npm - icoa-cli - Versions diffs - 2.19.30 → 2.19.32 - Mend

icoa-cli 2.19.30 → 2.19.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/commands/ai4ctf.js +74 -21
package/package.json +1 -1

package/dist/commands/ai4ctf.js CHANGED Viewed

@@ -5,6 +5,7 @@ import { getConfig } from '../lib/config.js';
 import { logCommand } from '../lib/logger.js';
 import { printMarkdown, printError } from '../lib/ui.js';
 import { t } from '../lib/i18n.js';
+const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
 function getChallengeContext() {
     const config = getConfig();
     if (config.currentChallengeName && config.currentChallengeCategory) {
@@ -31,24 +32,33 @@ function drawTokenBar() {
     console.log(chalk.gray('  Tokens: ') + color('█'.repeat(filled)) + chalk.gray('░'.repeat(empty)) + chalk.gray(` ${used}/${cap} (${pct}%)`));
 }
 const DEMO_FLAG = 'icoa{w3lc0me_2_ai4ctf}';
-// Scripted hints for the built-in Base64 demo challenge. These mirror the
-// three real-competition hint tiers (nudge → technique → near-answer) so
-// the user can feel what `hint a/b/c` will be like in the actual event.
+// Scripted hints for the built-in Base64 demo challenge. The hint philosophy:
+// - a: nudge you toward the fingerprint (padding, charset).
+// - b: tell you the encoding name, nothing more. No shell command.
+// - c: for simple challenges, c deliberately adds no new info — hint b was
+//      already enough. Instead c explains the hint principle and reminds the
+//      user how to run a shell command inside ai4ctf (the `!` prefix).
+// This mirrors real competition behavior where trivial challenges cap at hint b.
 const DEMO_HINTS = {
     a: [
-        'The string ends with `==` and contains only letters, digits, `+`, `/`, and `=`.',
-        'That pattern is a fingerprint — you have seen it before. Think about where `=` is used as *padding*.',
+        'The string ends with "==" and uses only letters, digits, "+", "/", and "=".',
+        'That pattern is a fingerprint — you have seen it before.',
+        'Where is "=" typically used as padding?',
     ],
     b: [
-        'That is **Base64**. The `==` is padding; the character set (A–Z, a–z, 0–9, +, /) confirms it.',
-        'You can decode it right in this shell — try:',
-        '    !echo aWNvYXt3M2xjMG1lXzJfYWk0Y3RmfQ== | base64 -d',
-        'Or just ask the AI: "decode this for me".',
+        'This is Base64 encoded. Decode the string to find the flag.',
     ],
     c: [
-        'The decoded value is `icoa{w3lc0me_2_ai4ctf}`.',
-        'Submit it with:',
-        '    submit icoa{w3lc0me_2_ai4ctf}',
+        'Hints never give you the answer directly — they only point you in the right direction.',
+        'For simple challenges like this one, hint c adds nothing extra:',
+        'hint b already tells you everything you need.',
+        '',
+        'If you do not remember how to decode Base64, ask your AI teammate —',
+        'just type a question like: how do I decode Base64 on the command line?',
+        '',
+        'To run a shell command inside ai4ctf, prefix it with "!". For example:',
+        '',
+        '    !echo aWNvYXt3M2xjMG1lXzJfYWk0Y3RmfQ== | base64 -d',
     ],
 };
 function showDemoHint(tier) {
@@ -59,17 +69,21 @@ function showDemoHint(tier) {
     console.log(color.bold(`  ▸ ${tierLabel}  `) + chalk.gray(title));
     console.log();
     for (const line of DEMO_HINTS[tier]) {
-        console.log(chalk.white('    ' + line));
+        if (line === '')
+            console.log();
+        else
+            console.log(chalk.white('    ' + line));
     }
     console.log();
-    const nextTier = tier === 'a' ? 'b' : tier === 'b' ? 'c' : null;
-    if (nextTier) {
-        console.log(chalk.gray(`    Need more? Type: `) + chalk.cyan(`hint ${nextTier}`));
+    if (tier === 'a') {
+        console.log(chalk.gray('    Stuck? Try: ') + chalk.cyan('hint b'));
+        console.log();
     }
-    else {
-        console.log(chalk.gray('    That is the deepest hint. Try: ') + chalk.cyan('submit icoa{w3lc0me_2_ai4ctf}'));
+    else if (tier === 'b') {
+        console.log(chalk.gray('    Really stuck? Try: ') + chalk.cyan('hint c'));
+        console.log();
     }
-    console.log();
+    // No trailing CTA after hint c — the content itself explains everything.
 }
 export async function handleChatMessage(input) {
     if (!chatSession)
@@ -104,7 +118,45 @@ export async function handleChatMessage(input) {
                 body: JSON.stringify({ type: 'ai4ctf', solved: true, tokensUsed: chatTokensUsed, timestamp: new Date().toISOString() }),
                 signal: AbortSignal.timeout(5000),
             }).catch(() => { });
-            console.log(chalk.white(`  ${t('ai4ctfNext')}`));
+            // Wrap-up summary — only shown after a successful solve.
+            await sleep(1500);
+            console.log();
+            console.log(chalk.cyan('  ─────────────────────────────────────────────'));
+            console.log(chalk.bold.white('  ✨ What you just learned'));
+            console.log(chalk.cyan('  ─────────────────────────────────────────────'));
+            console.log();
+            console.log(chalk.white('    1. Need a command? ') + chalk.gray('Just ask your AI teammate in natural'));
+            console.log(chalk.gray('       language — "how do I decode Base64 on the command line?"'));
+            console.log(chalk.gray('       You do not need to memorize every tool. The AI era is'));
+            console.log(chalk.gray('       about ') + chalk.white('thinking') + chalk.gray(', not mechanical memorization.'));
+            console.log();
+            console.log(chalk.white('    2. Need to run something? ') + chalk.gray('Prefix shell commands with "!":'));
+            console.log();
+            console.log(chalk.cyan('          !echo aWNvYXt3M2xjMG1lXzJfYWk0Y3RmfQ== | base64 -d'));
+            console.log();
+            await sleep(2000);
+            console.log(chalk.cyan('  ─────────────────────────────────────────────'));
+            console.log(chalk.bold.white('  🎯 Real competition hint quotas'));
+            console.log(chalk.cyan('  ─────────────────────────────────────────────'));
+            console.log();
+            console.log(chalk.yellow('       hint a   ') + chalk.white('50 uses per competition   ') + chalk.gray('(use freely)'));
+            console.log(chalk.yellow('       hint b   ') + chalk.white('10 uses                   ') + chalk.gray('(when stuck)'));
+            console.log(chalk.yellow('       hint c   ') + chalk.white(' 2 uses                   ') + chalk.gray('(last resort)'));
+            console.log();
+            console.log(chalk.gray('    Prefer hint a → b → c. And when you just need to look'));
+            console.log(chalk.gray('    something up, chat with the AI first — it costs nothing'));
+            console.log(chalk.gray('    against your hint quota.'));
+            console.log();
+            await sleep(2000);
+            console.log(chalk.cyan('  ─────────────────────────────────────────────'));
+            console.log(chalk.bold.white('  🔜 Next up: ') + chalk.red.bold('ctf4ai') + chalk.white(' — trick the AI into saying "koala"'));
+            console.log(chalk.cyan('  ─────────────────────────────────────────────'));
+            console.log();
+            console.log(chalk.white('    This next demo ') + chalk.bold.white('does not need programming') + chalk.white(' — just your'));
+            console.log(chalk.white('    wit and creativity. Can you make a "safe" AI break its'));
+            console.log(chalk.white('    own rules?'));
+            console.log();
+            console.log(chalk.gray('    Type: ') + chalk.bold.red('ctf4ai'));
             console.log();
             return 'exit';
         }
@@ -248,7 +300,8 @@ export function registerAi4ctfCommand(program) {
         console.log(chalk.bold.white('  👉 New here? Start with the hints in order:'));
         console.log('    ' + chalk.cyan('hint a') + chalk.gray('   → nudge'));
         console.log('    ' + chalk.cyan('hint b') + chalk.gray('   → technique'));
-        console.log('    ' + chalk.cyan('hint c') + chalk.gray('   → near-answer'));
+        console.log('    ' + chalk.cyan('hint c') + chalk.gray('   → principle + shell reminder'));
+        console.log(chalk.gray('    (hints guide you — they never give the answer directly)'));
         console.log();
         console.log(chalk.white('  Or chat freely with your AI teammate — ask anything'));
         console.log(chalk.gray('  about the challenge. Example: ') + chalk.white('"what encoding is this?"'));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.19.30",
+  "version": "2.19.32",
   "description": "ICOA CLI — The world's first CLI-native CTF competition terminal",
   "type": "module",
   "bin": {