fix(browser): cap managed tab count to prevent renderer buildup

[pandego]

Summary

Prevent unbounded renderer growth in the managed openclaw browser profile by enforcing a page-tab cap whenever a new tab is opened.

Root cause

Browser tool usage often opens new tabs (/tabs/open) but there was no automatic cleanup path for stale managed tabs. Over time this leaves many renderer processes alive and memory usage grows without bound.

Changes

• Added a managed-profile tab cap (MAX_MANAGED_BROWSER_PAGE_TABS = 8) in server-context.
• After successful tab creation, close oldest excess page tabs (best-effort), while keeping the newly opened tab.
• Scoped cleanup to driver: "openclaw" profile only (no auto-closing user tabs in Chrome extension relay profile).
• Added a regression test to verify excess managed tabs are closed after opening a new tab.

Validation

• pnpm vitest src/browser/server-context.remote-tab-ops.test.ts
• pnpm check
• pnpm check:docs
• pnpm protocol:check

Fixes #29685

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 51587f7ff9

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[greptile-apps]

Greptile Summary

This PR successfully addresses unbounded renderer growth by implementing a tab cap (MAX_MANAGED_BROWSER_PAGE_TABS = 8) for the managed openclaw browser profile. The implementation adds an enforceManagedTabLimit function that runs after each tab creation, closing excess tabs while preserving the newly opened one. The solution is scoped appropriately to managed profiles only, uses best-effort cleanup (errors are caught and ignored), and includes a regression test that verifies the cap enforcement.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The implementation is straightforward, well-tested, and uses defensive programming practices (best-effort cleanup with error handling). The changes are isolated to managed browser profiles, preventing any impact on user-controlled Chrome extension profiles. The test coverage validates the core functionality.
• No files require special attention

_{Last reviewed commit: 51587f7}

[pandego]

Quick status ping on this PR.

The scope remains unchanged: cap managed browser tab count to prevent renderer buildup, while keeping the behavior isolated to the managed profile path.

If maintainers want any update now (rebase, extra validation, or adjustments), I can do it.

[pandego]

Addressed the unresolved review note about cleanup failures making openTab fail.

What changed in 16423d0:

• made managed-tab cap enforcement non-fatal when tab listing fails (/json/list errors/timeouts now keep cleanup best-effort)
• added a regression test that verifies openTab still succeeds when the cleanup list step fails

Validation run:

• corepack pnpm vitest run src/browser/server-context.remote-tab-ops.test.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 16423d0368

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[pandego]

Addressed both remaining unresolved review threads in 2f2fd51.

Changes:

• restricted managed-tab cap cleanup to local managed profiles only (driver === "openclaw" && cdpIsLoopback), so remote/shared CDP profiles are not affected
• made tab-close cleanup non-blocking for openTab latency (/json/close/* calls are detached best-effort)

Also kept prior fix in place:

• /json/list failure during cleanup no longer fails openTab

Added coverage:

• remote openclaw profile does not run managed tab-cap cleanup
• openTab does not block on slow/never-resolving best-effort close calls

Validation run:

• corepack pnpm vitest run src/browser/server-context.remote-tab-ops.test.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2f2fd51a6b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[pandego]

Nice catch again. I agree and fixed this in 28c60e7.

What changed:

• tab-cap cleanup now skips attach-only mode as well
• condition is now: managed local profile and not attach-only

Why:

• attach-only can target an already-running user/shared browser, so cleanup must not close unrelated tabs there

Added regression test:

• verifies no /json/close/* calls are made when attachOnly=true

Validation:

• corepack pnpm vitest run src/browser/server-context.remote-tab-ops.test.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 28c60e7b37

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[pandego]

Good point, I agree. I fixed this in 3091175.

What changed:

• tab-cap cleanup now requires managed runtime ownership (profileState.running) in addition to local managed profile checks
• this prevents cleanup from running when OpenClaw is attached to an already-running loopback browser that it does not own

Added test updates:

• cleanup-positive tests now mark the profile as managed/running
• ownership-negative paths remain covered by attach-only and remote-profile guards

Validation:

• corepack pnpm vitest run src/browser/server-context.remote-tab-ops.test.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3091175821

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[pandego]

Agreed, this was still on the return path. Fixed in eaba23d.

What changed:

• openTab no longer awaits managed-tab cap work
• cleanup now runs in detached best-effort mode via triggerManagedTabLimit
• this removes /json/list latency from the tab-open return path

I also adjusted tests to assert cleanup behavior asynchronously.

Validation:

• corepack pnpm vitest run src/browser/server-context.remote-tab-ops.test.ts

[steipete]

Landed via temp rebase onto main.

• Gate:
  • pnpm check (fails on pre-existing TS errors in src/process/exec.windows.test.ts and src/slack/monitor/events/messages.ts)
  • pnpm test -- src/browser/server-context.remote-tab-ops.test.ts src/browser/server-context.ensure-browser-available.waits-for-cdp-ready.test.ts
• Land commit: 24022f6
• Merge commit: 1184d39

Thanks @pandego!

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 24022f619e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Gate managed-tab cleanup by profile attachOnly setting

The cleanup guard uses state().resolved.attachOnly (global) instead of profile.attachOnly (per-profile), so attach-only overrides are ignored in this path. That creates inconsistent behavior with ensureBrowserAvailable (which already respects profile.attachOnly): in a mixed config like global attachOnly: true plus profiles.openclaw.attachOnly: false, OpenClaw can launch/manage the profile but tab-cap cleanup is silently disabled, and the inverse override can incorrectly permit cleanup for attach-only profiles. The guard should key off the resolved profile flag.

Useful? React with 👍 / 👎.