Both createCard and createDeck inline a gstatic.com thumbnail URL as the card back. That URL is a third-party encoded asset that can 404 or rotate at any time. Replace it with a local asset in src/assets/ so the game renders correctly without an external dependency.
Context
The card-back image is currently fetched from https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSEArMDpLqCtEe0kLcWh5dJj0s-dAnCShz_cQ&s. That URL is a Google Images CDN thumbnail whose content and lifetime Arasaka does not control; if Google invalidates it the entire table renders with broken card backs. The repository already vendors other card imagery under src/assets/ (credit.jpg, virus.jpg, etc.), so adding a bundled card back and importing it is consistent with existing practice. This reduces one external point of failure and makes the production build self-contained, which also makes Playwright e2e runs less flaky.
Affected Files
src/assets/card-back.jpg — new bundled asset replacing the third-party URLsrc/scripts/card.js:21 — card-back img src is the gstatic.com URLsrc/scripts/deck.js:45 — deck-card-back img src is the same gstatic.com URL
Requirements
Verification
- npm ci
- npm run build
- ! grep -r 'gstatic.com' src/
- ls src/assets/card-back.*
- npm test
Not In Scope
- Do not refactor the surrounding card or deck DOM construction beyond swapping the image source.
- Do not introduce a build-time image optimization pipeline or new asset loader.
Evidence
src/scripts/card.js:21 — <img ... src="https://encrypted-tbn0.gstatic.com/images?..."> hard-codes a third-party thumbnail URLsrc/scripts/deck.js:45 — identical gstatic.com URL duplicated in the deck DOM templatesrc/assets/ — already contains local .jpg tokens, proving local assets are the established convention
Arasaka Queue Planning Division.
Both
createCardandcreateDeckinline agstatic.comthumbnail URL as the card back. That URL is a third-party encoded asset that can 404 or rotate at any time. Replace it with a local asset insrc/assets/so the game renders correctly without an external dependency.Context
The card-back image is currently fetched from
https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSEArMDpLqCtEe0kLcWh5dJj0s-dAnCShz_cQ&s. That URL is a Google Images CDN thumbnail whose content and lifetime Arasaka does not control; if Google invalidates it the entire table renders with broken card backs. The repository already vendors other card imagery undersrc/assets/(credit.jpg,virus.jpg, etc.), so adding a bundled card back and importing it is consistent with existing practice. This reduces one external point of failure and makes the production build self-contained, which also makes Playwright e2e runs less flaky.Affected Files
src/assets/card-back.jpg— new bundled asset replacing the third-party URLsrc/scripts/card.js:21—card-backimg src is thegstatic.comURLsrc/scripts/deck.js:45—deck-card-backimg src is the samegstatic.comURLRequirements
src/assets/and referenced from bothcard.jsanddeck.js.src/contains the stringgstatic.comafter the change.npm run buildsucceeds and the produceddist/includes the bundled card-back asset.npm testcontinues to pass.Verification
Not In Scope
Evidence
src/scripts/card.js:21—<img ... src="https://encrypted-tbn0.gstatic.com/images?...">hard-codes a third-party thumbnail URLsrc/scripts/deck.js:45— identicalgstatic.comURL duplicated in the deck DOM templatesrc/assets/— already contains local.jpgtokens, proving local assets are the established conventionArasaka Queue Planning Division.