npm - camofox-browser - Versions diffs - 2.4.1 → 2.4.4 - Mend

camofox-browser 2.4.1 → 2.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/CHANGELOG.md +35 -0
package/README.md +6 -1
package/dist/src/routes/core.d.ts.map +1 -1
package/dist/src/routes/core.js +128 -16
package/dist/src/routes/core.js.map +1 -1
package/dist/src/routes/openclaw.d.ts.map +1 -1
package/dist/src/routes/openclaw.js +82 -9
package/dist/src/routes/openclaw.js.map +1 -1
package/dist/src/services/context-pool.d.ts +2 -1
package/dist/src/services/context-pool.d.ts.map +1 -1
package/dist/src/services/context-pool.js +46 -10
package/dist/src/services/context-pool.js.map +1 -1
package/dist/src/services/session.d.ts +27 -4
package/dist/src/services/session.d.ts.map +1 -1
package/dist/src/services/session.js +331 -75
package/dist/src/services/session.js.map +1 -1
package/dist/src/services/tab.d.ts +2 -1
package/dist/src/services/tab.d.ts.map +1 -1
package/dist/src/services/tab.js +19 -0
package/dist/src/services/tab.js.map +1 -1
package/dist/src/services/tracing.d.ts.map +1 -1
package/dist/src/services/tracing.js +43 -5
package/dist/src/services/tracing.js.map +1 -1
package/dist/src/utils/proxy-profiles.js +4 -4
package/dist/src/utils/proxy-profiles.js.map +1 -1
package/dist/tsconfig.tsbuildinfo +1 -1
package/openclaw.plugin.json +1 -1
package/package.json +2 -2

package/dist/src/services/session.js CHANGED Viewed

@@ -11,6 +11,10 @@ exports.cleanupSessionsForUserId = cleanupSessionsForUserId;
 exports.normalizeUserId = normalizeUserId;
 exports.getSessionMapKey = getSessionMapKey;
 exports.getEstablishedSessionProfile = getEstablishedSessionProfile;
+exports.hasDefaultSessionProfileRuntime = hasDefaultSessionProfileRuntime;
+exports.claimDefaultSessionProfileRuntime = claimDefaultSessionProfileRuntime;
+exports.clearDefaultSessionProfileClaim = clearDefaultSessionProfileClaim;
+exports.getSessionProfileLaunchSettings = getSessionProfileLaunchSettings;
 exports.getCanonicalProfile = getCanonicalProfile;
 exports.hasCanonicalProfile = hasCanonicalProfile;
 exports.acquireFirstCreateMutex = acquireFirstCreateMutex;
@@ -20,6 +24,9 @@ exports.createCanonicalProfile = createCanonicalProfile;
 exports.clearCanonicalProfile = clearCanonicalProfile;
 exports.establishSessionProfile = establishSessionProfile;
 exports.clearSessionProfile = clearSessionProfile;
+exports.acquireSessionProfileCreateMutex = acquireSessionProfileCreateMutex;
+exports.waitForSessionProfileCreate = waitForSessionProfileCreate;
+exports.rollbackSessionProfileRuntime = rollbackSessionProfileRuntime;
 exports.getSessionsForUser = getSessionsForUser;
 exports.getAllSessions = getAllSessions;
 exports.countTotalTabsForSessions = countTotalTabsForSessions;
@@ -54,9 +61,12 @@ const CONFIG = (0, config_1.loadConfig)();
 // userId -> { context, tabGroups: Map<sessionKey, Map<tabId, TabState>>, lastAccess }
 // Note: sessionKey was previously called listItemId - both are accepted for backward compatibility
 const sessions = new Map();
+const sessionOwners = new Map();
 // sessionKey -> in-flight session creation promise
 // Avoids storing partially-initialized sessions (e.g., context: null cast) and dedupes concurrent creates.
 const launchingSessions = new Map();
+const launchingSessionOwners = new Map();
+const lifecycleIdleClosures = new Map();
 // tabId -> sessions map key
 // Persistent profiles are keyed only by userId, while tab endpoints only get tabId.
 const tabSessionIndex = new Map();
@@ -65,9 +75,11 @@ const tabSessionIndex = new Map();
 const canonicalProfiles = new Map();
 // Session profiles keyed by userId::sessionKey to track separate proxy/geo profiles per session
 const sessionProfiles = new Map();
+const defaultSessionProfileClaims = new Map();
 // Per-user mutex covering the entire first-create lifecycle (establishment -> tab commit).
 // Prevents sibling requests from observing provisional canonical state.
 const firstCreateMutexes = new Map();
+const sessionProfileCreateMutexes = new Map();
 const userConcurrency = new Map();
 function __getUserConcurrencyStateForTests(userId) {
     const key = String(userId).toLowerCase().trim();
@@ -79,6 +91,40 @@ function __getUserConcurrencyStateForTests(userId) {
 function __getSessionsMapForTests() {
     return sessions;
 }
+function beginLifecycleIdleClosure(userId) {
+    const key = normalizeUserId(userId);
+    let state = lifecycleIdleClosures.get(key);
+    if (!state) {
+        let resolve;
+        const promise = new Promise((r) => {
+            resolve = r;
+        });
+        state = { pending: 0, promise, resolve };
+        lifecycleIdleClosures.set(key, state);
+    }
+    state.pending++;
+    let released = false;
+    return () => {
+        if (released)
+            return;
+        released = true;
+        const current = lifecycleIdleClosures.get(key);
+        if (!current)
+            return;
+        current.pending--;
+        if (current.pending <= 0) {
+            lifecycleIdleClosures.delete(key);
+            current.resolve();
+        }
+    };
+}
+async function waitForLifecycleIdleClosure(userId) {
+    const key = normalizeUserId(userId);
+    const pending = lifecycleIdleClosures.get(key);
+    if (pending) {
+        await pending.promise;
+    }
+}
 async function withUserLimit(userId, maxConcurrent, operation, operationTimeoutMs) {
     const key = String(userId).toLowerCase().trim();
     let state = userConcurrency.get(key);
@@ -130,26 +176,43 @@ async function withUserLimit(userId, maxConcurrent, operation, operationTimeoutM
         }
     }
 }
-function cleanupSessionsForUserId(userId, reason, clearCanonical = true) {
+function cleanupSessionsForUserId(userId, reason, clearCanonical = true, options = {}) {
     const key = normalizeUserId(userId);
+    const allowInternalSessionKey = options.allowInternalSessionKey ?? true;
+    const ownerKeys = new Set();
     // If a session is currently being created, drop our reference so callers don't keep a stale placeholder.
-    launchingSessions.delete(key);
-    void (0, vnc_1.stopVnc)(key).catch(() => { });
-    try {
-        (0, download_1.cleanupUserDownloads)(key);
-    }
-    catch {
-        // ignore cleanup errors
+    for (const launchKey of Array.from(launchingSessions.keys())) {
+        if (isLaunchingSessionKeyForCleanupKey(launchKey, key, allowInternalSessionKey)) {
+            ownerKeys.add(launchingSessionOwners.get(launchKey) ?? key);
+            launchingSessions.delete(launchKey);
+            launchingSessionOwners.delete(launchKey);
+        }
     }
-    (0, tracing_1.cleanupTracing)(key);
-    const session = sessions.get(key);
-    if (session) {
+    for (const [sessionKey, session] of Array.from(sessions.entries())) {
+        if (!isSessionMapKeyForCleanupKey(sessionKey, key, allowInternalSessionKey))
+            continue;
+        ownerKeys.add(sessionOwners.get(sessionKey) ?? sessionKey);
         unindexSessionTabs(session);
-        sessions.delete(key);
-        (0, logging_1.log)('info', 'session cleaned up', { userId: key, reason });
+        sessions.delete(sessionKey);
+        sessionOwners.delete(sessionKey);
+        (0, logging_1.log)('info', 'session cleaned up', { userId: key, sessionKey, reason });
+    }
+    if (ownerKeys.size === 0)
+        ownerKeys.add(key);
+    for (const ownerKey of ownerKeys) {
+        void (0, vnc_1.stopVnc)(ownerKey).catch(() => { });
+        try {
+            (0, download_1.cleanupUserDownloads)(ownerKey);
+        }
+        catch {
+            // ignore cleanup errors
+        }
+        (0, tracing_1.cleanupTracing)(ownerKey);
+        clearDefaultSessionProfileClaimsForUser(ownerKey);
     }
     if (clearCanonical) {
         canonicalProfiles.delete(key);
+        clearDefaultSessionProfileClaimsForUser(key);
         const mutex = firstCreateMutexes.get(key);
         if (mutex) {
             mutex.resolve(false);
@@ -165,6 +228,12 @@ function cleanupSessionsForUserId(userId, reason, clearCanonical = true) {
         for (const profileKey of profileKeysToDelete) {
             sessionProfiles.delete(profileKey);
         }
+        for (const [profileKey, mutex] of Array.from(sessionProfileCreateMutexes.entries())) {
+            if (mutex.userId === key) {
+                mutex.resolve(false);
+                sessionProfileCreateMutexes.delete(profileKey);
+            }
+        }
     }
     userConcurrency.delete(key);
 }
@@ -178,8 +247,33 @@ exports.MAX_TABS_PER_SESSION = CONFIG.maxTabsPerSession;
 function normalizeUserId(userId) {
     return String(userId);
 }
+function encodeKeyComponent(value) {
+    return Buffer.from(String(value), 'utf16le').toString('base64url');
+}
+function userSessionMapKey(userId) {
+    return `u:${encodeKeyComponent(normalizeUserId(userId))}`;
+}
 function sessionOverlayKey(userId, sessionKey) {
-    return `${normalizeUserId(userId)}::${sessionKey}`;
+    return `o:${encodeKeyComponent(normalizeUserId(userId))}:${encodeKeyComponent(sessionKey)}`;
+}
+function clearDefaultSessionProfileClaimsForUser(userId) {
+    const key = normalizeUserId(userId);
+    for (const [claimKey, claim] of Array.from(defaultSessionProfileClaims.entries())) {
+        if (claim.userId === key) {
+            defaultSessionProfileClaims.delete(claimKey);
+        }
+    }
+}
+function isSessionMapKeyForUser(sessionMapKey, userKey) {
+    return sessionMapKey === userSessionMapKey(userKey) || sessionOwners.get(sessionMapKey) === userKey;
+}
+function isSessionMapKeyForCleanupKey(sessionMapKey, cleanupKey, allowInternalSessionKey = true) {
+    return (allowInternalSessionKey && sessionMapKey === cleanupKey) || isSessionMapKeyForUser(sessionMapKey, cleanupKey);
+}
+function isLaunchingSessionKeyForCleanupKey(sessionMapKey, cleanupKey, allowInternalSessionKey = true) {
+    return ((allowInternalSessionKey && sessionMapKey === cleanupKey) ||
+        sessionMapKey === userSessionMapKey(cleanupKey) ||
+        launchingSessionOwners.get(sessionMapKey) === cleanupKey);
 }
 // Backward compatible version - takes contextOverrides instead of session profile
 function getSessionMapKey(userId, contextOverridesOrSessionKey, profileSignature) {
@@ -187,18 +281,94 @@ function getSessionMapKey(userId, contextOverridesOrSessionKey, profileSignature
     if (typeof contextOverridesOrSessionKey === 'string') {
         const sessionKey = contextOverridesOrSessionKey;
         if (profileSignature) {
-            return `${normalizeUserId(userId)}::${sessionKey}::${profileSignature}`;
+            return `p:${encodeKeyComponent(normalizeUserId(userId))}:${encodeKeyComponent(sessionKey)}:${encodeKeyComponent(profileSignature)}`;
         }
-        return `${normalizeUserId(userId)}::${sessionKey}`;
+        return `s:${encodeKeyComponent(normalizeUserId(userId))}:${encodeKeyComponent(sessionKey)}`;
     }
     // Old signature: (userId, contextOverrides) - backward compatibility
     // This maintains the user-scoped behavior for existing routes
     void contextOverridesOrSessionKey;
-    return normalizeUserId(userId);
+    return userSessionMapKey(userId);
 }
 function getEstablishedSessionProfile(userId, sessionKey) {
     return sessionProfiles.get(sessionOverlayKey(userId, sessionKey));
 }
+function hasDefaultSessionProfileRuntime(userId, sessionKey) {
+    const key = normalizeUserId(userId);
+    if (defaultSessionProfileClaims.has(sessionOverlayKey(key, sessionKey)))
+        return true;
+    const defaultSession = sessions.get(userSessionMapKey(key));
+    return defaultSession?.tabGroups.has(sessionKey) ?? false;
+}
+function claimDefaultSessionProfileRuntime(userId, sessionKey) {
+    if (getEstablishedSessionProfile(userId, sessionKey))
+        return false;
+    if (hasDefaultSessionProfileRuntime(userId, sessionKey))
+        return false;
+    const key = normalizeUserId(userId);
+    defaultSessionProfileClaims.set(sessionOverlayKey(key, sessionKey), { userId: key, sessionKey });
+    return true;
+}
+function clearDefaultSessionProfileClaim(userId, sessionKey) {
+    defaultSessionProfileClaims.delete(sessionOverlayKey(userId, sessionKey));
+}
+function contextOverridesFromProfile(profile) {
+    const overrides = {};
+    if (profile.locale !== undefined)
+        overrides.locale = profile.locale;
+    if (profile.timezoneId !== undefined)
+        overrides.timezoneId = profile.timezoneId;
+    if (profile.geolocation !== undefined)
+        overrides.geolocation = profile.geolocation;
+    if (profile.viewport !== undefined)
+        overrides.viewport = profile.viewport;
+    return Object.keys(overrides).length > 0 ? overrides : null;
+}
+function getSessionProfileLaunchSettings(userId, profileKey) {
+    const key = normalizeUserId(userId);
+    if (profileKey === userSessionMapKey(key)) {
+        const canonical = canonicalProfiles.get(key);
+        return canonical ? { contextOverrides: canonical.resolvedOverrides, proxy: null } : undefined;
+    }
+    for (const profile of sessionProfiles.values()) {
+        if (profile.userId !== key)
+            continue;
+        if (getSessionMapKey(key, profile.sessionKey, profile.signature) !== profileKey)
+            continue;
+        return {
+            contextOverrides: contextOverridesFromProfile(profile.resolvedProfile),
+            proxy: profile.resolvedProfile.proxy,
+        };
+    }
+    return undefined;
+}
+function resolveRuntimeSessionProfile(userId, sessionKey, contextOverrides) {
+    const userKey = normalizeUserId(userId);
+    if (!sessionKey) {
+        return {
+            sessionMapKey: userSessionMapKey(userKey),
+            profileKey: userSessionMapKey(userKey),
+            contextOverrides,
+            resolvedProxy: null,
+        };
+    }
+    const established = getEstablishedSessionProfile(userId, sessionKey);
+    if (!established) {
+        return {
+            sessionMapKey: userSessionMapKey(userKey),
+            profileKey: userSessionMapKey(userKey),
+            contextOverrides,
+            resolvedProxy: null,
+        };
+    }
+    const profileKey = getSessionMapKey(userId, sessionKey, established.signature);
+    return {
+        sessionMapKey: profileKey,
+        profileKey,
+        contextOverrides: contextOverridesFromProfile(established.resolvedProfile),
+        resolvedProxy: established.resolvedProfile.proxy,
+    };
+}
 function getCanonicalProfile(userId) {
     return canonicalProfiles.get(normalizeUserId(userId));
 }
@@ -310,12 +480,67 @@ function clearSessionProfile(userId, sessionKey) {
     const key = sessionOverlayKey(userId, sessionKey);
     sessionProfiles.delete(key);
 }
+function acquireSessionProfileCreateMutex(userId, sessionKey, signature) {
+    const key = sessionOverlayKey(userId, sessionKey);
+    const existing = sessionProfileCreateMutexes.get(key);
+    if (existing) {
+        return { acquired: false, wait: existing.promise };
+    }
+    let resolve;
+    const promise = new Promise((r) => {
+        resolve = r;
+    });
+    const mutex = {
+        userId: normalizeUserId(userId),
+        sessionKey,
+        signature,
+        promise,
+        resolve,
+    };
+    sessionProfileCreateMutexes.set(key, mutex);
+    let released = false;
+    return {
+        acquired: true,
+        release: (committed) => {
+            if (released)
+                return;
+            released = true;
+            const current = sessionProfileCreateMutexes.get(key);
+            if (current === mutex) {
+                current.resolve(committed);
+                sessionProfileCreateMutexes.delete(key);
+            }
+        },
+    };
+}
+async function waitForSessionProfileCreate(userId, sessionKey) {
+    const pending = sessionProfileCreateMutexes.get(sessionOverlayKey(userId, sessionKey));
+    if (pending) {
+        await pending.promise.catch(() => false);
+    }
+}
+async function rollbackSessionProfileRuntime(userId, sessionKey, profileSignature) {
+    const overlayKey = sessionOverlayKey(userId, sessionKey);
+    const existingProfile = sessionProfiles.get(overlayKey);
+    if (existingProfile?.signature === profileSignature) {
+        sessionProfiles.delete(overlayKey);
+    }
+    const sessionMapKey = getSessionMapKey(userId, sessionKey, profileSignature);
+    const session = sessions.get(sessionMapKey);
+    if (session) {
+        unindexSessionTabs(session);
+        sessions.delete(sessionMapKey);
+    }
+    sessionOwners.delete(sessionMapKey);
+    launchingSessions.delete(sessionMapKey);
+    launchingSessionOwners.delete(sessionMapKey);
+    await context_pool_1.contextPool.closeContext(sessionMapKey).catch(() => { });
+}
 function getSessionsForUser(userId) {
     if (userId === undefined || userId === null)
         return [];
     const key = normalizeUserId(userId);
-    const session = sessions.get(key);
-    return session ? [[key, session]] : [];
+    return Array.from(sessions.entries()).filter(([sessionKey]) => isSessionMapKeyForUser(sessionKey, key));
 }
 function getAllSessions() {
     return sessions;
@@ -374,7 +599,7 @@ function findTabById(tabId, userId) {
     const key = normalizeUserId(userId);
     const indexedKey = tabSessionIndex.get(tabId);
     if (indexedKey) {
-        if (indexedKey !== key) {
+        if (!isSessionMapKeyForUser(indexedKey, key)) {
             return null;
         }
         const session = sessions.get(indexedKey);
@@ -385,17 +610,18 @@ function findTabById(tabId, userId) {
         }
         tabSessionIndex.delete(tabId);
     }
-    const session = sessions.get(key);
+    const defaultSessionKey = userSessionMapKey(key);
+    const session = sessions.get(defaultSessionKey);
     if (!session)
         return null;
     const found = findTab(session, tabId);
     if (found) {
-        tabSessionIndex.set(tabId, key);
-        return { sessionKey: key, session, ...found };
+        tabSessionIndex.set(tabId, defaultSessionKey);
+        return { sessionKey: defaultSessionKey, session, ...found };
     }
     return null;
 }
-function buildBrowserContextOptions(contextOverrides) {
+function buildBrowserContextOptions(contextOverrides, hasSessionProxy = false) {
     const resolved = contextOverrides || {};
     const contextOptions = {
         viewport: resolved.viewport || { width: 1280, height: 720 },
@@ -407,22 +633,21 @@ function buildBrowserContextOptions(contextOverrides) {
             contextOverrides.geolocation !== undefined));
     // With proxy+geoip, camoufox auto-configures locale/timezone/geo from proxy IP.
     // If caller explicitly supplies overrides, apply them even when proxy is active.
-    if (!CONFIG.proxy.host || hasOverrides) {
+    if ((!CONFIG.proxy.host && !hasSessionProxy) || hasOverrides) {
         contextOptions.locale = resolved.locale || 'en-US';
         contextOptions.timezoneId = resolved.timezoneId || 'America/Los_Angeles';
         contextOptions.geolocation = resolved.geolocation || { latitude: 37.7749, longitude: -122.4194 };
     }
     return contextOptions;
 }
-async function createStagedSession(userId, contextOverrides) {
-    const key = normalizeUserId(userId);
+async function createStagedSession(userId, contextOverrides, sessionKey) {
+    const runtimeProfile = resolveRuntimeSessionProfile(userId, sessionKey, contextOverrides);
     if (context_pool_1.contextPool.size() >= exports.MAX_SESSIONS) {
         throw new Error('Maximum concurrent sessions reached');
     }
     const generation = node_crypto_1.default.randomUUID();
-    const contextOptions = buildBrowserContextOptions(contextOverrides);
-    // For backward compatibility, use userId as profileKey when no session profile is provided
-    const entry = await context_pool_1.contextPool.ensureContext(key, key, contextOptions, null, true, generation);
+    const contextOptions = buildBrowserContextOptions(runtimeProfile.contextOverrides, !!runtimeProfile.resolvedProxy);
+    const entry = await context_pool_1.contextPool.ensureContext(runtimeProfile.profileKey, normalizeUserId(userId), contextOptions, runtimeProfile.resolvedProxy, true, generation);
     const session = {
         context: entry.context,
         tabGroups: new Map(),
@@ -432,7 +657,7 @@ async function createStagedSession(userId, contextOverrides) {
 }
 function commitStagedFirstUse(userId, session, contextOverrides, tabInfo, generation) {
     const key = normalizeUserId(userId);
-    const entry = context_pool_1.contextPool.getEntry(key);
+    const entry = context_pool_1.contextPool.getEntry(tabInfo.sessionMapKey);
     if (!entry || entry.stagedGeneration !== generation)
         return false;
     if (!firstCreateMutexes.has(key) || canonicalProfiles.has(key)) {
@@ -441,7 +666,8 @@ function commitStagedFirstUse(userId, session, contextOverrides, tabInfo, genera
     session.lastAccess = Date.now();
     const group = getTabGroup(session, tabInfo.sessionKey);
     group.set(tabInfo.tabId, tabInfo.tabState);
-    sessions.set(key, session);
+    sessions.set(tabInfo.sessionMapKey, session);
+    sessionOwners.set(tabInfo.sessionMapKey, key);
     entry.staged = false;
     entry.stagedGeneration = undefined;
     indexTab(tabInfo.tabId, tabInfo.sessionMapKey);
@@ -450,24 +676,27 @@ function commitStagedFirstUse(userId, session, contextOverrides, tabInfo, genera
 }
 async function rollbackStagedFirstUse(userId, generation) {
     const key = normalizeUserId(userId);
-    const entry = context_pool_1.contextPool.getEntry(key);
-    if (!(entry?.staged === true && entry.stagedGeneration === generation))
-        return;
     try {
-        (0, download_1.cleanupUserDownloads)(key);
+        try {
+            (0, download_1.cleanupUserDownloads)(key);
+        }
+        catch {
+            // ignore cleanup errors
+        }
+        await context_pool_1.contextPool.closeStagedContextByUserId(key, generation);
     }
-    catch {
-        // ignore cleanup errors
+    finally {
+        rollbackCanonicalMutex(userId);
     }
-    await context_pool_1.contextPool.closeStagedContext(key, generation);
-    rollbackCanonicalMutex(userId);
 }
-async function getSession(userId, contextOverrides) {
+async function getSession(userId, contextOverrides, sessionKey) {
     const key = normalizeUserId(userId);
-    let session = sessions.get(key);
-    const contextOptions = buildBrowserContextOptions(contextOverrides);
+    await waitForLifecycleIdleClosure(key);
+    const runtimeProfile = resolveRuntimeSessionProfile(userId, sessionKey, contextOverrides);
+    let session = sessions.get(runtimeProfile.sessionMapKey);
+    const contextOptions = buildBrowserContextOptions(runtimeProfile.contextOverrides, !!runtimeProfile.resolvedProxy);
     if (!session) {
-        const existingLaunch = launchingSessions.get(key);
+        const existingLaunch = launchingSessions.get(runtimeProfile.sessionMapKey);
         if (existingLaunch) {
             session = await existingLaunch;
             session.lastAccess = Date.now();
@@ -477,25 +706,29 @@ async function getSession(userId, contextOverrides) {
             throw new Error('Maximum concurrent sessions reached');
         }
         const launchPromise = (async () => {
-            const entry = await context_pool_1.contextPool.ensureContext(key, key, contextOptions);
+            const entry = await context_pool_1.contextPool.ensureContext(runtimeProfile.profileKey, key, contextOptions, runtimeProfile.resolvedProxy);
             const created = { context: entry.context, tabGroups: new Map(), lastAccess: Date.now() };
-            sessions.set(key, created);
-            (0, logging_1.log)('info', 'session created', { userId: key });
+            sessions.set(runtimeProfile.sessionMapKey, created);
+            sessionOwners.set(runtimeProfile.sessionMapKey, key);
+            (0, logging_1.log)('info', 'session created', { userId: key, sessionMapKey: runtimeProfile.sessionMapKey });
             return created;
         })();
-        launchingSessions.set(key, launchPromise);
+        launchingSessionOwners.set(runtimeProfile.sessionMapKey, key);
+        launchingSessions.set(runtimeProfile.sessionMapKey, launchPromise);
         try {
             session = await launchPromise;
         }
         finally {
-            launchingSessions.delete(key);
+            launchingSessions.delete(runtimeProfile.sessionMapKey);
+            launchingSessionOwners.delete(runtimeProfile.sessionMapKey);
         }
     }
     else {
         // Re-resolve context on each access; ContextPool de-dupes launches and detects unexpected closes.
-        const entry = await context_pool_1.contextPool.ensureContext(key, key, contextOptions);
+        const entry = await context_pool_1.contextPool.ensureContext(runtimeProfile.profileKey, key, contextOptions, runtimeProfile.resolvedProxy);
         session.context = entry.context;
         session.lastAccess = Date.now();
+        sessionOwners.set(runtimeProfile.sessionMapKey, key);
     }
     // For newly created sessions, lastAccess/context are already set.
     session.lastAccess = Date.now();
@@ -510,38 +743,56 @@ function unindexTab(tabId) {
 }
 function clearAllState() {
     sessions.clear();
+    sessionOwners.clear();
+    launchingSessions.clear();
+    launchingSessionOwners.clear();
     tabSessionIndex.clear();
     canonicalProfiles.clear();
     sessionProfiles.clear();
+    defaultSessionProfileClaims.clear();
+    for (const [, mutex] of sessionProfileCreateMutexes)
+        mutex.resolve(false);
+    sessionProfileCreateMutexes.clear();
+    for (const [, state] of lifecycleIdleClosures)
+        state.resolve();
+    lifecycleIdleClosures.clear();
     for (const [, mutex] of firstCreateMutexes)
         mutex.resolve(false);
     firstCreateMutexes.clear();
     (0, tab_1.clearAllTabLocks)();
     userConcurrency.clear();
 }
-async function closeSessionsForUser(userId) {
+async function closeSessionsForUser(userId, options = {}) {
     const key = normalizeUserId(userId);
     await context_pool_1.contextPool.closeStagedContextByUserId(key).catch(() => { });
     await context_pool_1.contextPool.closeContextByUserId(key).catch(() => { });
-    cleanupSessionsForUserId(key, 'explicit_close');
+    cleanupSessionsForUserId(key, 'explicit_close', options.clearProfiles ?? true, { allowInternalSessionKey: false });
 }
 async function closeAllSessions() {
     await context_pool_1.contextPool.closeAll().catch(() => { });
-    for (const [userId, session] of sessions) {
-        void (0, vnc_1.stopVnc)(userId).catch(() => { });
+    for (const [sessionKey, session] of sessions) {
+        const ownerUserId = sessionOwners.get(sessionKey) ?? sessionKey;
+        void (0, vnc_1.stopVnc)(ownerUserId).catch(() => { });
         unindexSessionTabs(session);
-        sessions.delete(userId);
-        (0, tracing_1.cleanupTracing)(userId);
+        sessions.delete(sessionKey);
+        sessionOwners.delete(sessionKey);
+        (0, tracing_1.cleanupTracing)(ownerUserId);
         try {
-            (0, download_1.cleanupUserDownloads)(userId);
+            (0, download_1.cleanupUserDownloads)(ownerUserId);
         }
         catch {
             // ignore
         }
     }
     launchingSessions.clear();
+    launchingSessionOwners.clear();
+    sessionOwners.clear();
     canonicalProfiles.clear();
     sessionProfiles.clear();
+    defaultSessionProfileClaims.clear();
+    for (const [, mutex] of sessionProfileCreateMutexes)
+        mutex.resolve(false);
+    sessionProfileCreateMutexes.clear();
     for (const [, mutex] of firstCreateMutexes)
         mutex.resolve(false);
     firstCreateMutexes.clear();
@@ -554,12 +805,15 @@ function startCleanupInterval() {
         const now = Date.now();
         for (const [sessionKey, session] of sessions) {
             if (now - session.lastAccess > exports.SESSION_TIMEOUT_MS) {
+                const ownerUserId = sessionOwners.get(sessionKey) ?? sessionKey;
                 // Persistent profile is preserved on disk; closing the context frees resources.
-                context_pool_1.contextPool.closeContextByUserId(sessionKey).catch(() => { });
+                context_pool_1.contextPool.closeContext(sessionKey).catch(() => { });
                 unindexSessionTabs(session);
+                clearDefaultSessionProfileClaimsForUser(ownerUserId);
                 sessions.delete(sessionKey);
-                (0, tracing_1.cleanupTracing)(sessionKey);
-                (0, logging_1.log)('info', 'session expired', { userId: sessionKey });
+                sessionOwners.delete(sessionKey);
+                (0, tracing_1.cleanupTracing)(ownerUserId);
+                (0, logging_1.log)('info', 'session expired', { userId: ownerUserId, sessionKey });
             }
         }
     }, 60_000);
@@ -582,46 +836,48 @@ function stopCleanupInterval() {
 async function runLifecycleIdleCleanup(sessionSnapshot, contextSnapshot, cleanupStartedMs) {
     const closedUsers = [];
     // Use the provided snapshots to avoid race with new context creation
-    const usersToCleanup = new Set();
-    for (const [userId, session] of sessionSnapshot.entries()) {
-        const tabCount = countTotalTabsForSessions([[userId, session]]);
+    const sessionKeysToCleanup = new Set();
+    for (const [sessionKey, session] of sessionSnapshot.entries()) {
+        const tabCount = countTotalTabsForSessions([[sessionKey, session]]);
         // Only cleanup sessions with zero tabs
         if (tabCount === 0) {
-            usersToCleanup.add(userId);
+            sessionKeysToCleanup.add(sessionKey);
         }
     }
     // Close only the specific contexts from the snapshot that were created before cleanup started
     const contextsToClose = [];
     for (const [profileKey, entry] of contextSnapshot.entries()) {
         // Skip staged, launching, or newly-created contexts
-        if (usersToCleanup.has(entry.userId) && !entry.staged && !entry.launching && entry.createdAt < cleanupStartedMs) {
+        if (sessionKeysToCleanup.has(profileKey) && !entry.staged && !entry.launching && entry.createdAt < cleanupStartedMs) {
             contextsToClose.push({ profileKey, createdAt: entry.createdAt, lastAccess: entry.lastAccess });
         }
     }
     // Close the specific contexts from the snapshot
-    const actuallyClosedUsers = new Set();
+    const actuallyClosedSessionKeys = new Set();
     for (const { profileKey, createdAt, lastAccess } of contextsToClose) {
+        const entry = contextSnapshot.get(profileKey);
+        const releaseIdleClosure = entry ? beginLifecycleIdleClosure(entry.userId) : null;
         try {
             await context_pool_1.contextPool.closeContextIfMatches(profileKey, createdAt, lastAccess);
             // Verify the context was actually closed (not skipped due to reuse)
             const stillExists = context_pool_1.contextPool.getEntry(profileKey);
             if (!stillExists) {
-                // Context was actually closed, mark user for session cleanup
-                const entry = contextSnapshot.get(profileKey);
-                if (entry) {
-                    actuallyClosedUsers.add(entry.userId);
-                }
+                // Context was actually closed, mark this exact session/profile key for cleanup.
+                actuallyClosedSessionKeys.add(profileKey);
             }
         }
         catch (err) {
             const message = err instanceof Error ? err.message : String(err);
             (0, logging_1.log)('error', 'idle cleanup failed to close context', { profileKey, error: message });
         }
+        finally {
+            releaseIdleClosure?.();
+        }
     }
-    // Clean up session data ONLY for users whose contexts were actually closed
-    for (const userId of actuallyClosedUsers) {
-        cleanupSessionsForUserId(userId, 'idle_cleanup', false);
-        closedUsers.push(userId);
+    // Clean up session data ONLY for session/profile keys whose contexts were actually closed.
+    for (const sessionKey of actuallyClosedSessionKeys) {
+        cleanupSessionsForUserId(sessionKey, 'idle_cleanup', false);
+        closedUsers.push(sessionKey);
     }
     return { closedUsers };
 }