icoa-cli 2.19.34 → 2.19.36

package/dist/commands/ai4ctf.js

@@ -17,6 +17,10 @@ function getChallengeContext() {
 let chatActive = false;
 let chatSession = null;
 let chatTokensUsed = 0;
+// Set true when the user burns through DEMO_TOKEN_CAP without solving. The
+// chat session stays alive so `!<shell>` and `submit <flag>` still work, but
+// further AI messages are blocked. See the reveal path in handleChatMessage.
+let tokensLocked = false;
 const DEMO_TOKEN_CAP = 5000;
 export function isChatActive() {
     return chatActive;
@@ -39,36 +43,45 @@ const DEMO_FLAG = 'icoa{w3lc0me_2_ai4ctf}';
 //      already enough. Instead c explains the hint principle and reminds the
 //      user how to run a shell command inside ai4ctf (the `!` prefix).
 // This mirrors real competition behavior where trivial challenges cap at hint b.
-const DEMO_HINTS = {
-    a: [
-        'The string ends with "==" and uses only letters, digits, "+", "/", and "=".',
-        'That pattern is a fingerprint — you have seen it before.',
-        'Where is "=" typically used as padding?',
-    ],
-    b: [
-        'This is Base64 encoded. Decode the string to find the flag.',
-    ],
-    c: [
-        'Hints never give you the answer directly — they only point you in the right direction.',
-        'For simple challenges like this one, hint c adds nothing extra:',
-        'hint b already tells you everything you need.',
-        '',
-        'If you do not remember how to decode Base64, ask your AI teammate —',
-        'just type a question like: how do I decode Base64 on the command line?',
-        '',
-        'To run a shell command inside ai4ctf, prefix it with "!". For example:',
-        '',
-        '    !echo aWNvYXt3M2xjMG1lXzJfYWk0Y3RmfQ== | base64 -d',
-    ],
-};
+// Multi-line hint bodies live in i18n.ts (ai4ctfHintABody/BBody/CBody).
+// Shown when the user hits the 5000-token demo cap without solving. Keeps
+// the session alive (no chatActive=false) so they can still paste the shell
+// command below and then `submit <flag>`.
+function showTokenCapReveal() {
+    console.log();
+    console.log(chalk.yellow('  ─────────────────────────────────────────────'));
+    console.log(chalk.bold.yellow(`  ${t('ai4ctfRevealTitle')}`));
+    console.log(chalk.yellow('  ─────────────────────────────────────────────'));
+    console.log();
+    for (const line of t('ai4ctfRevealBody').split('\n')) {
+        if (line === '')
+            console.log();
+        else
+            console.log(chalk.white('    ' + line));
+    }
+    console.log();
+    console.log(chalk.cyan('        !echo aWNvYXt3M2xjMG1lXzJfYWk0Y3RmfQ== | base64 -d'));
+    console.log();
+    console.log(chalk.white(`    ${t('ai4ctfRevealSeeFlag')}`));
+    console.log();
+    console.log(chalk.green('        icoa{w3lc0me_2_ai4ctf}'));
+    console.log();
+    console.log(chalk.white(`    ${t('ai4ctfRevealThenSubmit')}`));
+    console.log();
+    console.log(chalk.cyan('        submit icoa{w3lc0me_2_ai4ctf}'));
+    console.log();
+    console.log(chalk.gray(`    ${t('ai4ctfRevealLockNote')}`));
+    console.log();
+}
 function showDemoHint(tier) {
     const title = tier === 'a' ? t('ai4ctfHintA') : tier === 'b' ? t('ai4ctfHintB') : t('ai4ctfHintC');
+    const body = tier === 'a' ? t('ai4ctfHintABody') : tier === 'b' ? t('ai4ctfHintBBody') : t('ai4ctfHintCBody');
     const tierLabel = `Hint ${tier.toUpperCase()}`;
     const color = tier === 'a' ? chalk.green : tier === 'b' ? chalk.yellow : chalk.red;
     console.log();
     console.log(color.bold(`  ▸ ${tierLabel}  `) + chalk.gray(title));
     console.log();
-    for (const line of DEMO_HINTS[tier]) {
+    for (const line of body.split('\n')) {
         if (line === '')
             console.log();
         else
@@ -76,11 +89,11 @@ function showDemoHint(tier) {
     }
     console.log();
     if (tier === 'a') {
-        console.log(chalk.gray('    Stuck? Try: ') + chalk.cyan('hint b'));
+        console.log(chalk.gray(`    ${t('ai4ctfHintNextA')} `) + chalk.cyan('hint b'));
         console.log();
     }
     else if (tier === 'b') {
-        console.log(chalk.gray('    Really stuck? Try: ') + chalk.cyan('hint c'));
+        console.log(chalk.gray(`    ${t('ai4ctfHintNextB')} `) + chalk.cyan('hint c'));
         console.log();
     }
     // No trailing CTA after hint c — the content itself explains everything.
@@ -125,41 +138,53 @@ export async function handleChatMessage(input) {
             await sleep(1500);
             console.log();
             console.log(chalk.cyan('  ─────────────────────────────────────────────'));
-            console.log(chalk.bold.white('  ✨ What you just learned'));
+            console.log(chalk.bold.white(`  ${t('ai4ctfWrapTitle')}`));
             console.log(chalk.cyan('  ─────────────────────────────────────────────'));
             console.log();
-            console.log(chalk.white('    1. Need a command? ') + chalk.gray('Just ask your AI teammate in natural'));
-            console.log(chalk.gray('       language — "how do I decode Base64 on the command line?"'));
-            console.log(chalk.gray('       You do not need to memorize every tool. The AI era is'));
-            console.log(chalk.gray('       about ') + chalk.white('thinking') + chalk.gray(', not mechanical memorization.'));
+            const wrap1Head = t('ai4ctfWrapLine1Head');
+            const wrap1Body = t('ai4ctfWrapLine1Body');
+            console.log(chalk.white(`    1. ${wrap1Head} `) + chalk.gray(wrap1Body.split('\n')[0] || ''));
+            for (const line of wrap1Body.split('\n').slice(1)) {
+                if (line.trim())
+                    console.log(chalk.gray('       ' + line.replace(/\{thinking\}/g, 'thinking')));
+            }
             console.log();
-            console.log(chalk.white('    2. Need to run something? ') + chalk.gray('Prefix shell commands with "!":'));
+            console.log(chalk.white(`    2. ${t('ai4ctfWrapLine2Head')} `) + chalk.gray(t('ai4ctfWrapLine2Body')));
             console.log();
             console.log(chalk.cyan('          !echo aWNvYXt3M2xjMG1lXzJfYWk0Y3RmfQ== | base64 -d'));
             console.log();
             await sleep(2000);
             console.log(chalk.cyan('  ─────────────────────────────────────────────'));
-            console.log(chalk.bold.white('  🎯 Real competition hint quotas'));
+            console.log(chalk.bold.white(`  ${t('ai4ctfWrapQuotasTitle')}`));
             console.log(chalk.cyan('  ─────────────────────────────────────────────'));
             console.log();
-            console.log(chalk.yellow('       hint a   ') + chalk.white('50 uses per competition   ') + chalk.gray('(use freely)'));
-            console.log(chalk.yellow('       hint b   ') + chalk.white('10 uses                   ') + chalk.gray('(when stuck)'));
-            console.log(chalk.yellow('       hint c   ') + chalk.white(' 2 uses                   ') + chalk.gray('(last resort)'));
+            console.log(chalk.yellow('       hint a   ') + chalk.white(t('ai4ctfWrapQuotaA').padEnd(26)) + chalk.gray(t('ai4ctfWrapQuotaAHint')));
+            console.log(chalk.yellow('       hint b   ') + chalk.white(t('ai4ctfWrapQuotaB').padEnd(26)) + chalk.gray(t('ai4ctfWrapQuotaBHint')));
+            console.log(chalk.yellow('       hint c   ') + chalk.white(t('ai4ctfWrapQuotaC').padEnd(26)) + chalk.gray(t('ai4ctfWrapQuotaCHint')));
             console.log();
-            console.log(chalk.gray('    Prefer hint a → b → c. And when you just need to look'));
-            console.log(chalk.gray('    something up, chat with the AI first — it costs nothing'));
-            console.log(chalk.gray('    against your hint quota.'));
+            for (const line of t('ai4ctfWrapQuotaFooter').split('\n')) {
+                console.log(chalk.gray('    ' + line));
+            }
             console.log();
             await sleep(2000);
             console.log(chalk.cyan('  ─────────────────────────────────────────────'));
-            console.log(chalk.bold.white('  🔜 Next up: ') + chalk.red.bold('ctf4ai') + chalk.white(' — trick the AI into saying "koala"'));
+            console.log(chalk.bold.white(`  ${t('ai4ctfWrapNextTitle')} `) + chalk.red.bold('ctf4ai') + chalk.white(` — ${t('ai4ctfWrapNextSub')}`));
             console.log(chalk.cyan('  ─────────────────────────────────────────────'));
             console.log();
-            console.log(chalk.white('    This next demo ') + chalk.bold.white('does not need programming') + chalk.white(' — just your'));
-            console.log(chalk.white('    wit and creativity. Can you make a "safe" AI break its'));
-            console.log(chalk.white('    own rules?'));
+            const nextBody = t('ai4ctfWrapNextBody');
+            const noProg = t('ai4ctfWrapNoProg');
+            const lines = nextBody.split('\n');
+            // First line contains the {noProg} placeholder to bold-emphasize.
+            if (lines[0]) {
+                const [before, after] = lines[0].split('{noProg}');
+                console.log(chalk.white('    ' + (before || '')) + chalk.bold.white(noProg) + chalk.white(after || ''));
+            }
+            for (const line of lines.slice(1)) {
+                if (line.trim())
+                    console.log(chalk.white('    ' + line));
+            }
             console.log();
-            console.log(chalk.gray('    Type: ') + chalk.bold.red('ctf4ai'));
+            console.log(chalk.gray(`    ${t('ai4ctfWrapTypeCtf4ai')} `) + chalk.bold.red('ctf4ai'));
             console.log();
             return 'exit';
         }
@@ -214,12 +239,14 @@ export async function handleChatMessage(input) {
         console.log();
         return 'exit';
     }
-    if (chatTokensUsed >= DEMO_TOKEN_CAP) {
-        chatActive = false;
-        chatSession = null;
-        // Report the token-cap session so the server can count "hit the wall"
-        // outcomes. Without this, a user who burned 5000 tokens without solving
-        // was invisible to the admin dashboard.
+    // Token cap: first hit → reveal the answer, lock AI, but keep the session
+    // alive so the user can still paste the shell command and then submit.
+    // `tokensLocked` prevents any further sendMessage calls.
+    if (!tokensLocked && chatTokensUsed >= DEMO_TOKEN_CAP) {
+        tokensLocked = true;
+        // Report the token-cap session once (solved:false). If the user then
+        // submits the revealed flag, the submit-success path fires another POST
+        // with solved:true which is the canonical record.
         fetch('https://practice.icoa2026.au/api/icoa/demo-stats', {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
@@ -229,16 +256,18 @@ export async function handleChatMessage(input) {
         console.log();
         console.log(chalk.yellow(`  ${t('tokenLimit')}`));
         drawTokenBar();
+        showTokenCapReveal();
+        return 'continue';
+    }
+    // If AI is locked (post-reveal), bounce any non-shell, non-submit input
+    // back to the user with a reminder of what actually works now.
+    if (tokensLocked) {
         console.log();
-        console.log(chalk.gray('  ─────────────────────────────────────────'));
-        console.log(chalk.white(`  ${t('ai4ctfReport')}`));
-        console.log(chalk.gray(`  ${t('ai4ctfTokens')}: ${chatTokensUsed}/${DEMO_TOKEN_CAP}`));
-        console.log(chalk.gray(`  ${t('ai4ctfModel')}: Google Gemma 4 (gemma-4-31b-it)`));
-        console.log(chalk.gray('  ─────────────────────────────────────────'));
-        console.log();
-        console.log(chalk.white(`  ${t('ai4ctfNext')}`));
+        console.log(chalk.yellow(`  ${t('ai4ctfLockedTitle')}`));
+        console.log(chalk.gray(`  ${t('ai4ctfLockedUse')} `) + chalk.cyan('!echo aWNvYXt3M2xjMG1lXzJfYWk0Y3RmfQ== | base64 -d'));
+        console.log(chalk.gray(`  ${t('ai4ctfLockedThen')} `) + chalk.cyan('submit icoa{w3lc0me_2_ai4ctf}'));
         console.log();
-        return 'exit';
+        return 'continue';
     }
     console.log(chalk.gray(`  ${t('ai4ctfThinking')}`));
     try {
@@ -280,6 +309,7 @@ export function registerAi4ctfCommand(program) {
         }
         chatActive = true;
         chatTokensUsed = 0;
+        tokensLocked = false;
         // Guided welcome
         console.log();
         console.log(chalk.green.bold(`  ═══ ${t('ai4ctfTitle')} ═══`));
@@ -308,19 +338,19 @@ export function registerAi4ctfCommand(program) {
         console.log(chalk.gray(`              ${t('ai4ctfHintCUses')}`));
         console.log();
         console.log(chalk.gray('  ─────────────────────────────────────────'));
-        console.log(chalk.bold.white('  👉 New here? Start with the hints in order:'));
-        console.log('    ' + chalk.cyan('hint a') + chalk.gray('   → nudge'));
-        console.log('    ' + chalk.cyan('hint b') + chalk.gray('   → technique'));
-        console.log('    ' + chalk.cyan('hint c') + chalk.gray('   → principle + shell reminder'));
-        console.log(chalk.gray('    (hints guide you — they never give the answer directly)'));
+        console.log(chalk.bold.white(`  ${t('ai4ctfWelcomeCta')}`));
+        console.log('    ' + chalk.cyan('hint a') + chalk.gray(`   → ${t('ai4ctfHintNudge')}`));
+        console.log('    ' + chalk.cyan('hint b') + chalk.gray(`   → ${t('ai4ctfHintTechnique')}`));
+        console.log('    ' + chalk.cyan('hint c') + chalk.gray(`   → ${t('ai4ctfHintPrinciple')}`));
+        console.log(chalk.gray(`    ${t('ai4ctfWelcomeNoReveal')}`));
         console.log();
-        console.log(chalk.white('  Or chat freely with your AI teammate — ask anything'));
-        console.log(chalk.gray('  about the challenge. Example: ') + chalk.white('"what encoding is this?"'));
+        console.log(chalk.white(`  ${t('ai4ctfOrChat')}`));
+        console.log(chalk.gray(`  ${t('ai4ctfOrChatExample')} `) + chalk.white('"what encoding is this?"'));
         console.log();
         console.log(chalk.yellow(`  ${t('ai4ctfCommands')}`));
-        console.log(chalk.white('    hint a / b / c  ') + chalk.gray('pre-written hints (safe to use)'));
+        console.log(chalk.white('    hint a / b / c  ') + chalk.gray(t('ai4ctfCmdHintLine')));
         console.log(chalk.white('    submit <flag>   ') + chalk.gray(t('ai4ctfSubmitCmd')));
-        console.log(chalk.white('    !<shell cmd>    ') + chalk.gray('run a shell command'));
+        console.log(chalk.white('    !<shell cmd>    ') + chalk.gray(t('ai4ctfCmdShellLine')));
         console.log(chalk.gray('                    e.g. ') + chalk.white('!echo aWNv... | base64 -d'));
         console.log(chalk.gray(`    exit            ${t('ai4ctfEndSession')}`));
         console.log();

package/dist/commands/ctf4ai-demo.js

@@ -50,18 +50,20 @@ function printDemoReport(ctf4aiSolved, ctf4aiTokens) {
     console.log(chalk.white(`  ${t('theoryDone2')}`));
     console.log();
     if (hasWrongAnswers) {
-        console.log(chalk.white('  💪 Want to nail the ones you missed? Type: ') + chalk.bold.cyan('retry'));
+        console.log(chalk.white(`  💪 ${t('reportRetryCta')} `) + chalk.bold.cyan('retry'));
         console.log();
     }
     console.log(chalk.cyan('  ─────────────────────────────────────────────'));
     console.log(chalk.white(`  ${t('reportReady')}`));
     if (hasWrongAnswers) {
-        console.log(chalk.cyan('    retry') + chalk.gray(`       retry the ${retryQueue.length} wrong question${retryQueue.length > 1 ? 's' : ''}`));
+        const n = retryQueue.length;
+        const tmpl = n === 1 ? t('reportRetryWrongN') : t('reportRetryWrongNPlural');
+        console.log(chalk.cyan('    retry') + chalk.gray(`       ${tmpl.replace('{n}', String(n))}`));
     }
-    console.log(chalk.white('    back') + chalk.gray(`        return to main menu`));
+    console.log(chalk.white('    back') + chalk.gray(`        ${t('reportBackHint')}`));
     console.log(chalk.white('    demo') + chalk.gray(`        ${t('reportDemo')}`));
     console.log(chalk.white('    nations') + chalk.gray(`     ${t('reportNations')}`));
-    console.log(chalk.white('    about') + chalk.gray(`       ${t('reportAbout')}`));
+    console.log(chalk.white('    about') + chalk.gray(`       ${t('reportAboutHint')}`));
     console.log();
     console.log(chalk.yellow('  ICOA 2026 · Sydney, Australia · Jun 27 - Jul 2'));
     console.log(chalk.cyan.underline('  https://icoa2026.au'));

package/dist/commands/exam.js

@@ -260,8 +260,8 @@ function printQuestion(q, answer) {
     console.log(chalk.yellow('    A/B/C/D') + chalk.gray(`       ${t('answerThis')}`));
     console.log(chalk.yellow('    help') + '          ' + helpLabel);
     console.log(chalk.yellow('    next') + chalk.gray(' / ') + chalk.yellow('prev') + chalk.gray(`    ${t('htpNav')}`));
-    console.log(chalk.yellow(`    exam q 1..${total}`) + chalk.gray('   jump to a specific question'));
-    console.log(chalk.yellow('    exam review') + chalk.gray('   check progress'));
+    console.log(chalk.yellow(`    exam q 1..${total}`) + chalk.gray(`   ${t('htpJump')}`));
+    console.log(chalk.yellow('    exam review') + chalk.gray(`   ${t('htpReview')}`));
     console.log(chalk.yellow('    back') + chalk.gray(`          ${t('htpBack')}`));
     console.log(chalk.yellow('    lang') + chalk.gray(`          ${t('htpLang')}`));
     console.log(chalk.gray('  ─────────────────────────────────────────'));
@@ -929,7 +929,7 @@ export function registerExamCommand(program) {
                 await sleep(2000);
                 console.log();
                 console.log(chalk.cyan('  ─────────────────────────────────────────────'));
-                console.log(chalk.white('  Next: ') + chalk.bold.green('ai4ctf') + chalk.gray(` — ${t('ai4ctfDesc')}`));
+                console.log(chalk.white(`  ${t('nextLabel')} `) + chalk.bold.green('ai4ctf') + chalk.gray(` — ${t('ai4ctfDesc')}`));
                 console.log(chalk.gray(`  ${t('ai4ctfSub')}`));
                 console.log(chalk.cyan('  ─────────────────────────────────────────────'));
                 console.log();

package/dist/lib/i18n.d.ts

@@ -1,5 +1,5 @@
-type Strings = typeof EN;
-declare const EN: {
+type Strings = Partial<typeof EN>;
+export declare const EN: {
     howToPlay: string;
     htpAnswer: string;
     htpHelp: string;
@@ -139,6 +139,54 @@ declare const EN: {
     forNational: string;
     viewRegions: string;
     enterExam: string;
+    htpJump: string;
+    htpReview: string;
+    nextLabel: string;
+    reportRetryCta: string;
+    reportRetryWrongN: string;
+    reportRetryWrongNPlural: string;
+    reportBackHint: string;
+    reportAboutHint: string;
+    ai4ctfWelcomeCta: string;
+    ai4ctfHintNudge: string;
+    ai4ctfHintTechnique: string;
+    ai4ctfHintPrinciple: string;
+    ai4ctfWelcomeNoReveal: string;
+    ai4ctfOrChat: string;
+    ai4ctfOrChatExample: string;
+    ai4ctfCmdHintLine: string;
+    ai4ctfCmdShellLine: string;
+    ai4ctfHintABody: string;
+    ai4ctfHintBBody: string;
+    ai4ctfHintCBody: string;
+    ai4ctfHintNextA: string;
+    ai4ctfHintNextB: string;
+    ai4ctfWrapTitle: string;
+    ai4ctfWrapLine1Head: string;
+    ai4ctfWrapLine1Body: string;
+    ai4ctfWrapLine2Head: string;
+    ai4ctfWrapLine2Body: string;
+    ai4ctfWrapQuotasTitle: string;
+    ai4ctfWrapQuotaA: string;
+    ai4ctfWrapQuotaAHint: string;
+    ai4ctfWrapQuotaB: string;
+    ai4ctfWrapQuotaBHint: string;
+    ai4ctfWrapQuotaC: string;
+    ai4ctfWrapQuotaCHint: string;
+    ai4ctfWrapQuotaFooter: string;
+    ai4ctfWrapNextTitle: string;
+    ai4ctfWrapNextSub: string;
+    ai4ctfWrapNextBody: string;
+    ai4ctfWrapNoProg: string;
+    ai4ctfWrapTypeCtf4ai: string;
+    ai4ctfRevealTitle: string;
+    ai4ctfRevealBody: string;
+    ai4ctfRevealSeeFlag: string;
+    ai4ctfRevealThenSubmit: string;
+    ai4ctfRevealLockNote: string;
+    ai4ctfLockedTitle: string;
+    ai4ctfLockedUse: string;
+    ai4ctfLockedThen: string;
 };
 export declare function t(key: keyof Strings): string;
 export declare function hasFullTranslation(lang: string): boolean;