fix(browser): skip port ownership check for remote CDP profiles by stubbi · Pull Request #28780 · openclaw/openclaw

stubbi · 2026-02-27T14:19:55Z

Summary

When a browser profile has a non-loopback cdpUrl (e.g. Browserless, Kubernetes sidecar, or any external CDP service), the port-ownership check in ensureBrowserAvailable() incorrectly fires because we don't "own" the remote process. This causes:

Port 9222 is in use for profile "default" but not by openclaw.
Run action=reset-profile profile=default to kill the process.

...even though the remote CDP service is working and reachable.

Root cause

In src/browser/server-context.ts, the ensureBrowserAvailable() flow is:

Check if port is HTTP-reachable -- yes (sidecar is running)
Check if full CDP WebSocket handshake succeeds (isReachable()) -- may fail due to timing or protocol differences
If WebSocket fails and !profileState.running -- throw "Port in use but not by openclaw"

Step 3 doesn't account for remote CDP profiles where we never own the process. The remoteCdp variable (!profile.cdpIsLoopback) is already computed but not checked here.

Fix

Add && !remoteCdp to the port ownership guard so remote profiles skip this check and fall through to the existing WebSocket retry/attach logic (which already handles remoteCdp correctly).

-    if (!profileState.running) {
+    if (!profileState.running && !remoteCdp) {

This is a minimal, targeted fix -- 1 line of logic changed.

Who is affected

Kubernetes sidecar setups (shared network namespace -- sidecar port is locally visible)
Docker Compose setups with separate Browserless/Chromium containers
Any remote CDP configuration where the port happens to be reachable from the host

Reported by 7+ users across Kubernetes, Azure AKS, Railway, and Docker deployments:

[Bug]: Remote CDP (Browserless) blocked with “Port is in use … but not by openclaw” (OpenClaw 2026.2.12) #15582 (this fix)
[Bug]: attachOnly + localhost CDP fails when port is in use by proxy #20595 (related attachOnly variant)
openclaw-rocks/k8s-operator#214
openclaw-rocks/k8s-operator#180

Testing

Verified that the fix matches the community-proposed solution by @bsormagec
Code review: remote profiles fall through to the attachOnly || remoteCdp block (line 345) which already handles reconnection with proper timeouts
Integration test with Kubernetes sidecar (Browserless + OpenClaw in same pod)

Fixes #15582

When a browser profile has a non-loopback cdpUrl (e.g. Browserless, Kubernetes sidecar, or any external CDP service), the port-ownership check incorrectly fires because we don't "own" the remote process. This causes "Port is in use but not by openclaw" even though the remote CDP service is working and reachable. Guard the ownership error with !remoteCdp so remote profiles fall through to the WebSocket retry/attach logic instead. Fixes openclaw#15582

greptile-apps · 2026-02-27T14:22:07Z

Greptile Summary

This PR fixes a bug where remote CDP profiles (Browserless, Kubernetes sidecars, external CDP services) incorrectly trigger a "port in use but not by openclaw" error. The fix adds && !remoteCdp to a conditional check in ensureBrowserAvailable() at src/browser/server-context.ts:338, allowing remote CDP profiles to skip the port ownership validation and proceed to the existing reconnection logic that already handles remote profiles correctly.

The change is minimal and targeted:

Root cause: The port ownership check didn't account for remote CDP profiles where OpenClaw never owns the process
Solution: Skip the ownership check when remoteCdp is true (computed as !profile.cdpIsLoopback)
Impact: Remote CDP profiles now properly fall through to lines 346-357 where they're handled with appropriate retry logic and error messages
Consistency: The remoteCdp variable is already checked elsewhere in the same function (lines 313, 319, 346), making this fix consistent with existing patterns

The fix resolves reported issues from 7+ users across Kubernetes, Azure AKS, Railway, and Docker deployments.

Confidence Score: 5/5

This PR is safe to merge with minimal risk
The fix is a minimal, well-targeted one-line change that correctly addresses a logic bug. The remoteCdp variable is already used in multiple places in the same function, making this change consistent with existing patterns. The fix allows remote CDP profiles to skip an inappropriate check and reach the correct error handling code that was already designed for this scenario. No breaking changes or side effects are introduced.
No files require special attention

_{Last reviewed commit: 80e4463}

Refs openclaw#15582

…claw#28780) * fix(browser): skip port ownership check for remote CDP profiles When a browser profile has a non-loopback cdpUrl (e.g. Browserless, Kubernetes sidecar, or any external CDP service), the port-ownership check incorrectly fires because we don't "own" the remote process. This causes "Port is in use but not by openclaw" even though the remote CDP service is working and reachable. Guard the ownership error with !remoteCdp so remote profiles fall through to the WebSocket retry/attach logic instead. Fixes openclaw#15582 * fix: add TypeScript null guard for profileState.running * chore(changelog): note remote CDP ownership fix credits Refs openclaw#15582 * Update CHANGELOG.md --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org>

…claw#28780) * fix(browser): skip port ownership check for remote CDP profiles When a browser profile has a non-loopback cdpUrl (e.g. Browserless, Kubernetes sidecar, or any external CDP service), the port-ownership check incorrectly fires because we don't "own" the remote process. This causes "Port is in use but not by openclaw" even though the remote CDP service is working and reachable. Guard the ownership error with !remoteCdp so remote profiles fall through to the WebSocket retry/attach logic instead. Fixes openclaw#15582 * fix: add TypeScript null guard for profileState.running * chore(changelog): note remote CDP ownership fix credits Refs openclaw#15582 * Update CHANGELOG.md --------- Co-authored-by: Vincent Koc <vincentkoc@ieee.org> (cherry picked from commit 5bb26bf)

stubbi mentioned this pull request Feb 27, 2026

Unable to use browser container openclaw-rocks/k8s-operator#214

Closed

openclaw-barnacle bot added the size: XS label Feb 27, 2026

stubbi and others added 6 commits February 27, 2026 15:23

fix: add TypeScript null guard for profileState.running

154b607

Merge branch 'main' into fix/remote-cdp-port-check

a84dce9

Merge branch 'main' into fix/remote-cdp-port-check

9b3a7f5

Merge branch 'main' into fix/remote-cdp-port-check

c42e235

chore(changelog): note remote CDP ownership fix credits

23ad06b

Refs openclaw#15582

Update CHANGELOG.md

43a8d91

vincentkoc merged commit 5bb26bf into openclaw:main Mar 2, 2026
6 checks passed

vincentkoc mentioned this pull request Mar 2, 2026

[Bug]: attachOnly + localhost CDP fails when port is in use by proxy #20595

Closed

vabole mentioned this pull request Mar 2, 2026

ops: decision needed for upstream sync (1 disputed files) vabole/openclaw#5

Closed

1 task

github-actions bot mentioned this pull request Mar 2, 2026

📡 Upstream Digest — 2026-03-02 06:46 UTC curtismercier/openclaw-mods#159

Open

steipete mentioned this pull request Mar 2, 2026

fix(browser): avoid local port conflicts for remote cdp #15595

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(browser): skip port ownership check for remote CDP profiles#28780

fix(browser): skip port ownership check for remote CDP profiles#28780
vincentkoc merged 7 commits intoopenclaw:mainfrom
stubbi:fix/remote-cdp-port-check

stubbi commented Feb 27, 2026

Uh oh!

greptile-apps bot commented Feb 27, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

stubbi commented Feb 27, 2026

Summary

Root cause

Fix

Who is affected

Testing

Uh oh!

greptile-apps bot commented Feb 27, 2026

Greptile Summary

Confidence Score: 5/5

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants