icoa-cli 2.15.13 → 2.16.0

package/dist/commands/exam.js

@@ -98,8 +98,6 @@ function printQuestion(q, answer) {
     const answered = Object.keys(state?.answers || {}).length;
     const help = getHelpState(state);
     const eliminated = help.eliminated[q.number] || [];
-    // Top hint
-    console.log(chalk.gray('  Type "back" to pause · Don\'t type "exit" (it quits CLI)'));
     // Progress bar
     printQuestionProgress(q.number, total, answered);
     // Easter egg
@@ -125,16 +123,16 @@ function printQuestion(q, answer) {
         }
     }
     console.log();
-    // Bottom: compact nav + help status
+    // Full menu on every question
     const remaining = help.max - help.used;
-    const helpStatus = remaining > 0
-        ? chalk.yellow(`help ${remaining}/${help.max}`)
-        : (help.max < 8 ? chalk.gray('help 0/5 — ') + chalk.yellow('more help') : chalk.gray('help 0/8'));
-    console.log(chalk.gray('  ') + chalk.white('A/B/C/D') +
-        chalk.gray('  ·  ') + helpStatus +
-        (q.number > 1 ? chalk.gray('  ·  ') + chalk.white('prev') : '') +
-        (q.number < total ? chalk.gray('  ·  ') + chalk.white('next') : '') +
-        chalk.gray('  ·  ') + chalk.white('back'));
+    const helpLabel = remaining > 0 ? `remove a wrong option (${remaining}/${help.max})` : (help.max < 8 ? 'used up — type more help for +3' : `used up (${help.used}/${help.max})`);
+    console.log(chalk.gray('  ─────────────────────────────────────────'));
+    console.log(chalk.yellow('    A/B/C/D') + chalk.gray('       answer this question'));
+    console.log(chalk.yellow('    help') + chalk.gray(`          ${helpLabel}`));
+    console.log(chalk.yellow('    next') + chalk.gray(' / ') + chalk.yellow('prev') + chalk.gray('    move between questions'));
+    console.log(chalk.yellow('    back') + chalk.gray('          pause and return to menu'));
+    console.log(chalk.yellow('    lang es') + chalk.gray('       switch language'));
+    console.log(chalk.gray('  ─────────────────────────────────────────'));
 }
 export function registerExamCommand(program) {
     const exam = program.command('exam').description('National selection exam');
@@ -846,7 +844,7 @@ export function registerExamCommand(program) {
         printHeader('ICOA Demo Exam — Free Practice');
         console.log();
         console.log(chalk.white('  Free practice · No account needed · No time limit'));
-        console.log(chalk.white('  30 questions · Pick one answer per question'));
+        console.log(chalk.white('  15 questions · Pick one answer per question'));
         console.log();
         printHowToPlay();
         console.log();
@@ -869,7 +867,7 @@ export function registerExamCommand(program) {
         console.log();
         console.log();
         saveExamState({ session, questions: DEMO_QUESTIONS, answers: {} });
-        printKeyValue('Questions', '30');
+        printKeyValue('Questions', '15');
         printKeyValue('Duration', 'No time limit');
         // Show first question
         printQuestion(DEMO_QUESTIONS[0]);

package/dist/lib/demo-exam.js

@@ -8,13 +8,12 @@ export const DEMO_SESSION = {
     examName: 'ICOA Demo Exam — Free Practice',
     startedAt: '',
     durationMinutes: 0, // 0 = no time limit for demo
-    questionCount: 30,
+    questionCount: 15,
     country: 'ALL',
 };
 export const DEMO_ANSWERS = {
-    1: 'B', 2: 'B', 3: 'C', 4: 'B', 5: 'C', 6: 'B', 7: 'B', 8: 'C', 9: 'C', 10: 'B',
-    11: 'C', 12: 'B', 13: 'B', 14: 'B', 15: 'B', 16: 'B', 17: 'B', 18: 'B', 19: 'C', 20: 'B',
-    21: 'A', 22: 'B', 23: 'B', 24: 'B', 25: 'B', 26: 'B', 27: 'B', 28: 'B', 29: 'A', 30: 'C',
+    1: 'B', 2: 'B', 3: 'C', 4: 'C', 5: 'B', 6: 'B', 7: 'C', 8: 'B',
+    9: 'B', 10: 'B', 11: 'B', 12: 'B', 13: 'B', 14: 'B', 15: 'C',
 };
 export const DEMO_QUESTIONS = [
     { number: 1, text: 'Which algorithm is NOT a symmetric cipher?', category: 'Cryptography',
@@ -23,59 +22,29 @@ export const DEMO_QUESTIONS = [
         options: { A: 'Buffer overflow in web server', B: 'Unsanitized user input in database queries', C: 'Weak encryption algorithms', D: 'Misconfigured firewall rules' } },
     { number: 3, text: 'Which HTTP status code indicates "Forbidden"?', category: 'Web Security',
         options: { A: '401', B: '404', C: '403', D: '500' } },
-    { number: 4, text: 'What is the primary purpose of a nonce in cryptography?', category: 'Cryptography',
-        options: { A: 'Encrypt data at rest', B: 'Prevent replay attacks', C: 'Generate random passwords', D: 'Compress data before encryption' } },
-    { number: 5, text: 'Which tool is commonly used for network packet capture?', category: 'Network',
+    { number: 4, text: 'Which tool is commonly used for network packet capture?', category: 'Network',
         options: { A: 'Burp Suite', B: 'Ghidra', C: 'Wireshark', D: 'John the Ripper' } },
-    { number: 6, text: 'What does XSS stand for in cybersecurity?', category: 'Web Security',
+    { number: 5, text: 'What does XSS stand for in cybersecurity?', category: 'Web Security',
         options: { A: 'Extended Security System', B: 'Cross-Site Scripting', C: 'XML Secure Socket', D: 'Cross-Server Sharing' } },
-    { number: 7, text: 'What is the primary function of a firewall?', category: 'Network',
-        options: { A: 'Encrypt network data', B: 'Filter network traffic based on security rules', C: 'Detect viruses in files', D: 'Speed up internet connection' } },
-    { number: 8, text: 'Which type of malware disguises itself as legitimate software?', category: 'Malware',
+    { number: 6, text: 'Which type of malware disguises itself as legitimate software?', category: 'Malware',
         options: { A: 'Worm', B: 'Ransomware', C: 'Trojan', D: 'Adware' } },
-    { number: 9, text: 'Which protocol provides secure communication on the web?', category: 'Network',
-        options: { A: 'HTTP', B: 'FTP', C: 'HTTPS', D: 'SMTP' } },
-    { number: 10, text: 'What is a cryptographic hash?', category: 'Cryptography',
-        options: { A: 'A reversible encryption key', B: 'A one-way function producing a fixed-size digest', C: 'An authentication protocol', D: 'A type of digital signature' } },
-    { number: 11, text: 'Which tool is used for binary analysis?', category: 'Reverse Engineering',
-        options: { A: 'Nmap', B: 'SQLMap', C: 'Ghidra', D: 'Nikto' } },
-    { number: 12, text: 'Which attack manipulates DNS requests to redirect traffic?', category: 'Network',
-        options: { A: 'Phishing', B: 'DNS Spoofing', C: 'SQL Injection', D: 'Brute Force' } },
-    { number: 13, text: 'What is the standard port for SSH?', category: 'Network',
+    { number: 7, text: 'What is the standard port for SSH?', category: 'Network',
         options: { A: '21', B: '22', C: '80', D: '443' } },
-    { number: 14, text: 'What is two-factor authentication (2FA)?', category: 'Authentication',
+    { number: 8, text: 'What is a cryptographic hash?', category: 'Cryptography',
+        options: { A: 'A reversible encryption key', B: 'A one-way function producing a fixed-size digest', C: 'An authentication protocol', D: 'A type of digital signature' } },
+    { number: 9, text: 'What is two-factor authentication (2FA)?', category: 'Authentication',
         options: { A: 'Using two different passwords', B: 'Verifying identity with two distinct types of credentials', C: 'Encrypting data twice', D: 'Connecting through two networks' } },
-    { number: 15, text: 'Which Linux command shows open ports on a system?', category: 'Linux',
+    { number: 10, text: 'Which Linux command shows open ports on a system?', category: 'Linux',
         options: { A: 'ls -la', B: 'netstat -tulpn', C: 'chmod 777', D: 'cat /etc/passwd' } },
-    { number: 16, text: 'What is a Man-in-the-Middle (MitM) attack?', category: 'Network',
+    { number: 11, text: 'What is a Man-in-the-Middle (MitM) attack?', category: 'Network',
         options: { A: 'Accessing a server without authorization', B: 'Intercepting and modifying communications between two parties', C: 'Sending multiple requests to overload a server', D: 'Guessing passwords by brute force' } },
-    { number: 17, text: 'Which of these is a hash algorithm?', category: 'Cryptography',
-        options: { A: 'AES-256', B: 'SHA-256', C: 'RSA-2048', D: 'Diffie-Hellman' } },
-    { number: 18, text: 'What is the principle of least privilege?', category: 'Security',
+    { number: 12, text: 'What is the principle of least privilege?', category: 'Security',
         options: { A: 'Give root access to all users', B: 'Grant only the permissions necessary to perform a task', C: 'Use the shortest password possible', D: 'Disable all firewalls' } },
-    { number: 19, text: 'Which tool is commonly used for port scanning?', category: 'Network',
-        options: { A: 'Wireshark', B: 'Metasploit', C: 'Nmap', D: 'Hashcat' } },
-    { number: 20, text: 'What is ransomware?', category: 'Malware',
-        options: { A: 'Software that shows unwanted ads', B: 'Software that encrypts files and demands payment to decrypt', C: 'Software that records keystrokes', D: 'Software that replicates across networks' } },
-    { number: 21, text: 'What is the difference between symmetric and asymmetric encryption?', category: 'Cryptography',
-        options: { A: 'Symmetric uses the same key to encrypt and decrypt; asymmetric uses two different keys', B: 'Symmetric is slower than asymmetric', C: 'Asymmetric only works with small files', D: 'There is no significant difference' } },
-    { number: 22, text: 'Which vulnerability allows arbitrary code execution on a web server?', category: 'Web Security',
-        options: { A: 'CSRF', B: 'Remote Code Execution (RCE)', C: 'Clickjacking', D: 'Open Redirect' } },
-    { number: 23, text: 'What is OWASP?', category: 'Security',
-        options: { A: 'A security operating system', B: 'An organization that publishes web security standards and guides', C: 'A type of firewall', D: 'A programming language for security' } },
-    { number: 24, text: 'Which Linux command changes file permissions?', category: 'Linux',
-        options: { A: 'chown', B: 'chmod', C: 'chgrp', D: 'passwd' } },
-    { number: 25, text: 'What is an SSL/TLS certificate?', category: 'Cryptography',
-        options: { A: 'A file containing malware', B: 'A digital document that verifies a website\'s identity', C: 'A private key for SSH', D: 'A type of encrypted database' } },
-    { number: 26, text: 'Which of the following is a social engineering attack?', category: 'Security',
+    { number: 13, text: 'Which of the following is a social engineering attack?', category: 'Security',
         options: { A: 'Buffer overflow', B: 'Phishing', C: 'SQL Injection', D: 'Port scanning' } },
-    { number: 27, text: 'What does the Linux command "grep" do?', category: 'Linux',
-        options: { A: 'Compresses files', B: 'Searches for text patterns in files', C: 'Shows active processes', D: 'Configures the network' } },
-    { number: 28, text: 'What is a VPN?', category: 'Network',
+    { number: 14, text: 'What is a VPN?', category: 'Network',
         options: { A: 'A type of virus', B: 'A virtual private network that encrypts internet traffic', C: 'A file transfer protocol', D: 'A vulnerability scanner' } },
-    { number: 29, text: 'What is CSRF (Cross-Site Request Forgery)?', category: 'Web Security',
-        options: { A: 'An attack that forces a user\'s browser to perform unauthorized actions', B: 'A data encryption method', C: 'A type of network scanner', D: 'A file compression technique' } },
-    { number: 30, text: 'What is the best practice for storing passwords in a database?', category: 'Security',
+    { number: 15, text: 'What is the best practice for storing passwords in a database?', category: 'Security',
         options: { A: 'Plain text', B: 'Encrypted with AES', C: 'Hashed with salt', D: 'Encoded in Base64' } },
 ];
 /**

package/dist/repl.js

@@ -181,7 +181,7 @@ export async function startRepl(program, resumeMode) {
         console.log(chalk.white('   Ready to start? Just type ') + chalk.bold.cyan('demo') + chalk.white(' and press ') + chalk.yellow('Enter') + chalk.white('!'));
         console.log();
         console.log(chalk.gray('   ─────────────────────────────────────────────'));
-        console.log(chalk.bold.cyan('     demo') + chalk.gray('            Free practice exam (30 questions)'));
+        console.log(chalk.bold.cyan('     demo') + chalk.gray('            Free practice exam (15 questions)'));
         console.log(chalk.white('     exam <token>') + chalk.gray('    Enter exam with access token'));
         console.log(chalk.white('     lang es') + chalk.gray('         Switch language (15 supported)'));
         console.log(chalk.gray('                     e.g. lang es (Español), lang zh, lang fr'));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.15.13",
+  "version": "2.16.0",
   "description": "ICOA CLI — The world's first CLI-native CTF competition terminal",
   "type": "module",
   "bin": {