fix: resolve exec PATH fallback, layered browser diagnostics, and cron force-run deadlock

[1998xiangcai-cmd]

Summary

Describe the problem and fix in 2�C4 bullets:

• Problem: fix(exec): resolve login shell PATH when exec host defaults to "sandbox" without sandbox runtime #41549 left exec in a phantom-sandbox state that skipped login-shell PATH recovery, [UX] Surface layer-specific diagnostics for Control UI auth/origin vs remote CDP reachability in WSL2 + Windows setups #41553 made WSL2 + Windows browser failures hard to triage across Control UI/auth/origin/CDP layers, and [Bug]: `Recurring cron jobs with isolated agentTurn + LLM time out when force-run, while equivalent one-shot at jobs succeed #41558 let detached cron force-runs block on their own cron lane until timeout.
• Why it matters: these failures look like broken tooling even when the underlying install, browser profile, or model path is otherwise valid.
• What changed: exec now probes login-shell PATH when sandbox host falls back locally; browser status now emits layered control-ui/profile/CDP diagnostics and cleaner HTML upstream errors; cron force-runs now use a detached manual lane so nested cron work can still reuse the cron execution lane.
• What did NOT change (scope boundary): this does not add new browser capabilities, does not change sandbox policy beyond PATH recovery for local fallback, and does not redesign cron scheduling semantics.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes fix(exec): resolve login shell PATH when exec host defaults to "sandbox" without sandbox runtime #41549
• Closes [UX] Surface layer-specific diagnostics for Control UI auth/origin vs remote CDP reachability in WSL2 + Windows setups #41553
• Closes [Bug]: `Recurring cron jobs with isolated agentTurn + LLM time out when force-run, while equivalent one-shot at jobs succeed #41558

User-visible / Behavior Changes

• Exec tool can now find login-shell-managed binaries when the default sandbox host falls back to direct local execution.
• openclaw browser status now surfaces layered diagnostics for Control UI auth/origin configuration, browser profile attach mode, and remote/local CDP reachability.
• Browser HTTP errors now summarize proxy HTML error pages instead of dumping raw markup.
• Detached cron.run --force no longer self-deadlocks when isolated cron work reuses the cron execution lane.

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) Yes
• Data access scope changed? (Yes/No) Yes
• If any Yes, explain risk + mitigation:
  • Exec PATH recovery now also runs for local fallback from the default sandbox host, but only when no sandbox runtime exists and no explicit PATH override was provided.
  • Browser CLI status now reads the existing redacted config.get snapshot through the authenticated gateway path to derive operator diagnostics; it does not expose unredacted secrets.

Repro + Verification

Environment

• OS: Windows workstation, repo validation run locally
• Runtime/container: Node 22 / pnpm
• Model/provider: N/A for repro validation
• Integration/channel (if any): Browser control + cron
• Relevant config (redacted): default exec host, browser remote CDP profile, recurring isolated cron jobs

Steps

1. Leave tools.exec.host unset, disable sandbox runtime, and run an exec command that depends on login-shell PATH.
2. Run openclaw browser status against a remote CDP profile in a WSL2 + Windows style setup.
3. Force-run a recurring isolated cron job whose nested work reuses the cron lane.

Expected

• Exec finds login-shell-managed binaries.
• Browser status points to the failing layer instead of a generic connection failure.
• Force-run completes instead of timing out behind its own lane.

Actual

• Covered by the targeted tests below; all now pass.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios: pnpm check; pnpm test -- --run src/agents/bash-tools.exec.path.test.ts src/browser/status-diagnostics.test.ts src/browser/server.status-diagnostics.test.ts src/cli/browser-cli-manage.status-diagnostics.test.ts src/browser/client.test.ts src/cron/service.issue-regressions.test.ts; pnpm build.
• Edge cases checked: phantom sandbox PATH fallback, remote/local CDP diagnostics ordering, HTML proxy error summarization, detached cron force-run lane reuse.
• What you did not verify: live remote CDP against a real Windows browser host, or a live LLM-backed recurring cron on production credentials.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps:

Failure Recovery (if this breaks)

• How to disable/revert this change quickly: revert the three commits in this PR.
• Files/config to restore: src/agents/bash-tools.exec.ts, src/browser/*status*, src/cli/browser-cli-*, src/cron/service/ops.ts, src/process/lanes.ts, gateway lane config wiring.
• Known bad symptoms reviewers should watch for: missing PATH recovery on macOS launch agents, noisy browser diagnostics ordering, cron force-runs stuck until timeout.

Risks and Mitigations

List only real risks for this PR. Add/remove entries as needed. If none, write None.

• Risk: Browser status now includes more diagnostics and merges CLI-derived gateway config checks with server-side CDP checks.
  • Mitigation: diagnostics are additive, optional in the payload, redacted, and covered by route + CLI tests.
• Risk: The new detached cron manual lane could drift from cron concurrency settings.
  • Mitigation: gateway startup and hot-reload now set CommandLane.Cron and CommandLane.CronManual together, with regression coverage for the deadlock case.

[greptile-apps]

Greptile Summary

This PR addresses three targeted bug fixes: (1) login-shell PATH recovery now triggers when host === "sandbox" falls back to direct local execution (not just host === "gateway"), (2) openclaw browser status gains layered diagnostics covering Control UI auth/origin config, profile attach-mode, and CDP reachability, with HTML proxy error pages now summarized instead of dumped raw, and (3) cron.run --force is moved to a new CommandLane.CronManual lane so isolated cron jobs can still enqueue on CommandLane.Cron without self-deadlocking.

Key changes:

• bash-tools.exec.ts: extends host === "gateway" PATH probe guard to also cover host === "sandbox" when no sandbox runtime exists
• status-diagnostics.ts (new): pure-logic module for deriveBrowserStatusDiagnostics, deriveGatewayControlUiDiagnostics, and combineBrowserStatusDiagnostics; no network calls, well-typed, well-tested
• client-fetch.ts: summarizeBrowserServiceHttpError correctly identifies and summarizes nginx/proxy HTML error pages; the /<[^>]+>/g tag-stripping regex can be tricked by unencoded > in HTML attribute values and the fallback branch (no <title> or <h1>) has no length cap — minor robustness concerns worth addressing
• cron/service/ops.ts + process/lanes.ts + gateway wiring: CronManual lane cleanly separates manual force-runs from scheduled cron execution; both startup and hot-reload set CronManual concurrency in lockstep with Cron, preventing config drift
• Test coverage is thorough: unit tests for all three diagnostic paths, a regression test that directly exercises the deadlock scenario, and a server integration test for CDP reachability diagnostics

Confidence Score: 4/5

• Safe to merge with one minor robustness improvement suggested for HTML error message handling.
• All three fixes are narrowly scoped, backward-compatible, and covered by regression tests. The exec PATH change is guarded by existing conditions. Browser diagnostics are additive and optional. The cron lane split resolves a deadlock without altering scheduling semantics. One style/robustness concern identified in stripHtmlErrorText: the tag-stripping regex can be confused by unencoded > in attribute values, and the fallback path has no length cap, but this is a minor improvement opportunity rather than a blocking issue for merge.
• src/browser/client-fetch.ts — consider applying the suggested robustness improvement to the stripHtmlErrorText function (cap output length, improve regex handling of attributes with > characters)

_{Last reviewed commit: 3e8ab2b}

[greptile-apps]

> in attribute values can defeat the tag-stripping regex.

/<[^>]+>/g stops at the first > it encounters, so an attribute value that contains an unencoded > (e.g., aria-label="a > b", which some proxy error pages include) will leave the tail of the attribute and the closing > in the output. This is the fallback path that fires when neither <title> nor <h1> is found, so the resulting "summary" could contain raw attribute fragments and could be unboundedly long if the page body has significant text content.

Consider using a tighter pattern and capping the output length in the fallback:

Suggested change

	function stripHtmlErrorText(input: string): string {
	return input
	.replace(/<script[\s\S]*?<\/script>/gi, " ")
	.replace(/<style[\s\S]*?<\/style>/gi, " ")
	.replace(/<[^>]+>/g, " ")
	.replace(/\s+/g, " ")
	.trim();
	function stripHtmlErrorText(input: string): string {
	return input
	.replace(/<script[\s\S]*?<\/script>/gi, " ")
	.replace(/<style[\s\S]*?<\/style>/gi, " ")
	.replace(/<[^>]*>/g, " ")
	.replace(/&[a-z]+;/gi, " ")
	.replace(/\s+/g, " ")
	.trim()
	.slice(0, 200);
	}

Note: [^>]* (zero-or-more instead of one-or-more) is a minor alignment fix, but the more actionable change is adding .slice(0, 200) so that an HTML page without a title or heading can't push a multi-kilobyte text dump into the thrown error message.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/browser/client-fetch.ts
Line: 157-163

Comment:
`>` in attribute values can defeat the tag-stripping regex.

`/<[^>]+>/g` stops at the first `>` it encounters, so an attribute value that contains an unencoded `>` (e.g., `aria-label="a > b"`, which some proxy error pages include) will leave the tail of the attribute and the closing `>` in the output. This is the fallback path that fires when neither `<title>` nor `<h1>` is found, so the resulting "summary" could contain raw attribute fragments and could be unboundedly long if the page body has significant text content.

Consider using a tighter pattern and capping the output length in the fallback:

```suggestion
function stripHtmlErrorText(input: string): string {
  return input
    .replace(/<script[\s\S]*?<\/script>/gi, " ")
    .replace(/<style[\s\S]*?<\/style>/gi, " ")
    .replace(/<[^>]*>/g, " ")
    .replace(/&[a-z]+;/gi, " ")
    .replace(/\s+/g, " ")
    .trim()
    .slice(0, 200);
}
```

Note: `[^>]*` (zero-or-more instead of one-or-more) is a minor alignment fix, but the more actionable change is adding `.slice(0, 200)` so that an HTML page without a title or heading can't push a multi-kilobyte text dump into the thrown error message.

How can I resolve this? If you propose a fix, please make it concise.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3e8ab2b689

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Reuse short status timeout for config snapshot call

The new browser status path now always does config.get via callGatewayConfigSnapshot, but this helper does not pass a bounded timeout and therefore inherits the CLI default timeout from callGatewayFromCli (30s), unlike fetchBrowserStatus which explicitly uses 1500ms; when config.get is slow or partially unavailable, openclaw browser status can hang for tens of seconds before falling back to existing diagnostics, which is a responsiveness regression introduced by this change.

Useful? React with 👍 / 👎.

[Owlock]

Additional real-world validation from today (Mar 24): this PR’s layered diagnostics would have helped a lot in a WSL2 + Windows CDP outage triggered by virtualization mode toggling.

Repro chain:

• bcdedit /set hypervisorlaunchtype off (game mode) -> reboot
• bcdedit /set hypervisorlaunchtype auto -> reboot
• Chrome CDP still healthy on Windows localhost (127.0.0.1:9222), but unreachable from WSL host endpoint (172.30.144.1:9222) until bridge recovery

Recovery that restored remote tabs:

• ensure iphlpsvc running
• recreate portproxy (0.0.0.0:9222 -> 127.0.0.1:9222)
• allow inbound TCP 9222 in firewall
• verify both /json/version checks (localhost and WSL-reachable host address)

I posted full field notes in #41553 as follow-up evidence. +1 on this direction.

[openclaw-barnacle]

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[clawsweeper]

Codex review: needs real behavior proof before merge.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR changes exec PATH recovery, browser status diagnostics and HTML error formatting, and cron force-run lane scheduling.

Reproducibility: yes. for the PR blockers by source inspection: current main has the active browser status path under extensions/browser, while the PR changes removed src/browser paths, and the added config.get call is visibly unbounded in the PR diff. I did not live-run the Windows/WSL2 CDP or LLM-backed cron scenarios in this read-only review.

PR rating
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🦪 silver shellfish
Summary: The branch has useful signal, but missing real proof, conflicts, active-path drift, and blocking review findings make it not quality-ready as submitted.

Rank-up moves:

• Add redacted after-fix terminal output or logs for the exec/browser/cron scenarios.
• Port the browser diagnostics and tests to extensions/browser.
• Bound the config snapshot call and cap HTML fallback summaries before re-review.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Needs real behavior proof before merge: Needs real behavior proof before merge: the PR body lists local test commands and a Windows workstation scenario, but no after-fix terminal output, redacted logs, screenshots, recordings, or linked artifacts; contributors should redact private data before posting proof, then update the PR body for re-review.

Risk before merge

• A mechanical rebase could keep the browser diagnostics wired to removed core paths instead of extensions/browser, so users would not see the intended status output.
• The added config.get snapshot path in the PR can make openclaw browser status wait on a broader gateway CLI timeout when config retrieval is slow or degraded.
• The contributor has not attached after-fix terminal output, logs, screenshots, recordings, or linked artifacts from a real exec/browser/cron setup.
• The exec and cron portions overlap current-main replacements, so a rebase needs to preserve host=auto and CronNested behavior instead of adding competing stale lane semantics.

Maintainer options:

1. Rewrite Against Active Browser Plugin (recommended)
   Port the diagnostics to extensions/browser, keep status/config probes bounded, cap HTML summaries, and preserve the current exec and cron designs before reconsidering merge.
2. Pause Or Split The Stale Branch
   Close or pause this all-in-one branch if maintainers prefer smaller follow-ups for browser diagnostics and the narrower open WSL2/CDP diagnostic issue.

Next step before merge
Human handling is needed because the branch conflicts, lacks required external real-behavior proof, and the remaining useful diagnostics need an active-plugin rewrite or maintainer split decision.

Security
Cleared: The diff touches exec PATH behavior and browser status config reads, but I found no concrete dependency, workflow, credential, permission, or supply-chain regression.

Review findings

• [P2] Move diagnostics to the active browser plugin — src/browser/routes/basic.ts:74-79
• [P2] Bound the config snapshot request — src/cli/browser-cli-shared.ts:90
• [P3] Cap HTML fallback summaries — src/browser/client-fetch.ts:157-163

Review details

Best possible solution:

Split or rebase the branch so only the remaining browser diagnostics are ported to extensions/browser with bounded probes and capped error summaries, while preserving current main's exec auto-host and cron-nested lane behavior.

Do we have a high-confidence way to reproduce the issue?

Yes for the PR blockers by source inspection: current main has the active browser status path under extensions/browser, while the PR changes removed src/browser paths, and the added config.get call is visibly unbounded in the PR diff. I did not live-run the Windows/WSL2 CDP or LLM-backed cron scenarios in this read-only review.

Is this the best way to solve the issue?

No, this branch is not the best way to solve the remaining issue as submitted. The maintainable path is an active-plugin rewrite or split follow-up that keeps the current exec and cron fixes already on main.

Label justifications:

• P2: This is a normal-priority bugfix and diagnostics PR with limited but real impact across exec, browser status, and cron force-run workflows.
• merge-risk: 🚨 availability: The diff changes status request latency and cron lane scheduling, both of which can cause user-visible hangs or deadlocks if landed incorrectly.
• rating: 🧂 unranked krab: Current PR rating is 🧂 unranked krab because proof is 🧂 unranked krab, patch quality is 🦪 silver shellfish, and The branch has useful signal, but missing real proof, conflicts, active-path drift, and blocking review findings make it not quality-ready as submitted.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: Needs real behavior proof before merge: the PR body lists local test commands and a Windows workstation scenario, but no after-fix terminal output, redacted logs, screenshots, recordings, or linked artifacts; contributors should redact private data before posting proof, then update the PR body for re-review.

Full review comments:

• [P2] Move diagnostics to the active browser plugin — src/browser/routes/basic.ts:74-79
  Current main no longer has the core src/browser surface targeted by this diff; browser routes, types, and CLI code now live under extensions/browser. Unless this is ported to the active plugin paths, the intended browser status diagnostics will be absent after rebase.
  Confidence: 0.92
• [P2] Bound the config snapshot request — src/cli/browser-cli-shared.ts:90
  The new status path waits on callGatewayConfigSnapshot, but the helper calls config.get with the parent CLI timeout instead of the status request budget. A slow or degraded gateway config path can make openclaw browser status hang for tens of seconds before falling back.
  Confidence: 0.86
• [P3] Cap HTML fallback summaries — src/browser/client-fetch.ts:157-163
  When an HTML error page has no title or h1, stripHtmlErrorText can return an unbounded body-derived string, and malformed attributes can leak tag fragments into the message. Cap the fallback summary before reflecting it in BrowserServiceError.
  Confidence: 0.78

Overall correctness: patch is incorrect
Overall confidence: 0.88

What I checked:

• Live PR state: Live GitHub metadata reports the PR head at 3e8ab2b, mergeable=CONFLICTING, and labels requiring real behavior proof plus availability merge-risk handling. (3e8ab2b689be)
• PR targets removed browser paths: The PR diff changes src/browser/* and src/cli/browser-cli-* files, but current main has no src/browser tree or core browser CLI files for those paths. (src/browser/routes/basic.ts:74, 48acdd3d85ea)
• Active browser status is plugin-owned: Current main builds browser status in extensions/browser/src/browser/routes/basic.ts, returning cdpHttp/cdpReady/pageReady/profile fields from the plugin route without the PR's diagnostics array. (extensions/browser/src/browser/routes/basic.ts:86, 48acdd3d85ea)
• Exec default is already redesigned on main: Current main resolves an unset exec host to auto, and auto resolves to gateway when no sandbox runtime is available; explicit host=sandbox still fails closed. (src/agents/bash-tools.exec-runtime.ts:242, 48acdd3d85ea)
• Cron deadlock area uses a different current-main design: Current main maps cron-owned inner agent work to CommandLane.CronNested and applies cron concurrency to that lane, overlapping the PR's deadlock goal without adding CronManual. (src/agents/lanes.ts:18, 48acdd3d85ea)
• Regression coverage exists for current cron-nested routing: Current tests assert cron lane callers map to cron-nested and gateway concurrency applies to cron-nested, which is the active anti-deadlock mechanism on main. (src/cron/isolated-agent.lane.test.ts:85, 48acdd3d85ea)

Likely related people:

• steipete: Recent history includes the exec auto-host redesign, browser plugin runtime migration, and richer browser inspection work that this stale PR now overlaps. (role: recent area contributor; confidence: high; commits: 276ccd2583a9, 197510f69302, 1d4859dc5312; files: src/agents/bash-tools.exec-runtime.ts, docs/tools/exec.md, extensions/browser/src/browser/routes/basic.ts)
• vincentkoc: Recent commits touched exec routing and cron/task dispatch boundaries adjacent to the PR's exec and cron changes. (role: recent adjacent contributor; confidence: medium; commits: 2d53ffdec1da, 1c9053802a98; files: src/agents/bash-tools.exec.ts, src/cron/service/ops.ts)
• Kaspre: Recent cron and wake-routing work touches cron-run session and lane behavior adjacent to the force-run deadlock area. (role: recent cron and agent-lane contributor; confidence: medium; commits: 7eefb26bc8d8, 5971f74bf133, 4ddd942f5f89; files: src/cron/service/ops.ts, src/agents/lanes.ts, src/agents/pi-embedded-runner/lanes.ts)
• ai-hpc: Authored recent browser status work in the active plugin status route, including pageReady for Chrome MCP existing-session profiles. (role: browser status contributor; confidence: medium; commits: b4a420185c12; files: extensions/browser/src/browser/routes/basic.ts, extensions/browser/src/browser/client.types.ts)
• Feelw00: Authored recent manual cron-run active-state work adjacent to the PR's manual force-run scheduling path. (role: recent manual cron-run contributor; confidence: medium; commits: c1b59a95bfae; files: src/cron/service/ops.ts, src/cron/active-jobs-manual-run.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 48acdd3d85ea.

[clawsweeper]

ClawSweeper PR egg

🎁 Pass real behavior proof to wake the egg and unlock a hatchable treat.

Where did the egg go?

• The egg game starts only after the PR passes the real-behavior proof check.
• Before that, no creature or rarity is rolled. The treat waits for real proof.
• This is still just collectible flavor: proof affects review readiness, not creature quality.