@web-auto/camo 0.1.22 → 0.1.24

package/README.md

@@ -176,7 +176,7 @@ camo stop --id <instanceId>
 camo stop --alias <alias>
 camo stop idle
 camo stop all
-camo status [profileId]
+camo status [profileId]                  # Show resolved per-profile session view
 camo shutdown                          # Shutdown browser-service (all sessions)
 ```
 
@@ -192,15 +192,47 @@ Set `CAMO_BRING_TO_FRONT_MODE=never` to keep protocol-level input and page lifec
 ### Lifecycle & Cleanup
 
 ```bash
-camo instances                         # List global camoufox instances (live + orphaned + idle state)
-camo sessions                          # List active browser sessions
-camo cleanup [profileId]               # Cleanup session (release lock + stop)
+camo instances                         # List resolved session view (live + registered + idle state)
+camo sessions                          # List resolved session view for all profiles
+camo cleanup [profileId]               # Cleanup only one profile (remote stop + local registry/lock/watchdog)
 camo cleanup all                       # Cleanup all active sessions
 camo cleanup locks                     # Cleanup stale lock files
-camo force-stop [profileId]            # Force stop session (for stuck sessions)
+camo force-stop [profileId]            # Force stop only one profile (no alias/id targeting)
 camo lock list                         # List active session locks
 ```
 
+Session isolation rules:
+- `profileId` is the lifecycle primary key across browser-service session, local registry, watchdog, and lock.
+- `camo start/stop/cleanup/force-stop <profileId>` only target that exact profile and must not affect other profiles.
+- `camo stop --id` and `camo stop --alias` are stop-only convenience selectors; `cleanup` and `force-stop` intentionally reject indirect targeting.
+- `camo status`, `camo sessions`, and `camo instances` share the same resolved session view fields:
+  - `live`: browser-service currently has this profile session
+  - `registered`: local registry has metadata for this profile
+  - `orphaned`: registry exists but the service session is gone
+  - `needsRecovery`: registry still says active but browser-service no longer has that profile
+
+Isolation examples:
+
+```bash
+# Observe both profiles independently
+camo sessions
+camo status finger
+camo status xhs-qa-1
+
+# Stop only finger; xhs-qa-1 must remain live
+camo stop finger
+camo status finger
+camo status xhs-qa-1
+
+# cleanup / force-stop require direct profile targeting
+camo cleanup finger
+camo force-stop finger
+
+# Invalid on purpose: indirect targeting is rejected
+camo cleanup --alias shard1
+camo force-stop --id inst_xxxxxxxx
+```
+
 ### Navigation
 
 ```bash
@@ -254,7 +286,7 @@ Recorder JSONL events include:
 camo new-page [profileId] [--url <url>]
 camo close-page [profileId] [index]
 camo switch-page [profileId] <index>
-camo list-pages [profileId]
+camo list-pages [profileId]             # Requires live=true for that profile
 ```
 
 ### Cookies

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@web-auto/camo",
-  "version": "0.1.22",
+  "version": "0.1.24",
   "description": "Camoufox Browser CLI - Cross-platform browser automation",
   "type": "module",
   "bin": {

package/src/commands/browser.mjs

@@ -7,7 +7,7 @@ import {
   getProfileWindowSize,
   setProfileWindowSize,
 } from '../utils/config.mjs';
-import { callAPI, ensureCamoufox, ensureBrowserService, getSessionByProfile, checkBrowserService } from '../utils/browser-service.mjs';
+import { callAPI, ensureCamoufox, ensureBrowserService, getSessionByProfile, checkBrowserService, getResolvedSessions } from '../utils/browser-service.mjs';
 import { resolveProfileId, ensureUrlScheme, looksLikeUrlToken, getPositionals } from '../utils/args.mjs';
 import { ensureJsExecutionEnabled } from '../utils/js-policy.mjs';
 import { acquireLock, releaseLock, cleanupStaleLocks } from '../lifecycle/lock.mjs';
@@ -298,6 +298,15 @@ async function stopAndCleanupProfile(profileId, options = {}) {
   };
 }
 
+async function loadResolvedSessions(serviceUp) {
+  if (!serviceUp) return [];
+  try {
+    return await getResolvedSessions();
+  } catch {
+    return [];
+  }
+}
+
 async function probeViewportSize(profileId) {
   try {
     const payload = await callAPI('evaluate', {
@@ -726,23 +735,17 @@ export async function handleStopCommand(args) {
   const stopIdle = target === 'idle' || args.includes('--idle');
   const stopAll = target === 'all';
   const serviceUp = await checkBrowserService();
+  const resolvedSessions = await loadResolvedSessions(serviceUp);
 
   if (stopAll) {
-    let liveSessions = [];
-    if (serviceUp) {
-      try {
-        const status = await callAPI('getStatus', {});
-        liveSessions = Array.isArray(status?.sessions) ? status.sessions : [];
-      } catch {
-        // Ignore and fallback to local registry.
+    const profileSet = new Set(resolvedSessions.map((item) => String(item?.profileId || '').trim()).filter(Boolean));
+    if (profileSet.size === 0) {
+      for (const session of listRegisteredSessions()) {
+        if (String(session?.status || '').trim() === 'closed') continue;
+        const profileId = String(session?.profileId || '').trim();
+        if (profileId) profileSet.add(profileId);
       }
     }
-    const profileSet = new Set(liveSessions.map((item) => String(item?.profileId || '').trim()).filter(Boolean));
-    for (const session of listRegisteredSessions()) {
-      if (String(session?.status || '').trim() === 'closed') continue;
-      const profileId = String(session?.profileId || '').trim();
-      if (profileId) profileSet.add(profileId);
-    }
 
     const results = [];
     for (const profileId of profileSet) {
@@ -763,15 +766,6 @@ export async function handleStopCommand(args) {
   if (stopIdle) {
     const now = Date.now();
     const registeredSessions = listRegisteredSessions();
-    let liveSessions = [];
-    if (serviceUp) {
-      try {
-        const status = await callAPI('getStatus', {});
-        liveSessions = Array.isArray(status?.sessions) ? status.sessions : [];
-      } catch {
-        // Ignore and fallback to local registry.
-      }
-    }
     const regMap = new Map(
       registeredSessions
         .filter((item) => item && String(item?.status || '').trim() === 'active')
@@ -785,7 +779,7 @@ export async function handleStopCommand(args) {
       .map((item) => item.session.profileId),
     );
     let orphanLiveHeadlessCount = 0;
-    for (const live of liveSessions) {
+    for (const live of resolvedSessions.filter((item) => item.live)) {
       const liveProfileId = String(live?.profileId || '').trim();
       if (!liveProfileId) continue;
       if (regMap.has(liveProfileId) || idleTargets.has(liveProfileId)) continue;
@@ -863,14 +857,15 @@ export async function handleStopCommand(args) {
 
 export async function handleStatusCommand(args) {
   await ensureBrowserService();
-  const result = await callAPI('getStatus', {});
   const profileId = args[1];
   if (profileId && args[0] === 'status') {
-    const session = result?.sessions?.find((s) => s.profileId === profileId) || null;
+    const sessions = await getResolvedSessions();
+    const session = sessions.find((item) => item.profileId === profileId) || null;
     console.log(JSON.stringify({ ok: true, session }, null, 2));
     return;
   }
-  console.log(JSON.stringify(result, null, 2));
+  const sessions = await getResolvedSessions();
+  console.log(JSON.stringify({ ok: true, sessions, count: sessions.length }, null, 2));
 }
 
 export async function handleGotoCommand(args) {
@@ -1201,6 +1196,11 @@ export async function handleListPagesCommand(args) {
   await ensureBrowserService();
   const profileId = resolveProfileId(args, 1, getDefaultProfile);
   if (!profileId) throw new Error('Usage: camo list-pages [profileId] (or set default profile first)');
+  const sessions = await getResolvedSessions();
+  const session = sessions.find((item) => item.profileId === profileId) || null;
+  if (!session?.live) {
+    throw new Error(`Profile session not live: ${profileId}. Start via "camo start ${profileId}" first.`);
+  }
   const result = await callAPI('page:list', { profileId });
   console.log(JSON.stringify(result, null, 2));
 }
@@ -1241,33 +1241,9 @@ export async function handleShutdownCommand() {
 
 export async function handleSessionsCommand(args) {
   const serviceUp = await checkBrowserService();
+  const merged = await loadResolvedSessions(serviceUp);
   const registeredSessions = listRegisteredSessions();
-  
-  let liveSessions = [];
-  if (serviceUp) {
-    try {
-      const status = await callAPI('getStatus', {});
-      liveSessions = Array.isArray(status?.sessions) ? status.sessions : [];
-    } catch {
-      // Service may have just become unavailable
-    }
-  }
-  
-  // Merge live and registered sessions
-  const liveProfileIds = new Set(liveSessions.map(s => s.profileId));
-  const merged = [...liveSessions];
-  
-  // Add registered sessions that are not in live sessions (need recovery)
-  for (const reg of registeredSessions) {
-    if (!liveProfileIds.has(reg.profileId) && reg.status === 'active') {
-      merged.push({
-        ...reg,
-        live: false,
-        needsRecovery: true,
-      });
-    }
-  }
-  
+
   console.log(JSON.stringify({
     ok: true,
     serviceUp,

package/src/commands/lifecycle.mjs

@@ -3,84 +3,26 @@
  * Lifecycle commands: cleanup, force-stop, lock management, session recovery
  */
 import { getDefaultProfile } from '../utils/config.mjs';
-import { callAPI, ensureBrowserService, checkBrowserService } from '../utils/browser-service.mjs';
+import { callAPI, ensureBrowserService, checkBrowserService, getResolvedSessions } from '../utils/browser-service.mjs';
 import { resolveProfileId } from '../utils/args.mjs';
 import { acquireLock, getLockInfo, releaseLock, cleanupStaleLocks, listActiveLocks } from '../lifecycle/lock.mjs';
-import { 
+import {
   getSessionInfo, unregisterSession, markSessionClosed, cleanupStaleSessions,
   listRegisteredSessions, updateSession
 } from '../lifecycle/session-registry.mjs';
 import { stopAllSessionWatchdogs, stopSessionWatchdog } from '../lifecycle/session-watchdog.mjs';
 
-const DEFAULT_HEADLESS_IDLE_TIMEOUT_MS = 30 * 60 * 1000;
-
-function computeIdleState(session, now = Date.now()) {
-  const headless = session?.headless === true;
-  const timeoutMs = headless
-    ? (Number.isFinite(Number(session?.idleTimeoutMs)) ? Math.max(0, Number(session.idleTimeoutMs)) : DEFAULT_HEADLESS_IDLE_TIMEOUT_MS)
-    : 0;
-  const lastAt = Number(session?.lastActivityAt || session?.lastSeen || session?.startTime || now);
-  const idleMs = Math.max(0, now - (Number.isFinite(lastAt) ? lastAt : now));
-  const idle = headless && timeoutMs > 0 && idleMs >= timeoutMs;
-  return { headless, timeoutMs, idleMs, idle };
-}
-
-function buildMergedSessionRows(liveSessions, registeredSessions) {
-  const now = Date.now();
-  const regMap = new Map(registeredSessions.map((item) => [item.profileId, item]));
-  const rows = [];
-  const liveMap = new Map(liveSessions.map((item) => [item.profileId, item]));
-
-  for (const live of liveSessions) {
-    const reg = regMap.get(live.profileId);
-    const idle = computeIdleState(reg || {}, now);
-    rows.push({
-      profileId: live.profileId,
-      sessionId: live.session_id || live.profileId,
-      instanceId: reg?.instanceId || live.session_id || live.profileId,
-      alias: reg?.alias || null,
-      url: live.current_url,
-      mode: live.mode,
-      headless: idle.headless,
-      idleTimeoutMs: idle.timeoutMs,
-      idleMs: idle.idleMs,
-      idle: idle.idle,
-      live: true,
-      registered: !!reg,
-      registryStatus: reg?.status,
-      lastSeen: reg?.lastSeen || null,
-      lastActivityAt: reg?.lastActivityAt || null,
-    });
+function rejectIndirectSessionTargeting(commandName, args) {
+  if (args.includes('--id')) {
+    throw new Error(`Usage: camo ${commandName} [profileId] (direct profile only; --id is only supported by "camo stop")`);
   }
-
-  for (const reg of registeredSessions) {
-    if (liveMap.has(reg.profileId)) continue;
-    if (reg.status === 'closed') continue;
-    const idle = computeIdleState(reg, now);
-    rows.push({
-      profileId: reg.profileId,
-      sessionId: reg.sessionId || reg.profileId,
-      instanceId: reg.instanceId || reg.sessionId || reg.profileId,
-      alias: reg.alias || null,
-      url: reg.url || null,
-      mode: reg.mode || null,
-      headless: idle.headless,
-      idleTimeoutMs: idle.timeoutMs,
-      idleMs: idle.idleMs,
-      idle: idle.idle,
-      live: false,
-      orphaned: true,
-      needsRecovery: reg.status === 'active',
-      registered: true,
-      registryStatus: reg.status,
-      lastSeen: reg.lastSeen || null,
-      lastActivityAt: reg.lastActivityAt || null,
-    });
+  if (args.includes('--alias')) {
+    throw new Error(`Usage: camo ${commandName} [profileId] (direct profile only; --alias is only supported by "camo stop")`);
   }
-  return rows;
 }
 
 export async function handleCleanupCommand(args) {
+  rejectIndirectSessionTargeting('cleanup', args);
   const sub = args[1];
   
   if (sub === 'locks') {
@@ -158,6 +100,7 @@ export async function handleCleanupCommand(args) {
 }
 
 export async function handleForceStopCommand(args) {
+  rejectIndirectSessionTargeting('force-stop', args);
   await ensureBrowserService();
   const profileId = resolveProfileId(args, 1, getDefaultProfile);
   if (!profileId) throw new Error('Usage: camo force-stop [profileId]');
@@ -217,24 +160,45 @@ export async function handleUnlockCommand(args) {
 export async function handleSessionsCommand(args) {
   const serviceUp = await checkBrowserService();
   const registeredSessions = listRegisteredSessions();
-  
-  let liveSessions = [];
+  let merged = [];
   if (serviceUp) {
     try {
-      const status = await callAPI('getStatus', {});
-      liveSessions = Array.isArray(status?.sessions) ? status.sessions : [];
-    } catch {}
+      merged = await getResolvedSessions();
+    } catch {
+      merged = [];
+    }
+  } else {
+    merged = registeredSessions
+      .filter((item) => String(item?.status || '').trim() !== 'closed')
+      .map((item) => ({
+        profileId: item.profileId,
+        sessionId: item.sessionId || item.profileId,
+        instanceId: item.instanceId || item.sessionId || item.profileId,
+        alias: item.alias || null,
+        url: item.url || null,
+        mode: item.mode || null,
+        ownerPid: Number(item?.ownerPid || item?.pid || 0) || null,
+        headless: item.headless === true,
+        idleTimeoutMs: Number(item.idleTimeoutMs || 0) || 0,
+        idleMs: 0,
+        idle: false,
+        live: false,
+        registered: true,
+        orphaned: true,
+        needsRecovery: String(item.status || '').trim() === 'active',
+        registryStatus: item.status || null,
+        lastSeen: item.lastSeen || null,
+        lastActivityAt: item.lastActivityAt || null,
+      }));
   }
-  
-  const merged = buildMergedSessionRows(liveSessions, registeredSessions);
-  
+
   console.log(JSON.stringify({
     ok: true,
     serviceUp,
     sessions: merged,
     count: merged.length,
     registered: registeredSessions.length,
-    live: liveSessions.length,
+    live: merged.filter((item) => item.live).length,
     orphaned: merged.filter(s => s.orphaned).length,
   }, null, 2));
 }
@@ -272,24 +236,24 @@ export async function handleRecoverCommand(args) {
   
   // Service is up - check if session is still there
   try {
-    const status = await callAPI('getStatus', {});
-    const existing = status?.sessions?.find(s => s.profileId === profileId);
-    
+    const sessions = await getResolvedSessions();
+    const existing = sessions.find((item) => item.profileId === profileId && item.live);
+
     if (existing) {
       // Session is alive - update registry
       updateSession(profileId, {
-        sessionId: existing.session_id || existing.profileId,
-        url: existing.current_url,
+        sessionId: existing.sessionId || existing.profileId,
+        url: existing.url,
         status: 'active',
         recoveredAt: Date.now(),
       });
-      acquireLock(profileId, { sessionId: existing.session_id || existing.profileId });
+      acquireLock(profileId, { sessionId: existing.sessionId || existing.profileId });
       console.log(JSON.stringify({
         ok: true,
         recovered: true,
         profileId,
-        sessionId: existing.session_id || existing.profileId,
-        url: existing.current_url,
+        sessionId: existing.sessionId || existing.profileId,
+        url: existing.url,
         message: 'Session reconnected successfully',
       }, null, 2));
     } else {

package/src/container/subscription-registry.mjs

@@ -1,6 +1,6 @@
 import fs from 'node:fs';
 import path from 'node:path';
-import { CONFIG_DIR } from '../utils/config.mjs';
+import { CONFIG_DIR, loadConfig } from '../utils/config.mjs';
 
 const CONTAINER_ROOT_ENV = process.env.CAMO_CONTAINER_ROOT;
 

package/src/lifecycle/session-registry.mjs

@@ -25,6 +25,11 @@ function normalizeAlias(value) {
   return text.slice(0, 64);
 }
 
+function isAliasProtectedStatus(status) {
+  const normalized = String(status || '').trim().toLowerCase();
+  return normalized === 'active' || normalized === 'reconnecting';
+}
+
 function normalizeTimeoutMs(value) {
   const ms = Number(value);
   if (!Number.isFinite(ms) || ms < 0) return null;
@@ -159,10 +164,21 @@ export function resolveSessionTarget(target) {
   const sessions = listRegisteredSessions();
   const byProfile = sessions.find((item) => String(item?.profileId || '').trim() === value);
   if (byProfile) return { profileId: byProfile.profileId, reason: 'profile', session: byProfile };
-  const byInstanceId = sessions.find((item) => String(item?.instanceId || '').trim() === value);
-  if (byInstanceId) return { profileId: byInstanceId.profileId, reason: 'instanceId', session: byInstanceId };
-  const byAlias = sessions.find((item) => normalizeAlias(item?.alias) === normalizeAlias(value));
-  if (byAlias) return { profileId: byAlias.profileId, reason: 'alias', session: byAlias };
+  const byInstanceId = sessions.filter((item) => String(item?.instanceId || '').trim() === value);
+  if (byInstanceId.length > 1) {
+    throw new Error(`Ambiguous instance id target: ${value}`);
+  }
+  if (byInstanceId.length === 1) {
+    return { profileId: byInstanceId[0].profileId, reason: 'instanceId', session: byInstanceId[0] };
+  }
+  const normalizedAlias = normalizeAlias(value);
+  const byAlias = sessions.filter((item) => normalizeAlias(item?.alias) === normalizedAlias && isAliasProtectedStatus(item?.status));
+  if (byAlias.length > 1) {
+    throw new Error(`Ambiguous alias target: ${value}`);
+  }
+  if (byAlias.length === 1) {
+    return { profileId: byAlias[0].profileId, reason: 'alias', session: byAlias[0] };
+  }
   return null;
 }
 
@@ -173,7 +189,7 @@ export function isSessionAliasTaken(alias, exceptProfileId = '') {
   return listRegisteredSessions().some((item) => {
     if (!item) return false;
     if (except && String(item.profileId || '').trim() === except) return false;
-    if (String(item.status || '').trim() !== 'active') return false;
+    if (!isAliasProtectedStatus(item.status)) return false;
     return normalizeAlias(item.alias) === target;
   });
 }

package/src/lifecycle/session-view.mjs

@@ -0,0 +1,76 @@
+#!/usr/bin/env node
+import { listRegisteredSessions } from './session-registry.mjs';
+
+const DEFAULT_HEADLESS_IDLE_TIMEOUT_MS = 30 * 60 * 1000;
+
+function computeIdleState(session, now = Date.now()) {
+  const headless = session?.headless === true;
+  const timeoutMs = headless
+    ? (Number.isFinite(Number(session?.idleTimeoutMs)) ? Math.max(0, Number(session.idleTimeoutMs)) : DEFAULT_HEADLESS_IDLE_TIMEOUT_MS)
+    : 0;
+  const lastAt = Number(session?.lastActivityAt || session?.lastSeen || session?.startTime || now);
+  const idleMs = Math.max(0, now - (Number.isFinite(lastAt) ? lastAt : now));
+  const idle = headless && timeoutMs > 0 && idleMs >= timeoutMs;
+  return { headless, timeoutMs, idleMs, idle };
+}
+
+function normalizeLiveSession(session) {
+  if (!session) return null;
+  const profileId = String(session.profileId || session.session_id || '').trim();
+  if (!profileId) return null;
+  return {
+    profileId,
+    sessionId: session.session_id || session.sessionId || profileId,
+    url: session.current_url || session.url || null,
+    mode: session.mode || null,
+    ownerPid: Number(session.owner_pid || session.ownerPid || 0) || null,
+    live: true,
+    raw: session,
+  };
+}
+
+export function buildResolvedSessionView(liveSessions = [], registeredSessions = listRegisteredSessions()) {
+  const now = Date.now();
+  const regMap = new Map(registeredSessions.map((item) => [String(item?.profileId || '').trim(), item]).filter(([key]) => key));
+  const liveMap = new Map(liveSessions.map(normalizeLiveSession).filter(Boolean).map((item) => [item.profileId, item]));
+  const profileIds = new Set([...liveMap.keys(), ...regMap.keys()]);
+  const rows = [];
+
+  for (const profileId of profileIds) {
+    const live = liveMap.get(profileId) || null;
+    const reg = regMap.get(profileId) || null;
+    if (!live && reg && String(reg.status || '').trim() === 'closed') continue;
+    const idle = computeIdleState(reg || live || {}, now);
+    const registryStatus = reg?.status || null;
+    const row = {
+      profileId,
+      sessionId: live?.sessionId || reg?.sessionId || reg?.instanceId || profileId,
+      instanceId: reg?.instanceId || live?.sessionId || profileId,
+      alias: reg?.alias || null,
+      url: live?.url || reg?.url || null,
+      mode: live?.mode || reg?.mode || null,
+      ownerPid: live?.ownerPid || Number(reg?.ownerPid || reg?.pid || 0) || null,
+      headless: idle.headless,
+      idleTimeoutMs: idle.timeoutMs,
+      idleMs: idle.idleMs,
+      idle: idle.idle,
+      live: Boolean(live),
+      registered: Boolean(reg),
+      orphaned: Boolean(reg) && !live,
+      needsRecovery: Boolean(reg) && !live && registryStatus === 'active',
+      registryStatus,
+      lastSeen: reg?.lastSeen || null,
+      lastActivityAt: reg?.lastActivityAt || null,
+    };
+    rows.push(row);
+  }
+
+  return rows.sort((a, b) => String(a.profileId).localeCompare(String(b.profileId)));
+}
+
+export function resolveSessionViewByProfile(profileId, liveSessions = [], registeredSessions = listRegisteredSessions()) {
+  const id = String(profileId || '').trim();
+  if (!id) return null;
+  return buildResolvedSessionView(liveSessions, registeredSessions).find((item) => item.profileId === id) || null;
+}
+

package/src/services/browser-service/internal/BrowserSession.input.test.js

@@ -277,6 +277,39 @@ test('mouseWheel retries with refreshed active page after timeout', async () =>
         restoreTimeout();
     }
 });
+test('mouseWheel prefers interactive viewport metrics for anchor clamping', async () => {
+    const restoreTimeout = setEnv('CAMO_INPUT_ACTION_TIMEOUT_MS', '80');
+    const restoreAttempts = setEnv('CAMO_INPUT_ACTION_MAX_ATTEMPTS', '1');
+    const restoreDelay = setEnv('CAMO_INPUT_RECOVERY_DELAY_MS', '0');
+    const restoreBringToFrontTimeout = setEnv('CAMO_INPUT_RECOVERY_BRING_TO_FRONT_TIMEOUT_MS', '50');
+    const restoreReadySettle = setEnv('CAMO_INPUT_READY_SETTLE_MS', '0');
+    try {
+        const moves = [];
+        const page = {
+            isClosed: () => false,
+            viewportSize: () => ({ width: 1280, height: 720 }),
+            evaluate: async () => ({ innerWidth: 2560, innerHeight: 1440, visualWidth: 2560, visualHeight: 1440 }),
+            bringToFront: async () => { },
+            waitForTimeout: async () => { },
+            mouse: {
+                move: async (x, y) => {
+                    moves.push([x, y]);
+                },
+                wheel: async () => { },
+            },
+        };
+        const session = createSessionWithPage(page);
+        await session.mouseWheel({ deltaY: 360, anchorX: 2564, anchorY: 228 });
+        assert.deepEqual(moves, [[2559, 228]]);
+    }
+    finally {
+        restoreReadySettle();
+        restoreBringToFrontTimeout();
+        restoreDelay();
+        restoreAttempts();
+        restoreTimeout();
+    }
+});
 test('mouseWheel falls back to keyboard paging when wheel keeps timing out', async () => {
     const restoreTimeout = setEnv('CAMO_INPUT_ACTION_TIMEOUT_MS', '80');
     const restoreAttempts = setEnv('CAMO_INPUT_ACTION_MAX_ATTEMPTS', '1');

package/src/services/browser-service/internal/browser-session/input-ops.js

@@ -1,4 +1,30 @@
 import { isTimeoutLikeError } from './utils.js';
+
+async function readInteractiveViewport(page) {
+    const fallback = page.viewportSize?.() || null;
+    try {
+        const metrics = await page.evaluate(() => ({
+            innerWidth: Number(window.innerWidth || 0),
+            innerHeight: Number(window.innerHeight || 0),
+            visualWidth: Number(window.visualViewport?.width || 0),
+            visualHeight: Number(window.visualViewport?.height || 0),
+        }));
+        const width = Math.max(Number(metrics?.innerWidth || 0), Number(metrics?.visualWidth || 0), Number(fallback?.width || 0));
+        const height = Math.max(Number(metrics?.innerHeight || 0), Number(metrics?.visualHeight || 0), Number(fallback?.height || 0));
+        if (Number.isFinite(width) && width > 1 && Number.isFinite(height) && height > 1) {
+            return {
+                width: Math.round(width),
+                height: Math.round(height),
+            };
+        }
+    }
+    catch { }
+    return {
+        width: Math.max(1, Number(fallback?.width || 1280)),
+        height: Math.max(1, Number(fallback?.height || 720)),
+    };
+}
+
 export class BrowserSessionInputOps {
     ensurePrimaryPage;
     ensureInputReady;
@@ -89,7 +115,7 @@ export class BrowserSessionInputOps {
             }
             try {
                 await this.runInputAction(page, 'mouse:wheel', async (activePage) => {
-                    const viewport = activePage.viewportSize();
+                    const viewport = await readInteractiveViewport(activePage);
                     const moveX = Number.isFinite(normalizedAnchorX)
                         ? Math.max(1, Math.min(Math.max(1, Number(viewport?.width || 1280) - 1), Math.round(normalizedAnchorX)))
                         : Math.max(1, Math.floor(((viewport?.width || 1280) * 0.5)));

package/src/services/browser-service/internal/browser-session/page-management.js

@@ -6,6 +6,36 @@ export class BrowserSessionPageManagement {
     constructor(deps) {
         this.deps = deps;
     }
+    async openPageViaContext(ctx, beforeCount) {
+        try {
+            const page = await ctx.newPage();
+            await page.waitForLoadState('domcontentloaded', { timeout: 1500 }).catch(() => null);
+            const after = ctx.pages().filter((p) => !p.isClosed()).length;
+            if (after > beforeCount) {
+                return page;
+            }
+        }
+        catch {
+            // Fall through to shortcut-based creation below.
+        }
+        return null;
+    }
+    async openPageViaShortcut(ctx, opener, shortcut, beforeCount) {
+        for (let attempt = 1; attempt <= 3; attempt += 1) {
+            const waitPage = ctx.waitForEvent('page', { timeout: 1200 }).catch(() => null);
+            await opener.keyboard.press(shortcut).catch(() => null);
+            const page = await waitPage;
+            const pagesNow = ctx.pages().filter((p) => !p.isClosed());
+            const after = pagesNow.length;
+            if (page && after > beforeCount)
+                return page;
+            if (!page && after > beforeCount) {
+                return pagesNow[pagesNow.length - 1] || null;
+            }
+            await new Promise((r) => setTimeout(r, 250));
+        }
+        return null;
+    }
     tryOsNewTabShortcut() {
         if (this.deps.isHeadless())
             return false;
@@ -58,7 +88,14 @@ export class BrowserSessionPageManagement {
     }
     listPages() {
         const ctx = this.deps.ensureContext();
-        const pages = ctx.pages().filter((p) => !p.isClosed());
+        // Filter out closed pages AND pages that are effectively blank (about:newtab/about:blank)
+        const pages = ctx.pages().filter((p) => {
+            if (p.isClosed()) return false;
+            const url = p.url();
+            // Filter out blank placeholder pages
+            if (url === 'about:newtab' || url === 'about:blank') return false;
+            return true;
+        });
         const active = this.deps.getActivePage();
         return pages.map((p, index) => ({
             index,
@@ -78,23 +115,15 @@ export class BrowserSessionPageManagement {
             await opener.bringToFront().catch(() => null);
         }
         const before = ctx.pages().filter((p) => !p.isClosed()).length;
-        for (let attempt = 1; attempt <= 3; attempt += 1) {
-            const waitPage = ctx.waitForEvent('page', { timeout: 8000 }).catch(() => null);
-            await opener.keyboard.press(shortcut).catch(() => null);
-            page = await waitPage;
-            const pagesNow = ctx.pages().filter((p) => !p.isClosed());
-            const after = pagesNow.length;
-            if (page && after > before)
-                break;
-            if (!page && after > before) {
-                page = pagesNow[pagesNow.length - 1] || null;
-                break;
-            }
-            await new Promise((r) => setTimeout(r, 250));
+        if (!options?.strictShortcut) {
+            page = await this.openPageViaContext(ctx, before);
+        }
+        if (!page) {
+            page = await this.openPageViaShortcut(ctx, opener, shortcut, before);
         }
         let after = ctx.pages().filter((p) => !p.isClosed()).length;
         if (!page || after <= before) {
-            const waitPage = ctx.waitForEvent('page', { timeout: 8000 }).catch(() => null);
+            const waitPage = ctx.waitForEvent('page', { timeout: 1200 }).catch(() => null);
             const osShortcutOk = this.tryOsNewTabShortcut();
             if (osShortcutOk) {
                 page = await waitPage;
@@ -107,13 +136,7 @@ export class BrowserSessionPageManagement {
         }
         if (!page || after <= before) {
             if (!options?.strictShortcut) {
-                try {
-                    page = await ctx.newPage();
-                    await page.waitForLoadState('domcontentloaded', { timeout: 8000 }).catch(() => null);
-                }
-                catch {
-                    // ignore fallback errors
-                }
+                page = await this.openPageViaContext(ctx, before);
                 after = ctx.pages().filter((p) => !p.isClosed()).length;
                 if (!page && after > before) {
                     const pagesNow = ctx.pages().filter((p) => !p.isClosed());
@@ -194,8 +217,39 @@ export class BrowserSessionPageManagement {
             throw new Error(`invalid_page_index: ${index}`);
         }
         const page = pages[closedIndex];
-        await page.close().catch(() => { });
-        const remaining = ctx.pages().filter((p) => !p.isClosed());
+        const beforeUrl = page.url();
+        
+        // Try to close the page
+        try {
+            await page.close({ runBeforeUnload: false });
+        } catch (e) {
+            // Ignore close errors
+        }
+        
+        // Wait for close to take effect
+        await new Promise(r => setTimeout(r, 100));
+        
+        // Check if actually closed
+        let remaining = ctx.pages().filter((p) => !p.isClosed());
+        
+        // If still same count, the page might not have closed properly
+        // Try navigating to about:blank first then close
+        if (remaining.length === pages.length) {
+            try {
+                await page.goto('about:blank', { timeout: 500 }).catch(() => {});
+                await page.close({ runBeforeUnload: false }).catch(() => {});
+                await new Promise(r => setTimeout(r, 100));
+                remaining = ctx.pages().filter((p) => !p.isClosed());
+            } catch (e) {
+                // Ignore
+            }
+        }
+        
+        // Final check - filter out pages that look like closed tabs (about:newtab)
+        remaining = remaining.filter(p => {
+            const url = p.url();
+            return url !== 'about:newtab' && url !== 'about:blank';
+        });
         const nextIndex = remaining.length === 0 ? -1 : Math.min(Math.max(0, closedIndex - 1), remaining.length - 1);
         if (nextIndex >= 0) {
             const nextPage = remaining[nextIndex];

package/src/services/browser-service/internal/browser-session/page-management.test.js

@@ -0,0 +1,105 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { BrowserSessionPageManagement } from './page-management.js';
+
+function createPage(label) {
+    const page = {
+        label,
+        closed: false,
+        bringToFrontCalls: 0,
+        gotoCalls: [],
+        waitCalls: [],
+        keyboard: {
+            presses: [],
+            press: async (shortcut) => {
+                page.keyboard.presses.push(shortcut);
+            },
+        },
+        url: () => `https://example.com/${label}`,
+        isClosed() {
+            return this.closed;
+        },
+        async bringToFront() {
+            this.bringToFrontCalls += 1;
+        },
+        async waitForLoadState(_state, opts) {
+            this.waitCalls.push(Number(opts?.timeout || 0));
+        },
+        async goto(url) {
+            this.gotoCalls.push(url);
+        },
+    };
+    return page;
+}
+
+function createManagement({ pages, activePage, ctxNewPage, waitForEvent }) {
+    let currentActive = activePage;
+    const ctx = {
+        pages: () => pages,
+        newPage: ctxNewPage,
+        waitForEvent: waitForEvent || (async () => null),
+    };
+    const management = new BrowserSessionPageManagement({
+        ensureContext: () => ctx,
+        getActivePage: () => currentActive,
+        getCurrentUrl: () => currentActive?.url?.() || null,
+        setActivePage: (page) => {
+            currentActive = page ?? null;
+        },
+        setupPageHooks: () => { },
+        ensurePageViewport: async () => { },
+        maybeCenterPage: async () => { },
+        recordLastKnownUrl: () => { },
+        isHeadless: () => false,
+    });
+    return { management, getActivePage: () => currentActive };
+}
+
+test('newPage prefers direct context creation before shortcut retries', async () => {
+    const opener = createPage('opener');
+    const created = createPage('created');
+    const pages = [opener];
+    let ctxNewPageCalls = 0;
+    const { management, getActivePage } = createManagement({
+        pages,
+        activePage: opener,
+        ctxNewPage: async () => {
+            ctxNewPageCalls += 1;
+            pages.push(created);
+            return created;
+        },
+        waitForEvent: async () => {
+            throw new Error('shortcut path should not run');
+        },
+    });
+    const result = await management.newPage();
+    assert.equal(ctxNewPageCalls, 1);
+    assert.equal(opener.keyboard.presses.length, 0);
+    assert.equal(result.index, 1);
+    assert.equal(result.url, 'https://example.com/created');
+    assert.equal(getActivePage(), created);
+});
+
+test('newPage falls back to shortcut path in strictShortcut mode', async () => {
+    const opener = createPage('opener');
+    const created = createPage('created');
+    const pages = [opener];
+    let ctxNewPageCalls = 0;
+    const { management, getActivePage } = createManagement({
+        pages,
+        activePage: opener,
+        ctxNewPage: async () => {
+            ctxNewPageCalls += 1;
+            return created;
+        },
+        waitForEvent: async () => {
+            pages.push(created);
+            return created;
+        },
+    });
+    const result = await management.newPage(undefined, { strictShortcut: true });
+    assert.equal(ctxNewPageCalls, 0);
+    assert.ok(opener.keyboard.presses.length >= 1);
+    assert.equal(result.index, 1);
+    assert.equal(getActivePage(), created);
+});

package/src/utils/browser-service.mjs

@@ -7,6 +7,7 @@ import { createRequire } from 'node:module';
 import { fileURLToPath } from 'node:url';
 import { BROWSER_SERVICE_URL, loadConfig, setRepoRoot } from './config.mjs';
 import { touchSessionActivity } from '../lifecycle/session-registry.mjs';
+import { buildResolvedSessionView, resolveSessionViewByProfile } from '../lifecycle/session-view.mjs';
 
 const require = createRequire(import.meta.url);
 const DEFAULT_API_TIMEOUT_MS = 90000;
@@ -151,16 +152,21 @@ export async function callAPI(action, payload = {}, options = {}) {
 
 export async function getSessionByProfile(profileId) {
   const status = await callAPI('getStatus', {});
-  const activeSession = status?.sessions?.find((s) => s.profileId === profileId) || null;
-  if (activeSession) {
-    return activeSession;
-  }
   if (!profileId) {
     return null;
   }
+  const liveSessions = Array.isArray(status?.sessions) ? status.sessions : [];
+  const resolved = resolveSessionViewByProfile(profileId, liveSessions);
+  if (resolved?.live) {
+    const activeSession = liveSessions.find((session) => String(session?.profileId || '').trim() === resolved.profileId) || null;
+    if (activeSession) return activeSession;
+  }
+  if (!resolved?.live) {
+    return null;
+  }
 
-  // Some browser-service builds do not populate getStatus.sessions reliably.
-  // Fallback to page:list so runtime can still attach to an active profile tab set.
+  // Some browser-service builds do not populate current_url reliably.
+  // Fallback to page:list only to enrich an already-live profile.
   try {
     const pagePayload = await callAPI('page:list', { profileId });
     const pages = Array.isArray(pagePayload?.pages)
@@ -185,6 +191,12 @@ export async function getSessionByProfile(profileId) {
   }
 }
 
+export async function getResolvedSessions() {
+  const status = await callAPI('getStatus', {});
+  const liveSessions = Array.isArray(status?.sessions) ? status.sessions : [];
+  return buildResolvedSessionView(liveSessions);
+}
+
 function buildDomSnapshotScript(maxDepth, maxChildren) {
   return `(() => {
     const MAX_DEPTH = ${maxDepth};

package/src/utils/config.mjs

@@ -69,7 +69,7 @@ export const CONFIG_FILE = path.join(CONFIG_DIR, 'camo-cli.json');
 export const PROFILE_META_FILE = 'camo-profile.json';
 export const BROWSER_SERVICE_URL = process.env.CAMO_BROWSER_URL
   || process.env.CAMO_BROWSER_HTTP_URL
-  || process.env.CAMO_BROWSER_HOST
+  || (process.env.CAMO_BROWSER_HOST ? `http://${process.env.CAMO_BROWSER_HOST}` : '')
   || 'http://127.0.0.1:7704';
 
 export function ensureDir(p) {

package/src/utils/help.mjs

@@ -32,16 +32,16 @@ BROWSER CONTROL:
   stop --alias <alias>                      Stop by alias
   stop idle                                 Stop all idle sessions
   stop all                                  Stop all sessions
-  status [profileId]
+  status [profileId]                        Show resolved per-profile session view
   list                                      Alias of status
 
 LIFECYCLE & CLEANUP:
-  instances                                 List global camoufox instances (live + registered + idle state)
-  sessions                                  List active browser sessions
-  cleanup [profileId]                       Cleanup session (release lock + stop)
+  instances                                 List resolved session view (live + registered + idle state)
+  sessions                                  List resolved session view for all profiles
+  cleanup [profileId]                       Cleanup only one profile (remote stop + local registry/lock/watchdog)
   cleanup all                               Cleanup all active sessions
   cleanup locks                             Cleanup stale lock files
-  force-stop [profileId]                    Force stop session (for stuck sessions)
+  force-stop [profileId]                    Force stop only one profile session (no alias/id targeting)
   lock list                                 List active session locks
   lock [profileId]                          Show lock info for profile
   unlock [profileId]                        Release lock for profile
@@ -63,7 +63,7 @@ PAGES:
   new-page [profileId] [--url <url>]
   close-page [profileId] [index]
   switch-page [profileId] <index>
-  list-pages [profileId]
+  list-pages [profileId]                    List pages only when that profile is live
 
 DEVTOOLS:
   devtools logs [profileId] [--limit 120] [--since <unix_ms>] [--levels error,warn] [--clear]
@@ -184,6 +184,27 @@ ENV:
   CAMO_SKIP_BRING_TO_FRONT                   Legacy alias for CAMO_BRING_TO_FRONT_MODE=never
   CAMO_PROGRESS_EVENTS_FILE                 Optional path override for progress jsonl
   CAMO_PROGRESS_WS_HOST / CAMO_PROGRESS_WS_PORT   Progress daemon host/port (defaults: 127.0.0.1:7788)
+
+SESSION ISOLATION:
+  - profile is the lifecycle primary key. browser-service, lock, watchdog, registry all bind to the same profileId.
+  - camo start/stop/cleanup/force-stop <profileId> only targets that exact profile and must not affect other profiles.
+  - stop --id / stop --alias are convenience selectors for stop only; cleanup/force-stop never accept alias or instance id.
+  - status/sessions/instances all read the same resolved session view with these fields:
+      live: browser-service currently has this profile session
+      registered: local registry has metadata for this profile
+      orphaned: registry exists but service session is gone
+      needsRecovery: registry says active but service no longer has that profile
+  - list-pages requires live=true for that profile; otherwise camo will fail fast instead of probing other profiles.
+
+ISOLATION EXAMPLES:
+  camo sessions
+  camo status finger
+  camo stop finger
+  camo status xhs-qa-1
+  camo cleanup finger
+  camo force-stop finger
+  invalid: camo cleanup --alias shard1
+  invalid: camo force-stop --id inst_xxxxxxxx
 `);
 }