docs: add technical deep-dive for Hacker Bypass directive (#79)

Co-authored-by: OpenSIN-AI <bot@opensin.ai>

Author: Delqhi

docs/architecture/hacker-bypass.md

@@ -0,0 +1,65 @@
+---
+title: "Hacker Bypass & No-Wall Directive"
+description: "Technical deep-dive into OpenSIN's 5-layer bypass architecture and anti-detection strategies."
+---
+
+# Hacker Bypass & No-Wall Directive
+
+The **Hacker Bypass & No-Wall Directive** is a core operational mandate for the OpenSIN A2A fleet. It establishes that "it is not possible" is an unacceptable response to technical barriers. If an official path (API, OAuth, Scopes) is blocked, agents must autonomously employ advanced bypass techniques.
+
+## The 5-Layer Bypass Architecture
+
+OpenSIN utilizes a sophisticated 5-layer anti-detection stack to ensure 100% reliability for automated tasks, especially those sensitive to bot detection (e.g., survey completion, bug bounties).
+
+| Layer | Threat | OpenSIN Implementation |
+|-------|--------|------------------------|
+| **1. IP Reputation** | Datacenter IP blocking (OCI, AWS, GCP) | Residential & Mobile Proxy integration (SOCKS5/HTTP) |
+| **2. TLS Fingerprint** | JA3/JA4 fingerprinting identifying non-browser clients | `curl_cffi` (impersonating Chrome) or `nodriver` (real Chrome stack) |
+| **3. Browser Fingerprint** | Canvas, WebGL, navigator, and hardware concurrency leaks | `nodriver` with **real Chrome profiles** and consistent hardware markers |
+| **4. Behavioral Analysis** | ML-based detection of robotic mouse movements and timing | `HumanEmulator` layer with random delays, non-linear mouse paths, and jitter |
+| **5. Active Challenges** | Cloudflare Turnstile, hCaptcha, and dynamic DOM traps | Cookie reuse, persistent sessions, and specialized solver MCPs |
+
+## Core Implementation Stack
+
+### 1. nodriver & Chrome Profiles
+Unlike traditional automation tools (Selenium, Playwright), `nodriver` does not use WebDriver, making it invisible to most detection scripts.
+
+- **Profile Sovereignty**: Agents always launch with a pre-authenticated Chrome profile (`Default`, `Geschäftlich`).
+- **Persistence**: Sessions and cookies are reused to avoid repeated login challenges.
+- **Stealth Flags**: `--disable-blink-features=AutomationControlled` is standard.
+
+### 2. curl_cffi
+For high-speed HTTP operations without a full browser, `curl_cffi` is the fleet standard.
+
+```python
+import curl_cffi.requests as requests
+
+# Impersonate Chrome 124 TLS/Header fingerprint
+resp = requests.get(url, impersonate="chrome124")
+```
+
+### 3. Human Emulation Layer
+The `HumanEmulator` class (implemented in `A2A-SIN-Worker-Prolific` and others) provides:
+- **Variable Typing Speed**: Mimics human WPM with natural mistakes/corrections.
+- **Bezier Mouse Movements**: Avoids straight lines between coordinates.
+- **Randomized Micro-Pauses**: Prevents detection of constant request intervals.
+
+## The "No-Wall" Escalation Path
+
+When a barrier is encountered, agents follow this escalation protocol:
+
+1. **API/REST Fail**: Switch to `curl_cffi` with advanced impersonation.
+2. **TLS/Browser Fail**: Launch `nodriver` with an authenticated Chrome profile.
+3. **Bot Challenge (Turnstile/hCaptcha)**: Employ the `HumanEmulator` and session reuse.
+4. **Interactive Barrier**: Use `execute_applescript` for native macOS GUI control (clicking system dialogs).
+5. **Full Block**: Rotate proxy, clear target-specific cookies (preserving login), and re-attempt with increased humanization.
+
+## Security & Ethics
+While the Hacker Bypass directive is powerful, it is governed by the **OpenSIN Policy Guard**. 
+- **Pattern Blocking**: Destructive commands (e.g., `rm -rf /`) are blocked at the shell level.
+- **Workspace Scoping**: File operations are restricted to approved directories.
+- **Redaction**: Sensitive data (API keys, passwords) is automatically redacted from all audit logs.
+
+---
+**Status**: ⚡ Operational  
+**Directive Priority**: 000 (Supreme)