An AI-powered CTF escape room game built for UNIHACK 2026.
Each session is uniquely generated by AI with a different culprit, motive, and hidden clues every time.
- Frontend: Vue 3 + Vite + Pinia + Vue Router + plain CSS
- Backend: C# ASP.NET Core Web API (.NET 10)
- AI: OpenAI Chat Completions API (
gpt-4o) - Database: SQLite via SQL.js (WebAssembly, in-browser)
- Terminal: xterm.js
Prerequisites:
- PowerShell
- Node.js and npm
- .NET 10 SDK
From the repo root, run:
.\setup.ps1 <API_KEY>Example:
.\setup.ps1 sk-...This script:
- creates or overwrites
.envin the repo root - writes
VITE_API_BASE_URL=http://localhost:5000 - writes your
API_KEY - runs
npm installinfrontend
From the repo root, run:
.\start.ps1This opens two PowerShell windows:
- frontend:
npm run dev - backend:
dotnet run
Then open http://localhost:5173 in your browser and click Begin Investigation.
If you prefer not to use the scripts, you can run the apps manually.
cd backend
dotnet run
# Runs on http://localhost:5000cd frontend
npm run dev
# Runs on http://localhost:5173Landing → NovaShell → NovaCrime DB → NovaMail → NovaWiki → NovaSearch → The Onion → Vault
Each room hides one word of the four-word vault passphrase:
| Room | Word Theme |
|---|---|
| NovaShell | Time |
| NovaMail | Location |
| NovaWiki | Identity |
| NovaSearch | Motive |
| Room | Tech | Clue mechanism |
|---|---|---|
| NovaShell | xterm.js | cat .env reveals base64-encoded vault word |
| NovaCrime DB | SQL.js WASM | Query access_logs, find culprit employee ID |
| NovaMail | Custom email UI | Read intercepted emails for hidden keyword |
| NovaWiki | Confluence-style | Decode ROT13-encrypted redacted section |
| NovaSearch | Kibana-style log UI | Find the ERROR log from "whistleblower" |
| The Onion | Dark web aesthetic | Find credential listing for culprit department |
| Vault | 4-word passphrase | Enter all four words separated by spaces |
Each room has an interrogation panel. NPCs are powered by Claude with vivid system prompts:
- Maya Chen (Receptionist) — nervous, evasive, covered for the culprit
- Alex Torres (Sysadmin) — blunt, has the access logs, was pressured to delay the report
- Dr. Patricia Wells (Archivist) — meticulous, noticed suspicious archive access
- Richard Harlow (CFO) — defensive, hiding financial irregularities
- Victoria Stone (CEO) — chillingly calm, knows everything, says nothing