Local vLLM host alias is routed through sandbox proxy and denied

[dmbyte]

Description

Local vLLM inference can fail from inside the sandbox because requests to host.openshell.internal are routed through the sandbox HTTP proxy instead of connecting directly to the host-side vLLM service.

Expected behavior: sandbox requests to local inference host aliases such as host.openshell.internal and host.docker.internal bypass HTTP_PROXY via NO_PROXY, while normal provider traffic through https://inference.local/v1 continues to use the OpenShell-managed proxy path.

Actual behavior: with the upstream latest/v0.0.36 startup environment, NO_PROXY includes loopback and the OpenShell proxy host, but not host.openshell.internal. A request to http://host.openshell.internal:8000/v1/models is sent through the policy proxy and denied.

Proposed fix: #3013 adds the local host aliases to the default bypass list, allows NEMOCLAW_NO_PROXY_EXTRA overrides, and fixes the vllm-local default primary model selection.

Reproduction Steps

1. Start a local vLLM OpenAI-compatible server on the host, reachable from the sandbox as http://host.openshell.internal:8000/v1.
2. Start a NemoClaw/OpenClaw sandbox from upstream latest or v0.0.36 with the current default proxy environment.
3. Inside the sandbox, use the upstream-style bypass list:

NO_PROXY="localhost,127.0.0.1,::1,10.200.0.1" \
no_proxy="localhost,127.0.0.1,::1,10.200.0.1" \
curl -sS http://host.openshell.internal:8000/v1/models

Observed response:

{"detail":"GET host.openshell.internal:8000/v1/models not permitted by policy","error":"policy_denied"}

4. Add the host alias to NO_PROXY and repeat:

NO_PROXY="localhost,127.0.0.1,::1,10.200.0.1,host.openshell.internal,host.docker.internal" \
no_proxy="localhost,127.0.0.1,::1,10.200.0.1,host.openshell.internal,host.docker.internal" \
curl -sS http://host.openshell.internal:8000/v1/models

Observed response: vLLM returns the model list successfully.

Environment

• Host: DGX Spark, Ubuntu 24.04, aarch64
• Provider: local vLLM OpenAI-compatible server on host port 8000
• Sandbox endpoint: http://host.openshell.internal:8000/v1
• Compared against upstream latest / v0.0.36
• Local verification used OpenClaw 2026.5.6 and vLLM serving gemma-4-26b-a4b-nvfp4

Debug Output

Not attaching a full debug bundle because the repro is limited to proxy environment routing. The key comparison is:

# upstream-style NO_PROXY: policy_denied
NO_PROXY="localhost,127.0.0.1,::1,10.200.0.1" curl http://host.openshell.internal:8000/v1/models

# with local host aliases in NO_PROXY: succeeds
NO_PROXY="localhost,127.0.0.1,::1,10.200.0.1,host.openshell.internal,host.docker.internal" curl http://host.openshell.internal:8000/v1/models

Logs

{"detail":"GET host.openshell.internal:8000/v1/models not permitted by policy","error":"policy_denied"}

Checklist

• I confirmed this bug is reproducible
• I searched existing issues and this is not a duplicate

[wscurran]

✨ Thanks for submitting this issue that reports a problem with local vLLM inference requests being routed through the sandbox proxy instead of connecting directly to the host-side vLLM service. This issue identifies a bug where the sandbox requests to local inference host aliases such as host.openshell.internal are not bypassing the HTTP_PROXY via NO_PROXY as expected.

---

Related open PRs:

• #3013 fix: support local vLLM inference routing