v1.12.0 - Input-Event Forensics & Think-Time Cadence
Minor release implementing Phase 2 of the AI-agent detection roadmap (docs/PRD-ai-agent-detection.md): catching AI agents that drive a real browser via CDP-injected input, which the legacy global-based checks can't see.
Features
-
feat(detection): input-event forensics + LLM think-time cadence (#10). New client signals (
behavioral.inputForensics,environmental.cdpRuntime) and server detections across Go/Node/Python:- Coalesced-event absence — real mice coalesce several hardware samples per frame; CDP-injected
pointermoveproduces single-entry batches. - Pointer movement incoherence —
movementX/Ythat doesn't track actual position deltas. - CDP/DevTools console attach — Error-accessor trap fired by an attached protocol consumer.
- Teleport clicks — mousedown injected at coordinates with no approach trajectory.
- Agent act/think cadence — bursts of activity separated by multi-second perfect silence.
- Programmatic textarea fill — content with zero keystrokes and zero pastes (Playwright
fill()/element.value=).
FP-managed: touch/keyboard exemptions on every signal, conservative thresholds, and the FP-prone signals (DevTools console, slow-human cadence) ship at low confidence so they contribute rather than block.
- Coalesced-event absence — real mice coalesce several hardware samples per frame; CDP-injected
Tests
- Go unit tests:
TestDetectCDP_InputForensics,TestDetectVisionAI_InputForensics,TestAnalyzeFormInteraction_ProgrammaticFill. Node/Python detectors verified functionally.
No breaking changes.