vrr/openclaw
2
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 17:05:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 18
openclaw/docs
History
Viz 4cfc8cd5be
fix(browser): discover CDP websocket from bare ws:// URL before attach (#68715) 
* fix(browser): discover CDP websocket from bare ws:// URL before attach

When browser.cdpUrl is set to a bare ws://host:port (no /devtools/ path), ensureBrowserAvailable would call isChromeReachable -> canOpenWebSocket against the URL verbatim. Chrome only accepts WebSocket upgrades at the specific path returned by /json/version, so the handshake failed immediately with HTTP 400. With attachOnly: true, that surfaced as:

  Browser attachOnly is enabled and profile "openclaw" is not running.

even though the CDP endpoint was reachable and the profile was healthy. Reproduced by the new tests in chrome.test.ts and cdp.test.ts (#68027).

Fix: introduce isDirectCdpWebSocketEndpoint(url) — true only when a ws/wss URL has a /devtools/<kind>/<id> handshake path. Route any other ws/wss cdpUrl (including the bare ws://host:port shape) through HTTP /json/version discovery by normalising the scheme via the existing normalizeCdpHttpBaseForJsonEndpoints helper. Apply this in isChromeReachable, getChromeWebSocketUrl, and createTargetViaCdp. Direct WS endpoints with a /devtools/ path are still opened without an extra discovery round-trip.

Fixes #68027

* test(browser): add seeded fuzz coverage for CDP URL helpers

Adds property-based / seeded-fuzz tests for the URL helpers the
attachOnly CDP fix depends on (#68027):

  - isWebSocketUrl
  - isDirectCdpWebSocketEndpoint
  - normalizeCdpHttpBaseForJsonEndpoints
  - parseBrowserHttpUrl
  - redactCdpUrl
  - appendCdpPath
  - getHeadersWithAuth

Follows the existing repo convention (see
src/gateway/http-common.fuzz.test.ts): no fast-check dep, small
mulberry32 PRNG + hand-rolled generators, deterministic per-describe
seeds so failures are reproducible.

Lifts cdp.helpers.ts coverage from 77.77% -> 89.54% statements,
67.9% -> 80.24% branches, 78% -> 90% lines. Remaining uncovered
lines are inside the WS sender internals (createCdpSender,
withCdpSocket, fetchCdpChecked rate-limit branch), which require
integration-style mocks and are unrelated to the attachOnly fix.

* test(browser): drive cdp.helpers/cdp/chrome to 100% coverage

Lifts the three files touched by the #68027 attachOnly fix to 100% statements/branches/functions/lines across the extensions test suite. Adds cdp.helpers.internal.test.ts, cdp.internal.test.ts, and chrome.internal.test.ts covering error paths, branch matrices, CDP session helpers, Chrome spawn/launch/stop flows, and canRunCdpHealthCommand. Defensively unreachable guards are annotated with c8 ignore + inline justifications.

* fix(browser): restore WS fallback for non-/devtools ws:// CDP URLs

When /json/version discovery is unavailable (or returns no
webSocketDebuggerUrl), fall back to treating the original bare ws/wss
URL as a direct WebSocket endpoint. This preserves the #68027 fix for
Chrome's debug port while restoring compatibility with Browserless/
Browserbase-style providers that expose a direct WebSocket root without
a /json/version endpoint.

Priority order for bare ws/wss cdpUrl inputs:
  1. /devtools/<kind>/<id> URL \u2192 direct handshake, no discovery (unchanged)
  2. bare ws/wss root \u2192 try HTTP discovery first; if discovery returns a
     webSocketDebuggerUrl use it; otherwise fall back to the original URL
     as a direct WS endpoint
  3. HTTP/HTTPS URL \u2192 HTTP discovery only, no fallback (unchanged)

Affected call sites: isChromeReachable, getChromeWebSocketUrl,
createTargetViaCdp.

Also renames a misleading test ('still enforces SSRF policy for direct
WebSocket URLs') to accurately describe what it tests: SSRF enforcement
on the navigation target URL, not on the CDP endpoint.

New tests added for all three fallback paths. Coverage remains 100% on
all three touched files (238 tests).

* fix: browser attachOnly bare ws CDP follow-ups (#68715) (thanks @visionik)
2026-04-19 05:43:39 -04:00
..
.generated chore: prepare 2026.4.19-beta.1 release 2026-04-19 02:09:43 +01:00
.i18n docs: add WeChat channel guide 2026-04-18 18:26:40 +01:00
assets docs: add GitHub sponsor to README 2026-04-04 13:36:58 +09:00
automation fix: correct cron AND guidance (#64968) (thanks @BKF-Gitty) 2026-04-12 09:53:49 +05:30
channels docs: add WeChat channel guide 2026-04-18 18:26:40 +01:00
cli docs: add experimental-features page and de-experimentalize dreaming 2026-04-15 11:46:25 +01:00
concepts fix: align active-memory timeout schema (#68480) (thanks @Bartok9) 2026-04-18 20:31:41 +01:00
debug docs: clarify tsgo typecheck lanes 2026-04-18 18:24:07 +01:00
diagnostics
gateway Align documented bootstrap context defaults with runtime values (#67968) 2026-04-18 09:00:21 +05:30
help docs: clarify source control-ui dev/build flow (#68814) 2026-04-19 16:48:32 +10:00
images feat: Streamline Feishu channel onboarding with QR code scan-to-create flow (#65680) 2026-04-13 18:03:44 +08:00
install docs: clarify source control-ui dev/build flow (#68814) 2026-04-19 16:48:32 +10:00
nodes docs(talk): update android playback docs 2026-04-05 08:20:47 +05:30
platforms docs: clarify source control-ui dev/build flow (#68814) 2026-04-19 16:48:32 +10:00
plugins refactor(google): move Gemini transport into plugin 2026-04-18 21:41:54 +01:00
providers fix: support Gemini latest thinking config 2026-04-18 19:22:27 +01:00
refactor QA: organize scenarios by theme 2026-04-17 11:03:47 -04:00
reference fix(context-window): Tighten context limits and bound memory excerpts (#67277) 2026-04-15 13:06:02 -05:00
security docs: fix oxfmt formatting in remote.md and THREAT-MODEL-ATLAS.md 2026-03-31 14:36:49 +09:00
snippets/plugin-publish [codex] harden clawhub plugin publishing and install (#56870) 2026-03-29 11:59:19 -07:00
start docs: clarify source control-ui dev/build flow (#68814) 2026-04-19 16:48:32 +10:00
tools fix(browser): discover CDP websocket from bare ws:// URL before attach (#68715) 2026-04-19 05:43:39 -04:00
web docs: clarify source control-ui dev/build flow (#68814) 2026-04-19 16:48:32 +10:00
AGENTS.md docs(agents): split scoped workflow guidance (#65241) 2026-04-12 09:09:50 +01:00
auth-credential-semantics.md docs: refresh auth probe reason-code refs 2026-04-04 20:51:43 +01:00
brave-search.md docs: refresh shared web search references 2026-04-04 10:16:02 +01:00
ci.md ci(test): align node lane names with boundary split 2026-04-11 00:36:06 +01:00
CLAUDE.md docs(agents): split scoped workflow guidance (#65241) 2026-04-12 09:09:50 +01:00
date-time.md
docs.json docs: add WeChat channel guide 2026-04-18 18:26:40 +01:00
index.md docs: refresh channel overview mirrors 2026-04-04 15:07:32 +01:00
logging.md docs: refresh legacy tts and logging docs 2026-04-04 10:19:38 +01:00
nav-tabs-underline.js
network.md docs: refresh bridge removal mirrors 2026-04-04 21:24:09 +01:00
perplexity.md docs: refresh shared web search references 2026-04-04 10:16:02 +01:00
pi-dev.md docs: refresh pi development docs 2026-04-04 10:21:30 +01:00
pi.md refactor: align agent tool params with upstream pi 2026-04-05 20:36:47 +01:00
prose.md docs(plugins): refresh bundled plugin runtime docs 2026-03-29 09:10:39 +01:00
style.css perf: optimize remaining core tests 2026-04-17 16:05:10 +01:00
tts.md docs: add media overview page and consolidate TTS duplicate 2026-04-06 16:18:45 +01:00
vps.md feat(docs): add Hostinger installation guide and link in VPS document… (#65904) 2026-04-13 14:12:44 +01:00
whatsapp-openclaw-ai-zh.jpg
whatsapp-openclaw.jpg