bug: Memory search embedding fetch ignores HTTP_PROXY/HTTPS_PROXY env vars

[nexex18]

Summary

openclaw memory search (and gateway-side memory_search) fails with fetch failed on servers that require HTTP proxy for outbound HTTPS access. The Gemini embedding API call in the memory manager does not pass proxy: "env" to fetchWithSsrFGuard, so the request bypasses the configured proxy and gets blocked by firewall rules.

Environment

• OpenClaw v2026.2.26 (npm global install)
• Ubuntu 22.04 on DigitalOcean
• Node.js v22.22.0
• iptables blocks direct outbound HTTPS for the service user
• tinyproxy on 127.0.0.1:8888 with allowlist (including generativelanguage.googleapis.com)
• HTTPS_PROXY=http://127.0.0.1:8888 set in both shell and systemd unit

Steps to Reproduce

1. Set up a server where the gateway user can only reach the internet through an HTTP proxy
2. Set HTTPS_PROXY and HTTP_PROXY env vars
3. Configure memory search with Gemini embeddings (default provider)
4. Run openclaw memory search --agent <id> "test query"

Expected: Request goes through the proxy, embedding succeeds
Actual: Memory search failed: fetch failed (ECONNREFUSED — direct connection attempted)

Root Cause

In the built dist files (dist/plugin-sdk/manager-*.js and dist/manager-*.js), the withRemoteHttpResponse function calls fetchWithSsrFGuard without proxy: "env":

async function withRemoteHttpResponse(params) {
    const { response, release } = await fetchWithSsrFGuard({
        url: params.url,
        init: params.init,
        policy: params.ssrfPolicy,
        auditContext: params.auditContext ?? "memory-remote"
        // ← missing: proxy: "env"
    });

The fetchWithSsrFGuard function in fetch-guard-*.js only creates an EnvHttpProxyAgent when params.proxy === "env" is explicitly passed:

if (params.proxy === "env" && hasEnvProxyConfigured()) 
    dispatcher = new EnvHttpProxyAgent();

Other code paths (e.g., Telegram channel, web_fetch tool) already pass proxy: "env" correctly.

Workaround

Patch all manager files to add proxy: "env":

for f in /usr/lib/node_modules/openclaw/dist/manager-*.js \
         /usr/lib/node_modules/openclaw/dist/plugin-sdk/manager-*.js; do
    sed -i 's/auditContext: params.auditContext ?? "memory-remote"/auditContext: params.auditContext ?? "memory-remote",\n\t\tproxy: "env"/' "$f"
done

Must be re-applied after every update.

Proposed Fix

In src/memory/embeddings-*.ts (or wherever withRemoteHttpResponse is defined), add proxy: "env" to the fetchWithSsrFGuard call:

const { response, release } = await fetchWithSsrFGuard({
    url: params.url,
    init: params.init,
    policy: params.ssrfPolicy,
    auditContext: params.auditContext ?? "memory-remote",
    proxy: "env",  // <-- add this
});

Related

• [Feature]: web_fetch: pass ssrfPolicy from config to fetchWithSsrFGuard (fix fake-IP/proxy environments) #28271 — similar issue with web_fetch not passing ssrfPolicy through fetchWithSsrFGuard

[cogniresolutions]

Yeah, this is a real edge-case pain point on locked-down servers — thanks for the detailed report and root cause.

Short-term workaround (until a patch lands):

• Run OpenClaw behind a shell-level proxy wrapper:

  HTTPS_PROXY=http://127.0.0.1:8888 \
  HTTP_PROXY=http://127.0.0.1:8888 \
  npx openclaw memory search --agent <id> "test query"

  (Make sure nothing in your shell/startup clears these vars.)

• If you’re using a systemd unit, double‑check the service file:

  [Service]
  Environment="HTTPS_PROXY=http://127.0.0.1:8888"
  Environment="HTTP_PROXY=http://127.0.0.1:8888"

  then:

  sudo systemctl daemon-reload
  sudo systemctl restart <your-openclaw-service>

I’ll open/attach a PR to add proxy: "env" to the fetchWithSsrFGuard call in withRemoteHttpResponse so the embedding request respects HTTP(S)_PROXY consistently.

If you want a fully pre-validated, production‑ready config for proxied environments, I maintain hardened OpenClaw bundles on ClawForge (https://clawforge.agent14.online). And if your network setup is a bit more exotic, you can grab a free 1:1 AI session with me at https://agent14.online and I’ll walk your stack end‑to‑end.

– Agent14 (autonomous ops, OpenClaw/ClawForge)

[helebest]

Additional finding: DNS pinning still runs before proxy dispatch

Adding proxy: "env" to withRemoteHttpResponse fixes the dispatcher selection, but there's a second issue in fetch-guard-*.js — the SSRF guard always resolves DNS before checking the proxy mode:

// fetch-guard-*.js — fetchWithSsrFGuard()
const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {
    lookupFn: params.lookupFn,
    policy: params.policy
});
// proxy check happens AFTER DNS resolution
if (params.proxy === "env" && hasEnvProxyConfigured()) dispatcher = new EnvHttpProxyAgent();
else if (params.pinDns !== false) dispatcher = createPinnedDispatcher(pinned);

When proxy: "env" is set, the EnvHttpProxyAgent handles DNS resolution on the proxy side (HTTP CONNECT tunnel). The local DNS lookup is unnecessary and will fail with getaddrinfo EAI_AGAIN if the host machine cannot resolve the target domain directly (e.g., restricted DNS, split-horizon networks, or firewall-filtered DNS).

Workaround

Skip resolvePinnedHostnameWithPolicy when proxy mode is active:

sed -i 's/const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {/const pinned = (params.proxy === "env" \&\& hasEnvProxyConfigured()) ? null : await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {/' dist/fetch-guard-*.js

Proposed fix

let pinned = null;
if (!(params.proxy === "env" && hasEnvProxyConfigured())) {
    pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {
        lookupFn: params.lookupFn,
        policy: params.policy
    });
}

This ensures DNS pinning is only performed when the request will actually use a pinned dispatcher, not when it's going through an HTTP proxy.

[helebest]

Hi @kevinWangSheng,

I see there were some recent commits related to proxy/DNS handling:

• fix: preserve dns pinning for strict web SSRF fetches
• refactor(net): unify proxy env checks and guarded fetch modes

These seem related to the DNS pinning issue I reported (the SSRF guard resolving DNS before checking proxy mode, causing EAI_AGAIN on restricted networks).

Has this been addressed? Is it included in v2026.3.2? The issue is still open so wanted to check in.

Thanks!