@toffee-at/sdk 0.1.0

package/src/detect/behavioral.ts

@@ -0,0 +1,382 @@
+import type { DetectorResult } from './types';
+
+interface MousePoint {
+  x: number;
+  y: number;
+  t: number;
+}
+
+/**
+ * Persistent behavioral monitor that continuously collects interaction data
+ * and can be scored on demand at any time.
+ *
+ * Key signals for detecting AI agents using browser extensions:
+ * - Mouse teleportation (direct jumps to targets, no approach path)
+ * - Low trajectory entropy (straight-line or uniform movements)
+ * - High movement efficiency (too-direct paths)
+ * - No micro-jitter (missing human hand tremor)
+ * - Programmatic scrolling (no preceding wheel/touch input)
+ */
+export class BehavioralMonitor {
+  private mousePoints: MousePoint[] = [];
+  private clicks: { x: number; y: number; t: number }[] = [];
+  private scrollTimestamps: number[] = [];
+  private wheelTimestamps: number[] = [];
+  private keyTimings: number[] = [];
+  clickDurations: number[] = [];
+  allEventTimestamps: number[] = [];
+  private pendingMouseDown: number | null = null;
+  private lastInputTime = 0;
+  private trustedEventCount = 0;
+  private untrustedEventCount = 0;
+  private active = false;
+
+  private onMouseMove = (e: MouseEvent) => {
+    this.mousePoints.push({ x: e.clientX, y: e.clientY, t: performance.now() });
+    if (this.mousePoints.length > 500) this.mousePoints.shift();
+    if (e.isTrusted) { this.trustedEventCount++; this.lastInputTime = performance.now(); }
+    else { this.untrustedEventCount++; }
+    this.allEventTimestamps.push(performance.now());
+  };
+
+  private onClick = (e: MouseEvent) => {
+    this.clicks.push({ x: e.clientX, y: e.clientY, t: performance.now() });
+    if (e.isTrusted) { this.trustedEventCount++; this.lastInputTime = performance.now(); }
+    this.allEventTimestamps.push(performance.now());
+  };
+
+  private onScroll = () => {
+    this.scrollTimestamps.push(performance.now());
+    this.allEventTimestamps.push(performance.now());
+  };
+
+  private onWheel = () => {
+    this.wheelTimestamps.push(performance.now());
+    this.lastInputTime = performance.now();
+  };
+
+  private onKeyDown = (e: KeyboardEvent) => {
+    this.keyTimings.push(performance.now());
+    if (e.isTrusted) { this.trustedEventCount++; this.lastInputTime = performance.now(); }
+    this.allEventTimestamps.push(performance.now());
+  };
+
+  onMouseDown(): void {
+    this.pendingMouseDown = performance.now();
+    this.allEventTimestamps.push(this.pendingMouseDown);
+  }
+
+  onMouseUp(): void {
+    const now = performance.now();
+    if (this.pendingMouseDown !== null) {
+      this.clickDurations.push(now - this.pendingMouseDown);
+      this.pendingMouseDown = null;
+    }
+    this.allEventTimestamps.push(now);
+  }
+
+  getState() {
+    return {
+      mousePoints: this.mousePoints,
+      clicks: this.clicks,
+      clickDurations: this.clickDurations,
+      scrollTimestamps: this.scrollTimestamps,
+      keyTimings: this.keyTimings,
+      allEventTimestamps: this.allEventTimestamps,
+    };
+  }
+
+  start() {
+    if (this.active) return;
+    this.active = true;
+    document.addEventListener('mousemove', this.onMouseMove, { passive: true });
+    document.addEventListener('click', this.onClick, { passive: true });
+    document.addEventListener('scroll', this.onScroll, { passive: true });
+    document.addEventListener('wheel', this.onWheel, { passive: true });
+    document.addEventListener('keydown', this.onKeyDown, { passive: true });
+  }
+
+  stop() {
+    if (!this.active) return;
+    this.active = false;
+    document.removeEventListener('mousemove', this.onMouseMove);
+    document.removeEventListener('click', this.onClick);
+    document.removeEventListener('scroll', this.onScroll);
+    document.removeEventListener('wheel', this.onWheel);
+    document.removeEventListener('keydown', this.onKeyDown);
+  }
+
+  /** Score the current behavioral data on demand */
+  score(): DetectorResult {
+    let score = 0;
+    const signals: string[] = [];
+
+    // === Absence-of-interaction checks ===
+    if (this.mousePoints.length === 0) {
+      score += 25;
+      signals.push('no-mouse-events');
+    }
+
+    if (this.scrollTimestamps.length === 0) {
+      score += 10;
+      signals.push('no-scroll-events');
+    }
+
+    if (this.keyTimings.length === 0) {
+      score += 5;
+      signals.push('no-keyboard-events');
+    }
+
+    // All events untrusted (synthetic)
+    if (this.untrustedEventCount > 0 && this.trustedEventCount === 0) {
+      score += 15;
+      signals.push('all-untrusted-events');
+    }
+
+    // === Mouse trajectory analysis ===
+    if (this.mousePoints.length >= 3) {
+      // 1. Trajectory entropy
+      const entropy = computeTrajectoryEntropy(this.mousePoints);
+      if (entropy < 0.5) {
+        score += 20;
+        signals.push(`low-trajectory-entropy:${entropy.toFixed(2)}`);
+      } else if (entropy < 1.2) {
+        score += 10;
+        signals.push(`medium-trajectory-entropy:${entropy.toFixed(2)}`);
+      }
+
+      // 2. Movement efficiency
+      const efficiency = computeMovementEfficiency(this.mousePoints);
+      if (efficiency > 0.95) {
+        score += 15;
+        signals.push(`high-movement-efficiency:${efficiency.toFixed(3)}`);
+      } else if (efficiency > 0.90) {
+        score += 8;
+        signals.push(`elevated-movement-efficiency:${efficiency.toFixed(3)}`);
+      }
+
+      // 3. Micro-jitter analysis (humans have involuntary hand tremor)
+      // Extension agents generate very few points, so lower the threshold
+      if (!hasMicroJitter(this.mousePoints) && this.mousePoints.length >= 3) {
+        score += 15;
+        signals.push('no-micro-jitter');
+      }
+
+      // 4. Teleportation detection: large jumps with no intermediate points
+      // Extension-based agents have multi-second gaps between actions,
+      // so we detect by distance + lack of intermediate points, not by timing
+      const teleports = countTeleportations(this.mousePoints);
+      if (teleports > 0) {
+        score += Math.min(teleports * 10, 20);
+        signals.push(`mouse-teleportation:${teleports}`);
+      }
+
+      // 5. Very few mouse events relative to interaction time (STRONGEST signal)
+      // Humans generate 30-60+ mousemove events per second continuously
+      // Extension agents generate exactly 1 event per action (hover/click)
+      const timeSpanMs = this.mousePoints[this.mousePoints.length - 1].t - this.mousePoints[0].t;
+      if (timeSpanMs > 500) {
+        const eventsPerSecond = (this.mousePoints.length / timeSpanMs) * 1000;
+        if (eventsPerSecond < 1) {
+          // Extremely sparse: < 1 event/sec over a meaningful period
+          score += 25;
+          signals.push(`very-sparse-mouse-events:${eventsPerSecond.toFixed(2)}/s`);
+        } else if (eventsPerSecond < 5) {
+          score += 15;
+          signals.push(`sparse-mouse-events:${eventsPerSecond.toFixed(1)}/s`);
+        }
+      }
+
+      // 6. Point-per-action ratio: compare mouse points to clicks
+      // Humans: dozens of mouse events per click (approach, hover, adjust)
+      // Agents: 1-2 mouse events per click (teleport to target, click)
+      if (this.clicks.length > 0) {
+        const pointsPerClick = this.mousePoints.length / this.clicks.length;
+        if (pointsPerClick < 3) {
+          score += 15;
+          signals.push(`low-points-per-click:${pointsPerClick.toFixed(1)}`);
+        }
+      }
+    }
+
+    // === Pre-click approach analysis ===
+    if (this.clicks.length > 0 && this.mousePoints.length > 0) {
+      const approach = analyzePreClickApproach(this.mousePoints, this.clicks);
+      if (approach.teleportClicks > 0) {
+        score += Math.min(approach.teleportClicks * 15, 25);
+        signals.push(`teleport-clicks:${approach.teleportClicks}/${this.clicks.length}`);
+      }
+      if (approach.avgApproachPath < 10 && this.clicks.length >= 1) {
+        score += 15;
+        signals.push(`minimal-approach-path:${approach.avgApproachPath.toFixed(1)}px`);
+      }
+    }
+
+    // === Scroll behavior analysis ===
+    if (this.scrollTimestamps.length >= 3) {
+      // Programmatic scrolling: scroll events without nearby wheel events
+      let programmaticScrolls = 0;
+      for (const st of this.scrollTimestamps) {
+        const hasNearbyWheel = this.wheelTimestamps.some((wt) => Math.abs(wt - st) < 100);
+        if (!hasNearbyWheel) programmaticScrolls++;
+      }
+      if (programmaticScrolls > this.scrollTimestamps.length * 0.7) {
+        score += 10;
+        signals.push('programmatic-scrolling');
+      }
+    }
+
+    // === Keystroke dynamics ===
+    if (this.keyTimings.length >= 5) {
+      const intervals: number[] = [];
+      for (let i = 1; i < this.keyTimings.length; i++) {
+        intervals.push(this.keyTimings[i] - this.keyTimings[i - 1]);
+      }
+      const mean = intervals.reduce((a, b) => a + b, 0) / intervals.length;
+      const variance = intervals.reduce((sum, v) => sum + (v - mean) ** 2, 0) / intervals.length;
+      const cv = Math.sqrt(variance) / mean;
+      if (cv < 0.15) {
+        score += 10;
+        signals.push(`uniform-keystroke-timing:cv=${cv.toFixed(3)}`);
+      }
+    }
+
+    return {
+      detector: 'behavioral',
+      rawScore: Math.min(score, 100),
+      signals,
+    };
+  }
+}
+
+// Legacy function interface for backwards compatibility
+export function detectBehavioral(): Promise<DetectorResult> {
+  return new Promise((resolve) => {
+    const monitor = new BehavioralMonitor();
+    monitor.start();
+    setTimeout(() => {
+      monitor.stop();
+      resolve(monitor.score());
+    }, 3000);
+  });
+}
+
+// ─── Analysis functions ────────────────────────────────
+
+function computeTrajectoryEntropy(points: MousePoint[]): number {
+  if (points.length < 3) return 3;
+  const NUM_BINS = 8;
+  const bins = new Array(NUM_BINS).fill(0);
+  for (let i = 1; i < points.length; i++) {
+    const dx = points[i].x - points[i - 1].x;
+    const dy = points[i].y - points[i - 1].y;
+    if (dx === 0 && dy === 0) continue;
+    let angle = Math.atan2(dy, dx);
+    if (angle < 0) angle += 2 * Math.PI;
+    bins[Math.floor((angle / (2 * Math.PI)) * NUM_BINS) % NUM_BINS]++;
+  }
+  const total = bins.reduce((a, b) => a + b, 0);
+  if (total === 0) return 3;
+  let entropy = 0;
+  for (const count of bins) {
+    if (count === 0) continue;
+    const p = count / total;
+    entropy -= p * Math.log2(p);
+  }
+  return entropy;
+}
+
+function computeMovementEfficiency(points: MousePoint[]): number {
+  if (points.length < 2) return 0;
+  const segments: MousePoint[][] = [];
+  let current: MousePoint[] = [points[0]];
+  for (let i = 1; i < points.length; i++) {
+    if (points[i].t - points[i - 1].t > 200) {
+      if (current.length >= 2) segments.push(current);
+      current = [points[i]];
+    } else {
+      current.push(points[i]);
+    }
+  }
+  if (current.length >= 2) segments.push(current);
+  if (segments.length === 0) return 0;
+  const efficiencies: number[] = [];
+  for (const seg of segments) {
+    const start = seg[0], end = seg[seg.length - 1];
+    const euclidean = Math.sqrt((end.x - start.x) ** 2 + (end.y - start.y) ** 2);
+    let pathLength = 0;
+    for (let i = 1; i < seg.length; i++) {
+      pathLength += Math.sqrt((seg[i].x - seg[i - 1].x) ** 2 + (seg[i].y - seg[i - 1].y) ** 2);
+    }
+    if (pathLength > 5) efficiencies.push(euclidean / pathLength);
+  }
+  if (efficiencies.length === 0) return 0;
+  return efficiencies.reduce((a, b) => a + b, 0) / efficiencies.length;
+}
+
+function hasMicroJitter(points: MousePoint[]): boolean {
+  if (points.length < 10) return true; // Assume human if not enough data
+  let reversals = 0, totalSmallMoves = 0;
+  for (let i = 2; i < points.length; i++) {
+    const dx1 = points[i - 1].x - points[i - 2].x;
+    const dy1 = points[i - 1].y - points[i - 2].y;
+    const dx2 = points[i].x - points[i - 1].x;
+    const dy2 = points[i].y - points[i - 1].y;
+    const dist = Math.sqrt(dx2 * dx2 + dy2 * dy2);
+    if (dist > 0 && dist < 5) {
+      totalSmallMoves++;
+      if (dx1 * dx2 < 0 || dy1 * dy2 < 0) reversals++;
+    }
+  }
+  const jitterRatio = totalSmallMoves > 0 ? reversals / totalSmallMoves : 0;
+  return jitterRatio > 0.15 || totalSmallMoves > points.length * 0.1;
+}
+
+/**
+ * Detect teleportation: large jumps between consecutive mouse events.
+ *
+ * Extension-based agents (Claude-in-Chrome) generate 1 mousemove per action,
+ * with large pixel jumps between them. Humans move smoothly with many
+ * intermediate events, so consecutive events are close together (< 20px typically).
+ *
+ * A 200+ pixel jump between consecutive mousemove events is a strong teleport signal.
+ */
+function countTeleportations(points: MousePoint[]): number {
+  let teleports = 0;
+  for (let i = 1; i < points.length; i++) {
+    const dx = points[i].x - points[i - 1].x;
+    const dy = points[i].y - points[i - 1].y;
+    const dist = Math.sqrt(dx * dx + dy * dy);
+    // Any large jump between consecutive events is teleportation
+    // Humans have smooth paths with many small increments
+    if (dist > 200) teleports++;
+  }
+  return teleports;
+}
+
+function analyzePreClickApproach(
+  points: MousePoint[],
+  clicks: { x: number; y: number; t: number }[]
+): { teleportClicks: number; avgApproachPath: number } {
+  let teleportClicks = 0, totalApproachPath = 0;
+  for (const click of clicks) {
+    const approachPoints = points.filter((p) => p.t >= click.t - 500 && p.t <= click.t);
+    if (approachPoints.length <= 1) {
+      teleportClicks++;
+      continue;
+    }
+    let pathLength = 0;
+    for (let i = 1; i < approachPoints.length; i++) {
+      pathLength += Math.sqrt(
+        (approachPoints[i].x - approachPoints[i - 1].x) ** 2 +
+        (approachPoints[i].y - approachPoints[i - 1].y) ** 2
+      );
+    }
+    totalApproachPath += pathLength;
+    if (pathLength < 10) teleportClicks++;
+  }
+  return {
+    teleportClicks,
+    avgApproachPath: clicks.length > 0 ? totalApproachPath / clicks.length : 0,
+  };
+}

package/src/detect/features.ts

@@ -0,0 +1,126 @@
+/**
+ * Extracts the 4 minimal features for the SAINT model classifier
+ * from the behavioral monitor's ring buffers.
+ *
+ * Threshold note: TELEPORT_THRESHOLD_PX is 100px here to match the
+ * toffee-model training pipeline (resampler.py). The heuristic detector
+ * in behavioral.ts uses 200px for its separate scoring — different purpose.
+ */
+
+import type { ModelFeatures } from '@toffee-at/shared';
+export type { ModelFeatures };
+
+interface MousePoint {
+  x: number;
+  y: number;
+  t: number;
+}
+
+interface ClickEvent {
+  x: number;
+  y: number;
+  t: number;
+}
+
+const BURST_GAP_MS = 1000;
+const TELEPORT_THRESHOLD_PX = 100;
+const ENTROPY_BINS = 20;
+
+function actionBurstRatio(
+  clickTimestamps: number[],
+  scrollTimestamps: number[],
+  keyTimings: number[],
+): number {
+  const allActions = [
+    ...clickTimestamps,
+    ...scrollTimestamps,
+    ...keyTimings,
+  ].sort((a, b) => a - b);
+
+  if (allActions.length < 2) return 0;
+
+  let burstCount = 0;
+  for (let i = 1; i < allActions.length; i++) {
+    if (allActions[i] - allActions[i - 1] < BURST_GAP_MS) {
+      burstCount++;
+    }
+  }
+  return burstCount / (allActions.length - 1);
+}
+
+function clickDurationStd(clickDurations: number[]): number {
+  if (clickDurations.length < 2) return 0;
+  const mean =
+    clickDurations.reduce((a, b) => a + b, 0) / clickDurations.length;
+  const variance =
+    clickDurations.reduce((sum, d) => sum + (d - mean) ** 2, 0) /
+    clickDurations.length;
+  return Math.sqrt(variance);
+}
+
+function interEventEntropy(allTimestamps: number[]): number {
+  if (allTimestamps.length < 2) return 0;
+
+  const sorted = [...allTimestamps].sort((a, b) => a - b);
+  const gaps: number[] = [];
+  for (let i = 1; i < sorted.length; i++) {
+    gaps.push(sorted[i] - sorted[i - 1]);
+  }
+
+  if (gaps.length === 0) return 0;
+
+  const maxGap = Math.max(...gaps);
+  const minGap = Math.min(...gaps);
+  if (maxGap === minGap) return 0;
+
+  const binWidth = (maxGap - minGap) / ENTROPY_BINS;
+  const bins = new Array(ENTROPY_BINS).fill(0);
+  for (const gap of gaps) {
+    const bin = Math.min(
+      Math.floor((gap - minGap) / binWidth),
+      ENTROPY_BINS - 1,
+    );
+    bins[bin]++;
+  }
+
+  let entropy = 0;
+  for (const count of bins) {
+    if (count > 0) {
+      const p = count / gaps.length;
+      entropy -= p * Math.log2(p);
+    }
+  }
+  return entropy;
+}
+
+function mouseTeleportation(points: MousePoint[]): number {
+  let count = 0;
+  for (let i = 1; i < points.length; i++) {
+    const dx = points[i].x - points[i - 1].x;
+    const dy = points[i].y - points[i - 1].y;
+    if (Math.sqrt(dx * dx + dy * dy) > TELEPORT_THRESHOLD_PX) {
+      count++;
+    }
+  }
+  return count;
+}
+
+export function extractModelFeatures(state: {
+  mousePoints: MousePoint[];
+  clicks: ClickEvent[];
+  clickDurations: number[];
+  scrollTimestamps: number[];
+  keyTimings: number[];
+  allEventTimestamps: number[];
+}): ModelFeatures {
+  return {
+    action_burst_ratio: actionBurstRatio(
+      state.clicks.map((c) => c.t),
+      state.scrollTimestamps,
+      state.keyTimings,
+    ),
+    click_duration_std: clickDurationStd(state.clickDurations),
+    inter_event_entropy: interEventEntropy(state.allEventTimestamps),
+    mouse_teleportation: mouseTeleportation(state.mousePoints),
+  };
+}

package/src/detect/fingerprint.ts

@@ -0,0 +1,115 @@
+import type { DetectorResult } from './types';
+
+/**
+ * Browser fingerprinting: WebGL renderer + canvas tamper detection.
+ * Catches headless browsers using software renderers (SwiftShader, Mesa)
+ * and environments that intercept canvas APIs.
+ */
+export function detectFingerprint(): DetectorResult {
+  let score = 0;
+  const signals: string[] = [];
+
+  // 1. WebGL renderer detection
+  try {
+    const canvas = document.createElement('canvas');
+    const gl = canvas.getContext('webgl') || canvas.getContext('experimental-webgl') as WebGLRenderingContext | null;
+    if (gl) {
+      const debugInfo = (gl as WebGLRenderingContext).getExtension('WEBGL_debug_renderer_info');
+      if (debugInfo) {
+        const renderer = (gl as WebGLRenderingContext).getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) as string;
+        const vendor = (gl as WebGLRenderingContext).getParameter(debugInfo.UNMASKED_VENDOR_WEBGL) as string;
+
+        // Software renderers used by headless Chrome
+        const softwareRenderers = /swiftshader|mesa offscreen|llvmpipe|softpipe|software rasterizer/i;
+        if (softwareRenderers.test(renderer)) {
+          score += 35;
+          signals.push(`software-renderer:${renderer.toLowerCase().replace(/\s+/g, '-')}`);
+        }
+
+        // Low extension count (real GPUs have 30-50+)
+        const extensions = (gl as WebGLRenderingContext).getSupportedExtensions();
+        if (extensions && extensions.length < 15) {
+          score += 15;
+          signals.push('low-webgl-extensions');
+        }
+
+        // Google Inc. as vendor with SwiftShader is definitive headless
+        if (/google/i.test(vendor) && /swiftshader/i.test(renderer)) {
+          score += 15;
+          signals.push('google-swiftshader');
+        }
+      } else {
+        // Missing debug info extension is suspicious
+        score += 10;
+        signals.push('no-webgl-debug-info');
+      }
+
+      // Check MAX_TEXTURE_SIZE (headless often has low values)
+      const maxTexture = (gl as WebGLRenderingContext).getParameter((gl as WebGLRenderingContext).MAX_TEXTURE_SIZE);
+      if (maxTexture && maxTexture < 4096) {
+        score += 10;
+        signals.push('low-max-texture');
+      }
+    }
+  } catch {
+    // WebGL not available - handled in headless detector
+  }
+
+  // 2. Canvas tamper detection
+  // Real browsers produce deterministic canvas output within a session.
+  // If two identical renders produce different results, the canvas API is being intercepted.
+  try {
+    const canvas1 = document.createElement('canvas');
+    canvas1.width = 200;
+    canvas1.height = 50;
+    const ctx1 = canvas1.getContext('2d');
+    if (ctx1) {
+      const drawOnCanvas = (ctx: CanvasRenderingContext2D) => {
+        ctx.fillStyle = '#f60';
+        ctx.fillRect(10, 1, 62, 20);
+        ctx.fillStyle = '#069';
+        ctx.font = '11pt Arial';
+        ctx.fillText('Agent Radar \ud83d\udd0d', 2, 15);
+        ctx.fillStyle = 'rgba(102, 204, 0, 0.7)';
+        ctx.fillRect(50, 25, 40, 15);
+      };
+
+      drawOnCanvas(ctx1);
+      const data1 = canvas1.toDataURL();
+
+      // Draw again on a fresh canvas
+      const canvas2 = document.createElement('canvas');
+      canvas2.width = 200;
+      canvas2.height = 50;
+      const ctx2 = canvas2.getContext('2d');
+      if (ctx2) {
+        drawOnCanvas(ctx2);
+        const data2 = canvas2.toDataURL();
+
+        if (data1 !== data2) {
+          // Canvas output is non-deterministic — API is being intercepted
+          score += 25;
+          signals.push('canvas-tampered');
+        }
+
+        // Check for blank canvas (no rendering subsystem)
+        const blankCanvas = document.createElement('canvas');
+        blankCanvas.width = 200;
+        blankCanvas.height = 50;
+        if (data1 === blankCanvas.toDataURL()) {
+          score += 20;
+          signals.push('canvas-blank');
+        }
+      }
+    }
+  } catch {
+    score += 10;
+    signals.push('canvas-error');
+  }
+
+  return {
+    detector: 'fingerprint',
+    rawScore: Math.min(score, 100),
+    signals,
+  };
+}

package/src/detect/headless.ts

@@ -0,0 +1,44 @@
+import type { DetectorResult } from './types';
+
+export function detectHeadless(): DetectorResult {
+  let score = 0;
+  const signals: string[] = [];
+
+  if (navigator.webdriver === true) {
+    score += 40;
+    signals.push('webdriver-flag');
+  }
+
+  if (navigator.plugins.length === 0) {
+    score += 20;
+    signals.push('no-plugins');
+  }
+
+  if (!(window as any).chrome && /Chrome/.test(navigator.userAgent)) {
+    score += 15;
+    signals.push('chrome-without-chrome-object');
+  }
+
+  if (window.outerWidth === 0 || window.outerHeight === 0) {
+    score += 15;
+    signals.push('zero-dimensions');
+  }
+
+  try {
+    const canvas = document.createElement('canvas');
+    const gl = canvas.getContext('webgl') || canvas.getContext('experimental-webgl');
+    if (!gl) {
+      score += 10;
+      signals.push('no-webgl');
+    }
+  } catch {
+    score += 10;
+    signals.push('webgl-error');
+  }
+
+  return {
+    detector: 'headless',
+    rawScore: Math.min(score, 100),
+    signals,
+  };
+}