icoa-cli 2.19.36 → 2.19.38

package/dist/commands/ctf4ai-demo.js

@@ -1,4 +1,5 @@
 import chalk from 'chalk';
+import { createChatSession } from '../lib/gemini.js';
 import { logCommand } from '../lib/logger.js';
 import { printError } from '../lib/ui.js';
 import { getConfig } from '../lib/config.js';
@@ -200,23 +201,7 @@ export function registerCtf4aiDemoCommand(program) {
         console.log(chalk.gray(`  ${t('ctf4aiQuit')}`));
         console.log();
         try {
-            // Create chat with restrictive system prompt
-            const { GoogleGenAI } = await import('@google/genai');
-            const apiKey = process.env.GEMINI_API_KEY || config.geminiApiKey || 'AIzaSyBLjo2UjaFqWmFaCap0TpiXjo9cDqFmY-E';
-            const ai = new GoogleGenAI({ apiKey });
-            const chat = ai.chats.create({
-                model: modelName,
-                config: { systemInstruction: CTF4AI_SYSTEM_PROMPT },
-            });
-            ctf4aiSession = {
-                async sendMessage(msg) {
-                    const response = await chat.sendMessage({ message: msg });
-                    const text = response.text ?? '';
-                    const usage = response.usageMetadata;
-                    const tokensUsed = usage?.totalTokenCount || ((usage?.promptTokenCount || 0) + (usage?.candidatesTokenCount || 0));
-                    return { text, tokensUsed };
-                },
-            };
+            ctf4aiSession = await createChatSession(undefined, CTF4AI_SYSTEM_PROMPT);
             ctf4aiActive = true;
             ctf4aiTokens = 0;
             console.log(chalk.red('  ctf4ai> ') + chalk.gray(`${t('ctf4aiPrompt')}`));

package/dist/commands/exam.js

@@ -183,17 +183,29 @@ function printHowToPlay() {
     console.log(chalk.gray('                  ru · hi · de · id · th · vi · tr'));
     console.log(chalk.gray('  ─────────────────────────────────────────'));
 }
-// Australian easter eggs every 3 questions (for 15-question demo)
-function getEasterEggs() {
-    return {
-        3: { emoji: '🏛️', text: t('egg3') },
-        5: { emoji: '🐨', text: t('egg5') },
-        7: { emoji: '🌉', text: t('egg7') },
-        9: { emoji: '🦘', text: t('egg9') },
-        11: { emoji: '🏖️', text: t('egg11') },
-        13: { emoji: '🦈', text: t('egg13') },
-        15: { emoji: '🎉', text: t('egg15') },
-    };
+// Australian easter eggs at percentage-based positions. The messages were
+// originally written for a 15-question exam; we now map them by percentage
+// so they fire at the right moment regardless of question count (10 or 15).
+function getEasterEgg(current, total) {
+    const EGGS = [
+        { pct: 0.20, emoji: '🏛️', key: 'egg3' }, // Great start
+        { pct: 0.33, emoji: '🐨', key: 'egg5' }, // 1/3 done
+        { pct: 0.50, emoji: '🌉', key: 'egg7' }, // Keep going (halfway)
+        { pct: 0.60, emoji: '🦘', key: 'egg9' }, // Past halfway
+        { pct: 0.80, emoji: '🏖️', key: 'egg11' }, // Almost there
+        { pct: 0.87, emoji: '🦈', key: 'egg13' }, // 2 more to go
+        { pct: 1.00, emoji: '🎉', key: 'egg15' }, // All done
+    ];
+    const seen = new Set();
+    for (const egg of EGGS) {
+        const targetQ = Math.round(egg.pct * total);
+        if (targetQ < 1 || seen.has(targetQ))
+            continue;
+        seen.add(targetQ);
+        if (current === targetQ)
+            return { emoji: egg.emoji, text: t(egg.key) };
+    }
+    return undefined;
 }
 function printQuestionProgress(current, total, answered) {
     const width = 30;
@@ -220,9 +232,9 @@ function printQuestion(q, answer) {
     const eliminated = help.eliminated[q.number] || [];
     // Progress bar
     printQuestionProgress(q.number, total, answered);
-    // Easter egg
-    const egg = getEasterEggs()[q.number];
-    if (egg && q.number <= total) {
+    // Easter egg (position calculated by percentage of total)
+    const egg = getEasterEgg(q.number, total);
+    if (egg) {
         console.log(chalk.yellow(`  ${egg.emoji}  ${egg.text}`));
     }
     console.log();

package/dist/index.js

@@ -18,6 +18,7 @@ import { registerCtf4aiDemoCommand } from './commands/ctf4ai-demo.js';
 import { getConfig, saveConfig } from './lib/config.js';
 import { startRepl } from './repl.js';
 import { setTerminalTheme } from './lib/theme.js';
+import { checkForUpdates } from './lib/update-check.js';
 import { readFileSync } from 'node:fs';
 import { fileURLToPath } from 'node:url';
 import { dirname, join } from 'node:path';
@@ -73,6 +74,7 @@ program
     .action((opts) => {
     // Force hacker theme: black background + green text
     setTerminalTheme();
+    checkForUpdates();
     console.log(BANNER);
     // If running interactively (no extra args or --resume), start REPL
     if (process.argv.length <= 2 || opts.resume) {

package/dist/lib/gemini.d.ts

@@ -6,7 +6,7 @@ export declare function generateHint(level: HintLevel, question: string, context
 }>;
 export declare function translateText(text: string, targetLang: string): Promise<string>;
 export declare function setApiKey(key: string): void;
-export declare function createChatSession(context?: ChallengeContext): Promise<{
+export declare function createChatSession(context?: ChallengeContext, customSystemPrompt?: string): Promise<{
     sendMessage: (msg: string) => Promise<{
         text: string;
         tokensUsed: number;

package/dist/lib/gemini.js

@@ -41,16 +41,12 @@ function buildSystemPrompt(level, context) {
 export function filterFlagPatterns(text) {
     return text.replace(/icoa\{[^}]*\}/gi, '[FLAG REDACTED]');
 }
-// Default shared API key for competition (free tier)
-const DEFAULT_API_KEY = 'AIzaSyBLjo2UjaFqWmFaCap0TpiXjo9cDqFmY-E';
+// No DEFAULT_API_KEY in client code — keys stay server-side only.
+// For demo mode (no user key), createChatSession routes through the
+// server proxy at /api/icoa/ai/chat. For users with their own key
+// (via setup or env var), we go direct to the Gemini SDK.
 function getApiKey() {
-    const envKey = process.env.GEMINI_API_KEY;
-    if (envKey)
-        return envKey;
-    const config = getConfig();
-    if (config.geminiApiKey)
-        return config.geminiApiKey;
-    return DEFAULT_API_KEY;
+    return process.env.GEMINI_API_KEY || getConfig().geminiApiKey || '';
 }
 function getClient(apiKey) {
     return new GoogleGenAI({ apiKey });
@@ -141,47 +137,59 @@ RULES:
 - If you don't know something, say so honestly
 - Keep responses concise unless the user asks for detail
 - When the user opens a challenge, use the context to give relevant advice`;
-export async function createChatSession(context) {
-    let apiKey = getApiKey();
-    if (!apiKey) {
-        try {
-            const { input } = await import('@inquirer/prompts');
-            console.log();
-            console.log(chalk.yellow('  Gemini API key not configured.'));
-            console.log(chalk.gray('  Get one free at: ') + chalk.cyan('https://aistudio.google.com/apikey'));
-            console.log();
-            apiKey = await input({ message: 'Enter your Gemini API Key:' });
-            if (apiKey.trim()) {
-                apiKey = apiKey.trim();
-                saveConfig({ geminiApiKey: apiKey });
-                console.log(chalk.green('  Key saved for future use.'));
-                console.log();
-            }
-            else {
-                throw new Error('No API key provided.');
-            }
-        }
-        catch {
-            throw new Error('Gemini API key not configured. Run: setup');
-        }
-    }
+export async function createChatSession(context, customSystemPrompt) {
     const config = getConfig();
-    const modelName = config.geminiModel || 'gemma-4-31b-it';
-    const ai = getClient(apiKey);
-    let systemPrompt = CHAT_SYSTEM_PROMPT;
+    const apiKey = getApiKey();
+    let systemPrompt = customSystemPrompt || CHAT_SYSTEM_PROMPT;
     if (context) {
         systemPrompt += `\n\nThe competitor is currently working on:\nChallenge: ${context.name}\nCategory: ${context.category}`;
     }
-    const chat = ai.chats.create({
-        model: modelName,
-        config: { systemInstruction: systemPrompt },
-    });
+    // ─── Path A: user has their own key → direct Gemini SDK ───
+    if (apiKey) {
+        const modelName = config.geminiModel || 'gemini-2.5-flash';
+        const ai = getClient(apiKey);
+        const chat = ai.chats.create({
+            model: modelName,
+            config: { systemInstruction: systemPrompt },
+        });
+        return {
+            async sendMessage(msg) {
+                const response = await chat.sendMessage({ message: msg });
+                const text = filterFlagPatterns(response.text ?? '');
+                const usage = response.usageMetadata;
+                const tokensUsed = usage?.totalTokenCount || ((usage?.promptTokenCount || 0) + (usage?.candidatesTokenCount || 0));
+                return { text, tokensUsed };
+            },
+        };
+    }
+    // ─── Path B: no key → server proxy (key stays server-side) ───
+    const serverUrl = config.ctfdUrl || 'https://practice.icoa2026.au';
+    const fp = config.deviceFingerprint || '';
+    const modelName = config.geminiModel || 'gemini-2.5-flash';
+    const messages = [];
     return {
         async sendMessage(msg) {
-            const response = await chat.sendMessage({ message: msg });
-            const text = filterFlagPatterns(response.text ?? '');
-            const usage = response.usageMetadata;
-            const tokensUsed = usage?.totalTokenCount || ((usage?.promptTokenCount || 0) + (usage?.candidatesTokenCount || 0));
+            messages.push({ role: 'user', text: msg });
+            const res = await fetch(`${serverUrl}/api/icoa/ai/chat`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    systemPrompt,
+                    messages,
+                    model: modelName,
+                    maxTokens: 2048,
+                    deviceFingerprint: fp,
+                }),
+                signal: AbortSignal.timeout(60_000),
+            });
+            if (!res.ok) {
+                const err = await res.json().catch(() => ({ message: 'AI proxy error' }));
+                throw new Error(err.message || `AI proxy returned ${res.status}`);
+            }
+            const json = await res.json();
+            const text = filterFlagPatterns(json.data?.text || '');
+            const tokensUsed = json.data?.tokensUsed || 0;
+            messages.push({ role: 'model', text });
             return { text, tokensUsed };
         },
     };

package/dist/lib/update-check.d.ts

@@ -0,0 +1 @@
+export declare function checkForUpdates(): void;

package/dist/lib/update-check.js

@@ -0,0 +1,77 @@
+import { readFileSync, writeFileSync, existsSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import chalk from 'chalk';
+import { getIcoaDir } from './config.js';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const SIX_HOURS_MS = 6 * 60 * 60 * 1000;
+function isNewer(latest, current) {
+    const l = latest.split('.').map(Number);
+    const c = current.split('.').map(Number);
+    for (let i = 0; i < Math.max(l.length, c.length); i++) {
+        const lv = l[i] ?? 0;
+        const cv = c[i] ?? 0;
+        if (lv > cv)
+            return true;
+        if (lv < cv)
+            return false;
+    }
+    return false;
+}
+export function checkForUpdates() {
+    // Fire-and-forget async check
+    setTimeout(async () => {
+        try {
+            const pkgPath = join(__dirname, '..', '..', 'package.json');
+            const current = JSON.parse(readFileSync(pkgPath, 'utf-8')).version;
+            const cacheFile = join(getIcoaDir(), 'update-check.json');
+            // Check if we already checked recently
+            if (existsSync(cacheFile)) {
+                try {
+                    const cache = JSON.parse(readFileSync(cacheFile, 'utf-8'));
+                    if (Date.now() - cache.lastCheck < SIX_HOURS_MS) {
+                        // Still within cooldown — but show banner if cached version is newer
+                        if (cache.latestVersion && isNewer(cache.latestVersion, current)) {
+                            console.log(chalk.yellow('  \u2B06 Update available: ') +
+                                chalk.white('v' + current + ' \u2192 v' + cache.latestVersion) +
+                                chalk.gray('  Run: npm install -g icoa-cli@latest'));
+                        }
+                        return;
+                    }
+                }
+                catch {
+                    // Corrupted cache, continue with fresh check
+                }
+            }
+            // Fetch latest version from npm with 5-second timeout
+            const controller = new AbortController();
+            const timeout = setTimeout(() => controller.abort(), 5000);
+            const res = await fetch('https://registry.npmjs.org/icoa-cli/latest', {
+                signal: controller.signal,
+                headers: { 'Accept': 'application/json' },
+            });
+            clearTimeout(timeout);
+            if (!res.ok)
+                return;
+            const data = await res.json();
+            const latest = data.version;
+            if (!latest)
+                return;
+            // Save cache
+            const cache = {
+                lastCheck: Date.now(),
+                latestVersion: latest,
+            };
+            writeFileSync(cacheFile, JSON.stringify(cache, null, 2));
+            // Print banner if newer
+            if (isNewer(latest, current)) {
+                console.log(chalk.yellow('  \u2B06 Update available: ') +
+                    chalk.white('v' + current + ' \u2192 v' + latest) +
+                    chalk.gray('  Run: npm install -g icoa-cli@latest'));
+            }
+        }
+        catch {
+            // Completely silent on any failure
+        }
+    }, 0);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.19.36",
+  "version": "2.19.38",
   "description": "ICOA CLI — The world's first CLI-native CTF competition terminal",
   "type": "module",
   "bin": {