npm - @zaplier/sdk - Versions diffs - 1.8.1 → 1.8.2 - Mend

@zaplier/sdk 1.8.1 → 1.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/dist/core-ultra.min.js +1 -1
package/dist/index.cjs +1615 -34
package/dist/index.d.ts +11 -7
package/dist/index.esm.js +1615 -34
package/dist/v2/chunks/browser-apis-AyU2utpF.min.js +6 -0
package/dist/v2/chunks/confidence-BslwbUCt.min.js +6 -0
package/dist/v2/chunks/device-signals-2L_62qNZ.min.js +6 -0
package/dist/v2/chunks/dom-blockers-C467-IRd.min.js +6 -0
package/dist/v2/chunks/fingerprint-FfUEEIAd.min.js +6 -0
package/dist/v2/chunks/hardware-9ikfSEs-.min.js +6 -0
package/dist/v2/chunks/incognito-CkKAdE8Z.min.js +6 -0
package/dist/v2/chunks/math-Q4s6nkVD.min.js +6 -0
package/dist/v2/chunks/plugins-enhanced-mUjU1EXe.min.js +6 -0
package/dist/v2/chunks/session-replay-C5Tp0d16.min.js +6 -0
package/dist/v2/chunks/storage-Bl_8oytT.min.js +6 -0
package/dist/v2/chunks/system-DTjxyOZF.min.js +6 -0
package/dist/v2/core.d.ts +7 -0
package/dist/v2/core.min.js +2 -2
package/dist/v2/modules/anti-adblock.js +1 -1
package/dist/v2/modules/browser-apis-DzzjRXFN.js +6 -0
package/dist/v2/modules/confidence-CLylpqVh.js +6 -0
package/dist/v2/modules/device-signals-D-VQg-o6.js +6 -0
package/dist/v2/modules/dom-blockers-D9M2aO9M.js +6 -0
package/dist/v2/modules/fingerprint-Ddq30bun.js +6 -0
package/dist/v2/modules/fingerprint.js +2 -2
package/dist/v2/modules/hardware-BxWqOjae.js +6 -0
package/dist/v2/modules/heatmap.js +1 -1
package/dist/v2/modules/incognito-DpuYoC8S.js +6 -0
package/dist/v2/modules/math-B13vt1ND.js +6 -0
package/dist/v2/modules/plugins-enhanced-D5ft0k0e.js +6 -0
package/dist/v2/modules/replay.js +1 -1
package/dist/v2/modules/storage-D8dcMojB.js +6 -0
package/dist/v2/modules/system-ZMflVbka.js +6 -0
package/package.json +13 -13

package/dist/index.cjs CHANGED Viewed

@@ -1,7 +1,7 @@
 /*!
  * Zaplier SDK v1.0.0
  * Advanced privacy-first tracking with fingerprinting and security detection
- * (c) 2025 RabbitTracker Team
+ * (c) 2026 RabbitTracker Team
  * https://zaplier.com
  */
 'use strict';
@@ -14,6 +14,53 @@ Object.defineProperty(exports, '__esModule', { value: true });
  *
  * Provides 128-bit hash output using the x64 variant of MurmurHash3
  */
+/**
+ * Stable JSON stringify — sorts object keys at every level so the resulting
+ * string is identical regardless of engine-specific key ordering.
+ * Based on fast-json-stable-stringify (ThumbmarkJS adaptation).
+ */
+function stableStringify(data) {
+    const seen = [];
+    function stringify(node) {
+        if (node && typeof node.toJSON === "function") {
+            node = node.toJSON();
+        }
+        if (node === undefined)
+            return undefined;
+        if (typeof node === "number")
+            return Number.isFinite(node) ? String(node) : "null";
+        if (typeof node !== "object")
+            return JSON.stringify(node);
+        if (Array.isArray(node)) {
+            let out = "[";
+            for (let i = 0; i < node.length; i++) {
+                if (i)
+                    out += ",";
+                out += stringify(node[i]) ?? "null";
+            }
+            return out + "]";
+        }
+        if (node === null)
+            return "null";
+        if (seen.indexOf(node) !== -1) {
+            throw new TypeError("Converting circular structure to JSON");
+        }
+        const idx = seen.push(node) - 1;
+        const keys = Object.keys(node).sort();
+        let out = "";
+        for (const key of keys) {
+            const val = stringify(node[key]);
+            if (val === undefined)
+                continue;
+            if (out)
+                out += ",";
+            out += JSON.stringify(key) + ":" + val;
+        }
+        seen.splice(idx, 1);
+        return "{" + out + "}";
+    }
+    return stringify(data) ?? "";
+}
 /**
  * Adds two 64-bit numbers
  */
@@ -185,7 +232,7 @@ function hashFingerprint(components, debug = false) {
     // CRITICAL: Do NOT use JSON.stringify(obj, keys) as it filters out nested properties!
     // Use canonicalizeStable instead which handles deep sorting and normalization.
     const canonicalized = canonicalizeStable(components);
-    const canonical = JSON.stringify(canonicalized);
+    const canonical = stableStringify(canonicalized);
     if (debug) {
         console.log("[RabbitTracker] hashFingerprint debug:", {
             originalKeys: Object.keys(components),
@@ -298,7 +345,7 @@ function canonicalizeStable(input) {
  */
 function hashStableCore(coreVector, debug = false) {
     const canonicalized = canonicalizeStable(coreVector);
-    const canonical = JSON.stringify(canonicalized);
+    const canonical = stableStringify(canonicalized);
     if (debug) {
         console.log("[RabbitTracker] hashStableCore debug:", {
             originalKeys: Object.keys(coreVector),
@@ -608,6 +655,14 @@ function getAudioContextCharacteristics() {
             if ('baseLatency' in testContext) {
                 characteristics.baseLatency = testContext.baseLatency;
             }
+            // Channel count mode of AudioBufferSourceNode
+            try {
+                const bufferSource = testContext.createBufferSource();
+                characteristics.channelCountMode = bufferSource.channelCountMode;
+            }
+            catch {
+                characteristics.channelCountMode = 'max';
+            }
             // OfflineAudioContext doesn't have close method - it's automatically disposed after rendering
             if ('close' in testContext && typeof testContext.close === 'function') {
                 testContext.close();
@@ -705,7 +760,8 @@ async function getAudioFingerprint() {
             contextCharacteristics: contextCharacteristics,
             nodeCapabilities: nodeCapabilities,
             audioStackHash: audioStackHash,
-            supportedSampleRates: contextCharacteristics.supportedSampleRates || []
+            supportedSampleRates: contextCharacteristics.supportedSampleRates || [],
+            channelCountMode: contextCharacteristics.channelCountMode || 'max'
         };
         return {
             value: result,
@@ -724,7 +780,8 @@ async function getAudioFingerprint() {
                 contextCharacteristics: {},
                 nodeCapabilities: {},
                 audioStackHash: "error",
-                supportedSampleRates: []
+                supportedSampleRates: [],
+                channelCountMode: 'max'
             },
             duration: performance.now() - startTime,
             error: error instanceof Error ? error.message : "Audio fingerprinting failed",
@@ -1393,6 +1450,28 @@ async function getBrowserFingerprint() {
         if (hardwareInfo.deviceMemory !== undefined) {
             result.deviceMemory = hardwareInfo.deviceMemory;
         }
+        // productSub: "20030107" = Chrome/Safari, "20100101" = Firefox
+        const productSub = navigator.productSub;
+        if (typeof productSub === 'string' && productSub) {
+            result.productSub = productSub;
+        }
+        // ApplePay version — exclusive to Safari + HTTPS + Apple device
+        result.applePayVersion = (() => {
+            try {
+                if (typeof globalThis.ApplePaySession === 'undefined')
+                    return 0;
+                if (typeof globalThis.ApplePaySession.supportsVersion !== 'function')
+                    return 0;
+                for (let v = 15; v >= 1; v--) {
+                    if (globalThis.ApplePaySession.supportsVersion(v))
+                        return v;
+                }
+                return 0;
+            }
+            catch {
+                return 0;
+            }
+        })();
         return {
             value: result,
             duration: endTime - startTime
@@ -1430,6 +1509,56 @@ function isBrowserFingerprintingAvailable() {
     }
 }
+/**
+ * Common Pixels Anti-Randomization Utility
+ * Based on ThumbmarkJS commonPixels implementation
+ *
+ * Browsers like Brave and Firefox (private mode) inject per-pixel random noise
+ * into canvas/WebGL reads to prevent fingerprinting. This utility runs the same
+ * render N times and selects the most frequent value per pixel channel, producing
+ * a consensus ImageData that is stable across noise injections.
+ */
+/**
+ * Returns the most frequent value in an array of numbers.
+ */
+function getMostFrequent(arr) {
+    if (arr.length === 0)
+        return 0;
+    const freq = {};
+    for (const n of arr) {
+        freq[n] = (freq[n] ?? 0) + 1;
+    }
+    let best = arr[0];
+    for (const key in freq) {
+        const n = parseInt(key, 10);
+        if (freq[n] > freq[best]) {
+            best = n;
+        }
+    }
+    return best;
+}
+/**
+ * Given N ImageData objects from the same canvas/scene, returns a new ImageData
+ * where each byte is the most frequent value across all renders.
+ * This cancels out per-pixel random noise injected by privacy-hardened browsers.
+ *
+ * @param images - Array of ImageData objects (must all have the same dimensions)
+ * @param width  - Canvas width in pixels
+ * @param height - Canvas height in pixels
+ */
+function getCommonPixels(images, width, height) {
+    const len = images[0].data.length;
+    const finalData = new Uint8ClampedArray(len);
+    for (let i = 0; i < len; i++) {
+        const samples = [];
+        for (const img of images) {
+            samples.push(img.data[i]);
+        }
+        finalData[i] = getMostFrequent(samples);
+    }
+    return new ImageData(finalData, width, height);
+}
 /**
  * Canvas Fingerprinting
  * Based on FingerprintJS canvas component with incognito detection
@@ -1729,6 +1858,36 @@ function detectAdvancedInconsistencies(textHash, geometryHash, subPixelData, ctx
         };
     }
 }
+/**
+ * Render a scene function onto a canvas N times and return the consensus ImageData.
+ * Used to cancel out per-pixel noise injected by Brave/Firefox privacy mode.
+ */
+function renderConsensus(width, height, renderFn, runs = 3) {
+    const images = [];
+    for (let i = 0; i < runs; i++) {
+        const c = document.createElement("canvas");
+        c.width = width;
+        c.height = height;
+        const ctx = c.getContext("2d", { willReadFrequently: true });
+        if (!ctx)
+            continue;
+        renderFn(ctx);
+        try {
+            images.push(ctx.getImageData(0, 0, width, height));
+        }
+        catch {
+            // getImageData blocked — skip
+        }
+    }
+    if (images.length === 0)
+        return "consensus-blocked";
+    // Single render — no noise to cancel; hash directly
+    if (images.length === 1) {
+        return hash32(Array.from(images[0].data).join(","));
+    }
+    const consensus = getCommonPixels(images, width, height);
+    return hash32(Array.from(consensus.data).join(","));
+}
 /**
  * Generate enhanced canvas fingerprint with multiple primitives and sub-pixel analysis
  */
@@ -1765,15 +1924,29 @@ async function getCanvasFingerprint() {
         const subPixelAnalysis = analyzeSubPixels(ctx, canvas);
         // ENHANCED: Advanced inconsistency detection
         const inconsistencyAnalysis = detectAdvancedInconsistencies(textHash, geometryHash, subPixelAnalysis, ctx);
-        // Create composite canvas with both text and geometry for additional hash
-        ctx.clearRect(0, 0, canvas.width, canvas.height);
-        // Draw both text and geometry together
-        drawAdvancedText(ctx);
-        ctx.globalCompositeOperation = "multiply";
-        drawAdvancedGeometry(ctx);
-        ctx.globalCompositeOperation = "source-over";
-        const compositeData = canvas.toDataURL("image/png");
-        const compositeHash = hash32(compositeData);
+        // ANTI-RANDOMIZATION: If browser injects canvas noise (Brave/Firefox/Samsung),
+        // run the scene 3× and take the per-pixel consensus to cancel the noise out.
+        const needsConsensus = inconsistencyAnalysis.isInconsistent || isBrave() || isSamsungInternet$1();
+        let compositeHash;
+        if (needsConsensus) {
+            const w = canvas.width;
+            const h = canvas.height;
+            compositeHash = renderConsensus(w, h, (c) => {
+                drawAdvancedText(c);
+                c.globalCompositeOperation = "multiply";
+                drawAdvancedGeometry(c);
+                c.globalCompositeOperation = "source-over";
+            });
+        }
+        else {
+            // Fast path: single composite render
+            ctx.clearRect(0, 0, canvas.width, canvas.height);
+            drawAdvancedText(ctx);
+            ctx.globalCompositeOperation = "multiply";
+            drawAdvancedGeometry(ctx);
+            ctx.globalCompositeOperation = "source-over";
+            compositeHash = hash32(canvas.toDataURL("image/png"));
+        }
         const endTime = performance.now();
         const result = {
             text: textHash,
@@ -1782,7 +1955,7 @@ async function getCanvasFingerprint() {
             isInconsistent: inconsistencyAnalysis.isInconsistent,
             // NEW FIELDS
             subPixelAnalysis, // Sub-pixel characteristics for GPU differentiation
-            compositeHash, // Combined text+geometry hash
+            compositeHash, // Combined text+geometry hash (consensus if noisy browser)
             inconsistencyConfidence: inconsistencyAnalysis.confidence,
             blockingReasons: inconsistencyAnalysis.reasons,
         };
@@ -2666,6 +2839,28 @@ function createProgram(gl, vertexShader, fragmentShader) {
     }
     return program;
 }
+/**
+ * Read pixels from a WebGL context and return them as a fresh ImageData-like array.
+ */
+function readWebGLPixels(gl) {
+    const pixels = new Uint8Array(gl.canvas.width * gl.canvas.height * 4);
+    gl.readPixels(0, 0, gl.canvas.width, gl.canvas.height, gl.RGBA, gl.UNSIGNED_BYTE, pixels);
+    return pixels;
+}
+/**
+ * Hash a Uint8Array of pixel data into a hex string.
+ */
+function hashPixels(pixels) {
+    let hash = 0;
+    for (let i = 0; i < pixels.length; i += 4) {
+        const r = (pixels[i] ?? 0);
+        const g = (pixels[i + 1] ?? 0) * 256;
+        const b = (pixels[i + 2] ?? 0) * 65536;
+        const a = (pixels[i + 3] ?? 0) * 16777216;
+        hash = (hash * 33 + r + g + b + a) >>> 0;
+    }
+    return hash.toString(16);
+}
 /**
  * Render 3D scene to generate GPU-specific hash
  * Based on FingerprintJS methodology for maximum differentiation
@@ -2757,26 +2952,67 @@ function render3DScene(gl) {
         gl.clear(gl.COLOR_BUFFER_BIT);
         // Draw triangles
         gl.drawArrays(gl.TRIANGLES, 0, 6);
-        // Read pixels to generate hash
-        const pixels = new Uint8Array(gl.canvas.width * gl.canvas.height * 4);
-        gl.readPixels(0, 0, gl.canvas.width, gl.canvas.height, gl.RGBA, gl.UNSIGNED_BYTE, pixels);
-        // Generate hash from rendered pixels
-        let hash = 0;
-        for (let i = 0; i < pixels.length; i += 4) {
-            // Combine RGBA values with different weights (with null checks)
-            const r = (pixels[i] ?? 0) * 1;
-            const g = (pixels[i + 1] ?? 0) * 256;
-            const b = (pixels[i + 2] ?? 0) * 65536;
-            const a = (pixels[i + 3] ?? 0) * 16777216;
-            const pixelValue = r + g + b + a;
-            hash = (hash * 33 + pixelValue) >>> 0; // Use unsigned 32-bit arithmetic
+        // ANTI-RANDOMIZATION: If browser injects per-pixel noise (Brave/Samsung),
+        // render 3× on separate canvases and take per-channel consensus before hashing.
+        let renderHash;
+        const needsConsensus = isBrave() || isSamsungInternet$1();
+        if (needsConsensus) {
+            const w = gl.canvas.width;
+            const h = gl.canvas.height;
+            const pixelsArr = [readWebGLPixels(gl)];
+            // Render 2 more times on separate canvases (each needs its own GL resources)
+            for (let run = 0; run < 2; run++) {
+                const c = document.createElement("canvas");
+                c.width = w;
+                c.height = h;
+                const g = c.getContext("webgl");
+                if (!g)
+                    continue;
+                const vSrc = vertexShaderSource;
+                const fSrc = fragmentShaderSource;
+                const vs = createShader(g, g.VERTEX_SHADER, vSrc);
+                const fs = createShader(g, g.FRAGMENT_SHADER, fSrc);
+                if (!vs || !fs)
+                    continue;
+                const prog = createProgram(g, vs, fs);
+                if (!prog)
+                    continue;
+                g.useProgram(prog);
+                const buf = g.createBuffer();
+                g.bindBuffer(g.ARRAY_BUFFER, buf);
+                g.bufferData(g.ARRAY_BUFFER, vertices, g.STATIC_DRAW);
+                const posLoc = g.getAttribLocation(prog, "a_position");
+                const colLoc = g.getAttribLocation(prog, "a_color");
+                const timeLoc = g.getUniformLocation(prog, "u_time");
+                g.enableVertexAttribArray(posLoc);
+                g.enableVertexAttribArray(colLoc);
+                g.vertexAttribPointer(posLoc, 2, g.FLOAT, false, 20, 0);
+                g.vertexAttribPointer(colLoc, 3, g.FLOAT, false, 20, 8);
+                g.uniform1f(timeLoc, 1.23456789);
+                g.enable(g.BLEND);
+                g.blendFunc(g.SRC_ALPHA, g.ONE_MINUS_SRC_ALPHA);
+                g.clearColor(0.1, 0.2, 0.3, 1.0);
+                g.clear(g.COLOR_BUFFER_BIT);
+                g.drawArrays(g.TRIANGLES, 0, 6);
+                pixelsArr.push(readWebGLPixels(g));
+                g.deleteProgram(prog);
+                g.deleteShader(vs);
+                g.deleteShader(fs);
+                g.deleteBuffer(buf);
+            }
+            const images = pixelsArr.map((p) => new ImageData(new Uint8ClampedArray(p), w, h));
+            const consensus = getCommonPixels(images, w, h);
+            renderHash = hashPixels(new Uint8Array(consensus.data));
+        }
+        else {
+            renderHash = hashPixels(readWebGLPixels(gl));
         }
         // Cleanup
         gl.deleteProgram(program);
         gl.deleteShader(vertexShader);
         gl.deleteShader(fragmentShader);
         gl.deleteBuffer(buffer);
-        return hash.toString(16);
+        return renderHash;
     }
     catch (error) {
         // Fallback to basic parameters hash if rendering fails
@@ -3368,6 +3604,30 @@ function getColorScheme() {
         return 'unknown';
     }
 }
+function getScriptingSupport() {
+    try {
+        for (const v of ['enabled', 'initial-only', 'none']) {
+            if (safeMatchMedia(`(scripting: ${v})`)?.matches)
+                return v;
+        }
+        return 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
+function getUpdateFrequency() {
+    try {
+        for (const v of ['fast', 'slow', 'none']) {
+            if (safeMatchMedia(`(update: ${v})`)?.matches)
+                return v;
+        }
+        return 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
 function getAccessibilityFingerprint() {
     // Original properties
     const colorGamut = getColorGamut$1();
@@ -3388,6 +3648,9 @@ function getAccessibilityFingerprint() {
     const anyHover = getAnyHover();
     const anyPointer = getAnyPointer();
     const colorScheme = getColorScheme();
+    // ThumbmarkJS-inspired additions
+    const scripting = getScriptingSupport();
+    const updateFrequency = getUpdateFrequency();
     // Determine if user has accessibility features enabled
     const hasAccessibilityFeatures = Boolean(forcedColors ||
         reducedMotion ||
@@ -3434,6 +3697,9 @@ function getAccessibilityFingerprint() {
         anyHover,
         anyPointer,
         colorScheme,
+        // ThumbmarkJS-inspired additions
+        scripting,
+        updateFrequency,
         // Computed properties
         hasAccessibilityFeatures,
         displayCapabilities,
@@ -3526,6 +3792,8 @@ var accessibility = /*#__PURE__*/Object.freeze({
     getReducedData: getReducedData,
     getReducedMotion: getReducedMotion,
     getReducedTransparency: getReducedTransparency,
+    getScriptingSupport: getScriptingSupport,
+    getUpdateFrequency: getUpdateFrequency,
     isAccessibilityDetectionAvailable: isAccessibilityDetectionAvailable
 });
@@ -4813,6 +5081,15 @@ function getEnhancedFontFingerprintHash(fingerprint) {
  * @see https://bugzilla.mozilla.org/show_bug.cgi?id=531915
  */
 const M = Math; // Minification optimization
+// Midpoint-rule numerical integrator — same as ThumbmarkJS
+function integrate(f, a, b, n) {
+    const h = (b - a) / n;
+    let sum = 0;
+    for (let i = 0; i < n; i++) {
+        sum += f(a + (i + 0.5) * h);
+    }
+    return sum * h;
+}
 const fallbackFn = () => 0;
 /**
  * Enhanced math fingerprinting with additional precision tests
@@ -4914,7 +5191,16 @@ function getMathFingerprint$1() {
             float64: testFloat64(),
             bigNumbers: testBigNumbers(),
             smallNumbers: testSmallNumbers(),
-        }
+        },
+        // Large-number edge cases — vary by engine (V8 vs SpiderMonkey vs JavaScriptCore)
+        largeCos: M.cos(1e20),
+        largeSin: M.sin(1e20),
+        largeTan: M.tan(1e20),
+        // Accumulated precision differences over 97 midpoints
+        integratedAsin: integrate(M.asin, -1, 1, 97),
+        integratedCos: integrate(M.cos, 0, M.PI, 97),
+        integratedSin: integrate(M.sin, -M.PI, M.PI, 97),
+        integratedTan: integrate(M.tan, 0, 2 * M.PI, 97),
     };
 }
 /**
@@ -4983,6 +5269,1161 @@ function analyzeMathFingerprint(mathData) {
     };
 }
+/**
+ * WebRTC Fingerprinting
+ * Based on ThumbmarkJS WebRTC component
+ *
+ * WebRTC is one of the richest sources of entropy: the SDP offer exposes
+ * codec lists, RTP extensions and ICE candidate type, which vary by browser
+ * version, OS and hardware in a stable, non-randomizable way.
+ */
+/**
+ * Extract codec descriptions from a WebRTC SDP string for a given media type.
+ */
+function parseCodecs(sdp, mediaType) {
+    const match = sdp.match(new RegExp(`m=${mediaType} [^\\s]+ [^\\s]+ ([^\\n\\r]+)`));
+    const descriptors = match ? match[1].split(" ") : [];
+    return descriptors
+        .map((descriptor) => {
+        const matcher = new RegExp(`(rtpmap|fmtp|rtcp-fb):${descriptor} (.+)`, "g");
+        const matches = [...sdp.matchAll(matcher)];
+        if (!matches.length)
+            return null;
+        const desc = {};
+        for (const m of matches) {
+            const type = m[1];
+            const data = m[2];
+            const parts = data.split("/");
+            if (type === "rtpmap") {
+                desc.mimeType = `${mediaType}/${parts[0]}`;
+                desc.clockRate = Number(parts[1]);
+                if (mediaType === "audio")
+                    desc.channels = Number(parts[2]) || 1;
+            }
+            else if (type === "rtcp-fb") {
+                desc.feedbackSupport ??
+                    (desc.feedbackSupport = []);
+                desc.feedbackSupport.push(data);
+            }
+            else if (type === "fmtp") {
+                desc.sdpFmtpLine = data;
+            }
+        }
+        return desc;
+    })
+        .filter(Boolean);
+}
+/**
+ * Collect WebRTC fingerprint by creating an offer and analysing its SDP.
+ * Timeout defaults to 90% of global fingerprint timeout (≈4500 ms).
+ */
+async function getWebRTCFingerprint(timeout = 4500) {
+    const startTime = performance.now();
+    return new Promise((resolve) => {
+        try {
+            const RTC = window.RTCPeerConnection ||
+                window.webkitRTCPeerConnection ||
+                window.mozRTCPeerConnection;
+            if (!RTC) {
+                resolve({
+                    value: {
+                        supported: false,
+                        extensionsHash: "unsupported",
+                        audio: { count: 0, hash: "unsupported" },
+                        video: { count: 0, hash: "unsupported" },
+                        candidateType: null,
+                    },
+                    duration: performance.now() - startTime,
+                });
+                return;
+            }
+            const pc = new RTC({
+                iceCandidatePoolSize: 1,
+                iceServers: [],
+            });
+            pc.createDataChannel("");
+            (async () => {
+                try {
+                    const offer = await pc.createOffer({
+                        offerToReceiveAudio: true,
+                        offerToReceiveVideo: true,
+                    });
+                    await pc.setLocalDescription(offer);
+                    const sdp = offer.sdp ?? "";
+                    // RTP extensions — sorted for stability
+                    const extensions = [
+                        ...new Set((sdp.match(/extmap:\d+ [^\n\r]+/g) ?? []).map((x) => x.replace(/extmap:\d+ /, ""))),
+                    ].sort();
+                    const audioCodecs = parseCodecs(sdp, "audio");
+                    const videoCodecs = parseCodecs(sdp, "video");
+                    const partialResult = {
+                        extensionsHash: hash32(stableStringify(extensions)),
+                        audio: {
+                            count: audioCodecs.length,
+                            hash: hash32(stableStringify(audioCodecs)),
+                        },
+                        video: {
+                            count: videoCodecs.length,
+                            hash: hash32(stableStringify(videoCodecs)),
+                        },
+                    };
+                    // Wait for first ICE candidate (reveals candidateType)
+                    const iceTimeout = Math.floor(timeout * 0.9);
+                    const candidateType = await new Promise((resolveIce) => {
+                        const t = setTimeout(() => {
+                            pc.removeEventListener("icecandidate", onIce);
+                            pc.close();
+                            resolveIce(null);
+                        }, iceTimeout);
+                        const onIce = (evt) => {
+                            if (!evt.candidate?.candidate)
+                                return;
+                            clearTimeout(t);
+                            pc.removeEventListener("icecandidate", onIce);
+                            pc.close();
+                            resolveIce(evt.candidate.type ?? null);
+                        };
+                        pc.addEventListener("icecandidate", onIce);
+                    });
+                    resolve({
+                        value: {
+                            supported: true,
+                            ...partialResult,
+                            candidateType,
+                            timedOut: candidateType === null,
+                        },
+                        duration: performance.now() - startTime,
+                    });
+                }
+                catch (err) {
+                    pc.close();
+                    resolve({
+                        value: {
+                            supported: true,
+                            extensionsHash: "offer-error",
+                            audio: { count: 0, hash: "offer-error" },
+                            video: { count: 0, hash: "offer-error" },
+                            candidateType: null,
+                        },
+                        duration: performance.now() - startTime,
+                        error: err instanceof Error ? err.message : "WebRTC offer failed",
+                    });
+                }
+            })();
+        }
+        catch (err) {
+            resolve({
+                value: {
+                    supported: false,
+                    extensionsHash: "error",
+                    audio: { count: 0, hash: "error" },
+                    video: { count: 0, hash: "error" },
+                    candidateType: null,
+                },
+                duration: performance.now() - startTime,
+                error: err instanceof Error ? err.message : "WebRTC error",
+            });
+        }
+    });
+}
+/**
+ * Check if WebRTC fingerprinting is available in this environment.
+ */
+function isWebRTCAvailable() {
+    try {
+        return !!(window.RTCPeerConnection ||
+            window.webkitRTCPeerConnection ||
+            window.mozRTCPeerConnection);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Permissions API Fingerprinting
+ * Based on ThumbmarkJS permissions component
+ *
+ * Permission states (granted / denied / prompt) vary by browser, OS version,
+ * site origin and user profile in a stable way — 25 signals for low cost.
+ * To cancel out race conditions the query is run 3× in parallel and the
+ * most-frequent value per permission is selected.
+ */
+// 25-item list from ThumbmarkJS
+const PERMISSION_KEYS = [
+    "accelerometer",
+    "accessibility",
+    "accessibility-events",
+    "ambient-light-sensor",
+    "background-fetch",
+    "background-sync",
+    "bluetooth",
+    "camera",
+    "clipboard-read",
+    "clipboard-write",
+    "device-info",
+    "display-capture",
+    "geolocation",
+    "gyroscope",
+    "local-fonts",
+    "magnetometer",
+    "microphone",
+    "midi",
+    "nfc",
+    "notifications",
+    "payment-handler",
+    "persistent-storage",
+    "push",
+    "speaker",
+    "storage-access",
+    "top-level-storage-access",
+    "window-management",
+];
+/**
+ * Query all permissions once and return the result map.
+ */
+async function queryPermissionsOnce() {
+    const result = {};
+    await Promise.allSettled(PERMISSION_KEYS.map(async (key) => {
+        try {
+            const status = await navigator.permissions.query({
+                name: key,
+            });
+            result[key] = status.state;
+        }
+        catch {
+            // Unsupported permission — omit
+        }
+    }));
+    return result;
+}
+/**
+ * Return the most-frequent string value across an array.
+ */
+function mostFrequent(values) {
+    if (values.length === 0)
+        return "unknown";
+    const freq = {};
+    for (const v of values)
+        freq[v] = (freq[v] ?? 0) + 1;
+    let best = values[0];
+    for (const k in freq) {
+        if (freq[k] > freq[best])
+            best = k;
+    }
+    return best;
+}
+/**
+ * Collect Permissions fingerprint.
+ * Runs 3 parallel queries and returns the per-permission consensus to
+ * eliminate any transient state fluctuations.
+ */
+async function getPermissionsFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!navigator?.permissions?.query) {
+            return {
+                value: {},
+                duration: performance.now() - startTime,
+                error: "Permissions API not available",
+            };
+        }
+        // Run 3 times in parallel for consensus
+        const runs = await Promise.all([
+            queryPermissionsOnce(),
+            queryPermissionsOnce(),
+            queryPermissionsOnce(),
+        ]);
+        // Merge: pick most frequent value per key
+        const merged = {};
+        for (const key of PERMISSION_KEYS) {
+            const values = runs
+                .map((r) => r[key])
+                .filter((v) => v !== undefined);
+            if (values.length > 0) {
+                merged[key] = mostFrequent(values);
+            }
+        }
+        return {
+            value: merged,
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: {},
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "Permissions fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if Permissions API fingerprinting is available.
+ */
+function isPermissionsAvailable() {
+    try {
+        return (typeof navigator !== "undefined" &&
+            typeof navigator.permissions?.query === "function");
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Speech Synthesis Fingerprinting
+ * Based on ThumbmarkJS speech component
+ *
+ * The list of system voices (Speech Synthesis API) is stable per OS/version/locale
+ * and provides extra entropy at zero user-visible cost.
+ * Voices may load asynchronously, so we listen for `voiceschanged` with an 800 ms fallback.
+ */
+const VOICE_LOAD_TIMEOUT_MS = 800;
+/**
+ * Escape commas and backslashes inside a voice property string.
+ */
+function escapeValue(v) {
+    return v.replace(/\\/g, "\\\\").replace(/,/g, "\\,");
+}
+/**
+ * Build a canonical sorted signature array from a list of voices.
+ */
+function buildSignatures(voices) {
+    return voices
+        .map((v) => [
+        escapeValue(v.voiceURI ?? ""),
+        escapeValue(v.name ?? ""),
+        escapeValue(v.lang ?? ""),
+        v.localService ? "1" : "0",
+        v.default ? "1" : "0",
+    ].join(","))
+        .sort();
+}
+/**
+ * Collect Speech Synthesis fingerprint.
+ * Experimental: not included in `stableCoreHash` by default.
+ */
+async function getSpeechFingerprint() {
+    const startTime = performance.now();
+    return new Promise((resolve) => {
+        try {
+            if (typeof window === "undefined" ||
+                !window.speechSynthesis ||
+                typeof window.speechSynthesis.getVoices !== "function") {
+                resolve({
+                    value: { supported: false, voiceCount: 0, voicesHash: "unsupported" },
+                    duration: performance.now() - startTime,
+                    error: "Speech Synthesis API not supported",
+                });
+                return;
+            }
+            let resolved = false;
+            let timeoutHandle = null;
+            const processVoices = (voices) => {
+                if (resolved)
+                    return;
+                resolved = true;
+                if (timeoutHandle)
+                    clearTimeout(timeoutHandle);
+                try {
+                    const signatures = buildSignatures(voices);
+                    resolve({
+                        value: {
+                            supported: true,
+                            voiceCount: voices.length,
+                            voicesHash: hash32(stableStringify(signatures)),
+                        },
+                        duration: performance.now() - startTime,
+                    });
+                }
+                catch (err) {
+                    resolve({
+                        value: { supported: true, voiceCount: 0, voicesHash: "error" },
+                        duration: performance.now() - startTime,
+                        error: err instanceof Error ? err.message : "Voice processing failed",
+                    });
+                }
+            };
+            // Immediate attempt (works in Chrome)
+            const voices = window.speechSynthesis.getVoices();
+            if (voices.length > 0) {
+                processVoices(voices);
+                return;
+            }
+            // Fallback timeout (Firefox/Safari load voices asynchronously)
+            timeoutHandle = setTimeout(() => {
+                processVoices(window.speechSynthesis.getVoices());
+            }, VOICE_LOAD_TIMEOUT_MS);
+            // voiceschanged event (most browsers fire this when voices are ready)
+            const onChanged = () => {
+                window.speechSynthesis.removeEventListener("voiceschanged", onChanged);
+                processVoices(window.speechSynthesis.getVoices());
+            };
+            window.speechSynthesis.addEventListener("voiceschanged", onChanged);
+        }
+        catch (err) {
+            resolve({
+                value: { supported: false, voiceCount: 0, voicesHash: "error" },
+                duration: performance.now() - startTime,
+                error: err instanceof Error ? err.message : "Speech synthesis error",
+            });
+        }
+    });
+}
+/**
+ * Check if Speech Synthesis fingerprinting is available.
+ */
+function isSpeechAvailable() {
+    try {
+        return (typeof window !== "undefined" &&
+            typeof window.speechSynthesis?.getVoices === "function");
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Stabilization Rules for Fingerprint Components
+ * Based on ThumbmarkJS stabilizationExclusionRules
+ *
+ * Certain components produce noisy / randomized output in specific browser
+ * contexts (private mode, iframes, always-noisy browsers). This module defines
+ * which components to exclude per context to maximize hash stability.
+ */
+/** Port of ThumbmarkJS stabilizationExclusionRules. */
+const stabilizationRules = {
+    private: [
+        { exclude: ["canvas"], browsers: ["firefox", "safari", "brave"] },
+        { exclude: ["audio"], browsers: ["safari", "samsung"] },
+        { exclude: ["fonts"], browsers: ["firefox"] },
+        {
+            exclude: ["hardware", "pluginsEnhanced"],
+            browsers: ["brave"],
+        },
+    ],
+    iframe: [
+        { exclude: ["system"], browsers: ["safari"] },
+        { exclude: ["permissions"] }, // All browsers
+    ],
+    always: [
+        { exclude: ["speech"], browsers: ["brave", "firefox"] },
+    ],
+};
+/**
+ * Detect the current browser name for rule matching.
+ */
+function getCurrentBrowser() {
+    try {
+        if (isBrave())
+            return "brave";
+        if (isFirefox())
+            return "firefox";
+        if (isSafari())
+            return "safari";
+        if (isSamsungInternet$1())
+            return "samsung";
+        // Edge / Chrome fall through as "other" — rules that target them can be added later
+        return "other";
+    }
+    catch {
+        return "other";
+    }
+}
+/**
+ * Detect whether the page is running inside an iframe.
+ */
+function isInIframe() {
+    try {
+        return window !== window.top;
+    }
+    catch {
+        return true; // Cross-origin frame access throws — treat as iframe
+    }
+}
+/**
+ * Given the incognito likelihood (0-1) from `incognitoDetection`, decide
+ * whether to treat the session as private mode.
+ */
+function isLikelyPrivate(incognitoLikelihood) {
+    // Threshold: probability ≥ 0.6 → apply private-mode exclusions
+    return (incognitoLikelihood ?? 0) >= 0.6;
+}
+/**
+ * Returns the set of component keys that should be nulled out / excluded from
+ * hashing given the current context.
+ *
+ * @param incognitoLikelihood - Output of incognito detection (0-1). Pass 0 if unavailable.
+ */
+function getExcludedComponents(incognitoLikelihood) {
+    const browser = getCurrentBrowser();
+    const excluded = new Set();
+    const applyRules = (rules) => {
+        for (const rule of rules) {
+            if (!rule.browsers ||
+                rule.browsers.includes(browser)) {
+                for (const key of rule.exclude) {
+                    excluded.add(key);
+                }
+            }
+        }
+    };
+    // Always-active exclusions
+    applyRules(stabilizationRules.always);
+    // Iframe exclusions
+    if (isInIframe()) {
+        applyRules(stabilizationRules.iframe);
+    }
+    // Private-mode exclusions
+    if (isLikelyPrivate(incognitoLikelihood)) {
+        applyRules(stabilizationRules.private);
+    }
+    return excluded;
+}
+/**
+ * CSS @supports Feature Vector Fingerprinting
+ *
+ * Tests ~40 modern CSS features via CSS.supports() to produce a stable
+ * boolean vector (~50 bits of entropy). Síncrono, zero custo, estável por
+ * versão de browser. Different browsers differ on ~10-15 features, making
+ * this a strong discriminator for browser family + version.
+ */
+/**
+ * CSS features to test — [key, CSS declaration or condition string]
+ * For selector() and condition-text forms we use the single-argument overload.
+ * For @layer we pass the conditionText form directly.
+ */
+const CSS_FEATURES = [
+    // Layout moderno
+    ["aspect-ratio", "aspect-ratio: 1"],
+    ["container-type", "container-type: inline-size"],
+    ["content-visibility", "content-visibility: auto"],
+    ["field-sizing", "field-sizing: content"],
+    // CSS Grid avançado
+    ["subgrid", "grid-template-columns: subgrid"],
+    ["masonry", "grid-template-rows: masonry"],
+    // Seletores
+    ["has-selector", "selector(:has(*))"],
+    ["is-selector", "selector(:is(*))"],
+    ["where-selector", "selector(:where(*))"],
+    ["focus-visible", "selector(:focus-visible)"],
+    // Cores modernas
+    ["color-mix", "color: color-mix(in srgb, red, blue)"],
+    ["oklch", "color: oklch(0.5 0.2 200)"],
+    ["relative-color", "color: hsl(from red h s l)"],
+    // Visual
+    ["backdrop-filter", "backdrop-filter: blur(10px)"],
+    ["text-wrap-balance", "text-wrap: balance"],
+    ["text-wrap-pretty", "text-wrap: pretty"],
+    ["overscroll-behavior", "overscroll-behavior: none"],
+    ["scroll-behavior", "scroll-behavior: smooth"],
+    // View transitions
+    ["view-transition", "view-transition-name: auto"],
+    // Animações modernas
+    ["animation-timeline", "animation-timeline: scroll()"],
+    ["animation-range", "animation-range: 10% 90%"],
+    // Scroll-driven
+    ["scroll-timeline", "scroll-timeline: --t block"],
+    // Tipografia
+    ["font-variant-numeric", "font-variant-numeric: oldstyle-nums"],
+    ["hyphenate-character", "hyphenate-character: auto"],
+    ["text-decoration-skip-ink", "text-decoration-skip-ink: auto"],
+    ["hanging-punctuation", "hanging-punctuation: first"],
+    // Transforms
+    ["individual-transform", "translate: 10px"],
+    ["rotate-property", "rotate: 45deg"],
+    // Logical properties
+    ["margin-inline", "margin-inline: auto"],
+    ["inset", "inset: 0"],
+    // Containment
+    ["contain", "contain: layout"],
+    ["contain-intrinsic-size", "contain-intrinsic-size: auto"],
+    // Cascade
+    ["cascade-layers", "@layer"],
+    ["revert-layer", "color: revert-layer"],
+    // Scrollbar
+    ["scrollbar-width", "scrollbar-width: thin"],
+    ["scrollbar-color", "scrollbar-color: red blue"],
+    // Vendor webkit
+    ["webkit-text-stroke", "-webkit-text-stroke: 1px black"],
+    ["webkit-line-clamp", "-webkit-line-clamp: 2"],
+    // Nesting CSS
+    ["css-nesting", "selector(& .child)"],
+    // Forced colors
+    ["forced-colors", "(forced-colors: active)"],
+];
+/**
+ * Test a single CSS feature via CSS.supports().
+ * Returns false on any exception (API absent or invalid syntax).
+ */
+function testFeature(declaration) {
+    try {
+        // selector(...) and condition-text forms use the single-arg overload
+        if (declaration.startsWith("selector(") ||
+            declaration.startsWith("(") ||
+            declaration.startsWith("@")) {
+            return CSS.supports(declaration);
+        }
+        return CSS.supports(declaration);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Produce a simple hex hash from the boolean feature vector.
+ * Uses the feature keys + their boolean values for determinism.
+ */
+function hashFeatures(features) {
+    const str = stableStringify(features);
+    let h = 0x811c9dc5;
+    for (let i = 0; i < str.length; i++) {
+        h ^= str.charCodeAt(i);
+        h = (Math.imul(h, 0x01000193) | 0) >>> 0;
+    }
+    return h.toString(16).padStart(8, "0");
+}
+/**
+ * Collect CSS @supports feature vector fingerprint.
+ */
+function getCSSFeaturesFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!isCSSFeaturesAvailable()) {
+            return {
+                value: { features: {}, supportedCount: 0, hash: "" },
+                duration: performance.now() - startTime,
+                error: "CSS.supports not available",
+            };
+        }
+        const features = {};
+        for (const [key, declaration] of CSS_FEATURES) {
+            features[key] = testFeature(declaration);
+        }
+        const supportedCount = Object.values(features).filter(Boolean).length;
+        const hash = hashFeatures(features);
+        return {
+            value: { features, supportedCount, hash },
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: { features: {}, supportedCount: 0, hash: "" },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "CSS features fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if CSS @supports fingerprinting is available.
+ */
+function isCSSFeaturesAvailable() {
+    try {
+        return (typeof CSS !== "undefined" && typeof CSS.supports === "function");
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Media Codec Support Matrix Fingerprinting
+ *
+ * Tests video/audio codec support via HTMLMediaElement.canPlayType() and
+ * MediaRecorder.isTypeSupported(). ~20 bits of entropy, stable per OS +
+ * hardware (hardware decoders vary), synchronous, zero cost.
+ */
+// canPlayType — vídeo
+const VIDEO_TYPES = [
+    'video/mp4; codecs="avc1.42E01E"', // H.264 Baseline
+    'video/mp4; codecs="avc1.4D001E"', // H.264 Main
+    'video/mp4; codecs="hev1.1.6.L93.B0"', // H.265/HEVC
+    'video/mp4; codecs="vp09.00.10.08"', // VP9 in MP4
+    'video/mp4; codecs="av01.0.01M.08"', // AV1 in MP4
+    'video/webm; codecs="vp8"',
+    'video/webm; codecs="vp9"',
+    'video/webm; codecs="av01.0.01M.08"', // AV1 in WebM
+    'video/ogg; codecs="theora"',
+];
+// canPlayType — áudio
+const AUDIO_TYPES = [
+    'audio/mp4; codecs="mp4a.40.2"', // AAC-LC
+    'audio/mp4; codecs="mp4a.40.5"', // HE-AAC
+    'audio/mpeg', // MP3
+    'audio/ogg; codecs="vorbis"',
+    'audio/ogg; codecs="opus"',
+    'audio/webm; codecs="opus"',
+    'audio/wav; codecs="1"', // PCM
+    'audio/flac',
+    'audio/aac',
+];
+// MediaRecorder.isTypeSupported
+const RECORDER_TYPES = [
+    'video/webm; codecs="vp8"',
+    'video/webm; codecs="vp9"',
+    'video/webm; codecs="av1"',
+    'video/webm; codecs="vp9,opus"',
+    'audio/webm; codecs="opus"',
+    'audio/ogg; codecs="opus"',
+    'video/mp4; codecs="avc1"',
+];
+/**
+ * Produce a simple FNV-1a hex hash from the codec matrix.
+ */
+function hashCodecs(video, audio, recorder) {
+    const str = stableStringify({ video, audio, recorder });
+    let h = 0x811c9dc5;
+    for (let i = 0; i < str.length; i++) {
+        h ^= str.charCodeAt(i);
+        h = (Math.imul(h, 0x01000193) | 0) >>> 0;
+    }
+    return h.toString(16).padStart(8, "0");
+}
+/**
+ * Collect media codec support fingerprint.
+ */
+function getMediaCodecsFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!isMediaCodecsAvailable()) {
+            return {
+                value: { video: {}, audio: {}, recorder: {}, hash: "" },
+                duration: performance.now() - startTime,
+                error: "document not available",
+            };
+        }
+        // Test video codecs
+        const videoEl = document.createElement("video");
+        const video = {};
+        for (const mime of VIDEO_TYPES) {
+            try {
+                video[mime] = videoEl.canPlayType(mime);
+            }
+            catch {
+                video[mime] = "";
+            }
+        }
+        // Test audio codecs
+        const audioEl = document.createElement("audio");
+        const audio = {};
+        for (const mime of AUDIO_TYPES) {
+            try {
+                audio[mime] = audioEl.canPlayType(mime);
+            }
+            catch {
+                audio[mime] = "";
+            }
+        }
+        // Test MediaRecorder support
+        const recorder = {};
+        const hasRecorder = typeof MediaRecorder !== "undefined" &&
+            typeof MediaRecorder.isTypeSupported === "function";
+        for (const mime of RECORDER_TYPES) {
+            try {
+                recorder[mime] = hasRecorder ? MediaRecorder.isTypeSupported(mime) : false;
+            }
+            catch {
+                recorder[mime] = false;
+            }
+        }
+        const hash = hashCodecs(video, audio, recorder);
+        return {
+            value: { video, audio, recorder, hash },
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: { video: {}, audio: {}, recorder: {}, hash: "" },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "Media codecs fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if media codec fingerprinting is available.
+ */
+function isMediaCodecsAvailable() {
+    try {
+        return typeof document !== "undefined";
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * WebAssembly Feature Detection Fingerprinting
+ *
+ * Detects ~6–8 WebAssembly proposal flags via WebAssembly.validate() (sync,
+ * does not execute the module). Stable per engine version. ~6 bits of entropy.
+ */
+// ─── Minimal WASM modules for feature detection ────────────────────────────
+// Each is the smallest valid module that uses the target feature/opcode.
+// WebAssembly.validate() returns false (instead of throwing) if invalid,
+// so any exception = feature not supported.
+// SIMD: v128.const opcode (0xFD 0x0F)
+// Module: one function returning v128 constant (all zeros)
+const SIMD_BYTES = new Uint8Array([
+    0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // magic + version
+    0x01, 0x05, 0x01, 0x60, 0x00, 0x01, 0x7b, // type section: () -> v128
+    0x03, 0x02, 0x01, 0x00, // function section
+    0x0a, 0x0a, 0x01, 0x08, 0x00, // code section
+    0xfd, 0x0f, // v128.const
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 16 bytes of immediate
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0b, // end
+]);
+// Bulk memory: memory.copy (0xFC 0x0A)
+// Module: one function calling memory.copy(0, 0, n)
+const BULK_MEMORY_BYTES = new Uint8Array([
+    0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // magic + version
+    0x01, 0x04, 0x01, 0x60, 0x00, 0x00, // type: () -> ()
+    0x03, 0x02, 0x01, 0x00, // function section
+    0x05, 0x03, 0x01, 0x00, 0x00, // memory section (1 page min 0)
+    0x0a, 0x0c, 0x01, 0x0a, 0x00, // code section
+    0x41, 0x00, // i32.const 0
+    0x41, 0x00, // i32.const 0
+    0x41, 0x00, // i32.const 0
+    0xfc, 0x0a, 0x00, 0x00, // memory.copy mem_idx=0 mem_idx=0
+    0x0b, // end
+]);
+// Exception handling: tag section (section id 0x0d)
+// Module: just a tag section — engines without exception handling won't parse 0x0d
+const EXCEPTIONS_BYTES = new Uint8Array([
+    0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // magic + version
+    0x01, 0x04, 0x01, 0x60, 0x00, 0x00, // type section: () -> ()
+    0x0d, 0x03, 0x01, 0x00, 0x00, // tag section: 1 tag of type 0
+]);
+// GC: rec type section (0x4E inside type section) — very new, Chrome 119+, FF 120+
+// Module: minimal module with an empty rec group
+const GC_BYTES = new Uint8Array([
+    0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // magic + version
+    0x01, 0x03, // type section, 3 bytes body
+    0x01, // 1 entry
+    0x4e, 0x00, // rec, 0 types in group
+]);
+/**
+ * Safe wrapper around WebAssembly.validate — returns false on any exception.
+ */
+function validate(bytes) {
+    try {
+        return WebAssembly.validate(bytes);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Collect WebAssembly feature flags.
+ */
+function getWasmFeaturesFingerprint() {
+    const startTime = performance.now();
+    try {
+        const basic = typeof WebAssembly !== "undefined";
+        if (!basic) {
+            const value = {
+                basic: false,
+                validate: false,
+                compile: false,
+                simd: false,
+                threads: false,
+                bulkMemory: false,
+                exceptions: false,
+                gc: false,
+            };
+            return { value, duration: performance.now() - startTime };
+        }
+        const validateAvailable = typeof WebAssembly.validate === "function";
+        const value = {
+            basic: true,
+            validate: validateAvailable,
+            compile: typeof WebAssembly.compile === "function",
+            simd: validateAvailable ? validate(SIMD_BYTES) : false,
+            threads: typeof SharedArrayBuffer !== "undefined",
+            bulkMemory: validateAvailable ? validate(BULK_MEMORY_BYTES) : false,
+            exceptions: validateAvailable ? validate(EXCEPTIONS_BYTES) : false,
+            gc: validateAvailable ? validate(GC_BYTES) : false,
+        };
+        return { value, duration: performance.now() - startTime };
+    }
+    catch (err) {
+        return {
+            value: {
+                basic: false,
+                validate: false,
+                compile: false,
+                simd: false,
+                threads: false,
+                bulkMemory: false,
+                exceptions: false,
+                gc: false,
+            },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "Wasm features fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if WebAssembly feature detection is available.
+ */
+function isWasmAvailable() {
+    try {
+        return (typeof WebAssembly !== "undefined" &&
+            typeof WebAssembly.validate === "function");
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * MathML Rendering Fingerprint
+ *
+ * Measures bounding box dimensions of rendered MathML structures to extract
+ * font-metric entropy (~15 bits). Varies by OS (macOS vs Windows vs Linux),
+ * browser engine (Gecko vs WebKit vs Blink), and system font version.
+ *
+ * Approach: inject hidden <math> elements into document.body, measure, remove.
+ * No iframe needed — simpler than ThumbmarkJS approach.
+ */
+// Blackboard bold symbols × Greek sub/superscript pairs — from ThumbmarkJS
+const BB_SYMBOLS = ['𝔸', '𝔹', 'ℂ', '𝔻', '𝔼', '𝔽', '𝔾', 'ℍ', '𝕀', '𝕁', '𝕂', '𝕃'];
+const GREEK_PAIRS = [
+    ['β', 'ψ'], ['λ', 'ε'], ['ζ', 'α'], ['ξ', 'μ'], ['ρ', 'φ'], ['κ', 'τ'],
+    ['η', 'σ'], ['ι', 'ω'], ['γ', 'ν'], ['χ', 'δ'], ['θ', 'π'], ['υ', 'ο'],
+];
+// Complex structure 4: ∏ munderover wrapping all 12 BB×Greek mmultiscripts
+const _bbMrow = BB_SYMBOLS.map((b, i) => {
+    const [g1, g2] = GREEK_PAIRS[i];
+    return `<mmultiscripts><mi>${b}</mi><mi>${g1}</mi><mi>${g2}</mi></mmultiscripts>`;
+}).join('');
+// MathML structures to render — 16 total, inspired by ThumbmarkJS
+const MATHML_STRUCTURES = [
+    // 1. Integral with fraction
+    `<math><msubsup><mo>∫</mo><mi>a</mi><mi>b</mi></msubsup><mfrac><mrow><mi>f</mi><mo>(</mo><mi>x</mi><mo>)</mo></mrow><mrow><mi>d</mi><mi>x</mi></mrow></mfrac></math>`,
+    // 2. Fraction with pi and r squared
+    `<math><mfrac><mrow><mi>π</mi><mo>×</mo><msup><mi>r</mi><mn>2</mn></msup></mrow><mrow><mn>4</mn></mrow></mfrac></math>`,
+    // 3. Matrix with Greek letters
+    `<math><mo>[</mo><mtable><mtr><mtd><mi>α</mi></mtd><mtd><mi>β</mi></mtd></mtr><mtr><mtd><mi>γ</mi></mtd><mtd><mi>δ</mi></mtd></mtr></mtable><mo>]</mo></math>`,
+    // 4. ∏ munderover with 12 blackboard bold × Greek mmultiscripts (replaces simple ∑)
+    `<math><munderover><mo>∏</mo><mrow><mi>i</mi><mo>=</mo><mn>1</mn></mrow><mi>n</mi></munderover><mrow>${_bbMrow}</mrow></math>`,
+    // 5–16. Individual blackboard bold symbol with Greek sub/superscript (one per symbol)
+    ...BB_SYMBOLS.map((b, i) => {
+        const [g1, g2] = GREEK_PAIRS[i];
+        return `<math><mmultiscripts><mi>${b}</mi><mi>${g1}</mi><mi>${g2}</mi></mmultiscripts></math>`;
+    }),
+];
+// Font style properties to capture from the root <math> element
+const FONT_STYLE_PROPS = [
+    "fontFamily",
+    "fontSize",
+    "fontWeight",
+    "fontStyle",
+    "lineHeight",
+    "fontVariant",
+    "fontStretch",
+    "fontKerning",
+    "fontFeatureSettings",
+    "fontVariantNumeric",
+];
+/**
+ * FNV-1a hash over a JSON string.
+ */
+function fnv1a(str) {
+    let h = 0x811c9dc5;
+    for (let i = 0; i < str.length; i++) {
+        h ^= str.charCodeAt(i);
+        h = (Math.imul(h, 0x01000193) | 0) >>> 0;
+    }
+    return h.toString(16).padStart(8, "0");
+}
+/**
+ * Check if the browser renders MathML natively by measuring a trivial element.
+ */
+function isMathMLRendered() {
+    try {
+        const container = document.createElement("div");
+        container.style.cssText = "position:absolute;visibility:hidden;top:-9999px;left:-9999px";
+        container.innerHTML = "<math><mrow><mi>x</mi></mrow></math>";
+        document.body.appendChild(container);
+        const math = container.querySelector("math");
+        const rect = math?.getBoundingClientRect();
+        document.body.removeChild(container);
+        return !!(rect && rect.width > 0 && rect.height > 0);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Render a MathML string in a hidden container, measure dimensions, then remove.
+ */
+function measureMathML(mathHtml) {
+    const container = document.createElement("div");
+    container.style.cssText =
+        "position:absolute;visibility:hidden;top:-9999px;left:-9999px;font-size:16px";
+    container.innerHTML = mathHtml;
+    document.body.appendChild(container);
+    const math = container.querySelector("math");
+    const rect = math?.getBoundingClientRect() ?? { width: 0, height: 0 };
+    document.body.removeChild(container);
+    return {
+        width: Math.round(rect.width * 100) / 100,
+        height: Math.round(rect.height * 100) / 100,
+    };
+}
+/**
+ * Capture computedStyle font properties of the <math> element.
+ */
+function captureFontStyle() {
+    const container = document.createElement("div");
+    container.style.cssText =
+        "position:absolute;visibility:hidden;top:-9999px;left:-9999px;font-size:16px";
+    container.innerHTML = "<math><mi>x</mi></math>";
+    document.body.appendChild(container);
+    const math = container.querySelector("math");
+    const style = math ? window.getComputedStyle(math) : null;
+    const result = {};
+    for (const prop of FONT_STYLE_PROPS) {
+        result[prop] = style ? style[prop] ?? "" : "";
+    }
+    document.body.removeChild(container);
+    return result;
+}
+/**
+ * Collect MathML rendering fingerprint.
+ * Returns `supported: false` (without error) in browsers that don't render MathML.
+ */
+async function getMathMLFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!isMathMLAvailable()) {
+            return {
+                value: { supported: false, dimensionsHash: "", fontStyleHash: "" },
+                duration: performance.now() - startTime,
+                error: "document not available",
+            };
+        }
+        if (!isMathMLRendered()) {
+            return {
+                value: { supported: false, dimensionsHash: "", fontStyleHash: "" },
+                duration: performance.now() - startTime,
+            };
+        }
+        // Measure all structures
+        const dimensions = MATHML_STRUCTURES.map((html) => measureMathML(html));
+        const dimensionsHash = fnv1a(stableStringify(dimensions));
+        // Capture font style info
+        const fontStyle = captureFontStyle();
+        const fontStyleHash = fnv1a(stableStringify(fontStyle));
+        return {
+            value: { supported: true, dimensionsHash, fontStyleHash },
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: { supported: false, dimensionsHash: "", fontStyleHash: "" },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "MathML fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if MathML fingerprinting is available (requires DOM).
+ */
+function isMathMLAvailable() {
+    try {
+        return (typeof document !== "undefined" &&
+            typeof document.createElement === "function" &&
+            typeof document.body !== "undefined" &&
+            document.body !== null);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * User-Agent Client Hints Fingerprinting
+ *
+ * Uses navigator.userAgentData.getHighEntropyValues() to obtain precise
+ * platform details (~30 bits in Chromium). Gracefully degrades to
+ * `available: false` in Firefox and Safari which don't expose the API.
+ *
+ * Note: platformVersion can change with OS/browser updates — this component
+ * contributes to fingerprintHash but NOT to stableCoreHash (see orchestrator).
+ */
+/**
+ * Collect User-Agent Client Hints.
+ */
+async function getClientHintsFingerprint() {
+    const startTime = performance.now();
+    try {
+        if (!isClientHintsAvailable()) {
+            return {
+                value: { available: false },
+                duration: performance.now() - startTime,
+            };
+        }
+        const uaData = navigator.userAgentData;
+        const highEntropy = await uaData.getHighEntropyValues([
+            "architecture",
+            "bitness",
+            "fullVersionList",
+            "mobile",
+            "model",
+            "platformVersion",
+            "formFactor",
+            "uaFullVersion",
+        ]);
+        // Normalize fullVersionList → brands
+        const brands = highEntropy.fullVersionList?.map((b) => ({
+            brand: b.brand ?? "",
+            version: b.version ?? "",
+        }));
+        return {
+            value: {
+                available: true,
+                brands,
+                mobile: highEntropy.mobile,
+                platform: uaData.platform,
+                platformVersion: highEntropy.platformVersion,
+                architecture: highEntropy.architecture,
+                bitness: highEntropy.bitness,
+                model: highEntropy.model,
+                uaFullVersion: highEntropy.uaFullVersion,
+                formFactor: highEntropy.formFactor,
+            },
+            duration: performance.now() - startTime,
+        };
+    }
+    catch (err) {
+        return {
+            value: { available: false },
+            duration: performance.now() - startTime,
+            error: err instanceof Error ? err.message : "Client Hints fingerprinting failed",
+        };
+    }
+}
+/**
+ * Check if User-Agent Client Hints API is available (Chromium-based browsers).
+ */
+function isClientHintsAvailable() {
+    try {
+        return (typeof navigator !== "undefined" &&
+            "userAgentData" in navigator &&
+            typeof navigator.userAgentData?.getHighEntropyValues ===
+                "function");
+    }
+    catch {
+        return false;
+    }
+}
 /**
  * Fingerprint Orchestrator
  * Main fingerprinting engine that coordinates all components
@@ -5024,16 +6465,24 @@ function shouldIncludeComponent(component, options) {
             return false;
         }
     }
-    // New FingerprintJS components are enabled by default in non-GDPR mode
-    const fingerprintJSComponents = [
+    // New FingerprintJS / ThumbmarkJS components are enabled by default
+    const extendedComponents = [
         "mathFingerprint",
         "dateTimeLocale",
         "accessibilityEnhanced",
         "fontPreferences",
         "enhancedFonts",
+        "webrtc",
+        "permissions",
+        "speech",
+        // High-entropy new components
+        "cssFeatures",
+        "mediaCodecs",
+        "wasmFeatures",
+        "mathml",
+        "clientHints",
     ];
-    // Always allow FingerprintJS components unless specifically excluded
-    if (fingerprintJSComponents.includes(component)) {
+    if (extendedComponents.includes(component)) {
         return true;
     }
     return true;
@@ -5183,6 +6632,46 @@ async function collectFingerprint(options = {}) {
             result,
         })));
     }
+    // WebRTC Fingerprint (ThumbmarkJS-inspired)
+    if (shouldIncludeComponent("webrtc", opts) && isWebRTCAvailable()) {
+        parallelTasks.push(collectComponent("webrtc", () => getWebRTCFingerprint(opts.timeout), opts).then((result) => ({ component: "webrtc", result })));
+    }
+    // Permissions Fingerprint (ThumbmarkJS-inspired)
+    if (shouldIncludeComponent("permissions", opts) && isPermissionsAvailable()) {
+        parallelTasks.push(collectComponent("permissions", getPermissionsFingerprint, opts).then((result) => ({ component: "permissions", result })));
+    }
+    // Speech Synthesis Fingerprint (ThumbmarkJS-inspired, experimental)
+    if (!opts.gdprMode && shouldIncludeComponent("speech", opts) && isSpeechAvailable()) {
+        parallelTasks.push(collectComponent("speech", getSpeechFingerprint, opts).then((result) => ({
+            component: "speech",
+            result,
+        })));
+    }
+    // CSS @supports Feature Vector (high entropy, synchronous)
+    if (shouldIncludeComponent("cssFeatures", opts) && isCSSFeaturesAvailable()) {
+        parallelTasks.push(collectComponent("cssFeatures", async () => getCSSFeaturesFingerprint(), opts).then((result) => ({ component: "cssFeatures", result })));
+    }
+    // Media Codec Support Matrix (synchronous, OS+hardware signal)
+    if (shouldIncludeComponent("mediaCodecs", opts) && isMediaCodecsAvailable()) {
+        parallelTasks.push(collectComponent("mediaCodecs", async () => getMediaCodecsFingerprint(), opts).then((result) => ({ component: "mediaCodecs", result })));
+    }
+    // WebAssembly Feature Flags (synchronous, engine signal)
+    if (shouldIncludeComponent("wasmFeatures", opts) && isWasmAvailable()) {
+        parallelTasks.push(collectComponent("wasmFeatures", async () => getWasmFeaturesFingerprint(), opts).then((result) => ({ component: "wasmFeatures", result })));
+    }
+    // MathML Rendering Fingerprint (async DOM, font-metric signal)
+    if (shouldIncludeComponent("mathml", opts) && isMathMLAvailable()) {
+        parallelTasks.push(collectComponent("mathml", getMathMLFingerprint, opts).then((result) => ({
+            component: "mathml",
+            result,
+        })));
+    }
+    // Client Hints API (async, Chromium-only, precise platform data)
+    if (!opts.gdprMode &&
+        shouldIncludeComponent("clientHints", opts) &&
+        isClientHintsAvailable()) {
+        parallelTasks.push(collectComponent("clientHints", getClientHintsFingerprint, opts).then((result) => ({ component: "clientHints", result })));
+    }
     // Execute all parallel tasks and handle results
     const parallelResults = await Promise.allSettled(parallelTasks);
     parallelResults.forEach((promiseResult, index) => {
@@ -5563,6 +7052,28 @@ async function collectFingerprint(options = {}) {
             });
         }
     }
+    // STABILIZATION: Determine which components are noisy in the current context
+    // and null them out before hashing to avoid hash instability.
+    {
+        const incognitoLikelihood = fingerprintData.incognitoDetection?.likelihood ?? 0;
+        const excluded = getExcludedComponents(incognitoLikelihood);
+        if (excluded.size > 0) {
+            for (const key of excluded) {
+                if (fingerprintData[key] !== undefined) {
+                    fingerprintData[key] = null;
+                    // Move from collected to failed list
+                    const idx = collectedComponents.indexOf(key);
+                    if (idx !== -1) {
+                        collectedComponents.splice(idx, 1);
+                        failedComponents.push({
+                            component: key,
+                            error: `excluded by stabilization rules`,
+                        });
+                    }
+                }
+            }
+        }
+    }
     // Generate hash from collected components
     const componentValues = {};
     collectedComponents.forEach((component) => {
@@ -6000,6 +7511,8 @@ async function collectFingerprint(options = {}) {
             "accessibilityEnhanced", // Locale/accessibility (can change)
             "domBlockers",
             "pluginsEnhanced", // Privacy tools detection (can change)
+            "speech", // Experimental — OS-specific, excluded from stableCoreHash
+            "clientHints", // platformVersion changes with OS/browser updates
         ];
         const stableComponentValues = {};
         for (const [key, value] of Object.entries(componentValues)) {
@@ -6117,6 +7630,12 @@ function getAvailableComponents() {
         available.push("screen");
     if (isBrowserFingerprintingAvailable())
         available.push("browser");
+    if (isWebRTCAvailable())
+        available.push("webrtc");
+    if (isPermissionsAvailable())
+        available.push("permissions");
+    if (isSpeechAvailable())
+        available.push("speech");
     return available;
 }
@@ -24847,6 +26366,18 @@ function getHardwareFingerprint() {
         architecture: getArchitecture$1(),
         maxTouchPoints: getMaxTouchPoints(),
         platform: navigator.platform || 'unknown',
+        jsHeapSizeLimit: performance.memory?.jsHeapSizeLimit ?? 0,
+        architectureFloat32: (() => {
+            try {
+                const f = new Float32Array(1);
+                f[0] = Infinity;
+                f[0] -= f[0]; // NaN
+                return new Uint8Array(f.buffer)[3] ?? -1;
+            }
+            catch {
+                return -1;
+            }
+        })(),
     };
 }
@@ -26502,6 +28033,56 @@ const COMPONENT_CHARACTERISTICS = {
         uniqueness: 0.82, // Good uniqueness across systems
         spoofResistance: 0.7, // Moderate spoof resistance
     },
+    // ThumbmarkJS-inspired new components
+    webrtc: {
+        stability: 0.92, // Codec/extension lists are stable per browser version
+        entropy: 0.85, // Rich source of entropy (codecs + RTP extensions)
+        uniqueness: 0.8, // Good differentiation across browser+OS combos
+        spoofResistance: 0.9, // Very hard to fake SDP offer
+    },
+    permissions: {
+        stability: 0.88, // Permission states are stable per profile
+        entropy: 0.75, // 25 signals provide good entropy
+        uniqueness: 0.72, // Decent uniqueness across configurations
+        spoofResistance: 0.8, // Hard to predict all 25 states
+    },
+    speech: {
+        stability: 0.9, // Voice list is stable per OS/locale
+        entropy: 0.7, // Varies by OS version and language
+        uniqueness: 0.65, // Less unique but still informative
+        spoofResistance: 0.85, // Hard to fake voice list
+    },
+    // High-entropy new components
+    cssFeatures: {
+        stability: 0.97, // CSS support flags are very stable per browser version
+        entropy: 0.88, // ~50 bits from 40 boolean features
+        uniqueness: 0.85, // Good differentiation across browser+version combos
+        spoofResistance: 0.95, // Hard to fake CSS.supports() results
+    },
+    mediaCodecs: {
+        stability: 0.95, // Codec support is stable per OS + hardware
+        entropy: 0.82, // ~20 bits, varies by OS (HEVC on macOS, etc.)
+        uniqueness: 0.78, // Good differentiation across OS/browser combos
+        spoofResistance: 0.92, // Requires actual codec support to fake
+    },
+    wasmFeatures: {
+        stability: 0.98, // Wasm proposal flags are stable per engine version
+        entropy: 0.70, // ~6-8 bits from proposal flags
+        uniqueness: 0.72, // Distinguishes engine generations well
+        spoofResistance: 0.97, // validate() is nearly impossible to fake
+    },
+    mathml: {
+        stability: 0.90, // Font rendering can change with OS/font updates
+        entropy: 0.80, // ~15 bits from font metric variations
+        uniqueness: 0.75, // Varies by OS, engine, and font stack
+        spoofResistance: 0.88, // Pixel-level measurements are hard to fake
+    },
+    clientHints: {
+        stability: 0.93, // platformVersion can change with OS updates
+        entropy: 0.92, // ~30 bits in Chromium (platform, arch, model, etc.)
+        uniqueness: 0.90, // Very precise in Chromium-based browsers
+        spoofResistance: 0.85, // API can be overridden but requires effort
+    },
 };
 /**
  * New advanced components characteristics