April 18, 2026
Clicks vs CAPTCHAs: Fight!
Show HN: AI Subroutines – Run automation scripts inside your browser tab
Zero-cost clicks or cat-and-mouse chaos? HN splits
TLDR: A new tool records your actions and replays them inside the web page using your own login, promising free, predictable automations. Comments split between hype and worry: skeptics fear CAPTCHAs and mistrust extensions, while others suggest a tiny on-device AI to handle changes—big implications for everyday online tasks.
Hacker News lit up over rtrvr.ai’s new “AI Subroutines,” which record a task in your browser and replay it inside the same page—your cookies, login, and security checks come along for the ride. The pitch: zero token cost, 100% deterministic, and auth propagates automatically. The demo is here.
Supporters say it fixes the classic bot fail—“the agent clicked the wrong button”—by skipping clumsy robot clicking and just replaying the real network requests from your tab. Automating outreach, CRM updates, and bulk posts without paying AI per action sounds like magic to power users.
Then the gloves came off. One skeptic asked if sites with CAPTCHAs, anti-bot traps, and proof‑of‑work challenges will just swat this down, calling it a never‑ending cat and mouse game. Another flatly declared, “I don’t trust extensions one bit,” sparking a privacy brawl over what the add‑on can see.
Amid the chaos, a practical middle path emerged: use a small local model (a tiny on‑device AI) to handle minor page changes that would break scripts, while keeping costs low. Jokers dubbed it an “automation glow‑up” and quipped that CAPTCHAs are the “final boss.” Verdict: exciting, but the crowd’s split between wow and whoa, slow down.
Key Points
- •rtrvr.ai’s AI Subroutines record browser tasks and replay them as callable tools inside the webpage context.
- •The system avoids per-invocation LLM costs and non-determinism, aiming for zero token cost and deterministic outcomes.
- •Authentication details (cookies, CSRF, signed headers, fingerprinting) propagate automatically by replaying requests in-page.
- •Network requests are captured via an in-page fetch/XHR patch with Chrome’s webRequest API as fallback, including request bodies.
- •Captured traffic is ranked and trimmed to isolate true API calls, e.g., favoring first-party over third-party origins.