[Bug]: SECURITY ERROR blocks cron/subagent operations in Docker with bind: lan

[troyhitch]

Summary

Description

After updating to 2026.2.18, the new plaintext WebSocket security check (isSecureWebSocketUrl in src/gateway/net.ts) blocks several critical operations when the gateway is configured with bind: lan inside Docker.

Environment

• OpenClaw version: 2026.2.18
• Runtime: Docker container (Linux arm64)
• Gateway config: "bind": "lan" (documented Docker configuration)
• Gateway resolves to internal Docker IP: ws://172.18.0.2:18789

What's Blocked

• ❌ Creating new cron jobs (cron add)
• ❌ Updating existing cron jobs (cron update)
• ❌ Spawning sub-agents (sessions_spawn)
• ❌ Config patches (gateway config.patch)
• ✅ Existing cron jobs created pre-update still fire correctly
• ✅ Main session works fine

Error

SECURITY ERROR: Gateway URL "ws://172.18.0.2:18789" uses plaintext ws:// to a non-loopback address.
Both credentials and chat data would be exposed to network interception.
Source: local lan 172.18.0.2

Root Cause

isSecureWebSocketUrl() in src/gateway/net.ts only allows ws:// for loopback addresses (127.0.0.1/localhost). Docker's internal bridge network IPs (172.x.x.x) fail this check, even though they never leave the host machine and are as secure as loopback.

Impact

Breaks multi-agent setups and cron job management for all Docker deployments using bind: lan. Changing bind to localhost is not an option — it kills all external connectivity (Telegram, webhooks, etc.) since Docker maps ports to the container's LAN IP, not 127.0.0.1.

Suggested Fix

One of:

1. Treat Docker bridge network IPs (172.16.0.0/12) as trusted in the security check
2. Add an env var override: OPENCLAW_TRUST_LOCAL_WS=1
3. Add a config option: gateway.security.allowPlaintextWs: true
4. Detect Docker environment and relax the check for internal bridge networks

Workaround

None currently. Pre-existing cron jobs still fire but cannot be modified. No new cron jobs or sub-agents can be created.

Steps to reproduce

1. Run OpenClaw 2026.2.18 in Docker
2. Configure gateway with "bind": "lan" in openclaw.json (the documented Docker configuration)
3. Attempt any of: create a cron job, update a cron job, spawn a sub-agent, or apply a config patch

Expected behavior

Operations should succeed since the gateway is running inside a Docker container and the ws:// connection is on an internal Docker bridge network (172.x.x.x) that never leaves the host machine.

Actual behavior

All operations fail with: SECURITY ERROR: Gateway URL "ws://172.18.0.2:18789" uses plaintext ws:// to a non-loopback address. The isSecureWebSocketUrl() check in src/gateway/net.ts rejects Docker bridge network IPs as insecure, even though they are functionally equivalent to loopback.

OpenClaw version

2026.02.18

Operating system

MacOS 26.3

Install method

docker

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

No response

[tyler6204]

Fixed in commit 47f3979 (merged to main).

buildGatewayConnectionDetails() now always resolves local self-connections to loopback (127.0.0.1) regardless of gateway.bind, so local CLI/tool/gateway calls no longer resolve to LAN/Tailscale IPs and no longer trigger the plaintext non-loopback security guard.