Add browser role split decision for mac-5 and mac-7

shared/long-term/decisions/browser-role-split-mac5-mac7.md

@@ -0,0 +1,47 @@
+# Browser Role Split: mac-5 local session control, mac-7 automation worker
+
+Date: 2026-03-18
+Status: accepted
+
+## Decision
+
+Use a split browser strategy in the OpenClaw cluster:
+
+- **mac-5** handles attachment to the local real Chrome session for interactive, signed-in, human-in-the-loop browsing.
+- **mac-7** handles browser automation as the dedicated browser/verification worker for unattended or service-like tasks.
+
+## Rationale
+
+- This matches the stable machine role semantics:
+  - `mac-5 = brain`
+  - `mac-7 = eyes`
+- `existing-session` / `user` is best treated as a local-session attach path, not the default remote-browser path.
+- Remote browser control for automation should be modeled separately from local human session takeover.
+- This separation reduces confusion between:
+  - local `existing-session` / chrome-mcp attach
+  - remote raw CDP (`cdpUrl`) automation
+  - OpenClaw-managed isolated browser profiles
+
+## Operational guidance
+
+### mac-5
+
+Prefer local `user` / `existing-session` profile when the goal is to control the real browser session on mac-5 itself.
+
+### mac-7
+
+Prefer mac-7 as the browser automation host for:
+
+- automated browsing
+- acceptance checks
+- repeatable service-like browser tasks
+- isolated or explicit remote CDP setups when needed
+
+### Cross-machine rule
+
+If mac-5 controls a browser running on mac-7, treat it as a **remote automation** path, not as a local-session attach path.
+
+## Notes
+
+- Do not conflate `existing-session` with raw CDP.
+- For unattended automation, OpenClaw-managed browser or explicit remote CDP is preferred over local-session attach semantics.