Building the Agentic Process Automation Stack in 2026 (July 2026)
Long gone are the days when you could record a login path once and trust it to run clean six months later. Portal layouts change, 2FA prompts rotate, session flows shift, and the script that worked last Tuesday silently delivers nothing this Tuesday.
The agentic process automation stack is the architectural response to that compounding maintenance problem, and it's made up of four distinct layers that each carry a different set of responsibilities. Getting clear on what those layers are, and what breaks when they're missing, is what makes the difference between APA that works in production and APA that only works in a demo. Skyvern is an Agentic Process Automation platform built directly for that production requirement: browser execution is the mechanism, but credential management, orchestration, audit trails, and exception escalation are the platform.
TLDR:
- The APA stack has four distinct layers (agent, orchestration, execution, and governance) and each one can fail independently if you treat them as interchangeable.
- RPA teams spend 30-70% of their effort maintaining bots because selector-based tools break silently when portals change layout, often delivering nothing while reporting no error.
- Orchestration is the layer most teams underinvest in; a capable browser agent paired with weak orchestration still produces fragile, state-unaware workflows.
- Approval gates and full audit trails belong in the workflow spec from the start, not bolted on after; compliance-sensitive workflows require this before outputs feed critical decisions.
- Skyvern covers the execution and orchestration layers of an Agentic Process Automation (APA) stack by reading pages visually at runtime, handling rotating 2FA flows as they appear, and returning schema-defined output with a complete trace on every run.
Why the Traditional RPA Stack Reached Its Limits
Traditional RPA was built on a simple premise: record what a human does in a browser, then replay it. Selectors lock onto specific DOM elements, XPath expressions target predictable structures, and scripts execute the same path every time. That works well enough when the underlying systems are stable and the automation surface is small.
The problem is that enterprise automation surfaces are neither stable nor small.
Three structural pressures broke the traditional RPA model at scale:
- Selector fragility compounds with coverage. Each new portal added to an automation portfolio brings its own DOM structure, its own layout conventions, and its own update cadence. When a vendor redesigns their portal, every selector targeting that portal breaks, often silently. The script runs, returns no error, and delivers nothing because no matching element was found. By the time an operator notices the downstream system hasn't received data, the portal may have already changed again. RPA teams spend 30-70% of their effort maintaining bots instead of building new automation, and that ratio worsens as portfolio size grows.
- Authentication complexity was never a first-class design concern. Traditional RPA tools were built for internal enterprise systems with predictable, stable login flows. Carrier portals, payer networks, and government filing systems rotate 2FA on every session, require hardware tokens, redirect after login, and drop sessions mid-workflow. Recording a login path once and replaying it fails within hours of the first credential rotation. Scripts have no architecture for reasoning about authentication state; they only know how to replay what they've seen.
- Non-technical teams can't maintain what engineers built. An operations lead managing 40 payer portals is not going to open a Python script when a portal updates its layout. Every change becomes a support ticket, every ticket competes with new build work, and the maintenance backlog grows faster than the team can clear it. The result is an automation portfolio that degrades over time as portal updates outpace maintenance capacity.
These three pressures share a root cause: selector-based tools were built on a static assumption, that the page you recorded is the page you'll see on every future run. Portals don't hold that assumption. The Agentic Process Automation (APA) stack exists because the old architecture ran out of answers to a problem that only gets harder as enterprise automation scales.
What Defines the Agentic Process Automation Stack
The term "stack" implies layers that build on each other, and in Agentic Process Automation (APA), those layers are distinct enough that confusing them causes real architectural problems. A team that buys an orchestration tool expecting it to handle browser execution, or deploys an AI agent without governance controls, ends up with a system that works in demos and breaks in production.
Four layers define the APA stack, and each one carries a different set of responsibilities:
- The agent layer is where goals get interpreted. An AI agent receives a task objective, reasons about what steps are required, and decides how to proceed at each decision point. It reads live page state, plans action sequences, and re-assesses when something unexpected appears.
- The orchestration layer coordinates multiple agents, manages sequencing, handles branching logic, and routes exceptions. A single agent handles one task; orchestration handles the workflow that spans several tasks across systems that have no shared API.
- The execution layer is where browser interactions happen. This is where pages get read visually, forms get filled, authentication flows get worked through, and structured output gets extracted. Browser automation is the mechanism here, not the product.
- The governance layer tracks every run. Audit trails, approval gates, credential management, role-based access, and exception escalation all live here. In compliance-sensitive workflows, this layer is what makes the system auditable and defensible.
Each layer can fail independently. An agent with no orchestration layer gets stuck on multi-step workflows that cross system boundaries. An execution layer with no governance produces results no compliance team can verify. And a governance layer bolted on after the fact, instead of built into the stack from the start, creates audit records that describe what happened without explaining why.
Human judgment still matters at the boundaries of this stack, particularly where outputs feed critical decisions or where exceptions fall outside the agent's reasoning scope.
The Core Layers of the APA Stack
The agentic process automation stack has four distinct layers, and understanding what each one does, and how they connect, is the clearest way to assess whether any given APA implementation will hold up in production.
Layer | Primary Responsibility | What Breaks Without It |
|---|---|---|
Agent | Interprets goals, reasons about live page state, and decides what action to take at each step, with no hardcoded script required. | Workflows replay fixed sequences and fail the moment a page differs from the recorded state. |
Orchestration | Coordinates multi-agent sequences, manages state across steps, handles branching and exception routing, controls concurrency. | Isolated agents stall on multi-step workflows that cross system boundaries; silent failures go undetected for hours. |
Execution | Handles browser interactions: logging in, filling forms, working through authentication flows, extracting structured output. | Selector-based scripts break silently when portals update their layout or rotate credentials, delivering nothing while reporting no error. |
Governance | Produces full audit trails, enforces approval gates, manages role-based access and credential scoping. | APA outputs feed critical decisions with no accountability record; compliance audits have no traceable log to present. |
The Agent Layer
Agents are the reasoning core. They receive a goal, interpret the current state of whatever system they're working in, decide what action to take next, and re-assess after each step. In browser-based workflows, that means reading the live page visually, identifying interactive elements by appearance and context, and planning a path through the task without a hardcoded script to follow. The agent layer is what separates APA from traditional RPA: instead of replaying a recorded sequence, agents reason through the workflow in real time.
The Orchestration Layer
Orchestration sits above individual agents and coordinates multi-step, multi-system work. A single business process often spans several portals, conditional branches, and handoffs between agents. The orchestration layer manages that sequencing, handles loops and pagination, routes exceptions to the right escalation path, and keeps state across a workflow that may run for minutes or hours. Without orchestration, you have isolated agents. With it, you have a process.
The Execution Layer
Execution is where actions actually happen. For portal-heavy workflows, that means browser automation: logging in, filling forms, working through authentication flows, extracting structured output, and recovering from session interruptions. This layer needs to be resilient to layout changes, credential rotation, and anti-bot detection without requiring a developer to patch the workflow every time a vendor updates their portal.
The Governance Layer
Governance is what makes APA deployable in compliance-sensitive workflows. Every run should produce a full audit trail covering page state, action sequence, authentication steps, and structured output. Approval gates let human reviewers intervene before consequential actions are taken. Role-based access controls determine who can build, trigger, or modify workflows. Without this layer, APA outputs feed critical decisions with no accountability record attached.
Orchestration: Coordinating Agents Across Complex Processes
Orchestration sits between the agent layer and the raw execution surface. Individual agents can handle discrete tasks well, but most real-world workflows span multiple steps, multiple systems, and multiple decision points. That is where orchestration comes in: coordinating sequences of agents, managing state across steps, handling exceptions, and routing work to the right executor at each stage.
What Orchestration Actually Does
In an agentic process automation stack, the orchestration layer is responsible for four things:
- Workflow planning: decomposing a high-level goal (complete a carrier onboarding, run eligibility checks across 12 payer portals) into an ordered sequence of agent tasks with defined inputs and expected outputs at each handoff.
- State management: tracking where a workflow is at any moment, what data has been collected, and what conditions must be true before the next step fires.
- Exception routing: when an agent fails, stalls, or hits an ambiguous decision point, the orchestration layer determines whether to retry, escalate to a human, or branch to an alternate path.
- Concurrency control: running parallel agent threads where the workflow allows it, while enforcing sequencing where downstream steps depend on upstream outputs.
Why This Layer Is Hard to Get Right
The failure mode that most teams hit is conflating workflow automation with orchestration. A scheduler that fires tasks in order is not an orchestrator. Real orchestration handles the messy middle: what happens when step three returns partial data, or when a payer portal times out mid-session, or when a compliance gate requires human sign-off before the next batch runs.
Orchestration systems that lack state awareness tend to produce silent failures. A task completes, the orchestrator moves to the next step, and no one notices that the output from step two was empty until the downstream system flags a data gap three hours later.
Orchestration in Practice
In portal-heavy workflows, orchestration often means coordinating agents that each handle a single portal, aggregating their outputs into a unified result, and managing the order of operations when some portals are faster or more reliable than others. A well-designed orchestration layer holds the workflow open until all required results are in, applies retry logic with backoff on failed portal runs (instead of marking the whole workflow failed on a single timeout), and routes edge cases to a human review queue without stopping the rest of the batch.
This is the layer where approval gates live. Before a structured output feeds a downstream system, the orchestration layer can require a human sign-off, a confidence threshold check, or a compliance flag review. That control point is what separates governed automation from autonomous automation running without oversight.
Human review still matters here, particularly in compliance-sensitive workflows where outputs feed critical decisions. Orchestration makes that review tractable by surfacing only the exceptions that need human judgment, instead of requiring a person to touch every run.
Execution: How Agents Interact with Real Systems
The agentic process automation stack only delivers value when agents can actually do something in the real world. Planning and orchestration matter, but execution is where the rubber meets the road: agents interacting with live systems, filling out forms, working through authentication flows, extracting structured data, and handing off results to downstream workflows.
Execution environments in mid-2026 fall into a few distinct categories, each with different tradeoffs.
API-Based Execution
When a target system exposes a well-documented API, agents can call it directly. This is the cleanest path: structured requests, predictable responses, minimal surface area for failure. Most enterprise SaaS tools (CRMs, ERPs, ticketing systems) fall here. The problem is that a large share of the workflows that matter most to operations teams do not have APIs. Carrier portals, government filing systems, payer eligibility portals, and legacy insurance platforms often have no programmatic interface at all.
Browser-Based Execution
This is where the real complexity lives. When there is no API, agents need to interact with systems the same way a person would: opening a browser, working through login flows, reading page content, filling fields, and submitting forms. Two fundamentally different architectural approaches exist here.
browser automation tools like Selenium, Playwright, and Puppeteer record or script specific DOM elements to interact with. They work until the portal changes a button label, restructures a layout, or rotates its login flow. When that happens, the script fails, and often silently: the tool reports no error while delivering nothing downstream.
Visual AI RPA browser automation reads the live page state at runtime instead of relying on a stored selector map. The agent reads what is actually on screen, identifies interactive elements by appearance and context, and works through the page without assuming the layout matches what it saw on a previous run. This architectural difference is why a portal update that kills a selector-based script is just new input to a visual AI agent.
Skyvern's execution layer is built on this visual AI model. It reads pages visually, handles authentication flows (including 2FA and session-timeout modals) as they appear, and returns results against a defined output schema so downstream systems receive consistent structured data regardless of which portal variant the agent encountered. Browser execution is the mechanism; the credential management, orchestration, approval gates, and audit trail built around it are what make Skyvern an Agentic Process Automation platform, not a standalone browser automation layer.
RPA-Based Execution
Traditional AI RPA platforms (UiPath, Automation Anywhere, Blue Prism) occupy a middle ground: they can interact with desktop applications and web interfaces, but rely on the same selector and coordinate logic that makes browser scripts brittle. RPA teams spend 30-70% of their effort maintaining bots as underlying applications change. That maintenance burden is the structural cost of building execution on static assumptions about what a page will look like.
Structured Output as the Execution Contract
Regardless of the execution mechanism, what gets handed back to the orchestration layer matters as much as how the agent interacted with the system. Agents that return unstructured text create a second parsing problem downstream. Agents that return results conforming to a defined schema let orchestration layers, databases, and downstream APIs consume the output without additional transformation. Schema-defined output is the execution contract that makes the rest of the stack predictable.
Human handoff points fit here too. When an agent encounters an exception it cannot resolve autonomously, or when the workflow touches a decision that carries regulatory or financial consequence, execution should pause and route to a person. The execution layer's job is not to replace all human judgment; it is to handle everything it can and escalate cleanly when it cannot.
Memory and State Management in APA Workflows
Agentic Process Automation (APA) workflows don't execute as single-shot commands. They move through sequences of steps, often across multiple pages, sessions, and systems, and they need to carry context forward at every stage. Without deliberate state management, an agent that loses track of what it has already done, what credentials it has used, or what data it has already collected will fail silently or produce incomplete results.
State in an APA workflow falls into a few distinct categories, each requiring a different handling approach.
Working Memory: Context Within a Single Run
Within a single workflow execution, agents maintain working memory that tracks where they are in the task sequence, what data has been extracted so far, and what conditions were true at prior steps. This is the runtime context that lets an agent fill out a multi-step form across several pages without losing the values entered three steps back, or resume after a session-timeout modal without restarting from scratch.
Skyvern handles this through persistent task state, so interruptions like an interstitial warning modal or a redirect after login are treated as continuations instead of failures. When an agent encounters a portal that adds a session-timeout warning mid-workflow, it retains that dismissal pattern and applies it on the next run against the same portal group.
Long-Term Memory: Patterns Across Runs
Beyond a single execution, APA platforms build durable memory from repeated runs. Credential storage, portal behavior patterns, and exception-handling paths learned on one run get applied on subsequent runs without requiring human input to reconstruct them. This is what makes an APA workflow self-healing in practice: the agent isn't replaying a static script, it is working from an accumulated model of how a given portal behaves.
State Handoffs Between Agents
Multi-agent APA architectures introduce a third state management challenge: passing context cleanly between agents without losing fidelity. An orchestrator that hands off a partially completed task to a subagent needs to pass the goal along with the current state, any data already collected, and any exceptions already encountered. Dropped context at handoff points is one of the more common sources of silent failure in production APA systems, a challenge documented in depth in the intelligent process automation literature.
Human-in-the-loop checkpoints compound this: when a workflow pauses for approval, the state at pause time must be preserved exactly so execution resumes from the same point instead of restarting.
Human review still matters at these handoff points, particularly in compliance-sensitive workflows where the data being passed between agents feeds downstream decisions.
Governance, Audit, and Human-in-the-Loop Controls
Agentic Process Automation (APA) workflows don't operate in a vacuum. When agents are submitting prior authorizations, filing regulatory documents, or processing financial transactions, the question of who is accountable for each action becomes as important as whether the action completed successfully.
Three governance concerns surface consistently across compliance-sensitive workflows: auditability (can you reconstruct exactly what the agent did and when), control (can you pause, redirect, or require approval before consequential actions execute), and escalation (does the system know when to hand off to a human instead of proceeding autonomously).
Audit Trails as Core Infrastructure
Every run in a well-designed APA stack should produce a full trace: page state at each step, actions taken, credentials used, structured output returned, and any exceptions that fired. The value here is not archival. It is diagnostic and regulatory. If a payer portal submission produces an incorrect result, the trace tells you whether the agent misread the form, encountered an unexpected layout change, or received malformed input from the orchestration layer. Without that trace, the only available response is re-running the workflow and hoping for a different outcome.
For compliance-bound environments, audit trails also satisfy external requirements. SOC 2, HIPAA-capable deployments, and financial services audit obligations all require demonstrable records of what automated systems did, under whose authority, and with what outcome. That is why explainable AI automation tools matter for these teams.
Approval Gates and Human-in-the-Loop Design
Not every step in an agentic workflow should proceed without human review. Approval gates are checkpoints where execution pauses and waits for a person to confirm before continuing. In practice, these matter most at high-stakes decision points: before a filing is submitted, before a financial transaction clears, before a record is permanently modified.
The architectural distinction worth noting: approval gates in a well-structured APA stack are first-class workflow components, not afterthoughts bolted onto an otherwise autonomous system. They are defined in the workflow spec, triggered by conditions, and logged like any other step. Human judgment still matters before final submission on compliance-bound workflows, and the stack should make that handoff explicit, not leave it to the operator to remember.
Role-Based Access and Credential Governance
At scale, multiple teams and workflows share the same automation infrastructure. Role-based access controls determine which agents can execute which workflows, which credentials they can access, and which outputs they can deliver to which downstream systems. Credential governance, meaning how credentials are stored, rotated, and scoped to each workflow, is a frequent concern across portal-heavy deployments and a core topic in browser automation security best practices, where dozens of external systems each require their own authentication context.
Assessing and Adopting an APA Stack
Before committing budget and engineering time to any APA stack configuration, four questions cut through most of the noise.
What does your automation surface actually look like?
Teams managing portal sprawl across 10 or more external systems with no APIs, rotating credentials, and layouts that change without notice are the natural fit for a full APA stack. Understanding the APA maturity model stages can help assess readiness. Teams automating a single internal tool with a stable layout and an existing API will not see a return on the visual-AI overhead.
Where does your current approach break?
If the answer is "selector maintenance," "auth failures," or "every time a vendor updates their portal," the execution layer is the problem. If the answer is "we have no visibility into what ran or why it failed," governance is the gap.
Who owns the workflow when something goes wrong?
APA stacks with human-in-the-loop approval gates and full audit trails are worth the setup cost when outputs feed important decisions. Teams without a compliance requirement may find lighter orchestration sufficient.
What does production-grade actually require?
Concurrency, credential isolation, retry logic, structured output schemas, and exception escalation are not optional at scale. Check whether your current tooling handles all five before assuming the stack is production-ready.
The real pattern: most teams underinvest in the orchestration and governance layers and overfocus on the execution layer, a dynamic covered in depth in the AI automation complete guide. A capable browser agent paired with weak orchestration still produces fragile workflows. The stack holds up in production when all four layers, agent reasoning, workflow orchestration, browser execution, and governance controls, are treated as equally load-bearing.
Skyvern as an APA Execution and Orchestration Layer
Skyvern sits at the intersection of the agent layer and the execution layer in an Agentic Process Automation (APA) stack. Where most automation tools require either a stable API or a hand-coded script, Skyvern reads pages visually at runtime, reasons about what it sees, and takes goal-directed action without a selector map to maintain.
The four components that make this work in production are worth naming directly.
Visual Page Reading at Runtime
Instead of referencing a cached selector or recorded DOM path, Skyvern reads the live page as it appears on every run. A portal that renames a button or restructures a form between sessions is not a breakpoint; it is new input. The agent re-reads, resets its context, and continues.
Goal-Directed Planning
Workflows are defined by outcome, not by step sequence. Skyvern converts a stated goal into an action plan, reassessing at each step instead of replaying a fixed path. When a portal introduces an interstitial modal or redirects after login, the planner accounts for the new state and adjusts.
Credential and Authentication Handling
Authentication flows that rotate 2FA prompts, require session-timeout dismissals, or chain multiple login steps are handled as they appear. Skyvern reasons about authentication state instead of pattern-matching against a recorded sequence, which means rotating credentials and dynamic auth flows are supported without workflow rewrites.
Structured Output and Audit Trail
Every run returns schema-defined output and produces a complete trace: page state, action sequence, authentication steps, and any exceptions. Downstream systems receive consistent structured data regardless of which portal layout the agent encountered, and compliance teams get a full audit record for every execution.
Code Example: Payer Portal Eligibility Check
The example below runs an eligibility check against a payer portal. It handles rotating 2FA as it appears, returns results against a defined schema, and delivers them to a downstream webhook, covering the execution, authentication, and structured output responsibilities of the APA stack in a single task call.
import asyncio
from skyvern import Skyvern
# Initialize with your API key from app.skyvern.com/settings
skyvern = Skyvern(api_key="YOUR_API_KEY")
async def run_eligibility_check():
# Skyvern reads the page visually at runtime — portal layout changes
# between sessions don't require a workflow rewrite
task = await skyvern.run_task(
url="https://payerportal.example.com/eligibility",
prompt=(
"Log in, work through any 2FA prompt, navigate to eligibility "
"verification, check coverage for member ID 8675309, and COMPLETE "
"once the result is displayed. TERMINATE if member ID is not found."
),
# Schema-defined output — downstream systems receive consistent JSON
# regardless of which portal layout the agent encountered on this run
data_extraction_schema={
"type": "object",
"properties": {
"coverage_status": {"type": "string"},
"copay_usd": {"type": "number"},
"deductible_remaining_usd": {"type": "number"},
"plan_name": {"type": "string"}
}
},
# Deliver the structured result to your downstream system on completion
webhook_url="https://your-system.example.com/webhooks/eligibility",
# Identifier for the TOTP code when the portal rotates 2FA every session
totp_identifier="eligibility-portal-totp",
# Block until the task finishes; remove for fire-and-forget via webhook
wait_for_completion=True,
)
print(f"Status: {task.status}")
print(f"Coverage result: {task.output}")
# Full trace is available in the Skyvern dashboard: page state, action
# sequence, authentication steps, and structured output for every run
asyncio.run(run_eligibility_check())
Because the output schema is defined upfront, the downstream webhook receives the same JSON fields on every run, whether the portal displayed its standard layout or a variant the agent had never seen before. The totp_identifier parameter tells Skyvern where to receive the rotating 2FA code, so authentication flows that change every session are handled without modifying the workflow.
Together, these four components cover the execution and orchestration surface that portal-heavy workflows actually require, including the exception handling and audit trail capabilities that compliance-sensitive workflows depend on, as shown in practical browser automation workflows. As an Agentic Process Automation platform, Skyvern's value is that combination: browser execution as the mechanism, with orchestration and governance as the layer that makes it production-grade.
Final Thoughts on Building a Production-Ready Agentic Process Automation Stack
The shift from selector-based automation to a full agentic process automation stack is an architectural one, not a tooling swap. All four layers need to be there and connected before the system holds up in production. If your team is still spending most of its time maintaining scripts every time a vendor updates their portal, that maintenance burden is the signal that the underlying architecture needs to change. As an Agentic Process Automation platform, Skyvern's value isn't any single layer in isolation: the execution and orchestration surface are built to hold up together, across portal sprawl, at the scale and compliance requirements production workflows actually impose. Book a demo to see how Skyvern approaches the execution and orchestration layers for portal-heavy workflows.
FAQ
Will Skyvern's APA stack handle portal workflows that rotate 2FA on every session?
Yes. Skyvern reasons about authentication state at runtime instead of replaying a recorded login path, so rotating 2FA prompts are handled as they appear. The concrete limit: phone/SMS/voice-based authentication is not supported, so portals that mandate SMS or voice verification codes require a human handoff at that step.
What's the difference between the orchestration layer and the execution layer in an Agentic Process Automation stack?
The orchestration layer coordinates sequences of agents, managing state, handling conditional branching, routing exceptions, and controlling concurrency across a multi-step workflow. The execution layer is where browser interactions actually happen: logging in, filling forms, working through authentication flows, and returning structured output. Buying an orchestration tool and expecting it to handle browser execution is one of the most common reasons APA deployments break in production.
How does Skyvern's visual AI execution differ from Selenium or Playwright for portal-heavy workflows?
Selenium and Playwright target specific DOM elements; when a portal renames a button or restructures a layout, those selectors break -- often silently, with no error and no output. Skyvern reads the live page as it appears at runtime and identifies elements by appearance and context, so a layout change is new input and not a fatal breakpoint. The tradeoff: AI-driven execution carries higher per-run cost than native Playwright at scale, which is worth testing during a proof-of-concept before committing to production.
When should my team invest in all four layers of the APA stack versus lighter orchestration?
The full four-layer stack, covering agent reasoning, workflow orchestration, browser execution, and governance controls, pays off when your automation surface spans 10 or more external portals with no APIs, rotating credentials, and layouts that change without notice. Teams automating a single internal tool with a stable layout and an existing API will not see a return on the visual-AI and governance overhead. The clearest signal: if your current answer to "where does automation break?" is "selector maintenance" or "auth failures," the execution layer is the problem; if it's "we have no visibility into what ran or why," governance is the gap.
What governance controls does an APA platform need for compliance-sensitive workflows?
A production-grade APA stack needs three things: a full audit trail covering page state, action sequence, authentication steps, and structured output for every run; approval gates that pause execution before consequential actions and require human sign-off; and role-based access controls that scope which agents can trigger which workflows and access which credentials. Without these, APA outputs feed critical decisions with no accountability record, and in SOC 2 or HIPAA-capable deployments, that is a compliance failure, not a process gap.