@truestroke/core
v0.1.0
Published
Behavioral biometric continuous authentication engine - zero-dependency, on-device, sub-millisecond inference via WASM + SIMD
Downloads
42
Maintainers
shivambu.devReadme
@truestroke/core
Behavioral biometric continuous authentication engine — zero-dependency, on-device, sub-millisecond inference via WebAssembly + SIMD.
TrueStroke identifies users by how they type — their unconscious keystroke rhythm. It runs entirely in-browser with sub-microsecond inference, detects account takeover the moment it happens, and never sends raw biometric data anywhere.
Installation
npm install @truestroke/coreQuick Start
import { TrueStroke } from '@truestroke/core';
// Initialize the engine
const ts = await TrueStroke.init({ userId: 'user_123' });
// Auto-capture keystrokes from any input element
ts.attachTo(document.querySelector('#my-input'));
// Or feed events manually
document.addEventListener('keydown', (e) => ts.feedKeyDown(e.code, e.timeStamp));
document.addEventListener('keyup', (e) => ts.feedKeyUp(e.code, e.timeStamp));
// Listen for anomalies (someone else typing)
ts.onAnomaly((event) => {
console.log(`Imposter detected: confidence=${event.confidence}`);
showReauthPrompt();
});
// Reactive status updates
ts.onConfidenceChange((c) => updateConfidenceUI(c));
ts.onStatusChange((s) => updateStatusBadge(s));
// Liveness detection
const liveness = ts.checkLiveness();
// { isLive, isReplay, entropy, jitterPower, wpm, dwellCV, score }
// Cleanup
ts.destroy();Features
- On-Device First — All inference runs in-browser via WebAssembly. Zero network calls. Raw typing data never leaves the device.
- Sub-Microsecond Inference — < 1 μs p50 latency, SIMD-accelerated (WASM SIMD128).
- 42-Dimensional Feature Vectors — Dwell time, flight time, digraphs, trigraphs, velocity, error rate, WPM, rhythm CV.
- Dual Anomaly Detection — Isolation Forest + Adaptive Mahalanobis Distance (Ledoit-Wolf shrinkage).
- Liveness Detection — Timing entropy, Goertzel DFT jitter, WPM bounds, replay fingerprinting.
- Zero Dependencies — Self-contained C++17 compiled to WASM. No external libraries.
- XChaCha20-Poly1305 — Profile data encrypted at rest.
- GDPR-Compliant —
wipeProfile()for complete biometric data erasure.
API
TrueStroke.init(config)
Create and initialize an engine instance.
const ts = await TrueStroke.init({
userId: 'user_123',
enrollFullKeystrokes: 200, // keystrokes for full enrollment
lockThreshold: 0.35, // confidence below this → lock
});ts.attachTo(element)
Auto-capture keystrokes from an HTML input/textarea element.
ts.feedKeyDown(code, timestamp) / ts.feedKeyUp(code, timestamp)
Manual keystroke feeding for custom event handling.
ts.getConfidence() → number
Current confidence score (0.0 = imposter, 1.0 = enrolled user).
ts.getStatus() → Status
Current engine state: UNINITIALISED, ENROLLING, MONITORING, or LOCKED.
ts.checkLiveness() → LivenessResult
Anti-spoofing check: entropy, jitter power, WPM, replay detection.
ts.onAnomaly(callback) / ts.onConfidenceChange(callback) / ts.onStatusChange(callback)
Reactive event listeners.
ts.saveProfile() / ts.wipeProfile()
Encrypted profile persistence / GDPR-compliant erasure.
ts.exportGradients() / ts.importGlobalUpdate(data)
Federated learning: export DP-noised gradients, import global model updates.
ts.destroy()
Clean up WASM resources.
Requirements
- Browser with WebAssembly support (all modern browsers)
- WASM SIMD128 for peak performance (Chrome 91+, Firefox 89+, Safari 16.4+)
License
MIT — Shivambu