fix(gateway): honor browser profile from request body for node proxy calls

[Sid-Qin]

Summary

• Problem: Browser proxy requests in gateway only read profile from query params, so calls that pass profile in POST body silently lose it.
• Why it matters: Explicit profile: "openclaw" can be ignored and fall back to default profile (chrome), causing wrong runtime mode and startup errors.
• What changed: Added resolveRequestedProfile() in src/gateway/server-methods/browser.ts to resolve profile from query.profile first, then fallback to body.profile.
• What did NOT change: Browser routing, node command policy, profile selection logic outside request parsing.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes [Bug]: Browser profile selection bug: chrome profile overrides openclaw even when explicitly specified #28687

User-visible / Behavior Changes

• Browser requests that pass profile in POST body now correctly honor that profile.
• profile passed in query remains the highest-priority source.

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

Repro + Verification

Environment

• OS: Linux/macOS (gateway side)
• Runtime: Node.js
• Integration/channel: browser tool via gateway node proxy

Steps

1. Send a browser proxy request with POST body containing profile: "openclaw" and no query.profile.
2. Observe node proxy receives params.

Expected

• Node proxy receives profile: "openclaw".

Actual

• Before fix: profile was undefined unless put in query.
• After fix: profile resolved from body when query does not provide it.

Evidence

Type-check passed after change:

• pnpm -C /Users/sidqin/Desktop/openclaw-contrib exec tsc --noEmit --pretty false

Core change in src/gateway/server-methods/browser.ts:

• old: profile: typeof query?.profile === "string" ? query.profile : undefined
• new: profile: resolveRequestedProfile({ query, body })

Human Verification (required)

• Verified scenarios: query profile provided; body profile provided; both missing.
• Edge cases checked: whitespace-only profile values are trimmed and treated as empty.
• What I did not verify: Full e2e browser session against live extension relay.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No

Failure Recovery (if this breaks)

• How to disable/revert: Revert this commit.
• Files/config to restore: src/gateway/server-methods/browser.ts
• Known bad symptoms: profile may again be ignored when only present in POST body.

Risks and Mitigations

Low risk. Change is scoped to parsing profile input and keeps query precedence unchanged.

[greptile-apps]

Greptile Summary

Fixes gateway browser proxy to correctly read profile parameter from POST request body when query params don't provide it. Previously, profile in request body was silently ignored, causing fallback to default profile and potential startup errors. The new resolveRequestedProfile() function maintains query param precedence while enabling body fallback, following the same pattern already used in browser/routes/utils.ts. Implementation properly handles edge cases (empty/whitespace strings are treated as undefined). Tests verify both query precedence and body fallback behavior.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The fix is well-scoped, follows existing codebase patterns, includes appropriate tests, and solves a real bug without introducing breaking changes or security concerns
• No files require special attention

_{Last reviewed commit: 98bf9a8}

[nikolasdehor]

The code change is correct — query-first precedence maintains backward compat, trim() prevents whitespace-only strings. Missing: tests and a proper PR description for review traceability.

[openclaw-barnacle]

Closing this PR because it looks dirty (too many unrelated or unexpected changes). This usually happens when a branch picks up unrelated commits or a merge went sideways. Please recreate the PR from a clean branch.

[openclaw-barnacle]

Closing this PR because it looks dirty (too many unrelated or unexpected changes). This usually happens when a branch picks up unrelated commits or a merge went sideways. Please recreate the PR from a clean branch.

[openclaw-barnacle]

Closing this PR because it looks dirty (too many unrelated or unexpected changes). This usually happens when a branch picks up unrelated commits or a merge went sideways. Please recreate the PR from a clean branch.

[openclaw-barnacle]

Closing this PR because it looks dirty (too many unrelated or unexpected changes). This usually happens when a branch picks up unrelated commits or a merge went sideways. Please recreate the PR from a clean branch.

[openclaw-barnacle]

Closing this PR because it looks dirty (too many unrelated or unexpected changes). This usually happens when a branch picks up unrelated commits or a merge went sideways. Please recreate the PR from a clean branch.

[openclaw-barnacle]

Closing this PR because it looks dirty (too many unrelated or unexpected changes). This usually happens when a branch picks up unrelated commits or a merge went sideways. Please recreate the PR from a clean branch.

[steipete]

Landed via temp rebase onto main.

• Gate: pnpm check && pnpm build && pnpm test
• Land commit: 98bf9a8
• Merge commit: 0eebae4

Thanks @Sid-Qin!