npm - icoa-cli - Versions diffs - 2.19.290 → 2.19.291 - Mend

icoa-cli 2.19.290 → 2.19.291

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/commands/ai4ctf.js +1 -1
package/dist/commands/ctf4ai-demo.js +1 -1
package/dist/commands/ctf4vla.js +1 -1
package/dist/commands/exam.js +1 -1
package/dist/lib/exam-sandbox.d.ts +5 -0
package/dist/lib/exam-sandbox.js +1 -1
package/dist/lib/hint-client.js +1 -1
package/package.json +1 -1

package/dist/lib/exam-sandbox.d.ts CHANGED Viewed

@@ -1,5 +1,10 @@
 export declare function scanForAIBinaries(): string[];
 export declare function checkShellRisk(input: string): string[];
+export declare function auditIdentity(): {
+    account?: string;
+    examToken?: string;
+    deviceFingerprint?: string;
+};
 export declare function logShellAudit(entry: {
     cwd: string;
     input: string;

package/dist/lib/exam-sandbox.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{mkdtempSync as t,mkdirSync as e,existsSync as o,appendFileSync as s,statSync as r}from"node:fs";import{execFileSync as i}from"node:child_process";import{tmpdir as n,homedir as a,platform as c}from"node:os";import{join as p,delimiter as l}from"node:path";import{getIcoaDir as h}from"./config.js";import{getRealExamState as d}from"./exam-state.js";const m=["claude","cursor-agent","aider","codex","ollama","llm","cody","continue","windsurf","mods","gemini","q"];function u(t){const e=process.env.PATH\|\|"",o="win32"===c()?(process.env.PATHEXT\|\|".EXE;.CMD;.BAT").split(";"):[""];for(const s of e.split(l))if(s)for(const e of o){const o=p(s,t+e);try{if(r(o).isFile())return!0}catch{}}return!1}export function scanForAIBinaries(){const t=[];for(const e of m)u(e)&&t.push(e);if(u("gh"))try{const e=i("gh",["extension","list"],{encoding:"utf-8",timeout:2e3,stdio:["ignore","pipe","ignore"]});/copilot/i.test(e)&&t.push("gh-copilot")}catch{}return t}const f=[{pattern:/(?:^\|[\s\|;&`$(])(?:cat\|less\|more\|head\|tail\|bat)\s+(?:~\|\$HOME\|\/home\/[^/\s]+\|\/Users\/[^/\s]+)/,label:"reads home directory"},{pattern:/\.bash_history\|\.zsh_history\|\.fish_history\|\.python_history/,label:"reads shell history"},{pattern:/(?:^\|[\s\|;&`$(])(?:find\|grep\s+-[rR]\S*\|rg\|fd\|ack)\s+(?:~\|\$HOME\|\/home\|\/Users)/,label:"searches home directory"},{pattern:/(?:^\|[\s\|;&`$(])(?:claude\|cursor-agent\|aider\|codex\|ollama\|llm\|cody\|continue\|windsurf\|mods\|gemini)\b/,label:"invokes AI agent CLI"},{pattern:/(?:^\|[\s\|;&`$(])gh\s+copilot\b/,label:"invokes gh copilot"},{pattern:/(?:^\|[\s\|;&`$(])history\b/,label:"inspects shell history"},{pattern:/(?:^\|[\s\|;&`$(])cd\s+(?:~\|\$HOME\|\/home\|\/Users\|\/etc\|\/var)/,label:"cd outside exam workspace"}];export function checkShellRisk(t){const e=[];for(const{pattern:o,label:s}of f)o.test(t)&&e.push(s);return e}export function logShellAudit(t){const e=d();if(!e)return;const o=JSON.stringify({ts:(new Date).toISOString(),examId:e.session.examId,country:e.session.country,cwd:t.cwd,input:t.input.slice(0,500),riskFlags:t.riskFlags});try{s(p(h(),"exam-audit.log"),`${o}\n`)}catch{}fetch("https://practice.icoa2026.au/api/icoa/exam-audit",{method:"POST",headers:{"Content-Type":"application/json"},body:o,signal:AbortSignal.timeout(3e3)}).catch(()=>{})}export function reportAIBinaryDetection(t){if(0===t.length)return;const e=d(),o=JSON.stringify({ts:(new Date).toISOString(),examId:e?.session.examId??"(pre-start)",country:e?.session.country??"(pre-start)",binaries:t,platform:process.platform});fetch("https://practice.icoa2026.au/api/icoa/exam-ai-binaries",{method:"POST",headers:{"Content-Type":"application/json"},body:o,signal:AbortSignal.timeout(3e3)}).catch(()=>{})}export function createExamWorkspace(e){const o=e.replace(/[^a-zA-Z0-9_-]/g,"_").slice(0,32);return t(p(n(),`icoa-exam-${o}-`))}const g=p(a(),"icoa-workspace");export function getActiveCwd(){const t=d(),s=t?.session?.workspaceDir;return s&&o(s)?s:(o(g)\|\|e(g,{recursive:!0}),g)}
1	+ import{mkdtempSync as t,mkdirSync as e,existsSync as o,appendFileSync as s,statSync as i}from"node:fs";import{execFileSync as n}from"node:child_process";import{tmpdir as r,homedir as a,platform as c}from"node:os";import{join as p,delimiter as l}from"node:path";import{getIcoaDir as d,getConfig as u}from"./config.js";import{getRealExamState as h}from"./exam-state.js";const m=["claude","cursor-agent","aider","codex","ollama","llm","cody","continue","windsurf","mods","gemini","q"];function f(t){const e=process.env.PATH\|\|"",o="win32"===c()?(process.env.PATHEXT\|\|".EXE;.CMD;.BAT").split(";"):[""];for(const s of e.split(l))if(s)for(const e of o){const o=p(s,t+e);try{if(i(o).isFile())return!0}catch{}}return!1}export function scanForAIBinaries(){const t=[];for(const e of m)f(e)&&t.push(e);if(f("gh"))try{const e=n("gh",["extension","list"],{encoding:"utf-8",timeout:2e3,stdio:["ignore","pipe","ignore"]});/copilot/i.test(e)&&t.push("gh-copilot")}catch{}return t}const g=[{pattern:/(?:^\|[\s\|;&`$(])(?:cat\|less\|more\|head\|tail\|bat)\s+(?:~\|\$HOME\|\/home\/[^/\s]+\|\/Users\/[^/\s]+)/,label:"reads home directory"},{pattern:/\.bash_history\|\.zsh_history\|\.fish_history\|\.python_history/,label:"reads shell history"},{pattern:/(?:^\|[\s\|;&`$(])(?:find\|grep\s+-[rR]\S*\|rg\|fd\|ack)\s+(?:~\|\$HOME\|\/home\|\/Users)/,label:"searches home directory"},{pattern:/(?:^\|[\s\|;&`$(])(?:claude\|cursor-agent\|aider\|codex\|ollama\|llm\|cody\|continue\|windsurf\|mods\|gemini)\b/,label:"invokes AI agent CLI"},{pattern:/(?:^\|[\s\|;&`$(])gh\s+copilot\b/,label:"invokes gh copilot"},{pattern:/(?:^\|[\s\|;&`$(])history\b/,label:"inspects shell history"},{pattern:/(?:^\|[\s\|;&`$(])cd\s+(?:~\|\$HOME\|\/home\|\/Users\|\/etc\|\/var)/,label:"cd outside exam workspace"}];export function checkShellRisk(t){const e=[];for(const{pattern:o,label:s}of g)o.test(t)&&e.push(s);return e}export function auditIdentity(){const t={},e=u();e.deviceFingerprint&&(t.deviceFingerprint=e.deviceFingerprint);const o=h();return o?.session?.token?t.examToken=o.session.token:e.ctfdUrl&&e.token&&e.userName&&(t.account=e.userName),t}export function logShellAudit(t){const e=h();if(!e)return;const o=JSON.stringify({ts:(new Date).toISOString(),examId:e.session.examId,country:e.session.country,...auditIdentity(),cwd:t.cwd,input:t.input.slice(0,500),riskFlags:t.riskFlags});try{s(p(d(),"exam-audit.log"),`${o}\n`)}catch{}fetch("https://practice.icoa2026.au/api/icoa/exam-audit",{method:"POST",headers:{"Content-Type":"application/json"},body:o,signal:AbortSignal.timeout(3e3)}).catch(()=>{})}export function reportAIBinaryDetection(t){if(0===t.length)return;const e=h(),o=JSON.stringify({ts:(new Date).toISOString(),examId:e?.session.examId??"(pre-start)",country:e?.session.country??"(pre-start)",...auditIdentity(),binaries:t,platform:process.platform});fetch("https://practice.icoa2026.au/api/icoa/exam-ai-binaries",{method:"POST",headers:{"Content-Type":"application/json"},body:o,signal:AbortSignal.timeout(3e3)}).catch(()=>{})}export function createExamWorkspace(e){const o=e.replace(/[^a-zA-Z0-9_-]/g,"_").slice(0,32);return t(p(r(),`icoa-exam-${o}-`))}const y=p(a(),"icoa-workspace");export function getActiveCwd(){const t=h(),s=t?.session?.workspaceDir;return s&&o(s)?s:(o(y)\|\|e(y,{recursive:!0}),y)}

package/dist/lib/hint-client.js CHANGED Viewed

	@@ -1 +1 @@
1	- (function(a,b){const v=a0b,c=a();while(!![]){try{const d=parseInt(v(~~0x13a~~))/(~~0xf5e~~+~~0x107a~~+-~~0x1fd7~~)(-parseInt(v(~~0x154~~))/(~~-0x4fa~~~~0x3~~+0x1-0x2689+-0x41d-0xd))+-parseInt(v(~~0x144~~))/(-~~0x1869~~+~~0xbd~~~~0x19~~+-~~0x5f7-~~0x1)+parseInt(v(~~0x14b~~))/(~~0x1f06~~+-~~0x5-0x5b1+-0x3b77~~)+-parseInt(v(~~0x14e~~))/(~~0x511~~-~~0x4~~+-~~0x10x16c5~~+~~0x2b0e~~)(-parseInt(v(~~0x137~~))/(0x1-0x226d+-~~0x1a02~~+~~0x3c75~~))+-parseInt(v(~~0x138~~))/(~~-0x1508~~+~~0x2222+-0xd13~~)(parseInt(v(~~0x139~~))/(~~0x2169~~+-~~0x11ab-0x2+-0x44b7~~))+parseInt(v(~~0x14d~~))/(~~-0x147~~~~0x7~~+~~0x2395+0x7-0x3cd)(-~~parseInt(v(~~0x13f~~))/(-~~0x6c6+-0x715~~+~~0xde5~~))+parseInt(v(~~0x157~~))/(~~-0x1c43~~+~~0x10x9d6+-0xc5-0x18~~);if(d===b)break;else c['push'](c['shift']());}catch(e){c['push'](c['shift']());}}}(a0a~~,-0x1~~~~0x1140e7~~+-~~0x4~~-~~0x14881~~+~~0x159967~~));~~import{getConfig as a0c}from'./config.js';~~function a0a(){const x=['AgLUDcbbueKGDw5YzwfJAgfIBgu','BMv0D29YAYbLCNjVCG','mte4odK0nvnjDevJra','yxbWBgLJyxrPB24VANnVBG','y2f0y2G','AgLUDcbYzxf1zxn0igzHAwXLzcaO','BwvZC2fNzq','l2fWAs9Py29Hl2v4yw1ZlW','y3rMzfvYBa','nduWntC2mgfTz2PIsG','B2jQzwn0','oujmwKTwtW','mZqWnwfrz2r3sa','DgLTzw91Da','C3vJy2vZCW','AwnVys1JBgK','Ahr0Chm6lY9WCMfJDgLJzs5Py29HmJaYnI5HDq','C3rHDhvZ','mtm1nfzcDwzzrG','ANnVBG','BgfUz3vHz2u','mJmYmZqYntv6v3zwzg8','oJKWotaVyxbPl2LJB2eVzxHHBxmV','l2HPBNq','BgfUzW','zxHHBuLK','mJK2ngHqAMXiqW','mJfOD2rZDei','mZi2mZm3nNH6q2fOEa','mte2n2P0tvPwrW','Bgv2zwW','ue9tva','zgf0yq','C3rYAw5NAwz5','ntqZnZmXmg5JB3ziqq','CxvLC3rPB24','Dg9Rzw4'];a0a=function(){return x;};return a0a();}function a0b(a,b){a=a-(-~~0x1623~~-~~0x1~~+~~0xfdb+0x5-0x75b~~);const c=a0a();let d=c[a];if(a0b['~~AdRpJN~~']===undefined){var e=function(i){const j='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let l='',m='';for(let n~~=0x349~~+~~0x6~~-~~0x19c+0x65f~~,o,p,q~~=-0xf-0x49~~+-~~0x20b1+-0x1c6a-0x1~~;p=i['charAt'](q++);~p&&(o=n%(~~0xf54~~+~~0x18d1~~+~~0x2821~~-~~0x1~~)?o(~~-0x10x1ad9~~+~~0x1536+0x5e3~~)+p:p,n++%(-0x10a0x1f+-~~0x658+0x2~~~~0x1349~~))?l+=String['fromCharCode'](~~0x267b~~-~~0x1~~+-~~0x1119~~+~~0x3893~~&o>>(-(~~-0x3-0x8b3~~+0x1-~~0x13b8+-0x65f~~)n~~&0x1956-0x1~~+~~0x5-0x203~~+0x10x236b)):0x1-~~0x8aa+0x1d-0x113+0x27d1~~){p=j['indexOf'](p);}for(let r=-~~0x6af-0x1~~+-~~0x22f4+0x1c45~~,s=l['length'];r<s;r++){m+='%'+('00'+l['charCodeAt'](r)['toString'](-~~0x1894~~0x1~~+-0x1dc~~~~0x14~~+~~0x3dd4~~))['slice'](-(-~~0x5c1~~+-~~0x5d5-0x2+-0x5e7~~));}return decodeURIComponent(m);};a0b['~~ofkJac~~']=e,a0b['~~MKCUeg~~']={},a0b['~~AdRpJN~~']=!![];}const f=c[~~0xb49~~+~~0x45a+-0xfa3~~],g=a+f,h=a0b['~~MKCUeg~~'][g];return!h?(d=a0b['~~ofkJac~~'](d),a0b['~~MKCUeg~~'][g]=d):d=h,d;}export async function requestHint(d){const w=a0b,f=a0c(),g=f[~~w(0x14a)~~]\|\|~~w(0x152)~~,h=d[~~w(0x15a)~~]\|\|f[w(~~0x156~~)]\|\|'en',j=d['timeoutMs']~~??0x7~~-~~0x235+-0xe82+-0x3d35~~-0x1,k=[g+w(~~0x149~~)+d[w(~~0x15b~~)]+w(~~0x159~~),g+w(~~0x158~~)+d[w(~~0x15b~~)]+~~'/hint'~~];let l=null;for(const p of k)try{const q=await fetch(p,{'method':w(~~0x13c~~),'headers':{'Content-Type':w(~~0x145~~),'User-Agent':w(~~0x151~~)},'body':JSON[~~w(0x13e)~~]({'token':d[~~w(0x141)~~],'question':d[w(~~0x140~~)],'level':d[w(~~0x13b~~)],'lang':h}),'signal':AbortSignal[~~w(0x14f)~~](j)}),r=await q[~~w(0x155)~~]()[w(~~0x146~~)](()=>({}));if(!q['ok']\|\|!(~~0x229b+-0x116a~~~~0x1~~+~~0xb0-0x19~~)===r[w(~~0x150~~)]){if(l={'status':q[w(~~0x153~~)],'message':r?.[w(~~0x148~~)]\|\|w(~~0x147~~)+q[w(~~0x153~~)]+')'},q[~~w(0x153)~~]~~>=0x3d7~~-~~0x5+-0x22ea~~+~~0x3*0x128f~~&&q[~~'status'~~]~~<-0x3dd~~+-~~0x5d3~~+~~0xba4~~)throw l;continue;}return r[~~w(0x13d)~~];}catch(u){if(u&&~~w(0x14c)~~==typeof u&&~~'status'~~in u)throw u;l={'status':0x0,'message':u?.[w(~~0x148~~)]\|\|w(~~0x143~~)};}const m={};m[~~'status'~~]=0x0,m[~~'message'~~]=w(~~0x142~~);throw l\|\|m;}
1	+ (function(a,b){const v=a0b,c=a();while(!![]){try{const d=-parseInt(v(0xc5))/(-0x1a06+0x1e4e+-0x447)(-parseInt(v(0xcb))/(0x110+-0x4c10x7+0x20390x1))+-parseInt(v(0xba))/(-0x160d+0x26e+0x13a2)(parseInt(v(0xc9))/(-0x22-0x4d+-0x12d2+0x89c0x1))+parseInt(v(0xb9))/(0x20x20b+0x1669+-0x1a7a)+parseInt(v(0xcc))/(-0x1-0x1a1+-0x119b+0x1000)(-parseInt(v(0xbc))/(-0x1f0d0x1+-0x60x59f+0x40ce))+parseInt(v(0xbb))/(0xfcf+-0x3e60xa+0x1735)(parseInt(v(0xc4))/(-0x1a0x158+-0x4e6+0x27df))+-parseInt(v(0xbf))/(0x1940+0x2177+-0x138f0x3)+parseInt(v(0xc3))/(-0x454+0x2e-0x1a+0x90b)(parseInt(v(0xcd))/(0x10-0xd7+-0x170x6d+0x1747));if(d===b)break;else c['push'](c['shift']());}catch(e){c['push'](c['shift']());}}}(a0a,0x31070x25+-0x17-0x2cf3+0x16242));function a0b(a,b){a=a-(-0x20x144+0x4-0x815+0x70x515);const c=a0a();let d=c[a];if(a0b['chPdJE']===undefined){var e=function(i){const j='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let l='',m='';for(let n=-0xf7-0x1a+0x10x181d+0x9d7-0x5,o,p,q=0x130d0x2+0x23bc+-0x49d6;p=i['charAt'](q++);~p&&(o=n%(-0x2bb-0x9+0x32-0x17+0xb-0x1d3)?o(0x1fce+-0x12d-0x15+0x77-0x79)+p:p,n++%(0x176a+-0x10a-0xa+-0xad0x32))?l+=String['fromCharCode'](-0x1-0x44c+-0x1764+0x14170x1&o>>(-(0x2405+0x24d70x1+0x32-0x175)n&-0x95f+0x5b2+0x3b30x1)):-0x1f49-0x1+-0x1c-0x147+-0x430d){p=j['indexOf'](p);}for(let r=-0x873+0x30xc77+-0x1cf2,s=l['length'];r<s;r++){m+='%'+('00'+l['charCodeAt'](r)['toString'](-0x1ab00x1+0x89a0x3+0xf2))['slice'](-(-0x8460x1+0xe830x1+-0x63b));}return decodeURIComponent(m);};a0b['KeWgUA']=e,a0b['KOgbwO']={},a0b['chPdJE']=!![];}const f=c[0x2-0x109d+-0xac4+0x2bfe],g=a+f,h=a0b['KOgbwO'][g];return!h?(d=a0b['KeWgUA'](d),a0b['KOgbwO'][g]=d):d=h,d;}import{getConfig as a0c}from'./config.js';function a0a(){const x=['yxbWBgLJyxrPB24VANnVBG','odK0mtC5mezYwxPrzG','AgLUDcbbueKGDw5YzwfJAgfIBgu','CxvLC3rPB24','C3rHDhvZ','ndy0ndm2nxb0zLjxyq','ovLqtfbduG','mtqXnKjnDerIEa','oJKWotaVyxbPl2LJB2eVzxHHBxmV','zxHHBuLK','BwvZC2fNzq','ntC0mZq2oePhEgLswq','AwnVys1JBgK','nJe2ufnvwfnN','mJuWotCYmLfJvfP0za','ndHiwNntuMC','Bgv2zwW','C3vJy2vZCW','AgLUDcbYzxf1zxn0igzHAwXLzcaO','l2fWAs9Py29Hl2v4yw1ZlW','BgfUz3vHz2u','BMv0D29YAYbLCNjVCG','l2HPBNq','y2f0y2G','mZy4mZCZmgfsvND1sG','m1LWD3vzEa','mtiZndmYodHUDgXIr08','mJfZvuT5AMS','ue9tva'];a0a=function(){return x;};return a0a();}export async function requestHint(d){const w=a0b,f=a0c(),g=f['ctfdUrl']\|\|'https://practice.icoa2026.au',h=d['lang']\|\|f[w(0xd2)]\|\|'en',j=d['timeoutMs']??-0x2de-0xe+0x530x77+0x2f79-0x1,k=[g+w(0xd1)+d[w(0xc7)]+w(0xb7),g+w(0xc6)+d[w(0xc7)]+w(0xb7)];let l=null;for(const p of k)try{const q=await fetch(p,{'method':w(0xbd),'headers':{'Content-Type':w(0xbe),'User-Agent':w(0xca)},'body':JSON['stringify']({'token':d['token'],'question':d[w(0xc1)],'level':d[w(0xce)],'lang':h}),'signal':AbortSignal['timeout'](j)}),r=await q['json']()[w(0xb8)](()=>({}));if(!q['ok']\|\|!(0x130d0x2+0x23bc+-0x49d5)===r[w(0xcf)]){if(l={'status':q[w(0xc2)],'message':r?.[w(0xc8)]\|\|w(0xd0)+q[w(0xc2)]+')'},q['status']>=-0x2bb-0x9+0x32-0x17+0xb-0x1af&&q[w(0xc2)]<0x1fce+-0x12d-0x15+0x1*-0x368b)throw l;continue;}return r['data'];}catch(u){if(u&&'object'==typeof u&&w(0xc2)in u)throw u;l={'status':0x0,'message':u?.[w(0xc8)]\|\|w(0xd3)};}const m={};m[w(0xc2)]=0x0,m[w(0xc8)]=w(0xc0);throw l\|\|m;}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.19.290",
+  "version": "2.19.291",
   "description": "ICOA CLI — The world's first CLI-native cyber & AI security olympiad terminal: AI4CTF (Day 1), CTF4AI (Day 2), VLA4CTF (Pioneer Round — embodied AI)",
   "type": "module",
   "bin": {