@zaplier/sdk 1.8.0 → 1.8.2

package/dist/index.esm.js

@@ -1,7 +1,7 @@
 /*!
  * Zaplier SDK v1.0.0
  * Advanced privacy-first tracking with fingerprinting and security detection
- * (c) 2025 RabbitTracker Team
+ * (c) 2026 RabbitTracker Team
  * https://zaplier.com
  */
 /**
@@ -10,6 +10,53 @@
  *
  * Provides 128-bit hash output using the x64 variant of MurmurHash3
  */
+/**
+ * Stable JSON stringify — sorts object keys at every level so the resulting
+ * string is identical regardless of engine-specific key ordering.
+ * Based on fast-json-stable-stringify (ThumbmarkJS adaptation).
+ */
+function stableStringify(data) {
+    const seen = [];
+    function stringify(node) {
+        if (node && typeof node.toJSON === "function") {
+            node = node.toJSON();
+        }
+        if (node === undefined)
+            return undefined;
+        if (typeof node === "number")
+            return Number.isFinite(node) ? String(node) : "null";
+        if (typeof node !== "object")
+            return JSON.stringify(node);
+        if (Array.isArray(node)) {
+            let out = "[";
+            for (let i = 0; i < node.length; i++) {
+                if (i)
+                    out += ",";
+                out += stringify(node[i]) ?? "null";
+            }
+            return out + "]";
+        }
+        if (node === null)
+            return "null";
+        if (seen.indexOf(node) !== -1) {
+            throw new TypeError("Converting circular structure to JSON");
+        }
+        const idx = seen.push(node) - 1;
+        const keys = Object.keys(node).sort();
+        let out = "";
+        for (const key of keys) {
+            const val = stringify(node[key]);
+            if (val === undefined)
+                continue;
+            if (out)
+                out += ",";
+            out += JSON.stringify(key) + ":" + val;
+        }
+        seen.splice(idx, 1);
+        return "{" + out + "}";
+    }
+    return stringify(data) ?? "";
+}
 /**
  * Adds two 64-bit numbers
  */
@@ -181,7 +228,7 @@ function hashFingerprint(components, debug = false) {
     // CRITICAL: Do NOT use JSON.stringify(obj, keys) as it filters out nested properties!
     // Use canonicalizeStable instead which handles deep sorting and normalization.
     const canonicalized = canonicalizeStable(components);
-    const canonical = JSON.stringify(canonicalized);
+    const canonical = stableStringify(canonicalized);
     if (debug) {
         console.log("[RabbitTracker] hashFingerprint debug:", {
             originalKeys: Object.keys(components),
@@ -294,7 +341,7 @@ function canonicalizeStable(input) {
  */
 function hashStableCore(coreVector, debug = false) {
     const canonicalized = canonicalizeStable(coreVector);
-    const canonical = JSON.stringify(canonicalized);
+    const canonical = stableStringify(canonicalized);
     if (debug) {
         console.log("[RabbitTracker] hashStableCore debug:", {
             originalKeys: Object.keys(coreVector),
@@ -604,6 +651,14 @@ function getAudioContextCharacteristics() {
             if ('baseLatency' in testContext) {
                 characteristics.baseLatency = testContext.baseLatency;
             }
+            // Channel count mode of AudioBufferSourceNode
+            try {
+                const bufferSource = testContext.createBufferSource();
+                characteristics.channelCountMode = bufferSource.channelCountMode;
+            }
+            catch {
+                characteristics.channelCountMode = 'max';
+            }
             // OfflineAudioContext doesn't have close method - it's automatically disposed after rendering
             if ('close' in testContext && typeof testContext.close === 'function') {
                 testContext.close();
@@ -701,7 +756,8 @@ async function getAudioFingerprint() {
             contextCharacteristics: contextCharacteristics,
             nodeCapabilities: nodeCapabilities,
             audioStackHash: audioStackHash,
-            supportedSampleRates: contextCharacteristics.supportedSampleRates || []
+            supportedSampleRates: contextCharacteristics.supportedSampleRates || [],
+            channelCountMode: contextCharacteristics.channelCountMode || 'max'
         };
         return {
             value: result,
@@ -720,7 +776,8 @@ async function getAudioFingerprint() {
                 contextCharacteristics: {},
                 nodeCapabilities: {},
                 audioStackHash: "error",
-                supportedSampleRates: []
+                supportedSampleRates: [],
+                channelCountMode: 'max'
             },
             duration: performance.now() - startTime,
             error: error instanceof Error ? error.message : "Audio fingerprinting failed",
@@ -1389,6 +1446,28 @@ async function getBrowserFingerprint() {
         if (hardwareInfo.deviceMemory !== undefined) {
             result.deviceMemory = hardwareInfo.deviceMemory;
         }
+        // productSub: "20030107" = Chrome/Safari, "20100101" = Firefox
+        const productSub = navigator.productSub;
+        if (typeof productSub === 'string' && productSub) {
+            result.productSub = productSub;
+        }
+        // ApplePay version — exclusive to Safari + HTTPS + Apple device
+        result.applePayVersion = (() => {
+            try {
+                if (typeof globalThis.ApplePaySession === 'undefined')
+                    return 0;
+                if (typeof globalThis.ApplePaySession.supportsVersion !== 'function')
+                    return 0;
+                for (let v = 15; v >= 1; v--) {
+                    if (globalThis.ApplePaySession.supportsVersion(v))
+                        return v;
+                }
+                return 0;
+            }
+            catch {
+                return 0;
+            }
+        })();
         return {
             value: result,
             duration: endTime - startTime
@@ -1426,6 +1505,56 @@ function isBrowserFingerprintingAvailable() {
     }
 }
 
+/**
+ * Common Pixels Anti-Randomization Utility
+ * Based on ThumbmarkJS commonPixels implementation
+ *
+ * Browsers like Brave and Firefox (private mode) inject per-pixel random noise
+ * into canvas/WebGL reads to prevent fingerprinting. This utility runs the same
+ * render N times and selects the most frequent value per pixel channel, producing
+ * a consensus ImageData that is stable across noise injections.
+ */
+/**
+ * Returns the most frequent value in an array of numbers.
+ */
+function getMostFrequent(arr) {
+    if (arr.length === 0)
+        return 0;
+    const freq = {};
+    for (const n of arr) {
+        freq[n] = (freq[n] ?? 0) + 1;
+    }
+    let best = arr[0];
+    for (const key in freq) {
+        const n = parseInt(key, 10);
+        if (freq[n] > freq[best]) {
+            best = n;
+        }
+    }
+    return best;
+}
+/**
+ * Given N ImageData objects from the same canvas/scene, returns a new ImageData
+ * where each byte is the most frequent value across all renders.
+ * This cancels out per-pixel random noise injected by privacy-hardened browsers.
+ *
+ * @param images - Array of ImageData objects (must all have the same dimensions)
+ * @param width  - Canvas width in pixels
+ * @param height - Canvas height in pixels
+ */
+function getCommonPixels(images, width, height) {
+    const len = images[0].data.length;
+    const finalData = new Uint8ClampedArray(len);
+    for (let i = 0; i < len; i++) {
+        const samples = [];
+        for (const img of images) {
+            samples.push(img.data[i]);
+        }
+        finalData[i] = getMostFrequent(samples);
+    }
+    return new ImageData(finalData, width, height);
+}
+
 /**
  * Canvas Fingerprinting
  * Based on FingerprintJS canvas component with incognito detection
@@ -1725,6 +1854,36 @@ function detectAdvancedInconsistencies(textHash, geometryHash, subPixelData, ctx
         };
     }
 }
+/**
+ * Render a scene function onto a canvas N times and return the consensus ImageData.
+ * Used to cancel out per-pixel noise injected by Brave/Firefox privacy mode.
+ */
+function renderConsensus(width, height, renderFn, runs = 3) {
+    const images = [];
+    for (let i = 0; i < runs; i++) {
+        const c = document.createElement("canvas");
+        c.width = width;
+        c.height = height;
+        const ctx = c.getContext("2d", { willReadFrequently: true });
+        if (!ctx)
+            continue;
+        renderFn(ctx);
+        try {
+            images.push(ctx.getImageData(0, 0, width, height));
+        }
+        catch {
+            // getImageData blocked — skip
+        }
+    }
+    if (images.length === 0)
+        return "consensus-blocked";
+    // Single render — no noise to cancel; hash directly
+    if (images.length === 1) {
+        return hash32(Array.from(images[0].data).join(","));
+    }
+    const consensus = getCommonPixels(images, width, height);
+    return hash32(Array.from(consensus.data).join(","));
+}
 /**
  * Generate enhanced canvas fingerprint with multiple primitives and sub-pixel analysis
  */
@@ -1761,15 +1920,29 @@ async function getCanvasFingerprint() {
         const subPixelAnalysis = analyzeSubPixels(ctx, canvas);
         // ENHANCED: Advanced inconsistency detection
         const inconsistencyAnalysis = detectAdvancedInconsistencies(textHash, geometryHash, subPixelAnalysis, ctx);
-        // Create composite canvas with both text and geometry for additional hash
-        ctx.clearRect(0, 0, canvas.width, canvas.height);
-        // Draw both text and geometry together
-        drawAdvancedText(ctx);
-        ctx.globalCompositeOperation = "multiply";
-        drawAdvancedGeometry(ctx);
-        ctx.globalCompositeOperation = "source-over";
-        const compositeData = canvas.toDataURL("image/png");
-        const compositeHash = hash32(compositeData);
+        // ANTI-RANDOMIZATION: If browser injects canvas noise (Brave/Firefox/Samsung),
+        // run the scene 3× and take the per-pixel consensus to cancel the noise out.
+        const needsConsensus = inconsistencyAnalysis.isInconsistent || isBrave() || isSamsungInternet$1();
+        let compositeHash;
+        if (needsConsensus) {
+            const w = canvas.width;
+            const h = canvas.height;
+            compositeHash = renderConsensus(w, h, (c) => {
+                drawAdvancedText(c);
+                c.globalCompositeOperation = "multiply";
+                drawAdvancedGeometry(c);
+                c.globalCompositeOperation = "source-over";
+            });
+        }
+        else {
+            // Fast path: single composite render
+            ctx.clearRect(0, 0, canvas.width, canvas.height);
+            drawAdvancedText(ctx);
+            ctx.globalCompositeOperation = "multiply";
+            drawAdvancedGeometry(ctx);
+            ctx.globalCompositeOperation = "source-over";
+            compositeHash = hash32(canvas.toDataURL("image/png"));
+        }
         const endTime = performance.now();
         const result = {
             text: textHash,
@@ -1778,7 +1951,7 @@ async function getCanvasFingerprint() {
             isInconsistent: inconsistencyAnalysis.isInconsistent,
             // NEW FIELDS
             subPixelAnalysis, // Sub-pixel characteristics for GPU differentiation
-            compositeHash, // Combined text+geometry hash
+            compositeHash, // Combined text+geometry hash (consensus if noisy browser)
             inconsistencyConfidence: inconsistencyAnalysis.confidence,
             blockingReasons: inconsistencyAnalysis.reasons,
         };
@@ -2662,6 +2835,28 @@ function createProgram(gl, vertexShader, fragmentShader) {
     }
     return program;
 }
+/**
+ * Read pixels from a WebGL context and return them as a fresh ImageData-like array.
+ */
+function readWebGLPixels(gl) {
+    const pixels = new Uint8Array(gl.canvas.width * gl.canvas.height * 4);
+    gl.readPixels(0, 0, gl.canvas.width, gl.canvas.height, gl.RGBA, gl.UNSIGNED_BYTE, pixels);
+    return pixels;
+}
+/**
+ * Hash a Uint8Array of pixel data into a hex string.
+ */
+function hashPixels(pixels) {
+    let hash = 0;
+    for (let i = 0; i < pixels.length; i += 4) {
+        const r = (pixels[i] ?? 0);
+        const g = (pixels[i + 1] ?? 0) * 256;
+        const b = (pixels[i + 2] ?? 0) * 65536;
+        const a = (pixels[i + 3] ?? 0) * 16777216;
+        hash = (hash * 33 + r + g + b + a) >>> 0;
+    }
+    return hash.toString(16);
+}
 /**
  * Render 3D scene to generate GPU-specific hash
  * Based on FingerprintJS methodology for maximum differentiation
@@ -2753,26 +2948,67 @@ function render3DScene(gl) {
         gl.clear(gl.COLOR_BUFFER_BIT);
         // Draw triangles
         gl.drawArrays(gl.TRIANGLES, 0, 6);
-        // Read pixels to generate hash
-        const pixels = new Uint8Array(gl.canvas.width * gl.canvas.height * 4);
-        gl.readPixels(0, 0, gl.canvas.width, gl.canvas.height, gl.RGBA, gl.UNSIGNED_BYTE, pixels);
-        // Generate hash from rendered pixels
-        let hash = 0;
-        for (let i = 0; i < pixels.length; i += 4) {
-            // Combine RGBA values with different weights (with null checks)
-            const r = (pixels[i] ?? 0) * 1;
-            const g = (pixels[i + 1] ?? 0) * 256;
-            const b = (pixels[i + 2] ?? 0) * 65536;
-            const a = (pixels[i + 3] ?? 0) * 16777216;
-            const pixelValue = r + g + b + a;
-            hash = (hash * 33 + pixelValue) >>> 0; // Use unsigned 32-bit arithmetic
+        // ANTI-RANDOMIZATION: If browser injects per-pixel noise (Brave/Samsung),
+        // render 3× on separate canvases and take per-channel consensus before hashing.
+        let renderHash;
+        const needsConsensus = isBrave() || isSamsungInternet$1();
+        if (needsConsensus) {
+            const w = gl.canvas.width;
+            const h = gl.canvas.height;
+            const pixelsArr = [readWebGLPixels(gl)];
+            // Render 2 more times on separate canvases (each needs its own GL resources)
+            for (let run = 0; run < 2; run++) {
+                const c = document.createElement("canvas");
+                c.width = w;
+                c.height = h;
+                const g = c.getContext("webgl");
+                if (!g)
+                    continue;
+                const vSrc = vertexShaderSource;
+                const fSrc = fragmentShaderSource;
+                const vs = createShader(g, g.VERTEX_SHADER, vSrc);
+                const fs = createShader(g, g.FRAGMENT_SHADER, fSrc);
+                if (!vs || !fs)
+                    continue;
+                const prog = createProgram(g, vs, fs);
+                if (!prog)
+                    continue;
+                g.useProgram(prog);
+                const buf = g.createBuffer();
+                g.bindBuffer(g.ARRAY_BUFFER, buf);
+                g.bufferData(g.ARRAY_BUFFER, vertices, g.STATIC_DRAW);
+                const posLoc = g.getAttribLocation(prog, "a_position");
+                const colLoc = g.getAttribLocation(prog, "a_color");
+                const timeLoc = g.getUniformLocation(prog, "u_time");
+                g.enableVertexAttribArray(posLoc);
+                g.enableVertexAttribArray(colLoc);
+                g.vertexAttribPointer(posLoc, 2, g.FLOAT, false, 20, 0);
+                g.vertexAttribPointer(colLoc, 3, g.FLOAT, false, 20, 8);
+                g.uniform1f(timeLoc, 1.23456789);
+                g.enable(g.BLEND);
+                g.blendFunc(g.SRC_ALPHA, g.ONE_MINUS_SRC_ALPHA);
+                g.clearColor(0.1, 0.2, 0.3, 1.0);
+                g.clear(g.COLOR_BUFFER_BIT);
+                g.drawArrays(g.TRIANGLES, 0, 6);
+                pixelsArr.push(readWebGLPixels(g));
+                g.deleteProgram(prog);
+                g.deleteShader(vs);
+                g.deleteShader(fs);
+                g.deleteBuffer(buf);
+            }
+            const images = pixelsArr.map((p) => new ImageData(new Uint8ClampedArray(p), w, h));
+            const consensus = getCommonPixels(images, w, h);
+            renderHash = hashPixels(new Uint8Array(consensus.data));
+        }
+        else {
+            renderHash = hashPixels(readWebGLPixels(gl));
         }
         // Cleanup
         gl.deleteProgram(program);
         gl.deleteShader(vertexShader);
         gl.deleteShader(fragmentShader);
         gl.deleteBuffer(buffer);
-        return hash.toString(16);
+        return renderHash;
     }
     catch (error) {
         // Fallback to basic parameters hash if rendering fails
@@ -3364,6 +3600,30 @@ function getColorScheme() {
         return 'unknown';
     }
 }
+function getScriptingSupport() {
+    try {
+        for (const v of ['enabled', 'initial-only', 'none']) {
+            if (safeMatchMedia(`(scripting: ${v})`)?.matches)
+                return v;
+        }
+        return 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
+function getUpdateFrequency() {
+    try {
+        for (const v of ['fast', 'slow', 'none']) {
+            if (safeMatchMedia(`(update: ${v})`)?.matches)
+                return v;
+        }
+        return 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
 function getAccessibilityFingerprint() {
     // Original properties
     const colorGamut = getColorGamut$1();
@@ -3384,6 +3644,9 @@ function getAccessibilityFingerprint() {
     const anyHover = getAnyHover();
     const anyPointer = getAnyPointer();
     const colorScheme = getColorScheme();
+    // ThumbmarkJS-inspired additions
+    const scripting = getScriptingSupport();
+    const updateFrequency = getUpdateFrequency();
     // Determine if user has accessibility features enabled
     const hasAccessibilityFeatures = Boolean(forcedColors ||
         reducedMotion ||
@@ -3430,6 +3693,9 @@ function getAccessibilityFingerprint() {
         anyHover,
         anyPointer,
         colorScheme,
+        // ThumbmarkJS-inspired additions
+        scripting,
+        updateFrequency,
         // Computed properties
         hasAccessibilityFeatures,
         displayCapabilities,
@@ -3522,6 +3788,8 @@ var accessibility = /*#__PURE__*/Object.freeze({
     getReducedData: getReducedData,
     getReducedMotion: getReducedMotion,
     getReducedTransparency: getReducedTransparency,
+    getScriptingSupport: getScriptingSupport,
+    getUpdateFrequency: getUpdateFrequency,
     isAccessibilityDetectionAvailable: isAccessibilityDetectionAvailable
 });
 
@@ -4809,6 +5077,15 @@ function getEnhancedFontFingerprintHash(fingerprint) {
  * @see https://bugzilla.mozilla.org/show_bug.cgi?id=531915
  */
 const M = Math; // Minification optimization
+// Midpoint-rule numerical integrator — same as ThumbmarkJS
+function integrate(f, a, b, n) {
+    const h = (b - a) / n;
+    let sum = 0;
+    for (let i = 0; i < n; i++) {
+        sum += f(a + (i + 0.5) * h);
+    }
+    return sum * h;
+}
 const fallbackFn = () => 0;
 /**
  * Enhanced math fingerprinting with additional precision tests
@@ -4910,7 +5187,16 @@ function getMathFingerprint$1() {
             float64: testFloat64(),
             bigNumbers: testBigNumbers(),
             smallNumbers: testSmallNumbers(),
-        }
+        },
+        // Large-number edge cases — vary by engine (V8 vs SpiderMonkey vs JavaScriptCore)
+        largeCos: M.cos(1e20),
+        largeSin: M.sin(1e20),
+        largeTan: M.tan(1e20),
+        // Accumulated precision differences over 97 midpoints
+        integratedAsin: integrate(M.asin, -1, 1, 97),
+        integratedCos: integrate(M.cos, 0, M.PI, 97),
+        integratedSin: integrate(M.sin, -M.PI, M.PI, 97),
+        integratedTan: integrate(M.tan, 0, 2 * M.PI, 97),
     };
 }
 /**
@@ -4979,6 +5265,1161 @@ function analyzeMathFingerprint(mathData) {
     };
 }
 
+/**
+ * WebRTC Fingerprinting
+ * Based on ThumbmarkJS WebRTC component
+ *
+ * WebRTC is one of the richest sources of entropy: the SDP offer exposes
+ * codec lists, RTP extensions and ICE candidate type, which vary by browser
+ * version, OS and hardware in a stable, non-randomizable way.
+ */
+/**
+ * Extract codec descriptions from a WebRTC SDP string for a given media type.
+ */
+function parseCodecs(sdp, mediaType) {
+    const match = sdp.match(new RegExp(`m=${mediaType} [^\\s]+ [^\\s]+ ([^\\n\\r]+)`));
+    const descriptors = match ? match[1].split(" ") : [];
+    return descriptors
+        .map((descriptor) => {
+        const matcher = new RegExp(`(rtpmap|fmtp|rtcp-fb):${descriptor} (.+)`, "g");
+        const matches = [...sdp.matchAll(matcher)];
+        if (!matches.length)
+            return null;
+        const desc = {};
+        for (const m of matches) {
+            const type = m[1];
+            const data = m[2];
+            const parts = data.split("/");
+            if (type === "rtpmap") {
+                desc.mimeType = `${mediaType}/${parts[0]}`;
+                desc.clockRate = Number(parts[1]);
+                if (mediaType === "audio")
+                    desc.channels = Number(parts[2]) || 1;
+            }
+            else if (type === "rtcp-fb") {
+                desc.feedbackSupport ??
+                    (desc.feedbackSupport = []);
+                desc.feedbackSupport.push(data);
+            }
+            else if (type === "fmtp") {
+                desc.sdpFmtpLine = data;
+            }
+        }
+        return desc;
+    })
+        .filter(Boolean);
+}
+/**
+ * Collect WebRTC fingerprint by creating an offer and analysing its SDP.
+ * Timeout defaults to 90% of global fingerprint timeout (≈4500 ms).
+ */
+async function getWebRTCFingerprint(timeout = 4500) {
+    const startTime = performance.now();
+    return new Promise((resolve) => {
+        try {
+            const RTC = window.RTCPeerConnection ||
+                window.webkitRTCPeerConnection ||
+                window.mozRTCPeerConnection;
+            if (!RTC) {
+                resolve({
+                    value: {
+                        supported: false,
+                        extensionsHash: "unsupported",
+                        audio: { count: 0, hash: "unsupported" },
+                        video: { count: 0, hash: "unsupported" },
+                        candidateType: null,
+                    },
+                    duration: performance.now() - startTime,
+                });
+                return;
+            }
+            const pc = new RTC({
+                iceCandidatePoolSize: 1,
+                iceServers: [],
+            });
+            pc.createDataChannel("");
+            (async () => {
+                try {
+                    const offer = await pc.createOffer({
+                        offerToReceiveAudio: true,
+                        offerToReceiveVideo: true,
+                    });
+                    await pc.setLocalDescription(offer);
+                    const sdp = offer.sdp ?? "";
+                    // RTP extensions — sorted for stability
+                    const extensions = [
+                        ...new Set((sdp.match(/extmap:\d+ [^\n\r]+/g) ?? []).map((x) => x.replace(/extmap:\d+ /, ""))),
+                    ].sort();
+                    const audioCodecs = parseCodecs(sdp, "audio");
+                    const videoCodecs = parseCodecs(sdp, "video");
+                    const partialResult = {
+                        extensionsHash: hash32(stableStringify(extensions)),
+                        audio: {
+                            count: audioCodecs.length,
+                            hash: hash32(stableStringify(audioCodecs)),
+                        },
+                        video: {
+                            count: videoCodecs.length,
+                            hash: hash32(stableStringify(videoCodecs)),
+                        },
+                    };
+                    // Wait for first ICE candidate (reveals candidateType)
+                    const iceTimeout = Math.floor(timeout * 0.9);
+                    const candidateType = await new Promise((resolveIce) => {
+                        const t = setTimeout(() => {
+                            pc.removeEventListener("icecandidate", onIce);
+                            pc.close();
+                            resolveIce(null);
+                        }, iceTimeout);
+                        const onIce = (evt) => {
+                            if (!evt.candidate?.candidate)
+                                return;
+                            clearTimeout(t);
+                            pc.removeEventListener("icecandidate", onIce);
+                            pc.close();
+                            resolveIce(evt.candidate.type ?? null);
+                        };
+                        pc.addEventListener("icecandidate", onIce);
+                    });
+                    resolve({
+                        value: {
+                            supported: true,
+                            ...partialResult,
+                            candidateType,
+                            timedOut: candidateType === null,
+                        },
+                        duration: performance.now() - startTime,
+                    });
+                }
+                catch (err) {
+                    pc.close();
+                    resolve({
+                        value: {
+                            supported: true,
+                            extensionsHash: "offer-error",
+                            audio: { count: 0, hash: "offer-error" },
+                            video: { count: 0, hash: "offer-error" },
+                            candidateType: null,
+                        },
+                        duration: performance.now() - startTime,
+                        error: err instanceof Error ? err.message : "WebRTC offer failed",
+                    });
+                }
+            })();
+        }
+        catch (err) {
+            resolve({
+                value: {
+                    supported: false,
+                    extensionsHash: "error",
+                    audio: { count: 0, hash: "error" },
+                    video: { count: 0, hash: "error" },
+                    candidateType: null,
+                },
+                duration: performance.now() - startTime,
+                error: err instanceof Error ? err.message : "WebRTC error",
+            });
+        }
+    });
+}
+/**
+ * Check if WebRTC fingerprinting is available in this environment.
+ */
+function isWebRTCAvailable() {
+    try {
+        return !!(window.RTCPeerConnection ||
+            window.webkitRTCPeerConnection ||
+            window.mozRTCPeerConnection);
+    }
+    catch {
+        return false;
+    }
+}
+
+/**
+ * Permissions API Fingerprinting
+ * Based on ThumbmarkJS permissions component
+ *
+ * Permission states (granted / denied / prompt) vary by browser, OS version,
+ * site origin and user profile in a stable way — 25 signals for low cost.
+ * To cancel out race conditions the query is run 3× in parallel and the
+ * most-frequent value per permission is selected.
+ */
+// 25-item list from ThumbmarkJS
+const PERMISSION_KEYS = [
+    "accelerometer",
+    "accessibility",
+    "accessibility-events",
+    "ambient-light-sensor",
+    "background-fetch",
+    "background-sync",
+    "bluetooth",
+    "camera",
+    "clipboard-read",
+    "clipboard-write",
+    "device-info",
+    "display-capture",
+    "geolocation",
+    "gyroscope",
+    "local-fonts",
+    "magnetometer",
+    "microphone",
+    "midi",
+    "nfc",
+    "notifications",
+    "payment-handler",
+    "persistent-storage",
+    "push",
+    "speaker",
+    "storage-access",
+    "top-level-storage-access",
+    "window-management",
+];
+/**
+ * Query all permissions once and return the result map.
+ */
+async function queryPermissionsOnce() {
+    const result = {};
+    await Promise.allSettled(PERMISSION_KEYS.map(async (key) => {
+        try {
+            const status = await navigator.permissions.query({
+                name: key,
+            });
+            result[key] = status.state;
+        }
+        catch {
+            // Unsupported permission — omit
+        }
+    }));
+    return result;
+}
+/**
+ * Return the most-frequent string value across an array.
+ */
+function mostFrequent(values) {
+    if (values.length === 0)
+        return "unknown";
+    const freq = {};
+    for (const v of values)
+        freq[v] = (freq[v] ?? 0) + 1;
+    let best = values[0];
+    for (const k in freq) {
+        if (freq[k] > freq[best])
+            best = k;
+    }
+    return best;
+}
+/**
+ * Collect Permissions fingerprint.
+ * Runs 3 parallel queries and returns the per-permission consensus to
+ * eliminate any transient state fluctuations.
+ */
+async function getPermissionsFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!navigator?.permissions?.query) {
+            return {
+                value: {},
+                duration: performance.now() - startTime,
+                error: "Permissions API not available",
+            };
+        }
+        // Run 3 times in parallel for consensus
+        const runs = await Promise.all([
+            queryPermissionsOnce(),
+            queryPermissionsOnce(),
+            queryPermissionsOnce(),
+        ]);
+        // Merge: pick most frequent value per key
+        const merged = {};
+        for (const key of PERMISSION_KEYS) {
+            const values = runs
+                .map((r) => r[key])
+                .filter((v) => v !== undefined);
+            if (values.length > 0) {
+                merged[key] = mostFrequent(values);
+            }
+        }
+        return {
+            value: merged,
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: {},
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "Permissions fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if Permissions API fingerprinting is available.
+ */
+function isPermissionsAvailable() {
+    try {
+        return (typeof navigator !== "undefined" &&
+            typeof navigator.permissions?.query === "function");
+    }
+    catch {
+        return false;
+    }
+}
+
+/**
+ * Speech Synthesis Fingerprinting
+ * Based on ThumbmarkJS speech component
+ *
+ * The list of system voices (Speech Synthesis API) is stable per OS/version/locale
+ * and provides extra entropy at zero user-visible cost.
+ * Voices may load asynchronously, so we listen for `voiceschanged` with an 800 ms fallback.
+ */
+const VOICE_LOAD_TIMEOUT_MS = 800;
+/**
+ * Escape commas and backslashes inside a voice property string.
+ */
+function escapeValue(v) {
+    return v.replace(/\\/g, "\\\\").replace(/,/g, "\\,");
+}
+/**
+ * Build a canonical sorted signature array from a list of voices.
+ */
+function buildSignatures(voices) {
+    return voices
+        .map((v) => [
+        escapeValue(v.voiceURI ?? ""),
+        escapeValue(v.name ?? ""),
+        escapeValue(v.lang ?? ""),
+        v.localService ? "1" : "0",
+        v.default ? "1" : "0",
+    ].join(","))
+        .sort();
+}
+/**
+ * Collect Speech Synthesis fingerprint.
+ * Experimental: not included in `stableCoreHash` by default.
+ */
+async function getSpeechFingerprint() {
+    const startTime = performance.now();
+    return new Promise((resolve) => {
+        try {
+            if (typeof window === "undefined" ||
+                !window.speechSynthesis ||
+                typeof window.speechSynthesis.getVoices !== "function") {
+                resolve({
+                    value: { supported: false, voiceCount: 0, voicesHash: "unsupported" },
+                    duration: performance.now() - startTime,
+                    error: "Speech Synthesis API not supported",
+                });
+                return;
+            }
+            let resolved = false;
+            let timeoutHandle = null;
+            const processVoices = (voices) => {
+                if (resolved)
+                    return;
+                resolved = true;
+                if (timeoutHandle)
+                    clearTimeout(timeoutHandle);
+                try {
+                    const signatures = buildSignatures(voices);
+                    resolve({
+                        value: {
+                            supported: true,
+                            voiceCount: voices.length,
+                            voicesHash: hash32(stableStringify(signatures)),
+                        },
+                        duration: performance.now() - startTime,
+                    });
+                }
+                catch (err) {
+                    resolve({
+                        value: { supported: true, voiceCount: 0, voicesHash: "error" },
+                        duration: performance.now() - startTime,
+                        error: err instanceof Error ? err.message : "Voice processing failed",
+                    });
+                }
+            };
+            // Immediate attempt (works in Chrome)
+            const voices = window.speechSynthesis.getVoices();
+            if (voices.length > 0) {
+                processVoices(voices);
+                return;
+            }
+            // Fallback timeout (Firefox/Safari load voices asynchronously)
+            timeoutHandle = setTimeout(() => {
+                processVoices(window.speechSynthesis.getVoices());
+            }, VOICE_LOAD_TIMEOUT_MS);
+            // voiceschanged event (most browsers fire this when voices are ready)
+            const onChanged = () => {
+                window.speechSynthesis.removeEventListener("voiceschanged", onChanged);
+                processVoices(window.speechSynthesis.getVoices());
+            };
+            window.speechSynthesis.addEventListener("voiceschanged", onChanged);
+        }
+        catch (err) {
+            resolve({
+                value: { supported: false, voiceCount: 0, voicesHash: "error" },
+                duration: performance.now() - startTime,
+                error: err instanceof Error ? err.message : "Speech synthesis error",
+            });
+        }
+    });
+}
+/**
+ * Check if Speech Synthesis fingerprinting is available.
+ */
+function isSpeechAvailable() {
+    try {
+        return (typeof window !== "undefined" &&
+            typeof window.speechSynthesis?.getVoices === "function");
+    }
+    catch {
+        return false;
+    }
+}
+
+/**
+ * Stabilization Rules for Fingerprint Components
+ * Based on ThumbmarkJS stabilizationExclusionRules
+ *
+ * Certain components produce noisy / randomized output in specific browser
+ * contexts (private mode, iframes, always-noisy browsers). This module defines
+ * which components to exclude per context to maximize hash stability.
+ */
+/** Port of ThumbmarkJS stabilizationExclusionRules. */
+const stabilizationRules = {
+    private: [
+        { exclude: ["canvas"], browsers: ["firefox", "safari", "brave"] },
+        { exclude: ["audio"], browsers: ["safari", "samsung"] },
+        { exclude: ["fonts"], browsers: ["firefox"] },
+        {
+            exclude: ["hardware", "pluginsEnhanced"],
+            browsers: ["brave"],
+        },
+    ],
+    iframe: [
+        { exclude: ["system"], browsers: ["safari"] },
+        { exclude: ["permissions"] }, // All browsers
+    ],
+    always: [
+        { exclude: ["speech"], browsers: ["brave", "firefox"] },
+    ],
+};
+/**
+ * Detect the current browser name for rule matching.
+ */
+function getCurrentBrowser() {
+    try {
+        if (isBrave())
+            return "brave";
+        if (isFirefox())
+            return "firefox";
+        if (isSafari())
+            return "safari";
+        if (isSamsungInternet$1())
+            return "samsung";
+        // Edge / Chrome fall through as "other" — rules that target them can be added later
+        return "other";
+    }
+    catch {
+        return "other";
+    }
+}
+/**
+ * Detect whether the page is running inside an iframe.
+ */
+function isInIframe() {
+    try {
+        return window !== window.top;
+    }
+    catch {
+        return true; // Cross-origin frame access throws — treat as iframe
+    }
+}
+/**
+ * Given the incognito likelihood (0-1) from `incognitoDetection`, decide
+ * whether to treat the session as private mode.
+ */
+function isLikelyPrivate(incognitoLikelihood) {
+    // Threshold: probability ≥ 0.6 → apply private-mode exclusions
+    return (incognitoLikelihood ?? 0) >= 0.6;
+}
+/**
+ * Returns the set of component keys that should be nulled out / excluded from
+ * hashing given the current context.
+ *
+ * @param incognitoLikelihood - Output of incognito detection (0-1). Pass 0 if unavailable.
+ */
+function getExcludedComponents(incognitoLikelihood) {
+    const browser = getCurrentBrowser();
+    const excluded = new Set();
+    const applyRules = (rules) => {
+        for (const rule of rules) {
+            if (!rule.browsers ||
+                rule.browsers.includes(browser)) {
+                for (const key of rule.exclude) {
+                    excluded.add(key);
+                }
+            }
+        }
+    };
+    // Always-active exclusions
+    applyRules(stabilizationRules.always);
+    // Iframe exclusions
+    if (isInIframe()) {
+        applyRules(stabilizationRules.iframe);
+    }
+    // Private-mode exclusions
+    if (isLikelyPrivate(incognitoLikelihood)) {
+        applyRules(stabilizationRules.private);
+    }
+    return excluded;
+}
+
+/**
+ * CSS @supports Feature Vector Fingerprinting
+ *
+ * Tests ~40 modern CSS features via CSS.supports() to produce a stable
+ * boolean vector (~50 bits of entropy). Síncrono, zero custo, estável por
+ * versão de browser. Different browsers differ on ~10-15 features, making
+ * this a strong discriminator for browser family + version.
+ */
+/**
+ * CSS features to test — [key, CSS declaration or condition string]
+ * For selector() and condition-text forms we use the single-argument overload.
+ * For @layer we pass the conditionText form directly.
+ */
+const CSS_FEATURES = [
+    // Layout moderno
+    ["aspect-ratio", "aspect-ratio: 1"],
+    ["container-type", "container-type: inline-size"],
+    ["content-visibility", "content-visibility: auto"],
+    ["field-sizing", "field-sizing: content"],
+    // CSS Grid avançado
+    ["subgrid", "grid-template-columns: subgrid"],
+    ["masonry", "grid-template-rows: masonry"],
+    // Seletores
+    ["has-selector", "selector(:has(*))"],
+    ["is-selector", "selector(:is(*))"],
+    ["where-selector", "selector(:where(*))"],
+    ["focus-visible", "selector(:focus-visible)"],
+    // Cores modernas
+    ["color-mix", "color: color-mix(in srgb, red, blue)"],
+    ["oklch", "color: oklch(0.5 0.2 200)"],
+    ["relative-color", "color: hsl(from red h s l)"],
+    // Visual
+    ["backdrop-filter", "backdrop-filter: blur(10px)"],
+    ["text-wrap-balance", "text-wrap: balance"],
+    ["text-wrap-pretty", "text-wrap: pretty"],
+    ["overscroll-behavior", "overscroll-behavior: none"],
+    ["scroll-behavior", "scroll-behavior: smooth"],
+    // View transitions
+    ["view-transition", "view-transition-name: auto"],
+    // Animações modernas
+    ["animation-timeline", "animation-timeline: scroll()"],
+    ["animation-range", "animation-range: 10% 90%"],
+    // Scroll-driven
+    ["scroll-timeline", "scroll-timeline: --t block"],
+    // Tipografia
+    ["font-variant-numeric", "font-variant-numeric: oldstyle-nums"],
+    ["hyphenate-character", "hyphenate-character: auto"],
+    ["text-decoration-skip-ink", "text-decoration-skip-ink: auto"],
+    ["hanging-punctuation", "hanging-punctuation: first"],
+    // Transforms
+    ["individual-transform", "translate: 10px"],
+    ["rotate-property", "rotate: 45deg"],
+    // Logical properties
+    ["margin-inline", "margin-inline: auto"],
+    ["inset", "inset: 0"],
+    // Containment
+    ["contain", "contain: layout"],
+    ["contain-intrinsic-size", "contain-intrinsic-size: auto"],
+    // Cascade
+    ["cascade-layers", "@layer"],
+    ["revert-layer", "color: revert-layer"],
+    // Scrollbar
+    ["scrollbar-width", "scrollbar-width: thin"],
+    ["scrollbar-color", "scrollbar-color: red blue"],
+    // Vendor webkit
+    ["webkit-text-stroke", "-webkit-text-stroke: 1px black"],
+    ["webkit-line-clamp", "-webkit-line-clamp: 2"],
+    // Nesting CSS
+    ["css-nesting", "selector(& .child)"],
+    // Forced colors
+    ["forced-colors", "(forced-colors: active)"],
+];
+/**
+ * Test a single CSS feature via CSS.supports().
+ * Returns false on any exception (API absent or invalid syntax).
+ */
+function testFeature(declaration) {
+    try {
+        // selector(...) and condition-text forms use the single-arg overload
+        if (declaration.startsWith("selector(") ||
+            declaration.startsWith("(") ||
+            declaration.startsWith("@")) {
+            return CSS.supports(declaration);
+        }
+        return CSS.supports(declaration);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Produce a simple hex hash from the boolean feature vector.
+ * Uses the feature keys + their boolean values for determinism.
+ */
+function hashFeatures(features) {
+    const str = stableStringify(features);
+    let h = 0x811c9dc5;
+    for (let i = 0; i < str.length; i++) {
+        h ^= str.charCodeAt(i);
+        h = (Math.imul(h, 0x01000193) | 0) >>> 0;
+    }
+    return h.toString(16).padStart(8, "0");
+}
+/**
+ * Collect CSS @supports feature vector fingerprint.
+ */
+function getCSSFeaturesFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!isCSSFeaturesAvailable()) {
+            return {
+                value: { features: {}, supportedCount: 0, hash: "" },
+                duration: performance.now() - startTime,
+                error: "CSS.supports not available",
+            };
+        }
+        const features = {};
+        for (const [key, declaration] of CSS_FEATURES) {
+            features[key] = testFeature(declaration);
+        }
+        const supportedCount = Object.values(features).filter(Boolean).length;
+        const hash = hashFeatures(features);
+        return {
+            value: { features, supportedCount, hash },
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: { features: {}, supportedCount: 0, hash: "" },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "CSS features fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if CSS @supports fingerprinting is available.
+ */
+function isCSSFeaturesAvailable() {
+    try {
+        return (typeof CSS !== "undefined" && typeof CSS.supports === "function");
+    }
+    catch {
+        return false;
+    }
+}
+
+/**
+ * Media Codec Support Matrix Fingerprinting
+ *
+ * Tests video/audio codec support via HTMLMediaElement.canPlayType() and
+ * MediaRecorder.isTypeSupported(). ~20 bits of entropy, stable per OS +
+ * hardware (hardware decoders vary), synchronous, zero cost.
+ */
+// canPlayType — vídeo
+const VIDEO_TYPES = [
+    'video/mp4; codecs="avc1.42E01E"', // H.264 Baseline
+    'video/mp4; codecs="avc1.4D001E"', // H.264 Main
+    'video/mp4; codecs="hev1.1.6.L93.B0"', // H.265/HEVC
+    'video/mp4; codecs="vp09.00.10.08"', // VP9 in MP4
+    'video/mp4; codecs="av01.0.01M.08"', // AV1 in MP4
+    'video/webm; codecs="vp8"',
+    'video/webm; codecs="vp9"',
+    'video/webm; codecs="av01.0.01M.08"', // AV1 in WebM
+    'video/ogg; codecs="theora"',
+];
+// canPlayType — áudio
+const AUDIO_TYPES = [
+    'audio/mp4; codecs="mp4a.40.2"', // AAC-LC
+    'audio/mp4; codecs="mp4a.40.5"', // HE-AAC
+    'audio/mpeg', // MP3
+    'audio/ogg; codecs="vorbis"',
+    'audio/ogg; codecs="opus"',
+    'audio/webm; codecs="opus"',
+    'audio/wav; codecs="1"', // PCM
+    'audio/flac',
+    'audio/aac',
+];
+// MediaRecorder.isTypeSupported
+const RECORDER_TYPES = [
+    'video/webm; codecs="vp8"',
+    'video/webm; codecs="vp9"',
+    'video/webm; codecs="av1"',
+    'video/webm; codecs="vp9,opus"',
+    'audio/webm; codecs="opus"',
+    'audio/ogg; codecs="opus"',
+    'video/mp4; codecs="avc1"',
+];
+/**
+ * Produce a simple FNV-1a hex hash from the codec matrix.
+ */
+function hashCodecs(video, audio, recorder) {
+    const str = stableStringify({ video, audio, recorder });
+    let h = 0x811c9dc5;
+    for (let i = 0; i < str.length; i++) {
+        h ^= str.charCodeAt(i);
+        h = (Math.imul(h, 0x01000193) | 0) >>> 0;
+    }
+    return h.toString(16).padStart(8, "0");
+}
+/**
+ * Collect media codec support fingerprint.
+ */
+function getMediaCodecsFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!isMediaCodecsAvailable()) {
+            return {
+                value: { video: {}, audio: {}, recorder: {}, hash: "" },
+                duration: performance.now() - startTime,
+                error: "document not available",
+            };
+        }
+        // Test video codecs
+        const videoEl = document.createElement("video");
+        const video = {};
+        for (const mime of VIDEO_TYPES) {
+            try {
+                video[mime] = videoEl.canPlayType(mime);
+            }
+            catch {
+                video[mime] = "";
+            }
+        }
+        // Test audio codecs
+        const audioEl = document.createElement("audio");
+        const audio = {};
+        for (const mime of AUDIO_TYPES) {
+            try {
+                audio[mime] = audioEl.canPlayType(mime);
+            }
+            catch {
+                audio[mime] = "";
+            }
+        }
+        // Test MediaRecorder support
+        const recorder = {};
+        const hasRecorder = typeof MediaRecorder !== "undefined" &&
+            typeof MediaRecorder.isTypeSupported === "function";
+        for (const mime of RECORDER_TYPES) {
+            try {
+                recorder[mime] = hasRecorder ? MediaRecorder.isTypeSupported(mime) : false;
+            }
+            catch {
+                recorder[mime] = false;
+            }
+        }
+        const hash = hashCodecs(video, audio, recorder);
+        return {
+            value: { video, audio, recorder, hash },
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: { video: {}, audio: {}, recorder: {}, hash: "" },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "Media codecs fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if media codec fingerprinting is available.
+ */
+function isMediaCodecsAvailable() {
+    try {
+        return typeof document !== "undefined";
+    }
+    catch {
+        return false;
+    }
+}
+
+/**
+ * WebAssembly Feature Detection Fingerprinting
+ *
+ * Detects ~6–8 WebAssembly proposal flags via WebAssembly.validate() (sync,
+ * does not execute the module). Stable per engine version. ~6 bits of entropy.
+ */
+// ─── Minimal WASM modules for feature detection ────────────────────────────
+// Each is the smallest valid module that uses the target feature/opcode.
+// WebAssembly.validate() returns false (instead of throwing) if invalid,
+// so any exception = feature not supported.
+// SIMD: v128.const opcode (0xFD 0x0F)
+// Module: one function returning v128 constant (all zeros)
+const SIMD_BYTES = new Uint8Array([
+    0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // magic + version
+    0x01, 0x05, 0x01, 0x60, 0x00, 0x01, 0x7b, // type section: () -> v128
+    0x03, 0x02, 0x01, 0x00, // function section
+    0x0a, 0x0a, 0x01, 0x08, 0x00, // code section
+    0xfd, 0x0f, // v128.const
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 16 bytes of immediate
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0b, // end
+]);
+// Bulk memory: memory.copy (0xFC 0x0A)
+// Module: one function calling memory.copy(0, 0, n)
+const BULK_MEMORY_BYTES = new Uint8Array([
+    0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // magic + version
+    0x01, 0x04, 0x01, 0x60, 0x00, 0x00, // type: () -> ()
+    0x03, 0x02, 0x01, 0x00, // function section
+    0x05, 0x03, 0x01, 0x00, 0x00, // memory section (1 page min 0)
+    0x0a, 0x0c, 0x01, 0x0a, 0x00, // code section
+    0x41, 0x00, // i32.const 0
+    0x41, 0x00, // i32.const 0
+    0x41, 0x00, // i32.const 0
+    0xfc, 0x0a, 0x00, 0x00, // memory.copy mem_idx=0 mem_idx=0
+    0x0b, // end
+]);
+// Exception handling: tag section (section id 0x0d)
+// Module: just a tag section — engines without exception handling won't parse 0x0d
+const EXCEPTIONS_BYTES = new Uint8Array([
+    0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // magic + version
+    0x01, 0x04, 0x01, 0x60, 0x00, 0x00, // type section: () -> ()
+    0x0d, 0x03, 0x01, 0x00, 0x00, // tag section: 1 tag of type 0
+]);
+// GC: rec type section (0x4E inside type section) — very new, Chrome 119+, FF 120+
+// Module: minimal module with an empty rec group
+const GC_BYTES = new Uint8Array([
+    0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // magic + version
+    0x01, 0x03, // type section, 3 bytes body
+    0x01, // 1 entry
+    0x4e, 0x00, // rec, 0 types in group
+]);
+/**
+ * Safe wrapper around WebAssembly.validate — returns false on any exception.
+ */
+function validate(bytes) {
+    try {
+        return WebAssembly.validate(bytes);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Collect WebAssembly feature flags.
+ */
+function getWasmFeaturesFingerprint() {
+    const startTime = performance.now();
+    try {
+        const basic = typeof WebAssembly !== "undefined";
+        if (!basic) {
+            const value = {
+                basic: false,
+                validate: false,
+                compile: false,
+                simd: false,
+                threads: false,
+                bulkMemory: false,
+                exceptions: false,
+                gc: false,
+            };
+            return { value, duration: performance.now() - startTime };
+        }
+        const validateAvailable = typeof WebAssembly.validate === "function";
+        const value = {
+            basic: true,
+            validate: validateAvailable,
+            compile: typeof WebAssembly.compile === "function",
+            simd: validateAvailable ? validate(SIMD_BYTES) : false,
+            threads: typeof SharedArrayBuffer !== "undefined",
+            bulkMemory: validateAvailable ? validate(BULK_MEMORY_BYTES) : false,
+            exceptions: validateAvailable ? validate(EXCEPTIONS_BYTES) : false,
+            gc: validateAvailable ? validate(GC_BYTES) : false,
+        };
+        return { value, duration: performance.now() - startTime };
+    }
+    catch (err) {
+        return {
+            value: {
+                basic: false,
+                validate: false,
+                compile: false,
+                simd: false,
+                threads: false,
+                bulkMemory: false,
+                exceptions: false,
+                gc: false,
+            },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "Wasm features fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if WebAssembly feature detection is available.
+ */
+function isWasmAvailable() {
+    try {
+        return (typeof WebAssembly !== "undefined" &&
+            typeof WebAssembly.validate === "function");
+    }
+    catch {
+        return false;
+    }
+}
+
+/**
+ * MathML Rendering Fingerprint
+ *
+ * Measures bounding box dimensions of rendered MathML structures to extract
+ * font-metric entropy (~15 bits). Varies by OS (macOS vs Windows vs Linux),
+ * browser engine (Gecko vs WebKit vs Blink), and system font version.
+ *
+ * Approach: inject hidden <math> elements into document.body, measure, remove.
+ * No iframe needed — simpler than ThumbmarkJS approach.
+ */
+// Blackboard bold symbols × Greek sub/superscript pairs — from ThumbmarkJS
+const BB_SYMBOLS = ['𝔸', '𝔹', 'ℂ', '𝔻', '𝔼', '𝔽', '𝔾', 'ℍ', '𝕀', '𝕁', '𝕂', '𝕃'];
+const GREEK_PAIRS = [
+    ['β', 'ψ'], ['λ', 'ε'], ['ζ', 'α'], ['ξ', 'μ'], ['ρ', 'φ'], ['κ', 'τ'],
+    ['η', 'σ'], ['ι', 'ω'], ['γ', 'ν'], ['χ', 'δ'], ['θ', 'π'], ['υ', 'ο'],
+];
+// Complex structure 4: ∏ munderover wrapping all 12 BB×Greek mmultiscripts
+const _bbMrow = BB_SYMBOLS.map((b, i) => {
+    const [g1, g2] = GREEK_PAIRS[i];
+    return `<mmultiscripts><mi>${b}</mi><mi>${g1}</mi><mi>${g2}</mi></mmultiscripts>`;
+}).join('');
+// MathML structures to render — 16 total, inspired by ThumbmarkJS
+const MATHML_STRUCTURES = [
+    // 1. Integral with fraction
+    `<math><msubsup><mo>∫</mo><mi>a</mi><mi>b</mi></msubsup><mfrac><mrow><mi>f</mi><mo>(</mo><mi>x</mi><mo>)</mo></mrow><mrow><mi>d</mi><mi>x</mi></mrow></mfrac></math>`,
+    // 2. Fraction with pi and r squared
+    `<math><mfrac><mrow><mi>π</mi><mo>×</mo><msup><mi>r</mi><mn>2</mn></msup></mrow><mrow><mn>4</mn></mrow></mfrac></math>`,
+    // 3. Matrix with Greek letters
+    `<math><mo>[</mo><mtable><mtr><mtd><mi>α</mi></mtd><mtd><mi>β</mi></mtd></mtr><mtr><mtd><mi>γ</mi></mtd><mtd><mi>δ</mi></mtd></mtr></mtable><mo>]</mo></math>`,
+    // 4. ∏ munderover with 12 blackboard bold × Greek mmultiscripts (replaces simple ∑)
+    `<math><munderover><mo>∏</mo><mrow><mi>i</mi><mo>=</mo><mn>1</mn></mrow><mi>n</mi></munderover><mrow>${_bbMrow}</mrow></math>`,
+    // 5–16. Individual blackboard bold symbol with Greek sub/superscript (one per symbol)
+    ...BB_SYMBOLS.map((b, i) => {
+        const [g1, g2] = GREEK_PAIRS[i];
+        return `<math><mmultiscripts><mi>${b}</mi><mi>${g1}</mi><mi>${g2}</mi></mmultiscripts></math>`;
+    }),
+];
+// Font style properties to capture from the root <math> element
+const FONT_STYLE_PROPS = [
+    "fontFamily",
+    "fontSize",
+    "fontWeight",
+    "fontStyle",
+    "lineHeight",
+    "fontVariant",
+    "fontStretch",
+    "fontKerning",
+    "fontFeatureSettings",
+    "fontVariantNumeric",
+];
+/**
+ * FNV-1a hash over a JSON string.
+ */
+function fnv1a(str) {
+    let h = 0x811c9dc5;
+    for (let i = 0; i < str.length; i++) {
+        h ^= str.charCodeAt(i);
+        h = (Math.imul(h, 0x01000193) | 0) >>> 0;
+    }
+    return h.toString(16).padStart(8, "0");
+}
+/**
+ * Check if the browser renders MathML natively by measuring a trivial element.
+ */
+function isMathMLRendered() {
+    try {
+        const container = document.createElement("div");
+        container.style.cssText = "position:absolute;visibility:hidden;top:-9999px;left:-9999px";
+        container.innerHTML = "<math><mrow><mi>x</mi></mrow></math>";
+        document.body.appendChild(container);
+        const math = container.querySelector("math");
+        const rect = math?.getBoundingClientRect();
+        document.body.removeChild(container);
+        return !!(rect && rect.width > 0 && rect.height > 0);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Render a MathML string in a hidden container, measure dimensions, then remove.
+ */
+function measureMathML(mathHtml) {
+    const container = document.createElement("div");
+    container.style.cssText =
+        "position:absolute;visibility:hidden;top:-9999px;left:-9999px;font-size:16px";
+    container.innerHTML = mathHtml;
+    document.body.appendChild(container);
+    const math = container.querySelector("math");
+    const rect = math?.getBoundingClientRect() ?? { width: 0, height: 0 };
+    document.body.removeChild(container);
+    return {
+        width: Math.round(rect.width * 100) / 100,
+        height: Math.round(rect.height * 100) / 100,
+    };
+}
+/**
+ * Capture computedStyle font properties of the <math> element.
+ */
+function captureFontStyle() {
+    const container = document.createElement("div");
+    container.style.cssText =
+        "position:absolute;visibility:hidden;top:-9999px;left:-9999px;font-size:16px";
+    container.innerHTML = "<math><mi>x</mi></math>";
+    document.body.appendChild(container);
+    const math = container.querySelector("math");
+    const style = math ? window.getComputedStyle(math) : null;
+    const result = {};
+    for (const prop of FONT_STYLE_PROPS) {
+        result[prop] = style ? style[prop] ?? "" : "";
+    }
+    document.body.removeChild(container);
+    return result;
+}
+/**
+ * Collect MathML rendering fingerprint.
+ * Returns `supported: false` (without error) in browsers that don't render MathML.
+ */
+async function getMathMLFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!isMathMLAvailable()) {
+            return {
+                value: { supported: false, dimensionsHash: "", fontStyleHash: "" },
+                duration: performance.now() - startTime,
+                error: "document not available",
+            };
+        }
+        if (!isMathMLRendered()) {
+            return {
+                value: { supported: false, dimensionsHash: "", fontStyleHash: "" },
+                duration: performance.now() - startTime,
+            };
+        }
+        // Measure all structures
+        const dimensions = MATHML_STRUCTURES.map((html) => measureMathML(html));
+        const dimensionsHash = fnv1a(stableStringify(dimensions));
+        // Capture font style info
+        const fontStyle = captureFontStyle();
+        const fontStyleHash = fnv1a(stableStringify(fontStyle));
+        return {
+            value: { supported: true, dimensionsHash, fontStyleHash },
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: { supported: false, dimensionsHash: "", fontStyleHash: "" },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "MathML fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if MathML fingerprinting is available (requires DOM).
+ */
+function isMathMLAvailable() {
+    try {
+        return (typeof document !== "undefined" &&
+            typeof document.createElement === "function" &&
+            typeof document.body !== "undefined" &&
+            document.body !== null);
+    }
+    catch {
+        return false;
+    }
+}
+
+/**
+ * User-Agent Client Hints Fingerprinting
+ *
+ * Uses navigator.userAgentData.getHighEntropyValues() to obtain precise
+ * platform details (~30 bits in Chromium). Gracefully degrades to
+ * `available: false` in Firefox and Safari which don't expose the API.
+ *
+ * Note: platformVersion can change with OS/browser updates — this component
+ * contributes to fingerprintHash but NOT to stableCoreHash (see orchestrator).
+ */
+/**
+ * Collect User-Agent Client Hints.
+ */
+async function getClientHintsFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!isClientHintsAvailable()) {
+            return {
+                value: { available: false },
+                duration: performance.now() - startTime,
+            };
+        }
+        const uaData = navigator.userAgentData;
+        const highEntropy = await uaData.getHighEntropyValues([
+            "architecture",
+            "bitness",
+            "fullVersionList",
+            "mobile",
+            "model",
+            "platformVersion",
+            "formFactor",
+            "uaFullVersion",
+        ]);
+        // Normalize fullVersionList → brands
+        const brands = highEntropy.fullVersionList?.map((b) => ({
+            brand: b.brand ?? "",
+            version: b.version ?? "",
+        }));
+        return {
+            value: {
+                available: true,
+                brands,
+                mobile: highEntropy.mobile,
+                platform: uaData.platform,
+                platformVersion: highEntropy.platformVersion,
+                architecture: highEntropy.architecture,
+                bitness: highEntropy.bitness,
+                model: highEntropy.model,
+                uaFullVersion: highEntropy.uaFullVersion,
+                formFactor: highEntropy.formFactor,
+            },
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: { available: false },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "Client Hints fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if User-Agent Client Hints API is available (Chromium-based browsers).
+ */
+function isClientHintsAvailable() {
+    try {
+        return (typeof navigator !== "undefined" &&
+            "userAgentData" in navigator &&
+            typeof navigator.userAgentData?.getHighEntropyValues ===
+                "function");
+    }
+    catch {
+        return false;
+    }
+}
+
 /**
  * Fingerprint Orchestrator
  * Main fingerprinting engine that coordinates all components
@@ -5020,16 +6461,24 @@ function shouldIncludeComponent(component, options) {
             return false;
         }
     }
-    // New FingerprintJS components are enabled by default in non-GDPR mode
-    const fingerprintJSComponents = [
+    // New FingerprintJS / ThumbmarkJS components are enabled by default
+    const extendedComponents = [
         "mathFingerprint",
         "dateTimeLocale",
         "accessibilityEnhanced",
         "fontPreferences",
         "enhancedFonts",
+        "webrtc",
+        "permissions",
+        "speech",
+        // High-entropy new components
+        "cssFeatures",
+        "mediaCodecs",
+        "wasmFeatures",
+        "mathml",
+        "clientHints",
     ];
-    // Always allow FingerprintJS components unless specifically excluded
-    if (fingerprintJSComponents.includes(component)) {
+    if (extendedComponents.includes(component)) {
         return true;
     }
     return true;
@@ -5179,6 +6628,46 @@ async function collectFingerprint(options = {}) {
             result,
         })));
     }
+    // WebRTC Fingerprint (ThumbmarkJS-inspired)
+    if (shouldIncludeComponent("webrtc", opts) && isWebRTCAvailable()) {
+        parallelTasks.push(collectComponent("webrtc", () => getWebRTCFingerprint(opts.timeout), opts).then((result) => ({ component: "webrtc", result })));
+    }
+    // Permissions Fingerprint (ThumbmarkJS-inspired)
+    if (shouldIncludeComponent("permissions", opts) && isPermissionsAvailable()) {
+        parallelTasks.push(collectComponent("permissions", getPermissionsFingerprint, opts).then((result) => ({ component: "permissions", result })));
+    }
+    // Speech Synthesis Fingerprint (ThumbmarkJS-inspired, experimental)
+    if (!opts.gdprMode && shouldIncludeComponent("speech", opts) && isSpeechAvailable()) {
+        parallelTasks.push(collectComponent("speech", getSpeechFingerprint, opts).then((result) => ({
+            component: "speech",
+            result,
+        })));
+    }
+    // CSS @supports Feature Vector (high entropy, synchronous)
+    if (shouldIncludeComponent("cssFeatures", opts) && isCSSFeaturesAvailable()) {
+        parallelTasks.push(collectComponent("cssFeatures", async () => getCSSFeaturesFingerprint(), opts).then((result) => ({ component: "cssFeatures", result })));
+    }
+    // Media Codec Support Matrix (synchronous, OS+hardware signal)
+    if (shouldIncludeComponent("mediaCodecs", opts) && isMediaCodecsAvailable()) {
+        parallelTasks.push(collectComponent("mediaCodecs", async () => getMediaCodecsFingerprint(), opts).then((result) => ({ component: "mediaCodecs", result })));
+    }
+    // WebAssembly Feature Flags (synchronous, engine signal)
+    if (shouldIncludeComponent("wasmFeatures", opts) && isWasmAvailable()) {
+        parallelTasks.push(collectComponent("wasmFeatures", async () => getWasmFeaturesFingerprint(), opts).then((result) => ({ component: "wasmFeatures", result })));
+    }
+    // MathML Rendering Fingerprint (async DOM, font-metric signal)
+    if (shouldIncludeComponent("mathml", opts) && isMathMLAvailable()) {
+        parallelTasks.push(collectComponent("mathml", getMathMLFingerprint, opts).then((result) => ({
+            component: "mathml",
+            result,
+        })));
+    }
+    // Client Hints API (async, Chromium-only, precise platform data)
+    if (!opts.gdprMode &&
+        shouldIncludeComponent("clientHints", opts) &&
+        isClientHintsAvailable()) {
+        parallelTasks.push(collectComponent("clientHints", getClientHintsFingerprint, opts).then((result) => ({ component: "clientHints", result })));
+    }
     // Execute all parallel tasks and handle results
     const parallelResults = await Promise.allSettled(parallelTasks);
     parallelResults.forEach((promiseResult, index) => {
@@ -5559,6 +7048,28 @@ async function collectFingerprint(options = {}) {
             });
         }
     }
+    // STABILIZATION: Determine which components are noisy in the current context
+    // and null them out before hashing to avoid hash instability.
+    {
+        const incognitoLikelihood = fingerprintData.incognitoDetection?.likelihood ?? 0;
+        const excluded = getExcludedComponents(incognitoLikelihood);
+        if (excluded.size > 0) {
+            for (const key of excluded) {
+                if (fingerprintData[key] !== undefined) {
+                    fingerprintData[key] = null;
+                    // Move from collected to failed list
+                    const idx = collectedComponents.indexOf(key);
+                    if (idx !== -1) {
+                        collectedComponents.splice(idx, 1);
+                        failedComponents.push({
+                            component: key,
+                            error: `excluded by stabilization rules`,
+                        });
+                    }
+                }
+            }
+        }
+    }
     // Generate hash from collected components
     const componentValues = {};
     collectedComponents.forEach((component) => {
@@ -5996,6 +7507,8 @@ async function collectFingerprint(options = {}) {
             "accessibilityEnhanced", // Locale/accessibility (can change)
             "domBlockers",
             "pluginsEnhanced", // Privacy tools detection (can change)
+            "speech", // Experimental — OS-specific, excluded from stableCoreHash
+            "clientHints", // platformVersion changes with OS/browser updates
         ];
         const stableComponentValues = {};
         for (const [key, value] of Object.entries(componentValues)) {
@@ -6113,6 +7626,12 @@ function getAvailableComponents() {
         available.push("screen");
     if (isBrowserFingerprintingAvailable())
         available.push("browser");
+    if (isWebRTCAvailable())
+        available.push("webrtc");
+    if (isPermissionsAvailable())
+        available.push("permissions");
+    if (isSpeechAvailable())
+        available.push("speech");
     return available;
 }
 
@@ -24843,6 +26362,18 @@ function getHardwareFingerprint() {
         architecture: getArchitecture$1(),
         maxTouchPoints: getMaxTouchPoints(),
         platform: navigator.platform || 'unknown',
+        jsHeapSizeLimit: performance.memory?.jsHeapSizeLimit ?? 0,
+        architectureFloat32: (() => {
+            try {
+                const f = new Float32Array(1);
+                f[0] = Infinity;
+                f[0] -= f[0]; // NaN
+                return new Uint8Array(f.buffer)[3] ?? -1;
+            }
+            catch {
+                return -1;
+            }
+        })(),
     };
 }
 
@@ -26498,6 +28029,56 @@ const COMPONENT_CHARACTERISTICS = {
         uniqueness: 0.82, // Good uniqueness across systems
         spoofResistance: 0.7, // Moderate spoof resistance
     },
+    // ThumbmarkJS-inspired new components
+    webrtc: {
+        stability: 0.92, // Codec/extension lists are stable per browser version
+        entropy: 0.85, // Rich source of entropy (codecs + RTP extensions)
+        uniqueness: 0.8, // Good differentiation across browser+OS combos
+        spoofResistance: 0.9, // Very hard to fake SDP offer
+    },
+    permissions: {
+        stability: 0.88, // Permission states are stable per profile
+        entropy: 0.75, // 25 signals provide good entropy
+        uniqueness: 0.72, // Decent uniqueness across configurations
+        spoofResistance: 0.8, // Hard to predict all 25 states
+    },
+    speech: {
+        stability: 0.9, // Voice list is stable per OS/locale
+        entropy: 0.7, // Varies by OS version and language
+        uniqueness: 0.65, // Less unique but still informative
+        spoofResistance: 0.85, // Hard to fake voice list
+    },
+    // High-entropy new components
+    cssFeatures: {
+        stability: 0.97, // CSS support flags are very stable per browser version
+        entropy: 0.88, // ~50 bits from 40 boolean features
+        uniqueness: 0.85, // Good differentiation across browser+version combos
+        spoofResistance: 0.95, // Hard to fake CSS.supports() results
+    },
+    mediaCodecs: {
+        stability: 0.95, // Codec support is stable per OS + hardware
+        entropy: 0.82, // ~20 bits, varies by OS (HEVC on macOS, etc.)
+        uniqueness: 0.78, // Good differentiation across OS/browser combos
+        spoofResistance: 0.92, // Requires actual codec support to fake
+    },
+    wasmFeatures: {
+        stability: 0.98, // Wasm proposal flags are stable per engine version
+        entropy: 0.70, // ~6-8 bits from proposal flags
+        uniqueness: 0.72, // Distinguishes engine generations well
+        spoofResistance: 0.97, // validate() is nearly impossible to fake
+    },
+    mathml: {
+        stability: 0.90, // Font rendering can change with OS/font updates
+        entropy: 0.80, // ~15 bits from font metric variations
+        uniqueness: 0.75, // Varies by OS, engine, and font stack
+        spoofResistance: 0.88, // Pixel-level measurements are hard to fake
+    },
+    clientHints: {
+        stability: 0.93, // platformVersion can change with OS updates
+        entropy: 0.92, // ~30 bits in Chromium (platform, arch, model, etc.)
+        uniqueness: 0.90, // Very precise in Chromium-based browsers
+        spoofResistance: 0.85, // API can be overridden but requires effort
+    },
 };
 /**
  * New advanced components characteristics