Skip to content

v1.14.0 - Stealth-Patch Artifact Detection

Latest

Choose a tag to compare

@cport1 cport1 released this 29 Jun 02:51

Detects cloud AI agents (e.g. Manus AI, #15) that drive a real, stealth-patched Chromium — a profile that previously slipped past detection because real input silences the behavioral/CDP signals and stealth patches hide the environment tells.

Added — false-positive-safe patch-artifact detection

Flags traces a patched automation browser leaves that a genuine browser cannot, rather than environment-shape heuristics that would misfire on real Linux/VPN/desktop users.

Two scored signals (category headless, no weight changes):

  • tostring_proxiedFunction.prototype.toString is proxied (the signature move of stealth frameworks).
  • Permission contradictionNotification.permission === 'denied' while the Permissions API reports 'prompt' (an impossible state for a real browser).

False-positive guardrail

The client also collects patched_* artifacts (canvas/webgl/permissions native overrides) but the servers deliberately do not score them — privacy extensions patch those same natives. They ride along for the opt-in verdict logging so they can be measured before ever acting on them.

Scope

Implemented across client/fcaptcha.js + all three server implementations (Go/Node/Python), covered by testStealthArtifactDetection. Verified no regressions against a clean-HEAD baseline.

Caveat: catches common stealth setups; a source-recompiled Chromium keeps toString natively native and still evades single-load detection — the durable answer there is cross-session correlation (roadmap).

Full changelog: v1.13.0...v1.14.0