DEV Community: nottelabs

Observability: Beautiful Visibility Into Every Automation Session

nottelabs — Fri, 27 Feb 2026 17:13:47 +0000

Observability transforms your browser automations into clear, interactive visualisations.

What is Observability?

Every CDP event, including WebSocket-based Playwright sessions, is captured and replayable in the Console. Step through execution, inspect logs, and follow the full timeline exactly as it happened.

Real-world examples

Failed login automation

Your Playwright script fails to authenticate. Instead of guessing, step through the exact CDP events to see where the selector broke or the form submission timed out.

Headless scraping errors

A headless scraper randomly fails on certain pages. The full timeline shows the navigation flow, what elements were clicked, and where the automation stalled. No local reproduction needed.

Multi-step workflow debugging

A 20-step workflow fails intermittently. Step through the complete execution and pinpoint exactly where and why it broke.

Agent behaviour auditing

Verify what your agents extracted and which actions they performed. The full timeline gives you a complete audit trail of every session.

Why it matters

Most browser automations run headless. Without visibility into these sessions, debugging is guesswork. Observability gives you the same clarity for programmatic sessions that you have for Console-driven ones.

Debug faster and ship with confidence.

Build now at https://console.notte.cc

Anything API: Turn Any Browser Workflow into a Production-Ready API

nottelabs — Thu, 26 Feb 2026 19:54:57 +0000

Give us the task. We engineer the skill.

Browser automation works for any site. But if you're running the same workflow repeatedly, you shouldn't have to keep running the browser.

Anything API turns any browser workflow into a production-ready API automatically. Describe what you need done, and our agent builds the custom Notte Function for you.

What is Anything API?

Most websites don't have public APIs. If you want to extract data or automate workflows, you control a browser by navigating pages, clicking elements, scraping content.

Anything API handles that entire process for you. Describe the task. Our agent figures out how to execute it, builds the workflow, and ships a Notte Function that calls the site directly.

How it works

Describe what you need done. Anything API runs a browser session to work out the workflow, then generates a callable API you can deploy immediately. Authentication, headers, request formatting are all handled. You just call the function.

One description. A deployed function.

The initial session does the work of figuring out how to automate the task. Every subsequent run calls directly, meaning no browser overhead, faster execution, and lighter infrastructure.

Deploy as a Notte Function

The output is a Notte Function. Deploy it serverless, schedule it on cron, or call it via API. The same infrastructure that runs your browser automations now runs the workflows we build for you.

Why it matters

This is the fastest way to create APIs for sites that don't have one. Describe the task. We engineer the skill.

Try it now: https://anything.notte.cc/

Watch a demo

Session Files: Agents That Handle Files Automatically

nottelabs — Thu, 26 Feb 2026 17:39:50 +0000

Agents tend to break when they need to download reports or upload documents. File operations require manual intervention or complex workarounds.

Session Files fixes this.

What are Session Files?

Notte agents can now handle file operations automatically. Download files, upload documents, and process files within your automation workflows. Every file operation has full visibility and debugging in the Console. See what files were downloaded, track upload progress, and inspect file contents.

Use cases

Form automation

Upload resumes to job applications, submit tax documents, attach files to support tickets. Agents handle the full workflow.

Document processing

Download invoices from vendor portals, extract data, and upload to accounting systems.

Report generation

Download reports from analytics dashboards, process the data, and forward to stakeholders. Automated end-to-end.

Data extraction

Download PDFs from internal tools, scrape structured data, and push to your database. Files in, data out.

Why it matters

Most workflows don't end at the browser. They involve files. Session Profiles handle authentication, Session Files handles I/O. Your agents can now automate document processing, form submissions, and report generation end-to-end.

File I/O is now a first-class primitive in browser automation.

Test it out: console.notte.cc

Cryptographically Verified AI Agents: Notte Integrates with Fingerprint Web Bot Auth

nottelabs — Wed, 25 Feb 2026 14:54:22 +0000

Notte is partnering with Fingerprint to make sure good actors are never mistaken for bad bots: here's why that matters.

Good actors are being mistaken for bad bots. AI agents get blocked constantly, not because they're doing anything wrong, but because websites have no way to tell them apart from malicious scrapers.

Platforms like Fingerprint, used by thousands of websites, analyse signals like browser attributes, cursor movements, and network behaviour to classify every visitor into one of three buckets: human, good bot, or bad bot. Good bots are verified crawlers and legitimate AI agents. Bad bots are scrapers stealing data, credential stuffers hijacking accounts, spam tools. The problem is that without any proof of identity, a legitimate AI agent looks identical to a bad bot. So the default is to block anything automated.

Web Bot Auth was built to fix this, and Fingerprint adopted it into their platform. Legitimate agents register in Fingerprint’s Bot Directory, and from that point on every request they make carries a signed identity that websites can verify in real time. It works on top of cryptographic HTTP message signatures (essentially a verified passport for bots).

Notte has completed that registration. Our commitment to responsible automation: every Notte request is now cryptographically signed and automatically recognised as verified across any site running Fingerprint's detection.

Learn more: notte.cc

Build: console.notte.cc

Session Profiles: Persistent Authentication for Browser Agents

nottelabs — Wed, 25 Feb 2026 14:52:21 +0000

Browser agents re-authenticate on every run because session state doesn't persist. This breaks workflows that rely on logged-in sessions.

Session Profiles solve this.

What are Session Profiles?

Session Profiles save browser state (cookies, cache, and local storage) so your agents stay authenticated across sessions. Log in once manually, and every subsequent session with that profile starts already authenticated.

How it works

Bootstrap a session profile using demonstration mode. Log in to LinkedIn, Gmail, or any authenticated service in a headful browser. Stop the session. All the state persists in storage.

Start a new session with the same profile, and your agent is already logged in. No re-authentication. No manual intervention.

Why it matters

Most valuable web data sits behind login walls. Session Profiles let your agents automate authenticated workflows at scale. Scrape private dashboards, manage SaaS accounts, monitor internal tools.

Authenticate once. Automate everything after.

Automate seamlessly: console.notte.cc

Watch Nottelabs CTO Lucas Giordano walk through how to bootstrap and manage persistent authentication for browser agents here.

Browser Automation from Your Terminal

nottelabs — Mon, 23 Feb 2026 18:28:23 +0000

We built the Notte Console so you could prototype, debug, and deploy browser automations in one environment.

Now you can control everything from your terminal.

What is Notte CLI?

Notte CLI brings full browser automation control to the command line. Start sessions, navigate pages, click elements, run AI agents, and scrape data; all without leaving your terminal.

Features

AI agents - run and monitor AI-powered browser functions
Browser sessions - headless or headed Chrome/Firefox with full control
Files - upload and download files to notte.cc
Output formats - human-readable text or JSON for scripting
Personas - create and manage digital identities with email, phone, and SMS
Secure credentials - system keyring for API keys, vaults for website passwords
Web scraping - structured data extraction with custom schemas
Functions - schedule and execute repeatable automation tasks

How it works

# Start a browser session
notte sessions start

# Navigate and interact
notte page goto "https://..."
notte page observe
→ B1, B2, I1...

notte page click B3
notte page scrape --instructions "..."

Need to see what's happening? notte sessions viewer opens the Console instantly.

Why it matters

Browser automations now fit into your existing workflows. Terminal + Console means you can build however you work best.

Get started

Notte CLI: https://github.com/nottelabs/notte-cli
Full documentation: https://docs.notte.cc/
Watch Lucas, Nottelab's Founder & CTO, walk you through how to use it.

The Hidden Cost of Bot Detection

nottelabs — Fri, 16 Jan 2026 12:32:53 +0000

What happens when the very systems designed to protect websites end up blocking the good guys?

Our browser automation experience tells us the reality is far more complex than most people realise. When detection systems flag legitimate users by mistake, false positives can cause friction that slows down real customers and can drive away loyal customers if not handled carefully.

The Bot Detection Paradox

We live in an age where automated bot traffic has surpassed human-generated traffic for the first time in a decade, constituting 51% of all web traffic in 2024. Even more concerning, bad bots account for 37% of internet traffic.

So naturally, companies are scrambling to implement bot detection systems. This, however, causes issues. The same systems that catch malicious bots are increasingly catching legitimate automation tools:

Research crawlers collecting public data for academic studies
Price monitoring tools helping consumers find better deals
SEO audit tools analysing website performance
Accessibility tools helping disabled users navigate the web
Business intelligence gathering for competitive analysis

SEO teams coordinating with third-party crawlers (like SEO audit tools that use Googlebot user agents) communicate with security teams to prevent false positives and ensure legitimate business activities aren't blocked.

The False Positive Nightmare

Let's paint a picture of what false positives look like in the real world.

For example, a user being blocked from accessing their bank account or a social media business account because they are unjustly being considered a bot when they are travelling because of the frequency of requests or the location the request comes from.

But it's not just individual users. Legitimate businesses using automation for perfectly valid reasons are getting hammered:

Market researchers trying to gather pricing data for competitive analysis
Travel aggregators checking flight availability across multiple airlines
News monitoring services tracking mentions for PR teams
Academic researchers studying online discourse and social patterns

Why Good Actors Get Flagged

The technical reality is that bot detection systems look for patterns. And sometimes, legitimate automation exhibits patterns that look suspicious:

Speed and Efficiency

Power users who click, type, or switch pages rapidly mimic bot speed. If you're a marketer checking 20 product pages in a minute, you might trip the same alarms as a malicious scraper.

Network Infrastructure

VPNs route traffic through shared servers, often used by bots too. If your IP is tied to heavy traffic or a bot-heavy region, you're flagged.

Browser Fingerprinting

Modern bot detection analyses 70+ signals including canvas rendering, WebGL properties, audio API responses, and hardware specifications. A significant fraction of fingerprinting attributes are specially crafted challenges that aim to detect the presence of automation frameworks and headless browsers linked to bots. The problem? Many legitimate tools use these same frameworks.

Geographic Anomalies

Travelling abroad or using a VPN to access a site from a new region clashes with your usual profile, raising suspicion.

The Business Impact

This isn't just a technical problem. It's a business problem with real costs:

Lost Revenue: When legitimate customers can't access services, conversion drops are measurable and immediate. DataDome's implementation of Device Check reduced false positives by 80% for one luxury brand, demonstrating that even industry leaders struggle with this balance.
Compliance Issues: For marketing and sales teams dealing with lead fraud, TrustedForm Bot Detection delivers clear, measurable value by removing leads that may not meet TCPA consent requirements due to non-human submission. For lead generation companies, TCPA violations cost £400-£1,200 per incident. False negatives (missing bots) can result in compliance penalties, whilst false positives (blocking legitimate leads) directly reduce revenue.
Operational Overhead: The massive resources required to manage false positives drain technical teams.
Innovation Stifling: Companies afraid to implement automation that might get blocked hold back progress.

The Arms Race Nobody Wins

Here's what's particularly frustrating: sophisticated attacks create a tradeoff where aggressive blocking risks false positives against legitimate users, whilst permissive rules let sophisticated bots through.

We're stuck in this endless cycle:

Bot detection gets more aggressive
Legitimate tools get caught in the crossfire
Good actors have to implement workarounds
Those workarounds make them look more like bad actors
Detection systems get even more aggressive

Why Good Actors Need Stealth Today

Here's the uncomfortable truth: in today's broken ecosystem, proving you're legitimate often makes you look like you're evading detection.

The Legitimacy Trap: Bot detection vendors face an impossible tradeoff: aggressive blocking creates false positives against legitimate users, whilst permissive rules let sophisticated bots through. Many vendors operate at 0.75% false positive rates (75 times higher than the 0.01% ideal) because tighter thresholds would block too many paying customers.

The paradox is stark: good actors need defensive capabilities not because they want to be deceptive, but because the current detection ecosystem gives them no choice.

At Notte, we provide anti-detection capabilities today because websites' broken detection systems require it. But we're also actively working towards a future where such capabilities won't be necessary.

The Path to Mutual Benefit

The reality is that both sides want the same thing:

Websites want to protect their resources and users from malicious activity.
Legitimate automation wants to provide value without causing harm.

The current approach of aggressive blocking hurts everyone. The ideal false positive rate is 0.01%, far below some vendors' 0.75%. Yet many systems operate with false positive rates 75 times higher than ideal.

Real Solutions for Real Problems

Here's what actually works:

1. Intent-Based Detection

Instead of just looking at behaviour patterns, systems need to understand intent. A price comparison bot checking 100 products has very different intent than a bot trying to buy up limited inventory. DataDome and other leading vendors are pioneering intent-based detection approaches that analyse why automation is happening, not just that it's happening. This represents a fundamental shift from pattern matching to purpose understanding.

2. Reputation Systems

Detection engines can maintain a user reputation based on previous user activity. The reputation can be impacted positively or negatively depending on the age of the account, the activity pattern, and whether or not some previous bot activity was observed with the user.

3. Adaptive Responses

Not every bot needs to be blocked. Some just need to be rate-limited or guided to use official APIs. Solutions like intelligent rate limiting and progressive friction provide graduated responses rather than binary block/allow decisions.

4. Cryptographic Verification Standards

The most promising development is the emergence of cryptographic bot verification. OpenAI has begun signing all Operator requests using HTTP Message Signatures (RFC 9421), allowing site owners to verify requests genuinely originate from their infrastructure without relying on brittle IP allowlists.

This approach, co-developed by OpenAI and Cloudflare as the Web Bot Auth standard, uses cryptographic signatures to verify bot identity. Bot operators publish public keys at /.well-known/http-message-signatures-directory, and requests include signed headers that websites can verify.

The benefits over traditional IP-based allowlists are clear:

No infrastructure dependencies: You don't need to maintain up-to-date lists of IP ranges.
Tamper resistance: Signatures are tied to request content and timestamp, making them impossible to forge.
Flexible deployment: Bot identity is verified at the application layer, even if requests are routed through proxies or CDNs.

Cloudflare has integrated this directly into their Verified Bots program, and the IETF has established a working group to develop these standards further.

5. Human Override Capabilities

Under GDPR Article 22, data subjects have the right not to be subject to solely automated decisions that produce legal or similarly significant effects. When bot detection systems automatically block account access without human review capability, they may violate GDPR's requirement for human intervention rights. This frames aggressive bot detection as a regulatory risk, which organisations must address.

The Future We're Building

At Notte we envision a future where:

Legitimate automation can operate without fear of being blocked.
Websites can protect themselves without collateral damage.
Good actors can prove their legitimacy without compromising their capabilities.
The internet remains open for innovation whilst being protected from abuse.

This isn't just about technology. It's about changing the conversation from "how do we block bots?" to "how do we enable good automation whilst stopping bad actors?"

Notte's Approach: Defence Today, Standards Tomorrow

We're not just building better anti-detection technology. We're building a better approach to the entire problem. Yes, we provide sophisticated stealth capabilities, but we recognise these are defensive measures necessitated by today's broken ecosystem.

Our anti-detection playbook helps legitimate automation work respectfully by:

Implementing intelligent rate limiting to minimise server load
Respecting robots.txt directives where appropriate
Providing configuration options for self-identification
Building retry logic that backs off rather than hammers servers

As the ecosystem evolves towards intent-based detection and cryptographic verification standards like Web Bot Auth, Notte will enable our users to self-identify for legitimate use cases.

Moving Forward Together

The current state of bot detection is broken. But it doesn't have to stay that way.

The question isn't whether we need bot detection. We absolutely do. The question is how we implement it in a way that protects without destroying legitimate use cases.

The emergence of standards like Web Bot Auth shows the path forward. When OpenAI signs requests cryptographically, when Cloudflare verifies those signatures at the edge, when developers can implement transparent automation that proves its identity, we move closer to an ecosystem that enables the good whilst stopping the bad.

At Notte, we're providing the tools legitimate users need today whilst advocating for the standards the ecosystem needs tomorrow. Because at the end of the day, the internet should work for everyone: humans, good bots, and the legitimate automation that makes our digital lives better.

console.notte.cc

How to Automate 2FA and Account Creation for AI Agents

nottelabs — Tue, 23 Dec 2025 23:34:19 +0000

TLDR: Creating accounts and passing 2FA is a major roadblock for AI agents, requiring manual intervention. We're launching Notte Agent Identities, a new feature that gives your AI agents complete, persistent digital identities. Each identity comes with a dedicated email, a real phone number for SMS verification, and a secure credential vault to manage its own website credentials. This allows your agents to autonomously handle the entire authentication process — from filling out a sign-up form to passing 2FA, without any human help.

Scrape Past the Login Screen

The most valuable data isn't public — it's behind a login. Traditional scrapers hit this wall and stop. Notte agent identities unlocks the authenticated web, transforming your scraper from a simple bot into an autonomous agent that can:

Create Its Own Accounts: your agent signs up for any service, handling both email and SMS verification automatically. No manual work required.

Conquer 2FA Instantly: the dreaded SMS code or Email Sign Link is no longer an automation-killer. Your agent gets these programmatically and logs in automatically.

Scrape Like a Real User: they provide persistent, credible identities that don't get blocked like disposable services do, allowing for long-term, stable scraping sessions.

By making account creation and authentication a reproducible step in your code, this removes the primary manual bottleneck to scaling. It allows you to reliably deploy and manage numerous authenticated agents for parallel data collection and complex automation workflow.

How it works

Notte agent identities are not a standalone feature; they are deeply integrated with our core Agent and Session components. During an active session, a Notte Agent uses built-in tool calling to seamlessly request credentials, verification links, or 2FA codes from its assigned identity.

Technical Integration: Using identities in Your Code

Integrating Identities into your Notte agents is straightforward. Here's a practical example of how to use a agent identity to automate account creation:

What happens under the hood:

When the agent encounters a signup form, it automatically uses the identity’s email and phone number.
If email verification is required, the agent programmatically retrieves the verification link from its inbox.
For SMS 2FA, the agent fetches the code from the its own phone number.
Credentials are automatically stored in the the secure vault for future sessions

Practical Applications: What to Build with Notte Identities

The ability to programmatically create and manage authenticated identities opens up a wide range of automation possibilities that were previously complex or required significant manual work. Here are some key use cases where this capability is a game-changer:

E-commerce: Programmatically register for shopping sites and marketplaces. This enables automated workflows for price tracking, order placement, or managing multiple accounts on platforms where authenticated access is required.
Social Media: Reliably set up profiles across social networks. With the ability to handle SMS verification, identities overcome the primary technical barrier to creating accounts for data collection, research, or social listening tasks.
Financial Services: Automate the initial stages of account opening and KYC processes. Use identities to programmatically validate email and phone number verification steps, ensuring your user onboarding flows are functioning correctly.
QA Testing: Generate clean test accounts on demand for quality assurance. Instead of relying on a static pool of users, your test scripts can create a new identity for each run, guaranteeing a consistent, uncompromised starting state for testing registration and user features.
SaaS Signups: Automatically create and verify accounts on any software platform. Use this for competitive analysis, testing integrations, or populating a new environment with users without manual data entry.

Ready to Build?

The next step is to try it yourself. Create your first agent identity on the Notte console and start automating account creation in minutes.

What can I build with Notte?

nottelabs — Wed, 03 Dec 2025 21:46:55 +0000

First: what is Notte?

Simply put, Notte provides a platform to build and deploy web agents that don’t break. By turning complex and repetitive web tasks into reliable self-healing workflows, businesses can scale automation with confidence.

Notte exists because the web is still designed for humans, not agents. Pure web agents can navigate it, but while they excel on benchmarks, they’re unreliable and costly in production. Traditional scripts are faster and cheaper, but a single website tweak can break them entirely.

Notte’s answer is Hybrid Agent Workflows: freeze the routine into deterministic steps; reserve LLMs for when adaptive reasoning is required. If a page changes out of hours, your flow doesn’t wait on you to redeploy - the agent adapts at runtime and carries the task to completion, armed with the necessary Agent Tooling for secure logins, identity management, payment integration, and audit-ready replays.

In short: faster & cheaper than any other fully agentic/LLM based solution, more resilient than pure Playwright/Puppeteer, and reliable enough for everything from regulated portals to high-stakes checkouts at scale.

What makes this work

Notte exposes four primitives and the runtime around them:

Observe converts a URL into compact, semantic context: what’s on the page and which elements are interactable.

Execute executes those actions as a chain. When an action is unambiguous, it runs deterministically. When a page deviates, an agent falls back to reasoning over the observed map and recovers until success.

Scrape extracts structured outputs that survive cosmetic DOM churn.

Agent orchestrates Observe, Step, and Scrape into a coherent workflow. It maintains session state and carries context across pages, ensuring tasks reach completion across multi-step workflows.

Around that core you get production tooling: hosted sessions with built-in stealth and autoscaling; vaults for credentials, MFA, SSO, and cookies; personas (emails and phone numbers) for account creation and verification flows; payments to execute card flows end-to-end; file upload/download, and session replays for audit.

What people build with Notte

1) Production-Ready AI Agents

Market and pricing monitors. Teams track competitive sites that change daily: promos, plan pages, fine print. A Notte agent spins up sessions across targets, applies filters, captures price tables, diffs changes, and posts a structured report. Unexpected banner of modal? An A/B variant landing mid-run? Deterministic steps keep moving; the agent only “thinks” when a control disappears or a layout shifts. No monitoring or script patching.

Onboarding helpers. Many customer portals have no API and tricky UX. With Vaults and Personas, a Notte flow completes login, passes MFA, verifies email/SMS, uploads documents, and returns a clean JSON outcome (plus a replay for compliance).

2) Hybrid automation for back-office ops

Tax and finance portals. Deterministic logins and form fills are fast. However credentials must be secured, and reliability demands adaptability. Coupled with a vault for security, a Notte agent only steps in when a field relocates or a PDF viewer changes. Monthly filings run without constant fixes or manual intervention.

Compliance sweeps. Scaled browser sessions fan out across regulator or licensure portals to scrape statuses and write expiring items into a queue. The variance lives in two or three steps; everything else is frozen.

3) Structured web data at scale

Catalogs and pricing. Observe exposes reliable action spaces for “Add to cart” or “Page next.” Scrape delivers structured records regardless of DOM changes.

Product catalogs. Agents traverse category pages, capture product details, normalise variants and pricing, and return clean records ready for analysis. With residential IP rotation and built-in stealth, the data flows at scale without scraping blocks.

Why Notte instead of “just Playwright” or “just an LLM”

Latency and cost. Deterministic first. Agentic only when necessary.
Reliability. Inference-time recovery when the web moves. No “fix and redeploy” loop for trivial changes.
Observability. Structured outputs plus replays. Easy to debug.
Scale. Hosted sessions with built-in stealth and autoscaling eliminate the burden of managing browser infrastructure.

Notte Execution Flow

You state the goal (“log in and download last month’s invoices”).
Observe returns a semantic map of the login page: what can be clicked, typed, or submitted.
Step executes: enter email/password from Vaults, submit, navigate to billing, open the right row, download.
If anything drifts (button renamed, table re-ordered) the agent reasons over observed context, selects the correct control, and moves on.
Scrape outputs structured data; Replay gives the exact session for verification.

No need to deal with infra overhead - define the flow, lock down the predictable steps, and let the fallback handle unexpected changes.

Production features that matter

Vaults. Credentials, MFA tokens, SSO, and cookies stored with enterprise-grade security.
Personas. Disposable emails and phone numbers for signup and verification at volume.
Payments. Controlled card entry for checkout flows and agentic transactions.
Sessions. Hosted browsers with stealth modes and autoscaling, ready for demand-fluxes.
Replays. Visual summaries and session playback to diagnose or prove what happened.
CDP compatibility. If you already have hooks or devtools workflows, you can keep them.

Looking ahead

Hybrid wins. Frozen steps plus selective reasoning is the pattern that holds up under real-world complexity - government portals, enterprise logins, consumer checkout, the lot. The answer to reliable automation: the end-user sees faster outcomes, and your team sees fewer tickets and fewer redeploys.

What will you build? Start in the Console or book a demo

Notte Vault: The Solution for AI Agent Authentication

nottelabs — Mon, 01 Dec 2025 19:50:30 +0000

Why do I need a vault?

In the evolving landscape of AI assistants and autonomous agents, one critical challenge remains: secure access to protected online resources. Today, I want to explore the concept of credential vaults for web AI agents—a system that enables agents to interact with authenticated services without exposing sensitive login information. Think of it as enabling your agent to log in to Twitter without handing your password over to OpenAI.

The Authentication Challenge

Web AI agents promise to revolutionize how we interact with online services, but their utility is significantly limited when they encounter login screens. Currently, users face an uncomfortable choice:

The Risky Route: Provide credentials directly to the LLM, creating serious security vulnerabilities.
The Automation-Killer: Manually authenticate each service before agent use, completely undermining the benefits of automation.
The Fragile Fix: Share cookies with the agent, which is error-prone and requires constant management of those pesky TTLs (Time To Live).
The Surrender: Limit agents to public-facing, unauthenticated content, effectively neutering their capabilities.

The Credential Vault: A Secure Middleman

A credential vault acts as a secure intermediary between AI agents and authentication systems, offering a way out of this catch-22. Here’s how it works:

Core Architecture

Isolated Credential Storage: Passwords and usernames are stored in an encrypted vault completely separate from the system
Zero-Knowledge Operation: The LLM never sees, processes, or stores the actual credentials
Permission-Based Access: The vault controls which services an agent can access and what actions it can perform
Secure Injection: When authentication is needed, the system injects credentials directly into appropriate fields

Step by step: Two-Phase Flow

Before Execution (Setup, once and for all):

The user securely stores their credentials within the encrypted vault.
The user grants specific AI agents permission to use a subset of credentials.

During Execution:

When an agent encounters a login prompt, it triggers an action using a placeholder value, signalling the vault to step in.
The vault replaces the placeholder with the actual, securely stored credentials.
The browser executes the action and returns an observation, which might contain sensitive data.
The vault filters out any sensitive information, providing the agent with a sanitized and secure response.

How does it work in an actual use case?

Credential vaults are about maximizing efficiency. They streamline the tedious bits so you can focus on the interesting (or, at least, the billable) tasks.

Picture this: You’re three hours deep into a coding session. Your fingers are flying across the keyboard, Stack Overflow tabs are multiplying like rabbits, and you’ve consumed so much caffeine that you can hear colors. You’re in THE ZONE™.

Then it hits you – that rumbling stomach reminder that you are, unfortunately, still human with basic biological needs.

Without a Credential Vault System: The Detrimental Distraction

Pause your coding brilliance and break your flow state.
Look for your phone (because you didn’t remember to charge it last night).
Open UberEats.
Spend 10 minutes endlessly scrolling, deciding between two meals that probably come from the same ghost kitchen anyway.
Check your notifications and end up doom scrolling until your food arrives, completely derailed from your original task.
Stare blankly at your screen. What were you coding again?

With a Credential Vault-Enabled Agent: Streamlined Sustenance

“Hey, Notte, I’m dying of starvation here. Order me something on UberEats – surprise me, but nothing too questionable.”

Your digital servant dutifully:

Authenticates with UberEats using your securely stored credentials (without judgment about how often you use the service).
Logs in and places an order based on your past preferences.
Confirms the delivery while you continue building that feature you promised your boss “would be done by Friday” three Fridays ago.

Is this peak laziness or peak efficiency? The philosophical debate continues, but your stomach is full, your code is compiling, and you’ve maintained your focus. Who’s really the winner here?

Check out an agent using a vault to log in on UberEats and order a burger example on GitHub

Conclusion

Building a credential vault for web AI agents solves one of the most significant barriers to AI automation: secure authenticated access. By keeping credentials completely isolated from the AI system while enabling authenticated interactions, we can unlock the full potential of AI agents while maintaining robust security.

The key insight is separation of concerns—keeping authentication separate from intelligence, allowing each system to focus on what it does best while working together seamlessly from the user's perspective.

Our website

Start building with Notte Vault

Web Agents That Actually Understand Websites: How Notte's Perception Layer Solves the DOM Problem

nottelabs — Fri, 27 Jun 2025 15:00:00 +0000

The fundamental problem with web agents isn't automation — it's perception. How do you teach an LLM to understand a website when it's buried in layers of HTML, CSS, and JavaScript noise?

The Technical Problem: The DOM Impedance Mismatch

Web agents have traditionally relied on brittle approaches: DOM parsing, CSS selectors, and HTML structure analysis. This creates a fundamental impedance mismatch between how LLMs process information (natural language) and how websites are structured (markup).

Consider this typical web automation approach:

driver.find_element(By.CSS_SELECTOR, "button.submit-btn.primary")
driver.find_element(By.XPATH, "//div[@class='form-container']//input[@name='email']")

What's wrong with this?

Fragility: CSS selectors break when developers change styling.
Cognitive overhead: LLMs must simulate structural reasoning instead of acting on semantic cues — inflating prompt size and increasing hallucination risk.
Context loss: Raw DOM provides no semantic understanding.
Maintenance nightmare: Every UI change requires agent updates

The disconnect between LLMs' natural language processing and websites' structural complexity creates agents that are fragile, expensive to maintain, and difficult to debug.

The Solution: Semantic Abstraction Through Perception

Notte introduces a perception layer that acts as a translation interface between websites and LLMs. Instead of forcing LLMs to parse DOM structures, it transforms raw web pages into structured, natural language descriptions that preserve semantic meaning while abstracting away implementation details.

How It Works

The perception layer converts this:

<div class="product-card-container">
  <div class="product-image-wrapper">
    <img src="/product-123.jpg" alt="Wireless Headphones">
  </div>
  <div class="product-details">
    <h3 class="product-title">Premium Wireless Headphones</h3>
    <span class="price-current">$99.99</span>
    <button class="btn btn-primary add-to-cart" data-product-id="123">
      Add to Cart
    </button>
  </div>
</div>

Into this:

Product: Premium Wireless Headphones
Price: $99.99
Image: Wireless Headphones
Available actions: Add to Cart

This transformation isn’t static — it’s context-aware and dynamic. The LLM now works with meaning instead of markup.

Architecture Benefits

1. Semantic Abstraction

Websites become navigable maps described in natural language. Instead of

driver.find_element(By.CSS_SELECTOR, ".add-to-cart")

your agent thinks: "Click the 'Add to Cart' button for Premium Wireless Headphones."

2. Change Resilience

Natural language descriptions adapt better to UI changes than selectors. When developers change CSS classes from btn-primary to button-main, the perception layer still understands it as "Add to Cart button."

When semantic intent is preserved, perception remains robust — even when markup changes.

3. LLM Optimisation

Information is presented in the format LLMs understand best — natural language with clear semantic structure. This improves reasoning, reduces hallucination risk, and shrinks prompt size.

4. Smaller Models, Better Performance

The perception layer enables smaller models (like the Llama suite) to reason effectively on simplified inputs. DOM noise is stripped away, letting inference engines focus on what matters. This allows smaller models to compete with larger ones in task-specific execution.

Code Implementation

Basic Agent Example

from notte_sdk import NotteClient

# Initialize Notte client
notte = NotteClient(api_key="your-api-key")

# Natural language task execution using the agents API
response = notte.agents.run(
    task="Find the cheapest wireless headphones under $100 and add them to cart"
)

print(response.answer)

Session-Controlled Advanced Example

from notte_sdk import NotteClient
from pydantic import BaseModel

# Define the expected response schema
class TwitterPost(BaseModel):
    url: str

notte = NotteClient()

# Advanced session management with credentials
with notte.Vault() as vault, notte.Session(
    headless=False, 
    proxies=False, 
    browser_type="chrome"
) as session:

    # Secure credential management (use env vars in production)
    vault.add_credentials(
        url="https://x.com",
        username="your-email",      # Replace with your real email
        password="your-password"    # Replace with your real password
    )

    # Create agent with session context
    agent = notte.Agent(
        session=session,
        vault=vault,
        max_steps=10
    )

    # Complex multi-step workflow
    response = agent.run(
        task="go to twitter and post: new era this is @nottecore taking over my acc. Return the post url.",
        response_format=TwitterPost  # Triggers schema validation
    )

    print(f"Posted successfully: {response.answer.url}")

Data Extraction with Structured Output

from notte_sdk import NotteClient
import json

notte = NotteClient()

# Structured data extraction using the scrape method
data = notte.scrape(
    url="https://pump.fun",
    instructions="get top 5 latest trendy coins on pf, return ticker, name, mcap"
)

# Print the result
print(json.dumps(data, indent=2, ensure_ascii=False))

Production Implications

Reduced Maintenance Overhead

When websites change their UI, natural language descriptions remain stable. Your agents continue working without constant selector updates.

Intuitive Debugging

Debug through natural language traces instead of cryptic DOM queries:

❌ Old way: "Element not found: button.submit-btn.primary"
✅ New way: "Could not find 'Submit Order' button on checkout page"

Faster Development Cycles

Write agent tasks in plain English instead of learning complex selector strategies:

# Instead of this:
element = driver.find_element(By.XPATH, 
    "//div[contains(@class, 'product-grid')]//div[contains(@class, 'product-item')][.//span[contains(text(), 'Wireless')]]//button[contains(@class, 'add-cart')]"
)

# Use this:
result = agent.run(task="Add wireless headphones to cart")

Better Multi-Step Workflows

Notte handles cookies, CAPTCHAs, and anti-bot protection while maintaining session state across complex workflows:

response = agent.run(task="""
1. Compare prices for iPhone 15 across 3 major retailers
2. Find the best deal including shipping costs
3. Check availability and delivery times
4. Generate a summary report with recommendations
""")

print(response.answer)

Performance Benchmarks

Notte outperforms all other web agents in speed, costs, and reliability by:

Reducing token usage: Less verbose DOM parsing means fewer API calls
Enabling smaller models: Semantic abstraction allows efficient models like Llama to excel
Faster inference: Ultra-high inference such as Cerebras without losing precision
Higher success rates: Natural language understanding reduces task failures

(Explore our open operator evals here).

Real-World Applications

E-commerce Automation

# Automated competitor price monitoring
response = agent.run(
    task="Check competitor pricing for wireless headphones on Amazon and Best Buy, compare with our $99 target price"
)

Lead Generation

# Professional outreach automation
response = agent.run(
    task="Find 20 startup founders in the AI space on LinkedIn who recently posted about funding, extract their contact info"
)

Market Research

# Automated market intelligence using the scrape endpoint
data = notte.scrape(
    url="https://www.g2.com/categories/project-management",
    instructions="Extract the top 5 project management tools with their pricing, ratings, and key features for competitive analysis"
)

The Bottom Line

Traditional web agents force LLMs to think like web scrapers.

Notte lets them think like decision-makers — understanding what to do, not just where to click.

This isn't just about making agents work better. It’s about making them maintainable, debuggable, and production-ready. When your agent understands “find the cheapest flight” instead of parsing div.flight-result-container > span.price-value, you've solved the fundamental problem of web automation.

Build web agents that understand meaning, not just markup.

Get Started

Ready to build agents that actually understand websites?

Notte Creator Program

nottelabs — Mon, 09 Jun 2025 18:34:07 +0000

The Notte Creator Program is live 🚀

Build with the Notte SDK and earn $100 worth of nuit crypto.
Dev or not, this is your invite to show what agents can do.

Here’s how to qualify:

1. Use the Notte SDK

Your demo must clearly show Notte being used to perceive, navigate, and act on the web. Exceptional, creative, or high-signal demos can earn up to $250 — the best of the best

2. Share a public demo

Post your demo on X (thread preferred) — this is required for payout.
You can also cross-post to YouTube or your blog.

Real content. Real use.

3. Share your code

Your GitHub repo must be public and include full code.
Submit it via the form — we want to see exactly how you used Notte.

Remember to tag @nottecore if you’re posting on X.

4. Submit to claim your reward 💥

Submit → https://nottelabs.notion.site/207d3a1ca7cf80a49d00c63eedd167b9?pvs=105
Docs → https://docs.notte.cc/side/introduction/what-is-notte
Github → https://github.com/nottelabs/notte

Let’s see what you build.

Originally posted on X: https://x.com/nuitdotfun/status/1932135970939256927