Detects cloud AI agents (e.g. Manus AI, #15) that drive a real, stealth-patched Chromium — a profile that previously slipped past detection because real input silences the behavioral/CDP signals and stealth patches hide the environment tells.
Added — false-positive-safe patch-artifact detection
Flags traces a patched automation browser leaves that a genuine browser cannot, rather than environment-shape heuristics that would misfire on real Linux/VPN/desktop users.
Two scored signals (category headless, no weight changes):
tostring_proxied—Function.prototype.toStringis proxied (the signature move of stealth frameworks).- Permission contradiction —
Notification.permission === 'denied'while the Permissions API reports'prompt'(an impossible state for a real browser).
False-positive guardrail
The client also collects patched_* artifacts (canvas/webgl/permissions native overrides) but the servers deliberately do not score them — privacy extensions patch those same natives. They ride along for the opt-in verdict logging so they can be measured before ever acting on them.
Scope
Implemented across client/fcaptcha.js + all three server implementations (Go/Node/Python), covered by testStealthArtifactDetection. Verified no regressions against a clean-HEAD baseline.
Caveat: catches common stealth setups; a source-recompiled Chromium keeps toString natively native and still evades single-load detection — the durable answer there is cross-session correlation (roadmap).
Full changelog: v1.13.0...v1.14.0