cbrowser 14.4.0 → 14.6.0

package/dist/stealth/framework.js

@@ -0,0 +1,293 @@
+/**
+ * CBrowser - Cognitive Browser Automation
+ *
+ * Copyright (c) 2026 WF Media (Alexandria Eden)
+ * Email: alexandria.shai.eden@gmail.com
+ *
+ * This source code is licensed under the Business Source License 1.1
+ * found in the LICENSE file in the root directory of this source tree.
+ *
+ * Non-production use is permitted. Production use requires a commercial license.
+ * See LICENSE for full terms.
+ */
+/**
+ * Default stealth configuration
+ */
+export const DEFAULT_STEALTH_CONFIG = {
+    enabled: false,
+    authorization: {
+        authorizedDomains: [],
+        blockedDomains: [],
+        requireExplicitAuth: true,
+    },
+    rateLimits: {
+        requestsPerMinute: 30,
+        formsPerMinute: 5,
+        authAttemptsPerMinute: 3,
+    },
+};
+/**
+ * Default rate limits (cannot be lowered by user config)
+ */
+export const MINIMUM_RATE_LIMITS = {
+    requestsPerMinute: 10,
+    formsPerMinute: 2,
+    authAttemptsPerMinute: 2,
+};
+/**
+ * Terms of Service for stealth mode
+ * Must be accepted before first use
+ */
+export const STEALTH_TERMS_OF_SERVICE = `
+CBrowser Constitutional Stealth Mode - Terms of Service
+
+By enabling stealth mode, you acknowledge and agree that:
+
+1. AUTHORIZATION: You have explicit written authorization to perform
+   automated testing on all domains you configure.
+
+2. OWNERSHIP: You own the domains or have a signed agreement with the owner.
+
+3. NO MALICIOUS USE: You will not use stealth mode for:
+   - Unauthorized access to any system
+   - Bypassing security controls without authorization
+   - Scraping data in violation of Terms of Service
+   - Account creation automation without permission
+   - Any illegal activity
+
+4. LIABILITY: You accept full legal responsibility for all actions
+   taken using stealth mode.
+
+5. AUDIT COMPLIANCE: You consent to audit logs being retained for 90 days.
+
+6. RATE LIMITS: You acknowledge that rate limits cannot be disabled
+   and are enforced to prevent abuse.
+
+Type 'I AGREE' to continue.
+`;
+/**
+ * Check if a URL matches an authorized domain pattern
+ */
+export function matchesDomainPattern(url, pattern) {
+    try {
+        const urlObj = new URL(url);
+        const hostname = urlObj.hostname.toLowerCase();
+        const patternLower = pattern.toLowerCase();
+        // Exact match
+        if (hostname === patternLower) {
+            return true;
+        }
+        // Wildcard match (*.example.com)
+        if (patternLower.startsWith("*.")) {
+            const suffix = patternLower.slice(2);
+            return hostname.endsWith(suffix) || hostname === suffix.slice(1);
+        }
+        return false;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Check if URL matches any prohibited domain pattern
+ */
+export function isProhibitedDomain(url) {
+    const prohibitedPatterns = [
+        "*.gov",
+        "*.mil",
+        "*.edu",
+    ];
+    return prohibitedPatterns.some(pattern => matchesDomainPattern(url, pattern));
+}
+/**
+ * Validate stealth acknowledgment
+ */
+export function validateAcknowledgment(ack) {
+    if (!ack.ownershipConfirmed)
+        return false;
+    if (!ack.authorizedTestingOnly)
+        return false;
+    if (!ack.acceptsResponsibility)
+        return false;
+    if (!ack.signedBy || ack.signedBy.trim() === "")
+        return false;
+    if (!ack.signedAt)
+        return false;
+    // Check that signature is not too old (90 days)
+    const signedDate = new Date(ack.signedAt);
+    const now = new Date();
+    const daysDiff = (now.getTime() - signedDate.getTime()) / (1000 * 60 * 60 * 24);
+    return daysDiff <= 90;
+}
+/**
+ * Merge user config with defaults, enforcing minimum rate limits
+ */
+export function mergeStealthConfig(userConfig) {
+    const merged = { ...DEFAULT_STEALTH_CONFIG, ...userConfig };
+    // Enforce minimum rate limits
+    if (merged.rateLimits) {
+        merged.rateLimits = {
+            requestsPerMinute: Math.max(merged.rateLimits.requestsPerMinute, MINIMUM_RATE_LIMITS.requestsPerMinute),
+            formsPerMinute: Math.max(merged.rateLimits.formsPerMinute, MINIMUM_RATE_LIMITS.formsPerMinute),
+            authAttemptsPerMinute: Math.max(merged.rateLimits.authAttemptsPerMinute, MINIMUM_RATE_LIMITS.authAttemptsPerMinute),
+        };
+    }
+    return merged;
+}
+/**
+ * Base constitutional enforcer with framework logic
+ * Extended by cbrowser-enterprise for full implementation
+ */
+export class BaseConstitutionalEnforcer {
+    config;
+    auditLog = [];
+    requestCounts = new Map();
+    constructor(config = {}) {
+        this.config = mergeStealthConfig(config);
+    }
+    /**
+     * Check if domain is authorized
+     */
+    isDomainAuthorized(url) {
+        // Check prohibited domains first
+        if (isProhibitedDomain(url)) {
+            return false;
+        }
+        // Check blocked domains
+        for (const blocked of this.config.authorization.blockedDomains) {
+            if (matchesDomainPattern(url, blocked)) {
+                return false;
+            }
+        }
+        // Check authorized domains
+        for (const authorized of this.config.authorization.authorizedDomains) {
+            if (matchesDomainPattern(url, authorized)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    /**
+     * Check if action is allowed with stealth
+     */
+    async canExecuteWithStealth(action, url) {
+        // 1. Check if stealth is enabled
+        if (!this.config.enabled) {
+            return {
+                allowed: false,
+                zone: "red",
+                reason: "Stealth mode is not enabled",
+                suggestion: "Enable stealth mode in config or with --stealth flag",
+            };
+        }
+        // 2. Check domain authorization
+        if (!this.isDomainAuthorized(url)) {
+            return {
+                allowed: false,
+                zone: "black",
+                reason: `Domain not in authorized list: ${new URL(url).hostname}`,
+                suggestion: "Add domain to authorizedDomains in stealth config",
+            };
+        }
+        // 3. Check prohibited actions
+        const prohibitedActions = [
+            "bypass_captcha",
+            "inject_cookies",
+            "spoof_identity",
+            "mass_account_creation",
+            "credential_stuffing",
+            "rate_limit_bypass",
+        ];
+        if (prohibitedActions.includes(action)) {
+            return {
+                allowed: false,
+                zone: "black",
+                reason: `Action '${action}' is prohibited with stealth mode`,
+            };
+        }
+        // 4. Check rate limits
+        const rateLimitStatus = this.getRateLimitStatus();
+        if (rateLimitStatus.remaining <= 0) {
+            return {
+                allowed: false,
+                zone: "red",
+                reason: "Rate limit exceeded",
+                suggestion: `Wait until ${rateLimitStatus.resetsAt.toISOString()}`,
+            };
+        }
+        // 5. Check acknowledgment if required
+        if (this.config.authorization.requireExplicitAuth && !this.config.acknowledgment) {
+            return {
+                allowed: false,
+                zone: "red",
+                reason: "Stealth mode requires signed acknowledgment",
+                requiresConfirmation: true,
+            };
+        }
+        if (this.config.acknowledgment && !validateAcknowledgment(this.config.acknowledgment)) {
+            return {
+                allowed: false,
+                zone: "red",
+                reason: "Acknowledgment is invalid or expired (>90 days)",
+                requiresConfirmation: true,
+            };
+        }
+        return {
+            allowed: true,
+            zone: "green",
+        };
+    }
+    /**
+     * Log audit entry (immutable)
+     */
+    async logAudit(entry) {
+        const fullEntry = {
+            ...entry,
+            timestamp: new Date().toISOString(),
+        };
+        this.auditLog.push(fullEntry);
+        // Subclass should persist to disk/database
+        await this.persistAuditEntry(fullEntry);
+    }
+    /**
+     * Get rate limit status
+     */
+    getRateLimitStatus() {
+        const now = new Date();
+        const key = "requests";
+        const current = this.requestCounts.get(key);
+        if (!current || current.resetAt < now) {
+            const resetsAt = new Date(now.getTime() + 60000); // 1 minute
+            return {
+                remaining: this.config.rateLimits.requestsPerMinute,
+                resetsAt,
+            };
+        }
+        return {
+            remaining: this.config.rateLimits.requestsPerMinute - current.count,
+            resetsAt: current.resetAt,
+        };
+    }
+    /**
+     * Validate acknowledgment
+     */
+    validateAcknowledgment(ack) {
+        return validateAcknowledgment(ack);
+    }
+}
+/**
+ * No-op enforcer for public repo (stealth not available)
+ * Stealth implementation requires cbrowser-enterprise
+ */
+export class NoOpConstitutionalEnforcer extends BaseConstitutionalEnforcer {
+    async persistAuditEntry(_entry) {
+        // No-op in public version
+        console.log("[Stealth] Audit entry logged (not persisted - requires cbrowser-enterprise)");
+    }
+    async applyStealthMeasures(_page) {
+        console.warn("[Stealth] Stealth measures not available in public cbrowser.\n" +
+            "For full stealth capabilities, upgrade to cbrowser-enterprise.\n" +
+            "Contact: alexandria.shai.eden@gmail.com");
+    }
+}
+//# sourceMappingURL=framework.js.map

package/dist/stealth/framework.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"framework.js","sourceRoot":"","sources":["../../src/stealth/framework.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA6BH;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAkB;IACnD,OAAO,EAAE,KAAK;IACd,aAAa,EAAE;QACb,iBAAiB,EAAE,EAAE;QACrB,cAAc,EAAE,EAAE;QAClB,mBAAmB,EAAE,IAAI;KAC1B;IACD,UAAU,EAAE;QACV,iBAAiB,EAAE,EAAE;QACrB,cAAc,EAAE,CAAC;QACjB,qBAAqB,EAAE,CAAC;KACzB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAsB;IACpD,iBAAiB,EAAE,EAAE;IACrB,cAAc,EAAE,CAAC;IACjB,qBAAqB,EAAE,CAAC;CACzB,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;CA0BvC,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAW,EAAE,OAAe;IAC/D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC/C,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3C,cAAc;QACd,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,iCAAiC;QACjC,IAAI,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrC,OAAO,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,QAAQ,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,kBAAkB,GAAG;QACzB,OAAO;QACP,OAAO;QACP,OAAO;KACR,CAAC;IAEF,OAAO,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;AAChF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAA0B;IAC/D,IAAI,CAAC,GAAG,CAAC,kBAAkB;QAAE,OAAO,KAAK,CAAC;IAC1C,IAAI,CAAC,GAAG,CAAC,qBAAqB;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,CAAC,GAAG,CAAC,qBAAqB;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAC9D,IAAI,CAAC,GAAG,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAEhC,gDAAgD;IAChD,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAEhF,OAAO,QAAQ,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAkC;IACnE,MAAM,MAAM,GAAG,EAAE,GAAG,sBAAsB,EAAE,GAAG,UAAU,EAAE,CAAC;IAE5D,8BAA8B;IAC9B,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,MAAM,CAAC,UAAU,GAAG;YAClB,iBAAiB,EAAE,IAAI,CAAC,GAAG,CACzB,MAAM,CAAC,UAAU,CAAC,iBAAiB,EACnC,mBAAmB,CAAC,iBAAiB,CACtC;YACD,cAAc,EAAE,IAAI,CAAC,GAAG,CACtB,MAAM,CAAC,UAAU,CAAC,cAAc,EAChC,mBAAmB,CAAC,cAAc,CACnC;YACD,qBAAqB,EAAE,IAAI,CAAC,GAAG,CAC7B,MAAM,CAAC,UAAU,CAAC,qBAAqB,EACvC,mBAAmB,CAAC,qBAAqB,CAC1C;SACF,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,OAAgB,0BAA0B;IACpC,MAAM,CAAgB;IACtB,QAAQ,GAAwB,EAAE,CAAC;IACnC,aAAa,GAAkD,IAAI,GAAG,EAAE,CAAC;IAEnF,YAAY,SAAiC,EAAE;QAC7C,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,GAAW;QAC5B,iCAAiC;QACjC,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,wBAAwB;QACxB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,EAAE,CAAC;YAC/D,IAAI,oBAAoB,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,CAAC;gBACvC,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,iBAAiB,EAAE,CAAC;YACrE,IAAI,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,CAAC;gBAC1C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,MAAc,EAAE,GAAW;QACrD,iCAAiC;QACjC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,KAAmB;gBACzB,MAAM,EAAE,6BAA6B;gBACrC,UAAU,EAAE,sDAAsD;aACnE,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,OAAqB;gBAC3B,MAAM,EAAE,kCAAkC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;gBACjE,UAAU,EAAE,mDAAmD;aAChE,CAAC;QACJ,CAAC;QAED,8BAA8B;QAC9B,MAAM,iBAAiB,GAAG;YACxB,gBAAgB;YAChB,gBAAgB;YAChB,gBAAgB;YAChB,uBAAuB;YACvB,qBAAqB;YACrB,mBAAmB;SACpB,CAAC;QAEF,IAAI,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACvC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,OAAqB;gBAC3B,MAAM,EAAE,WAAW,MAAM,mCAAmC;aAC7D,CAAC;QACJ,CAAC;QAED,uBAAuB;QACvB,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAClD,IAAI,eAAe,CAAC,SAAS,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,KAAmB;gBACzB,MAAM,EAAE,qBAAqB;gBAC7B,UAAU,EAAE,cAAc,eAAe,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE;aACnE,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,mBAAmB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YACjF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,KAAmB;gBACzB,MAAM,EAAE,6CAA6C;gBACrD,oBAAoB,EAAE,IAAI;aAC3B,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACtF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,KAAmB;gBACzB,MAAM,EAAE,iDAAiD;gBACzD,oBAAoB,EAAE,IAAI;aAC3B,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,OAAqB;SAC5B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,KAA2C;QACxD,MAAM,SAAS,GAAsB;YACnC,GAAG,KAAK;YACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE9B,2CAA2C;QAC3C,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,UAAU,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,WAAW;YAC7D,OAAO;gBACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,iBAAiB;gBACnD,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,iBAAiB,GAAG,OAAO,CAAC,KAAK;YACnE,QAAQ,EAAE,OAAO,CAAC,OAAO;SAC1B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,GAA0B;QAC/C,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;CAaF;AAED;;;GAGG;AACH,MAAM,OAAO,0BAA2B,SAAQ,0BAA0B;IAC9D,KAAK,CAAC,iBAAiB,CAAC,MAAyB;QACzD,0BAA0B;QAC1B,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAC;IAC7F,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,KAAc;QACvC,OAAO,CAAC,IAAI,CACV,gEAAgE;YAChE,kEAAkE;YAClE,yCAAyC,CAC1C,CAAC;IACJ,CAAC;CACF"}

package/dist/stealth/index.d.ts

@@ -0,0 +1,21 @@
+/**
+ * CBrowser - Cognitive Browser Automation
+ *
+ * Copyright (c) 2026 WF Media (Alexandria Eden)
+ * Email: alexandria.shai.eden@gmail.com
+ *
+ * This source code is licensed under the Business Source License 1.1
+ * found in the LICENSE file in the root directory of this source tree.
+ *
+ * Non-production use is permitted. Production use requires a commercial license.
+ * See LICENSE for full terms.
+ */
+/**
+ * Constitutional Stealth Framework
+ *
+ * Public framework for ethical stealth mode.
+ * Full implementation available in cbrowser-enterprise.
+ */
+export { DEFAULT_STEALTH_CONFIG, MINIMUM_RATE_LIMITS, STEALTH_TERMS_OF_SERVICE, matchesDomainPattern, isProhibitedDomain, validateAcknowledgment, mergeStealthConfig, BaseConstitutionalEnforcer, NoOpConstitutionalEnforcer, } from "./framework.js";
+export type { StealthConfig, StealthAuthorization, StealthAcknowledgment, StealthRateLimits, StealthAuditEntry, StealthCheckResult, IConstitutionalEnforcer, } from "./framework.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/stealth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/stealth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH;;;;;GAKG;AAEH,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,sBAAsB,EACtB,kBAAkB,EAClB,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,uBAAuB,GACxB,MAAM,gBAAgB,CAAC"}

package/dist/stealth/index.js

@@ -0,0 +1,20 @@
+/**
+ * CBrowser - Cognitive Browser Automation
+ *
+ * Copyright (c) 2026 WF Media (Alexandria Eden)
+ * Email: alexandria.shai.eden@gmail.com
+ *
+ * This source code is licensed under the Business Source License 1.1
+ * found in the LICENSE file in the root directory of this source tree.
+ *
+ * Non-production use is permitted. Production use requires a commercial license.
+ * See LICENSE for full terms.
+ */
+/**
+ * Constitutional Stealth Framework
+ *
+ * Public framework for ethical stealth mode.
+ * Full implementation available in cbrowser-enterprise.
+ */
+export { DEFAULT_STEALTH_CONFIG, MINIMUM_RATE_LIMITS, STEALTH_TERMS_OF_SERVICE, matchesDomainPattern, isProhibitedDomain, validateAcknowledgment, mergeStealthConfig, BaseConstitutionalEnforcer, NoOpConstitutionalEnforcer, } from "./framework.js";
+//# sourceMappingURL=index.js.map

package/dist/stealth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/stealth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH;;;;;GAKG;AAEH,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,wBAAwB,EACxB,oBAAoB,EACpB,kBAAkB,EAClB,sBAAsB,EACtB,kBAAkB,EAClB,0BAA0B,EAC1B,0BAA0B,GAC3B,MAAM,gBAAgB,CAAC"}

package/dist/types.d.ts

@@ -3222,4 +3222,145 @@ export interface AccessibilityPersona extends Omit<Persona, 'cognitiveTraits'> {
     /** Cognitive traits (optional partial override) */
     cognitiveTraits?: Partial<CognitiveTraits>;
 }
+/**
+ * Domain authorization for stealth mode
+ * Users must explicitly declare which domains they're authorized to test
+ */
+export interface StealthAuthorization {
+    /** Domains user owns or has explicit permission to test (supports wildcards) */
+    authorizedDomains: string[];
+    /** Domains explicitly blocked even if matched by wildcard */
+    blockedDomains: string[];
+    /** Require explicit authorization for stealth mode */
+    requireExplicitAuth: boolean;
+    /** How authorization was provided */
+    authorizationSource?: "config" | "cli-flag" | "environment" | "api";
+}
+/**
+ * Constitutional stealth configuration
+ */
+export interface StealthConfig {
+    /** Whether stealth mode is enabled */
+    enabled: boolean;
+    /** Domain authorization settings */
+    authorization: StealthAuthorization;
+    /** User acknowledgment of ethical use terms */
+    acknowledgment?: StealthAcknowledgment;
+    /** Rate limits (cannot be disabled) */
+    rateLimits: StealthRateLimits;
+    /** Stealth features to enable */
+    features?: StealthFeatures;
+}
+/**
+ * User acknowledgment of ethical use terms
+ */
+export interface StealthAcknowledgment {
+    /** User confirms ownership/authorization for listed domains */
+    ownershipConfirmed: boolean;
+    /** User confirms authorized testing only */
+    authorizedTestingOnly: boolean;
+    /** User accepts legal responsibility */
+    acceptsResponsibility: boolean;
+    /** Email or identifier of person signing */
+    signedBy: string;
+    /** Timestamp of signing */
+    signedAt: string;
+}
+/**
+ * Rate limits for stealth mode (cannot be disabled)
+ */
+export interface StealthRateLimits {
+    /** Max requests per minute */
+    requestsPerMinute: number;
+    /** Max form submissions per minute */
+    formsPerMinute: number;
+    /** Max auth attempts per minute */
+    authAttemptsPerMinute: number;
+}
+/**
+ * Stealth features that can be enabled
+ */
+export interface StealthFeatures {
+    /** Remove webdriver flag */
+    hideWebdriver?: boolean;
+    /** Use headed mode (less detectable) */
+    headedMode?: boolean;
+    /** Randomize fingerprints */
+    fingerprintRandomization?: boolean;
+    /** Use stealth plugin */
+    stealthPlugin?: boolean;
+    /** Emulate human-like timing (CBrowser default) */
+    humanTiming?: boolean;
+}
+/**
+ * Audit entry for stealth actions (immutable, 90-day retention)
+ */
+export interface StealthAuditEntry {
+    /** Timestamp of action */
+    timestamp: string;
+    /** Action performed */
+    action: string;
+    /** Target URL */
+    url: string;
+    /** Whether stealth was enabled */
+    stealthEnabled: boolean;
+    /** How authorization was provided */
+    authorizationSource: string;
+    /** Which authorized domain matched */
+    authorizedDomain: string;
+    /** Constitutional zone classification */
+    zone: ActionZone;
+    /** Whether force override was used */
+    forceOverride?: boolean;
+    /** Reason for force override */
+    forceReason?: string;
+    /** Requests in last minute (rate limit context) */
+    requestsInLastMinute: number;
+    /** Forms submitted in last minute */
+    formsInLastMinute: number;
+}
+/**
+ * Result of constitutional check before stealth action
+ */
+export interface StealthCheckResult {
+    /** Whether action is allowed */
+    allowed: boolean;
+    /** Constitutional zone */
+    zone: ActionZone;
+    /** Reason if blocked */
+    reason?: string;
+    /** Whether user confirmation is required */
+    requiresConfirmation?: boolean;
+    /** Suggested alternative if blocked */
+    suggestion?: string;
+}
+/**
+ * Actions that are NEVER allowed with stealth mode (Black Zone)
+ */
+export declare const STEALTH_PROHIBITED_ACTIONS: readonly ["bypass_captcha", "inject_cookies", "spoof_identity", "mass_account_creation", "credential_stuffing", "rate_limit_bypass"];
+export type StealthProhibitedAction = typeof STEALTH_PROHIBITED_ACTIONS[number];
+/**
+ * Domain patterns that are NEVER allowed with stealth mode
+ */
+export declare const STEALTH_PROHIBITED_DOMAINS: readonly ["*.gov", "*.mil", "*.edu"];
+export type StealthProhibitedDomain = typeof STEALTH_PROHIBITED_DOMAINS[number];
+/**
+ * Abstract interface for constitutional enforcer
+ * Implementation provided by cbrowser-enterprise
+ */
+export interface IConstitutionalEnforcer {
+    /** Check if stealth action is allowed */
+    canExecuteWithStealth(action: string, url: string): Promise<StealthCheckResult>;
+    /** Log audit entry (immutable) */
+    logAudit(entry: Omit<StealthAuditEntry, "timestamp">): Promise<void>;
+    /** Check if domain is authorized */
+    isDomainAuthorized(url: string): boolean;
+    /** Get current rate limit status */
+    getRateLimitStatus(): {
+        remaining: number;
+        resetsAt: Date;
+    };
+    /** Validate acknowledgment */
+    validateAcknowledgment(ack: StealthAcknowledgment): boolean;
+}
 //# sourceMappingURL=types.d.ts.map