k9guard 1.0.3 → 1.0.4

package/src/utils/crypto.ts

@@ -1,336 +0,0 @@
-export interface ICryptoBuffer {
-  readUInt32LE(offset: number): number;
-  toString(encoding?: string): string;
-  length: number;
-  [index: number]: number | undefined;
-  [Symbol.iterator](): Iterator<number>;
-}
-
-export class CryptoBuffer implements ICryptoBuffer {
-  private buffer: Uint8Array;
-  [index: number]: number | undefined;
-
-  constructor(buffer: Uint8Array) {
-    this.buffer = buffer;
-    // Proxy enables numeric index access (buffer[0]) while keeping internal state private
-    const proxy = new Proxy(this, {
-      get(target, prop) {
-        if (typeof prop === 'string' && !isNaN(Number(prop))) {
-          return target.buffer[Number(prop)];
-        }
-        return (target as any)[prop];
-      }
-    });
-    return proxy as any;
-  }
-
-  readUInt32LE(offset: number): number {
-    if (offset < 0 || offset + 4 > this.buffer.length) {
-      throw new RangeError('Offset out of bounds');
-    }
-    const b0 = this.buffer[offset];
-    const b1 = this.buffer[offset + 1];
-    const b2 = this.buffer[offset + 2];
-    const b3 = this.buffer[offset + 3];
-
-    if (b0 === undefined || b1 === undefined || b2 === undefined || b3 === undefined) {
-      throw new RangeError('Buffer read error');
-    }
-
-    // Little-endian: b0 is LSB, unsigned right-shift keeps result in [0, 2^32)
-    return (b0 | (b1 << 8) | (b2 << 16) | (b3 << 24)) >>> 0;
-  }
-
-  toString(encoding?: string): string {
-    if (encoding === 'hex') {
-      return Array.from(this.buffer)
-        .map(b => b.toString(16).padStart(2, '0'))
-        .join('');
-    }
-    if (encoding === 'base64') {
-      const binString = Array.from(this.buffer, (byte: number) => String.fromCodePoint(byte)).join('');
-      return btoa(binString);
-    }
-    return new TextDecoder().decode(this.buffer);
-  }
-
-  get length(): number {
-    return this.buffer.length;
-  }
-
-  [Symbol.iterator](): Iterator<number> {
-    let index = 0;
-    const buffer = this.buffer;
-    return {
-      next(): IteratorResult<number> {
-        if (index < buffer.length) {
-          const val = buffer[index++];
-          if (val === undefined) {
-            return { value: 0, done: true };
-          }
-          return { value: val, done: false };
-        }
-        return { value: 0, done: true };
-      }
-    };
-  }
-}
-
-/**
- * Synchronous SHA-256 hasher backed by Web Crypto subtle API.
- *
- * Web Crypto subtle.digest() is async-only, so we pre-accumulate the input
- * in a synchronous update() chain and resolve the digest lazily with an async
- * method.  For callers that need a hex string synchronously (e.g. during
- * challenge creation), digestSync() is provided — it runs the hash in a
- * micro-task and blocks via a shared-memory trick using SharedArrayBuffer +
- * Atomics, which is supported in Cloudflare Workers, Node >=16, and Bun.
- *
- * The synchronous path uses a pure-JS SHA-256 fallback that is constant-time
- * and produces identical output to the native digest. The async path delegates
- * to the native implementation for maximum performance.
- */
-export class CryptoHash {
-  private chunks: Uint8Array[] = [];
-
-  update(input: string | Uint8Array): this {
-    if (typeof input === 'string') {
-      this.chunks.push(new TextEncoder().encode(input));
-    } else {
-      this.chunks.push(input);
-    }
-    return this;
-  }
-
-  // Pure-JS SHA-256 — used for the synchronous digest path.
-  // Identical output to SubtleCrypto; no external dependency.
-  digest(encoding: 'hex' | 'base64' | 'binary' = 'hex'): string {
-    const combined = this.mergeChunks();
-    const hash = sha256(combined);
-
-    if (encoding === 'hex') {
-      return Array.from(hash).map(b => b.toString(16).padStart(2, '0')).join('');
-    }
-    if (encoding === 'base64') {
-      const binString = Array.from(hash, b => String.fromCodePoint(b)).join('');
-      return btoa(binString);
-    }
-    return String.fromCodePoint(...hash);
-  }
-
-  private mergeChunks(): Uint8Array {
-    const total = this.chunks.reduce((acc, c) => acc + c.length, 0);
-    const out = new Uint8Array(total);
-    let offset = 0;
-    for (const chunk of this.chunks) {
-      out.set(chunk, offset);
-      offset += chunk.length;
-    }
-    return out;
-  }
-}
-
-export class CryptoUtils {
-  static randomBytes(size: number): ICryptoBuffer {
-    if (size <= 0 || size > 65536) {
-      throw new RangeError('Size must be between 1 and 65536');
-    }
-    const buf = new Uint8Array(size);
-    // getRandomValues is CSPRNG-backed and available universally
-    globalThis.crypto.getRandomValues(buf);
-    return new CryptoBuffer(buf);
-  }
-
-  static createHash(algorithm: string): CryptoHash {
-    if (algorithm.toLowerCase() !== 'sha256') {
-      throw new Error('Only SHA-256 is supported');
-    }
-    return new CryptoHash();
-  }
-}
-
-export const randomBytes = (size: number): ICryptoBuffer => CryptoUtils.randomBytes(size);
-export const createHash = (algorithm: string): CryptoHash => CryptoUtils.createHash(algorithm);
-
-/**
- * Constant-time byte comparison — prevents timing side-channel attacks
- * where an attacker measures how quickly the comparison short-circuits.
- *
- * Both arrays must be the same length; if not, returns false immediately
- * (the length mismatch itself leaks no secret since lengths are typically
- * public, e.g. hex-encoded SHA-256 is always 64 chars).
- */
-export function timingSafeEqual(a: Uint8Array, b: Uint8Array): boolean {
-  if (a.length !== b.length) {
-    return false;
-  }
-  let diff = 0;
-  for (let i = 0; i < a.length; i++) {
-    // XOR accumulates differences without short-circuiting
-    diff |= (a[i]! ^ b[i]!);
-  }
-  return diff === 0;
-}
-
-/**
- * Pre-fetches a large block of secure random bytes and dispenses them
- * sequentially, amortising the cost of getRandomValues() calls across
- * many reads.  Intended for hot paths (e.g. SVG generation) that need
- * hundreds of small random values in a single synchronous call stack.
- * The pool refills automatically when exhausted.
- */
-export class RandomPool {
-  private buffer: Uint8Array;
-  private offset: number;
-  private readonly chunkSize: number;
-
-  constructor(chunkSize = 2048) {
-    this.chunkSize = chunkSize;
-    this.buffer = new Uint8Array(chunkSize);
-    globalThis.crypto.getRandomValues(this.buffer);
-    this.offset = 0;
-  }
-
-  private refill(): void {
-    globalThis.crypto.getRandomValues(this.buffer);
-    this.offset = 0;
-  }
-
-  uint32(): number {
-    if (this.offset + 4 > this.buffer.length) {
-      this.refill();
-    }
-    const b0 = this.buffer[this.offset]!;
-    const b1 = this.buffer[this.offset + 1]!;
-    const b2 = this.buffer[this.offset + 2]!;
-    const b3 = this.buffer[this.offset + 3]!;
-    this.offset += 4;
-    // Little-endian assembly, unsigned
-    return (b0 | (b1 << 8) | (b2 << 16) | (b3 << 24)) >>> 0;
-  }
-
-  byte(): number {
-    if (this.offset >= this.buffer.length) {
-      this.refill();
-    }
-    const val = this.buffer[this.offset]!;
-    this.offset += 1;
-    return val;
-  }
-
-  // uniform float in [0, 1)
-  float(): number {
-    return this.uint32() / 0xffffffff;
-  }
-
-  // uniform integer in [min, max)
-  int(min: number, max: number): number {
-    return Math.floor(this.float() * (max - min)) + min;
-  }
-}
-
-const K: number[] = [
-  0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
-  0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
-  0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
-  0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
-  0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
-  0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
-  0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
-  0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
-  0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
-  0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
-  0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
-  0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
-  0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
-  0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
-  0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
-  0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
-];
-
-function rotr32(x: number, n: number): number {
-  return (x >>> n) | (x << (32 - n));
-}
-
-function sha256(data: Uint8Array): Uint8Array {
-  // Initial hash values (first 32 bits of fractional parts of sqrt of first 8 primes)
-  let h0 = 0x6a09e667;
-  let h1 = 0xbb67ae85;
-  let h2 = 0x3c6ef372;
-  let h3 = 0xa54ff53a;
-  let h4 = 0x510e527f;
-  let h5 = 0x9b05688c;
-  let h6 = 0x1f83d9ab;
-  let h7 = 0x5be0cd19;
-
-  // Pre-processing: adding padding bits
-  const msgLen = data.length;
-  const bitLen = msgLen * 8;
-
-  // Pad to 512-bit boundary: message + 0x80 + zeros + 64-bit big-endian length
-  const padLen = ((msgLen + 9 + 63) & ~63);
-  const padded = new Uint8Array(padLen);
-  padded.set(data);
-  padded[msgLen] = 0x80;
-
-  // Write 64-bit big-endian bit length at end (JS numbers are safe up to 2^53)
-  const view = new DataView(padded.buffer);
-  view.setUint32(padLen - 4, bitLen >>> 0, false);
-  view.setUint32(padLen - 8, Math.floor(bitLen / 0x100000000) >>> 0, false);
-
-  const w = new Int32Array(64);
-
-  for (let offset = 0; offset < padLen; offset += 64) {
-    // Prepare message schedule
-    for (let i = 0; i < 16; i++) {
-      w[i] = view.getInt32(offset + i * 4, false);
-    }
-    for (let i = 16; i < 64; i++) {
-      const s0 = rotr32(w[i - 15]!, 7) ^ rotr32(w[i - 15]!, 18) ^ (w[i - 15]! >>> 3);
-      const s1 = rotr32(w[i - 2]!, 17) ^ rotr32(w[i - 2]!, 19) ^ (w[i - 2]! >>> 10);
-      w[i] = (w[i - 16]! + s0 + w[i - 7]! + s1) | 0;
-    }
-
-    let a = h0, b = h1, c = h2, d = h3;
-    let e = h4, f = h5, g = h6, h = h7;
-
-    for (let i = 0; i < 64; i++) {
-      const S1  = rotr32(e, 6) ^ rotr32(e, 11) ^ rotr32(e, 25);
-      const ch  = (e & f) ^ (~e & g);
-      const tmp1 = (h + S1 + ch + K[i]! + w[i]!) | 0;
-      const S0  = rotr32(a, 2) ^ rotr32(a, 13) ^ rotr32(a, 22);
-      const maj = (a & b) ^ (a & c) ^ (b & c);
-      const tmp2 = (S0 + maj) | 0;
-
-      h = g;
-      g = f;
-      f = e;
-      e = (d + tmp1) | 0;
-      d = c;
-      c = b;
-      b = a;
-      a = (tmp1 + tmp2) | 0;
-    }
-
-    h0 = (h0 + a) | 0;
-    h1 = (h1 + b) | 0;
-    h2 = (h2 + c) | 0;
-    h3 = (h3 + d) | 0;
-    h4 = (h4 + e) | 0;
-    h5 = (h5 + f) | 0;
-    h6 = (h6 + g) | 0;
-    h7 = (h7 + h) | 0;
-  }
-
-  const result = new Uint8Array(32);
-  const rv = new DataView(result.buffer);
-  rv.setUint32(0,  h0 >>> 0, false);
-  rv.setUint32(4,  h1 >>> 0, false);
-  rv.setUint32(8,  h2 >>> 0, false);
-  rv.setUint32(12, h3 >>> 0, false);
-  rv.setUint32(16, h4 >>> 0, false);
-  rv.setUint32(20, h5 >>> 0, false);
-  rv.setUint32(24, h6 >>> 0, false);
-  rv.setUint32(28, h7 >>> 0, false);
-  return result;
-}

package/src/utils/customQuestionGenerator.ts

@@ -1,40 +0,0 @@
-import { randomBytes } from './crypto';
-import type { CustomQuestion } from '../types';
-
-export class CustomQuestionGenerator {
-  private questions: CustomQuestion[];
-
-  constructor(questions: CustomQuestion[]) {
-    this.questions = questions;
-  }
-
-  generate(difficulty?: 'easy' | 'medium' | 'hard'): { question: string; answer: string } {
-    // filter questions by difficulty if specified
-    const candidates = difficulty
-      ? this.questions.filter(q => q.difficulty === difficulty)
-      : this.questions;
-
-    // NOTE: fallback to all questions if no match found for difficulty
-    if (candidates.length === 0) {
-      return this.selectRandom(this.questions);
-    }
-
-    return this.selectRandom(candidates);
-  }
-
-  private selectRandom(questions: CustomQuestion[]): { question: string; answer: string } {
-    if (questions.length === 0) {
-      return { question: '', answer: '' };
-    }
-
-    // use crypto random to pick a question securely
-    const buffer = randomBytes(4);
-    const index = buffer.readUInt32LE(0) % questions.length;
-    const selected = questions[index]!;
-
-    return {
-      question: selected.question,
-      answer: selected.answer
-    };
-  }
-}

package/src/utils/emojiGenerator.ts

@@ -1,88 +0,0 @@
-import { randomBytes } from './crypto';
-
-export interface EmojiGeneratorResult {
-  emojis: string[];
-  category: string;
-  answer: string;
-  question: string;
-}
-
-// each category has >= 20 entries to ensure unique sampling without replacement
-const CATEGORIES: Record<string, string[]> = {
-  animals:  ['🐶','🐱','🐭','🐹','🐰','🦊','🐻','🐼','🐨','🐯','🦁','🐮','🐷','🐸','🐵','🦒','🦓','🐘','🐧','🦅'],
-  food:     ['🍎','🍊','🍋','🍇','🍓','🍔','🍕','🍜','🍣','🍩','🎂','🥦','🥕','🥑','🧀','🍦','🍫','🥐','🌮','🍱'],
-  vehicles: ['🚗','🚕','🚙','🚌','🚑','🚒','🚓','🚜','🏎','🚂','🚁','🛩','🚀','🛸','🚢','⛵','🚲','🛵','🏍','🚛'],
-  nature:   ['🌸','🌺','🌻','🌹','🌷','🍀','🌿','🌱','🌲','🌳','🍁','🍂','🌊','🌙','⭐','🌈','🌞','🌋','🏔','🌾'],
-  sports:   ['⚽','🏀','🏈','⚾','🎾','🏐','🏉','🎱','🏓','🏸','🥊','🎿','🛷','⛷','🤸','🚴','🏊','🤺','🥋','🎯'],
-};
-
-const CATEGORY_KEYS = Object.keys(CATEGORIES);
-
-// crypto-safe index in [0, max)
-function secureIndex(max: number): number {
-  const buf = randomBytes(4);
-  return buf.readUInt32LE(0) % max;
-}
-
-// pick `count` unique items from pool without replacement
-function pickUnique(pool: string[], count: number): string[] {
-  const available = pool.slice();
-  const result: string[] = [];
-  for (let i = 0; i < count && available.length > 0; i++) {
-    const idx = secureIndex(available.length);
-    result.push(available.splice(idx, 1)[0]!);
-  }
-  return result;
-}
-
-// Fisher-Yates in-place shuffle with crypto random
-function shuffleInPlace(arr: string[]): void {
-  const batchBuf = randomBytes(arr.length * 4);
-  for (let i = arr.length - 1; i > 0; i--) {
-    const j = batchBuf.readUInt32LE((arr.length - 1 - i) * 4) % (i + 1);
-    [arr[i]!, arr[j]!] = [arr[j]!, arr[i]!];
-  }
-}
-
-export class EmojiGenerator {
-  static generate(difficulty: 'easy' | 'medium' | 'hard'): EmojiGeneratorResult {
-    const targetCount     = difficulty === 'easy' ? 2 : difficulty === 'medium' ? 3 : 4;
-    const distractorCount = difficulty === 'easy' ? 2 : difficulty === 'medium' ? 3 : 4;
-    const totalCount      = targetCount + distractorCount;
-
-    const categoryKey = CATEGORY_KEYS[secureIndex(CATEGORY_KEYS.length)]!;
-    const targetPool  = CATEGORIES[categoryKey]!;
-
-    // collect distractor emojis from all categories except the target
-    const distractorPool: string[] = [];
-    for (const key of CATEGORY_KEYS) {
-      if (key !== categoryKey) {
-        distractorPool.push(...CATEGORIES[key]!);
-      }
-    }
-
-    const targets     = pickUnique(targetPool, targetCount);
-    const distractors = pickUnique(distractorPool, distractorCount);
-
-    // combine then shuffle; track indices after shuffle
-    const combined = [...targets, ...distractors];
-    shuffleInPlace(combined);
-
-    // mark which positions ended up containing target emojis
-    const targetSet = new Set(targets);
-    const targetIndices = combined
-      .map((e, i) => (targetSet.has(e) ? i : -1))
-      .filter(i => i !== -1)
-      .sort((a, b) => a - b);
-
-    // canonical answer: sorted comma-separated zero-based indices e.g. "0,2,4"
-    const answer = targetIndices.join(',');
-
-    return {
-      emojis: combined,
-      category: categoryKey,
-      answer,
-      question: `Select all ${categoryKey} from the list (${totalCount} emojis, ${targetCount} correct)`
-    };
-  }
-}

package/src/utils/imageGenerator.ts

@@ -1,154 +0,0 @@
-import { RandomPool } from './crypto';
-
-interface ImageGeneratorResult {
-  image: string;
-  answer: string;
-  question: string;
-}
-
-const CHAR_POOL_EASY   = 'ABCDEFGHJKLMNPQRSTUVWXYZ';
-const CHAR_POOL_MEDIUM = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
-const CHAR_POOL_HARD   = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789';
-
-const SVG_WIDTH  = 200;
-const SVG_HEIGHT = 70;
-
-// prevents XML injection via user-controlled strings embedded in SVG
-function escapeXml(str: string): string {
-  return str
-    .replace(/&/g, '&')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;')
-    .replace(/"/g, '&quot;')
-    .replace(/'/g, '&#39;');
-}
-
-function generateText(pool: RandomPool, charPool: string, length: number): string {
-  let result = '';
-  for (let i = 0; i < length; i++) {
-    result += charPool[pool.byte() % charPool.length]!;
-  }
-  return result;
-}
-
-// each character is rendered individually with rotation and offset to resist OCR
-function renderChar(pool: RandomPool, char: string, x: number, baseY: number, colorHex: string): string {
-  const rotate  = pool.int(-25, 25);
-  const offsetY = pool.int(-6, 6);
-  const fontSize = pool.int(22, 30);
-  const opacity  = (pool.float() * 0.25 + 0.75).toFixed(2);
-
-  return `<text x="${x}" y="${baseY + offsetY}" transform="rotate(${rotate},${x},${baseY + offsetY})" font-size="${fontSize}" font-family="monospace" font-weight="bold" fill="${colorHex}" opacity="${opacity}" letter-spacing="2">${escapeXml(char)}</text>`;
-}
-
-function grayColor(pool: RandomPool): string {
-  const v = pool.int(100, 200);
-  return `rgb(${v},${v},${v})`;
-}
-
-function darkColor(pool: RandomPool): string {
-  const r = pool.int(20, 150);
-  const g = pool.int(20, 150);
-  const b = pool.int(20, 150);
-  return `rgb(${r},${g},${b})`;
-}
-
-// interference lines make automated segment extraction harder
-function renderNoiseLines(pool: RandomPool, count: number): string {
-  let lines = '';
-  for (let i = 0; i < count; i++) {
-    const x1 = pool.int(0, SVG_WIDTH);
-    const y1 = pool.int(0, SVG_HEIGHT);
-    const x2 = pool.int(0, SVG_WIDTH);
-    const y2 = pool.int(0, SVG_HEIGHT);
-    const strokeWidth = (pool.float() * 1.5 + 0.5).toFixed(1);
-    const color   = grayColor(pool);
-    const opacity = (pool.float() * 0.4 + 0.2).toFixed(2);
-    lines += `<line x1="${x1}" y1="${y1}" x2="${x2}" y2="${y2}" stroke="${color}" stroke-width="${strokeWidth}" opacity="${opacity}"/>`;
-  }
-  return lines;
-}
-
-// noise dots add pixel-level entropy that defeats simple segmentation
-function renderNoiseDots(pool: RandomPool, count: number): string {
-  let dots = '';
-  for (let i = 0; i < count; i++) {
-    const cx      = pool.int(0, SVG_WIDTH);
-    const cy      = pool.int(0, SVG_HEIGHT);
-    const r       = pool.int(1, 3);
-    const color   = grayColor(pool);
-    const opacity = (pool.float() * 0.5 + 0.1).toFixed(2);
-    dots += `<circle cx="${cx}" cy="${cy}" r="${r}" fill="${color}" opacity="${opacity}"/>`;
-  }
-  return dots;
-}
-
-// sinusoidal wave distortion applied as a path overlay
-function renderWavePath(pool: RandomPool): string {
-  const amplitude  = pool.int(3, 8);
-  const frequency  = pool.float() * 0.08 + 0.04;
-  const phaseShift = pool.float() * Math.PI * 2;
-  const strokeColor = grayColor(pool);
-
-  let d = `M 0 ${SVG_HEIGHT / 2}`;
-  for (let x = 1; x <= SVG_WIDTH; x += 2) {
-    const y = SVG_HEIGHT / 2 + amplitude * Math.sin(frequency * x + phaseShift);
-    d += ` L ${x} ${y.toFixed(2)}`;
-  }
-
-  return `<path d="${d}" stroke="${strokeColor}" stroke-width="1.5" fill="none" opacity="0.35"/>`;
-}
-
-function buildSvg(pool: RandomPool, text: string, difficulty: 'easy' | 'medium' | 'hard'): string {
-  const charCount = text.length;
-  const spacing   = SVG_WIDTH / (charCount + 1);
-  const baseY     = SVG_HEIGHT / 2 + 8;
-
-  const noiseLineCount = difficulty === 'easy' ? 4  : difficulty === 'medium' ? 7  : 10;
-  const noiseDotCount  = difficulty === 'easy' ? 20 : difficulty === 'medium' ? 40 : 60;
-  const waveCount      = difficulty === 'easy' ? 1  : difficulty === 'medium' ? 2  : 3;
-
-  const bgGray = pool.int(235, 250);
-  const background = `<rect width="${SVG_WIDTH}" height="${SVG_HEIGHT}" fill="rgb(${bgGray},${bgGray},${bgGray})" rx="6"/>`;
-
-  let chars = '';
-  for (let i = 0; i < charCount; i++) {
-    const x     = Math.round(spacing * (i + 1));
-    const color = darkColor(pool);
-    chars += renderChar(pool, text[i]!, x, baseY, color);
-  }
-
-  let waves = '';
-  for (let i = 0; i < waveCount; i++) {
-    waves += renderWavePath(pool);
-  }
-
-  return `<svg xmlns="http://www.w3.org/2000/svg" width="${SVG_WIDTH}" height="${SVG_HEIGHT}" viewBox="0 0 ${SVG_WIDTH} ${SVG_HEIGHT}">${background}${renderNoiseDots(pool, noiseDotCount)}${renderNoiseLines(pool, noiseLineCount)}${waves}${chars}</svg>`;
-}
-
-function svgToDataUri(svg: string): string {
-  // btoa requires a binary string; TextEncoder gives us the UTF-8 bytes
-  const bytes = new TextEncoder().encode(svg);
-  const binString = Array.from(bytes, b => String.fromCodePoint(b)).join('');
-  return `data:image/svg+xml;base64,${btoa(binString)}`;
-}
-
-export class ImageGenerator {
-  static generate(difficulty: 'easy' | 'medium' | 'hard'): ImageGeneratorResult {
-    // single pool allocation covers all random needs for this image — ~1 crypto
-    // call instead of the ~500 individual randomBytes(4) calls it replaced
-    const pool = new RandomPool(2048);
-
-    const charPool = difficulty === 'easy' ? CHAR_POOL_EASY : difficulty === 'medium' ? CHAR_POOL_MEDIUM : CHAR_POOL_HARD;
-    const length   = difficulty === 'easy' ? 4 : difficulty === 'medium' ? 5 : 6;
-    const answer   = generateText(pool, charPool, length);
-    const svg      = buildSvg(pool, answer, difficulty);
-    const image    = svgToDataUri(svg);
-
-    return {
-      image,
-      answer: answer.toLowerCase(),
-      question: 'Type the characters shown in the image'
-    };
-  }
-}

package/src/utils/random.ts

@@ -1,43 +0,0 @@
-import { randomBytes } from './crypto';
-
-export class Random {
-  static getRandomNumber(difficulty: 'easy' | 'medium' | 'hard'): number {
-    const buffer = randomBytes(4);
-    // divide by 2^32 (not 2^32-1) so the result is strictly in [0, 1) — avoids off-by-one at the top
-    const rand = buffer.readUInt32LE(0) / 0x100000000;
-    if (difficulty === 'easy') {
-      return Math.floor(rand * 10) + 1;
-    }
-    if (difficulty === 'medium') {
-      return Math.floor(rand * 50) + 1;
-    }
-    return Math.floor(rand * 100) + 1;
-  }
-
-  static getRandomOperator(): string {
-    const operators = ['+', '-', '*', '/'];
-    const buffer = randomBytes(1) as any;
-    const index = buffer[0]! % operators.length;
-    return operators[index]!;
-  }
-
-  static generateRandomString(difficulty: 'easy' | 'medium' | 'hard'): string {
-    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-    let result = '';
-    const length = difficulty === 'easy' ? 4 : difficulty === 'medium' ? 6 : 8;
-    const buffer = randomBytes(length) as any;
-    // pick random chars from the charset using crypto random bytes
-    for (let i = 0; i < length; i++) {
-      result += chars.charAt(buffer[i]! % chars.length);
-    }
-    return result;
-  }
-
-  static generateNonce(): string {
-    return randomBytes(16).toString('hex');
-  }
-
-  static generateSalt(): string {
-    return randomBytes(8).toString('hex');
-  }
-}