k9guard 1.0.2 → 1.0.4

package/src/utils/crypto.ts

@@ -1,193 +0,0 @@
-/**
- * Cryptographic primitives for k9guard.
- *
- * Uses the native `node:crypto` module (available in Bun and Node >=16) for
- * all hashing so that every digest is a real SHA-256 — not a custom mixing
- * function.  Random bytes are sourced from `crypto.getRandomValues()` via the
- * same module, which is CSPRNG-backed on all supported runtimes.
- *
- * Security guarantees:
- * - SHA-256 collision resistance: 2^128 operations
- * - CSPRNG random bytes: suitable for nonces, salts, and key material
- * - No sensitive data retained after digest() completes
- */
-
-import { createHash as nodeCreateHash, randomBytes as nodeRandomBytes } from 'node:crypto';
-
-export interface ICryptoBuffer {
-  readUInt32LE(offset: number): number;
-  toString(encoding?: string): string;
-  length: number;
-  [index: number]: number | undefined;
-  [Symbol.iterator](): Iterator<number>;
-}
-
-export class CryptoBuffer implements ICryptoBuffer {
-  private buffer: Uint8Array;
-  [index: number]: number | undefined;
-
-  constructor(buffer: Uint8Array) {
-    this.buffer = buffer;
-    // Proxy enables numeric index access (buffer[0]) while keeping internal state private
-    const proxy = new Proxy(this, {
-      get(target, prop) {
-        if (typeof prop === 'string' && !isNaN(Number(prop))) {
-          return target.buffer[Number(prop)];
-        }
-        return (target as any)[prop];
-      }
-    });
-    return proxy as any;
-  }
-
-  readUInt32LE(offset: number): number {
-    if (offset < 0 || offset + 4 > this.buffer.length) {
-      throw new RangeError('Offset out of bounds');
-    }
-    const b0 = this.buffer[offset];
-    const b1 = this.buffer[offset + 1];
-    const b2 = this.buffer[offset + 2];
-    const b3 = this.buffer[offset + 3];
-
-    if (b0 === undefined || b1 === undefined || b2 === undefined || b3 === undefined) {
-      throw new RangeError('Buffer read error');
-    }
-
-    // Little-endian: b0 is LSB, unsigned right-shift keeps result in [0, 2^32)
-    return (b0 | (b1 << 8) | (b2 << 16) | (b3 << 24)) >>> 0;
-  }
-
-  toString(encoding?: string): string {
-    if (encoding === 'hex') {
-      return Array.from(this.buffer)
-        .map(b => b.toString(16).padStart(2, '0'))
-        .join('');
-    }
-    if (encoding === 'base64') {
-      const binString = Array.from(this.buffer, (byte: number) => String.fromCodePoint(byte)).join('');
-      if (typeof btoa !== 'undefined') {
-        return btoa(binString);
-      }
-      return binString;
-    }
-    return new TextDecoder().decode(this.buffer);
-  }
-
-  get length(): number {
-    return this.buffer.length;
-  }
-
-  [Symbol.iterator](): Iterator<number> {
-    let index = 0;
-    const buffer = this.buffer;
-    return {
-      next(): IteratorResult<number> {
-        if (index < buffer.length) {
-          const val = buffer[index++];
-          if (val === undefined) {
-            return { value: 0, done: true };
-          }
-          return { value: val, done: false };
-        }
-        return { value: 0, done: true };
-      }
-    };
-  }
-}
-
-/**
- * Thin wrapper around node:crypto Hash so callers keep the same chained API:
- *   createHash('sha256').update(data).digest('hex')
- *
- * Only SHA-256 is accepted; any other algorithm is rejected at construction
- * time to prevent accidental use of weaker primitives.
- */
-export class CryptoHash {
-  private hash: ReturnType<typeof nodeCreateHash>;
-
-  constructor() {
-    this.hash = nodeCreateHash('sha256');
-  }
-
-  update(input: string | Uint8Array): this {
-    this.hash.update(typeof input === 'string' ? input : Buffer.from(input));
-    return this;
-  }
-
-  digest(encoding: 'hex' | 'base64' | 'binary' = 'hex'): string {
-    return this.hash.digest(encoding);
-  }
-}
-
-export class CryptoUtils {
-  static randomBytes(size: number): ICryptoBuffer {
-    if (size <= 0 || size > 65536) {
-      throw new RangeError('Size must be between 1 and 65536');
-    }
-    const buf = nodeRandomBytes(size);
-    return new CryptoBuffer(new Uint8Array(buf));
-  }
-
-  static createHash(algorithm: string): CryptoHash {
-    if (algorithm.toLowerCase() !== 'sha256') {
-      throw new Error('Only SHA-256 is supported');
-    }
-    return new CryptoHash();
-  }
-}
-
-export const randomBytes = (size: number): ICryptoBuffer => CryptoUtils.randomBytes(size);
-export const createHash = (algorithm: string): CryptoHash => CryptoUtils.createHash(algorithm);
-
-/**
- * Pre-fetches a large block of secure random bytes and dispenses them
- * sequentially, amortizing the cost of crypto API calls across many reads.
- *
- * Intended for hot paths (e.g. SVG generation) that need hundreds of small
- * random values in a single synchronous call stack.  The pool refills
- * automatically when exhausted using the same CSPRNG source.
- */
-export class RandomPool {
-  private buffer: Buffer;
-  private offset: number;
-  private readonly chunkSize: number;
-
-  constructor(chunkSize = 2048) {
-    this.chunkSize = chunkSize;
-    this.buffer = nodeRandomBytes(chunkSize);
-    this.offset = 0;
-  }
-
-  private refill(): void {
-    this.buffer = nodeRandomBytes(this.chunkSize);
-    this.offset = 0;
-  }
-
-  uint32(): number {
-    if (this.offset + 4 > this.buffer.length) {
-      this.refill();
-    }
-    const val = this.buffer.readUInt32LE(this.offset);
-    this.offset += 4;
-    return val;
-  }
-
-  byte(): number {
-    if (this.offset >= this.buffer.length) {
-      this.refill();
-    }
-    const val = this.buffer[this.offset]!;
-    this.offset += 1;
-    return val;
-  }
-
-  // uniform float in [0, 1)
-  float(): number {
-    return this.uint32() / 0xffffffff;
-  }
-
-  // uniform integer in [min, max)
-  int(min: number, max: number): number {
-    return Math.floor(this.float() * (max - min)) + min;
-  }
-}

package/src/utils/customQuestionGenerator.ts

@@ -1,40 +0,0 @@
-import { randomBytes } from './crypto';
-import type { CustomQuestion } from '../types';
-
-export class CustomQuestionGenerator {
-  private questions: CustomQuestion[];
-
-  constructor(questions: CustomQuestion[]) {
-    this.questions = questions;
-  }
-
-  generate(difficulty?: 'easy' | 'medium' | 'hard'): { question: string; answer: string } {
-    // filter questions by difficulty if specified
-    const candidates = difficulty
-      ? this.questions.filter(q => q.difficulty === difficulty)
-      : this.questions;
-
-    // NOTE: fallback to all questions if no match found for difficulty
-    if (candidates.length === 0) {
-      return this.selectRandom(this.questions);
-    }
-
-    return this.selectRandom(candidates);
-  }
-
-  private selectRandom(questions: CustomQuestion[]): { question: string; answer: string } {
-    if (questions.length === 0) {
-      return { question: '', answer: '' };
-    }
-
-    // use crypto random to pick a question securely
-    const buffer = randomBytes(4);
-    const index = buffer.readUInt32LE(0) % questions.length;
-    const selected = questions[index]!;
-
-    return {
-      question: selected.question,
-      answer: selected.answer
-    };
-  }
-}

package/src/utils/emojiGenerator.ts

@@ -1,88 +0,0 @@
-import { randomBytes } from './crypto';
-
-export interface EmojiGeneratorResult {
-  emojis: string[];
-  category: string;
-  answer: string;
-  question: string;
-}
-
-// each category has >= 20 entries to ensure unique sampling without replacement
-const CATEGORIES: Record<string, string[]> = {
-  animals:  ['🐶','🐱','🐭','🐹','🐰','🦊','🐻','🐼','🐨','🐯','🦁','🐮','🐷','🐸','🐵','🦒','🦓','🐘','🐧','🦅'],
-  food:     ['🍎','🍊','🍋','🍇','🍓','🍔','🍕','🍜','🍣','🍩','🎂','🥦','🥕','🥑','🧀','🍦','🍫','🥐','🌮','🍱'],
-  vehicles: ['🚗','🚕','🚙','🚌','🚑','🚒','🚓','🚜','🏎','🚂','🚁','🛩','🚀','🛸','🚢','⛵','🚲','🛵','🏍','🚛'],
-  nature:   ['🌸','🌺','🌻','🌹','🌷','🍀','🌿','🌱','🌲','🌳','🍁','🍂','🌊','🌙','⭐','🌈','🌞','🌋','🏔','🌾'],
-  sports:   ['⚽','🏀','🏈','⚾','🎾','🏐','🏉','🎱','🏓','🏸','🥊','🎿','🛷','⛷','🤸','🚴','🏊','🤺','🥋','🎯'],
-};
-
-const CATEGORY_KEYS = Object.keys(CATEGORIES);
-
-// crypto-safe index in [0, max)
-function secureIndex(max: number): number {
-  const buf = randomBytes(4);
-  return buf.readUInt32LE(0) % max;
-}
-
-// pick `count` unique items from pool without replacement
-function pickUnique(pool: string[], count: number): string[] {
-  const available = pool.slice();
-  const result: string[] = [];
-  for (let i = 0; i < count && available.length > 0; i++) {
-    const idx = secureIndex(available.length);
-    result.push(available.splice(idx, 1)[0]!);
-  }
-  return result;
-}
-
-// Fisher-Yates in-place shuffle with crypto random
-function shuffleInPlace(arr: string[]): void {
-  const batchBuf = randomBytes(arr.length * 4);
-  for (let i = arr.length - 1; i > 0; i--) {
-    const j = batchBuf.readUInt32LE((arr.length - 1 - i) * 4) % (i + 1);
-    [arr[i]!, arr[j]!] = [arr[j]!, arr[i]!];
-  }
-}
-
-export class EmojiGenerator {
-  static generate(difficulty: 'easy' | 'medium' | 'hard'): EmojiGeneratorResult {
-    const targetCount     = difficulty === 'easy' ? 2 : difficulty === 'medium' ? 3 : 4;
-    const distractorCount = difficulty === 'easy' ? 2 : difficulty === 'medium' ? 3 : 4;
-    const totalCount      = targetCount + distractorCount;
-
-    const categoryKey = CATEGORY_KEYS[secureIndex(CATEGORY_KEYS.length)]!;
-    const targetPool  = CATEGORIES[categoryKey]!;
-
-    // collect distractor emojis from all categories except the target
-    const distractorPool: string[] = [];
-    for (const key of CATEGORY_KEYS) {
-      if (key !== categoryKey) {
-        distractorPool.push(...CATEGORIES[key]!);
-      }
-    }
-
-    const targets     = pickUnique(targetPool, targetCount);
-    const distractors = pickUnique(distractorPool, distractorCount);
-
-    // combine then shuffle; track indices after shuffle
-    const combined = [...targets, ...distractors];
-    shuffleInPlace(combined);
-
-    // mark which positions ended up containing target emojis
-    const targetSet = new Set(targets);
-    const targetIndices = combined
-      .map((e, i) => (targetSet.has(e) ? i : -1))
-      .filter(i => i !== -1)
-      .sort((a, b) => a - b);
-
-    // canonical answer: sorted comma-separated zero-based indices e.g. "0,2,4"
-    const answer = targetIndices.join(',');
-
-    return {
-      emojis: combined,
-      category: categoryKey,
-      answer,
-      question: `Select all ${categoryKey} from the list (${totalCount} emojis, ${targetCount} correct)`
-    };
-  }
-}

package/src/utils/imageGenerator.ts

@@ -1,152 +0,0 @@
-import { RandomPool } from './crypto';
-import { Buffer } from 'node:buffer';
-
-interface ImageGeneratorResult {
-  image: string;
-  answer: string;
-  question: string;
-}
-
-const CHAR_POOL_EASY   = 'ABCDEFGHJKLMNPQRSTUVWXYZ';
-const CHAR_POOL_MEDIUM = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
-const CHAR_POOL_HARD   = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789';
-
-const SVG_WIDTH  = 200;
-const SVG_HEIGHT = 70;
-
-// prevents XML injection via user-controlled strings embedded in SVG
-function escapeXml(str: string): string {
-  return str
-    .replace(/&/g, '&')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;')
-    .replace(/"/g, '&quot;')
-    .replace(/'/g, '&#39;');
-}
-
-function generateText(pool: RandomPool, charPool: string, length: number): string {
-  let result = '';
-  for (let i = 0; i < length; i++) {
-    result += charPool[pool.byte() % charPool.length]!;
-  }
-  return result;
-}
-
-// each character is rendered individually with rotation and offset to resist OCR
-function renderChar(pool: RandomPool, char: string, x: number, baseY: number, colorHex: string): string {
-  const rotate  = pool.int(-25, 25);
-  const offsetY = pool.int(-6, 6);
-  const fontSize = pool.int(22, 30);
-  const opacity  = (pool.float() * 0.25 + 0.75).toFixed(2);
-
-  return `<text x="${x}" y="${baseY + offsetY}" transform="rotate(${rotate},${x},${baseY + offsetY})" font-size="${fontSize}" font-family="monospace" font-weight="bold" fill="${colorHex}" opacity="${opacity}" letter-spacing="2">${escapeXml(char)}</text>`;
-}
-
-function grayColor(pool: RandomPool): string {
-  const v = pool.int(100, 200);
-  return `rgb(${v},${v},${v})`;
-}
-
-function darkColor(pool: RandomPool): string {
-  const r = pool.int(20, 150);
-  const g = pool.int(20, 150);
-  const b = pool.int(20, 150);
-  return `rgb(${r},${g},${b})`;
-}
-
-// interference lines make automated segment extraction harder
-function renderNoiseLines(pool: RandomPool, count: number): string {
-  let lines = '';
-  for (let i = 0; i < count; i++) {
-    const x1 = pool.int(0, SVG_WIDTH);
-    const y1 = pool.int(0, SVG_HEIGHT);
-    const x2 = pool.int(0, SVG_WIDTH);
-    const y2 = pool.int(0, SVG_HEIGHT);
-    const strokeWidth = (pool.float() * 1.5 + 0.5).toFixed(1);
-    const color   = grayColor(pool);
-    const opacity = (pool.float() * 0.4 + 0.2).toFixed(2);
-    lines += `<line x1="${x1}" y1="${y1}" x2="${x2}" y2="${y2}" stroke="${color}" stroke-width="${strokeWidth}" opacity="${opacity}"/>`;
-  }
-  return lines;
-}
-
-// noise dots add pixel-level entropy that defeats simple segmentation
-function renderNoiseDots(pool: RandomPool, count: number): string {
-  let dots = '';
-  for (let i = 0; i < count; i++) {
-    const cx      = pool.int(0, SVG_WIDTH);
-    const cy      = pool.int(0, SVG_HEIGHT);
-    const r       = pool.int(1, 3);
-    const color   = grayColor(pool);
-    const opacity = (pool.float() * 0.5 + 0.1).toFixed(2);
-    dots += `<circle cx="${cx}" cy="${cy}" r="${r}" fill="${color}" opacity="${opacity}"/>`;
-  }
-  return dots;
-}
-
-// sinusoidal wave distortion applied as a path overlay
-function renderWavePath(pool: RandomPool): string {
-  const amplitude  = pool.int(3, 8);
-  const frequency  = pool.float() * 0.08 + 0.04;
-  const phaseShift = pool.float() * Math.PI * 2;
-  const strokeColor = grayColor(pool);
-
-  let d = `M 0 ${SVG_HEIGHT / 2}`;
-  for (let x = 1; x <= SVG_WIDTH; x += 2) {
-    const y = SVG_HEIGHT / 2 + amplitude * Math.sin(frequency * x + phaseShift);
-    d += ` L ${x} ${y.toFixed(2)}`;
-  }
-
-  return `<path d="${d}" stroke="${strokeColor}" stroke-width="1.5" fill="none" opacity="0.35"/>`;
-}
-
-function buildSvg(pool: RandomPool, text: string, difficulty: 'easy' | 'medium' | 'hard'): string {
-  const charCount = text.length;
-  const spacing   = SVG_WIDTH / (charCount + 1);
-  const baseY     = SVG_HEIGHT / 2 + 8;
-
-  const noiseLineCount = difficulty === 'easy' ? 4  : difficulty === 'medium' ? 7  : 10;
-  const noiseDotCount  = difficulty === 'easy' ? 20 : difficulty === 'medium' ? 40 : 60;
-  const waveCount      = difficulty === 'easy' ? 1  : difficulty === 'medium' ? 2  : 3;
-
-  const bgGray = pool.int(235, 250);
-  const background = `<rect width="${SVG_WIDTH}" height="${SVG_HEIGHT}" fill="rgb(${bgGray},${bgGray},${bgGray})" rx="6"/>`;
-
-  let chars = '';
-  for (let i = 0; i < charCount; i++) {
-    const x     = Math.round(spacing * (i + 1));
-    const color = darkColor(pool);
-    chars += renderChar(pool, text[i]!, x, baseY, color);
-  }
-
-  let waves = '';
-  for (let i = 0; i < waveCount; i++) {
-    waves += renderWavePath(pool);
-  }
-
-  return `<svg xmlns="http://www.w3.org/2000/svg" width="${SVG_WIDTH}" height="${SVG_HEIGHT}" viewBox="0 0 ${SVG_WIDTH} ${SVG_HEIGHT}">${background}${renderNoiseDots(pool, noiseDotCount)}${renderNoiseLines(pool, noiseLineCount)}${waves}${chars}</svg>`;
-}
-
-function svgToDataUri(svg: string): string {
-  return `data:image/svg+xml;base64,${Buffer.from(svg, 'utf-8').toString('base64')}`;
-}
-
-export class ImageGenerator {
-  static generate(difficulty: 'easy' | 'medium' | 'hard'): ImageGeneratorResult {
-    // single pool allocation covers all random needs for this image — ~1 crypto
-    // call instead of the ~500 individual randomBytes(4) calls it replaced
-    const pool = new RandomPool(2048);
-
-    const charPool = difficulty === 'easy' ? CHAR_POOL_EASY : difficulty === 'medium' ? CHAR_POOL_MEDIUM : CHAR_POOL_HARD;
-    const length   = difficulty === 'easy' ? 4 : difficulty === 'medium' ? 5 : 6;
-    const answer   = generateText(pool, charPool, length);
-    const svg      = buildSvg(pool, answer, difficulty);
-    const image    = svgToDataUri(svg);
-
-    return {
-      image,
-      answer: answer.toLowerCase(),
-      question: 'Type the characters shown in the image'
-    };
-  }
-}

package/src/utils/random.ts

@@ -1,43 +0,0 @@
-import { randomBytes } from './crypto';
-
-export class Random {
-  static getRandomNumber(difficulty: 'easy' | 'medium' | 'hard'): number {
-    const buffer = randomBytes(4);
-    // NOTE: convert crypto bytes to a number between 0 and 1
-    const rand = buffer.readUInt32LE(0) / 0xFFFFFFFF;
-    if (difficulty === 'easy') {
-      return Math.floor(rand * 10) + 1;
-    }
-    if (difficulty === 'medium') {
-      return Math.floor(rand * 50) + 1;
-    }
-    return Math.floor(rand * 100) + 1;
-  }
-
-  static getRandomOperator(): string {
-    const operators = ['+', '-', '*', '/'];
-    const buffer = randomBytes(1) as any;
-    const index = buffer[0]! % operators.length;
-    return operators[index]!;
-  }
-
-  static generateRandomString(difficulty: 'easy' | 'medium' | 'hard'): string {
-    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-    let result = '';
-    const length = difficulty === 'easy' ? 4 : difficulty === 'medium' ? 6 : 8;
-    const buffer = randomBytes(length) as any;
-    // pick random chars from the charset using crypto random bytes
-    for (let i = 0; i < length; i++) {
-      result += chars.charAt(buffer[i]! % chars.length);
-    }
-    return result;
-  }
-
-  static generateNonce(): string {
-    return randomBytes(16).toString('hex');
-  }
-
-  static generateSalt(): string {
-    return randomBytes(8).toString('hex');
-  }
-}

package/src/utils/reverseGenerator.ts

@@ -1,54 +0,0 @@
-import { randomBytes } from './crypto';
-
-export class ReverseGenerator {
-  private static readonly easyWords = [
-    'cat', 'dog', 'sun', 'moon', 'star', 'fish', 'bird', 'tree',
-    'ball', 'book', 'door', 'lamp', 'rock', 'leaf', 'wind', 'fire',
-    'ice', 'sky', 'sea', 'fog', 'rain', 'snow', 'bear', 'wolf',
-    'coin', 'key', 'cup', 'pen', 'box', 'hat', 'map', 'web'
-  ];
-
-  private static readonly mediumWords = [
-    'apple', 'house', 'water', 'bread', 'ocean', 'river', 'tiger', 'eagle',
-    'storm', 'cloud', 'flame', 'frost', 'stone', 'metal', 'glass', 'paper',
-    'forest', 'desert', 'valley', 'castle', 'bridge', 'garden', 'market', 'temple',
-    'dragon', 'wizard', 'knight', 'shield', 'sword', 'crown', 'jewel', 'crystal',
-    'planet', 'galaxy', 'comet', 'nebula', 'cipher', 'enigma', 'puzzle', 'riddle',
-    'shadow', 'mirror', 'portal', 'beacon', 'anchor', 'compass', 'lantern', 'prism'
-  ];
-
-  private static readonly hardWords = [
-    'typescript', 'javascript', 'encryption', 'cryptography', 'algorithm', 'infrastructure',
-    'architecture', 'authentication', 'authorization', 'vulnerability', 'cybersecurity',
-    'blockchain', 'metamorphosis', 'constellation', 'synchronization', 'transformation',
-    'illumination', 'orchestration', 'denomination', 'comprehension', 'manifestation',
-    'extraordinary', 'revolutionary', 'sophisticated', 'kaleidoscope', 'optimization',
-    'crystallization', 'configuration', 'implementation', 'parallelization', 'serialization',
-    'decentralization', 'internationalization', 'containerization', 'virtualization',
-    'obfuscation', 'triangulation', 'interpolation', 'extrapolation', 'approximation',
-    'segmentation', 'fragmentation', 'concatenation', 'regeneration', 'degeneration'
-  ];
-
-  static generate(difficulty: 'easy' | 'medium' | 'hard'): { question: string; answer: string } {
-    let wordPool: string[];
-    
-    if (difficulty === 'easy') {
-      wordPool = this.easyWords;
-    }
-    
-    if (difficulty === 'medium') {
-      wordPool = this.mediumWords;
-    }
-    
-    if (difficulty === 'hard') {
-      wordPool = this.hardWords;
-    }
-    
-    const buf = randomBytes(4);
-    const rand = buf.readUInt32LE(0) / 0xFFFFFFFF;
-    const text = wordPool![Math.floor(rand * wordPool!.length)]!;
-    const reversed = text.split('').reverse().join('');
-    
-    return { question: reversed, answer: text };
-  }
-}

package/src/utils/scrambleGenerator.ts

@@ -1,49 +0,0 @@
-import { randomBytes } from './crypto';
-
-export class ScrambleGenerator {
-  private static readonly easyWords: string[] = [
-    'apple', 'cat', 'dog', 'house', 'sun', 'moon', 'car', 'tree', 'book', 'water'
-  ];
-
-  private static readonly mediumWords: string[] = [
-    'apple', 'cat', 'dog', 'house', 'sun', 'moon', 'car', 'tree', 'book', 'water',
-    'bread', 'milk', 'fish', 'bird', 'flower', 'star', 'hand', 'eye', 'nose', 'mouth'
-  ];
-
-  // hard pool: longer words with uncommon letter patterns to resist guessing
-  private static readonly hardWords: string[] = [
-    'typescript', 'javascript', 'algorithm', 'encryption', 'blockchain',
-    'metamorphosis', 'cryptography', 'synchronize', 'parallelism', 'obfuscation',
-    'infrastructure', 'authentication', 'authorization', 'vulnerability', 'orchestration'
-  ];
-
-  static generate(difficulty: 'easy' | 'medium' | 'hard'): { question: string; answer: string } {
-    let pool: string[];
-    if (difficulty === 'easy') {
-      pool = this.easyWords;
-    } else if (difficulty === 'medium') {
-      pool = this.mediumWords;
-    } else {
-      pool = this.hardWords;
-    }
-
-    const buffer = randomBytes(4);
-    const rand = buffer.readUInt32LE(0) / 0xFFFFFFFF;
-    const word = pool[Math.floor(rand * pool.length)]!;
-    
-    const scrambled = this.scramble(word);
-    return { question: scrambled, answer: word };
-  }
-
-  private static scramble(word: string): string {
-    const arr = word.split('');
-    const n   = arr.length;
-    // batch all uint32 values for Fisher-Yates in one crypto call (n-1 swaps × 4 bytes)
-    const batchBuf = randomBytes(n * 4);
-    for (let i = n - 1; i > 0; i--) {
-      const j = batchBuf.readUInt32LE((n - 1 - i) * 4) % (i + 1);
-      [arr[i]!, arr[j]!] = [arr[j]!, arr[i]!];
-    }
-    return arr.join('');
-  }
-}

package/src/utils/sequenceGenerator.ts

@@ -1,30 +0,0 @@
-import { randomBytes } from './crypto';
-
-export class SequenceGenerator {
-  static generate(difficulty: 'easy' | 'medium' | 'hard'): { question: string; answer: number | string } {
-    if (difficulty === 'easy') {
-      const buffer = randomBytes(4);
-      // NOTE: generate random starting number and step size for arithmetic sequence
-      const start = (buffer.readUInt32LE(0) % 5) + 1;
-      const step = ((buffer.readUInt32LE(0) >> 8) % 3) + 1;
-      const sequence = [start, start + step, start + 2 * step];
-      const answer = start + 3 * step;
-      return { question: `${sequence.join(', ')}, ?`, answer };
-    }
-    if (difficulty === 'medium') {
-      const letters = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J'];
-      const step = 2;
-      // max start ensures all 4 elements (start, +2, +4, +6) fit within the 10-letter array
-      const maxStart = letters.length - step * 3 - 1;
-      const buffer = randomBytes(4);
-      const start = buffer.readUInt32LE(0) % (maxStart + 1);
-      const sequence = [letters[start], letters[start + step], letters[start + 2 * step]];
-      const answer = letters[start + 3 * step]!;
-      return { question: `${sequence.join(', ')}, ?`, answer };
-    }
-    // hard mode uses fibonacci sequence
-    const sequence = [1, 1, 2, 3];
-    const answer = 5;
-    return { question: `${sequence.join(', ')}, ?`, answer };
-  }
-}