@aientrophy/sdk 0.2.1 → 0.3.0

package/dist/sri-hashes.json

@@ -0,0 +1,9 @@
+{
+  "generated": "2026-03-20T02:39:39.149Z",
+  "algorithm": "sha384",
+  "hashes": {
+    "core.js": "sha384-a9oAPKIopFcC2T2/9FpPpgShfpq4tmSJuIAjkcTXEh2IdydxjJ5V642FuwONhhNv",
+    "core.wasm": "sha384-fPJjZg5frGy3uptl1c6t4ekPOoQRQPquQVQEbrMf09T7mCur5iJVX4gGqkRfu93q",
+    "loader.js": "sha384-0v1eaWmQUDG7Xzh8ujnAFroO2azUb0n547CCqAL1opB0WUltJC8WMyV8e1XoKf2R"
+  }
+}

package/dist/types/challenge/ChallengeHandler.d.ts

@@ -3,6 +3,7 @@ export declare class ChallengeHandler {
     private originalFetch;
     private endpoint;
     private callbackManager;
+    private challengeInProgress;
     constructor(endpoint: string);
     setCallbackManager(cm: CallbackManager): void;
     start(): void;

package/dist/types/collection/BehaviorCollector.d.ts

@@ -1,21 +1,8 @@
 import { Transmitter } from '../transport';
 export declare class BehaviorCollector {
     private transmitter;
-    private trajectoryBuffer;
-    private keystrokeBuffer;
     private isCollecting;
-    private flushInterval;
-    private flushTimer;
     constructor(transmitter: Transmitter);
     start(): void;
     stop(): void;
-    private attachListeners;
-    private detachListeners;
-    private lastMouseMoveTime;
-    private onMouseMove;
-    private onKeyDown;
-    private onKeyUp;
-    private startFlushTimer;
-    private stopFlushTimer;
-    private flush;
 }

package/dist/types/core/index.d.ts

@@ -5,6 +5,13 @@ export interface SecuritySDKConfig {
     clientKey: string;
     debug?: boolean;
     callbacks?: SecuritySDKCallbacks;
+    /** Crawl protection config — set to enable anti-crawling */
+    crawlProtect?: {
+        /** CSS selectors to hide until JS challenge passes */
+        protectSelectors?: string[];
+        /** Insert honeypot data for non-JS crawlers */
+        insertHoneypot?: boolean;
+    };
     serverConfig?: {
         devtoolsDetection?: boolean;
         [key: string]: any;
@@ -12,7 +19,6 @@ export interface SecuritySDKConfig {
 }
 declare class SecuritySDK {
     private transmitter;
-    private collector;
     private behaviorCollector;
     private rapidClickDetector;
     private honeypot;
@@ -21,6 +27,13 @@ declare class SecuritySDK {
     private inputTracker;
     private challengeHandler;
     private invisibleInteraction;
+    private automationDetector;
+    private sessionAnalyzer;
+    private tabNavigationAnalyzer;
+    private cloudEnvironmentDetector;
+    private crossContextDetector;
+    private headlessProbeDetector;
+    private crawlProtect;
     private initialized;
     private wasmService;
     private callbackManager;

package/dist/types/detectors/AutomationDetector.d.ts

@@ -0,0 +1,43 @@
+import { Transmitter } from '../transport';
+/**
+ * AutomationDetector — Detects browser automation tools.
+ *
+ * Detection layers:
+ * 1. navigator.webdriver flag (WebDriver protocol sets this)
+ * 2. CDP serialization side-effect (Playwright/Puppeteer rely on CDP)
+ * 3. Automation-injected globals (Selenium, PhantomJS, etc.)
+ * 4. WebGL renderer check (SwiftShader/Mesa = headless indicators)
+ * 5. Browser property inconsistencies
+ */
+export declare class AutomationDetector {
+    private transmitter;
+    private hasRun;
+    constructor(transmitter: Transmitter);
+    start(): void;
+    private detect;
+    /**
+     * CDP serialization detection.
+     * When CDP's Runtime domain is active (Playwright/Puppeteer),
+     * console.log triggers serialization of objects, invoking getters.
+     * In normal browsers without DevTools open, getters are NOT invoked.
+     */
+    private detectCDP;
+    /**
+     * Check for automation framework globals injected into window.
+     */
+    private detectAutomationGlobals;
+    /**
+     * Check WebGL renderer for headless indicators.
+     * SwiftShader, Mesa OffScreen, and ANGLE (software) are headless markers.
+     */
+    private checkWebGL;
+    /**
+     * Cross-signal consistency checks.
+     * Compares multiple browser properties that should be correlated.
+     */
+    private checkInconsistencies;
+    /**
+     * Additional headless Chrome detection signals.
+     */
+    private checkHeadless;
+}

package/dist/types/detectors/CanvasFingerprinter.d.ts

@@ -2,9 +2,26 @@ import { Transmitter } from '../transport';
 import { WasmService } from '../core/wasm';
 export declare class CanvasFingerprinter {
     private transmitter;
-    private wasmService;
     private hasRun;
-    constructor(transmitter: Transmitter, wasmService: WasmService);
+    constructor(transmitter: Transmitter, _wasmService: WasmService);
     start(): void;
+    /**
+     * Generate canvas fingerprint using SHA-256 (upgraded from 32-bit FNV hash).
+     * SHA-256 eliminates collision risk at scale (2^128 vs ~77K for 32-bit).
+     */
     private generateFingerprint;
+    /**
+     * Compute SHA-256 hex digest using Web Crypto API.
+     */
+    private sha256;
+    /**
+     * Collect WebGL fingerprint data for cross-signal consistency validation.
+     * Includes renderer, vendor, and hardware parameter profile.
+     */
+    private collectWebGLFingerprint;
+    /**
+     * AudioContext fingerprint — the audio stack produces unique output
+     * per hardware/OS/browser combination, even for silent oscillators.
+     */
+    private collectAudioFingerprint;
 }

package/dist/types/detectors/CloudEnvironmentDetector.d.ts

@@ -0,0 +1,51 @@
+import { Transmitter } from '../transport';
+/**
+ * CloudEnvironmentDetector — Passively detects cloud VM, RDP, and virtual machine environments.
+ *
+ * This is a PASSIVE detector: it collects environment signals for logging and ML training
+ * but does NOT contribute to threat scoring. Cloud environments are not inherently malicious
+ * (remote workers, corporate VDI, etc.).
+ *
+ * Detection layers:
+ * 1. WebGL renderer analysis (virtual GPU identification)
+ * 2. Hardware characteristics (cores, memory, color depth)
+ * 3. Screen/display properties (VM-typical resolutions, no taskbar)
+ * 4. Media device availability (cameras, microphones, peripherals)
+ * 5. Canvas rendering performance benchmark
+ */
+export declare class CloudEnvironmentDetector {
+    private transmitter;
+    private hasRun;
+    constructor(transmitter: Transmitter);
+    start(): void;
+    private detect;
+    /**
+     * Analyze WebGL renderer to identify virtual GPUs.
+     */
+    private analyzeGPU;
+    /**
+     * Categorize GPU renderer string into environment type.
+     */
+    private categorizeGPU;
+    /**
+     * Collect hardware characteristics.
+     */
+    private analyzeHardware;
+    /**
+     * Analyze screen properties for VM indicators.
+     */
+    private analyzeScreen;
+    /**
+     * Check media device availability (cameras, microphones, peripherals).
+     */
+    private analyzeMedia;
+    /**
+     * Quick canvas rendering benchmark.
+     * Software rendering (VM without GPU) is significantly slower.
+     */
+    private benchmarkCanvas;
+    /**
+     * Classify the environment based on collected signals.
+     */
+    private classify;
+}

package/dist/types/detectors/CrossContextDetector.d.ts

@@ -0,0 +1,34 @@
+import { Transmitter } from '../transport';
+/**
+ * CrossContextDetector — iframe/Worker 크로스 컨텍스트 일관성 검증.
+ *
+ * 스푸핑 방어의 핵심: 메인 컨텍스트의 navigator 속성은 Object.defineProperty로
+ * 쉽게 조작 가능하지만, iframe이나 WebWorker 내부의 값은 별도 조작이 필요.
+ * 두 컨텍스트 간 불일치를 탐지하면 스푸핑을 높은 확률로 잡아냄.
+ *
+ * Detection:
+ *   1. iframe navigator.webdriver vs 메인
+ *   2. iframe navigator.plugins/languages vs 메인
+ *   3. WebWorker navigator 속성 vs 메인
+ *   4. WebWorker WebGL (OffscreenCanvas) vs 메인
+ *
+ * References:
+ *   - deviceandbrowserinfo.com/are_you_a_bot (hasWebdriverInFrameTrue, hasInconsistentWorkerValues)
+ *   - browserscan.net/bot-detection
+ */
+export declare class CrossContextDetector {
+    private transmitter;
+    private hasRun;
+    constructor(transmitter: Transmitter);
+    start(): void;
+    private detect;
+    /**
+     * Create a sandboxed iframe and compare navigator values.
+     */
+    private checkIframe;
+    /**
+     * Spin up a WebWorker and compare navigator values.
+     * Workers have their own navigator which is harder to spoof.
+     */
+    private checkWorker;
+}

package/dist/types/detectors/HeadlessProbeDetector.d.ts

@@ -0,0 +1,66 @@
+import { Transmitter } from '../transport';
+/**
+ * HeadlessProbeDetector — DOM/렌더링 기반 headless 탐지.
+ *
+ * 순수 JavaScript 속성 스푸핑으로는 우회 불가능한 항목들:
+ *
+ *   1. 깨진 이미지 크기 검사 (intoli, sannysoft)
+ *      - 존재하지 않는 이미지의 naturalWidth/Height
+ *      - 정상 브라우저: placeholder 크기 (>0), headless: 0x0
+ *
+ *   2. Client Hints 일관성 (deviceandbrowserinfo)
+ *      - navigator.userAgentData.brands vs User-Agent 문자열
+ *      - UA를 스푸핑해도 Client Hints를 같이 바꾸지 않으면 불일치
+ *
+ *   3. CDP 마우스 이벤트 구별 (deviceandbrowserinfo)
+ *      - Input.dispatchMouseEvent는 네이티브와 미묘한 차이 존재
+ *      - movementX/Y가 0, isTrusted가 true지만 screenX/Y 불일치 등
+ *
+ *   4. Hairline 지원 (intoli)
+ *      - 0.5px border → offsetHeight 검사
+ *
+ *   5. Sequentum/추가 프레임워크 탐지
+ */
+export declare class HeadlessProbeDetector {
+    private transmitter;
+    private hasRun;
+    constructor(transmitter: Transmitter);
+    start(): void;
+    private detect;
+    /**
+     * Broken image dimensions test.
+     * Normal browsers render a placeholder for broken images (typically 16x16 or 24x24).
+     * Headless Chrome returns 0x0.
+     */
+    private checkBrokenImage;
+    /**
+     * Client Hints consistency check.
+     * navigator.userAgentData (if available) should match UA string.
+     * Bots that spoof UA often forget to update Client Hints.
+     */
+    private checkClientHints;
+    /**
+     * CDP mouse event signature detection.
+     * CDP's Input.dispatchMouseEvent creates events where:
+     *   - movementX/Y are always 0 (no real mouse delta)
+     *   - screenX/Y may not match clientX/Y + window offset
+     *   - Multiple rapid mousemove without mousedown have consistent offsets
+     *
+     * We collect a few mouse events and check for CDP patterns.
+     */
+    private checkCDPMouseSignature;
+    /**
+     * Hairline (0.5px border) support test.
+     * HiDPI devices support 0.5px borders. Headless Chrome may not.
+     */
+    private checkHairlineSupport;
+    /**
+     * Additional automation framework globals.
+     */
+    private checkExtraFrameworks;
+    /**
+     * CDP detection within WebWorker context.
+     * Same getter-trap technique but inside a Worker where it's harder to intercept.
+     */
+    private checkWorkerCDP;
+}

package/dist/types/detectors/InputTracker.d.ts

@@ -10,6 +10,7 @@ export declare class InputTracker {
     private dwellTimes;
     private suspiciousFocusCount;
     private suspiciousFocusResetTimer;
+    private rawKeystrokes;
     constructor(transmitter: Transmitter);
     start(): void;
     private detectMobile;

package/dist/types/detectors/MouseTracker.d.ts

@@ -6,7 +6,9 @@ export declare class MouseTracker {
     private buffer;
     private readonly BUFFER_SIZE;
     private readonly SAMPLE_INTERVAL;
+    private readonly SEND_COOLDOWN;
     private lastSampleTime;
+    private lastSendTime;
     constructor(transmitter: Transmitter, wasmService: WasmService);
     start(): void;
     stop(): void;

package/dist/types/detectors/SessionAnalyzer.d.ts

@@ -0,0 +1,39 @@
+import { Transmitter } from '../transport';
+/**
+ * SessionAnalyzer — Tracks session-level behavioral patterns that individual
+ * event detectors miss. Focuses on:
+ *
+ * 1. Page navigation timing (time between page transitions)
+ * 2. Interaction density (events per second)
+ * 3. Session duration vs form completion (too fast = bot)
+ * 4. Event timing distribution (coefficient of variation, entropy)
+ */
+export declare class SessionAnalyzer {
+    private transmitter;
+    private sessionStart;
+    private pageTransitions;
+    private interactionTimestamps;
+    private lastPageUrl;
+    private formStartTimes;
+    private reportInterval;
+    constructor(transmitter: Transmitter);
+    start(): void;
+    private observeNavigation;
+    private onPageTransition;
+    private observeForms;
+    private report;
+    private calculateIntervals;
+    private analyzeTimingDistribution;
+    private analyzePageTransitions;
+    /**
+     * Shannon entropy of intervals binned into buckets.
+     * Low entropy = predictable/regular timing = bot-like.
+     */
+    private shannonEntropy;
+    /**
+     * Autocorrelation at lag-1.
+     * Human timing: moderate positive autocorrelation (motor control inertia).
+     * Random delays: near-zero autocorrelation.
+     */
+    private autocorrelation;
+}

package/dist/types/detectors/TabNavigationAnalyzer.d.ts

@@ -0,0 +1,36 @@
+import { Transmitter } from '../transport';
+/**
+ * TabNavigationAnalyzer — Detects robotic Tab key navigation patterns.
+ *
+ * Macros navigate forms by pressing Tab rapidly and uniformly to reach
+ * target elements, then stop to type/click. Humans have variable timing,
+ * occasionally overshoot (Shift+Tab), and don't maintain constant speed.
+ *
+ * Signals:
+ * 1. Tab interval CV (coefficient of variation) — low CV = mechanical regularity
+ * 2. Tab speed — avg interval < 50ms = superhuman
+ * 3. Shift+Tab ratio — absence of backtracking = suspicious (amplifier)
+ * 4. Tab bursts — consecutive rapid Tabs (< 80ms intervals)
+ */
+export declare class TabNavigationAnalyzer {
+    private transmitter;
+    private tabTimestamps;
+    private shiftTabCount;
+    private tabCount;
+    private isShiftDown;
+    private readonly BURST_THRESHOLD_MS;
+    private reportInterval;
+    private readonly REPORT_INTERVAL_MS;
+    private readonly MIN_TABS_TO_REPORT;
+    private readonly TAB_TRIGGER_COUNT;
+    constructor(transmitter: Transmitter);
+    start(): void;
+    stop(): void;
+    private onKeyDown;
+    private onKeyUp;
+    private report;
+    private resetBuffers;
+    private calculateIntervals;
+    private analyzeIntervals;
+    private analyzeBursts;
+}

package/dist/types/detectors/console.d.ts

@@ -30,6 +30,10 @@ export declare class ConsoleDetector {
      * When DevTools is docked (side or bottom), the browser viewport
      * shrinks while outer dimensions stay the same.
      * Threshold 160px covers DevTools minimum width/height.
+     *
+     * IMPORTANT: Skip on mobile/touch devices — mobile browsers have
+     * address bars, navigation bars, and soft keyboards that create
+     * large outerHeight-innerHeight gaps, causing false positives.
      */
     private startSizeDetection;
 }

package/dist/types/protection/CrawlProtect.d.ts

@@ -0,0 +1,38 @@
+/**
+ * CrawlProtect — JS challenge-based crawling defense.
+ *
+ * Automatically solves a server-issued challenge and obtains a signed
+ * __aie_token cookie. This cookie proves the client executed JavaScript,
+ * which server-side crawlers (requests, wget, scrapy) cannot do.
+ *
+ * FE-only mode: Also provides content protection by gating sensitive
+ * DOM content behind challenge completion.
+ */
+export interface CrawlProtectConfig {
+    apiBase: string;
+    clientId: string;
+    /** Protect specific CSS selectors — hide until challenge passed */
+    protectSelectors?: string[];
+    /** Insert honeypot data for crawlers that bypass JS */
+    insertHoneypot?: boolean;
+    debug?: boolean;
+}
+export declare class CrawlProtect {
+    private config;
+    private renewTimer;
+    private verified;
+    constructor(config: CrawlProtectConfig);
+    start(): Promise<boolean>;
+    isVerified(): boolean;
+    stop(): void;
+    private solveChallenge;
+    private hideContent;
+    private revealContent;
+    private insertHoneypotData;
+    private getToken;
+    private setToken;
+    private isExpired;
+    private scheduleRenewal;
+    private sha256;
+    private getFingerprint;
+}

package/dist/types/protection/CryptoUtils.d.ts

@@ -1,18 +1,48 @@
+/**
+ * Cryptographic utilities for SDK ↔ Server secure communication.
+ *
+ * Supports two key-exchange modes:
+ *   1. ECDH + HKDF (default) — Perfect Forward Secrecy
+ *   2. RSA-OAEP (legacy fallback) — static server key
+ *
+ * Envelope format v2 (ECDH):
+ *   { ek: base64(ECDH public key), d, iv, tag, v: 2 }
+ *
+ * Envelope format v1 (RSA, unchanged):
+ *   { ek: base64(RSA-encrypted AES key), d, iv, tag }
+ */
 export declare class CryptoUtils {
     private static sessionKey;
+    private static ecdhPublicKeyBase64;
     private static encryptedSessionKey;
+    private static protocolVersion;
     /**
-     * Initialize session key if not exists
+     * Initialize session key using ECDH + HKDF (PFS) or RSA fallback.
      */
     static init(): Promise<void>;
     /**
-     * Encrypt Payload using AES-GCM
+     * ECDH + HKDF key exchange — provides Perfect Forward Secrecy.
+     *
+     * 1. Generate ephemeral ECDH key pair (P-256)
+     * 2. Fetch server's ephemeral ECDH public key from /key-exchange
+     * 3. Derive shared secret via ECDH
+     * 4. Derive AES-256-GCM key via HKDF-SHA256
+     */
+    private static initECDH;
+    /**
+     * RSA-OAEP key exchange (legacy fallback, no PFS).
+     */
+    private static initRSA;
+    /**
+     * Encrypt Payload using AES-GCM.
+     * Returns envelope with version indicator for server-side dispatch.
      */
     static encrypt(data: any): Promise<{
         ek: string;
         d: string;
         iv: string;
         tag: string;
+        v?: number;
     }>;
     /**
      * Decrypt Response using AES-GCM
@@ -22,7 +52,12 @@ export declare class CryptoUtils {
         iv: string;
         tag: string;
     }): Promise<any>;
-    private static importPublicKey;
+    /**
+     * Store the endpoint URL for ECDH key exchange.
+     * Called from Transmitter.setConfig().
+     */
+    static setEndpoint(endpoint: string): void;
+    private static importRSAPublicKey;
     private static str2ab;
     private static arrayBufferToBase64;
     private static base64ToArrayBuffer;

package/dist/types/transport/index.d.ts

@@ -13,6 +13,9 @@ export declare class Transmitter {
     private callbackManager;
     private flushing;
     private pendingFlush;
+    private backoffMs;
+    private maxBackoffMs;
+    private _lastBackoffStart;
     constructor();
     setConfig(config: SecuritySDKConfig): void;
     setResponseHandler(handler: (response: any) => void): void;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aientrophy/sdk",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "description": "Aientrophy Security SDK – bot detection, threat monitoring, and CAPTCHA protection",
   "main": "dist/npm/index.cjs.js",
   "module": "dist/npm/index.es.js",
@@ -20,7 +20,7 @@
   "sideEffects": false,
   "scripts": {
     "dev": "vite",
-    "build": "tsc && vite build -c vite.core.config.ts && vite build",
+    "build": "tsc && vite build -c vite.core.config.ts && vite build && node scripts/generate-sri.js",
     "build:npm": "vite build -c vite.npm.config.ts && npx tsc -p tsconfig.npm.json",
     "build:payload": "vite build -c vite.config.payload.ts",
     "prepublishOnly": "npm run build:npm",

package/dist/types/collector/index.d.ts

@@ -1,11 +0,0 @@
-import { Transmitter } from '../transport';
-export declare class EventCollector {
-    private transmitter;
-    private listeners;
-    constructor(transmitter: Transmitter);
-    start(): void;
-    stop(): void;
-    private attachListeners;
-    private detachListeners;
-    private throttle;
-}