npm - icoa-cli - Versions diffs - 2.19.61 → 2.19.62 - Mend

icoa-cli 2.19.61 → 2.19.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/commands/ai4ctf.js +14 -0
package/dist/commands/ctf4ai-demo.js +11 -0
package/package.json +1 -1

package/dist/commands/ai4ctf.js CHANGED Viewed

@@ -311,8 +311,12 @@ export async function handleChatMessage(input) {
 function printExamAi4ctfWelcome(q, qNum) {
     const config = getConfig();
     const modelName = config.geminiModel || 'gemma-4-31b-it';
+    const isResume = chatTokensUsed > 0;
     console.log();
     console.log(chalk.green.bold(`  ═══ AI4CTF — Q${qNum}: ${q.category} ═══`));
+    if (isResume) {
+        console.log(chalk.gray(`  (resuming — prior chat is not remembered, but tokens already used stay deducted)`));
+    }
     console.log();
     console.log(chalk.cyan('  ┌─────────────────────────────────────────────'));
     console.log(chalk.cyan('  │ ') + chalk.bold.white(`Q${qNum}  [${q.category}]  · ${q.points || 6} pts`));
@@ -426,6 +430,16 @@ async function handleExamAi4ctfMessage(input) {
     const submitMatch = trimmed.match(/^submit\s+(.+)/i);
     if (submitMatch) {
         const flag = submitMatch[1].trim();
+        // Letter-only footgun: reject 'A'/'B'/'C'/'D' as flags. Same defence we
+        // added at the REPL and exam-answer layers; duplicated here because chat
+        // bypasses both.
+        if (/^[A-Da-d]$/.test(flag)) {
+            console.log();
+            console.log(chalk.yellow(`  "${flag}" looks like an MCQ letter, not a flag.`));
+            console.log(chalk.gray('  Flag format: ') + chalk.green('ICOA{your_flag}') + chalk.gray('. Try again inside this chat.'));
+            console.log();
+            return 'continue';
+        }
         const { getExamState, saveExamState } = await import('../lib/exam-state.js');
         const state = getExamState();
         if (!state)

package/dist/commands/ctf4ai-demo.js CHANGED Viewed

@@ -179,8 +179,12 @@ export async function handleCtf4aiMessage(input) {
 function printExamCtf4aiWelcome(q, qNum) {
     const config = getConfig();
     const modelName = config.geminiModel || 'gemma-4-31b-it';
+    const isResume = ctf4aiTokens > 0;
     console.log();
     console.log(chalk.red.bold(`  ═══ CTF4AI — Q${qNum}: ${q.category} (${q.points || 16} pts) ═══`));
+    if (isResume) {
+        console.log(chalk.gray(`  (resuming — prior chat is not remembered, but tokens already used stay deducted)`));
+    }
     console.log();
     console.log(chalk.red('  ┌─────────────────────────────────────────────'));
     console.log(chalk.red('  │ ') + chalk.bold.white(`Q${qNum}  [${q.category}]  · adversarial AI`));
@@ -297,6 +301,13 @@ async function handleExamCtf4aiMessage(input) {
     const submitMatch = trimmed.match(/^submit\s+(.+)/i);
     if (submitMatch) {
         const flag = submitMatch[1].trim();
+        if (/^[A-Da-d]$/.test(flag)) {
+            console.log();
+            console.log(chalk.yellow(`  "${flag}" looks like an MCQ letter, not a flag.`));
+            console.log(chalk.gray('  Flag format: ') + chalk.green('ICOA{your_flag}') + chalk.gray('. Try again.'));
+            console.log();
+            return 'continue';
+        }
         const { getExamState, saveExamState } = await import('../lib/exam-state.js');
         const state = getExamState();
         if (!state)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.19.61",
+  "version": "2.19.62",
   "description": "ICOA CLI — The world's first CLI-native CTF competition terminal",
   "type": "module",
   "bin": {