Skip to content

feat: headless stealth hardening + auto headed fallback#74

Merged
avifenesh merged 5 commits intomainfrom
feature/headless-stealth-fallback
Feb 26, 2026
Merged

feat: headless stealth hardening + auto headed fallback#74
avifenesh merged 5 commits intomainfrom
feature/headless-stealth-fallback

Conversation

@avifenesh
Copy link
Collaborator

@avifenesh avifenesh commented Feb 26, 2026

Summary

Follow-up to #73. Makes headless sessions work after headed login on aggressive anti-bot sites like X.com.

  • Deep stealth hardening: CDP artifact removal, screen/viewport dimension spoofing, navigator.connection, WebRTC IP leak prevention, realistic viewport size
  • Auto headed fallback: When content blocking is detected in headless, automatically switches to headed browser to retrieve content. Returns snapshot from headed session with headedFallback: true
  • New --no-auto-recover flag to disable the automatic fallback

How it works

  1. Headless goto detects content is blocked (from feat: content blocking detection for headless browsers #73)
  2. If display available, closes headless and launches headed browser
  3. Navigates to same URL in headed mode - content loads
  4. Returns the headed snapshot to the caller
  5. If no display available, returns the warning as before

Test Plan

  • 581/581 tests passing (18 new tests)
  • Stealth init script structure tests (CDP, screen, connection, WebRTC)
  • Auto-recover flag tests (source-grep pattern)
  • Headed fallback result field tests

Related Issues

Follow-up to #38 / #73

@avifenesh
feat(stealth): deep anti-bot evasion for headless browsers
f4c9b08 
CDP artifact removal, screen/viewport dimension spoofing,
navigator.connection, WebRTC IP leak prevention, realistic viewport.
@avifenesh
feat(goto): auto headed fallback when content blocked in headless
7804951 
When content blocking is detected, automatically switches to headed
browser to retrieve content. Disable with --no-auto-recover.
@avifenesh
test: add stealth hardening and auto-recover fallback tests
b2d1095
@avifenesh
docs: document stealth hardening and auto headed fallback
3f5d475
@avifenesh
fix: review feedback - stale response, fallback error handling, perf
77ca827 
- Use headed response status instead of stale headless response
- Save headless snapshot before close for fallback error path
- Null context/page after fallback failure to prevent stale access
- Re-detect content blocking after headed fallback
- Cache canLaunchHeaded result (60s TTL) to avoid repeated browser probes
- Defensive copy of WebRTC config to prevent mutation
- Targeted CDP artifact list instead of Object.keys(window) scan
@avifenesh avifenesh merged commit 3f01211 into main Feb 26, 2026
2 checks passed
@avifenesh avifenesh deleted the feature/headless-stealth-fallback branch February 26, 2026 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avifenesh