@askjo/camofox-browser 1.7.1 → 1.7.3

package/lib/reporter.js

@@ -3,6 +3,8 @@
 // Config passed via createReporter(config) from lib/config.js.
 
 import crypto from 'crypto';
+import fs from 'fs';
+import { monitorEventLoopDelay } from 'perf_hooks';
 
 // ============================================================================
 // Anonymization
@@ -294,22 +296,57 @@ export function createUrlAnonymizer() {
 // Per-tab health tracker (count-only, no content)
 // ============================================================================
 
+// Known bot-detection providers, matched by response header fingerprints.
+// Order: most specific first.
+const BOT_DETECTION_SIGNATURES = [
+  { header: 'cf-mitigated', value: 'challenge', provider: 'cloudflare' },
+  { header: 'x-datadome', provider: 'datadome' },
+  { header: 'x-px', provider: 'perimeterx' },
+  { header: 'x-distil-cs', provider: 'distil' },
+  { header: 'x-sucuri-id', provider: 'sucuri' },
+  { header: 'server', value: 'akamaighost', provider: 'akamai' },
+  // cf-ray is on ALL Cloudflare responses (even 200 OK). Must be last so it
+  // doesn't short-circuit other providers on multi-CDN sites.
+  { header: 'cf-ray', provider: 'cloudflare' },
+];
+
+/**
+ * Detect bot-detection provider from Playwright response headers.
+ * Returns { detected: bool, provider: string|null, httpStatus: number|null }
+ */
+export function detectBotProtection(response) {
+  if (!response) return { detected: false, provider: null, httpStatus: null };
+  const status = response.status();
+  let headers;
+  try { headers = response.headers(); } catch { return { detected: false, provider: null, httpStatus: status }; }
+  for (const sig of BOT_DETECTION_SIGNATURES) {
+    const val = headers[sig.header];
+    if (val !== undefined) {
+      if (sig.value && !val.toLowerCase().includes(sig.value)) continue;
+      const challenged = status === 403 || status === 429 || status === 503;
+      return { detected: challenged, provider: sig.provider, httpStatus: status };
+    }
+  }
+  return { detected: false, provider: null, httpStatus: status };
+}
+
 /**
  * Create a health tracker for a tab. Attaches to Playwright page events.
- * Tracks: crashes, page errors, console errors, request failures,
- * dialog storms, redirect depth, HTTP status histogram, frame count.
+ * Tracks: crashes, page errors, request failures, redirect status codes,
+ * HTTP status histogram (4xx+), and anti-bot challenge detection.
  * All count-based — no URLs or content stored.
  */
 export function createTabHealthTracker(page) {
   const health = {
     crashes: 0,
     pageErrors: 0,
-    consoleErrors: 0,
     requestFailures: 0,
-    dialogCount: 0,
+    inflightRequests: 0,
     maxRedirectDepth: 0,
-    statusCounts: {},     // { 403: 5, 429: 2, ... }
-    frameCount: 0,
+    redirectStatusCodes: [],  // status codes in redirect chain, e.g. [301, 302, 403]
+    statusCounts: {},         // { 403: 5, 429: 2, ... }
+    botDetection: null,       // { detected, provider, httpStatus } from last nav response
+    lastNavResponseSize: 0,
     _redirectDepth: 0,
   };
 
@@ -319,13 +356,15 @@ export function createTabHealthTracker(page) {
   // Uncaught JS exceptions on the page
   page.on('pageerror', () => { health.pageErrors++; });
 
-  // Console errors (rate, not content)
-  page.on('console', (msg) => {
-    if (msg.type() === 'error') health.consoleErrors++;
+  // Failed requests (blocked, DNS failure, etc.) + decrement in-flight counter
+  page.on('requestfailed', () => {
+    health.requestFailures++;
+    health.inflightRequests = Math.max(0, health.inflightRequests - 1);
   });
 
-  // Failed requests (blocked, DNS failure, etc.)
-  page.on('requestfailed', () => { health.requestFailures++; });
+  // Track in-flight requests for hang diagnostics
+  page.on('request', () => { health.inflightRequests++; });
+  page.on('requestfinished', () => { health.inflightRequests = Math.max(0, health.inflightRequests - 1); });
 
   // HTTP status tracking (non-2xx only)
   page.on('response', (resp) => {
@@ -333,13 +372,12 @@ export function createTabHealthTracker(page) {
     if (s >= 400) health.statusCounts[s] = (health.statusCounts[s] || 0) + 1;
   });
 
-  // Dialog tracking (alert/confirm/prompt storms)
+  // Auto-dismiss dialogs to prevent page hangs (not tracked as a metric — noise)
   page.on('dialog', async (dialog) => {
-    health.dialogCount++;
     try { await dialog.dismiss(); } catch { /* page might be closed */ }
   });
 
-  // Redirect depth per navigation
+  // Redirect depth + status code chain per navigation
   page.on('request', (req) => {
     if (req.isNavigationRequest()) {
       if (req.redirectedFrom()) {
@@ -348,19 +386,120 @@ export function createTabHealthTracker(page) {
           health.maxRedirectDepth = health._redirectDepth;
         }
       } else {
-        health._redirectDepth = 0; // new navigation, reset
+        health._redirectDepth = 0;
+        health.redirectStatusCodes = [];
+        health.inflightRequests = 0;  // reset on new navigation to prevent drift
       }
     }
   });
 
+  // Capture redirect status codes and detect bot protection on nav responses
+  page.on('response', (resp) => {
+    try {
+      const req = resp.request();
+      if (req.isNavigationRequest()) {
+        health.redirectStatusCodes.push(resp.status());
+        health.botDetection = detectBotProtection(resp);
+        // Approximate response body size from content-length (no body read)
+        const cl = resp.headers()['content-length'];
+        if (cl) health.lastNavResponseSize = parseInt(cl, 10) || 0;
+      }
+    } catch { /* page closed */ }
+  });
+
   /** Snapshot current health counters for inclusion in reports. */
   function snapshot() {
-    try { health.frameCount = page.frames().length; } catch { /* closed */ }
     const { _redirectDepth, ...clean } = health;
     return { ...clean };
   }
 
-  return { health, snapshot };
+  /**
+   * Get document.readyState from the page. Returns null if page is unresponsive.
+   * Use a tight timeout — if the renderer is crashed, evaluate will hang.
+   */
+  async function getReadyState() {
+    try {
+      return await Promise.race([
+        page.evaluate(() => document.readyState),
+        new Promise(resolve => setTimeout(() => resolve('unresponsive'), 1000)),
+      ]);
+    } catch {
+      return 'unresponsive';
+    }
+  }
+
+  return { health, snapshot, getReadyState };
+}
+
+// ============================================================================
+// Process resource snapshot (memory, handles, FDs, browser RSS)
+// ============================================================================
+
+/**
+ * Collect process-level resource metrics. Safe to call at any time.
+ * Returns anonymized metrics — no PIDs, paths, or user data.
+ */
+export function collectResourceSnapshot(opts = {}) {
+  const mem = process.memoryUsage();
+  const snap = {
+    nodeRssMb: Math.round(mem.rss / 1048576),
+    nodeHeapUsedMb: Math.round(mem.heapUsed / 1048576),
+    nodeHeapTotalMb: Math.round(mem.heapTotal / 1048576),
+    nodeExternalMb: Math.round(mem.external / 1048576),
+    eventLoopLagMs: null,
+    activeHandles: null,
+    activeRequests: null,
+    openFds: null,
+    browserRssMb: null,
+  };
+
+  // Active libuv handles/requests (private API, guarded)
+  try { snap.activeHandles = process._getActiveHandles().length; } catch { /* unavailable */ }
+  try { snap.activeRequests = process._getActiveRequests().length; } catch { /* unavailable */ }
+
+  // Open file descriptors (Linux only)
+  try {
+    if (process.platform === 'linux') {
+      snap.openFds = fs.readdirSync('/proc/self/fd').length;
+    }
+  } catch { /* not available or permission denied */ }
+
+  // Browser process RSS (the one people miss — browser OOMs, not Node)
+  if (opts.browserPid && Number.isInteger(opts.browserPid) && opts.browserPid > 0) {
+    try {
+      if (process.platform === 'linux') {
+        const status = fs.readFileSync(`/proc/${opts.browserPid}/status`, 'utf8');
+        const match = status.match(/VmRSS:\s+(\d+)\s+kB/);
+        if (match) snap.browserRssMb = Math.round(parseInt(match[1], 10) / 1024);
+      } else if (process.platform === 'darwin') {
+        const out = execSync(`ps -o rss= -p ${opts.browserPid}`, { timeout: 1000 }).toString().trim();
+        if (out) snap.browserRssMb = Math.round(parseInt(out, 10) / 1024);
+      }
+    } catch { /* process gone or permission denied */ }
+  }
+
+  // Session/tab counts from caller
+  if (opts.sessionCount != null) snap.browserContexts = opts.sessionCount;
+  if (opts.tabCount != null) snap.activeTabs = opts.tabCount;
+
+  return snap;
+}
+
+/**
+ * Classify proxy errors from Playwright navigation error messages.
+ * Returns { proxyError: string|null, proxyTlsError: bool } — no IPs or credentials.
+ */
+export function classifyProxyError(errorMessage) {
+  if (!errorMessage || typeof errorMessage !== 'string') return { proxyError: null, proxyTlsError: false };
+  const msg = errorMessage.toUpperCase();
+  // Explicit proxy errors from Chromium/Firefox net stack
+  if (msg.includes('ERR_PROXY_CONNECTION_FAILED')) return { proxyError: 'ERR_PROXY_CONNECTION_FAILED', proxyTlsError: false };
+  if (msg.includes('ERR_TUNNEL_CONNECTION_FAILED')) return { proxyError: 'ERR_TUNNEL_CONNECTION_FAILED', proxyTlsError: false };
+  if (msg.includes('ERR_PROXY_AUTH_REQUESTED') || msg.includes('407')) return { proxyError: 'ERR_PROXY_AUTH_REQUESTED', proxyTlsError: false };
+  if (msg.includes('ERR_PROXY_CERTIFICATE_INVALID') || (msg.includes('PROXY') && msg.includes('SSL'))) return { proxyError: 'ERR_PROXY_TLS', proxyTlsError: true };
+  if (msg.includes('ECONNREFUSED') && msg.includes('PROXY')) return { proxyError: 'ECONNREFUSED', proxyTlsError: false };
+  if (msg.includes('ETIMEDOUT') && msg.includes('PROXY')) return { proxyError: 'ETIMEDOUT', proxyTlsError: false };
+  return { proxyError: null, proxyTlsError: false };
 }
 
 // ============================================================================
@@ -510,24 +649,95 @@ function formatIssueBody(type, detail) {
   const sections = [
     '> Auto-reported by ' + _GH_USER_AGENT + '. All data is anonymized.',
     '',
-    `**Type:** ${type}`,
-    `**Version:** ${detail.version || 'unknown'}`,
-    `**Node:** ${detail.nodeVersion || 'unknown'}`,
-    `**Platform:** ${detail.platform || 'unknown'}`,
-    `**Uptime:** ${detail.uptimeMinutes != null ? detail.uptimeMinutes + ' min' : 'unknown'}`,
+    '## Environment',
+    `- **version:** ${detail.version || 'unknown'}`,
+    `- **node:** ${detail.nodeVersion || 'unknown'}`,
+    `- **platform:** ${detail.platform || 'unknown'}`,
+    `- **uptime:** ${detail.uptimeMinutes != null ? detail.uptimeMinutes + ' min' : 'unknown'}`,
   ];
 
+  // Resource snapshot (memory, handles, browser RSS)
+  const r = detail.resources;
+  if (r) {
+    sections.push('', '## Resources');
+    sections.push(`- **node RSS:** ${r.nodeRssMb ?? '?'} MB`);
+    sections.push(`- **node heap:** ${r.nodeHeapUsedMb ?? '?'} / ${r.nodeHeapTotalMb ?? '?'} MB`);
+    if (r.browserRssMb != null) sections.push(`- **browser RSS:** ${r.browserRssMb} MB`);
+    if (r.browserContexts != null) sections.push(`- **browser contexts:** ${r.browserContexts}`);
+    if (r.activeTabs != null) sections.push(`- **active tabs:** ${r.activeTabs}`);
+    if (r.openFds != null) sections.push(`- **open FDs:** ${r.openFds}`);
+    if (r.activeHandles != null) sections.push(`- **active handles:** ${r.activeHandles}`);
+    if (r.eventLoopLagMs != null) sections.push(`- **event loop lag:** ${r.eventLoopLagMs} ms`);
+  }
+
+  // Error info
+  if (detail.signal) sections.push('', `**Signal:** ${detail.signal}`);
+  if (detail.activeRoute) sections.push(`**Active route:** ${detail.activeRoute}`);
   if (detail.message) {
-    sections.push('', '### Error', '```', anonymize(detail.message), '```');
+    sections.push('', '## Error', '```', anonymize(detail.message), '```');
   }
   if (detail.stack) {
-    sections.push('', '### Stack Trace', '```', anonymize(detail.stack), '```');
+    sections.push('', '## Stack Trace', '```', anonymize(detail.stack), '```');
+  }
+
+  // Hang-specific details
+  if (detail.hang) {
+    const h = detail.hang;
+    sections.push('', '## Hang Details');
+    sections.push(`- **operation:** ${h.operation}`);
+    sections.push(`- **duration:** ${Math.round(h.durationMs / 1000)}s`);
+    if (h.lockQueueMs != null) sections.push(`- **lock queue wait:** ${Math.round(h.lockQueueMs)}ms`);
+    if (h.documentReadyState) sections.push(`- **document.readyState:** ${h.documentReadyState}`);
+    if (h.inflightRequests != null) sections.push(`- **in-flight requests:** ${h.inflightRequests}`);
+  }
+
+  // Anti-bot detection
+  if (detail.botDetection?.detected) {
+    const b = detail.botDetection;
+    sections.push('', '## Anti-Bot Detection');
+    sections.push(`- **provider:** ${b.provider || 'unknown'}`);
+    sections.push(`- **HTTP status:** ${b.httpStatus || '?'}`);
+    if (b.responseBodySizeKb != null) sections.push(`- **response size:** ${b.responseBodySizeKb} KB`);
+    if (b.redirectChainLength != null) sections.push(`- **redirect chain:** ${b.redirectChainLength} hops`);
+    if (b.redirectStatusCodes?.length) sections.push(`- **redirect statuses:** ${b.redirectStatusCodes.join(' → ')}`);
   }
-  if (detail.context) {
-    sections.push('', '### Context', '```', anonymize(JSON.stringify(detail.context, null, 2)), '```');
+
+  // Proxy info (safe fields only — no IPs, credentials, or hostnames)
+  if (detail.proxy) {
+    const p = detail.proxy;
+    sections.push('', '## Proxy');
+    sections.push(`- **configured:** ${p.configured}`);
+    if (p.configured) {
+      if (p.type) sections.push(`- **type:** ${p.type}`);
+      sections.push(`- **auth configured:** ${p.authConfigured ?? 'unknown'}`);
+      if (p.error) sections.push(`- **error:** ${p.error}`);
+      if (p.tlsError) sections.push(`- **TLS error:** yes`);
+    }
+  }
+
+  // Stall-specific details
+  if (detail.stall) {
+    const s = detail.stall;
+    sections.push('', '## Stall Details');
+    sections.push(`- **stall duration:** ${Math.round(s.driftMs / 1000)}s`);
+    if (s.classification) sections.push(`- **classification:** ${s.classification}`);
+    if (s.cpuElapsedS != null) sections.push(`- **CPU time during stall:** ${s.cpuElapsedS}s`);
+    if (s.cpuRatio != null) sections.push(`- **CPU/wall ratio:** ${s.cpuRatio}`);
+    if (s.sigcontInWindow != null) sections.push(`- **SIGCONT in window:** ${s.sigcontInWindow}`);
+    if (s.hrtimeWallDriftS != null) sections.push(`- **hrtime↔wall drift:** ${s.hrtimeWallDriftS}s`);
+    if (s.eventLoopDelay) {
+      const eld = s.eventLoopDelay;
+      sections.push(`- **event loop delay:** p50=${eld.p50Ms}ms p99=${eld.p99Ms}ms max=${eld.maxMs}ms`);
+    }
+    if (s.lastRoute) sections.push(`- **last route:** ${s.lastRoute}`);
+    if (s.activeHandles != null) sections.push(`- **active handles:** ${s.activeHandles}`);
+    if (s.activeRequests != null) sections.push(`- **active requests:** ${s.activeRequests}`);
+    if (s.heapDeltaMb != null) sections.push(`- **heap delta:** ${s.heapDeltaMb > 0 ? '+' : ''}${s.heapDeltaMb} MB`);
   }
-  if (detail.metrics) {
-    sections.push('', '### Metrics', '```json', JSON.stringify(detail.metrics, null, 2), '```');
+
+  // Context (misc extra data)
+  if (detail.context && Object.keys(detail.context).length > 0) {
+    sections.push('', '<details><summary>Context</summary>', '', '```json', anonymize(JSON.stringify(detail.context, null, 2)), '```', '', '</details>');
   }
 
   return sections.join('\n');
@@ -539,6 +749,14 @@ function formatCommentBody(type, detail) {
     `**+1** — ${ts}`,
     `Version: ${detail.version || 'unknown'}, Uptime: ${detail.uptimeMinutes != null ? detail.uptimeMinutes + ' min' : '?'}`,
   ];
+  // Include resource snapshot in +1 comments too
+  const r = detail.resources;
+  if (r) {
+    const parts = [`RSS: ${r.nodeRssMb ?? '?'}MB`];
+    if (r.browserRssMb != null) parts.push(`Browser: ${r.browserRssMb}MB`);
+    if (r.activeTabs != null) parts.push(`Tabs: ${r.activeTabs}`);
+    lines.push(parts.join(', '));
+  }
   if (detail.message) {
     lines.push('```', anonymize(detail.message).slice(0, 500), '```');
   }
@@ -575,9 +793,13 @@ export function createReporter(config) {
   const version = config.version || 'unknown';
 
   let watchdogInterval = null;
+  let _resetNativeMemBaseline = false; // Set by resetNativeMemBaseline(), read by watchdog
   let lastTick = Date.now();
   const inFlight = new Set();
 
+  // Track last Express route for stall reports
+  let _lastRoute = null;
+
   // No-op when disabled
   if (!enabled) {
     return {
@@ -585,6 +807,7 @@ export function createReporter(config) {
       reportHang: async () => {},
       reportStuckLoop: async () => {},
       startWatchdog: () => {},
+      trackRoute: () => {},
       stop: () => {},
       _anonymize: anonymize,
       _stackSignature: stackSignature,
@@ -592,7 +815,7 @@ export function createReporter(config) {
   }
 
   /** Core: file or deduplicate a report. NEVER throws. */
-  async function fileReport(type, label, detail) {
+  async function fileReport(type, labels, detail) {
     if (!rateLimiter.tryAcquire()) return;
 
     const reportPromise = (async () => {
@@ -619,7 +842,8 @@ export function createReporter(config) {
           platform: typeof process !== 'undefined' ? process.platform : 'unknown',
         });
 
-        await createIssue(repo, title, body, [label, 'auto-report']);
+        const issueLabels = Array.isArray(labels) ? labels : [labels, 'auto-report'];
+        await createIssue(repo, title, body, issueLabels);
       } catch {
         // Swallow — reporter must never crash the server
       }
@@ -629,19 +853,32 @@ export function createReporter(config) {
     reportPromise.finally(() => inFlight.delete(reportPromise));
   }
 
+  /**
+   * Track the last Express route for stall diagnostics.
+   * Call from middleware: reporter.trackRoute(req.method + ' ' + req.route?.path)
+   */
+  function trackRoute(route) {
+    _lastRoute = route || null;
+  }
+
   async function reportCrash(error, opts = {}) {
     const err = error instanceof Error ? error : new Error(String(error));
     const uptimeMinutes = typeof process !== 'undefined'
       ? Math.round(process.uptime() / 60) : undefined;
+    const resources = collectResourceSnapshot(opts.resourceOpts || {});
 
     await fileReport(
       opts.signal ? `signal:${opts.signal}` : (err.name || 'crash'),
-      'crash',
+      ['crash', 'auto-report'],
       {
         error: err,
         message: err.message,
         stack: err.stack,
+        signal: opts.signal || null,
+        activeRoute: _lastRoute,
         uptimeMinutes,
+        resources,
+        proxy: opts.proxy || null,
         context: opts.context,
       },
     );
@@ -650,32 +887,55 @@ export function createReporter(config) {
   async function reportHang(operation, durationMs, opts = {}) {
     const uptimeMinutes = typeof process !== 'undefined'
       ? Math.round(process.uptime() / 60) : undefined;
+    const resources = collectResourceSnapshot(opts.resourceOpts || {});
 
-    // Create per-report URL anonymizer (fresh salt each time)
-    const urlAnon = createUrlAnonymizer();
-    const context = { operation, durationMs, ...opts.context };
-
-    // Anonymize any URLs in the journal
+    // Build lean context (journal only, no redundant fields)
+    const context = { ...opts.context };
     if (context.journal) {
-      context.journal = context.journal.map(j => {
-        if (typeof j === 'string') return j; // already "type:action" format
-        return j;
-      });
+      context.journal = context.journal.map(j => typeof j === 'string' ? j : j);
+    }
+    // Remove fields that now have dedicated sections
+    delete context.operation;
+    delete context.durationMs;
+
+    // Anti-bot detection from health snapshot
+    const healthSnap = opts.healthSnapshot;
+    const botDetection = healthSnap?.botDetection?.detected ? {
+      ...healthSnap.botDetection,
+      responseBodySizeKb: healthSnap.lastNavResponseSize
+        ? Math.round(healthSnap.lastNavResponseSize / 1024) : null,
+      redirectChainLength: healthSnap.redirectStatusCodes?.length || null,
+      redirectStatusCodes: healthSnap.redirectStatusCodes?.length
+        ? healthSnap.redirectStatusCodes : null,
+    } : null;
+
+    // Get document.readyState if healthTracker provided
+    let documentReadyState = null;
+    if (opts.healthTracker?.getReadyState) {
+      documentReadyState = await opts.healthTracker.getReadyState();
     }
-    // Include anonymized URL if provided
-    if (opts.url) context.url = urlAnon.anonymizeUrl(opts.url);
-    if (opts.redirectChain) context.redirectChain = urlAnon.anonymizeChain(opts.redirectChain);
 
-    // Include tab health snapshot if provided
-    if (opts.healthSnapshot) context.health = opts.healthSnapshot;
+    const labels = ['hang', 'auto-report'];
+    if (botDetection?.detected) labels.push('bot-detection');
 
     await fileReport(
       `hang:${operation}`,
-      'hang',
+      labels,
       {
         message: `Operation "${operation}" hung for ${Math.round(durationMs / 1000)}s`,
         stack: opts.error?.stack,
+        activeRoute: _lastRoute,
         uptimeMinutes,
+        resources,
+        hang: {
+          operation,
+          durationMs,
+          lockQueueMs: opts.lockQueueMs ?? null,
+          documentReadyState,
+          inflightRequests: healthSnap?.inflightRequests ?? null,
+        },
+        botDetection,
+        proxy: opts.proxy || null,
         context,
       },
     );
@@ -684,13 +944,15 @@ export function createReporter(config) {
   async function reportStuckLoop(durationMs, opts = {}) {
     const uptimeMinutes = typeof process !== 'undefined'
       ? Math.round(process.uptime() / 60) : undefined;
+    const resources = collectResourceSnapshot(opts.resourceOpts || {});
 
     await fileReport(
       'stuck:tab-lock',
-      'stuck',
+      ['stuck', 'auto-report'],
       {
         message: `Tab lock held for ${Math.round(durationMs / 1000)}s (tab destroyed)`,
         uptimeMinutes,
+        resources,
         context: { durationMs, ...opts.context },
       },
     );
@@ -701,21 +963,186 @@ export function createReporter(config) {
 
     const checkMs = 1000;
     lastTick = Date.now();
+    let lastCpuUsage = process.cpuUsage();
+    let lastHrtime = process.hrtime.bigint();
+    let lastHeapUsed = process.memoryUsage().heapUsed;
+
+    // --- Native memory leak tracking ---
+    // Track RSS minus JS heap over time to detect native/external memory leaks.
+    // Sample every 30s, alert if native memory grows by >200MB from baseline.
+    let nativeMemBaseline = null; // RSS - heapUsed at first measurement
+    let nativeMemHighWater = 0;
+    let lastNativeMemCheck = 0;
+    const NATIVE_MEM_CHECK_INTERVAL_MS = 30_000;
+    const NATIVE_MEM_LEAK_THRESHOLD_MB = 200; // alert if native mem exceeds baseline by this much
+    let nativeMemAlertFired = false;
+
+    // SIGCONT detection — macOS sends SIGCONT on wake from sleep/suspend
+    let lastSigcont = 0;
+    try { process.on('SIGCONT', () => { lastSigcont = Date.now(); }); } catch { /* unavailable */ }
+
+    // Event loop delay histogram (perf_hooks) — correlating evidence
+    let elHistogram = null;
+    try {
+      elHistogram = monitorEventLoopDelay({ resolution: 20 });
+      elHistogram.enable();
+    } catch { /* unavailable */ }
+
+    // Suppress false positives from OS sleep/suspend (laptop lid close, VM pause).
+    // Stalls > 120s are almost certainly not event-loop bugs.
+    const MAX_REPORTABLE_DRIFT_MS = 120_000;
+    let suppressTicksRemaining = 0;
+    const SUPPRESS_TICKS_AFTER_WAKE = 5;
 
     watchdogInterval = setInterval(() => {
       const now = Date.now();
       const drift = now - lastTick - checkMs;
+      const cpuDelta = process.cpuUsage(lastCpuUsage);
+      const hrtimeNow = process.hrtime.bigint();
+      const hrtimeDeltaMs = Number(hrtimeNow - lastHrtime) / 1e6;
+
       lastTick = now;
+      lastCpuUsage = process.cpuUsage();
+      lastHrtime = hrtimeNow;
+
+      // After a long sleep/suspend, suppress the next few ticks (post-wake jitter)
+      if (drift > MAX_REPORTABLE_DRIFT_MS) {
+        suppressTicksRemaining = SUPPRESS_TICKS_AFTER_WAKE;
+        lastHeapUsed = process.memoryUsage().heapUsed;
+        return;
+      }
+      if (suppressTicksRemaining > 0) {
+        suppressTicksRemaining--;
+        lastHeapUsed = process.memoryUsage().heapUsed;
+        return;
+      }
+
+      // --- Native memory leak detection (runs every ~30s) ---
+      if (now - lastNativeMemCheck >= NATIVE_MEM_CHECK_INTERVAL_MS) {
+        lastNativeMemCheck = now;
+        try {
+          // Check if baseline should be reset (e.g. after browser close)
+          if (_resetNativeMemBaseline) {
+            nativeMemBaseline = null;
+            nativeMemHighWater = 0;
+            nativeMemAlertFired = false;
+            _resetNativeMemBaseline = false;
+          }
+          const mem = process.memoryUsage();
+          const nativeMemMb = Math.round((mem.rss - mem.heapUsed) / 1048576);
+          if (nativeMemBaseline === null) {
+            nativeMemBaseline = nativeMemMb;
+          }
+          nativeMemHighWater = Math.max(nativeMemHighWater, nativeMemMb);
+          const growth = nativeMemMb - nativeMemBaseline;
+
+          if (growth > NATIVE_MEM_LEAK_THRESHOLD_MB && !nativeMemAlertFired) {
+            nativeMemAlertFired = true;
+            let extra = {};
+            try { if (getContext) extra = getContext(); } catch { /* swallow */ }
+            const resources = collectResourceSnapshot(extra.resourceOpts || {});
+            delete extra.resourceOpts;
+
+            fileReport('leak:native-memory', ['auto-report', 'memory-leak'], {
+              message: `Native memory grew by ${growth}MB (baseline: ${nativeMemBaseline}MB, current: ${nativeMemMb}MB, high-water: ${nativeMemHighWater}MB)`,
+              uptimeMinutes: Math.round(process.uptime() / 60),
+              resources,
+              nativeMemory: {
+                baselineMb: nativeMemBaseline,
+                currentMb: nativeMemMb,
+                highWaterMb: nativeMemHighWater,
+                growthMb: growth,
+                rssMb: Math.round(mem.rss / 1048576),
+                heapUsedMb: Math.round(mem.heapUsed / 1048576),
+                externalMb: Math.round(mem.external / 1048576),
+              },
+              context: extra,
+            });
+          }
+        } catch { /* swallow */ }
+      }
 
       if (drift > thresholdMs) {
+        // CPU time consumed during the stall interval (user + system, in seconds)
+        const cpuElapsedS = (cpuDelta.user + cpuDelta.system) / 1e6;
+        const wallElapsedS = drift / 1000;
+        const cpuRatio = wallElapsedS > 0 ? cpuElapsedS / wallElapsedS : 0;
+
+        // SIGCONT within the stall window = OS sleep/resume
+        const sigcontInWindow = lastSigcont > 0 && (now - lastSigcont) < drift + 2000;
+
+        // hrtime vs wall clock drift (macOS: hrtime doesn't advance during sleep)
+        const hrtimeWallDriftS = Math.abs((drift - (hrtimeDeltaMs - checkMs))) / 1000;
+
+        // Classify: sleep vs real stall
+        let classification;
+        if (cpuRatio < 0.01 && sigcontInWindow) classification = 'sleep';
+        else if (cpuRatio < 0.001) classification = 'likely_sleep';
+        else if (cpuRatio < 0.01) classification = 'likely_sleep';
+        else if (cpuRatio > 0.1) classification = 'real_stall';
+        else classification = 'ambiguous';
+
+        // Don't file reports for definitive sleep
+        if (classification === 'sleep') {
+          lastHeapUsed = process.memoryUsage().heapUsed;
+          return;
+        }
+
+        // Capture heap delta during stall (GC indicator)
+        const currentHeap = process.memoryUsage().heapUsed;
+        const heapDeltaMb = Math.round((currentHeap - lastHeapUsed) / 1048576);
+        lastHeapUsed = currentHeap;
+
         let extra = {};
         try { if (getContext) extra = getContext(); } catch { /* swallow */ }
-        fileReport('stuck:event-loop', 'stuck', {
+
+        const resources = collectResourceSnapshot(extra.resourceOpts || {});
+        // Remove resourceOpts from extra so it doesn't end up in context
+        delete extra.resourceOpts;
+
+        // Event loop delay histogram snapshot
+        let elDelay = null;
+        if (elHistogram) {
+          try {
+            elDelay = {
+              p50Ms: Math.round(elHistogram.percentile(50) / 1e6),
+              p99Ms: Math.round(elHistogram.percentile(99) / 1e6),
+              maxMs: Math.round(elHistogram.max / 1e6),
+            };
+            elHistogram.reset();
+          } catch { /* unavailable */ }
+        }
+
+        const labels = ['stuck', 'auto-report'];
+        if (classification === 'likely_sleep') labels.push('likely-sleep');
+
+        fileReport('stuck:event-loop', labels, {
           message: `Event loop stalled for ${Math.round(drift / 1000)}s (threshold: ${Math.round(thresholdMs / 1000)}s)`,
           uptimeMinutes: typeof process !== 'undefined'
             ? Math.round(process.uptime() / 60) : undefined,
-          context: { driftMs: drift, thresholdMs, ...extra },
+          resources,
+          stall: {
+            driftMs: drift,
+            thresholdMs,
+            classification,
+            cpuElapsedS: Math.round(cpuElapsedS * 1000) / 1000,
+            cpuRatio: Math.round(cpuRatio * 10000) / 10000,
+            sigcontInWindow,
+            hrtimeWallDriftS: Math.round(hrtimeWallDriftS * 100) / 100,
+            eventLoopDelay: elDelay,
+            lastRoute: _lastRoute,
+            activeHandles: resources.activeHandles,
+            activeRequests: resources.activeRequests,
+            heapDeltaMb,
+            nativeMemGrowthMb: nativeMemBaseline !== null
+              ? Math.round((resources.nodeRssMb - resources.nodeHeapUsedMb) - nativeMemBaseline)
+              : null,
+            nativeMemBaselineMb: nativeMemBaseline,
+          },
+          context: extra,
         });
+      } else {
+        lastHeapUsed = process.memoryUsage().heapUsed;
       }
     }, checkMs);
 
@@ -730,12 +1157,24 @@ export function createReporter(config) {
     return Promise.allSettled([...inFlight]);
   }
 
+  /**
+   * Reset native memory baseline. Call after browser close so the next
+   * browser session measures from a fresh baseline, not the old one.
+   */
+  function resetNativeMemBaseline() {
+    // These are closure vars in startWatchdog — we need to reach them.
+    // Since this runs in the same module, we set a flag the watchdog reads.
+    _resetNativeMemBaseline = true;
+  }
+
   return {
     reportCrash,
     reportHang,
     reportStuckLoop,
     startWatchdog,
+    trackRoute,
     stop,
+    resetNativeMemBaseline,
     _anonymize: anonymize,
     _stackSignature: stackSignature,
     _rateLimiter: rateLimiter,

package/lib/tmp-cleanup.js

@@ -1,11 +1,17 @@
 import fs from 'fs';
 import path from 'path';
+import os from 'os';
 
 const ORPHAN_PATTERNS = [
   /^\.fea5[a-f0-9]+\.so$/,
   /^\.5ef7[a-f0-9]+\.node$/,
 ];
 
+// Firefox temp profile directories created by Playwright/Camoufox
+const FIREFOX_PROFILE_PATTERN = /^playwright_firefoxdev_profile-/;
+// Camoufox also creates these
+const CAMOUFOX_TMP_PATTERN = /^camoufox[-_]/;
+
 export function cleanupOrphanedTempFiles({ tmpDir, minAgeMs = 5 * 60 * 1000, now = Date.now() } = {}) {
   const result = { scanned: 0, removed: 0, bytes: 0, skipped: 0 };
   if (!tmpDir) return result;
@@ -38,3 +44,65 @@ export function cleanupOrphanedTempFiles({ tmpDir, minAgeMs = 5 * 60 * 1000, now
 
   return result;
 }
+
+/**
+ * Clean up stale Firefox/Camoufox temp profile directories.
+ * These accumulate when browser.close() doesn't fully clean up
+ * (especially with enable_cache: true). Each profile can be 10-100MB+.
+ *
+ * Only removes profiles older than minAgeMs (default 2 minutes)
+ * to avoid killing profiles belonging to an actively launching browser.
+ */
+export function cleanupStaleFirefoxProfiles({ tmpDir, minAgeMs = 2 * 60 * 1000, now = Date.now() } = {}) {
+  const dir = tmpDir || os.tmpdir();
+  const result = { scanned: 0, removed: 0, bytes: 0, skipped: 0 };
+
+  let entries;
+  try {
+    entries = fs.readdirSync(dir);
+  } catch {
+    return result;
+  }
+
+  for (const name of entries) {
+    if (!FIREFOX_PROFILE_PATTERN.test(name) && !CAMOUFOX_TMP_PATTERN.test(name)) continue;
+    result.scanned++;
+    const full = path.join(dir, name);
+    try {
+      const st = fs.statSync(full);
+      if (!st.isDirectory()) continue;
+      if (now - st.mtimeMs < minAgeMs) {
+        result.skipped++;
+        continue;
+      }
+      // Calculate directory size before removing
+      const dirBytes = _dirSizeSync(full);
+      fs.rmSync(full, { recursive: true, force: true, maxRetries: 3 });
+      result.removed++;
+      result.bytes += dirBytes;
+    } catch {
+      // directory vanished, permission denied, or in-use — skip
+    }
+  }
+
+  return result;
+}
+
+/** Recursively calculate directory size (best effort, fast). */
+function _dirSizeSync(dirPath) {
+  let total = 0;
+  try {
+    const entries = fs.readdirSync(dirPath, { withFileTypes: true });
+    for (const entry of entries) {
+      const full = path.join(dirPath, entry.name);
+      try {
+        if (entry.isDirectory()) {
+          total += _dirSizeSync(full);
+        } else {
+          total += fs.statSync(full).size;
+        }
+      } catch { /* skip */ }
+    }
+  } catch { /* skip */ }
+  return total;
+}

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "camofox-browser",
   "name": "Camofox Browser",
   "description": "Anti-detection browser automation for AI agents using Camoufox (Firefox-based)",
-  "version": "1.7.1",
+  "version": "1.7.3",
   "configSchema": {
     "type": "object",
     "properties": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askjo/camofox-browser",
-  "version": "1.7.1",
+  "version": "1.7.3",
   "description": "Headless browser automation server and OpenClaw plugin for AI agents - anti-detection, element refs, and session isolation",
   "type": "module",
   "main": "server.js",
@@ -62,7 +62,7 @@
     "plugin": "node scripts/plugin.js",
     "generate-openapi": "node scripts/generate-openapi.js",
     "version:sync": "node scripts/sync-version.js",
-    "version": "node scripts/sync-version.js && git add openclaw.plugin.json",
+    "version": "node scripts/sync-version.js && node scripts/generate-openapi.js && git add openclaw.plugin.json openapi.json",
     "postinstall": "npx camoufox-js fetch || true"
   },
   "dependencies": {

package/server.js

@@ -31,9 +31,9 @@ import {
   startMemoryReporter, stopMemoryReporter,
 } from './lib/metrics.js';
 import { actionFromReq, classifyError } from './lib/request-utils.js';
-import { cleanupOrphanedTempFiles } from './lib/tmp-cleanup.js';
+import { cleanupOrphanedTempFiles, cleanupStaleFirefoxProfiles } from './lib/tmp-cleanup.js';
 import { coalesceInflight } from './lib/inflight.js';
-import { createReporter, createTabHealthTracker } from './lib/reporter.js';
+import { createReporter, createTabHealthTracker, collectResourceSnapshot, classifyProxyError } from './lib/reporter.js';
 import { mountDocs } from './lib/openapi.js';
 
 const CONFIG = loadConfig();
@@ -42,18 +42,32 @@ const CONFIG = loadConfig();
 import { readFileSync } from 'fs';
 const _pkgVersion = (() => { try { return JSON.parse(readFileSync(new URL('./package.json', import.meta.url), 'utf8')).version; } catch { return 'unknown'; } })();
 const reporter = createReporter({ ...CONFIG, version: _pkgVersion });
+function _countTabs() {
+  let total = 0;
+  for (const session of sessions.values()) {
+    for (const group of session.tabGroups.values()) total += group.size;
+  }
+  return total;
+}
+function _browserPid() {
+  try { return browser?.process?.()?.pid ?? null; } catch { return null; }
+}
+function _resourceOpts() {
+  return { sessionCount: sessions.size, tabCount: _countTabs(), browserPid: _browserPid() };
+}
 reporter.startWatchdog(5000, () => {
   const summary = [];
-  for (const [userId, session] of sessions) {
-    const urls = [];
-    for (const group of session.tabGroups.values()) {
-      for (const tab of group.values()) {
-        try { if (tab.page) urls.push(tab.page.url()); } catch {}
-      }
+  for (const [sid, session] of sessions) {
+    const tabUrls = [];
+    for (const [tid, tab] of session.tabs) {
+      try {
+        const url = tab.page?.url?.() || 'unknown';
+        tabUrls.push(url);
+      } catch { tabUrls.push('error'); }
     }
-    summary.push({ userId, urls });
+    if (tabUrls.length > 0) summary.push({ session: sid, tabs: tabUrls.length, urls: tabUrls });
   }
-  return { sessions: sessions.size, summary };
+  return { resourceOpts: _resourceOpts(), sessions: summary.length, summary };
 });
 
 // --- Plugin event bus ---
@@ -101,6 +115,7 @@ app.use((req, res, next) => {
   }
 
   const action = actionFromReq(req);
+  reporter.trackRoute(`${req.method} ${req.route?.path || '[unmatched]'}`);
   const done = requestDuration.startTimer({ action });
 
   const origEnd = res.end.bind(res);
@@ -345,6 +360,8 @@ app.post('/sessions/:userId/cookies', express.json({ limit: '512kb' }), async (r
 });
 
 let browser = null;
+let _lastBrowserPid = null; // Track PID independently for force-kill after close
+let _browserClosePromise = null; // Shared promise for concurrent close serialization
 // userId -> { context, tabGroups: Map<sessionKey, Map<tabId, TabState>>, lastAccess }
 // TabState = { page, refs: Map<refId, {role, name, nth}>, visitedUrls: Set, downloads: Array, toolCalls: number }
 // Note: sessionKey was previously called listItemId - both are accepted for backward compatibility
@@ -531,9 +548,7 @@ function scheduleBrowserIdleShutdown() {
     browserIdleTimer = setTimeout(async () => {
       if (sessions.size === 0 && browser) {
         log('info', 'browser idle shutdown (no sessions)');
-        const b = browser;
-        browser = null;
-        await b.close().catch(() => {});
+        await closeBrowserFully('idle_shutdown');
       }
     }, BROWSER_IDLE_TIMEOUT_MS);
   }
@@ -587,10 +602,7 @@ async function restartBrowser(reason) {
   pluginEvents.emit('browser:restart', { reason });
   try {
     await closeAllSessions(`browser_restart:${reason}`, { clearDownloads: true, clearLocks: true });
-    if (browser) {
-      await browser.close().catch(() => {});
-      browser = null;
-    }
+    await closeBrowserFully(`browser_restart:${reason}`);
     pluginEvents.emit('browser:closed', { reason });
     browserLaunchPromise = null;
     await ensureBrowser();
@@ -656,6 +668,167 @@ function attachBrowserCleanup(candidateBrowser, localVirtualDisplay) {
   };
 }
 
+/**
+ * Close browser with full process-tree cleanup. Handles the race where
+ * browser.close() fails/hangs but process tree survives.
+ *
+ * Serialized: concurrent callers await the same promise (no double-close).
+ *
+ * Order: capture PID → close browser → force-kill survivors →
+ * clean temp profiles → verify FD/handle drop.
+ */
+async function closeBrowserFully(reason) {
+  if (_browserClosePromise) return _browserClosePromise;
+  _browserClosePromise = _closeBrowserFullyImpl(reason);
+  try {
+    return await _browserClosePromise;
+  } finally {
+    _browserClosePromise = null;
+  }
+}
+
+async function _closeBrowserFullyImpl(reason) {
+  const b = browser;
+  if (!b) return;
+
+  // Capture PID before nulling browser ref — we need it for force-kill
+  const pid = _lastBrowserPid;
+  const preCloseFds = _countOpenFds();
+  const preCloseHandles = _countActiveHandles();
+
+  // Null the ref so new requests don't use a dying browser
+  browser = null;
+  _lastBrowserPid = null;
+
+  // Close through Playwright (sends CDP Browser.close, then SIGKILL process group)
+  let closeTimer;
+  try {
+    await Promise.race([
+      b.close(),
+      new Promise((_, reject) => { closeTimer = setTimeout(() => reject(new Error('browser.close() timeout')), 10000); }),
+    ]);
+  } catch (err) {
+    log('warn', 'browser.close() failed or timed out', { reason, error: err.message, pid });
+  } finally {
+    clearTimeout(closeTimer);
+  }
+
+  // Force-kill the entire process tree if any survivors
+  if (pid) {
+    await _forceKillProcessTree(pid, reason);
+  }
+
+  // Clean up stale Firefox temp profiles (enable_cache: true accumulates data)
+  try {
+    const cleaned = cleanupStaleFirefoxProfiles();
+    if (cleaned.removed > 0) {
+      log('info', 'cleaned stale firefox profiles after browser close', cleaned);
+    }
+  } catch { /* best effort */ }
+
+  // Reset native memory baseline so next browser measures from fresh
+  reporter.resetNativeMemBaseline();
+
+  // Verify cleanup: check FD/handle counts dropped (after force-kill completes)
+  const postCloseFds = _countOpenFds();
+  const postCloseHandles = _countActiveHandles();
+  if (postCloseFds !== null && preCloseFds !== null) {
+    const fdDelta = postCloseFds - preCloseFds;
+    // After close we expect fewer FDs. If more leaked, warn.
+    if (fdDelta > 10) {
+      log('warn', 'FD leak detected after browser close', {
+        reason, preCloseFds, postCloseFds, delta: fdDelta,
+        preCloseHandles, postCloseHandles,
+      });
+    }
+  }
+  log('info', 'browser closed fully', {
+    reason, pid, preCloseFds, postCloseFds, preCloseHandles, postCloseHandles,
+  });
+}
+
+/**
+ * Force-kill a browser process tree by PID. On Linux, kills the process group
+ * (SIGKILL -pid) then scans /proc for any orphaned children.
+ */
+async function _forceKillProcessTree(pid, reason) {
+  if (!pid || pid <= 1) return;
+
+  // Kill the specific browser process first (positive PID = single process)
+  try {
+    process.kill(pid, 'SIGKILL');
+    log('info', 'sent SIGKILL to browser process', { pid, reason });
+  } catch (err) {
+    if (err.code !== 'ESRCH') {
+      log('warn', 'failed to kill browser process', { pid, error: err.message });
+    }
+  }
+
+  // Then try the process group (Playwright launches with detached:true on Linux,
+  // making the browser a process group leader)
+  try {
+    process.kill(-pid, 'SIGKILL');
+  } catch {
+    // ESRCH = group doesn't exist (browser wasn't a group leader), which is fine
+  }
+
+  // Wait for kernel to reparent children to PID 1 before scanning
+  await new Promise(r => setTimeout(r, 200));
+
+  // On Linux: scan /proc for orphaned children that escaped the process group
+  // (reparented to PID 1 by init/systemd, common with Firefox content processes).
+  // Also checks PPid === Node PID for containerized environments without init.
+  if (process.platform === 'linux') {
+    const myPid = process.pid;
+    // Snapshot the current browser PID to avoid killing a newly launched browser
+    const currentBrowserPid = _lastBrowserPid;
+    try {
+      const procDirs = fs.readdirSync('/proc').filter(d => /^\d+$/.test(d));
+      const orphans = [];
+      for (const procPid of procDirs) {
+        const numPid = parseInt(procPid);
+        // Never kill ourselves, the old PID (already killed), or the new browser
+        if (numPid === myPid || numPid === pid || numPid === currentBrowserPid) continue;
+        try {
+          const status = fs.readFileSync(`/proc/${procPid}/status`, 'utf8');
+          const ppidMatch = status.match(/PPid:\s+(\d+)/);
+          const ppid = ppidMatch ? parseInt(ppidMatch[1]) : -1;
+          // Orphaned to init (PID 1) or reparented to us (Node is PID 1 in containers)
+          if (ppid === 1 || ppid === myPid) {
+            const cmdline = fs.readFileSync(`/proc/${procPid}/cmdline`, 'utf8');
+            // Firefox-specific: binary name or Gecko child process marker
+            if (/firefox-esr|firefox|camoufox|libxul\.so|GeckoChildProcess/i.test(cmdline)) {
+              orphans.push(numPid);
+            }
+          }
+        } catch { /* process vanished or permission denied */ }
+      }
+      if (orphans.length > 0) {
+        log('warn', 'killing orphaned browser child processes', { orphans, reason });
+        for (const orphanPid of orphans) {
+          try { process.kill(orphanPid, 'SIGKILL'); } catch { /* already dead */ }
+        }
+      }
+    } catch (err) {
+      log('warn', 'failed to scan for orphaned browser processes', { error: err.message });
+    }
+  }
+
+  // Give the OS a moment to reclaim resources
+  await new Promise(r => setTimeout(r, 300));
+}
+
+function _countOpenFds() {
+  try {
+    if (process.platform === 'linux') return fs.readdirSync('/proc/self/fd').length;
+  } catch { /* unavailable */ }
+  return null;
+}
+
+function _countActiveHandles() {
+  try { return process._getActiveHandles().length; } catch { return null; }
+}
+
 async function launchBrowserInstance() {
   const hostOS = getHostOS();
   const maxAttempts = proxyPool?.launchRetries ?? 1;
@@ -734,7 +907,8 @@ async function launchBrowserInstance() {
 
       virtualDisplay = localVirtualDisplay;
       browserLaunchProxy = launchProxy;
-      browser = candidateBrowser;
+      _lastBrowserPid = candidateBrowser.process?.()?.pid ?? null;
+      browser = candidateBrowser; // publish AFTER PID is captured
       attachBrowserCleanup(browser, localVirtualDisplay);
       pluginEvents.emit('browser:launched', { browser, display: vdDisplay });
 
@@ -771,13 +945,7 @@ async function ensureBrowser() {
       deadSessions: sessions.size,
     });
     await closeAllSessions('browser_disconnected', { clearDownloads: true, clearLocks: true });
-    // Clean up virtual display from dead browser before relaunching
-    if (virtualDisplay) {
-      virtualDisplay.kill();
-      virtualDisplay = null;
-    }
-    browserLaunchProxy = null;
-    browser = null;
+    await closeBrowserFully('browser_disconnected');
   }
   if (browser) return browser;
   if (browserLaunchPromise) return browserLaunchPromise;
@@ -1033,10 +1201,19 @@ function handleRouteError(err, req, res, extraFields = {}) {
       if (ts.failureJournal.length > 20) ts.failureJournal = ts.failureJournal.slice(-20);
 
       if (ts.consecutiveFailures === 3) {
+        const _proxyErr = classifyProxyError(err?.message);
         reporter.reportHang(action, req.startTime ? Date.now() - req.startTime : 0, {
           error: err,
-          url: ts.lastRequestedUrl || undefined,
           healthSnapshot: ts.healthTracker ? ts.healthTracker.snapshot() : undefined,
+          healthTracker: ts.healthTracker || null,
+          resourceOpts: _resourceOpts(),
+          proxy: proxyPool ? {
+            configured: true,
+            type: proxyPool.mode || null,
+            authConfigured: !!CONFIG.proxy?.username,
+            error: _proxyErr.proxyError,
+            tlsError: _proxyErr.proxyTlsError,
+          } : { configured: false },
           context: {
             failureType,
             consecutiveFailures: ts.consecutiveFailures,
@@ -1717,6 +1894,10 @@ app.get('/health', (req, res) => {
       ...(FLY_MACHINE_ID ? { machineId: FLY_MACHINE_ID } : {}),
     });
   }
+  const mem = process.memoryUsage();
+  const rssMb = Math.round(mem.rss / 1048576);
+  const heapUsedMb = Math.round(mem.heapUsed / 1048576);
+  const nativeMemMb = rssMb - heapUsedMb;
   res.json({ 
     ok: true, 
     engine: 'camoufox',
@@ -1725,6 +1906,7 @@ app.get('/health', (req, res) => {
     activeTabs: getTotalTabCount(),
     activeSessions: sessions.size,
     consecutiveFailures: healthState.consecutiveNavFailures,
+    memory: { rssMb, heapUsedMb, nativeMemMb },
     ...(FLY_MACHINE_ID ? { machineId: FLY_MACHINE_ID } : {}),
   });
 });
@@ -4377,11 +4559,8 @@ app.post('/stop', async (req, res) => {
     if (!adminKey || !timingSafeCompare(adminKey, CONFIG.adminKey)) {
       return res.status(403).json({ error: 'Forbidden' });
     }
-    if (browser) {
-      await browser.close().catch(() => {});
-      browser = null;
-    }
     await closeAllSessions('admin_stop', { clearDownloads: true, clearLocks: true });
+    await closeBrowserFully('admin_stop');
     res.json({ ok: true, stopped: true, profile: 'camoufox' });
   } catch (err) {
     res.status(500).json({ ok: false, error: safeError(err) });
@@ -4928,7 +5107,7 @@ setInterval(async () => {
 process.on('uncaughtException', (err) => {
   pluginEvents.emit('browser:error', { error: err });
   log('error', 'uncaughtException', { error: err.message, stack: err.stack });
-  reporter.reportCrash(err);
+  reporter.reportCrash(err, { resourceOpts: _resourceOpts() });
   process.exit(1);
 });
 process.on('unhandledRejection', (reason) => {
@@ -4958,7 +5137,7 @@ async function gracefulShutdown(signal) {
     clearLocks: false,
   });
 
-  if (browser) await browser.close().catch(() => {});
+  await closeBrowserFully(`shutdown:${signal}`);
   process.exit(0);
 }
 
@@ -5018,6 +5197,20 @@ const server = app.listen(PORT, async () => {
   if (tmpCleanup.removed > 0) {
     log('info', 'cleaned up orphaned camoufox temp files', tmpCleanup);
   }
+  const profileCleanup = cleanupStaleFirefoxProfiles();
+  if (profileCleanup.removed > 0) {
+    log('info', 'cleaned up stale firefox profiles on startup', profileCleanup);
+  }
+
+  // Periodic temp profile cleanup every 10 minutes
+  setInterval(() => {
+    try {
+      const cleaned = cleanupStaleFirefoxProfiles();
+      if (cleaned.removed > 0) {
+        log('info', 'periodic firefox profile cleanup', cleaned);
+      }
+    } catch { /* best effort */ }
+  }, 10 * 60 * 1000).unref();
   const traceSweep = sweepOldTraces({
     baseDir: CONFIG.tracesDir,
     ttlMs: CONFIG.tracesTtlHours * 3600 * 1000,