Summary

• Problem: When the browser tool can’t talk to the browser control service, the current messaging can over-suggest restarting the gateway.
• Why it matters: During intermittent browser-control failures this can contribute to disruptive restart loops; additionally, when browser control is disabled in config the error is currently misleading (presented as a reachability failure).
• What changed: Improve error classification + operator guidance for browser fetch failures; add unit tests to lock behavior.
• What did NOT change (scope boundary): No changes to browser control service implementation/enablement logic; no changes to routing/dispatcher behavior beyond messaging.

Change Type (select all)

• Bug fix
• Feature
• Refactor
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes #
• Related #

User-visible / Behavior Changes

• When browser control is disabled, errors now clearly state it’s a config/enablement issue (not “can’t reach service”).
• For local browser-tool failures, operator hint is less disruptive: check enablement/running first, restart gateway only if needed.

Security Impact (required)

• New permissions/capabilities? (No)
• Secrets/tokens handling changed? (No)
• New/changed network calls? (No)
• Command/tool execution surface changed? (No)
• Data access scope changed? (No)
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: macOS (local dev)
• Runtime/container: N/A
• Model/provider: N/A
• Integration/channel (if any): N/A
• Relevant config (redacted): browser control disabled scenario

Steps

1. Call fetchBrowserJson("/") while browser control is disabled.
2. Call fetchBrowserJson("http://127.0.0.1:18888/", { timeoutMs: 5 }) with an aborting timeout.

Expected

• Disabled browser control surfaces a clear “browser control is disabled” config message.
• Timeout path includes the model-facing “Do NOT retry the browser tool” guidance.

Actual

• Matches expected (covered by unit tests below).

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Local unit test:

bunx vitest run --config vitest.unit.config.ts src/browser/client-fetch.error-hints.test.ts

Human Verification (required)

• Verified scenarios:
  • Browser control disabled produces config-specific error (not reachability wrapper)
  • Absolute URL timeout produces non-retry guidance
• Edge cases checked:
  • Local vs absolute URL error-hint paths
• What I did not verify:
  • Full end-to-end browser tool execution against a live browser control service

Compatibility / Migration

• Backward compatible? (Yes)
• Config/env changes? (No)
• Migration needed? (No)

Failure Recovery (if this breaks)

• How to disable/revert this change quickly:
  • Revert the PR / commit(s) affecting src/browser/client-fetch.ts
• Known bad symptoms reviewers should watch for:
  • Browser tool failures no longer include useful operator guidance
  • Error messages regress to misleading “can’t reach service” for disabled config

Risks and Mitigations

• Risk: Error-message wording changes could break brittle string-matching in downstream tooling.
  • Mitigation: This is user-facing guidance; behavior is covered with unit tests and can be adjusted if a stable contract is required.

CI note

Current CI failure on this PR appears unrelated to code changes: oven-sh/setup-bun@v2 attempts to download bun-v1.3.9+cf6cdbbba and receives HTTP 404.