feat: stealth improvements, signing port, scraper examples

- stygian-browser: patch Navigator.prototype.webdriver to defeat prototype-level bot checks (pixelscan, Akamai)
- stygian-browser: spoof navigator.connection (Network Information API) — was null in headless
- stygian-browser: spoof navigator.getBattery() — was null in headless
- stygian-browser: fix outerWidth/outerHeight to match spoofed screen resolution
- stygian-browser: spoof navigator.plugins with realistic 5-entry PluginArray
- stygian-browser: add scraper_cli example (generic stealth scraper, NetworkIdle wait)
- stygian-browser: add pixelscan_check example (targeted fingerprint scan checker)
- stygian-graph: add SigningPort trait + NoopSigningAdapter + HttpSigningAdapter
- book: update stealth guide with prototype webdriver patch, Network Info API, Battery API sections

Author: greysquirr3l

CHANGELOG.md

@@ -7,6 +7,44 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.1] - 2026-03-17
+
+### Added
+
+- `stygian-browser`: `Navigator.prototype.webdriver` prototype-level patch — previously only the
+  instance property was overridden; scanners such as pixelscan.net and Akamai probe
+  `Object.getOwnPropertyDescriptor(Navigator.prototype, 'webdriver')` directly,
+  so the prototype getter is now also patched on every new document context
+- `stygian-browser`: Network Information API spoofing — `navigator.connection` (previously
+  `null` in headless, an immediate detection signal) is replaced with a realistic
+  `NetworkInformation`-like object (`effectiveType: "4g"`, `type: "wifi"`, seeded
+  `downlink`/`rtt` values stable within a session)
+- `stygian-browser`: Battery Status API spoofing — `navigator.getBattery()` (previously
+  `null` in headless) now resolves with a plausible disconnected-battery state; `level`,
+  `dischargingTime` are seeded from `performance.timeOrigin` to vary across sessions
+- `stygian-browser`: `examples/scraper_cli.rs` — generic CLI scraper using `StealthLevel::Advanced`,
+  `WaitUntil::NetworkIdle`; emits structured JSON (title, description, headings, links,
+  text excerpt, timing); successfully scrapes Cloudflare-protected sites (CNN.com, etc.)
+- `stygian-browser`: `examples/pixelscan_check.rs` — targeted pixelscan.net fingerprint scan
+  example; polls until client-side result cards settle; extracts verdict, per-card pass/fail
+  status, hardware/font/UA detail sections, and live `nav_signals` for stealth regression testing
+- `stygian-graph`: `SigningPort` trait — request-signing abstraction for attaching HMAC tokens,
+  AWS Signature V4, OAuth 1.0a, device attestation tokens, or any per-request auth material
+  without coupling adapters to signing scheme
+- `stygian-graph`: `NoopSigningAdapter` — passthrough signer for testing and optional-signer defaults
+- `stygian-graph`: `HttpSigningAdapter` — delegates signing to any external sidecar over HTTP POST
+  (e.g. a Frida RPC bridge exposing a `/sign` endpoint); configurable timeout and retries
+- `book`: stealth guide updated — prototype-level webdriver patch, Network Information API
+  spoofing, and Battery Status API spoofing sections added
+
+### Fixed
+
+- `stygian-browser`: `outerWidth`/`outerHeight` now set via `screen_script` injection to match
+  the spoofed screen resolution (headless Chrome returns `0` without this)
+- `stygian-browser`: `navigator.plugins` spoofed with a realistic 5-entry `PluginArray`
+  (PDF Viewer entries + `navigator.mimeTypes` with 2 entries), eliminating the
+  empty-plugins headless signal
+
 ## [0.2.0] - 2026-03-16
 
 ### Added

Cargo.lock

@@ -7,7 +7,7 @@ members = [
 ]
 
 [workspace.package]
-version = "0.2.0"
+version = "0.2.1"
 edition = "2024"
 rust-version = "1.94.0"
 authors = ["Nick Campbell <s0ma@protonmail.com>"]

Cargo.toml

@@ -9,6 +9,7 @@
 - [Architecture](./graph/architecture.md)
 - [Building Pipelines](./graph/pipelines.md)
 - [Built-in Adapters](./graph/adapters.md)
+- [Request Signing](./graph/signing.md)
 - [GraphQL Plugins](./graph/graphql-plugins.md)
 - [Custom Adapters](./graph/custom-adapters.md)
 - [Distributed Execution](./graph/distributed.md)

book/src/SUMMARY.md

@@ -67,6 +67,13 @@ Executed on every new document context before any page script runs.
 - Aligns `navigator.hardwareConcurrency` and `navigator.deviceMemory` with the
   chosen device fingerprint
 
+Two layers of protection prevent `webdriver` detection:
+
+1. **Instance patch** — `Object.defineProperty(navigator, 'webdriver', { get: () => undefined })` hides the flag from direct access (`navigator.webdriver === undefined`).
+2. **Prototype patch** — `Object.defineProperty(Navigator.prototype, 'webdriver', ...)` hides the underlying getter from `Object.getOwnPropertyDescriptor(Navigator.prototype, 'webdriver')`, which some scanners (e.g. pixelscan.net, Akamai) probe directly.
+
+Both patches are injected into every new document context before any page script runs.
+
 The fingerprint is drawn from statistically-weighted device profiles:
 
 ```rust
@@ -168,6 +175,42 @@ typer.type_into(&page, "#search-input", "rust async web scraping").await?;
 
 ---
 
+## Network Information API spoofing
+
+`navigator.connection` (Network Information API) reveals connection quality and type.  
+Headless browsers return `null` here, which is an immediate headless signal on connection-aware scanners.
+
+`Advanced` stealth injects a realistic `NetworkInformation`-like object:
+
+| Property | Spoofed value |
+| --- | --- |
+| `effectiveType` | `"4g"` |
+| `type` | `"wifi"` |
+| `downlink` | Seeded from `performance.timeOrigin` (stable per session, ≈ 10 Mbps range) |
+| `rtt` | Seeded jitter (50–100 ms range) |
+| `saveData` | `false` |
+
+---
+
+## Battery Status API spoofing
+
+`navigator.getBattery()` returns `null` in headless Chrome — a clear automation signal
+for scanners that enumerate battery state.
+
+`Advanced` stealth overrides `getBattery()` to resolve with a plausible disconnected-battery state:
+
+| Property | Spoofed value |
+| --- | --- |
+| `charging` | `false` |
+| `chargingTime` | `Infinity` |
+| `dischargingTime` | Seeded (≈ 3600–7200 s) |
+| `level` | Seeded (0.65–0.95) |
+
+The seed values are derived from `performance.timeOrigin` so they are stable within a page
+load but differ across sessions, preventing replay detection.
+
+---
+
 ## Fingerprint consistency
 
 All spoofed signals are derived from a single `DeviceProfile` generated at browser

book/src/browser/stealth.md

@@ -658,3 +658,31 @@ target = "https://docs.example.com"
 | Cloudflare API non-2xx | `ServiceError::Unavailable` (with CF error code) |
 | Job still pending after `job_timeout` | `ServiceError::Timeout` |
 | Unexpected response shape | `ServiceError::InvalidResponse` |
+
+---
+
+## Request signing adapters
+
+The `SigningPort` trait lets any adapter attach signatures, HMAC tokens,
+device attestation headers, or OAuth material to outbound requests without
+coupling the adapter to the scheme.
+
+| Adapter | Use case |
+| --- | --- |
+| `NoopSigningAdapter` | Passthrough — no headers added; useful as a default or in unit tests |
+| `HttpSigningAdapter` | Delegate to any external sidecar (Frida RPC bridge, AWS SigV4 server, OAuth 1.0a service, …) |
+
+```rust
+use std::sync::Arc;
+use stygian_graph::adapters::signing::{HttpSigningAdapter, HttpSigningConfig};
+use stygian_graph::ports::signing::ErasedSigningPort;
+
+let signer: Arc<dyn ErasedSigningPort> = Arc::new(
+    HttpSigningAdapter::new(HttpSigningConfig {
+        endpoint: "http://localhost:27042/sign".to_string(),
+        ..Default::default()
+    })
+);
+```
+
+See [Request Signing](./signing.md) for the full sidecar wire format, Frida RPC bridge example, and guide to implementing a pure-Rust `SigningPort`.

book/src/graph/adapters.md

@@ -27,6 +27,7 @@ traits defined in `src/ports.rs`. The domain never imports adapters — only por
 | `ScrapingService` | Fetching or processing content in a new way |
 | `AIProvider` | Adding a new LLM or language model API |
 | `CachePort` | Adding a new cache backend (Redis, Memcached, …) |
+| `SigningPort` | Attaching signatures, HMAC tokens, or authentication material to outgoing requests |
 
 `PlaywrightService` fetches rendered HTML, so it implements `ScrapingService`.