Skip to content

fix(terminal): agent-browser cleanup handles agents that relocate the socket dir (v0.227.2)#378

Merged
vikasprogrammer merged 1 commit into
mainfrom
feat/browser-cleanup-socketdir
Jul 17, 2026
Merged

fix(terminal): agent-browser cleanup handles agents that relocate the socket dir (v0.227.2)#378
vikasprogrammer merged 1 commit into
mainfrom
feat/browser-cleanup-socketdir

Conversation

@vikasprogrammer

Copy link
Copy Markdown
Owner

Follow-up to #377 (v0.227.1), caught by end-to-end testing on a real qa session.

The gap

v0.227.1's exit trap ran agent-browser close --all scoped to the session's AGENT_BROWSER_NAMESPACE. But close --all keys off the socket dir, not the namespace — verified live:

  • close --all with namespace only → "No active sessions", daemon survives.
  • close --all with the socket dir → "✓ Closed session", daemon dies.

And the agents that actually use the browser (qa/engineer/site-porter/website-bot) export a custom AGENT_BROWSER_SOCKET_DIR to a writable per-session dir, because their real HOME is read-only under systemd ProtectHome (it's in their CLAUDE.md). So the trap's plain close --all — which only had the server's default socket dir — missed their daemons entirely. The 0.227.1 fix was ineffective for exactly the agents that leak.

The fix (terminal/claude-launch.sh)

The daemon reliably inherits AGENT_BROWSER_NAMESPACE=aos-<session-id> in its environ even when the agent overrides the socket dir (verified). So the trap now:

  1. runs a plain close --all first (covers default-socket-dir daemons / macOS), then
  2. on Linux, finds this session's daemons via pgrep + matching AGENT_BROWSER_NAMESPACE in /proc/<pid>/environ, recovers each one's own AGENT_BROWSER_SOCKET_DIR from that environ, and runs close --all scoped to it — with a SIGTERM straggler fallback.

Still namespace-scoped, so it never touches another live session's browser. This stays a root-cause, session-owned cleanup at teardown (not a background GC) — it only ever targets the session's own namespace, at the session's own exit.

Verification

  • Reproduced the miss: namespace-only close --all leaves a custom-socket-dir daemon alive.
  • Confirmed the recovery path: match by namespace → recover socket dir from environ → close --alldaemon gone, "closed cleanly".
  • npm run build ✓ · npm run test:governance68/68 ✓ · bash -n claude-launch.sh
  • Deterministic on-box integration test to follow after deploy.

🤖 Generated with Claude Code

… socket dir (v0.227.2)

Follow-up to v0.227.1. End-to-end testing on a real qa session showed the exit trap
was ineffective for the agents that actually leak: `agent-browser close --all` keys
off the SOCKET DIR, not the namespace, and qa/engineer/site-porter/website-bot export
a custom AGENT_BROWSER_SOCKET_DIR to a writable per-session dir (real HOME is read-only
under systemd ProtectHome). So the trap's plain close --all (which only had the server's
default socket dir) found "No active sessions" and left the daemon running.

The trap now finds THIS session's daemons by the AGENT_BROWSER_NAMESPACE they reliably
inherit, recovers each one's own AGENT_BROWSER_SOCKET_DIR from its /proc environ, and
closes it scoped to that (SIGTERM straggler fallback). Namespace-scoped, so it never
touches another session's browser; the plain close --all runs first for the
default-socket-dir / macOS case. Verified against a real custom-socket-dir daemon.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019zMSbnPEbqSVPGLasTKENp
@vikasprogrammer
vikasprogrammer merged commit 596a7be into main Jul 17, 2026
1 check passed
@vikasprogrammer
vikasprogrammer deleted the feat/browser-cleanup-socketdir branch July 17, 2026 17:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant