The platform
100 capabilities that
compound over time.
Most browser-automation tools are wrappers around Chromium. Kynetra is a platform: a data flywheel, an integration surface, native engineering, a security posture, and workflow leverage that compound switching cost the longer you use it.
Native performance (10)
Engineering choices an Electron competitor cannot retrofit. Per-platform native shells, Rust core.
- #21Shipped
Native shells per OS, not Electron
macOS SwiftUI, Windows Win32 + WebView2 + Mica, Linux GTK4 + WebKitGTK, Android Compose. Cold start under 250 ms on desktop. Competitors on Electron carry a 200 MB tax forever.
- #22Shipped
Rust storage & policy core
One kynetra-core crate, identical semantics across every client. SQLite-backed, parking_lot for hot paths, deterministic across platforms.
- #23Shipped
WebView pool, no recreate on tab switch
Tabs reparent the visible WebView; never destroy. Tab switching is sub-frame across all 4 platforms.
- #24Roadmap
Speculative next-action prerender
Predict the next URL an agent or human will navigate to and pre-warm the WebView. Common nav patterns return instantly.
- #25Roadmap
Compiled selector cache
CSS / XPath compiled once per host and reused across the fleet. Hot-path extraction has zero parse overhead.
- #26Roadmap
WASM in-page DOM-diff engine
Change detection runs inside the page in WASM, sub-millisecond per diff. No round-trip to a Node service.
- #27Roadmap
Snapshot delta compression
Page history stored as binary deltas (Brotli-compressed structural diffs). 50x smaller than raw HTML; year-long change history fits in a Postgres row.
- #28Roadmap
Geo-distributed edge fetchers
Anycast fetch nodes in 30+ regions; sticky IP per profile per region. Sites that geo-fence don't see a US data center.
- #29Roadmap
BYO residential proxy with health scoring
Pluggable residential and mobile proxy networks. Per-pool success/latency scoring; failing IPs auto-rotated. Customers keep their proxy contracts.
- #30Roadmap
Headless to headed escalation
Start headless; on detected challenge (captcha, fingerprint probe), seamlessly hand off to a visible browser, solve, hand back. No restart, no session loss.
Security & trust (10)
The compliance posture enterprise procurement actually asks for. Built in from day one.
- #31Shipped
Permission broker with confirm-on-risk
Every privileged action passes through kynetra-bridge: scope-checked, logged, signed. High-risk verbs (file write, money-mover, account-creator) require explicit confirm unless pre-authorized in policy.
- #32Roadmap
SOC 2 Type II + ISO 27001 + HIPAA Mode
HIPAA Mode disables cloud AI, browser memory, and telemetry. Required for healthcare, federal, and FSI buyers; competitors who launched as 'agent toys' can't bolt this on.
- #33Roadmap
Customer-managed encryption keys
BYOK / CMEK for stored artifacts. Customer revokes the key, the data is unreadable, end of story. Required for regulated workloads.
- #34In progress
EU residency + FedRAMP Moderate path
EU-only Postgres and object storage tier already isolated. FedRAMP Moderate ATO on the roadmap; once granted, it's a multi-year incumbent advantage.
- #35In progress
Immutable audit log (WORM Merkle)
Append-only, hash-chained, exportable. Auditors can verify no event was deleted or back-dated. Survives subpoena.
- #36Roadmap
Kernel-enforced profile isolation
User-namespace sandboxing on Linux, Hardened Runtime + Sandbox profile on macOS, AppContainer on Windows. Cross-profile cookie/storage access is impossible, not just policy.
- #37Shipped
Capability-based MCP tokens
Tokens declare scopes; the broker enforces. A compromised agent token grants only what was inscribed, not the calling user's full permissions.
- #38Roadmap
Cryptographic run attestation
Every workflow run produces a signed manifest of inputs, code hash, model versions, and outputs. Third parties verify provenance without trusting Kynetra's database.
- #39Roadmap
Differential privacy on telemetry
Aggregate intelligence (the Atlas index) is computed under DP guarantees. No single customer's job can be reconstructed from public aggregates.
- #40In progress
No-training-on-customer-data, technically enforced
Customer data flows into a separate VPC with blocked egress to model providers' training endpoints. Contractual + network-level enforcement. Required by every enterprise legal review in 2026.
AI & agent intelligence (10)
On-device model routing, semantic memory, and guardrails that make agents cheaper, faster, and safer the more they run.
- #51In progress
Model router (cost/latency/quality-aware)
Routes each agent call to the cheapest model that satisfies the declared quality floor and latency SLA, cutting inference cost by 40-70% on typical workloads without changing output quality.
- #52In progress
Semantic page memory
Embeds visited-page summaries into a per-profile cosine-similarity vector store so agents can retrieve relevant prior context without replaying entire sessions.
- #53In progress
Action recorder
Captures agent action sequences into parametrized, replayable macros stored as versioned artifacts, turning one-off LLM decisions into deterministic, auditable sub-routines.
- #54In progress
NL workflow compiler
Parses natural-language task descriptions into a validated, executable action graph using a constrained grammar, so agents spend zero tokens re-planning steps they already compiled.
- #55In progress
Summary cache
LRU cache keyed by content hash stores page summaries so repeated visits within a session return the summary without a model call, reducing token spend on crawl-heavy workflows.
- #56In progress
Smart form autofill
Maps structured profile schema fields to form inputs via heuristic label/name/type matching, filling forms correctly without requiring explicit selectors in the agent's instruction.
- #57In progress
Extraction confidence scorer
Assigns a 0-1 trust score to each extracted field from selector stability, value type conformance, and cross-source consistency signals, letting pipelines reject low-confidence records automatically.
- #58Shipped
Guardrail policy engine
Evaluates every pending agent action against a declarative allow/confirm/deny policy keyed on verb and target domain, blocking unsafe actions at the kernel bridge before they reach the browser.
- #59In progress
Task planner
Decomposes a high-level goal into an ordered, dependency-aware sub-task graph that the agent executor can checkpoint, resume, and parallelize without re-querying the LLM for structure.
- #60In progress
Prompt template library
Versioned, named prompt templates with typed slot rendering let teams iterate on prompts in one place and guarantee every agent run uses the pinned version declared in its manifest.
Privacy & anti-fingerprint (10)
Per-profile, internally-consistent fingerprints and tracker defense that synthetic-fingerprint competitors cannot match.
- #61Shipped
Canvas noise injector
Injects per-profile deterministic sub-perceptual noise into canvas pixel reads so every profile produces a unique, stable fingerprint without visible rendering artifacts.
- #62In progress
WebGL fingerprint spoofing
Returns realistic, internally-consistent per-profile GPU vendor and renderer strings from a corpus of real device records, defeating WebGL-based device fingerprinting probes.
- #63In progress
AudioContext randomization
Applies per-profile deterministic gain perturbation to AudioContext output so oscillator-based fingerprint probes observe a consistent but unique acoustic signature per profile.
- #64In progress
Font enumeration blocking
Restricts font probing to a configurable per-profile allowlist so that CSS and JavaScript font-enumeration fingerprinting sees only the declared set, not the host system's full font stack.
- #65Shipped
Timezone/locale spoofing
Binds timezone, locale, and Accept-Language headers into a single consistent per-profile identity so any cross-signal correlation check produces one coherent location, not contradictions.
- #66In progress
WebRTC leak prevention
Intercepts ICE candidate gathering at the browser API layer and strips local IP addresses before they reach JavaScript, eliminating the most common VPN-bypass fingerprint vector.
- #67In progress
User-Agent rotation policy
Selects and locks a consistent User-Agent string per profile that matches the declared OS and hardware, preventing UA-to-platform mismatch signals that anti-bot systems flag.
- #68In progress
Cookie jar isolation
Partitions cookie storage at the kernel level per profile so cross-profile cookie sharing is impossible by construction, not just a browser policy that privileged code can bypass.
- #69Shipped
Tracker blocklist engine
Applies EasyList-style domain and path matching rules at the network layer before requests leave the browser, blocking trackers with zero JavaScript overhead.
- #70In progress
Referrer policy enforcement
Rewrites or strips Referer headers according to spec-correct downgrade rules for each request, preventing cross-origin referrer leakage that fingerprinters use to map browsing graphs.
Data pipeline & export (10)
Streaming writers, dedup, validation, lineage, and reliable delivery — the plumbing between a crawl and your warehouse.
- #71In progress
Streaming writers
Flushes extracted records as NDJSON, CSV, or columnar (Parquet) directly to any configured sink without buffering the full dataset in memory, enabling sub-second delivery for large crawls.
- #72In progress
Schema versioning
Tracks ordered record migrations across schema versions so downstream consumers always receive records in the shape they declared, even when the extraction schema evolves.
- #73In progress
Dedup engine
Computes canonical-JSON SHA-256 content hashes per record and suppresses re-delivery of identical content, keeping downstream warehouses clean without requiring customer-side dedup logic.
- #74In progress
Incremental crawl diffing
Computes added, changed, and removed record sets across consecutive crawl runs so pipelines can process only deltas instead of re-ingesting the full dataset on every run.
- #75Shipped
Validation rules engine
Evaluates per-field required, type, regex, range, and oneof constraints at write time, rejecting malformed records before they reach the sink and generating a validation failure report.
- #76In progress
Webhook delivery
Delivers crawl events to customer endpoints with exponential backoff retries and a dead-letter queue for failed deliveries, guaranteeing at-least-once semantics without customer infrastructure.
- #77In progress
Sink connectors
Ships extracted data to in-memory buffers, local files, or any S3-compatible object store via a uniform put-object interface, requiring no sink-specific driver code in the extraction workflow.
- #78In progress
Data lineage tracker
Records a source-to-output provenance DAG for every record, storing which URL, selector, run, and schema version produced each field value so auditors can trace any output back to its origin.
- #79In progress
PII redaction filter
Scans extracted text fields for email addresses, phone numbers, payment card numbers, and SSNs using pattern matching and masks them before writing to any sink.
- #80In progress
Export throttler
Applies a per-sink token-bucket rate limit measured in records per second, preventing a bursty crawl from overwhelming downstream ingest pipelines or triggering API quotas.
Observability & ops (10)
OpenTelemetry traces, Prometheus metrics, SLA burn-rate, tamper-evident audit — the operational surface enterprises require.
- #81In progress
Structured event log
Emits trace-correlated JSON-lines events for every agent action, network request, and extraction result so operators can stream logs into any observability backend without custom parsing.
- #82In progress
Per-host crawl health
Maintains rolling p50 and p95 latency counters plus success/failure rates per target host, surfacing degraded hosts in the operations dashboard before they cause job-level failures.
- #83In progress
Cost attribution ledger
Accumulates per-category and per-org cost totals from model inference, proxy bandwidth, and compute usage, enabling chargeback and budget alerting without custom accounting pipelines.
- #84In progress
SLA monitor
Evaluates configured SLO targets — job completion latency, extraction success rate, uptime — against rolling windows and computes burn rate to alert before the error budget is exhausted.
- #85Shipped
Distributed trace propagation
Parses and formats W3C traceparent headers on every outbound request and agent event so traces from Kynetra-initiated work appear as connected spans in any OpenTelemetry-compatible backend.
- #86In progress
Error budget tracker
Computes remaining error budget from the declared SLO target and current failure rate, displaying how many hours or requests remain before the budget is consumed this window.
- #87In progress
Prometheus metrics exporter
Exposes all internal counters and histograms in the Prometheus text exposition format on a configurable scrape endpoint, enabling zero-config integration with existing Prometheus stacks.
- #88In progress
Audit log query API
Provides a query interface over the hash-chained, tamper-evident audit log so compliance tools can retrieve and verify the integrity of any event range without database access.
- #89In progress
Performance flamegraph capture
Folds per-run CPU sample stacks into collapsed-stack format and serves them as interactive flamegraphs, so engineers can pinpoint hot extraction code paths without profiling infrastructure.
- #90In progress
Anomaly detection
Applies EWMA smoothing and z-score thresholding to key metrics so transient spikes in error rate, latency, or cost trigger alerts without a manual threshold needing to be maintained.
Data flywheel (10)
Every job a customer runs makes the platform measurably better for the next customer.
- #1Roadmap
Glean Atlas — shared site-shape index
Anonymized aggregate of which selectors, fetch strategies, and rendering paths work per host. Every customer's job improves day-1 extraction quality for the next customer. Differentially private; no per-tenant content stored.
- #2Roadmap
Selector graveyard & auto-repair
When a target site changes layout, the platform detects breakage across the fleet within minutes and proposes new selectors from collective drift. Customer jobs heal without an engineer touching them.
- #3In progress
Per-host fetch routing classifier
Each host is classified once (static HTML vs JS-required vs auth-gated vs anti-bot) and cached fleet-wide. New customers skip the trial-and-error tax.
- #4Roadmap
Action-prior memory
Recurring agent micro-actions — dismiss cookie banner, click 'show more', accept terms — memorized per-host. New agents skip the discovery phase.
- #5Roadmap
Robots & ToS index
Pre-parsed compliance rules for the top 1M hosts, refreshed daily. Customers get policy enforcement without writing it.
- #6Roadmap
Schema marketplace
Versioned, community-contributed Glean schemas for common targets (e-commerce product, jobs board listing, SEC filing). Curated, signed, with quality scores.
- #7Roadmap
Fingerprint corpus
Opt-in real-device canvas / audio / font fingerprint samples make stealth profiles statistically plausible, not algorithmically generated. Anti-detection competitors using synthetic fingerprints can't match coverage.
- #8Roadmap
Captcha provider intelligence
Which solvers succeed against which providers on which hosts, scored continuously. Routing picks the cheapest provider that will actually work.
- #9Roadmap
Pre-crawled sitemap & feed index
Top-host sitemaps and RSS/Atom feeds cached centrally. Crawl seeding starts populated; first page returns in milliseconds, not the round-trip to sitemap.xml.
- #10Roadmap
Change-detection baseline pool
Visual and DOM baselines for popular monitored pages are shared, so a brand-new monitor has a 30-day history on day one instead of starting cold.
Ecosystem reach (10)
Integration surface so wide that ripping Kynetra out means rewriting a half-dozen workflows.
- #11Shipped
MCP-first agent interop
First-class support in Claude, Cursor, Windsurf, ChatGPT, LangChain, CrewAI, AutoGen. Every framework an agent author tries already has a Kynetra connector.
- #12In progress
Native SDKs (TS, Python, Go, Rust)
Idiomatic SDKs with the same call surface against local CLI, local daemon, or cloud. Switching to a competitor means rewriting agent code, not just URLs.
- #13Roadmap
kynetra CLI
Cross-platform CLI shipped via brew, winget, apt, dnf, npm, cargo. Developer touchpoint daily. Once it's in shell history, replacement cost is high.
- #14Roadmap
VS Code extension
Replay agent traces, inspect captured DOM snapshots, set breakpoints in workflows from the editor.
- #15Roadmap
JetBrains plugin
Same surface for IntelliJ, PyCharm, GoLand, RustRover users. Critical for the Java/Python data-engineering buyer.
- #16In progress
Chrome DevTools Protocol passthrough
Playwright and Puppeteer connect to a Kynetra-launched profile via CDP unchanged. Zero-friction migration off Playwright. They keep their test suite; we get the audit log and policy enforcement.
- #17Roadmap
Selenium Grid endpoint
Emulate a Selenium Grid hub so legacy CI suites point at Kynetra without code changes. Captures the long-tail enterprise QA buyer.
- #18Roadmap
n8n, Make, Zapier connectors
Non-engineers compose Kynetra into automation graphs. Every workflow built in n8n on top of Kynetra is a customer retention contract.
- #19Roadmap
Webhook router with replay & DLQ
Every Kynetra event (job done, change detected, agent error) becomes a webhook in the customer's stack. Replay and dead-letter queues mean it's load-bearing within a month.
- #20Roadmap
Public agent gallery
Curated, parametrized workflow templates published by authors with attribution. SEO surface and discovery flywheel; competitors need both the gallery and the audience.
Workflow leverage (10)
Per-customer artifacts (workflows, profiles, schemas) that compound switching cost over time.
- #41Roadmap
Workflow versioning with branches and PRs
Workflows have main/dev branches, diffs, code review, blue-green promotion. Teams managing 100+ automations treat them like software, not scripts.
- #42Roadmap
Live workflow debugger
Step through an agent's last 1,000 actions with the DOM at each step rendered alongside the LLM's reasoning trace and tool calls. No competitor offers this.
- #43Roadmap
Action replay sandbox
Re-run any historical workflow against the live site with old DOM and new DOM side-by-side. Diagnose breakage in minutes, not days.
- #44Shipped
Cost budgets with hard caps
Per-org, per-workflow, per-model-provider budgets enforced by the router. Surprise AI bills are impossible by construction.
- #45Roadmap
Cross-profile workflow hand-off
A recruiter profile fetches a LinkedIn URL; a research profile receives the URL (not the session) and continues without breaking isolation. Required for real-world agent orchestration.
- #46Roadmap
Visual workflow builder with code export
Drag-drop graph for non-engineers; one-click export to TypeScript or Python. Bridges the no-code to code chasm both directions.
- #47Roadmap
Restorable tabsets with full context
Save a working session — tabs, scroll positions, form drafts, cookies, sidebar state — and restore exactly weeks later. Power-user retention feature.
- #48Roadmap
Multi-agent supervision wall
Watch 50 agents work across a grid of live thumbnails; click any to take over. Operations teams running large agent fleets need this; nothing else exists.
- #49In progress
Inline AI sidebar bound to the page
Ask, summarize, extract a table, draft a reply — every response cites DOM coordinates so the user can verify. Not a chatbot bolted on; tied to live page state.
- #50Roadmap
Deterministic record-replay on the live web
Record a session; deterministically replay it later even if the target site has changed, using captured network responses. The 'rr' of browser automation. Time-travel debugging across changing reality.
Collaboration & multi-tenant (10)
RBAC, approvals, quotas, billing metering, SSO — the team and governance layer that turns a tool into a platform.
- #91Shipped
Org/team/role RBAC
Resolves effective permissions by taking the most-restrictive intersection of org-level, team-level, and role-level grants, so privilege escalation through role composition is impossible.
- #92In progress
Shared workspace presence
Broadcasts heartbeat-based active-member presence within a shared workspace so collaborators see who is viewing or editing a workflow in real time without polling.
- #93In progress
Comments & annotations
Attaches threaded, resolvable comments to any workflow node, run result, or extracted record, giving distributed teams a review surface without leaving the platform.
- #94In progress
Approval workflows
Requires a configurable N-approver quorum before high-risk agent actions — credential changes, bulk deletes, external API calls — execute, with the approval chain recorded in the audit log.
- #95In progress
Usage quotas
Enforces per-team monthly caps on crawl volume, agent compute, and export bytes with automatic reset on the billing cycle, preventing any single team from exhausting shared infrastructure.
- #96In progress
Per-user audit trail
Records every user action — workflow edits, profile changes, approvals, data exports — in an immutable, per-user action log that satisfies enterprise data governance review requirements.
- #97In progress
SSO/SAML connector
Parses SAML 2.0 assertions from any compliant IdP and maps assertion attributes to Kynetra roles, enabling enterprises to manage access entirely through their existing identity infrastructure.
- #98Shipped
API key management
Stores API keys as bcrypt-hashed secrets with declared scope sets and provides a one-click revoke that invalidates the key across all services within one second.
- #99In progress
Billing usage metering
Accumulates metered line items per usage dimension — pages crawled, agent minutes, data egress — and computes prorated charges for mid-cycle plan changes without manual accounting.
- #100In progress
Notification center
Routes in-app and email notifications for job completions, SLA alerts, approval requests, and quota warnings with per-user read/unread state tracked server-side.