Parent/context: #1220. Related: #1249, #1253, #1254.
Problem
The operator reports the Chrome infobar/message that Synapse Chrome Bridge started debugging this browser is still appearing in the already-open normal Chrome browser. That banner changes the browser viewport/layout and throws off AI clicks, so Synapse must automatically prevent it or fail closed before any normal-browser work can trigger it.
Initial root-cause finding
The repo manifest is debugger-free, and the service worker rejects attach-capable commands. However, setup currently checks the live Chrome profile row for stale Synapse active permissions and only records stale nativeMessaging, not stale debugger. A previously-loaded Synapse bridge can therefore still have active_api containing debugger in Chrome profile state and remain capable of triggering the Chrome debugger infobar under the Synapse extension name.
Expected
The normal authenticated Chrome bridge must never have or use debugger/nativeMessaging permission. Setup/health must detect stale live Synapse debugger permission as a fatal repair state, guide cdp_bridge_reload/extension reload, and prevent normal browser commands from proceeding while the stale debugger-capable Synapse bridge is active.
Manual FSV plan
Use real wired mcp__synapse tools only: health/tool surface, act_run_shell profile/policy readback, installer/setup readback, cdp_bridge_reload if available, then cdp_open_tab/cdp_target_info/target_act on the already-open Chrome browser. Before/after SoTs include Chrome profile permission rows, ExtensionSettings policy, health bridge identity/stale fields, visible window/OCR for the infobar text, event log rows, target claims, and cleanup. Edges: stale debugger row detection, clean tabs-only row, malformed/absent profile row, attach-capable command refusal with no Chrome command queued.
No GitHub Actions/CI. Commits must include [skip ci].
Parent/context: #1220. Related: #1249, #1253, #1254.
Problem
The operator reports the Chrome infobar/message that Synapse Chrome Bridge started debugging this browser is still appearing in the already-open normal Chrome browser. That banner changes the browser viewport/layout and throws off AI clicks, so Synapse must automatically prevent it or fail closed before any normal-browser work can trigger it.
Initial root-cause finding
The repo manifest is debugger-free, and the service worker rejects attach-capable commands. However, setup currently checks the live Chrome profile row for stale Synapse active permissions and only records stale nativeMessaging, not stale debugger. A previously-loaded Synapse bridge can therefore still have active_api containing debugger in Chrome profile state and remain capable of triggering the Chrome debugger infobar under the Synapse extension name.
Expected
The normal authenticated Chrome bridge must never have or use debugger/nativeMessaging permission. Setup/health must detect stale live Synapse debugger permission as a fatal repair state, guide cdp_bridge_reload/extension reload, and prevent normal browser commands from proceeding while the stale debugger-capable Synapse bridge is active.
Manual FSV plan
Use real wired mcp__synapse tools only: health/tool surface, act_run_shell profile/policy readback, installer/setup readback, cdp_bridge_reload if available, then cdp_open_tab/cdp_target_info/target_act on the already-open Chrome browser. Before/after SoTs include Chrome profile permission rows, ExtensionSettings policy, health bridge identity/stale fields, visible window/OCR for the infobar text, event log rows, target claims, and cleanup. Edges: stale debugger row detection, clean tabs-only row, malformed/absent profile row, attach-capable command refusal with no Chrome command queued.
No GitHub Actions/CI. Commits must include [skip ci].