01
Real websites fight back
CAPTCHAs, 2FA prompts, cookie banners, modal dialogs, and consent walls stop otherwise capable agents cold.
Human-in-the-loop handoffs for browser agents
When your agent gets stuck, your phone takes over.
BatonPass freezes the browser session, beams the blocked moment to the operator's phone, lets them clear the challenge in seconds, then resumes the agent exactly where it left off.
4.8 s
Human assist
96.2%
Recovery rate
387
Handoffs /30d
Frozen handoff
FirstNorthBank demo
Statement center
Demo account
Open statement center
Complete
2
Choose April statement
Queued
Verify session
In progress
4
Download PDF
Queued
Human check
Verify to continue
Bridge
Bike
Light
Bus
Crosswalk
Tree
Session frozen
Handoff link active · Agent paused
9:41 5G
BatonPass
Secure agent handoff
Your agent needs help
FirstNorthBank demo is asking for human verification.
SessionFrozen
ControlUser approved
Challenge
ReadyYour agent needs help
Tap to take over for 5 seconds.
Choose your interruption
Six failure modes, one handoff.
Each tile launches /demo/playground pre-configured for that interruption. Real ULIDs, real backend, real phone PWA.
32% of stuck events
CAPTCHA
Site shows reCAPTCHA / hCaptcha / Cloudflare Turnstile
→ Tap the I'm-not-a-robot checkbox
28% of stuck events
2FA / OTP
Site demands 6-digit code from authenticator app or SMS
→ Read code from your authenticator → tap to type
11% of stuck events
Cookie consent
GDPR / CCPA cookie banner blocking interaction
→ Tap Accept / Reject (or set policy to auto-decline)
14% of stuck events
Approval required
Workflow demands human sign-off (e.g., production deploy)
→ Tap Approve or Deny with optional reason
9% of stuck events
Checkout interruption
Payment provider step (3DS challenge, card verification)
→ Confirm via authenticator app, tap Continue
6% of stuck events
Unknown modal
Novel UI pattern the agent has never seen — judgment call needed
→ Read it, decide, tap. Operator pattern saved for next time.
Interactive demo theatre
One unforgettable recovery moment.
Run the handoff from agent failure to finished task. It is the exact moment customers understand why BatonPass exists.
Step 1: Agent is working
Agent opens FirstNorthBank demo portal and starts the statement-download workflow.
Agent working
FirstNorthBank demo
Statement center
Demo account
Open statement center
Complete
Choose April statement
In progress
3
Verify session
Queued
4
Download PDF
Queued
Agent running
Finding the latest statement
Browser agent is navigating the portal, selecting the right account, preparing the download.
9:41 5G
BatonPass
Secure agent handoff
Your agent needs help
FirstNorthBank demo is asking for human verification.
SessionFrozen
ControlUser approved
Challenge
IdleThe failure mode
Agents are powerful until the web asks for a human.
The agent does not need a better retry loop. It needs a graceful way to ask for help at the exact point real websites become human-only.
02
Retries burn trust
Most agents fail, loop, or notify the user long after the moment has passed. Workflow feels brittle.
03
Broken demos kill momentum
A single popup can turn a perfect investor demo or onboarding flow into a support ticket.
The BatonPass loop
Pause. Beam. Resume.
BatonPass turns stuck browser automation into a fast, secure human assist flow that preserves momentum instead of abandoning the task.
01
Detect the stuck moment
BatonPass listens for browser interruptions and classifies the point where human input is required.
02
Beam it to the phone
The frozen browser state is streamed to the operator through an encrypted real-time handoff session.
03
Resume with approval
After the operator solves the blocked step, the agent resumes only when they tap Resume.
Where it matters
For the messy parts of the internet.
BatonPass is not for the happy path. It is for the popups, prompts, and consent gates that decide whether an agent actually finishes.
Downloading bank statements
Handoff-ready interruption recovery
Confirming a 2FA login
Handoff-ready interruption recovery
Solving a CAPTCHA
Handoff-ready interruption recovery
Handling checkout interruptions
Handoff-ready interruption recovery
Approving sensitive actions
Handoff-ready interruption recovery
Fixing weird website popups
Handoff-ready interruption recovery
Who pays
The completion layer for agent companies.
Every browser-agent vendor wants the same thing: more completed tasks, fewer confused users, and demos that survive real websites.
Built for teams shipping agents
Consumer AI agent companies
Browser automation startups
AI assistant platforms
Computer-use power users
Enterprise workflow automation teams
Why they buy
Higher task completion rate
Lower user churn
More trust in agents
Faster recovery from real-world failures
Better demo reliability
Trust and security
Human help without handing over the keys.
BatonPass is designed for sensitive workflows where the operator should stay in control. The agent pauses, the human clears only the blocked step, and automation resumes only after explicit approval.
No password storageExplicit resumeEncrypted streamSOC 2 in audit (Q3 2026)
No password storage
BatonPass never sees, requests, or stores user credentials. Operators only see what the agent already had access to.
Encrypted handoff session
Browser snapshot + control channel are end-to-end encrypted between agent-host and operator phone. WebRTC DTLS-SRTP.
User-authorized control
Each handoff requires explicit operator action — no autonomous credential entry. Session expires after solve.
Sensitive fields redacted
Pre-configured patterns (SSN, card numbers, banking PII) auto-masked in audit log + replay.
Expiring handoff links
Mobile PWA URLs are single-use, signed, and expire in 60s by default. No replay possible.
Developer experience
Drop into your existing Playwright loop in 60 seconds.
The wrapper inherits your `Page`. When the agent gets stuck, BatonPass takes over without your script noticing — the next line of code runs after the human assist completes.
npm install @batonpass/playwright
import { wrapWithBatonPass } from '@batonpass/playwright';
import { chromium } from 'playwright';
const browser = await chromium.launch();
const page = await browser.newPage();
const baton = wrapWithBatonPass(page, { apiKey: process.env.BATONPASS_API_KEY, agentId: 'outbound-sf-v3' });
await baton.run(async () => {
await page.goto('https://salesforce.com/login');
await page.fill('#username', user);
await page.fill('#password', pass);
await page.click('button[type=submit]');
// 2FA modal appears here? BatonPass auto-detects, hands off to phone.
// When operator solves, this `await` returns and the agent continues.
await page.click('a[href*="/lightning"]');
});
1. Wrap
Pass your Playwright page through wrapWithBatonPass().
2. Detect
SDK detects CAPTCHA / 2FA / approval modal patterns automatically.
3. Resume
After the operator solves it on the phone, your script picks up the same `await`.
Audit timeline
Eight audit events per handoff. Always logged. Always queryable.
The 13-state lifecycle engine emits structured events into the audit log. Compliance teams export SOC 2 / HIPAA / GDPR-formatted JSONL from /app/audit.
+0.0s
agent.started
Resumed from checkpoint at 03:42:00
step 1 / 8
+0.2s
stuck.detected
DOM contains [data-testid='2fa-modal'], no autofill keys
step 2 / 8
+0.4s
handoff.created
State frozen, snapshot 47KB
step 3 / 8
+0.5s
notification.sent
Voice call placed to +1 415 555 0177
step 4 / 8
+5.6s
user.opened
Phone PWA loaded /m/h_01HXYZ001
step 5 / 8
+7.2s
challenge.solved
2FA code 847291 submitted
step 6 / 8
+7.3s
agent.resumed
State restored, browser at salesforce.com/lightning
step 7 / 8
+12.0s
task.completed
Original task: prospect_outreach_batch_44 finished
step 8 / 8
Pricing
Pay for handoff success, not seats.
Tiers map to active_agents × handoffs/month × audit retention × escalation channels — the four meters that actually scale.
Prototype with one agent
Free
$0
forever
- 1 active agent
- Mobile PWA handoff
- Push notification
- 7-day audit log
- Community support
Best for: Solo developers prototyping agent reliability
Agent teams + handoff queue
Team
$199
per month
- Up to 25 active agents
- Handoff queue + claim/release
- Push + SMS + email notifications
- 90-day audit log
- Up to 5 operator seats
- Domain allowlist
- Email support
Best for: Sales/RevOps teams running outbound agents
High-volume automation teams
Fleet
$899
per month
- Up to 200 active agents
- Voice escalation (Bland AI)
- Slack + PagerDuty integration
- 365-day audit log
- Custom policy builder
- Dedicated CSM
- Priority support
Best for: Research labs, ops teams, deploy automation
Security, audit, SSO, custom retention
Enterprise
Custom
annual contract
- Unlimited everything
- SSO (Okta, Azure AD, Google Workspace)
- SOC 2 Type II + HIPAA + GDPR audit packs
- Custom audit retention (up to 7 years)
- On-prem / VPC deployment option
- SLA: 99.95% uptime
- Dedicated TAM
- Custom policy + workflow integrations
Best for: Regulated industries: finance, healthtech, legal
Mind2Web grounded
Built on the NeurIPS 2024 paper that quantified browser agent failure modes
WebRTC end-to-end
Sub-second peer-to-peer between agent and operator phone
SOC 2 Type II in audit
Target Q3 2026 — Enterprise customers can review architecture under NDA
GDPR + CCPA compliant
Per-tenant data deletion API, redacted audit logs
Status page
status.batonpass.dev — incident postmortems, uptime history
Buyer questions
Eight questions every operator asks first.
Each answer maps to a real subsystem — Phase 3 lifecycle engine, Phase 6 operator product, Phase 7 voice fallback.
Does BatonPass solve CAPTCHAs autonomously?▾
No. Every CAPTCHA solve is performed by a human operator on their phone. We are not a CAPTCHA-bypass service — we're a human-in-the-loop handoff for moments where a human is required.
What if the operator doesn't respond?▾
Configurable timeouts + escalation chains. If the primary doesn't respond in 60s (default), the system escalates to backup, then manager. Handoff link expires after the full chain timeout.
Do you store passwords?▾
No. Operators only see what the agent already had access to. We never see, request, or store credentials.
Can the operator do anything malicious?▾
Operator actions are constrained to the captured browser session. Audit log records every keystroke and click. Domain allowlist prevents handoffs from attacker-controlled pages.
What gets logged?▾
Every state transition (13 lifecycle states), operator identity, timestamps, source domain, screenshot snapshot (with sensitive fields redacted), action taken. Exportable as SOC 2 / HIPAA / GDPR-formatted JSONL.
Can I restrict which domains trigger handoffs?▾
Yes — per-agent domain allowlist. Handoffs from any other domain are refused. Prevents compromised agents from being weaponized.
How long do handoff sessions live?▾
Default 60 seconds for the mobile PWA URL (single-use, signed). After operator solve, browser snapshot deleted within 24 hours unless you've opted into longer retention.
Does this work with Browser-Use, OpenAI Operator, AutoGen, etc?▾
Yes. Our Playwright wrapper integrates with any framework that uses Playwright underneath. We're working on direct integrations for Browser-Use and OpenAI Operator (Q3 2026).
BatonPass
Give your agents a graceful way to ask for help.
Convert stuck sessions into completed tasks with a secure, five-second human assist layer built for browser-based AI agents.
Built and maintained by @SidraMiconi.