Node browser proxy: Chrome MCP existing-session (user profile) fails with Connection closed — consent dialog never appears

[mgrandau]

Summary

When using the node browser proxy to access a Chrome MCP existing-session (user profile) on a remote node, the connection fails with McpError: MCP error -32000: Connection closed. Chrome never shows the consent dialog that would authorize the connection.

The same user profile works perfectly when accessed via the local gateway on the same machine.

Environment

• Gateway: OpenClaw 2026.3.24 on Ubuntu (AWS Lightsail VPS), bind=tailnet
• Node: OpenClaw 2026.3.24 on Ubuntu Desktop (marks-IT13), connected via Tailscale
• Chrome: 146.0.7680.164 (stable, not snap)
• Chrome remote debugging: Enabled via chrome://inspect/#remote-debugging
• Display: Wayland (Ubuntu desktop)

Steps to reproduce

1. Configure gateway with gateway.bind=tailnet
2. Connect a Linux desktop as a node host: openclaw node run --host <gateway-tailscale-ip> --port 18789
3. Node connects successfully, shows browser capability, browser.proxy command available
4. From gateway, invoke: openclaw nodes invoke --node <name> --command browser.proxy --params '{"path":"/tabs","query":{"profile":"user"},"method":"GET"}'

Expected

• The node host's browser service spawns chrome-devtools-mcp --autoConnect
• Chrome shows the consent/approval dialog on the desktop
• User accepts, connection established
• Gateway receives tab list via node proxy

Actual

• Node browser proxy attempts Chrome MCP existing-session attach
• Fails immediately with: BrowserProfileUnavailableError: Chrome MCP existing-session attach failed for profile "user". Details: McpError: MCP error -32000: Connection closed
• Chrome never shows the consent dialog
• The managed openclaw profile works fine through the same node proxy

Key observations

1. Local gateway on the same machine works: openclaw browser --browser-profile user tabs returns tabs correctly after consent is accepted
2. Manual MCP trigger works: Piping a JSON-RPC command directly into npx chrome-devtools-mcp@latest --autoConnect triggers the consent dialog and Chrome connects
3. Node proxy does not trigger consent: The node host's browser service spawns its own MCP server instance, but Chrome rejects the connection before showing consent — likely a timeout issue where the proxy gives up before Chrome can render the dialog
4. Chrome IS listening: ss -tlnp | grep 9222 confirms Chrome listening on 127.0.0.1:9222
5. Not a DISPLAY issue: Tested with explicit DISPLAY=:0 on the node host — same result
6. Not a Chrome version issue: Chrome 146 (well above 144 requirement)

Probable cause

The node browser proxy has a short timeout for the Chrome MCP handshake. The --autoConnect flow requires:

1. MCP server connects to Chrome's debug endpoint
2. Chrome shows consent dialog to user
3. User clicks Allow
4. MCP server completes handshake

The proxy appears to fail at step 1-2, timing out before Chrome can present the consent UI. The local gateway may have a longer timeout or different initialization path that allows the consent flow to complete.

Suggested fix

• Increase the timeout for Chrome MCP existing-session attach in the node browser proxy
• Or: allow the node browser proxy to reuse the local gateway's established MCP connection instead of spawning a new one
• Or: provide a way to pre-authorize the Chrome MCP connection so the consent dialog is not required on every new MCP server process

Related issues (chrome-devtools-mcp)

• Feature request: Allow persisting remote debugging permission approval ChromeDevTools/chrome-devtools-mcp#825 — Feature request for persisting remote debugging approval
• Long-running MCP sessions lose Chrome connection and trigger repeated approval prompts with --autoConnect ChromeDevTools/chrome-devtools-mcp#1094 — Long-running sessions trigger repeated approval prompts
• list_pages/new_page time out with ProtocolError: Network.enable timed out when using --autoConnect (Chrome 144, OpenCode) ChromeDevTools/chrome-devtools-mcp#870 — Timeouts with --autoConnect on Chrome 144

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 10, 2026, 1:01 AM ET / 05:01 UTC.

Summary
Codex review failed: codex execution failed.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model gpt-5.5, reasoning high; reviewed against b4cdd9211957.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.
• remove P2: Current review triage priority is none.
• remove clawsweeper:fix-shape-clear: Current issue advisory state no longer selects this label.
• remove clawsweeper:queueable-fix: Current issue advisory state no longer selects this label.
• remove clawsweeper:source-repro: Current issue advisory state no longer selects this label.
• remove impact:session-state: Current review selected no impact labels.
• remove issue-rating: 🦞 diamond lobster: Current issue advisory state no longer selects this label.

Evidence reviewed

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this issue with exit 1.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[LakshmanTurlapati]

I have been treating this exact class of real logged in browser session issue differently in FSB. It uses a Chrome extension plus MCP bridge instead of the Chrome DevTools MCP consent path, so the agent can work with the existing browser session without this approval race. Might be a useful comparison point for the user profile attach contract here: https://github.com/LakshmanTurlapati/FSB

[LakshmanTurlapati]

I have been treating this exact class of real logged in browser session issue differently in FSB. It uses a Chrome extension plus MCP bridge instead of the Chrome DevTools MCP consent path, so the agent can work with the existing browser session without this approval race. Might be a useful comparison point for the user profile attach contract here: https://github.com/LakshmanTurlapati/FSB

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[lifuyue]

I’ll investigate the direct browser.proxy node-invoke timeout path. If it’s still the localized timeout/defaulting issue described above, I’ll try a small focused fix.