1F3D3}", "\u{1F3F8}", "\u{1F94A}", "\u{1F3BF}", "\u{1F6F7}", "\u26F7", "\u{1F938}", "\u{1F6B4}", "\u{1F3CA}", "\u{1F93A}", "\u{1F94B}", "\u{1F3AF}"]
+};
+var CATEGORY_KEYS = Object.keys(CATEGORIES);
+function secureIndex(max) {
+  const buf = randomBytes(4);
+  return buf.readUInt32LE(0) % max;
+}
+function pickUnique(pool, count) {
+  const available = pool.slice();
+  const result = [];
+  for (let i = 0; i < count && available.length > 0; i++) {
+    const idx = secureIndex(available.length);
+    result.push(available.splice(idx, 1)[0]);
+  }
+  return result;
+}
+function shuffleInPlace(arr) {
+  const batchBuf = randomBytes(arr.length * 4);
+  for (let i = arr.length - 1; i > 0; i--) {
+    const j = batchBuf.readUInt32LE((arr.length - 1 - i) * 4) % (i + 1);
+    [arr[i], arr[j]] = [arr[j], arr[i]];
+  }
+}
+var EmojiGenerator = class {
+  static generate(difficulty) {
+    const targetCount = difficulty === "easy" ? 2 : difficulty === "medium" ? 3 : 4;
+    const distractorCount = difficulty === "easy" ? 2 : difficulty === "medium" ? 3 : 4;
+    const totalCount = targetCount + distractorCount;
+    const categoryKey = CATEGORY_KEYS[secureIndex(CATEGORY_KEYS.length)];
+    const targetPool = CATEGORIES[categoryKey];
+    const distractorPool = [];
+    for (const key of CATEGORY_KEYS) {
+      if (key !== categoryKey) {
+        distractorPool.push(...CATEGORIES[key]);
+      }
+    }
+    const targets = pickUnique(targetPool, targetCount);
+    const distractors = pickUnique(distractorPool, distractorCount);
+    const combined = [...targets, ...distractors];
+    shuffleInPlace(combined);
+    const targetSet = new Set(targets);
+    const targetIndices = combined.map((e, i) => targetSet.has(e) ? i : -1).filter((i) => i !== -1).sort((a, b) => a - b);
+    const answer = targetIndices.join(",");
+    return {
+      emojis: combined,
+      category: categoryKey,
+      answer,
+      question: `Select all ${categoryKey} from the list (${totalCount} emojis, ${targetCount} correct)`
+    };
+  }
+};
+
+// src/core/captchaGenerator.ts
+var NONCE_STORE_MAX = 1e4;
+var CaptchaGenerator = class {
+  standardOptions = null;
+  customOptions = null;
+  customGenerator = null;
+  // Keyed by nonce; stores the full server-side record including answer hash and salt.
+  // answer, hashedAnswer and salt are never included in the public CaptchaChallenge.
+  store = /* @__PURE__ */ new Map();
+  // set up the generator and check custom questions if they exist
+  constructor(options) {
+    if (this.isCustomOptions(options)) {
+      this.customOptions = options;
+      const validation = CustomQuestionValidator.validate(options.questions);
+      if (!validation.valid) {
+        throw new Error(`Invalid custom questions: ${validation.error}`);
+      }
+      const sanitized = CustomQuestionValidator.sanitize(options.questions);
+      this.customGenerator = new CustomQuestionGenerator(sanitized);
+    } else {
+      this.standardOptions = options;
+    }
+  }
+  // check if we got custom captcha options
+  isCustomOptions(options) {
+    if (typeof options !== "object" || options === null) {
+      return false;
+    }
+    const opt = options;
+    return opt.type === "custom" && Array.isArray(opt.questions);
+  }
+  getDifficulty(override) {
+    if (override) {
+      return override;
+    }
+    if (!this.standardOptions) {
+      return "easy";
+    }
+    return this.standardOptions.difficulty;
+  }
+  // Atomically fetches and removes the stored challenge by nonce.
+  // Single-use semantics: the challenge is invalidated on the first attempt (success or failure).
+  // Callers must re-generate a new challenge after any validation attempt.
+  consume(nonce) {
+    const record = this.store.get(nonce);
+    if (record !== void 0) {
+      this.store.delete(nonce);
+    }
+    return record;
+  }
+  // Removes all entries whose expiry has passed to free memory proactively.
+  // Called on every generate() to prevent the store from filling with stale records.
+  pruneExpired() {
+    const now = Date.now();
+    for (const [key, record] of this.store) {
+      if (now > record.expiry) {
+        this.store.delete(key);
+      }
+    }
+  }
+  // Stores the full record server-side; returns a public CaptchaChallenge
+  // that is safe to send to the client (no answer, hashedAnswer or salt).
+  createChallenge(base) {
+    this.pruneExpired();
+    let nonce;
+    do {
+      nonce = Random.generateNonce();
+    } while (this.store.has(nonce));
+    if (this.store.size >= NONCE_STORE_MAX) {
+      const oldest = this.store.keys().next().value;
+      if (oldest !== void 0) {
+        this.store.delete(oldest);
+      }
+    }
+    const expiry = Date.now() + 5 * 60 * 1e3;
+    const salt = Random.generateSalt();
+    const answerStr = typeof base.answer === "number" ? Number.isInteger(base.answer) ? base.answer.toString() : base.answer.toFixed(2) : base.answer.toString();
+    const hashedAnswer = createHash("sha256").update(answerStr + salt).digest("hex");
+    const stored = { ...base, nonce, expiry, hashedAnswer, salt };
+    this.store.set(nonce, stored);
+    const { answer: _answer, hashedAnswer: _ha, salt: _salt, steps: rawSteps, ...rest } = stored;
+    const publicChallenge = { ...rest };
+    if (rawSteps && rawSteps.length > 0) {
+      publicChallenge.steps = rawSteps.map(({ answer: _a, hashedAnswer: _h, salt: _s, steps: _nested, ...pub }) => pub);
+    }
+    return publicChallenge;
+  }
+  // evaluate arithmetic expression for the math captcha type
+  calculateMath(a, op, b) {
+    if (op === "+") {
+      return a + b;
+    }
+    if (op === "-") {
+      return a - b;
+    }
+    if (op === "*") {
+      return a * b;
+    }
+    if (op === "/") {
+      if (b === 0) {
+        return Number.NaN;
+      }
+      const raw = a / b;
+      return parseFloat(raw.toFixed(2));
+    }
+    return 0;
+  }
+  // dispatch to the correct generator based on configured captcha type
+  generate(difficulty) {
+    if (this.customOptions) {
+      return this.generateCustom();
+    }
+    if (!this.standardOptions) {
+      throw new Error("Generator not properly initialized");
+    }
+    const captchaType = this.standardOptions.type;
+    if (captchaType === "math") {
+      return this.generateMath(difficulty);
+    }
+    if (captchaType === "text") {
+      return this.generateText(difficulty);
+    }
+    if (captchaType === "sequence") {
+      return this.generateSequence(difficulty);
+    }
+    if (captchaType === "scramble") {
+      return this.generateScramble(difficulty);
+    }
+    if (captchaType === "reverse") {
+      return this.generateReverse(difficulty);
+    }
+    if (captchaType === "multi") {
+      return this.generateMulti(difficulty);
+    }
+    if (captchaType === "image") {
+      return this.generateImage(difficulty);
+    }
+    if (captchaType === "emoji") {
+      return this.generateEmoji(difficulty);
+    }
+    return this.generateMixed(difficulty);
+  }
+  generateCustom() {
+    if (!this.customGenerator) {
+      throw new Error("Custom generator not initialized");
+    }
+    const custom = this.customGenerator.generate();
+    if (!custom.question || !custom.answer) {
+      throw new Error("Custom question pool returned an empty question or answer");
+    }
+    return this.createChallenge({ type: "custom", question: custom.question, answer: custom.answer });
+  }
+  generateMath(diffOverride) {
+    const difficulty = this.getDifficulty(diffOverride);
+    let num1 = Random.getRandomNumber(difficulty);
+    let num2 = Random.getRandomNumber(difficulty);
+    const operator = Random.getRandomOperator();
+    if (operator === "/" && num2 === 0) {
+      num2 = Random.getRandomNumber(difficulty) + 1;
+    }
+    const answer = this.calculateMath(num1, operator, num2);
+    if (isNaN(answer) || !isFinite(answer)) {
+      num1 = Random.getRandomNumber(difficulty);
+      num2 = Random.getRandomNumber(difficulty) + 1;
+      return this.createChallenge({
+        type: "math",
+        question: `${num1} + ${num2}`,
+        answer: num1 + num2
+      });
+    }
+    return this.createChallenge({ type: "math", question: `${num1} ${operator} ${num2}`, answer });
+  }
+  generateText(diffOverride) {
+    const text = Random.generateRandomString(this.getDifficulty(diffOverride));
+    return this.createChallenge({ type: "text", question: text, answer: text });
+  }
+  generateSequence(diffOverride) {
+    const seq = SequenceGenerator.generate(this.getDifficulty(diffOverride));
+    return this.createChallenge({ type: "sequence", question: seq.question, answer: seq.answer });
+  }
+  generateScramble(diffOverride) {
+    const scr = ScrambleGenerator.generate(this.getDifficulty(diffOverride));
+    return this.createChallenge({ type: "scramble", question: scr.question, answer: scr.answer });
+  }
+  generateReverse(diffOverride) {
+    const rev = ReverseGenerator.generate(this.getDifficulty(diffOverride));
+    return this.createChallenge({ type: "reverse", question: rev.question, answer: rev.answer });
+  }
+  // randomly selects one of the available non-compound types
+  generateMixed(diffOverride) {
+    const types = ["math", "text", "sequence", "scramble", "reverse"];
+    const buffer = randomBytes(1);
+    const randomType = types[buffer[0] % types.length];
+    let question;
+    let answer;
+    if (randomType === "math") {
+      const difficulty = this.getDifficulty(diffOverride);
+      let num1 = Random.getRandomNumber(difficulty);
+      let num2 = Random.getRandomNumber(difficulty);
+      const operator = Random.getRandomOperator();
+      if (operator === "/" && num2 === 0) {
+        num2 = Random.getRandomNumber(difficulty) + 1;
+      }
+      const result = this.calculateMath(num1, operator, num2);
+      if (isNaN(result) || !isFinite(result)) {
+        num1 = Random.getRandomNumber(difficulty);
+        num2 = Random.getRandomNumber(difficulty) + 1;
+        question = `${num1} + ${num2}`;
+        answer = num1 + num2;
+      } else {
+        question = `${num1} ${operator} ${num2}`;
+        answer = result;
+      }
+    } else if (randomType === "text") {
+      const text = Random.generateRandomString(this.getDifficulty(diffOverride));
+      question = text;
+      answer = text;
+    } else if (randomType === "sequence") {
+      const seq = SequenceGenerator.generate(this.getDifficulty(diffOverride));
+      question = seq.question;
+      answer = seq.answer;
+    } else if (randomType === "scramble") {
+      const scr = ScrambleGenerator.generate(this.getDifficulty(diffOverride));
+      question = scr.question;
+      answer = scr.answer;
+    } else {
+      const rev = ReverseGenerator.generate(this.getDifficulty(diffOverride));
+      question = rev.question;
+      answer = rev.answer;
+    }
+    return this.createChallenge({ type: "mixed", question, answer });
+  }
+  // two-step captcha: math + scramble, both must be solved correctly.
+  // Child challenges are built via the same salt/hash pipeline but are NOT inserted into the
+  // nonce store independently, so they cannot be validated as standalone challenges.
+  generateMulti(diffOverride) {
+    const mathRaw = this.buildMathRecord(diffOverride);
+    const scrambleRaw = this.buildScrambleRecord(diffOverride);
+    return this.createChallenge({
+      type: "multi",
+      question: "Complete two steps",
+      answer: "",
+      steps: [mathRaw, scrambleRaw]
+    });
+  }
+  // Builds a StoredChallenge for a math question WITHOUT registering it in the nonce store.
+  buildMathRecord(diffOverride) {
+    const difficulty = this.getDifficulty(diffOverride);
+    let num1 = Random.getRandomNumber(difficulty);
+    let num2 = Random.getRandomNumber(difficulty);
+    const operator = Random.getRandomOperator();
+    if (operator === "/" && num2 === 0) {
+      num2 = Random.getRandomNumber(difficulty) + 1;
+    }
+    let answer = this.calculateMath(num1, operator, num2);
+    if (isNaN(answer) || !isFinite(answer)) {
+      num1 = Random.getRandomNumber(difficulty);
+      num2 = Random.getRandomNumber(difficulty) + 1;
+      answer = num1 + num2;
+    }
+    return this.buildStoredRecord({ type: "math", question: `${num1} ${operator} ${num2}`, answer });
+  }
+  // Builds a StoredChallenge for a scramble question WITHOUT registering it in the nonce store.
+  buildScrambleRecord(diffOverride) {
+    const scr = ScrambleGenerator.generate(this.getDifficulty(diffOverride));
+    return this.buildStoredRecord({ type: "scramble", question: scr.question, answer: scr.answer });
+  }
+  // Hashes and packages a challenge record but does NOT add it to the nonce store.
+  // Used for child steps that must not be independently redeemable.
+  buildStoredRecord(base) {
+    const nonce = Random.generateNonce();
+    const expiry = Date.now() + 5 * 60 * 1e3;
+    const salt = Random.generateSalt();
+    const answerStr = typeof base.answer === "number" ? Number.isInteger(base.answer) ? base.answer.toString() : base.answer.toFixed(2) : base.answer.toString();
+    const hashedAnswer = createHash("sha256").update(answerStr + salt).digest("hex");
+    return { ...base, nonce, expiry, hashedAnswer, salt };
+  }
+  // generates an SVG-based visual CAPTCHA immune to trivial OCR attacks
+  generateImage(diffOverride) {
+    const result = ImageGenerator.generate(this.getDifficulty(diffOverride));
+    return this.createChallenge({
+      type: "image",
+      question: result.question,
+      answer: result.answer,
+      image: result.image
+    });
+  }
+  // generates an emoji selection CAPTCHA: user picks all emojis from a given category
+  generateEmoji(diffOverride) {
+    const result = EmojiGenerator.generate(this.getDifficulty(diffOverride));
+    return this.createChallenge({
+      type: "emoji",
+      question: result.question,
+      answer: result.answer,
+      emojis: result.emojis,
+      category: result.category
+    });
+  }
+};
+
+// src/core/captchaValidator.ts
+function hexToBytes(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < bytes.length; i++) {
+    bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  }
+  return bytes;
+}
+var CaptchaValidator = class {
+  static MAX_INPUT_LENGTH = 1e3;
+  static VALID_CHAR_REGEX = /^[a-zA-Z0-9\s\-çÇğĞıİöÖşŞüÜ.,'!?]*$/;
+  // main validation entry point, routes to the correct validator based on challenge type
+  static validate(challenge, userInput) {
+    if (!this.isValidInput(userInput)) {
+      return false;
+    }
+    if (challenge.type === "multi") {
+      return this.validateMulti(challenge, userInput);
+    }
+    if (challenge.type === "custom") {
+      return this.validateCustom(challenge, userInput);
+    }
+    if (challenge.type === "image") {
+      return this.validateImage(challenge, userInput);
+    }
+    if (challenge.type === "emoji") {
+      return this.validateEmoji(challenge, userInput);
+    }
+    if (this.isNumericChallenge(challenge)) {
+      return this.validateNumeric(challenge, userInput);
+    }
+    return this.validateText(challenge, userInput);
+  }
+  static isValidInput(input) {
+    if (typeof input !== "string") {
+      return false;
+    }
+    if (input.length === 0 || input.length > this.MAX_INPUT_LENGTH) {
+      return false;
+    }
+    return true;
+  }
+  // validates multi step captchas by checking each step individually
+  static validateMulti(challenge, userInput) {
+    if (!challenge.steps || challenge.steps.length === 0) {
+      return false;
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(userInput);
+    } catch {
+      return false;
+    }
+    if (!Array.isArray(parsed) || parsed.length !== challenge.steps.length) {
+      return false;
+    }
+    for (let i = 0; i < challenge.steps.length; i++) {
+      const step = challenge.steps[i];
+      const input = parsed[i];
+      if (!step || typeof input !== "string") {
+        return false;
+      }
+      if (!this.validate(step, input)) {
+        return false;
+      }
+    }
+    return true;
+  }
+  static isNumericChallenge(challenge) {
+    return challenge.type === "math" || challenge.type === "sequence" && typeof challenge.answer === "number" || challenge.type === "mixed" && typeof challenge.answer === "number";
+  }
+  static validateNumeric(challenge, userInput) {
+    if (!/^-?(\d+(\.\d+)?|\.\d+)$/.test(userInput.trim())) {
+      return false;
+    }
+    const inputNum = parseFloat(userInput.trim());
+    if (isNaN(inputNum) || !isFinite(inputNum)) {
+      return false;
+    }
+    const canonical = Number.isInteger(inputNum) ? inputNum.toString() : inputNum.toFixed(2);
+    return this.verifyAnswer(challenge, canonical);
+  }
+  static validateText(challenge, userInput) {
+    const sanitized = userInput.trim();
+    if (!this.VALID_CHAR_REGEX.test(sanitized)) {
+      return false;
+    }
+    return this.verifyAnswer(challenge, sanitized);
+  }
+  // hash the user input with the same salt and compare using a constant-time
+  // equality check to eliminate timing side-channels
+  static verifyAnswer(challenge, userInput) {
+    const userHash = createHash("sha256").update(userInput + challenge.salt).digest("hex");
+    if (userHash.length !== challenge.hashedAnswer.length) {
+      return false;
+    }
+    return timingSafeEqual(
+      hexToBytes(userHash),
+      hexToBytes(challenge.hashedAnswer)
+    );
+  }
+  static validateCustom(challenge, userInput) {
+    const sanitized = userInput.trim();
+    if (!this.VALID_CHAR_REGEX.test(sanitized)) {
+      return false;
+    }
+    return this.verifyAnswer(challenge, sanitized);
+  }
+  // image answers are case-insensitive; only alphanumeric chars are accepted
+  static validateImage(challenge, userInput) {
+    const sanitized = userInput.trim().toLowerCase();
+    if (!/^[a-z0-9]+$/.test(sanitized)) {
+      return false;
+    }
+    if (sanitized.length < 1 || sanitized.length > 20) {
+      return false;
+    }
+    return this.verifyAnswer(challenge, sanitized);
+  }
+  // emoji answers: comma-separated zero-based indices e.g. "0,2,4"
+  // parsed, deduplicated, sorted numerically then re-joined to produce the canonical form
+  static validateEmoji(challenge, userInput) {
+    const trimmed = userInput.trim();
+    if (!/^[0-9,]+$/.test(trimmed)) {
+      return false;
+    }
+    const parts = trimmed.split(",").filter((s) => s.length > 0);
+    if (parts.length === 0 || parts.length > 20) {
+      return false;
+    }
+    const indices = parts.map(Number);
+    if (indices.some((n) => isNaN(n) || n < 0 || !Number.isInteger(n))) {
+      return false;
+    }
+    const normalized = [...new Set(indices)].sort((a, b) => a - b).join(",");
+    return this.verifyAnswer(challenge, normalized);
+  }
+};
+
+// src/core/adaptiveTracker.ts
+var WINDOW_SIZE = 10;
+var MIN_ATTEMPTS_BEFORE_ADJUST = 3;
+var SESSION_TTL_MS = 30 * 60 * 1e3;
+var MAX_SESSIONS = 1e4;
+var DIFFICULTY_ORDER = ["easy", "medium", "hard"];
+var AdaptiveTracker = class {
+  sessions = /* @__PURE__ */ new Map();
+  getDifficulty(sessionId) {
+    this.pruneExpired();
+    const session = this.sessions.get(sessionId);
+    if (!session) {
+      return "medium";
+    }
+    return session.currentDifficulty;
+  }
+  recordAttempt(sessionId, success) {
+    this.pruneExpired();
+    let session = this.sessions.get(sessionId);
+    if (!session) {
+      session = this.createSession();
+      if (this.sessions.size >= MAX_SESSIONS) {
+        this.evictOldest();
+      }
+      this.sessions.set(sessionId, session);
+    }
+    const attempt = {
+      timestamp: Date.now(),
+      success
+    };
+    session.attempts.push(attempt);
+    if (session.attempts.length > WINDOW_SIZE) {
+      session.attempts = session.attempts.slice(-WINDOW_SIZE);
+    }
+    session.attemptsSinceAdjustment++;
+    if (session.attemptsSinceAdjustment >= MIN_ATTEMPTS_BEFORE_ADJUST) {
+      this.adjustDifficulty(session);
+    }
+  }
+  getSession(sessionId) {
+    return this.sessions.get(sessionId);
+  }
+  clearSession(sessionId) {
+    return this.sessions.delete(sessionId);
+  }
+  clearAll() {
+    this.sessions.clear();
+  }
+  get sessionCount() {
+    return this.sessions.size;
+  }
+  createSession() {
+    return {
+      attempts: [],
+      currentDifficulty: "medium",
+      lastAdjustment: Date.now(),
+      attemptsSinceAdjustment: 0
+    };
+  }
+  adjustDifficulty(session) {
+    const recentAttempts = session.attempts.slice(-WINDOW_SIZE);
+    if (recentAttempts.length < MIN_ATTEMPTS_BEFORE_ADJUST) {
+      return;
+    }
+    const successCount = recentAttempts.filter((a) => a.success).length;
+    const successRate = successCount / recentAttempts.length;
+    const currentIndex = DIFFICULTY_ORDER.indexOf(session.currentDifficulty);
+    let newIndex = currentIndex;
+    if (successRate >= 0.8 && currentIndex < DIFFICULTY_ORDER.length - 1) {
+      newIndex = currentIndex + 1;
+    } else if (successRate <= 0.4 && currentIndex > 0) {
+      newIndex = currentIndex - 1;
+    }
+    if (newIndex !== currentIndex) {
+      session.currentDifficulty = DIFFICULTY_ORDER[newIndex];
+      session.lastAdjustment = Date.now();
+      session.attemptsSinceAdjustment = 0;
+    }
+  }
+  pruneExpired() {
+    const now = Date.now();
+    for (const [key, session] of this.sessions) {
+      const lastAttempt = session.attempts.length > 0 ? session.attempts[session.attempts.length - 1].timestamp : session.lastAdjustment;
+      if (now - lastAttempt > SESSION_TTL_MS) {
+        this.sessions.delete(key);
+      }
+    }
+  }
+  evictOldest() {
+    let oldestKey;
+    let oldestTime = Infinity;
+    for (const [key, session] of this.sessions) {
+      const lastActivity = session.attempts.length > 0 ? session.attempts[session.attempts.length - 1].timestamp : session.lastAdjustment;
+      if (lastActivity < oldestTime) {
+        oldestTime = lastActivity;
+        oldestKey = key;
+      }
+    }
+    if (oldestKey !== void 0) {
+      this.sessions.delete(oldestKey);
+    }
+  }
+};
+
+// src/K9Guard.ts
+var K9Guard = class {
+  options;
+  generator;
+  adaptiveTracker = null;
+  defaultSessionId = null;
+  constructor(options) {
+    const processedOptions = this.processOptions(options);
+    this.generator = new CaptchaGenerator(processedOptions);
+    this.options = processedOptions;
+    if (this.isAdaptive()) {
+      this.adaptiveTracker = new AdaptiveTracker();
+      this.defaultSessionId = options.sessionId ?? null;
+    }
+  }
+  isAdaptive() {
+    return "difficulty" in this.options && this.options.difficulty === "adaptive";
+  }
+  resolveSessionId(sessionId) {
+    const id = sessionId ?? this.defaultSessionId;
+    if (!id) {
+      throw new Error("sessionId is required for adaptive difficulty. Provide it in constructor or as parameter.");
+    }
+    return id;
+  }
+  processOptions(options) {
+    if (typeof options !== "object" || options === null) {
+      throw new Error("Options must be an object");
+    }
+    const opt = options;
+    if (opt.type === "custom") {
+      if (!Array.isArray(opt.questions)) {
+        throw new Error("Custom type requires questions array");
+      }
+      const validation = CustomQuestionValidator.validate(opt.questions);
+      if (!validation.valid) {
+        throw new Error(`Invalid custom questions: ${validation.error}`);
+      }
+      return {
+        type: "custom",
+        questions: CustomQuestionValidator.sanitize(opt.questions),
+        sessionId: opt.sessionId
+      };
+    }
+    const validTypes = ["math", "text", "sequence", "scramble", "reverse", "mixed", "multi", "image", "emoji"];
+    if (!validTypes.includes(opt.type)) {
+      throw new Error(`Invalid type. Must be one of: ${validTypes.join(", ")}`);
+    }
+    const validDifficulties = ["easy", "medium", "hard", "adaptive"];
+    if (!validDifficulties.includes(opt.difficulty)) {
+      throw new Error(`Invalid difficulty. Must be one of: ${validDifficulties.join(", ")}`);
+    }
+    return {
+      type: opt.type,
+      difficulty: opt.difficulty,
+      sessionId: opt.sessionId
+    };
+  }
+  generate(sessionId) {
+    if (!this.isAdaptive()) {
+      return this.generator.generate();
+    }
+    const id = this.resolveSessionId(sessionId);
+    const difficulty = this.adaptiveTracker.getDifficulty(id);
+    return this.generator.generate(difficulty);
+  }
+  validate(challenge, userInput, sessionId) {
+    if (!this.isValidChallenge(challenge)) {
+      return false;
+    }
+    if (typeof userInput !== "string") {
+      return false;
+    }
+    const stored = this.generator.consume(challenge.nonce);
+    if (!stored) {
+      return false;
+    }
+    if (Date.now() > stored.expiry) {
+      return false;
+    }
+    const isValid = CaptchaValidator.validate(stored, userInput);
+    if (this.isAdaptive()) {
+      const id = this.resolveSessionId(sessionId);
+      this.adaptiveTracker.recordAttempt(id, isValid);
+    }
+    return isValid;
+  }
+  clearSession(sessionId) {
+    if (!this.adaptiveTracker) {
+      return false;
+    }
+    return this.adaptiveTracker.clearSession(sessionId);
+  }
+  clearAllSessions() {
+    var _a;
+    (_a = this.adaptiveTracker) == null ? void 0 : _a.clearAll();
+  }
+  getSessionDifficulty(sessionId) {
+    if (!this.adaptiveTracker) {
+      return null;
+    }
+    return this.adaptiveTracker.getDifficulty(sessionId);
+  }
+  isValidChallenge(challenge) {
+    if (typeof challenge !== "object" || challenge === null) {
+      return false;
+    }
+    const c = challenge;
+    return typeof c.type === "string" && typeof c.question === "string" && typeof c.nonce === "string" && c.nonce.length > 0 && typeof c.expiry === "number";
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AdaptiveTracker,
+  CustomQuestionGenerator,
+  CustomQuestionValidator
+});