Browser extension relay: CDP session stale after OAuth/SPA redirect chains

[jg-noncelogic]

Bug

When using the Chrome extension relay (profile=chrome) to snapshot a page that performs an OAuth redirect chain (e.g., Clerk auth → provider → callback → app), the CDP session becomes stale and subsequent snapshots fail silently or timeout.

Reproduction

1. Start extension relay, attach a tab
2. Navigate to a page that triggers OAuth (e.g., a Clerk <SignIn> component)
3. The page redirects: app → clerk.example.com → provider → callback → app
4. Attempt browser.snapshot() — fails with stale DOM or timeout
5. Fresh snapshot with updated targetId also fails — relay tracks the tab correctly via Target.targetInfoChanged, but the Playwright CDP session is broken

Root Cause

The relay correctly handles Target.targetInfoChanged events to update cached tab metadata (URL, title). However:

1. Playwright CDP session staleness: After multiple rapid navigations, Playwright's internal CDP session for the page can become disconnected from the actual page state. The relay proxies commands, but Playwright's page object may hold stale frame references.

2. No reconnection mechanism: When findPageByTargetId is called after navigation, it can find the page by targetId (relay updated metadata), but the page's CDP session may reference a destroyed execution context.

3. Missing frame lifecycle handling: OAuth redirects often involve cross-origin navigations. The relay forwards Target.targetInfoChanged but doesn't handle Page.frameNavigated / Page.frameStartedLoading events that Playwright needs to properly track frame state across navigations.

Expected Behavior

Snapshot should work after OAuth redirect chains complete. If the page is still loading during the redirect chain, snapshot should wait for load or return a clear "page is navigating" error.

Environment

• OpenClaw with Chrome extension relay
• CDP over WebSocket (loopback)
• Clerk auth with OAuth redirect chain

[paulmitchell1919-hue]

I can confirm this exact same behavior with Supabase and Zoho dashboards.

Environment

• OpenClaw: 2026.2.16 (today)
• OS: macOS (Darwin 24.6.0 arm64)
• Node: v22.22.0
• Profile: chrome (extension relay)
• Gateway: local mode

Reproduction Steps (Specific to SPA/React Apps)

Setup

1. OpenClaw gateway running, Chrome extension attached to tabs
2. Supabase dashboard: https://supabase.com/dashboard/project/[project-id]/auth/smtp
3. Zoho Mail Admin: https://mailadmin.zoho.eu/cpanel/home.do#mailSettings/toolsAndConfiguration

Navigation Pattern

1. browser/status → Works (cdpReady=true, cdpHttp=true)
2. browser/tabs → Works (both tabs listed with wsUrl)
3. browser/snapshot → Works initially
4. Navigate within Supabase (Auth → SMTP → Templates) → "tab not found"
5. Navigate within Zoho (different sections) → "tab not found"
6. browser/status → Still shows connected
7. browser/tabs → Still lists tabs
8. Any further actions → All fail with "tab not found"
9. Reattach extension → Works again for 2-3 operations, then drops

Error Pattern

browser failed: Can't reach the OpenClaw browser control service. Start (or restart) the OpenClaw gateway (OpenClaw.app menubar, or `openclaw gateway`) and try again. (Error: Error: tab not found)

Timeline of Failures

10:49:11 - tab not found
10:49:25 - tab not found
10:49:32 - tab not found
10:49:53 - tab not found
10:52:25 - fields are required

What's Working

• Simple actions (status, tabs) work consistently
• Initial form field entries work for 2-3 fields
• CDP connection remains stable (cdpReady, cdpHttp)
• Tabs remain listed in browser/tabs

What Fails

• After SPA navigation (client-side routing)
• After multiple form field interactions
• snapshot after navigation
• act with clicks after navigation
• Extension loses internal tab reference while CDP stays alive

Additional Context

• Both Supabase and Zoho are SPA/React apps using client-side routing
• No full page reloads - URL changes via JavaScript
• Tab targetId remains constant but extension loses track
• Issue reproducible 100% - happens every time with these sites

Impact

Blocks browser automation for any SPA/dashboard workflows. Makes multi-step configuration tasks (like setting up SMTP across multiple pages) nearly impossible without constant reattaching.

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[steipete]

Thanks for the detailed OAuth redirect-chain diagnosis.

This stale-session-after-navigation path is now covered by merged navigation/reattach fixes:

• fix(browser-relay): silent reannounce failure + extend nav re-attach window #27630 (merge commit 18cd77c8ce54199353537fa4b6f73dbf5014e032)
• fix(browser): preserve debugger attachment across relay disconnects during navigation reattach #28725 (merge commit 31b6e58a1bf1f901144f9c865dec89720f5659cc)
• fix(browser): retry relay navigation after frame detach #30612 (merge commit 7c9d2c1d483e1cdc255dcba5dc7305c25347baad)

Closing as duplicate/superseded by these landed fixes.

If this issue is not fixed, please reopen or submit a new Issue/PR.