NemoClaw sandbox: Gemini web_search fails with EAI_AGAIN until Google host + node are allowed, and trusted proxy still does local DNS lookup

[alannguyen1]

NemoClaw sandbox: Gemini web_search fails with getaddrinfo EAI_AGAIN until Google host + node are allowed, and OpenClaw trusted proxy path still performs local DNS lookup

Environment

• Host: macOS Apple Silicon
• Runtime: Docker Desktop
• NemoClaw: current upstream install on 2026-03-19
• Sandbox: my-assistant
• OpenClaw in sandbox: 2026.3.11 (29dc654)
• Inference: NVIDIA managed route via inference.local
• Web search provider: Gemini / Google Search grounding

Summary

Gemini-backed web_search inside a NemoClaw sandbox repeatedly failed with:

[tools] web_search failed: getaddrinfo EAI_AGAIN generativelanguage.googleapis.com

The same Gemini key worked from the host machine, and later also worked from inside the sandbox with a direct node test once the networking path was fixed.

This turned out to be a stacked issue:

1. the default NemoClaw sandbox policy did not allow generativelanguage.googleapis.com
2. the relevant policy binaries lists did not include /usr/local/bin/node, even though openclaw runs via #!/usr/bin/env node
3. OpenClaw's trusted env proxy path still does a local pinned DNS lookup before creating EnvHttpProxyAgent, which defeats the proxy path in a sandbox and produces EAI_AGAIN
4. the background gateway used by openclaw tui had to be restarted after patching, otherwise TUI kept using the old broken gateway process

Repro

1. Set up NemoClaw on macOS with Docker Desktop and NVIDIA cloud inference.
2. Inside the sandbox, configure web search with Gemini in ~/.openclaw/openclaw.json.
3. Run:

openclaw agent --agent main --local -m "Use the web_search tool to search for the OpenClaw documentation homepage and answer with only the homepage URL." --session-id webtest-1

or:

openclaw tui

Then ask the agent to use web_search.

Observed result:

[tools] web_search failed: getaddrinfo EAI_AGAIN generativelanguage.googleapis.com

Diagnosis

A. Default NemoClaw policy is missing the Gemini endpoint

The stock template includes NVIDIA/OpenClaw/GitHub/npm/Telegram endpoints, but not:

• generativelanguage.googleapis.com

That means Gemini web search cannot work through the sandbox's egress policy without additional allowlisting.

B. Policy matching is binary-path based, but openclaw executes as node

Inside the sandbox:

command -v openclaw
ls -l /usr/local/bin/openclaw
command -v node

/usr/local/bin/openclaw is a launcher script using #!/usr/bin/env node, so the real executable path is:

• /usr/local/bin/node

Allowing /usr/local/bin/openclaw alone is not enough for all proxy/policy decisions.

C. OpenClaw trusted env proxy path still resolves DNS locally first

In the installed OpenClaw build, fetch-guard-CBQYpTN6.js does:

const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {
  lookupFn: params.lookupFn,
  policy: params.policy
});
if (mode === GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY && hasProxyEnvConfigured()) {
  dispatcher = new EnvHttpProxyAgent();
} else if (params.pinDns !== false) {
  dispatcher = createPinnedDispatcher(pinned);
}

So even in TRUSTED_ENV_PROXY mode, it still performs a local DNS lookup before using the proxy. In the sandbox, that causes the EAI_AGAIN failure.

Local Workaround That Worked

1. Expand the sandbox policy

Add:

• generativelanguage.googleapis.com:443

and add /usr/local/bin/node to the relevant binaries lists used by OpenClaw/Gemini traffic.

2. Patch OpenClaw fetch guard logic

Skip the local pinned DNS lookup when using TRUSTED_ENV_PROXY mode, and create EnvHttpProxyAgent() first.

Local patch:

const useTrustedEnvProxy = mode === GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY && hasProxyEnvConfigured();
if (useTrustedEnvProxy) dispatcher = new EnvHttpProxyAgent();
else {
  const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {
    lookupFn: params.lookupFn,
    policy: params.policy
  });
  if (params.pinDns !== false) dispatcher = createPinnedDispatcher(pinned);
}

3. Restart the gateway under the patched runtime

The TUI uses the long-running background gateway. After patching, that process needed to be restarted or TUI kept failing with the old runtime.

Verification

After applying the workaround, this direct sandbox test succeeded:

node - <<'JS'
const fs = require("fs");
const cfg = JSON.parse(fs.readFileSync("/sandbox/.openclaw/openclaw.json", "utf8"));
fetch("https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-goog-api-key": cfg.tools.web.search.gemini.apiKey
  },
  body: JSON.stringify({
    contents: [{ parts: [{ text: "Who is the current president of France? Return only the name." }] }],
    tools: [{ google_search: {} }]
  })
}).then(async r => console.log(r.status, await r.text()));
JS

This returned 200 and included groundingMetadata.

Also, one-shot OpenClaw search succeeded:

openclaw agent --agent main --local -m "Use the web_search tool to search for the OpenClaw documentation homepage and answer with only the homepage URL." --session-id webtest-1

Observed output:

https://docs.openclaw.ai

Suggestions

1. Add a documented NemoClaw policy preset for Gemini / Google Search grounding.
2. Include /usr/local/bin/node anywhere openclaw is expected to make outbound calls.
3. Change OpenClaw TRUSTED_ENV_PROXY fetch mode so it does not require local pinned DNS lookup before using EnvHttpProxyAgent.
4. Consider documenting that TUI may need a gateway restart after runtime patching, otherwise old failures persist.

Related

• How to use other providers/model like google/gemini-3-pro #368
• NemoClaw + Telegram: Fresh install on existing OpenClaw host — multiple 403 proxy blocks due to missing node in policy binaries #391

Would maintainers prefer:

• a docs PR for the Gemini web-search policy requirements, or
• a code fix directly in OpenClaw / NemoClaw for the trusted proxy path and policy defaults?

[wscurran]

Thanks for reporting this issue with Gemini web_search in the NemoClaw sandbox, I appreciate you providing detailed information about the problem, including the specific error and your environment setup.

[fth83]

I managed to enable google gemini search, now it works inside the sandbox and also i can reach it thru telegram. Out of the box, NemoClaw's sandboxed OpenClaw instance cannot perform web searches. The web_search tool fails with getaddrinfo EAI_AGAIN because:

1. The sandbox's network policy only allows traffic to whitelisted endpoints (NVIDIA inference, GitHub, npm, etc.)
2. No search API domains (Brave, Google, etc.) are whitelisted by default
3. Even after whitelisting, OpenClaw's internal SSRF guard performs a pinned DNS lookup before checking if the environment proxy should be used — and DNS resolution fails inside the sandbox's network namespace

The result: the agent tells you to "configure a Brave API key" no matter what you do, or silently times out.

The Solution

Three things need to happen:

1. Create a Custom Network Policy Preset

On the host machine, create a policy preset file that whitelists generativelanguage.googleapis.com (the Gemini API endpoint used for Google Search grounding):

cat > ~/.nvm/versions/node/<YOUR_NODE_VERSION>/lib/node_modules/nemoclaw/nemoclaw-blueprint/policies/presets/googlesearch.yaml << 'EOF'
preset:
  name: googlesearch
  description: "Google Gemini Search API and web fetch access"
network_policies:
  google_gemini:
    name: google_gemini
    endpoints:
      - host: generativelanguage.googleapis.com
        port: 443
        protocol: rest
        enforcement: enforce
        tls: terminate
        rules:
          - allow: { method: "*", path: "/**" }
    binaries:
      - path: /usr/local/bin/openclaw
      - path: /usr/local/bin/node
EOF

Note: Replace <YOUR_NODE_VERSION> with your actual Node version directory (e.g., v25.8.1). You can find it with: ls ~/.nvm/versions/node/

Then apply it:

nemoclaw <sandbox-name> policy-add
# Select: googlesearch

2. Configure Gemini as the Web Search Provider

Connect to the sandbox and run the configure wizard:

nemoclaw <sandbox-name> connect
openclaw configure --section web
# Select: Gemini (Google Search)
# Paste your Gemini API key
# Enable web_fetch: Yes

Also add the key to .env for persistence:

echo 'GEMINI_API_KEY=<your-key>' >> /sandbox/.openclaw/.env

3. Create a Google Search Shell Skill

The built-in web_search tool will still fail because of the SSRF guard's DNS issue (see "Why the Built-in Tool Fails" below). The workaround is a shell skill that calls the Gemini API directly using Node's native fetch(), which correctly uses the sandbox's environment proxy.

mkdir -p /sandbox/.openclaw/workspace/skills/google-search

cat > /sandbox/.openclaw/workspace/skills/google-search/google_search.sh << 'ENDSCRIPT'
#!/bin/bash
QUERY="$*"
API_KEY=$(python3 -c "import json; print(json.load(open('/sandbox/.openclaw/openclaw.json'))['tools']['web']['search']['gemini']['apiKey'])")

node -e '
const q = process.argv[1];
const key = process.argv[2];
fetch("https://generativelanguage.googleapis.com/v1beta/models/gemini-2.5-flash:generateContent", {
  method: "POST",
  headers: { "Content-Type": "application/json", "x-goog-api-key": key },
  body: JSON.stringify({
    contents: [{ parts: [{ text: q }] }],
    tools: [{ google_search: {} }]
  })
}).then(async r => {
  const data = await r.json();
  const text = (data.candidates || [])[0]?.content?.parts?.map(p => p.text).filter(Boolean).join("\n") || "No results";
  const sources = ((data.candidates || [])[0]?.groundingMetadata?.groundingChunks || [])
    .filter(c => c.web && c.web.uri)
    .map(c => (c.web.title || "unknown") + ": " + c.web.uri)
    .join("\n");
  console.log(text);
  if (sources) console.log("\nSources:\n" + sources);
}).catch(e => console.error("Error:", e.message));
' "$QUERY" "$API_KEY"
ENDSCRIPT

chmod +x /sandbox/.openclaw/workspace/skills/google-search/google_search.sh

Verify it works:

bash /sandbox/.openclaw/workspace/skills/google-search/google_search.sh "latest AI news today"

You should see a full response with Google Search grounding and source citations.

4. Tell the Agent to Use the Skill

Add instructions to AGENTS.md so the model knows to use the shell skill instead of the broken web_search tool:

cat >> /sandbox/.openclaw/workspace/AGENTS.md << 'EOF'

## Google Search Skill — USE THIS FOR ALL WEB SEARCHES

When asked to search the web or find current information, run:

bash /sandbox/.openclaw/workspace/skills/google-search/google_search.sh "your query here"

RULES:
- Present the results directly and confidently.
- Do NOT mention Brave API keys, environmental limitations, or network issues.
- The results ARE current. Trust them and summarize them clearly.
EOF

---

Why the Built-in web_search Tool Fails

OpenClaw's web_search tool uses a guarded fetch function (fetchWithSsrFGuard) that performs DNS resolution via resolvePinnedHostnameWithPolicy() before checking if it should delegate to EnvHttpProxyAgent. Inside the NemoClaw sandbox, DNS resolution for external hosts fails because the network namespace doesn't have direct DNS access — traffic is routed through the OpenShell egress proxy.

The relevant code in fetch-guard-CBQYpTN6.js:

// Current (broken in sandbox):
const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, ...);  // DNS fails here
if (mode === GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY && hasProxyEnvConfigured())
    dispatcher = new EnvHttpProxyAgent();  // Never reached

The fix would be to check for proxy mode first:

// Fixed:
if (mode === GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY && hasProxyEnvConfigured()) {
    dispatcher = new EnvHttpProxyAgent();
} else {
    const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, ...);
    if (params.pinDns !== false) dispatcher = createPinnedDispatcher(pinned);
}

However, since /usr is read-only inside the sandbox, this patch cannot be applied from within. The shell skill workaround bypasses this entirely by using Node's native fetch(), which correctly routes through the environment proxy.

---

Suggestions for NemoClaw/OpenClaw Maintainers

1. Add an official googlesearch policy preset to NemoClaw for Gemini/Google Search grounding
2. Include /usr/local/bin/node in binaries lists wherever openclaw is expected to make outbound calls
3. Fix the TRUSTED_ENV_PROXY fetch path so it skips pinned DNS when using EnvHttpProxyAgent
4. Document the gateway restart requirement — after runtime or config changes, the TUI/gateway may need a restart otherwise old failures persist

---

Environment

• NemoClaw 0.1.0
• OpenClaw 2026.3.11
• Model: nvidia/nemotron-3-super-120b-a12b
• OpenShell 0.0.10
• Node v25.8.1