fix: lazy anti-bot body check in smart mode, exhaustive pattern tests, bump to v2.47.5

Short-circuit detect_anti_bot_from_body via Rust || lazy eval so it
only runs when rerender and script_src are both false. Added unit
tests covering every AC_BODY_SCAN (8 patterns) and AC_URL_SCAN (16
patterns) index to prevent mapping regressions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: j-mendez

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "spider"
-version = "2.47.4"
+version = "2.47.5"
 authors = ["j-mendez <jeff@spider.cloud>"]
 description = "A web crawler and scraper, building blocks for data curation workloads."
 repository = "https://github.com/spider-rs/spider"
@@ -120,11 +120,11 @@ features = ["serde", "headers", "dynamic-versions"]
 
 [dependencies.spider_agent_types]
 path = "../spider_agent_types"
-version = "2.47.4"
+version = "2.47.5"
 
 [dependencies.spider_agent]
 path = "../spider_agent"
-version = "2.47.4"
+version = "2.47.5"
 optional = true
 default-features = false
 

spider/Cargo.toml

@@ -3608,14 +3608,10 @@ impl Page {
                     let _ = rewriter.end();
                 }
 
-                // Anti-bot body detection as additional upgrade signal
-                let anti_bot_upgrade =
-                    crate::utils::detect_anti_bot_from_body(&html_resource.as_bytes().to_vec())
-                        .is_some();
-
                 let should_upgrade = rerender.load(Ordering::Relaxed)
                     || script_src.load(Ordering::Relaxed)
-                    || anti_bot_upgrade;
+                    // Anti-bot body detection as fallback upgrade signal (lazy — skipped when already upgrading)
+                    || crate::utils::detect_anti_bot_from_body(&html_resource.as_bytes().to_vec()).is_some();
                 if should_upgrade {
                     if let Some(browser_controller) = browser
                         .get_or_init(|| {
@@ -4025,14 +4021,10 @@ impl Page {
                     let _ = rewriter.end();
                 }
 
-                // Anti-bot body detection as additional upgrade signal
-                let anti_bot_upgrade =
-                    crate::utils::detect_anti_bot_from_body(&html_resource.as_bytes().to_vec())
-                        .is_some();
-
                 let should_upgrade = rerender.load(Ordering::Relaxed)
                     || script_src.load(Ordering::Relaxed)
-                    || anti_bot_upgrade;
+                    // Anti-bot body detection as fallback upgrade signal (lazy — skipped when already upgrading)
+                    || crate::utils::detect_anti_bot_from_body(&html_resource.as_bytes().to_vec()).is_some();
                 if should_upgrade {
                     if let Some(browser_controller) = browser
                         .get_or_init(|| {

spider/src/page.rs

@@ -6676,30 +6676,143 @@ mod tests {
         // Too large - returns None
         let large_body = vec![0u8; 40_000];
         assert!(detect_anti_bot_from_body(&large_body).is_none());
-        // Normal page
+        // Normal page - no match
         let normal = b"<html><body>Hello world</body></html>".to_vec();
         assert!(detect_anti_bot_from_body(&normal).is_none());
-        // Alibaba TMD - _____tmd_____
-        let tmd = br#"<script>window.location.replace("https://example.com/_____tmd_____/punish?x5secdata=abc");</script>"#.to_vec();
+
+        // Pattern 0: cf-error-code → Cloudflare
+        assert_eq!(
+            detect_anti_bot_from_body(&b"<span class=\"cf-error-code\">1020</span>".to_vec()),
+            Some(AntiBotTech::Cloudflare)
+        );
+        // Pattern 1: Access to this page has been denied → Cloudflare
+        assert_eq!(
+            detect_anti_bot_from_body(
+                &b"<h1>Access to this page has been denied</h1>".to_vec()
+            ),
+            Some(AntiBotTech::Cloudflare)
+        );
+        // Pattern 2: DataDome
+        assert_eq!(
+            detect_anti_bot_from_body(&b"<script src=\"https://js.DataDome.co/tags.js\">".to_vec()),
+            Some(AntiBotTech::DataDome)
+        );
+        // Pattern 3: perimeterx → PerimeterX
+        assert_eq!(
+            detect_anti_bot_from_body(&b"<script>window._pxAppId='perimeterx';</script>".to_vec()),
+            Some(AntiBotTech::PerimeterX)
+        );
+        // Pattern 4: funcaptcha → ArkoseLabs
+        assert_eq!(
+            detect_anti_bot_from_body(
+                &b"<iframe src=\"https://client-api.arkoselabs.com/funcaptcha\">".to_vec()
+            ),
+            Some(AntiBotTech::ArkoseLabs)
+        );
+        // Pattern 5: Incapsula → Imperva
         assert_eq!(
-            detect_anti_bot_from_body(&tmd),
+            detect_anti_bot_from_body(
+                &b"Request unsuccessful. Incapsula incident ID: 123".to_vec()
+            ),
+            Some(AntiBotTech::Imperva)
+        );
+        // Pattern 6: _____tmd_____ → AlibabaTMD
+        assert_eq!(
+            detect_anti_bot_from_body(
+                &br#"<script>window.location.replace("https://example.com/_____tmd_____/punish?x5secdata=abc");</script>"#.to_vec()
+            ),
             Some(AntiBotTech::AlibabaTMD)
         );
-        // Alibaba TMD - x5secdata in body
-        let x5sec = br#"<script>sessionStorage.x5referer=window.location.href;window.location.replace("https://example.com/punish?x5secdata=xyz&x5step=1");</script>"#.to_vec();
+        // Pattern 7: x5secdata → AlibabaTMD
         assert_eq!(
-            detect_anti_bot_from_body(&x5sec),
+            detect_anti_bot_from_body(
+                &br#"<script>sessionStorage.x5referer=window.location.href;window.location.replace("https://example.com/punish?x5secdata=xyz&x5step=1");</script>"#.to_vec()
+            ),
             Some(AntiBotTech::AlibabaTMD)
         );
     }
 
     #[test]
     fn test_detect_antibot_from_url() {
-        assert!(
-            detect_antibot_from_url("https://example.com/cdn-cgi/challenge-platform").is_some()
-        );
+        // No match
         assert!(detect_antibot_from_url("https://example.com/page").is_none());
-        // Alibaba TMD URL pattern
+
+        // Pattern 0: /cdn-cgi/challenge-platform → Cloudflare
+        assert_eq!(
+            detect_antibot_from_url("https://example.com/cdn-cgi/challenge-platform/h/b"),
+            Some(AntiBotTech::Cloudflare)
+        );
+        // Pattern 1: datadome.co → DataDome
+        assert_eq!(
+            detect_antibot_from_url("https://api.datadome.co/validate"),
+            Some(AntiBotTech::DataDome)
+        );
+        // Pattern 2: dd-api.io → DataDome
+        assert_eq!(
+            detect_antibot_from_url("https://dd-api.io/js/v1"),
+            Some(AntiBotTech::DataDome)
+        );
+        // Pattern 3: perimeterx.net → PerimeterX
+        assert_eq!(
+            detect_antibot_from_url("https://client.perimeterx.net/main.min.js"),
+            Some(AntiBotTech::PerimeterX)
+        );
+        // Pattern 4: px-captcha → PerimeterX
+        assert_eq!(
+            detect_antibot_from_url("https://example.com/px-captcha"),
+            Some(AntiBotTech::PerimeterX)
+        );
+        // Pattern 5: arkoselabs.com → ArkoseLabs
+        assert_eq!(
+            detect_antibot_from_url("https://client-api.arkoselabs.com/fc/gt2/"),
+            Some(AntiBotTech::ArkoseLabs)
+        );
+        // Pattern 6: funcaptcha → ArkoseLabs
+        assert_eq!(
+            detect_antibot_from_url("https://example.com/funcaptcha/verify"),
+            Some(AntiBotTech::ArkoseLabs)
+        );
+        // Pattern 7: kasada.io → Kasada
+        assert_eq!(
+            detect_antibot_from_url("https://ips.kasada.io/149/script"),
+            Some(AntiBotTech::Kasada)
+        );
+        // Pattern 8: fingerprint.com → FingerprintJS
+        assert_eq!(
+            detect_antibot_from_url("https://api.fingerprint.com/v3"),
+            Some(AntiBotTech::FingerprintJS)
+        );
+        // Pattern 9: fpjs.io → FingerprintJS
+        assert_eq!(
+            detect_antibot_from_url("https://fpjs.io/agent"),
+            Some(AntiBotTech::FingerprintJS)
+        );
+        // Pattern 10: incapsula → Imperva
+        assert_eq!(
+            detect_antibot_from_url("https://example.com/incapsula/resource"),
+            Some(AntiBotTech::Imperva)
+        );
+        // Pattern 11: imperva → Imperva
+        assert_eq!(
+            detect_antibot_from_url("https://example.com/imperva/block"),
+            Some(AntiBotTech::Imperva)
+        );
+        // Pattern 12: radwarebotmanager → RadwareBotManager
+        assert_eq!(
+            detect_antibot_from_url("https://example.com/radwarebotmanager/api"),
+            Some(AntiBotTech::RadwareBotManager)
+        );
+        // Pattern 13: reblaze.com → Reblaze
+        assert_eq!(
+            detect_antibot_from_url("https://reblaze.com/check"),
+            Some(AntiBotTech::Reblaze)
+        );
+        // Pattern 14: cheq.ai → CHEQ
+        assert_eq!(
+            detect_antibot_from_url("https://api.cheq.ai/verify"),
+            Some(AntiBotTech::CHEQ)
+        );
+        // Pattern 15: _____tmd_____/punish → AlibabaTMD
         assert_eq!(
             detect_antibot_from_url(
                 "https://www.miravia.es/p/i123/_____tmd_____/punish?x5secdata=abc"

spider/src/utils/mod.rs

@@ -1,6 +1,6 @@
 [package]
 name = "spider_agent"
-version = "2.47.4"
+version = "2.47.5"
 authors = ["j-mendez <jeff@spider.cloud>"]
 description = "A concurrent-safe multimodal agent for web automation and research."
 repository = "https://github.com/spider-rs/spider"
@@ -28,8 +28,8 @@ parking_lot = "0.12"
 base64 = "0.22"
 
 # Extracted types and HTML processing
-spider_agent_types = { version = "2.47.4", path = "../spider_agent_types" }
-spider_agent_html = { version = "2.47.4", path = "../spider_agent_html" }
+spider_agent_types = { version = "2.47.5", path = "../spider_agent_types" }
+spider_agent_html = { version = "2.47.5", path = "../spider_agent_html" }
 
 # HTML processing (still needed for engine internals)
 lol_html = "2"

spider_agent/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "spider_agent_html"
-version = "2.47.4"
+version = "2.47.5"
 authors = ["j-mendez <jeff@spider.cloud>"]
 description = "HTML processing utilities for spider_agent — cleaning, content analysis, and diffing."
 repository = "https://github.com/spider-rs/spider"
@@ -24,7 +24,7 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 
 # Types from our types crate
-spider_agent_types = { version = "2.47.4", path = "../spider_agent_types" }
+spider_agent_types = { version = "2.47.5", path = "../spider_agent_types" }
 
 [dev-dependencies]
 serde_json = "1"

spider_agent_html/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "spider_agent_types"
-version = "2.47.4"
+version = "2.47.5"
 authors = ["j-mendez <jeff@spider.cloud>"]
 description = "Pure data types and constants for spider_agent automation. Zero heavy dependencies."
 repository = "https://github.com/spider-rs/spider"

spider_agent_types/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "spider_cli"
-version = "2.47.4"
+version = "2.47.5"
 authors = ["j-mendez <jeff@spider.cloud>"]
 description = "The fastest web crawler CLI written in Rust."
 repository = "https://github.com/spider-rs/spider"

spider_cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "spider_utils"
-version = "2.47.4"
+version = "2.47.5"
 authors = ["j-mendez <jeff@spider.cloud>"]
 description = "Utilities to use for Spider Web Crawler."
 repository = "https://github.com/spider-rs/spider"