fix(browser): add diagnostic logging for container readiness failures

[penso]

Summary

• When a browser container fails readiness checks, logs now include: container status (running/exited/OOM-killed), Chrome's own logs from inside the container, the full docker run command, and the container_host being probed
• Detects when Moltis is running inside a container and warns the user to set browser.container_host to host.docker.internal — the exact fix for the Docker-in-Docker networking issue in [Bug]: Browser container fails to become ready within 60s #786
• Adds container_host to existing startup and failure log lines for visibility

Closes #786

Validation

Completed

• cargo check -p moltis-browser
• cargo test -p moltis-browser — 86 tests pass
• cargo clippy -p moltis-browser -- -D warnings
• cargo +nightly-2025-11-30 fmt --all -- --check

Remaining

• ./scripts/local-validate.sh

Manual QA

1. Run Moltis inside Docker with a mounted Docker socket (the reporter's setup)
2. Ask the agent to use the browser tool
3. When the container fails readiness, verify the logs now show:
   • container_host="127.0.0.1" in the startup log
   • Container status and Chrome logs after timeout
   • Warning: "moltis appears to be running inside a container — set browser.container_host to host.docker.internal"
4. Set browser.container_host = "host.docker.internal" in moltis.toml and verify browser works

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR adds structured diagnostic logging for browser container readiness failures — surfacing container status, Chrome logs, the full docker run command, and a Docker-in-Docker networking hint — and removes --rm in favour of explicit rm in stop_container_by_id so that logs and state are still available when Chrome crashes.

All three concerns raised in the previous review round (--rm lifecycle, unchecked output.status.success() in log fetching, Apple Container --tail guard) are cleanly addressed in this iteration.

Confidence Score: 5/5

Safe to merge — diagnostic-only additions with no changes to the happy-path launch logic.

All three P1/P2 concerns from the previous review round are resolved: --rm removed so crash state is preserved, output.status.success() checked in fetch_container_logs, and the Apple Container --tail guard is in place. No new logic bugs introduced. The browserless env vars logged in the docker run command are all non-sensitive (TIMEOUT, MAX_CONCURRENT_SESSIONS, PREBOOT_CHROME).

No files require special attention.

Important Files Changed

Filename	Overview
crates/browser/src/container.rs	Adds fetch_container_logs, inspect_container_status, and is_running_in_container helpers; removes --rm from docker run args; adds explicit rm in stop_container_by_id for all backends; emits container_host in log fields and a DinD warning on failure. All previous review concerns addressed.
crates/browser/src/pool.rs	Adds an info! log before spawn_blocking capturing session_id, image, container_host, profile_dir, and session_timeout_ms. Straightforward observability improvement with no logic changes.

Sequence Diagram

sequenceDiagram
    participant Pool as BrowserPool
    participant C as container.rs
    participant RT as Container Runtime
    participant Chrome as Chrome/Browserless

    Pool->>C: BrowserContainer::start_with_backend()
    C->>RT: docker run -d (no --rm)
    RT-->>C: container_id
    C->>C: log "browser container run command" (full args)
    C->>Chrome: wait_for_ready() — poll /json/version up to 60s

    alt Chrome ready
        Chrome-->>C: HTTP 200
        C-->>Pool: Ok(BrowserContainer)
    else Timeout / failure
        C->>RT: fetch_container_logs() — docker logs --tail 50
        RT-->>C: stdout + stderr
        C->>RT: inspect_container_status() — docker inspect --format
        RT-->>C: Status (running/exited/OOMKilled)
        C->>C: warn container_status, container_host, error
        C->>C: warn container logs
        C->>C: is_running_in_container()? warn DinD hint
        C->>RT: stop_container_by_id() → docker stop + docker rm
        C-->>Pool: Err(error)
    end

Loading

_{Reviews (2): Last reviewed commit: "fix(browser): address PR review — preser..." | Re-trigger Greptile}

[codspeed-hq]

Merging this PR will not alter performance

✅ 39 untouched benchmarks
⏩ 5 skipped benchmarks¹

---

_{Comparing jet-gopher (0a6bf21) with main (0675589)²}

Footnotes

1. 5 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on main (996b8f3) during the generation of this report, so 0675589 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[codecov]

Codecov Report

❌ Patch coverage is 0% with 73 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
crates/browser/src/container.rs	0.00%	72 Missing ⚠️
crates/browser/src/pool.rs	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[penso]

@greptile review