Inspiration
Make learning CTFs less frustrating by giving beginners real-time coaching and an after-action report so they learn what worked and why, as well as what they should be looking at to improve.
What it does
Runs isolated challenge containers and records every command. The analyzer sanitizes logs, shows a timeline and score, generates coaching tips (LLMs unless unresponsive), and creates an AAR that simulates when alerts would have fired.
How we built it
Docker Compose for infra. Challenge images run a non-root user and log to /ctf_logs/session.jsonl. The analyzer is a FastAPI app with server-rendered HTMX pages, plus modules for sanitization, scoring, and AAR. A Worker client calls Cloudflare Workers AI for coaching; there is a local mock fallback.
Challenges we ran into
Unfamiliarity with Cloudflare and Gemini caused some 400s early on. Sanitization had tricky edge cases like base64 and long tokens. Also fixed build issues from DOS line endings in shell files.
Accomplishments that we're proud of
Three-flag challenge stack with full command logging, an interactive HTMX dashboard, deterministic AAR generation, scoring heuristics, and a working Worker LLM path with safe fallback.
What we learned
Sanitization is critical when sending logs to LLMs. HTMX made the UI simple and reliable. Mapping external scans to sessions is harder than it looks.
What's next for CoachTheFlag
Add tests and CI, tighten sanitization and retention, add observability and a circuit breaker, and build an optional "AI blue team" for alerts and runbooks. Also add infrastructure to allow for external tools to be used (nmap, etc...)
Log in or sign up for Devpost to join the conversation.