@askjo/camofox-browser 1.7.0 → 1.7.2

package/lib/reporter.js

@@ -3,6 +3,8 @@
 // Config passed via createReporter(config) from lib/config.js.
 
 import crypto from 'crypto';
+import fs from 'fs';
+import { execSync } from 'child_process';
 
 // ============================================================================
 // Anonymization
@@ -10,7 +12,7 @@ import crypto from 'crypto';
 
 const SAFE_HOSTS = new Set([
   'github.com', 'api.github.com', 'npmjs.com', 'registry.npmjs.org',
-  'nodejs.org', 'localhost', '127.0.0.1', '::1',
+  'nodejs.org',
 ]);
 
 const SECRET_PREFIXES = [
@@ -64,17 +66,11 @@ export function anonymize(text) {
     }
   );
 
-  // 7. Strip IPv4 addresses (except localhost)
-  s = s.replace(/\b(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\b/g, (match) => {
-    if (match === '127.0.0.1') return match;
-    return '<ip>';
-  });
+  // 7. Strip IPv4 addresses
+  s = s.replace(/\b(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\b/g, '<ip>');
 
-  // 8. Strip IPv6 addresses (except ::1)
-  s = s.replace(/\b(?:[0-9a-fA-F]{1,4}:){2,7}[0-9a-fA-F]{1,4}\b/g, (match) => {
-    if (match === '::1') return match;
-    return '<ipv6>';
-  });
+  // 8. Strip IPv6 addresses
+  s = s.replace(/\b(?:[0-9a-fA-F]{1,4}:){2,7}[0-9a-fA-F]{1,4}\b/g, '<ipv6>');
   s = s.replace(/::(?:ffff:)?(?:\d{1,3}\.){3}\d{1,3}/g, '<ipv6>');
 
   // 9. Strip hostnames in connection errors
@@ -268,9 +264,7 @@ export function createUrlAnonymizer() {
     const parts = [url.protocol + '//'];
     const h = url.hostname.toLowerCase();
 
-    if (h === 'localhost' || h === '127.0.0.1' || h === '::1') {
-      parts.push('localhost');
-    } else if (/^(\d{1,3}\.){3}\d{1,3}$/.test(h) || h.includes(':')) {
+    if (/^(\d{1,3}\.){3}\d{1,3}$/.test(h) || h.includes(':')) {
       parts.push(hashHost(h));
     } else if (isPublicDomain(h)) {
       parts.push(h);
@@ -302,22 +296,57 @@ export function createUrlAnonymizer() {
 // Per-tab health tracker (count-only, no content)
 // ============================================================================
 
+// Known bot-detection providers, matched by response header fingerprints.
+// Order: most specific first.
+const BOT_DETECTION_SIGNATURES = [
+  { header: 'cf-mitigated', value: 'challenge', provider: 'cloudflare' },
+  { header: 'x-datadome', provider: 'datadome' },
+  { header: 'x-px', provider: 'perimeterx' },
+  { header: 'x-distil-cs', provider: 'distil' },
+  { header: 'x-sucuri-id', provider: 'sucuri' },
+  { header: 'server', value: 'akamaighost', provider: 'akamai' },
+  // cf-ray is on ALL Cloudflare responses (even 200 OK). Must be last so it
+  // doesn't short-circuit other providers on multi-CDN sites.
+  { header: 'cf-ray', provider: 'cloudflare' },
+];
+
+/**
+ * Detect bot-detection provider from Playwright response headers.
+ * Returns { detected: bool, provider: string|null, httpStatus: number|null }
+ */
+export function detectBotProtection(response) {
+  if (!response) return { detected: false, provider: null, httpStatus: null };
+  const status = response.status();
+  let headers;
+  try { headers = response.headers(); } catch { return { detected: false, provider: null, httpStatus: status }; }
+  for (const sig of BOT_DETECTION_SIGNATURES) {
+    const val = headers[sig.header];
+    if (val !== undefined) {
+      if (sig.value && !val.toLowerCase().includes(sig.value)) continue;
+      const challenged = status === 403 || status === 429 || status === 503;
+      return { detected: challenged, provider: sig.provider, httpStatus: status };
+    }
+  }
+  return { detected: false, provider: null, httpStatus: status };
+}
+
 /**
  * Create a health tracker for a tab. Attaches to Playwright page events.
- * Tracks: crashes, page errors, console errors, request failures,
- * dialog storms, redirect depth, HTTP status histogram, frame count.
+ * Tracks: crashes, page errors, request failures, redirect status codes,
+ * HTTP status histogram (4xx+), and anti-bot challenge detection.
  * All count-based — no URLs or content stored.
  */
 export function createTabHealthTracker(page) {
   const health = {
     crashes: 0,
     pageErrors: 0,
-    consoleErrors: 0,
     requestFailures: 0,
-    dialogCount: 0,
+    inflightRequests: 0,
     maxRedirectDepth: 0,
-    statusCounts: {},     // { 403: 5, 429: 2, ... }
-    frameCount: 0,
+    redirectStatusCodes: [],  // status codes in redirect chain, e.g. [301, 302, 403]
+    statusCounts: {},         // { 403: 5, 429: 2, ... }
+    botDetection: null,       // { detected, provider, httpStatus } from last nav response
+    lastNavResponseSize: 0,
     _redirectDepth: 0,
   };
 
@@ -327,13 +356,15 @@ export function createTabHealthTracker(page) {
   // Uncaught JS exceptions on the page
   page.on('pageerror', () => { health.pageErrors++; });
 
-  // Console errors (rate, not content)
-  page.on('console', (msg) => {
-    if (msg.type() === 'error') health.consoleErrors++;
+  // Failed requests (blocked, DNS failure, etc.) + decrement in-flight counter
+  page.on('requestfailed', () => {
+    health.requestFailures++;
+    health.inflightRequests = Math.max(0, health.inflightRequests - 1);
   });
 
-  // Failed requests (blocked, DNS failure, etc.)
-  page.on('requestfailed', () => { health.requestFailures++; });
+  // Track in-flight requests for hang diagnostics
+  page.on('request', () => { health.inflightRequests++; });
+  page.on('requestfinished', () => { health.inflightRequests = Math.max(0, health.inflightRequests - 1); });
 
   // HTTP status tracking (non-2xx only)
   page.on('response', (resp) => {
@@ -341,13 +372,12 @@ export function createTabHealthTracker(page) {
     if (s >= 400) health.statusCounts[s] = (health.statusCounts[s] || 0) + 1;
   });
 
-  // Dialog tracking (alert/confirm/prompt storms)
+  // Auto-dismiss dialogs to prevent page hangs (not tracked as a metric — noise)
   page.on('dialog', async (dialog) => {
-    health.dialogCount++;
     try { await dialog.dismiss(); } catch { /* page might be closed */ }
   });
 
-  // Redirect depth per navigation
+  // Redirect depth + status code chain per navigation
   page.on('request', (req) => {
     if (req.isNavigationRequest()) {
       if (req.redirectedFrom()) {
@@ -356,19 +386,120 @@ export function createTabHealthTracker(page) {
           health.maxRedirectDepth = health._redirectDepth;
         }
       } else {
-        health._redirectDepth = 0; // new navigation, reset
+        health._redirectDepth = 0;
+        health.redirectStatusCodes = [];
+        health.inflightRequests = 0;  // reset on new navigation to prevent drift
       }
     }
   });
 
+  // Capture redirect status codes and detect bot protection on nav responses
+  page.on('response', (resp) => {
+    try {
+      const req = resp.request();
+      if (req.isNavigationRequest()) {
+        health.redirectStatusCodes.push(resp.status());
+        health.botDetection = detectBotProtection(resp);
+        // Approximate response body size from content-length (no body read)
+        const cl = resp.headers()['content-length'];
+        if (cl) health.lastNavResponseSize = parseInt(cl, 10) || 0;
+      }
+    } catch { /* page closed */ }
+  });
+
   /** Snapshot current health counters for inclusion in reports. */
   function snapshot() {
-    try { health.frameCount = page.frames().length; } catch { /* closed */ }
     const { _redirectDepth, ...clean } = health;
     return { ...clean };
   }
 
-  return { health, snapshot };
+  /**
+   * Get document.readyState from the page. Returns null if page is unresponsive.
+   * Use a tight timeout — if the renderer is crashed, evaluate will hang.
+   */
+  async function getReadyState() {
+    try {
+      return await Promise.race([
+        page.evaluate(() => document.readyState),
+        new Promise(resolve => setTimeout(() => resolve('unresponsive'), 1000)),
+      ]);
+    } catch {
+      return 'unresponsive';
+    }
+  }
+
+  return { health, snapshot, getReadyState };
+}
+
+// ============================================================================
+// Process resource snapshot (memory, handles, FDs, browser RSS)
+// ============================================================================
+
+/**
+ * Collect process-level resource metrics. Safe to call at any time.
+ * Returns anonymized metrics — no PIDs, paths, or user data.
+ */
+export function collectResourceSnapshot(opts = {}) {
+  const mem = process.memoryUsage();
+  const snap = {
+    nodeRssMb: Math.round(mem.rss / 1048576),
+    nodeHeapUsedMb: Math.round(mem.heapUsed / 1048576),
+    nodeHeapTotalMb: Math.round(mem.heapTotal / 1048576),
+    nodeExternalMb: Math.round(mem.external / 1048576),
+    eventLoopLagMs: null,
+    activeHandles: null,
+    activeRequests: null,
+    openFds: null,
+    browserRssMb: null,
+  };
+
+  // Active libuv handles/requests (private API, guarded)
+  try { snap.activeHandles = process._getActiveHandles().length; } catch { /* unavailable */ }
+  try { snap.activeRequests = process._getActiveRequests().length; } catch { /* unavailable */ }
+
+  // Open file descriptors (Linux only)
+  try {
+    if (process.platform === 'linux') {
+      snap.openFds = fs.readdirSync('/proc/self/fd').length;
+    }
+  } catch { /* not available or permission denied */ }
+
+  // Browser process RSS (the one people miss — browser OOMs, not Node)
+  if (opts.browserPid && Number.isInteger(opts.browserPid) && opts.browserPid > 0) {
+    try {
+      if (process.platform === 'linux') {
+        const status = fs.readFileSync(`/proc/${opts.browserPid}/status`, 'utf8');
+        const match = status.match(/VmRSS:\s+(\d+)\s+kB/);
+        if (match) snap.browserRssMb = Math.round(parseInt(match[1], 10) / 1024);
+      } else if (process.platform === 'darwin') {
+        const out = execSync(`ps -o rss= -p ${opts.browserPid}`, { timeout: 1000 }).toString().trim();
+        if (out) snap.browserRssMb = Math.round(parseInt(out, 10) / 1024);
+      }
+    } catch { /* process gone or permission denied */ }
+  }
+
+  // Session/tab counts from caller
+  if (opts.sessionCount != null) snap.browserContexts = opts.sessionCount;
+  if (opts.tabCount != null) snap.activeTabs = opts.tabCount;
+
+  return snap;
+}
+
+/**
+ * Classify proxy errors from Playwright navigation error messages.
+ * Returns { proxyError: string|null, proxyTlsError: bool } — no IPs or credentials.
+ */
+export function classifyProxyError(errorMessage) {
+  if (!errorMessage || typeof errorMessage !== 'string') return { proxyError: null, proxyTlsError: false };
+  const msg = errorMessage.toUpperCase();
+  // Explicit proxy errors from Chromium/Firefox net stack
+  if (msg.includes('ERR_PROXY_CONNECTION_FAILED')) return { proxyError: 'ERR_PROXY_CONNECTION_FAILED', proxyTlsError: false };
+  if (msg.includes('ERR_TUNNEL_CONNECTION_FAILED')) return { proxyError: 'ERR_TUNNEL_CONNECTION_FAILED', proxyTlsError: false };
+  if (msg.includes('ERR_PROXY_AUTH_REQUESTED') || msg.includes('407')) return { proxyError: 'ERR_PROXY_AUTH_REQUESTED', proxyTlsError: false };
+  if (msg.includes('ERR_PROXY_CERTIFICATE_INVALID') || (msg.includes('PROXY') && msg.includes('SSL'))) return { proxyError: 'ERR_PROXY_TLS', proxyTlsError: true };
+  if (msg.includes('ECONNREFUSED') && msg.includes('PROXY')) return { proxyError: 'ECONNREFUSED', proxyTlsError: false };
+  if (msg.includes('ETIMEDOUT') && msg.includes('PROXY')) return { proxyError: 'ETIMEDOUT', proxyTlsError: false };
+  return { proxyError: null, proxyTlsError: false };
 }
 
 // ============================================================================
@@ -518,24 +649,86 @@ function formatIssueBody(type, detail) {
   const sections = [
     '> Auto-reported by ' + _GH_USER_AGENT + '. All data is anonymized.',
     '',
-    `**Type:** ${type}`,
-    `**Version:** ${detail.version || 'unknown'}`,
-    `**Node:** ${detail.nodeVersion || 'unknown'}`,
-    `**Platform:** ${detail.platform || 'unknown'}`,
-    `**Uptime:** ${detail.uptimeMinutes != null ? detail.uptimeMinutes + ' min' : 'unknown'}`,
+    '## Environment',
+    `- **version:** ${detail.version || 'unknown'}`,
+    `- **node:** ${detail.nodeVersion || 'unknown'}`,
+    `- **platform:** ${detail.platform || 'unknown'}`,
+    `- **uptime:** ${detail.uptimeMinutes != null ? detail.uptimeMinutes + ' min' : 'unknown'}`,
   ];
 
+  // Resource snapshot (memory, handles, browser RSS)
+  const r = detail.resources;
+  if (r) {
+    sections.push('', '## Resources');
+    sections.push(`- **node RSS:** ${r.nodeRssMb ?? '?'} MB`);
+    sections.push(`- **node heap:** ${r.nodeHeapUsedMb ?? '?'} / ${r.nodeHeapTotalMb ?? '?'} MB`);
+    if (r.browserRssMb != null) sections.push(`- **browser RSS:** ${r.browserRssMb} MB`);
+    if (r.browserContexts != null) sections.push(`- **browser contexts:** ${r.browserContexts}`);
+    if (r.activeTabs != null) sections.push(`- **active tabs:** ${r.activeTabs}`);
+    if (r.openFds != null) sections.push(`- **open FDs:** ${r.openFds}`);
+    if (r.activeHandles != null) sections.push(`- **active handles:** ${r.activeHandles}`);
+    if (r.eventLoopLagMs != null) sections.push(`- **event loop lag:** ${r.eventLoopLagMs} ms`);
+  }
+
+  // Error info
+  if (detail.signal) sections.push('', `**Signal:** ${detail.signal}`);
+  if (detail.activeRoute) sections.push(`**Active route:** ${detail.activeRoute}`);
   if (detail.message) {
-    sections.push('', '### Error', '```', anonymize(detail.message), '```');
+    sections.push('', '## Error', '```', anonymize(detail.message), '```');
   }
   if (detail.stack) {
-    sections.push('', '### Stack Trace', '```', anonymize(detail.stack), '```');
+    sections.push('', '## Stack Trace', '```', anonymize(detail.stack), '```');
+  }
+
+  // Hang-specific details
+  if (detail.hang) {
+    const h = detail.hang;
+    sections.push('', '## Hang Details');
+    sections.push(`- **operation:** ${h.operation}`);
+    sections.push(`- **duration:** ${Math.round(h.durationMs / 1000)}s`);
+    if (h.lockQueueMs != null) sections.push(`- **lock queue wait:** ${Math.round(h.lockQueueMs)}ms`);
+    if (h.documentReadyState) sections.push(`- **document.readyState:** ${h.documentReadyState}`);
+    if (h.inflightRequests != null) sections.push(`- **in-flight requests:** ${h.inflightRequests}`);
+  }
+
+  // Anti-bot detection
+  if (detail.botDetection?.detected) {
+    const b = detail.botDetection;
+    sections.push('', '## Anti-Bot Detection');
+    sections.push(`- **provider:** ${b.provider || 'unknown'}`);
+    sections.push(`- **HTTP status:** ${b.httpStatus || '?'}`);
+    if (b.responseBodySizeKb != null) sections.push(`- **response size:** ${b.responseBodySizeKb} KB`);
+    if (b.redirectChainLength != null) sections.push(`- **redirect chain:** ${b.redirectChainLength} hops`);
+    if (b.redirectStatusCodes?.length) sections.push(`- **redirect statuses:** ${b.redirectStatusCodes.join(' → ')}`);
+  }
+
+  // Proxy info (safe fields only — no IPs, credentials, or hostnames)
+  if (detail.proxy) {
+    const p = detail.proxy;
+    sections.push('', '## Proxy');
+    sections.push(`- **configured:** ${p.configured}`);
+    if (p.configured) {
+      if (p.type) sections.push(`- **type:** ${p.type}`);
+      sections.push(`- **auth configured:** ${p.authConfigured ?? 'unknown'}`);
+      if (p.error) sections.push(`- **error:** ${p.error}`);
+      if (p.tlsError) sections.push(`- **TLS error:** yes`);
+    }
   }
-  if (detail.context) {
-    sections.push('', '### Context', '```', anonymize(JSON.stringify(detail.context, null, 2)), '```');
+
+  // Stall-specific details
+  if (detail.stall) {
+    const s = detail.stall;
+    sections.push('', '## Stall Details');
+    sections.push(`- **stall duration:** ${Math.round(s.driftMs / 1000)}s`);
+    if (s.lastRoute) sections.push(`- **last route:** ${s.lastRoute}`);
+    if (s.activeHandles != null) sections.push(`- **active handles:** ${s.activeHandles}`);
+    if (s.activeRequests != null) sections.push(`- **active requests:** ${s.activeRequests}`);
+    if (s.heapDeltaMb != null) sections.push(`- **heap delta:** ${s.heapDeltaMb > 0 ? '+' : ''}${s.heapDeltaMb} MB`);
   }
-  if (detail.metrics) {
-    sections.push('', '### Metrics', '```json', JSON.stringify(detail.metrics, null, 2), '```');
+
+  // Context (misc extra data)
+  if (detail.context && Object.keys(detail.context).length > 0) {
+    sections.push('', '<details><summary>Context</summary>', '', '```json', anonymize(JSON.stringify(detail.context, null, 2)), '```', '', '</details>');
   }
 
   return sections.join('\n');
@@ -547,6 +740,14 @@ function formatCommentBody(type, detail) {
     `**+1** — ${ts}`,
     `Version: ${detail.version || 'unknown'}, Uptime: ${detail.uptimeMinutes != null ? detail.uptimeMinutes + ' min' : '?'}`,
   ];
+  // Include resource snapshot in +1 comments too
+  const r = detail.resources;
+  if (r) {
+    const parts = [`RSS: ${r.nodeRssMb ?? '?'}MB`];
+    if (r.browserRssMb != null) parts.push(`Browser: ${r.browserRssMb}MB`);
+    if (r.activeTabs != null) parts.push(`Tabs: ${r.activeTabs}`);
+    lines.push(parts.join(', '));
+  }
   if (detail.message) {
     lines.push('```', anonymize(detail.message).slice(0, 500), '```');
   }
@@ -586,6 +787,9 @@ export function createReporter(config) {
   let lastTick = Date.now();
   const inFlight = new Set();
 
+  // Track last Express route for stall reports
+  let _lastRoute = null;
+
   // No-op when disabled
   if (!enabled) {
     return {
@@ -593,6 +797,7 @@ export function createReporter(config) {
       reportHang: async () => {},
       reportStuckLoop: async () => {},
       startWatchdog: () => {},
+      trackRoute: () => {},
       stop: () => {},
       _anonymize: anonymize,
       _stackSignature: stackSignature,
@@ -600,7 +805,7 @@ export function createReporter(config) {
   }
 
   /** Core: file or deduplicate a report. NEVER throws. */
-  async function fileReport(type, label, detail) {
+  async function fileReport(type, labels, detail) {
     if (!rateLimiter.tryAcquire()) return;
 
     const reportPromise = (async () => {
@@ -627,7 +832,8 @@ export function createReporter(config) {
           platform: typeof process !== 'undefined' ? process.platform : 'unknown',
         });
 
-        await createIssue(repo, title, body, [label, 'auto-report']);
+        const issueLabels = Array.isArray(labels) ? labels : [labels, 'auto-report'];
+        await createIssue(repo, title, body, issueLabels);
       } catch {
         // Swallow — reporter must never crash the server
       }
@@ -637,19 +843,32 @@ export function createReporter(config) {
     reportPromise.finally(() => inFlight.delete(reportPromise));
   }
 
+  /**
+   * Track the last Express route for stall diagnostics.
+   * Call from middleware: reporter.trackRoute(req.method + ' ' + req.route?.path)
+   */
+  function trackRoute(route) {
+    _lastRoute = route || null;
+  }
+
   async function reportCrash(error, opts = {}) {
     const err = error instanceof Error ? error : new Error(String(error));
     const uptimeMinutes = typeof process !== 'undefined'
       ? Math.round(process.uptime() / 60) : undefined;
+    const resources = collectResourceSnapshot(opts.resourceOpts || {});
 
     await fileReport(
       opts.signal ? `signal:${opts.signal}` : (err.name || 'crash'),
-      'crash',
+      ['crash', 'auto-report'],
       {
         error: err,
         message: err.message,
         stack: err.stack,
+        signal: opts.signal || null,
+        activeRoute: _lastRoute,
         uptimeMinutes,
+        resources,
+        proxy: opts.proxy || null,
         context: opts.context,
       },
     );
@@ -658,32 +877,55 @@ export function createReporter(config) {
   async function reportHang(operation, durationMs, opts = {}) {
     const uptimeMinutes = typeof process !== 'undefined'
       ? Math.round(process.uptime() / 60) : undefined;
+    const resources = collectResourceSnapshot(opts.resourceOpts || {});
 
-    // Create per-report URL anonymizer (fresh salt each time)
-    const urlAnon = createUrlAnonymizer();
-    const context = { operation, durationMs, ...opts.context };
-
-    // Anonymize any URLs in the journal
+    // Build lean context (journal only, no redundant fields)
+    const context = { ...opts.context };
     if (context.journal) {
-      context.journal = context.journal.map(j => {
-        if (typeof j === 'string') return j; // already "type:action" format
-        return j;
-      });
+      context.journal = context.journal.map(j => typeof j === 'string' ? j : j);
+    }
+    // Remove fields that now have dedicated sections
+    delete context.operation;
+    delete context.durationMs;
+
+    // Anti-bot detection from health snapshot
+    const healthSnap = opts.healthSnapshot;
+    const botDetection = healthSnap?.botDetection?.detected ? {
+      ...healthSnap.botDetection,
+      responseBodySizeKb: healthSnap.lastNavResponseSize
+        ? Math.round(healthSnap.lastNavResponseSize / 1024) : null,
+      redirectChainLength: healthSnap.redirectStatusCodes?.length || null,
+      redirectStatusCodes: healthSnap.redirectStatusCodes?.length
+        ? healthSnap.redirectStatusCodes : null,
+    } : null;
+
+    // Get document.readyState if healthTracker provided
+    let documentReadyState = null;
+    if (opts.healthTracker?.getReadyState) {
+      documentReadyState = await opts.healthTracker.getReadyState();
     }
-    // Include anonymized URL if provided
-    if (opts.url) context.url = urlAnon.anonymizeUrl(opts.url);
-    if (opts.redirectChain) context.redirectChain = urlAnon.anonymizeChain(opts.redirectChain);
 
-    // Include tab health snapshot if provided
-    if (opts.healthSnapshot) context.health = opts.healthSnapshot;
+    const labels = ['hang', 'auto-report'];
+    if (botDetection?.detected) labels.push('bot-detection');
 
     await fileReport(
       `hang:${operation}`,
-      'hang',
+      labels,
       {
         message: `Operation "${operation}" hung for ${Math.round(durationMs / 1000)}s`,
         stack: opts.error?.stack,
+        activeRoute: _lastRoute,
         uptimeMinutes,
+        resources,
+        hang: {
+          operation,
+          durationMs,
+          lockQueueMs: opts.lockQueueMs ?? null,
+          documentReadyState,
+          inflightRequests: healthSnap?.inflightRequests ?? null,
+        },
+        botDetection,
+        proxy: opts.proxy || null,
         context,
       },
     );
@@ -692,13 +934,15 @@ export function createReporter(config) {
   async function reportStuckLoop(durationMs, opts = {}) {
     const uptimeMinutes = typeof process !== 'undefined'
       ? Math.round(process.uptime() / 60) : undefined;
+    const resources = collectResourceSnapshot(opts.resourceOpts || {});
 
     await fileReport(
       'stuck:tab-lock',
-      'stuck',
+      ['stuck', 'auto-report'],
       {
         message: `Tab lock held for ${Math.round(durationMs / 1000)}s (tab destroyed)`,
         uptimeMinutes,
+        resources,
         context: { durationMs, ...opts.context },
       },
     );
@@ -709,21 +953,60 @@ export function createReporter(config) {
 
     const checkMs = 1000;
     lastTick = Date.now();
+    let lastHeapUsed = process.memoryUsage().heapUsed;
+    // Suppress false positives from OS sleep/suspend (laptop lid close, VM pause).
+    // Stalls > 120s are almost certainly not event-loop bugs.
+    const MAX_REPORTABLE_DRIFT_MS = 120_000;
+    let suppressTicksRemaining = 0;
+    const SUPPRESS_TICKS_AFTER_WAKE = 5;
 
     watchdogInterval = setInterval(() => {
       const now = Date.now();
       const drift = now - lastTick - checkMs;
       lastTick = now;
 
+      // After a long sleep/suspend, suppress the next few ticks (post-wake jitter)
+      if (drift > MAX_REPORTABLE_DRIFT_MS) {
+        suppressTicksRemaining = SUPPRESS_TICKS_AFTER_WAKE;
+        lastHeapUsed = process.memoryUsage().heapUsed;
+        return;
+      }
+      if (suppressTicksRemaining > 0) {
+        suppressTicksRemaining--;
+        lastHeapUsed = process.memoryUsage().heapUsed;
+        return;
+      }
+
       if (drift > thresholdMs) {
+        // Capture heap delta during stall (GC indicator)
+        const currentHeap = process.memoryUsage().heapUsed;
+        const heapDeltaMb = Math.round((currentHeap - lastHeapUsed) / 1048576);
+        lastHeapUsed = currentHeap;
+
         let extra = {};
         try { if (getContext) extra = getContext(); } catch { /* swallow */ }
-        fileReport('stuck:event-loop', 'stuck', {
+
+        const resources = collectResourceSnapshot(extra.resourceOpts || {});
+        // Remove resourceOpts from extra so it doesn't end up in context
+        delete extra.resourceOpts;
+
+        fileReport('stuck:event-loop', ['stuck', 'auto-report'], {
           message: `Event loop stalled for ${Math.round(drift / 1000)}s (threshold: ${Math.round(thresholdMs / 1000)}s)`,
           uptimeMinutes: typeof process !== 'undefined'
             ? Math.round(process.uptime() / 60) : undefined,
-          context: { driftMs: drift, thresholdMs, ...extra },
+          resources,
+          stall: {
+            driftMs: drift,
+            thresholdMs,
+            lastRoute: _lastRoute,
+            activeHandles: resources.activeHandles,
+            activeRequests: resources.activeRequests,
+            heapDeltaMb,
+          },
+          context: extra,
         });
+      } else {
+        lastHeapUsed = process.memoryUsage().heapUsed;
       }
     }, checkMs);
 
@@ -743,6 +1026,7 @@ export function createReporter(config) {
     reportHang,
     reportStuckLoop,
     startWatchdog,
+    trackRoute,
     stop,
     _anonymize: anonymize,
     _stackSignature: stackSignature,

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "camofox-browser",
   "name": "Camofox Browser",
   "description": "Anti-detection browser automation for AI agents using Camoufox (Firefox-based)",
-  "version": "1.7.0",
+  "version": "1.7.2",
   "configSchema": {
     "type": "object",
     "properties": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askjo/camofox-browser",
-  "version": "1.7.0",
+  "version": "1.7.2",
   "description": "Headless browser automation server and OpenClaw plugin for AI agents - anti-detection, element refs, and session isolation",
   "type": "module",
   "main": "server.js",

package/server.js

@@ -33,7 +33,7 @@ import {
 import { actionFromReq, classifyError } from './lib/request-utils.js';
 import { cleanupOrphanedTempFiles } from './lib/tmp-cleanup.js';
 import { coalesceInflight } from './lib/inflight.js';
-import { createReporter, createTabHealthTracker } from './lib/reporter.js';
+import { createReporter, createTabHealthTracker, collectResourceSnapshot, classifyProxyError } from './lib/reporter.js';
 import { mountDocs } from './lib/openapi.js';
 
 const CONFIG = loadConfig();
@@ -42,18 +42,21 @@ const CONFIG = loadConfig();
 import { readFileSync } from 'fs';
 const _pkgVersion = (() => { try { return JSON.parse(readFileSync(new URL('./package.json', import.meta.url), 'utf8')).version; } catch { return 'unknown'; } })();
 const reporter = createReporter({ ...CONFIG, version: _pkgVersion });
-reporter.startWatchdog(5000, () => {
-  const summary = [];
-  for (const [userId, session] of sessions) {
-    const urls = [];
-    for (const group of session.tabGroups.values()) {
-      for (const tab of group.values()) {
-        try { if (tab.page) urls.push(tab.page.url()); } catch {}
-      }
-    }
-    summary.push({ userId, urls });
+function _countTabs() {
+  let total = 0;
+  for (const session of sessions.values()) {
+    for (const group of session.tabGroups.values()) total += group.size;
   }
-  return { sessions: sessions.size, summary };
+  return total;
+}
+function _browserPid() {
+  try { return browser?.process?.()?.pid ?? null; } catch { return null; }
+}
+function _resourceOpts() {
+  return { sessionCount: sessions.size, tabCount: _countTabs(), browserPid: _browserPid() };
+}
+reporter.startWatchdog(5000, () => {
+  return { resourceOpts: _resourceOpts() };
 });
 
 // --- Plugin event bus ---
@@ -101,6 +104,7 @@ app.use((req, res, next) => {
   }
 
   const action = actionFromReq(req);
+  reporter.trackRoute(`${req.method} ${req.route?.path || '[unmatched]'}`);
   const done = requestDuration.startTimer({ action });
 
   const origEnd = res.end.bind(res);
@@ -1033,10 +1037,19 @@ function handleRouteError(err, req, res, extraFields = {}) {
       if (ts.failureJournal.length > 20) ts.failureJournal = ts.failureJournal.slice(-20);
 
       if (ts.consecutiveFailures === 3) {
+        const _proxyErr = classifyProxyError(err?.message);
         reporter.reportHang(action, req.startTime ? Date.now() - req.startTime : 0, {
           error: err,
-          url: ts.lastRequestedUrl || undefined,
           healthSnapshot: ts.healthTracker ? ts.healthTracker.snapshot() : undefined,
+          healthTracker: ts.healthTracker || null,
+          resourceOpts: _resourceOpts(),
+          proxy: proxyPool ? {
+            configured: true,
+            type: proxyPool.mode || null,
+            authConfigured: !!CONFIG.proxy?.username,
+            error: _proxyErr.proxyError,
+            tlsError: _proxyErr.proxyTlsError,
+          } : { configured: false },
           context: {
             failureType,
             consecutiveFailures: ts.consecutiveFailures,
@@ -4928,7 +4941,7 @@ setInterval(async () => {
 process.on('uncaughtException', (err) => {
   pluginEvents.emit('browser:error', { error: err });
   log('error', 'uncaughtException', { error: err.message, stack: err.stack });
-  reporter.reportCrash(err);
+  reporter.reportCrash(err, { resourceOpts: _resourceOpts() });
   process.exit(1);
 });
 process.on('unhandledRejection', (reason) => {