Track removal of downstream OpenClaw trusted env-proxy DNS workaround

[cluster2600]

Summary

NemoClaw currently carries a downstream OpenClaw patch to make web_search and web_fetch work in OpenShell proxy-only sandboxes where local DNS is unavailable.

The underlying bug is upstream in OpenClaw: trusted env-proxy mode still performs local DNS resolution before switching to EnvHttpProxyAgent, so requests fail with getaddrinfo EAI_AGAIN before they ever reach the trusted proxy.

Why this issue exists

NemoClaw should not keep carrying a Dockerfile patch indefinitely for upstream fetch-guard behaviour. We need a tracking issue so the downstream workaround is removed once the upstream fix is merged and released.

Current downstream behaviour

• NemoClaw patches the packaged OpenClaw fetch-guard runtime during image build.
• This avoids local DNS pinning when trusted env-proxy mode is active.
• The workaround has been verified in the live OpenShell sandbox environment.

Done when

• Upstream OpenClaw issue and PR are linked here.
• NemoClaw updates to an upstream OpenClaw release that contains the fix.
• The downstream Dockerfile/runtime patch is removed.
• A regression check confirms web_search and a normal follow-up reply both work in the same proxy-only sandbox session.

[cluster2600]

Upstream tracking:

• OpenClaw issue: [Bug]: trusted env-proxy web_search and web_fetch still fail with EAI_AGAIN in v2026.3.31 openclaw/openclaw#59005
• OpenClaw PR: fix(net): skip DNS pinning before trusted env proxy dispatch openclaw/openclaw#59007

We can drop the downstream runtime patch once an upstream release includes that PR and the proxy-only sandbox regression is rechecked end to end.

[prekshivyas]

Update: The upstream fix has merged and shipped.

• [Bug]: trusted env-proxy web_search and web_fetch still fail with EAI_AGAIN in v2026.3.31 openclaw/openclaw#59005 — closed April 8
• fix(net): skip DNS pinning before trusted env proxy dispatch openclaw/openclaw#59007 — merged April 8
• First release containing the fix: v2026.4.9 (April 9)
• Latest stable release: v2026.4.14 (April 14)

NemoClaw is currently pinned to OPENCLAW_VERSION=2026.4.2 in Dockerfile.base, which predates the fix. Remaining steps to close this issue:

1. Bump OPENCLAW_VERSION in Dockerfile.base to >=2026.4.9
2. Remove the downstream DNS workaround patch
3. Run e2e verification on proxy-only sandboxes to confirm web_search / web_fetch work without the patch

[davidglogan]

Still reproducing on NemoClaw v0.0.18 (upgraded 2026-04-17). Posting fresh evidence since the downstream workaround this issue tracks is clearly still load-bearing.

Environment

• NemoClaw v0.0.18 (upgraded today from v0.0.17)
• OpenShell v0.0.26
• OpenClaw v2026.4.2
• Sandbox: my-assistant on DietPi/Linux (x86_64), MicroK8s
• Inference: compatible-endpoint to a LAN Ollama (gemma4:26b)
• Default policy / egress preset (no custom presets applied)

Repro (v0.0.18)

openshell sandbox exec -n my-assistant --no-tty -- \
  openclaw agent --agent main -m 'Use the web_search tool to search for: openai. Tell me exactly what error you got.' --json 2>/dev/null \
  | grep -oE '"text":\s*"[^"]+"'

"text": "The error I received was: `getaddrinfo EAI_AGAIN html.duckduckgo.com`"

Same failure on every call. Also reproducible from the TUI and the GUI dashboard — each web-search attempt by the agent surfaces as:

{"status": "error", "tool": "web_search", "error": "getaddrinfo EAI_AGAIN html.duckduckgo.com"}

Source confirmation (from a clone of openclaw/openclaw)

The endpoint is hardcoded:

// openclaw/extensions/duckduckgo/src/ddg-client.ts:18
const DDG_HTML_ENDPOINT = "https://html.duckduckgo.com/html";

No config knob, no provider abstraction at this layer. So any install where the egress proxy doesn't allow-list html.duckduckgo.com — which is the default for NemoClaw — will fail on every web_search call.

Broader user-visible impact

The tool ships as a hardcoded-to-DuckDuckGo built-in, but no default egress preset in nemoclaw-blueprint/policies/presets/ allow-lists duckduckgo.com. On every default install, web_search is a broken first-choice tool for any web query. Agents (at least gemma4:26b) then fall through to web_fetch (proxy 403 on most non-allow-listed hosts), then to sessions_spawn sub-agents (which themselves hit the same web_search → EAI_AGAIN path and time out at 1m0s with empty output), and eventually stall entirely. We captured four clean failure sequences today in the same session.

Why this is a comment on #1252 and not a new filing

This issue tracks the root cause — the trusted env-proxy DNS behaviour upstream in OpenClaw — and the downstream workaround that NemoClaw has been carrying. We're not filing a duplicate. Just adding fresh v0.0.18 evidence that the workaround is still doing real work, and a source cite in case it helps narrow the fix scope.

Suggested near-term fix (independent of the upstream OpenClaw DNS fix)

Several low-risk-for-downstream options:

1. Disable web_search by default when no working egress backend is configured, and surface a clear "this tool requires an egress preset to function" message.
2. Ship a default duckduckgo / websearch preset in nemoclaw-blueprint/policies/presets/ so html.duckduckgo.com is allow-listed out of the box.
3. Make the endpoint provider-pluggable in ddg-client.ts, so a SearXNG or other backend can be swapped via config rather than requiring a custom skill + exec detour.
4. Document that web_search is non-functional on a default install until the operator applies an egress preset for html.duckduckgo.com (e.g., a custom preset) or swaps providers via a custom skill.

Related

• [Bug] OpenShell egress proxy "failed to resolve peer binary" — blocks all new CONNECT tunnels including Telegram #1471 (egress proxy "peer binary" DNS resolution, different mechanism)
• fix: inference.local does not resolve inside sandbox on macOS (Docker Desktop) #1058 (inference.local DNS on macOS, different layer)
• A separate filing coming shortly on the subagent-timeout + fabrication cascade that sits downstream of this one

Happy to attach nemoclaw debug --output <file>.tgz if useful.