v0.6.0 — Password lab and deep .zefer analyzer

Password lab and deep .zefer analyzer.

Added

• Generator/Analyzer tabs — /generator is now a two-tab password lab; every generated key gets its own strength meter, score and effective bits, sorted highest → lowest
• 2 new key types — Base58 Readable (standard Bitcoin alphabet, no 0 O I l — safe to dictate or hand-copy) and PIN (digits only), shared with the home popover via the canonical MODES list
• Advanced generation options (collapsible panel, persisted): exclude ambiguous characters, exclude custom characters, guarantee all character classes, no consecutive repeats, dash grouping every 4/6/8
• Stop-slider controls — length (presets 16–1024 + custom up to 2048) and quantity (1–50, default 1) use a horizontal slider with dot markers mathematically centered on the thumb path, plus a manual input
• Security report (SecurityInsights, shared by the config panel and the analyzer tab): 4 attack scenarios (10²–10¹⁵ guesses/s), cybersecurity framework checks (NIST SP 800-63B, OWASP ≥64 bits, long-term ≥100 bits, AES-128 ≥128 bits, post-quantum Grover), total keyspace, post-quantum entropy, and comparison vs an average human password (~40 bits) — collapsible on the generator tab
• Plain-language tooltips — 12 explanations (es/en/pt) for entropy, scenarios, each framework check, keyspace, post-quantum bits and the average comparison
• Deep .zefer analysis (/analyzer) — structural integrity (chunk-framing walk, corruption/truncation detection, chunk count, estimated content size), ciphertext randomness via Shannon entropy, salt/IV hex, full-file SHA-256 fingerprint, KDF resistance table (per-GPU guess rate from the file's iterations + crack times for typical passphrase strengths vs a 1,000-GPU fleet) and severity-tagged security observations (weak KDF, public hint/note, reveal-key surface, compression side-channel, low entropy, broken structure)

Changed

• Realistic file-size limits — the old formula derived the limit from the V8 heap cap (~4 GB on every desktop, freezing all machines at ~1.5 GB). Limits are now tiered by reported RAM + CPU threads: workstations (20+ threads or 64+ GB RAM) reach 10 GB, mid-range desktops 2–8 GB, mobile 256 MB–1.5 GB. /device page explanation updated accordingly; file reads now fail gracefully with a clear message if the browser cannot allocate
• /how — password generation explained: new section documenting the engine (CSPRNG, rejection sampling, 7 alphabets, analysis/scoring with attack scenarios and compliance, advanced options) with a link to /generator
• "Proyecto" dropdown: project, donate and author links consolidated into a modern dropdown on desktop and an accordion row inside the mobile drawer (aria-expanded/haspopup, outside-click close)
• Donations FAB: floating Buy Me a Coffee button (safe-area aware, pulsing glow via color-mix, reduced-motion safe) on every page
• 36 new unit tests for the password engine (app/lib/passwords.ts added to the coverage gates): charsets and modes, unbiased generation (including the rejection-sampling branch via a mocked CSPRNG), advanced options, analysis warnings and scoring bands, crack-time buckets (no Infinity), compliance checks and superscript formatting — suite grows from 125 to 161 tests, 100% line coverage maintained
• README, AGENTS.md, CLAUDE.md, docs/ARCHITECTURE.md, public/llms.txt and public/agents.md updated with the generator/analyzer pages, the password engine API, new preferences and design-system classes; privacy policy now states explicitly that the tools process everything locally

Fixed

• "Decrypt this file" on /analyzer now hands the analyzed file directly to the decrypt form (client-side navigation handoff) instead of landing on an empty form
• "Infinity years" — crack times are computed in log space (2^bits overflows Number past ~1024 bits); extreme configs now render ≈10ⁿ years with Unicode superscripts
• Checked toggles never turned green — Tailwind cannot variant plain CSS classes; native .peer:checked ~ selectors now style the track and knob (also fixes the home dual-key toggles)
• Saved keygen preferences were never applied — local state initialized before localStorage hydration; the popover now adopts preferences when they arrive
• Scenario labels wrapping — shortened and truncate-protected; technical detail moved into the scenarios tooltip
• Service Worker in development — now registers only in production, preventing stale-chunk issues while developing

Full Changelog: v0.2.0...v0.6.0