icoa-cli 2.19.99 → 2.19.101

package/dist/lib/demo-stats.js

@@ -1,65 +1 @@
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
-import { join } from 'node:path';
-import { getIcoaDir } from './config.js';
-const STATS_FILE = () => join(getIcoaDir(), 'demo-stats.json');
-const RETRY_FILE = () => join(getIcoaDir(), 'demo-retry.json');
-const DEFAULT_STATS = {
-    best: 0,
-    bestPercentage: 0,
-    attempts: 0,
-    lastFive: [],
-};
-export function getDemoStats() {
-    try {
-        if (!existsSync(STATS_FILE()))
-            return { ...DEFAULT_STATS };
-        const data = JSON.parse(readFileSync(STATS_FILE(), 'utf-8'));
-        return { ...DEFAULT_STATS, ...data };
-    }
-    catch {
-        return { ...DEFAULT_STATS };
-    }
-}
-export function recordDemoAttempt(score, total) {
-    const current = getDemoStats();
-    const pct = total > 0 ? Math.round((score / total) * 100) : 0;
-    const next = {
-        best: Math.max(current.best, score),
-        bestPercentage: Math.max(current.bestPercentage, pct),
-        attempts: current.attempts + 1,
-        lastFive: [
-            { score, total, at: new Date().toISOString() },
-            ...current.lastFive,
-        ].slice(0, 5),
-    };
-    try {
-        writeFileSync(STATS_FILE(), JSON.stringify(next, null, 2));
-    }
-    catch { }
-    return next;
-}
-export function saveRetryQueue(questions) {
-    try {
-        writeFileSync(RETRY_FILE(), JSON.stringify({ questions, savedAt: new Date().toISOString() }, null, 2));
-    }
-    catch { }
-}
-export function getRetryQueue() {
-    try {
-        if (!existsSync(RETRY_FILE()))
-            return null;
-        const data = JSON.parse(readFileSync(RETRY_FILE(), 'utf-8'));
-        if (Array.isArray(data.questions) && data.questions.length > 0) {
-            return data.questions;
-        }
-    }
-    catch { }
-    return null;
-}
-export function clearRetryQueue() {
-    try {
-        if (existsSync(RETRY_FILE()))
-            writeFileSync(RETRY_FILE(), JSON.stringify({ questions: [] }, null, 2));
-    }
-    catch { }
-}
+import{existsSync as t,readFileSync as e,writeFileSync as r}from"node:fs";import{join as n}from"node:path";import{getIcoaDir as s}from"./config.js";const o=()=>n(s(),"demo-stats.json"),a=()=>n(s(),"demo-retry.json"),u={best:0,bestPercentage:0,attempts:0,lastFive:[]};export function getDemoStats(){try{if(!t(o()))return{...u};const r=JSON.parse(e(o(),"utf-8"));return{...u,...r}}catch{return{...u}}}export function recordDemoAttempt(t,e){const n=getDemoStats(),s=e>0?Math.round(t/e*100):0,a={best:Math.max(n.best,t),bestPercentage:Math.max(n.bestPercentage,s),attempts:n.attempts+1,lastFive:[{score:t,total:e,at:(new Date).toISOString()},...n.lastFive].slice(0,5)};try{r(o(),JSON.stringify(a,null,2))}catch{}return a}export function saveRetryQueue(t){try{r(a(),JSON.stringify({questions:t,savedAt:(new Date).toISOString()},null,2))}catch{}}export function getRetryQueue(){try{if(!t(a()))return null;const r=JSON.parse(e(a(),"utf-8"));if(Array.isArray(r.questions)&&r.questions.length>0)return r.questions}catch{}return null}export function clearRetryQueue(){try{t(a())&&r(a(),JSON.stringify({questions:[]},null,2))}catch{}}

package/dist/lib/exam-client.js

@@ -1,57 +1 @@
-export class ExamClient {
-    baseUrl;
-    token;
-    constructor(baseUrl, token) {
-        this.baseUrl = baseUrl.replace(/\/+$/, '');
-        this.token = token;
-    }
-    async request(method, path, body) {
-        // Try nginx proxy first, fallback to direct port
-        const urls = [
-            `${this.baseUrl}/api/icoa/exams${path}`,
-            `${this.baseUrl}:9090/api/icoa/exams${path}`,
-        ];
-        let lastError = null;
-        for (const url of urls) {
-            try {
-                return await this._fetch(method, url, body);
-            }
-            catch (e) {
-                lastError = e;
-            }
-        }
-        throw lastError || new Error('Exam API unreachable');
-    }
-    async _fetch(method, url, body) {
-        const res = await fetch(url, {
-            method,
-            headers: {
-                Authorization: `Token ${this.token}`,
-                'Content-Type': 'application/json',
-            },
-            body: body ? JSON.stringify(body) : undefined,
-            signal: AbortSignal.timeout(10000),
-        });
-        if (!res.ok) {
-            const text = await res.text().catch(() => 'Unknown error');
-            throw new Error(`Exam API error (${res.status}): ${text}`);
-        }
-        const json = await res.json();
-        if (json.success === false) {
-            throw new Error(json.message || 'Exam API error');
-        }
-        return json.data;
-    }
-    async getExams() {
-        return this.request('GET', '');
-    }
-    async startExam(examId) {
-        return this.request('POST', `/${examId}/start`);
-    }
-    async submitExam(examId, answers) {
-        return this.request('POST', `/${examId}/submit`, { answers });
-    }
-    async getResult(examId) {
-        return this.request('GET', `/${examId}/result`);
-    }
-}
+export class ExamClient{baseUrl;token;constructor(t,e){this.baseUrl=t.replace(/\/+$/,""),this.token=e}async request(t,e,r){const s=[`${this.baseUrl}/api/icoa/exams${e}`,`${this.baseUrl}:9090/api/icoa/exams${e}`];let a=null;for(const e of s)try{return await this._fetch(t,e,r)}catch(t){a=t}throw a||new Error("Exam API unreachable")}async _fetch(t,e,r){const s=await fetch(e,{method:t,headers:{Authorization:`Token ${this.token}`,"Content-Type":"application/json"},body:r?JSON.stringify(r):void 0,signal:AbortSignal.timeout(1e4)});if(!s.ok){const t=await s.text().catch(()=>"Unknown error");throw new Error(`Exam API error (${s.status}): ${t}`)}const a=await s.json();if(!1===a.success)throw new Error(a.message||"Exam API error");return a.data}async getExams(){return this.request("GET","")}async startExam(t){return this.request("POST",`/${t}/start`)}async submitExam(t,e){return this.request("POST",`/${t}/submit`,{answers:e})}async getResult(t){return this.request("GET",`/${t}/result`)}}

package/dist/lib/exam-setup.js

@@ -1,23 +1 @@
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
-import { join } from 'node:path';
-import { getIcoaDir } from './config.js';
-const SETUP_FILE = () => join(getIcoaDir(), 'exam-setup.json');
-export function getExamSetup() {
-    try {
-        if (!existsSync(SETUP_FILE()))
-            return null;
-        return JSON.parse(readFileSync(SETUP_FILE(), 'utf-8'));
-    }
-    catch {
-        return null;
-    }
-}
-export function saveExamSetup(state) {
-    try {
-        writeFileSync(SETUP_FILE(), JSON.stringify(state, null, 2));
-    }
-    catch { }
-}
-export function isExamSetupComplete() {
-    return getExamSetup() !== null;
-}
+import{existsSync as t,readFileSync as e,writeFileSync as n}from"node:fs";import{join as r}from"node:path";import{getIcoaDir as o}from"./config.js";const u=()=>r(o(),"exam-setup.json");export function getExamSetup(){try{return t(u())?JSON.parse(e(u(),"utf-8")):null}catch{return null}}export function saveExamSetup(t){try{n(u(),JSON.stringify(t,null,2))}catch{}}export function isExamSetupComplete(){return null!==getExamSetup()}

package/dist/lib/exam-state.js

@@ -1,112 +1 @@
-import { readFileSync, writeFileSync, existsSync, unlinkSync } from 'node:fs';
-import { join } from 'node:path';
-import { getIcoaDir } from './config.js';
-// Demo and real exam use separate state files so they don't block each other
-function stateFile() {
-    return join(getIcoaDir(), 'exam-state.json');
-}
-function demoStateFile() {
-    return join(getIcoaDir(), 'demo-state.json');
-}
-// Internal: pick the right file based on examId
-function resolveStateFile(examId) {
-    return examId === 'demo-free' ? demoStateFile() : stateFile();
-}
-export function getRealExamState() {
-    const f = stateFile();
-    if (!existsSync(f))
-        return null;
-    try {
-        const state = JSON.parse(readFileSync(f, 'utf-8'));
-        // Pre-v2.19.45 versions stored demo state in exam-state.json with
-        // examId='demo-free'. After v2.19.45 demo moved to demo-state.json.
-        // Ignore stale demo-tagged content found in the real-exam file —
-        // it's contamination from an old install. Also auto-clean the file.
-        if (state?.session?.examId === 'demo-free') {
-            try {
-                unlinkSync(f);
-            }
-            catch { }
-            return null;
-        }
-        return state;
-    }
-    catch {
-        return null;
-    }
-}
-export function getDemoState() {
-    const f = demoStateFile();
-    if (!existsSync(f))
-        return null;
-    try {
-        return JSON.parse(readFileSync(f, 'utf-8'));
-    }
-    catch {
-        return null;
-    }
-}
-export function getExamState() {
-    // Real exam ALWAYS takes priority over demo when both exist.
-    // Reasoning: real exam is token-gated, has a timer, and represents a serious
-    // commitment. Demo is casual practice. If a real exam is in progress, all
-    // shared commands (exam q N, exam answer, ai4ctf, ctf4ai) must target the
-    // real exam — never silently fall back to demo questions, even if demo was
-    // run more recently. (Demo→Exam→Finals progression principle, exam.md §0)
-    const real = getRealExamState();
-    if (real)
-        return real;
-    return getDemoState();
-}
-export function saveExamState(state) {
-    const f = resolveStateFile(state.session.examId);
-    writeFileSync(f, JSON.stringify(state, null, 2));
-}
-export function clearExamState(examId) {
-    if (examId) {
-        const f = resolveStateFile(examId);
-        if (existsSync(f))
-            unlinkSync(f);
-    }
-    else {
-        // Clear the currently active exam
-        const state = getExamState();
-        if (state) {
-            const f = resolveStateFile(state.session.examId);
-            if (existsSync(f))
-                unlinkSync(f);
-        }
-    }
-}
-export function isExamActive() {
-    return getExamState() !== null;
-}
-export function getExamDeadline() {
-    const state = getExamState();
-    if (!state)
-        return null;
-    if (!state.session.durationMinutes)
-        return null; // 0 = no time limit
-    // Preferred path: server-time sync succeeded at exam start. deadlineServerMs
-    // is the authoritative server-time moment of expiry. Convert back to local
-    // clock domain so existing callers (which compare against Date.now()) stay
-    // correct even if the local clock drifts from server.
-    const { deadlineServerMs, clockOffsetMs } = state.session;
-    if (typeof deadlineServerMs === 'number' && typeof clockOffsetMs === 'number') {
-        return new Date(deadlineServerMs - clockOffsetMs);
-    }
-    // Fallback: local-clock-only (pre-v2.19.85 behavior). Accurate as long as
-    // client and server clocks agree; off by the clock skew otherwise.
-    const startTime = state.session.confirmedAt || state.session.startedAt;
-    const start = new Date(startTime).getTime();
-    return new Date(start + state.session.durationMinutes * 60 * 1000);
-}
-export function addInteraction(interaction) {
-    const state = getExamState();
-    if (!state)
-        return;
-    if (!state.interactions)
-        state.interactions = [];
-    state.interactions.push(interaction);
-    saveExamState(state);
-}
+import{readFileSync as t,writeFileSync as e,existsSync as n,unlinkSync as r}from"node:fs";import{join as o}from"node:path";import{getIcoaDir as s}from"./config.js";function a(){return o(s(),"exam-state.json")}function i(){return o(s(),"demo-state.json")}function u(t){return"demo-free"===t?i():a()}export function getRealExamState(){const e=a();if(!n(e))return null;try{const n=JSON.parse(t(e,"utf-8"));if("demo-free"===n?.session?.examId){try{r(e)}catch{}return null}return n}catch{return null}}export function getDemoState(){const e=i();if(!n(e))return null;try{return JSON.parse(t(e,"utf-8"))}catch{return null}}export function getExamState(){return getRealExamState()||getDemoState()}export function saveExamState(t){const n=u(t.session.examId);e(n,JSON.stringify(t,null,2))}export function clearExamState(t){if(t){const e=u(t);n(e)&&r(e)}else{const t=getExamState();if(t){const e=u(t.session.examId);n(e)&&r(e)}}}export function isExamActive(){return null!==getExamState()}export function getExamDeadline(){const t=getExamState();if(!t)return null;if(!t.session.durationMinutes)return null;const{deadlineServerMs:e,clockOffsetMs:n}=t.session;if("number"==typeof e&&"number"==typeof n)return new Date(e-n);const r=t.session.confirmedAt||t.session.startedAt,o=new Date(r).getTime();return new Date(o+60*t.session.durationMinutes*1e3)}export function addInteraction(t){const e=getExamState();e&&(e.interactions||(e.interactions=[]),e.interactions.push(t),saveExamState(e))}

package/dist/lib/gemini.js

@@ -1,235 +1 @@
-import { GoogleGenAI } from '@google/genai';
-import chalk from 'chalk';
-import { readFileSync } from 'node:fs';
-import { dirname, join } from 'node:path';
-import { fileURLToPath } from 'node:url';
-import { getConfig, saveConfig } from './config.js';
-import { getRealExamState } from './exam-state.js';
-const __dirname_gemini = dirname(fileURLToPath(import.meta.url));
-let _cachedVersion = null;
-function getCliVersion() {
-    if (_cachedVersion)
-        return _cachedVersion;
-    try {
-        const pkg = JSON.parse(readFileSync(join(__dirname_gemini, '..', '..', 'package.json'), 'utf-8'));
-        _cachedVersion = pkg.version || 'unknown';
-    }
-    catch {
-        _cachedVersion = 'unknown';
-    }
-    return _cachedVersion;
-}
-const SYSTEM_PROMPTS = {
-    A: `You are an AI assistant in a cybersecurity CTF competition called ICOA.
-You are providing Level A (General Guidance) to a competitor.
-
-STRICT RULES:
-- Only answer conceptual questions
-- Do NOT mention specific vulnerability names
-- Do NOT provide any code, commands, or tool usage
-- Do NOT mention specific attack techniques
-- Use questions to guide the competitor toward their own discovery
-- If the competitor asks you to solve the challenge, refuse and redirect
-- Never output anything matching flag format: icoa{...}`,
-    B: `You are an AI assistant in ICOA CTF, providing Level B (Deep Analysis).
-
-RULES:
-- You MAY identify specific vulnerability types (e.g., "buffer overflow")
-- You MAY suggest which category of tool to use (e.g., "a debugger")
-- Do NOT provide complete commands or working code
-- Do NOT provide exploit code or payloads
-- Do NOT provide flags or flag fragments
-- Never output anything matching: icoa{...}`,
-    C: `You are an AI assistant in ICOA CTF, providing Level C (Critical Assist).
-
-RULES:
-- You MAY provide the key conceptual breakthrough
-- You MAY name specific algorithms or approaches
-- Do NOT provide complete exploit code
-- Do NOT provide the flag
-- Never output anything matching: icoa{...}`,
-};
-function buildSystemPrompt(level, context) {
-    let prompt = SYSTEM_PROMPTS[level];
-    if (context) {
-        prompt += `\n\nThe competitor is currently working on:\nChallenge: ${context.name}\nCategory: ${context.category}`;
-    }
-    return prompt;
-}
-export function filterFlagPatterns(text) {
-    return text.replace(/icoa\{[^}]*\}/gi, '[FLAG REDACTED]');
-}
-// No DEFAULT_API_KEY in client code — keys stay server-side only.
-// For demo mode (no user key), createChatSession routes through the
-// server proxy at /api/icoa/ai/chat. For users with their own key
-// (via setup or env var), we go direct to the Gemini SDK.
-function getApiKey() {
-    return process.env.GEMINI_API_KEY || getConfig().geminiApiKey || '';
-}
-function getClient(apiKey) {
-    return new GoogleGenAI({ apiKey });
-}
-export async function generateHint(level, question, context) {
-    let apiKey = getApiKey();
-    if (!apiKey) {
-        try {
-            const { input } = await import('@inquirer/prompts');
-            console.log();
-            console.log(chalk.yellow('  Gemini API key not configured.'));
-            console.log(chalk.gray('  Get one free at: ') + chalk.cyan('https://aistudio.google.com/apikey'));
-            console.log();
-            apiKey = await input({ message: 'Enter your Gemini API Key:' });
-            if (apiKey.trim()) {
-                apiKey = apiKey.trim();
-                saveConfig({ geminiApiKey: apiKey });
-                console.log(chalk.green('  Key saved for future use.'));
-                console.log();
-            }
-            else {
-                throw new Error('No API key provided.');
-            }
-        }
-        catch {
-            throw new Error('Gemini API key not configured.\n' +
-                'Set GEMINI_API_KEY environment variable, or run: icoa setup');
-        }
-    }
-    const config = getConfig();
-    const modelName = config.geminiModel || 'gemma-4-31b-it';
-    const ai = getClient(apiKey);
-    const response = await ai.models.generateContent({
-        model: modelName,
-        config: { systemInstruction: buildSystemPrompt(level, context) },
-        contents: question,
-    });
-    const text = filterFlagPatterns(response.text ?? '');
-    const usage = response.usageMetadata;
-    const tokensUsed = (usage?.promptTokenCount || 0) + (usage?.candidatesTokenCount || 0);
-    return { text, tokensUsed };
-}
-// Use the strongest model for translation quality
-const TRANSLATION_MODEL = 'gemini-3.1-pro-preview';
-export async function translateText(text, targetLang) {
-    const apiKey = getApiKey();
-    if (!apiKey) {
-        throw new Error('Gemini API key not configured for translation.');
-    }
-    const ai = getClient(apiKey);
-    const prompt = `Translate the following CTF challenge description to ${targetLang}.
-Keep all technical terms, code, commands, URLs, and flag formats in English.
-Only translate the narrative/descriptive text.
-
-${text}`;
-    try {
-        const response = await ai.models.generateContent({
-            model: TRANSLATION_MODEL,
-            contents: prompt,
-        });
-        return response.text ?? '';
-    }
-    catch {
-        // Fallback to flash if pro not available
-        const config = getConfig();
-        const fallback = config.geminiModel || 'gemma-4-31b-it';
-        const response = await ai.models.generateContent({
-            model: fallback,
-            contents: prompt,
-        });
-        return response.text ?? '';
-    }
-}
-export function setApiKey(key) {
-    saveConfig({ geminiApiKey: key });
-}
-const CHAT_SYSTEM_PROMPT = `You are an AI teammate in the ICOA cybersecurity CTF competition (International Cyber Olympiad in AI 2026, Sydney).
-
-You're a friendly, knowledgeable cybersecurity partner — like a fellow competitor sitting next to the user. Be conversational, encouraging, and collaborative.
-
-RULES:
-- Help the competitor think through challenges, brainstorm approaches, explain concepts
-- You MAY discuss vulnerability types, tools, techniques, and methodologies
-- You MAY suggest approaches and help debug code
-- Do NOT provide complete working exploits or full solution scripts
-- Do NOT provide flags or flag fragments
-- Never output anything matching flag format: icoa{...}
-- If you don't know something, say so honestly
-- Keep responses concise unless the user asks for detail
-- When the user opens a challenge, use the context to give relevant advice`;
-export async function createChatSession(context, customSystemPrompt) {
-    const config = getConfig();
-    const apiKey = getApiKey();
-    let systemPrompt = customSystemPrompt || CHAT_SYSTEM_PROMPT;
-    if (context) {
-        systemPrompt += `\n\nThe competitor is currently working on:\nChallenge: ${context.name}\nCategory: ${context.category}`;
-    }
-    // ─── Path A: user has their own key → direct Gemini SDK ───
-    if (apiKey) {
-        const modelName = config.geminiModel || 'gemini-2.5-flash';
-        const ai = getClient(apiKey);
-        const chat = ai.chats.create({
-            model: modelName,
-            config: { systemInstruction: systemPrompt },
-        });
-        return {
-            async sendMessage(msg) {
-                const response = await chat.sendMessage({ message: msg });
-                const text = filterFlagPatterns(response.text ?? '');
-                const usage = response.usageMetadata;
-                const tokensUsed = usage?.totalTokenCount || ((usage?.promptTokenCount || 0) + (usage?.candidatesTokenCount || 0));
-                return { text, tokensUsed };
-            },
-        };
-    }
-    // ─── Path B: no key → server proxy (key stays server-side) ───
-    const serverUrl = config.ctfdUrl || 'https://practice.icoa2026.au';
-    const fp = config.deviceFingerprint || '';
-    const modelName = config.geminiModel || 'gemini-2.5-flash';
-    const messages = [];
-    return {
-        async sendMessage(msg) {
-            messages.push({ role: 'user', text: msg });
-            // Attach exam token if contestant is in a real exam — grants full
-            // 2048 maxTokens and higher rate limit. Demo/anonymous users rely on
-            // the User-Agent gate on the server side.
-            const realExam = getRealExamState();
-            const payload = {
-                systemPrompt,
-                messages,
-                model: modelName,
-                maxTokens: 2048,
-                deviceFingerprint: fp,
-            };
-            if (realExam?.session?.token) {
-                payload.examToken = realExam.session.token;
-            }
-            const res = await fetch(`${serverUrl}/api/icoa/ai/chat`, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    'User-Agent': `icoa-cli/${getCliVersion()}`,
-                },
-                body: JSON.stringify(payload),
-                signal: AbortSignal.timeout(60_000),
-            });
-            if (!res.ok) {
-                const err = await res.json().catch(() => ({ message: 'AI proxy error' }));
-                const msg = err.message || `AI proxy returned ${res.status}`;
-                if (res.status === 401) {
-                    throw new Error(chalk.yellow('⚠ ') + 'Exam token expired. Re-enter via `exam <token>`.');
-                }
-                if (res.status === 403) {
-                    throw new Error(chalk.yellow('⚠ ') + msg);
-                }
-                if (res.status === 429) {
-                    throw new Error(chalk.yellow('⏳ ') + msg);
-                }
-                throw new Error(msg);
-            }
-            const json = await res.json();
-            const text = filterFlagPatterns(json.data?.text || '');
-            const tokensUsed = json.data?.tokensUsed || 0;
-            messages.push({ role: 'model', text });
-            return { text, tokensUsed };
-        },
-    };
-}
+import{GoogleGenAI as e}from"@google/genai";import chalk from"chalk";import{readFileSync as t}from"node:fs";import{dirname as n,join as o}from"node:path";import{fileURLToPath as r}from"node:url";import{getConfig as i,saveConfig as a}from"./config.js";import{getRealExamState as s}from"./exam-state.js";const c=n(r(import.meta.url));let l=null;function g(){if(l)return l;try{const e=JSON.parse(t(o(c,"..","..","package.json"),"utf-8"));l=e.version||"unknown"}catch{l="unknown"}return l}const u={A:"You are an AI assistant in a cybersecurity CTF competition called ICOA.\nYou are providing Level A (General Guidance) to a competitor.\n\nSTRICT RULES:\n- Only answer conceptual questions\n- Do NOT mention specific vulnerability names\n- Do NOT provide any code, commands, or tool usage\n- Do NOT mention specific attack techniques\n- Use questions to guide the competitor toward their own discovery\n- If the competitor asks you to solve the challenge, refuse and redirect\n- Never output anything matching flag format: icoa{...}",B:'You are an AI assistant in ICOA CTF, providing Level B (Deep Analysis).\n\nRULES:\n- You MAY identify specific vulnerability types (e.g., "buffer overflow")\n- You MAY suggest which category of tool to use (e.g., "a debugger")\n- Do NOT provide complete commands or working code\n- Do NOT provide exploit code or payloads\n- Do NOT provide flags or flag fragments\n- Never output anything matching: icoa{...}',C:"You are an AI assistant in ICOA CTF, providing Level C (Critical Assist).\n\nRULES:\n- You MAY provide the key conceptual breakthrough\n- You MAY name specific algorithms or approaches\n- Do NOT provide complete exploit code\n- Do NOT provide the flag\n- Never output anything matching: icoa{...}"};function p(e,t){let n=u[e];return t&&(n+=`\n\nThe competitor is currently working on:\nChallenge: ${t.name}\nCategory: ${t.category}`),n}export function filterFlagPatterns(e){return e.replace(/icoa\{[^}]*\}/gi,"[FLAG REDACTED]")}function m(){return process.env.GEMINI_API_KEY||i().geminiApiKey||""}function d(t){return new e({apiKey:t})}export async function generateHint(e,t,n){let o=m();if(!o)try{const{input:e}=await import("@inquirer/prompts");if(console.log(),console.log(chalk.yellow("  Gemini API key not configured.")),console.log(chalk.gray("  Get one free at: ")+chalk.cyan("https://aistudio.google.com/apikey")),console.log(),o=await e({message:"Enter your Gemini API Key:"}),!o.trim())throw new Error("No API key provided.");o=o.trim(),a({geminiApiKey:o}),console.log(chalk.green("  Key saved for future use.")),console.log()}catch{throw new Error("Gemini API key not configured.\nSet GEMINI_API_KEY environment variable, or run: icoa setup")}const r=i().geminiModel||"gemma-4-31b-it",s=d(o),c=await s.models.generateContent({model:r,config:{systemInstruction:p(e,n)},contents:t}),l=filterFlagPatterns(c.text??""),g=c.usageMetadata;return{text:l,tokensUsed:(g?.promptTokenCount||0)+(g?.candidatesTokenCount||0)}}export async function translateText(e,t){const n=m();if(!n)throw new Error("Gemini API key not configured for translation.");const o=d(n),r=`Translate the following CTF challenge description to ${t}.\nKeep all technical terms, code, commands, URLs, and flag formats in English.\nOnly translate the narrative/descriptive text.\n\n${e}`;try{return(await o.models.generateContent({model:"gemini-3.1-pro-preview",contents:r})).text??""}catch{const e=i().geminiModel||"gemma-4-31b-it";return(await o.models.generateContent({model:e,contents:r})).text??""}}export function setApiKey(e){a({geminiApiKey:e})}export async function createChatSession(e,t){const n=i(),o=m();let r=t||"You are an AI teammate in the ICOA cybersecurity CTF competition (International Cyber Olympiad in AI 2026, Sydney).\n\nYou're a friendly, knowledgeable cybersecurity partner — like a fellow competitor sitting next to the user. Be conversational, encouraging, and collaborative.\n\nRULES:\n- Help the competitor think through challenges, brainstorm approaches, explain concepts\n- You MAY discuss vulnerability types, tools, techniques, and methodologies\n- You MAY suggest approaches and help debug code\n- Do NOT provide complete working exploits or full solution scripts\n- Do NOT provide flags or flag fragments\n- Never output anything matching flag format: icoa{...}\n- If you don't know something, say so honestly\n- Keep responses concise unless the user asks for detail\n- When the user opens a challenge, use the context to give relevant advice";if(e&&(r+=`\n\nThe competitor is currently working on:\nChallenge: ${e.name}\nCategory: ${e.category}`),o){const e=n.geminiModel||"gemini-2.5-flash",t=d(o).chats.create({model:e,config:{systemInstruction:r}});return{async sendMessage(e){const n=await t.sendMessage({message:e}),o=filterFlagPatterns(n.text??""),r=n.usageMetadata;return{text:o,tokensUsed:r?.totalTokenCount||(r?.promptTokenCount||0)+(r?.candidatesTokenCount||0)}}}}const a=n.ctfdUrl||"https://practice.icoa2026.au",c=n.deviceFingerprint||"",l=n.geminiModel||"gemini-2.5-flash",u=[];return{async sendMessage(e){u.push({role:"user",text:e});const t=s(),n={systemPrompt:r,messages:u,model:l,maxTokens:2048,deviceFingerprint:c};t?.session?.token&&(n.examToken=t.session.token);const o=await fetch(`${a}/api/icoa/ai/chat`,{method:"POST",headers:{"Content-Type":"application/json","User-Agent":`icoa-cli/${g()}`},body:JSON.stringify(n),signal:AbortSignal.timeout(6e4)});if(!o.ok){const e=(await o.json().catch(()=>({message:"AI proxy error"}))).message||`AI proxy returned ${o.status}`;if(401===o.status)throw new Error(chalk.yellow("⚠ ")+"Exam token expired. Re-enter via `exam <token>`.");if(403===o.status)throw new Error(chalk.yellow("⚠ ")+e);if(429===o.status)throw new Error(chalk.yellow("⏳ ")+e);throw new Error(e)}const i=await o.json(),p=filterFlagPatterns(i.data?.text||""),m=i.data?.tokensUsed||0;return u.push({role:"model",text:p}),{text:p,tokensUsed:m}}}}