Skip to content
Tech News
← Back to articles

Show HN: AI Subroutines – Run automation scripts inside your browser tab

2026-04-17 | original
read original get Browser Automation Extension → more articles
Why This Matters

AI Subroutines introduces a novel approach to browser automation by recording and replaying authenticated web requests directly within the browser's context. This method overcomes traditional challenges related to authentication, cookies, and dynamic request signing, enabling more reliable and scalable automation for repetitive tasks. Its significance lies in providing a robust solution for automating complex web interactions without breaking due to site updates or security measures, benefiting both developers and consumers seeking efficient web automation.

Key Takeaways

AI Subroutines: Browser Automations That Run Inside the Page

Most web agents solve the wrong half of the problem. You can get an LLM to post on X, DM on Instagram, or send a LinkedIn connection request — once. The moment you need to do it a thousand times, the economics break: tokens per invocation, latency per invocation, non-determinism per invocation. On outreach, CRM updates, and bulk posting, "the agent clicked the wrong button this time" is not a quirk. It's a failure mode.

The obvious fix is to skip the UI and call the site's internal API directly. That's correct, and it's where most "just call the API" projects die. Because the hard problem isn't the endpoint. It's auth.

Auth is the actual hard problem

Authenticated web requests carry some combination of cookies, rotating CSRF tokens, session tokens, bearer headers, anti-replay nonces, fingerprint-bound parameters, and request-signing hashes computed in the site's own JS at request time. Some are set by the server. Some are derived in the browser. Some rotate per request.

Out-of-process scrapers — Node workers, Playwright workers, cloud functions — have to rebuild all of that out of band. That's the thing that breaks the moment a site rotates a header or ships a new signing scheme. Most HAR-replay tooling ends its useful life right here.

The trick: record in the extension, replay inside the webpage

In rtrvr, both the recording and the replay happen inside the user's browser, from within the webpage itself.

The extension intercepts the network requests the tab makes while you perform the task. Two layers: a MAIN-world fetch / XHR patch installed before any page script runs, with Chrome's webRequest API as a correlated fallback for the CORS and service-worker paths the in-page patch can't see. Request bodies — FormData, Blob, raw bytes, not just JSON — are captured too. When the script runs later, those requests are dispatched from the page's own execution context — same origin, same cookies, same TLS session, same JS that computes the signed headers.

No Puppeteer driver. No headless worker. No separate TLS stack. The browser does what it always does: attach the cookies, run the site's own JS to compute the headers, ship the request.

... continue reading

Explore topics: browser automation ai subroutines playwright har-replay rtrvr
Related:
Show HN: Libretto – Making AI browser automations deterministic
Show HN: Pardonned.com – A searchable database of US Pardons
Show HN: Robust LLM Extractor for Websites in TypeScript
I Audited the Privacy of Popular Free Dev Tools, the Results Are Terrifying
Stop Burning Your Context Window – How We Cut MCP Output by 98% in Claude Code

© 2026 GoKawiil

About | Editorial Policy | Contact