You can do almost anything in your browser. Your agents should be able to as well. But when agent products are built on top of existing browsers, they inevitably run into captchas, login failures, and blocked sessions.
Rotunda is a browser forked from Firefox and honest about fingerprinting. It's designed so the agent on your laptop can surf the web the way you do - locally, on your home network, outside of the arms race.
A human types g - i - t - h - u - b over the course of a second, with a missed key here and a stutter there. You jerk your mouse toward a button, overshoot, then come back to click.
Naive automation does none of that. It positions the cursor at (312, 487) and clicks. It invokes fill() and the input appears. Both take practically zero milliseconds to run and submit. Good for efficiency, horrible for delegating your work. Modern fingerprinters wait for precisely this - and one tell is enough to label your entire session as a bot. And because fingerprinting stays with you across sites, once your device is blocked it stays blocked.
That's why automating Claude in a browser sees more captchas than you do. That's why your agent loops on a login page while you sail through. Models are amazing at issuing commands; regular browsers are not good at executing them.
A human misses keys. A bot doesn't.
But Rotunda does.
Okay, so let's say we don't want to get detected by these bot blocks. We could try overwriting the most common Javascript that leaks agent control.
Maybe we try overwriting navigator.webdriver as the first step. Then we see them using GPU detection, so we patch our VM's WebGL to claim another GPU. Then we spoof a Mac on a Linux box. Even if it passes for a week, it won't last. It just takes a fingerprinter checking whether the function implementation is native. When it isn't, you're flagged.
The surface area of the modern web is huge: canvas, audio drivers, font lists, screen metrics, RTC stacks, codec support, timing jitter. The old days of a simple web are long behind us. Every API is another way for companies to measure your machine. And as fingerprinting goes from ad-hoc rules to statistical models, telling a convincing lie gets mathematically harder every quarter.
Our view: you can't lie about your fingerprint convincingly. Claiming a Linux software renderer is a Mac M4 is eventually going to fail. So don't do it.
Rotunda inverts the contract. We tell the truth about the machine and spoof only things humans actually vary on - installed fonts, loaded extensions, screen size. Ten M4 laptops all visiting the same site at the same time? Plausible. A Linux GPU spoofing macOS? Not a chance.
Fingerprint surfaces a modern site can probe in a single load.
Anomalous return value is enough to flag the entire session.
Cost of properly patching every stealth surface.
No spoofed navigator.platform. No fake canvas hashes. The signature is what it looks like because it is what it is.
We vary based on what real users vary. We don't vary on things that hardware fixes. That way your context can't be distinguished from any other human on a 14" MacBook in your timezone.
CDP is the conventional protocol that agents/playwright uses to control Chrome. But it's an inherent leaky stack that exposes your control logic to the remote site. Even patched Chromium at the C++ often leaks. We use Firefox's Juggler protocol because it's isolated from the page context - so the site can't see the commands you run. The driver is invisible at the protocol layer.
Naive automation teleports the cursor and fills inputs in zero milliseconds - the exact tell modern fingerprinters wait for. We trained a custom ML model on actual human mouse paths so your automations will overshoots, settles, then clicks the way a hand does. Keystrokes carry cadence, with the occasional miss-and-correct that no robot would type. The driver is invisible at the input layer too.
Rotunda is designed for the laptop in your bag and the Mac mini in your closet. It's build specifically for offloading work to an agent already running on your home network, behind your IP, masquerading as just another tab in your day.
The story of LLMs and Agents were mostly locked into the cloud and backed by farms of GPUs. That all changed in 2026. OpenClaw and Hermes moved the loop onto your machine - onto your messaging apps, your terminal, your hardware. Suddenly there are millions of local agent loops, all looking for a way out to the open web. Whether you're still using a cloud frontier model or locally hosting, your loop is running on device.
Cloud crawlers look like crawl farms because they're often scraping public sites at scale. What a personal agent needs is a browser that looks like its operator- because the agent is, by definition, acting on the operator's behalf.
If OpenClaw and Hermes are the brains, Rotunda is the body. Put them together and you get something that until now was deeply hard to build: an agent that can log into your tools, file a refund, RSVP to a calendar invite, and do it from your kitchen without the site ever knowing the difference.
The lobster-shaped agent that lives in your messaging apps. Telegram, Signal, iMessage, terminal - one inbox, one daemon, one set of skills. Rotunda equips it with a browser that isn't refused entry at the door.
openclaw.ai →Persistent memory, auto-generated skills, FTS5 cross-session recall. Hermes picks up context the longer it's active. Rotunda provides a venue to act - beyond the API, on the live web.
hermes-agent →We expose a rich CLI for every action your agent will have to take on the open web. This includes opening a tab, describing the DOM, clicking a ref, filling a field, taking a screenshot, and saving a download.
Returns LLM-friendly element refs for everything on the page (instead of pixels). Cheap on context and accurate in representation.
Humanized keystroke cadence with the occasional miss-and-correct. fill replaces, type appends.
Mouse moves along a predicted path, overshoots, settles. Pressure events fire in order.
Page → text, HTML, markdown, links, or form metadata. Pick the shape your agent wants.
Persistent browser profiles per agent - cookies, sessions, downloads, history - under ~/.rotunda.
# 1. install + create a profile for the agent $ uvx rotunda fetch $ uvx rotunda agent new-profile --name hermes # 2. open a context, navigate $ uvx rotunda agent new-context hermes → page index 3 $ uvx rotunda agent navigate 3 https://github.com # 3. describe the page → element refs $ uvx rotunda agent describe 3 → ref a1: input#search "Find articles…" → ref a2: button "Subscribe" # 4. drive it like a person $ uvx rotunda agent fill a1 "why local agents" $ uvx rotunda agent press a1 Enter $ uvx rotunda agent screenshot 3 --full-page $ uvx rotunda agent stop 1
Rotunda gives you a Playwright browser and context right out of the box. Everything you've already wired up - locators, selectors, events - works natively. The difference is what shows up in the network panel of the site you're talking to. Nothing to flag - which means easier automations with fewer workarounds.
If all you want to do is crawl, we're not the right choice. Try a cloud provider with rotating IPs. Rotunda is about outsourcing real work for you: the agent on your laptop, on your network, logged in as you.
from playwright.sync_api import sync_playwright from rotunda import NewBrowser, NewContext with sync_playwright() as pw: browser = NewBrowser(pw, headless=False) context = NewContext(browser) page = context.new_page() page.goto("https://github.com") article = page.locator("main article").first print(article.inner_text()) browser.close()
$ uvx rotunda fetch $ uvx rotunda agent new-profile --name me $ uvx rotunda agent new-context me → ready. attach OpenClaw or Hermes.
Rotunda installs as a Python package through uv, downloads its already-patched Firefox build, and creates a profile for each agent under ~/.rotunda. No hosting layer required. No telemetry. The browser is yours.
You can certainly try! But it's slow, it fills your context window with screenshots, and it can't see anything outside the viewport. Direct DOM refs are cheaper and more reliable - but they require driving the browser, which is the part everyone fingerprints for. Rotunda addresses the driving problem, not the seeing problem.
No. Stealth plugins lie about your fingerprint and get outsmarted by statistical detection. Rotunda passes something closer to your actual fingerprint but obfuscates the automation signal- the stuff sites blacklist for, because automation generates it and people don't.
You shouldn't. Browserbase, Kernel and ScrapingBee are services built for massive-scale public-site crawling. Rotunda is for the residential, one-operator-at-a-time case - a personal agent acting for you, from your network.
A patched Firefox controlled through Juggler instead of Chrome using CDP. We use Firefox because Juggler has no context on the page, so the site can't inspect the driver. Thanks to daijro for the original Firefox patching work.
Yes. Both are local-first agents that already shell out to subprocesses for tools. Point them at uvx rotunda agent and they get a full browser primitive - describe, click, fill, screenshot, extract.
First, open the same site manually in Chrome or Firefox. If they get flagged too, it's probably your IP reputation. If only Rotunda gets caught, turn on ROTUNDA_DEBUG_DUMP and file an issue with the dump - it captures every JS call the site made, what we returned, and what they flagged.