Add security audit dialogue to Mission 1: First Contact

Adds a new dialogue option for Kevin where the player can provide a preliminary security audit update. The feature includes: - 5 MCQ-style security assessment questions covering: * Physical security (locks and access control) * Access control patterns (Derek's suspicious activities) * Password security (predictable patterns) * Personnel security (Patricia's firing) * Data protection (network segmentation) - Answer tracking system (correct/wrong counts) - Kevin provides context-appropriate responses to each answer - Influence point adjustments based on answers - Available after player makes progress (gets items from Kevin) - Debrief feedback section that evaluates player's security analysis: * Excellent performance: 4+ correct answers * Solid performance: 3 correct answers * Poor performance: ≤2 correct answers * Feedback on tradecraft and cover maintenance This enhances the undercover security consultant role-play and provides educational value on security assessment best practices.
2026-02-21 11:18:08 +00:00 · 2026-01-14 10:06:32 +00:00
parent 3fd1cdc22c
commit 6a21147a45
4 changed files with 280 additions and 7 deletions
--- a/scenarios/m01_first_contact/ink/m01_closing_debrief.ink
+++ b/scenarios/m01_first_contact/ink/m01_closing_debrief.ink
@@ -20,6 +20,11 @@ VAR maya_identity_protected = true      // Did player protect Maya's identity
 VAR kevin_choice = ""             // warn, evidence, ignore
 VAR kevin_protected = false       // Did player help Kevin?

+// Security Audit Assessment
+VAR security_audit_completed = false    // Did player complete the security audit?
+VAR audit_correct_answers = 0           // Number of correct security assessments
+VAR audit_wrong_answers = 0             // Number of incorrect assessments
+
 // ================================================
 // START: DEBRIEF BEGINS
 // ================================================
@@ -193,7 +198,7 @@ Agent 0x99: Sometimes that's the right call. Fewer people involved means fewer p
 === kevin_frame_discussion ===
 {kevin_choice == "":
    // Player didn't encounter the frame-up files
-    -> derek_discussion
+    -> security_audit_review
 }
 {kevin_choice == "warn":
    -> kevin_warned
@@ -237,7 +242,7 @@ Agent 0x99: You disagreed. That matters.

 Agent 0x99: Not every agent would have taken the time. Not every agent would have cared.

-> derek_discussion
+-> security_audit_review

 === kevin_ignored ===
 Agent 0x99: Kevin Park was arrested this morning.
@@ -260,14 +265,85 @@ Agent 0x99: He's cleared now. But he's traumatized. His neighbors saw him taken
    Agent 0x99: Sometimes that's the right call. Sometimes the mission really does come first.
    Agent 0x99: But Kevin's going to need therapy. His kids are going to need therapy.
    Agent 0x99: Just... remember that. Next time you're weighing priorities.
-    -> derek_discussion
+    -> security_audit_review
 + [The mission had to come first]
    Agent 0x99: Did it? You still stopped Operation Shatter. You still caught Derek.
    Agent 0x99: Would five minutes to warn Kevin have changed that?
    Agent 0x99: I'm not judging. Field decisions are hard. But consequences are real.
    Agent 0x99: Kevin's kids watched him get arrested. That happened because of a choice you made.
    Agent 0x99: Live with it. Learn from it.
-    -> derek_discussion
+    -> security_audit_review
+
+// ================================================
+// SECURITY AUDIT REVIEW - Assess player's security analysis
+// ================================================
+
+=== security_audit_review ===
+{security_audit_completed:
+    -> audit_feedback
+}
+{not security_audit_completed:
+    -> no_audit_feedback
+}
+
+=== audit_feedback ===
+Agent 0x99: I noticed you gave Kevin a security assessment during your cover operation.
+
+{audit_correct_answers >= 4:
+    Agent 0x99: Your security analysis was excellent. You identified every major vulnerability correctly.
+    Agent 0x99: Physical access controls, Derek's suspicious access patterns, predictable passwords, Patricia's firing, and Derek's unjustified network segmentation.
+    Agent 0x99: That's professional-grade security consulting. Your cover was completely convincing.
+    + [I wanted to maintain my cover properly]
+        Agent 0x99: And you did. Kevin trusted you completely because you demonstrated real expertise.
+        Agent 0x99: That kind of authentic tradecraft makes all the difference in deep cover work.
+        -> derek_discussion
+    + [The vulnerabilities were pretty obvious once I looked]
+        Agent 0x99: Maybe to you. But recognizing them under pressure, while maintaining cover, while gathering intelligence on Operation Shatter?
+        Agent 0x99: That's good work. Don't undersell it.
+        -> derek_discussion
+}
+
+{audit_correct_answers == 3:
+    Agent 0x99: Your security analysis was solid. Three out of five correct assessments.
+    Agent 0x99: You identified most of the key vulnerabilities—enough to maintain credibility with Kevin.
+    Agent 0x99: A few blind spots, but nothing that compromised your cover or the mission.
+    + [Which ones did I miss?]
+        {audit_wrong_answers >= 1:
+            Agent 0x99: You underestimated a couple of the vulnerabilities Kevin had already flagged.
+            Agent 0x99: In the field, always trust when an insider is telling you something's wrong. They see the patterns we miss.
+        }
+        -> derek_discussion
+    + [I was focused on the bigger picture]
+        Agent 0x99: Fair enough. Your primary mission was Operation Shatter, not a comprehensive security audit.
+        Agent 0x99: Kevin bought your cover. That's what mattered.
+        -> derek_discussion
+}
+
+{audit_correct_answers <= 2:
+    Agent 0x99: Your security assessment was... rough. Two or fewer correct answers out of five.
+    Agent 0x99: Kevin was asking you about obvious vulnerabilities he'd already identified. You dismissed most of them.
+    + [I was trying not to alarm him]
+        Agent 0x99: Understandable. But when an insider is showing you red flags, validate their concerns.
+        Agent 0x99: You're supposed to be a security expert. Kevin needed you to see what he was seeing.
+        Agent 0x99: Fortunately, your other actions kept him cooperative. But that assessment almost blew your cover.
+        -> derek_discussion
+    + [Security assessment wasn't my priority]
+        Agent 0x99: It's part of your cover identity. When you're undercover as an expert, you need to be that expert.
+        Agent 0x99: Kevin noticed you were missing things he'd already flagged. That could have raised suspicions.
+        Agent 0x99: Mission succeeded anyway, but... work on your tradecraft. Deep cover requires authenticity.
+        -> derek_discussion
+}
+
+=== no_audit_feedback ===
+Agent 0x99: I noticed you didn't provide Kevin with a security assessment during your cover operation.
+
+Agent 0x99: That's fine—it wasn't required for the mission. But it could have strengthened your cover credibility.
+
+Agent 0x99: Next time you're undercover with a professional identity, look for opportunities to demonstrate authentic expertise.
+
+Agent 0x99: It builds trust. And trust gives you access.
+
+-> derek_discussion

 // ================================================
 // DEREK DISCUSSION - Based on how player handled confrontation
--- a/scenarios/m01_first_contact/ink/m01_closing_debrief.json
+++ b/scenarios/m01_first_contact/ink/m01_closing_debrief.json
--- a/scenarios/m01_first_contact/ink/m01_npc_kevin.ink
+++ b/scenarios/m01_first_contact/ink/m01_npc_kevin.ink
@@ -14,6 +14,12 @@ VAR given_keycard = false
 VAR given_password_hints = false
 VAR warned_about_derek = false

+// Security Audit Variables
+VAR security_audit_given = false
+VAR audit_questions_asked = 0
+VAR audit_correct_answers = 0
+VAR audit_wrong_answers = 0
+
 // ================================================
 // START: FIRST MEETING
 // ================================================
@@ -171,6 +177,8 @@ Kevin: And some notes on password patterns people use around here. Should help w
    -> ask_passwords
 + {not asked_about_derek and influence >= 3} [What else can you tell me about Derek?]
    -> ask_about_derek
+ {not security_audit_given and (given_lockpick or given_keycard) and influence >= 2} [I'd like to give you a preliminary security audit update]
+    -> security_audit_start
 + [I'll keep investigating. Thanks for the help.]
    #exit_conversation
    Kevin: No problem. And seriously—if you find anything, let me know. I need to know I'm not going crazy.
@@ -252,10 +260,199 @@ Kevin: Said it was for "client confidentiality" but... marketing doesn't need th

 + [What do you think he's really doing?]
    Kevin: I don't know. But whatever it is, it's not marketing.
-    Kevin: He's been meeting with external people—calls them "partners." 
+    Kevin: He's been meeting with external people—calls them "partners."
    Kevin: I saw notes once that mentioned something called "Operation Shatter."
    ~ influence += 2
    -> hub
 + [Maybe he's just paranoid]
    Kevin: Maybe. But Patricia didn't think so. And now she's gone.
    -> hub
+
+// ================================================
+// SECURITY AUDIT - MCQ Assessment
+// ================================================
+
+=== security_audit_start ===
+~ security_audit_given = true
+#set_variable:security_audit_completed=true
+
+Kevin: Oh! Yeah, I'd love to hear what you've found so far.
+
+Kevin: I mean, you're the professional. What's your assessment of our security posture?
+
+Player: I've been observing and testing. Let me give you some preliminary findings.
+
+Kevin: Please, go ahead. I need to know if I'm overreacting or if we really do have problems.
+
+-> audit_question_1
+
+// ================================================
+// AUDIT QUESTION 1: Physical Security
+// ================================================
+
+=== audit_question_1 ===
+~ audit_questions_asked += 1
+
+Player: First, let's talk about physical security. What would you say is the most significant concern?
+
+ [The building's physical access controls are adequate for a company this size]
+    ~ audit_wrong_answers += 1
+    Kevin: Really? I was worried about those old door locks...
+    Kevin: But I guess if you think they're adequate, maybe I'm being paranoid.
+    -> audit_question_2
+ [The old mechanical locks and that PIN pad on the IT room are easily bypassed]
+    ~ audit_correct_answers += 1
+    ~ influence += 1
+    Kevin: Yes! That's exactly what I've been saying!
+    Kevin: I requested modern electronic locks six months ago. Budget was "under review."
+    Kevin: Anyone with basic lockpicking skills could get into most rooms here.
+    -> audit_question_2
+ [Physical security isn't really a priority compared to digital security]
+    ~ audit_wrong_answers += 1
+    Kevin: Hmm. I thought physical access was important, but you're the expert.
+    Kevin: I guess I should focus more on the digital side then.
+    -> audit_question_2
+
+// ================================================
+// AUDIT QUESTION 2: Access Control
+// ================================================
+
+=== audit_question_2 ===
+~ audit_questions_asked += 1
+
+Player: Second question—I've been reviewing the access logs. What concerns you most about the patterns?
+
+ [Everything looks normal. Standard office hours access mostly]
+    ~ audit_wrong_answers += 1
+    Kevin: But... what about those 2 AM logins to the server room?
+    Kevin: Maybe I'm reading too much into it.
+    -> audit_question_3
+ [Derek's credentials being used for server room access at 2 AM is a red flag]
+    ~ audit_correct_answers += 1
+    ~ influence += 1
+    Kevin: Thank you! I knew I wasn't crazy!
+    Kevin: Management keeps telling me he's just "dedicated" and "works odd hours."
+    Kevin: But we don't have anything in that server room that marketing should be accessing at all.
+    -> audit_question_3
+ [The access logs seem fine, but you should implement better monitoring]
+    ~ audit_wrong_answers += 1
+    Kevin: I thought the current logs were already showing problems...
+    Kevin: But yeah, better monitoring couldn't hurt.
+    -> audit_question_3
+
+// ================================================
+// AUDIT QUESTION 3: Password Security
+// ================================================
+
+=== audit_question_3 ===
+~ audit_questions_asked += 1
+
+Player: Third—password security. What's your assessment of the biggest vulnerability?
+
+ [Your password complexity requirements are sufficient]
+    ~ audit_wrong_answers += 1
+    Kevin: I guess the requirements are technically there...
+    Kevin: I just worry people are finding predictable ways around them.
+    -> audit_question_4
+ [Staff are using predictable patterns—birthdays, company name plus numbers]
+    ~ audit_correct_answers += 1
+    ~ influence += 1
+    Kevin: Exactly! I see it all the time in password reset requests.
+    Kevin: "Viral2023" "Viral2024" - I've warned people but they keep doing it.
+    Kevin: And Derek... well, you've probably figured out his pattern by now.
+    -> audit_question_4
+ [Passwords aren't the real issue—focus on multi-factor authentication instead]
+    ~ audit_wrong_answers += 1
+    Kevin: We don't have MFA yet—budget constraints.
+    Kevin: So I'm stuck with just passwords for now. Wish we could implement MFA.
+    -> audit_question_4
+
+// ================================================
+// AUDIT QUESTION 4: Personnel Security
+// ================================================
+
+=== audit_question_4 ===
+~ audit_questions_asked += 1
+
+Player: Fourth—personnel security. What's the biggest red flag you see?
+
+ [The staff seem trustworthy. No major concerns]
+    ~ audit_wrong_answers += 1
+    Kevin: I want to believe that, I really do.
+    Kevin: But Patricia's firing still bothers me.
+    -> audit_question_5
+ [A manager investigating security concerns was suddenly fired—that's suspicious]
+    ~ audit_correct_answers += 1
+    ~ influence += 2
+    Kevin: Right?! That's what worries me most!
+    Kevin: Patricia was asking the right questions. Then she was gone.
+    Kevin: And nobody will tell me why. Just "performance issues."
+    Kevin: It sends a message: don't ask questions about Derek.
+    -> audit_question_5
+ [You need better background checks and security clearances]
+    ~ audit_wrong_answers += 1
+    Kevin: I mean, we do background checks for sensitive positions...
+    Kevin: But yeah, we could probably do better.
+    -> audit_question_5
+
+// ================================================
+// AUDIT QUESTION 5: Data Protection
+// ================================================
+
+=== audit_question_5 ===
+~ audit_questions_asked += 1
+
+Player: Finally—data protection practices. What concerns you about how sensitive data is handled here?
+
+ [Standard security practices seem to be followed adequately]
+    ~ audit_wrong_answers += 1
+    Kevin: I suppose most people follow the basics...
+    Kevin: Though Derek's setup still seems excessive to me.
+    -> audit_complete
+ [Derek's encrypted comms and separate network segments lack business justification]
+    ~ audit_correct_answers += 1
+    ~ influence += 2
+    Kevin: Yes! That's exactly it!
+    Kevin: Marketing doesn't need that level of segmentation. We're not handling credit cards or medical records.
+    Kevin: He claims it's for "client confidentiality" but I've never seen documentation justifying the architecture.
+    Kevin: It looks less like security and more like... hiding something.
+    -> audit_complete
+ [You need better encryption across the board]
+    ~ audit_wrong_answers += 1
+    Kevin: We have encryption where we need it...
+    Kevin: Though I guess more couldn't hurt?
+    -> audit_complete
+
+// ================================================
+// AUDIT COMPLETE - Kevin's Response
+// ================================================
+
+=== audit_complete ===
+
+Kevin: Thank you. Seriously, thank you for taking the time to go through this with me.
+
+{audit_correct_answers >= 4:
+    Kevin: You really understand what's happening here. Everything you've flagged matches my concerns exactly.
+    Kevin: It's such a relief to have a professional validate what I've been seeing.
+    Kevin: I've felt like I'm going crazy, or being paranoid. But you see it too.
+    ~ influence += 3
+}
+{audit_correct_answers == 3:
+    Kevin: You've identified some key issues. A few things we see differently, but overall you're confirming my main worries.
+    Kevin: At least I know I'm not completely off base with my concerns.
+    ~ influence += 2
+}
+{audit_correct_answers <= 2:
+    Kevin: I appreciate the feedback, even if we see some things differently.
+    Kevin: Maybe I am being too paranoid about some of this stuff.
+    Kevin: But... I still can't shake the feeling something's wrong here.
+    ~ influence += 1
+}
+
+Kevin: I'm going to document your findings in my incident log.
+
+Kevin: If management won't listen to me, maybe they'll listen to the security auditor.
+
+Kevin: Keep investigating. And please—if you find anything concrete, tell me immediately.
+
+-> hub
--- a/scenarios/m01_first_contact/ink/m01_npc_kevin.json
+++ b/scenarios/m01_first_contact/ink/m01_npc_kevin.json