Metadata-Version: 2.4
Name: darkelf-cocoa
Version: 4.4.2
Summary: Darkelf Cocoa privacy browser for macOS
Author: Dr. Kevin Moore
License: LGPL-3.0-or-later
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: pyobjc
Requires-Dist: tldextract

# 🧿 Darkelf Cocoa Browser

### Ephemeral, Post-Quantum Privacy Browser (macOS / Cocoa)

Darkelf is a memory-only, privacy-first web browser built using PyObjC + WebKit, featuring a deterministic Post-Quantum Integrity Layer (PQ) and an on-device AI security engine (MiniAI Sentinel).

---

Darkelf Cocoa 4.4.2

• Improved canvas protection consistency during extended multi-tab sessions
• Refined toolbar initialization and removed redundant UI execution paths
• Improved BrowserLeaks protection reliability and timing stability
• Updated fullscreen hotkey display to proper macOS notation (⌃⌘F)
• General runtime cleanup and stability improvements
• Minor performance optimizations and internal code cleanup

Recommended for all users.

# 🚀 Darkelf Cocoa v4.4.1

### Stability • Accuracy • Privacy Reinforced • Network Intelligence Expanded

---

# ✨ Interface & UX Improvements

### 🟢 Findbar System Upgrades

- Added movable floating Findbar overlay
- Added draggable Findbar interaction
- Added green tactical close ✕ button
- Improved Findbar responsiveness and UI polish
- Improved overlay behavior consistency

### ⌨️ Hotkey & Command Updates

- Extended Hotkey Menu
- Added ESC shortcut support
- ESC now instantly closes Findbar
- Improved keyboard workflow ergonomics

### 🧩 Interface Refinements

- Adjusted tab bar icon alignment and spacing
- Improved command-center visual consistency
- Updated Darkelf Command Center footer styling
- Removed version-dependent footer formatting
- Refined long-term UI stability and layout consistency

---

# 🧠 Darkelf Core

## 🔁 PQ Replay Window Expansion

Replay detection window increased:

- **Previous:** ~100 page loads
- **Now:** **~200 page loads**

### Result

- Stronger replay attack detection across long sessions
- Improved resistance to delayed correlation attempts
- More stable long-session PQ identity behavior

---

## 🛡️ Network Policy Engine (Major Enhancement)

The Darkelf Network Policy Engine now includes:

- ⚠️ Adaptive degrading mode
- ⬇️ Fully user-initiated download system
- 🧠 Tighter integration with MiniAI Sentinel

---

## ⚠️ Adaptive Degrading (New)

Darkelf now dynamically reduces trust and capability when suspicious behavior is detected.

### Trigger Conditions

- PQ replay anomalies
- Elevated MiniAI risk levels
- High entropy / fingerprint instability
- Suspicious navigation or request patterns

### Degrade Behavior

- Removes high-entropy fingerprint signals (`_pq_fp`)
- Blocks third-party credential sharing
- Forces ephemeral cache mode
- Marks requests as low trust
- Prevents persistence hints

### Result

- Reduces attack surface without breaking browsing
- Prevents data leakage under uncertain conditions
- Maintains UX continuity without aggressive blocking

---

## ⬇️ User-Initiated Download System (New)

Downloads are now securely enabled, but strictly controlled.

### 🔐 Design Principles

- User must explicitly initiate downloads
- No automatic or script-triggered downloads
- No silent disk writes

### 🧠 Policy-Aware Behavior

- Normal mode → standard controlled download
- Degraded mode → restricted + sanitized
- High-risk mode → blocked or isolated

### 📦 Storage Model

Temporary location:

- `Darkelf Temp`

Additional protections:

- Filename randomization enforced
- Optional manual save via system dialog

### 🔄 Privacy Guarantees

- No background persistence
- No cross-session retention
- Full user visibility and control

### Result

- Adds real-world usability
- Preserves zero-persistence architecture
- Prevents covert data exfiltration

---

## 🧩 WebGL / WebGPU Hash Rotation (PQ-Linked)

Introduces a refined fingerprint rotation model for Canvas/WebGL surfaces, aligned with Post-Quantum (PQ) identity progression.

### Rotation Model

Fingerprint seeds now incorporate:

- per-tab PQ seed
- identity bucket grouping
- previous PQ chain state

### Behavior

- Deterministic per tab
- Stable across reloads
- Gradual variation over navigation/session time
- No JavaScript-triggered mutation

### Result

- Eliminates long-session fingerprint freezing
- Improves realism of GPU-like entropy behavior
- Reduces replay and correlation detection vectors
- Maintains full cross-surface coherence

---

# 🧪 Stability & Verification

- ✅ All 59 Pytests passing
- Improved cold boot consistency
- Hardened lifecycle and state handling
- Stable under stress and long-session runtime

---

# 🧠 MiniAI Sentinel (Detection Engine)

## Enhanced Detection Accuracy

- Refined behavioral heuristics
- Reduced false positives under load
- Improved classification for:
  - scraping activity
  - credential abuse patterns
  - automation frameworks

## Smarter Thresholding

- Tuned for real-world browsing behavior
- Concurrency-safe detection logic
- No false triggers from high-performance systems

## 🆕 4.3.6 Enhancements

- PQ entropy now contributes to threat scoring
- Improved replay anomaly detection
- Better distributed probing detection

---

# 🕸️ Scraper Detection (Reworked)

## Hybrid Detection Model

- Same-path burst detection (test-safe)
- Multi-path enumeration detection (real-world)

## Improvements

Eliminates false positives from:

- hardware concurrency
- rapid navigation

---

# 🛡️ Network Policy Engine

## Core Capabilities

- 🔒 HTTP → HTTPS enforcement
- 🚫 Tracker blocking (domain precision)
- ⚠️ Adaptive degradation
- ⬇️ User-controlled downloads
- 🧠 AI-driven enforcement

---

# 🔐 Post-Quantum Integrity Layer (PQ)

## Enhancements

- Stronger stateful request chaining
- Improved replay resistance
- Expanded replay window (200 chains)
- Better entropy tracking

## Identity Model

- `_pq_seed` → per-tab root identity
- `_pq_salt` → hidden entropy
- `_pq_counter` → monotonic progression
- `_pq_prev_chain` → chain continuity

## Chain Construction

```
chain = SHA3_512(
  seed +
  normalized_url +
  previous_chain +
  counter +
  salt
)
```
---

## 🎨 Fingerprint System (Enhanced)

### PQ-Based Identity

* Stable within tab
* Independent across tabs
* Hidden from websites

### Rotation Model

* Stable on reload
* Gradual variation over time
* Deterministic behavior

---

## 🧩 Fingerprint Coherence

* Canvas, WebGL, font signals aligned
* Eliminated conflicting traits

### Result

* Realistic device fingerprint
* Reduced detection risk

---

## 🕶️ User-Agent Stealth

* No Darkelf identifiers
* Appears as standard WebKit/macOS

---

## ⚙️ JavaScript Hardening

* Unified PQ-seeded entropy
* Consistent spoofing across surfaces

---

## 🔁 Fingerprint Isolation

* Per-tab deterministic identity
* No cross-tab reuse
* Crowd-blending identity buckets

---

## 🎯 Content Rules / Adblocking

* Refined rule sets
* Improved tracker filtering
* Reduced site breakage
* CNN-safe filtering improvements

---

## 🧩 Architecture Improvements

* Clear separation:

  * network policy
  * MiniAI detection
  * PQ cryptographic state

* Reduced duplication

* Improved long-session stability

---

## 🔐 Ephemeral Browsing

* No disk persistence
* Memory-only storage
* Downloads **now user-controlled**
* Automatic cleanup on exit

---

## 🕵️ Privacy & Anti-Tracking

* First-party isolation (FPI)
* Deterministic third-party deception
* Tracker blocking
* No persistent identity

---

## 📦 PyPI

```bash
pip install darkelf-cocoa
darkelf
```

---

## 🔐 Security Model

* Zero persistence
* Deterministic identity isolation
* Replay resistance (**200-chain window**)
* Adaptive degradation
* User-controlled data egress
* No telemetry

---

## 📜 License

LGPL-3.0-or-later
© Dr. Kevin Moore (2025)
