[Bug]: manual-cdp attachOnly profile not detecting active CDP session

[DanThe3r]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

manual-cdp attachOnly profile does not detect a live Chrome CDP session and reports no tabs even when a valid page target exists.

Steps to reproduce

1. Configure browser profile:

   • cdpUrl = http://127.0.0.1:9222
   • attachOnly = true

2. Launch Chrome manually:
   chrome --remote-debugging-port=9222 --user-data-dir="C:\temp\chrome-openclaw-manual"

3. Open a normal webpage (e.g. WordPress admin login)

4. Verify CDP endpoint:
   http://127.0.0.1:9222/json/list
   → contains a "type": "page" target

5. Run:
   openclaw browser --browser-profile manual-cdp tabs
   openclaw browser --browser-profile manual-cdp snapshot

Expected behavior

OpenClaw detects the external CDP session as running and returns the active page target when listing tabs or taking a snapshot.

Actual behavior

OpenClaw reports:

• "No tabs (browser closed or no targets)."
• "Browser attachOnly is enabled and profile 'manual-cdp' is not running."

This occurs even though the CDP endpoint is reachable and /json/list contains a valid "type": "page" target.

OpenClaw version

Latest (no tagged release; running current main branch) v2026 4.11

Operating system

Windows 11 Pro (version 25)

Install method

npm/global install (node_modules openclaw)

Model

NOT_APPLICABLE

Provider / routing chain

NOT_APPLICABLE

Additional provider/model setup details

NOT_APPLICABLE

Logs, screenshots, and evidence

- /json/version returns valid CDP endpoint
- /json/list returns targets including a "type": "page" (WordPress login page)
- openclaw browser --browser-profile manual-cdp tabs → "No tabs (browser closed or no targets)"
- openclaw browser --browser-profile manual-cdp snapshot → "profile is not running"

Additional logs show intermittent:
token_mismatch
(control UI/webchat), but CDP endpoint is independently verified as functional.

Impact and severity

Affected: users relying on manual-cdp / attachOnly browser profiles

Severity: blocks workflow

Frequency: always reproducible

Consequence:

• prevents browser automation fallback
• blocks workflows requiring logged-in browser sessions (e.g. Elementor / WordPress admin)
• forces manual-only interaction despite valid CDP connection

Additional information

All common causes were ruled out:

• device pairing repaired
• device has full operator scopes
• gateway restarted
• Chrome CDP endpoint confirmed working
• real page target exists

This isolates the issue to attachOnly profile state detection or CDP target handling inside OpenClaw.

[DanThe3r]

Additional debugging confirmation:

• CDP endpoint verified:
  http://127.0.0.1:9222/json/version → OK
  http://127.0.0.1:9222/json/list → contains valid "type": "page" target

• Example target:
  WordPress login page (normal HTTP page, not chrome://)

• Issue persists consistently after:

  • gateway restart
  • fresh Chrome launch with new user-data-dir
  • verified device scopes (full operator)

This appears isolated to attachOnly profile state detection rather than environment setup.

Happy to test a patch or run debug builds if needed.

[DanThe3r]

If helpful, I can also run a debug build or test a modified condition for attachOnly:

e.g. forcing "running=true" when /json/version is reachable.

Let me know what file or function to patch.

[mbelinky]

Fixed by #66080, merged as commit 2c59ba2.

What landed:

• local attach-only manual-cdp profiles on loopback no longer self-apply browser SSRF policy to their own CDP control plane
• attach-only loopback probes now use remote-class reachability timeouts instead of the managed-browser fast loopback probe class
• the fix is covered through the actual tabs route, not only shared helper/status logic

This is the bug reported here: a valid local 127.0.0.1 CDP session with real page targets could still be reported as not running, causing tabs/snapshot to fail.

If anyone can still reproduce this on a build that includes #66080, please reopen with the exact profile config and command path that still fails.

[DanThe3r]

I can still reproduce this on a build that does not appear to include the fix behavior yet.

Tested on:

• OpenClaw version: 2026.4.12 (1c0672b)
• OS: Windows 11 Pro

Current profile config:

• cdpUrl: http://127.0.0.1:9222
• attachOnly: true
• default profile = manual-cdp

Verified external CDP state:

• /json/version healthy

• /json/list showed valid live "type": "page" targets

• examples included:

  • WordPress admin upload-theme page
  • site homepage

Exact commands used:

openclaw browser profiles
openclaw browser --browser-profile manual-cdp tabs
openclaw browser --browser-profile manual-cdp snapshot

Exact outputs:

• manual-cdp: stopped [default] port: 9222
• No tabs (browser closed or no targets).
• GatewayClientRequestError: Browser attachOnly is enabled and profile "manual-cdp" is not running.

So on this machine, with 2026.4.12 (1c0672b), the manual-cdp attach-only issue is still reproducible.

That suggests one of:

1. the fix from #66080 is not present in this shipped build, or
2. the fix addressed only part of the issue and this environment is still hitting another path with the same symptom

Happy to test another build or a more specific patch if helpful.

[mbelinky]

Thanks for the detailed retest data.

The build you tested, 2026.4.12 (1c0672b), predates the fix that closed this issue. The fix for this report landed later on April 13, 2026 as 2c59ba24af4b18450814262c7c3cd56b09b502fd via #66080.

So this result does not yet show that #66080 was insufficient; it shows the repro is still present on a build from before that fix merged.

Please retest on a build that includes 2c59ba2 or newer. If it still reproduces there, please reopen with the exact profile config, commands, and output from that newer build and we can treat it as a follow-up regression or a remaining code path.

[DanThe3r]

Got it — thanks for the clarification.

I’ll reinstall directly from the latest main branch to ensure the build includes commit 2c59ba2 and retest the same manual-cdp workflow.

I’ll report back with results from that build.

[toruvieI]

Reproduced and narrowed this down further on macOS with Chrome Beta and profile openclaw.

What we tested:

• Chrome/CDP on 127.0.0.1:18800 was healthy the whole time
• manual checks worked: /json/version and /json/list both returned correct data
• with attachOnly: true, OpenClaw still reported browser/CDP unavailable
• after adding:

"browser": {
  "ssrfPolicy": {
    "dangerouslyAllowPrivateNetwork": true
  }
}

things started working immediately

Observed sequence:

1. before the config change, attachOnly looked broken, but raw CDP was actually alive
2. after enabling dangerouslyAllowPrivateNetwork, attachOnly started working
3. after that, we switched attachOnly back to false, killed Chrome, and managed launch also started working again

So in this environment the current failure mode was not really attachOnly itself. The root cause looked like loopback CDP being blocked by the newer SSRF behavior introduced around 2026.4.11.

IMPORTANT: yes, this effectively disables SSRF protection for private-network browser targets. But before this regression, local CDP worked without this extra hoop anyway, so functionally this mostly restores the old behavior.

Classic AI security moment: the new protection was so protective it successfully protected the browser from being used at all. 😅

[DanThe3r]

✅ Update — Root Cause Identified and Resolved (Environment Issue)

After extensive debugging, I was able to fully restore browser control. The issue was not caused by OpenClaw itself, but by a local environment conflict on this machine.

🔍 Symptoms observed
Managed browser (openclaw) failed to launch:
Chrome CDP websocket ... not reachable after start
manual-cdp attach failed even with valid CDP endpoint
No stable chrome.exe process during managed launch
Port 18800 showed transient TIME_WAIT connections only
user profile failed due to missing DevToolsActivePort
✅ Key diagnostic finding

Manual Chrome launch with:

--remote-debugging-port=18800
--user-data-dir=

worked perfectly:

/json/version and /json/list returned valid responses
Chrome process stayed alive

This confirmed:
👉 Chrome + CDP environment were healthy
👉 Failure was in OpenClaw’s managed browser startup path on this machine

🧨 Root cause (likely)

A local browser/tooling conflict, specifically:

Presence of Open WebUI Chrome integration
Previously installed browser-related tooling (chrome-devtools-mcp, etc.)
Residual OpenClaw state and browser directories

These likely interfered with:

Chrome spawn lifecycle
CDP initialization
or process ownership/port binding
🔧 Resolution steps (what fixed it)

Performed a full clean rebuild:

Uninstalled OpenClaw completely
Removed all local OpenClaw state:
C:\Users\Master.openclaw
global npm install (node_modules\openclaw)
Cleared temp + npm cache
Reinstalled Chrome fresh
Opened Chrome once (initialization only), then closed
Restarted system
Reinstalled OpenClaw (v2026.4.9)
Ran openclaw configure
Started gateway

Important additional step:

Uninstalled Open WebUI Chrome integration
🟢 Result

After clean reinstall:

openclaw browser snapshot works
Managed browser launches correctly
CDP is reachable
Full browser automation restored
🧠 Takeaway

This was a machine-specific environment issue, not a core OpenClaw bug.

However, this scenario highlights a potential edge case:

Conflicts with other Chrome/CDP tooling (like Open WebUI or MCP-related processes)
Silent failure of managed Chrome spawn without clear error output
💡 Suggestion (optional)

It may be helpful if OpenClaw:

logs the exact Chrome spawn command and exit reason
detects conflicts with existing CDP tooling
surfaces clearer diagnostics when managed browser fails to start