[Bug]: memory_search remote embeddings fail with ENOTFOUND when env proxy is configured — withRemoteHttpResponse skips TRUSTED_ENV_PROXY mode

[XIYBHK]

Bug type

Behavior bug (incorrect output/state without crash)

Summary

withRemoteHttpResponse() in the memory remote embeddings path does not check hasProxyEnvConfigured() before calling fetchWithSsrFGuard(), causing it to default to strict mode which performs local DNS pre-resolution via resolvePinnedHostnameWithPolicy(). In proxy environments (e.g. Clash TUN/fake-IP, corporate proxies), this DNS lookup fails with getaddrinfo ENOTFOUND before the request ever reaches the proxy, even though proxy-routed requests via the OpenAI SDK succeed on the same machine.

Steps to reproduce

1. Configure an HTTP/HTTPS proxy via environment variables (HTTPS_PROXY, HTTP_PROXY, or ALL_PROXY).
2. Use a proxy setup where local DNS cannot resolve the embedding provider hostname (e.g. Clash TUN fake-IP mode, or a corporate proxy with DNS-over-proxy).
3. Configure a remote embedding provider (e.g. api.ohmygpt.com/v1 or any OpenAI-compatible endpoint).
4. Run:

openclaw memory status --deep --agent main
openclaw memory search --agent main --query "test"

5. Observe getaddrinfo ENOTFOUND <hostname> and Embeddings: unavailable.

Expected behavior

When environment proxy variables are configured, withRemoteHttpResponse() should use withTrustedEnvProxyGuardedFetchMode() to set the fetch mode to TRUSTED_ENV_PROXY, causing fetchWithSsrFGuard() to skip local DNS pre-resolution and use EnvHttpProxyAgent() directly — the same behavior already implemented for other proxy-aware code paths in the codebase.

Actual behavior

withRemoteHttpResponse() calls fetchWithSsrFGuard() without setting a mode, which defaults to STRICT. In strict mode, fetchWithSsrFGuard() always calls resolvePinnedHostnameWithPolicy() → dns.lookup() before making the HTTP request. This local DNS lookup fails in proxy environments where DNS resolution must go through the proxy, producing:

Error: getaddrinfo ENOTFOUND api.ohmygpt.com

Meanwhile, on the same machine in the same shell session, OpenClaw's own OpenAI SDK calls to the same endpoint succeed — confirming the proxy works and the issue is isolated to the memory embeddings code path.

OpenClaw version

2026.3.13 (61d171a)

Operating system

Windows 11 Pro 10.0.22631

Install method

npm global

Model

openai/text-embedding-3-small (remote embedding provider)

Provider / routing chain

openclaw -> env HTTP proxy (Clash TUN) -> remote OpenAI-compatible embedding endpoint

Additional provider/model setup details

# Environment
HTTPS_PROXY=http://127.0.0.1:7890 (Clash TUN with fake-IP mode)

# Embedding config in openclaw agent config
models.providers.openai.baseUrl = "https://api.ohmygpt.com/v1"
memorySearch.remote.model = "text-embedding-3-small"

The same proxy + endpoint combination works when OpenClaw makes regular OpenAI SDK calls (e.g. chat completions), because those paths correctly use proxy-aware fetch. Only the memory embeddings path fails.

Logs, screenshots, and evidence

# Failing path (memory embeddings)
$ openclaw memory status --deep --agent main
Embeddings: unavailable
Error: getaddrinfo ENOTFOUND api.ohmygpt.com

# Working path (same machine, same proxy, same endpoint)
# OpenClaw's own OpenAI SDK calls to api.ohmygpt.com/v1 → OK, returns 1536-dim vectors

Root cause trace in source:

withRemoteHttpResponse(params)          # src/memory/post-json.ts or similar
  → fetchWithSsrFGuard({ url, init, policy })   # no mode set → defaults to STRICT
    → resolveGuardedFetchMode(params)            # returns STRICT (no mode field)
    → resolvePinnedHostnameWithPolicy(hostname)  # does dns.lookup() → ENOTFOUND

The fix already exists in the codebase for other callers. For example, src/memory/embeddings-remote-*.ts in some build outputs already has the corrected pattern. The issue is that withRemoteHttpResponse() was not updated to use it.

Correct pattern (already present in some bundle copies):

async function withRemoteHttpResponse(params) {
    const useEnvProxy = hasProxyEnvConfigured();
    const request = useEnvProxy ? withTrustedEnvProxyGuardedFetchMode({
        url: params.url,
        init: params.init,
        policy: params.ssrfPolicy,
        auditContext: params.auditContext ?? "memory-remote"
    }) : {
        url: params.url,
        init: params.init,
        policy: params.ssrfPolicy,
        auditContext: params.auditContext ?? "memory-remote"
    };
    const { response, release } = await fetchWithSsrFGuard(request);
    // ...
}

Impact and severity

• Affected: All users running OpenClaw with env proxy configured (HTTP_PROXY/HTTPS_PROXY/ALL_PROXY) in environments where local DNS cannot resolve the embedding provider hostname (Clash TUN fake-IP, corporate forward proxies, WSL with host-side proxy, etc.)
• Severity: High — completely blocks memory search functionality; Embeddings: unavailable
• Frequency: 100% reproducible when the proxy + DNS condition is met
• Consequence: memory_search tool and memory status --deep are non-functional; agents lose access to vector memory search entirely

Additional information

Note on build artifact duplication: withRemoteHttpResponse() is inlined by the bundler (rolldown) into multiple dist chunks. In 2026.3.13, we found 7 copies across different bundles — some already had the proxy fix, others did not. The source-level fix is a single-location change, but all bundle copies need to be consistent after build.

Affected bundles in 2026.3.13 (for reference):

• reply-Bm8VrLQh.js — gateway agent tool path (missing fix)
• auth-profiles-DDVivXkv.js — alternate auth bundle (missing fix)
• discord-CcCLMjHw.js — discord channel path (missing fix)
• auth-profiles-DRjqKE3G.js — CLI path (had fix)
• model-selection-*.js — (had fix)
• plugin-sdk/thread-bindings-*.js — (had fix)

Workaround: Manually patch withRemoteHttpResponse() in the affected dist bundles to add the hasProxyEnvConfigured() check as shown above.

[Hollychou924]

Analysis: withRemoteHttpResponse() missing proxy-aware guard — same pattern as other proxy-skip paths

Reporter has accurately identified the root cause. This is a missing hasProxyEnvConfigured() check in the memory embeddings fetch path.

How the fix should work

The codebase already has a withTrustedEnvProxyGuardedFetchMode() helper and a TRUSTED_ENV_PROXY mode in fetchWithSsrFGuard(). The fix is to apply the same guard that other proxy-aware code paths already use:

// In withRemoteHttpResponse() or wherever it calls fetchWithSsrFGuard():

// Current (broken in proxy environments):
const response = await fetchWithSsrFGuard(url, options);

// Fix:
const fetchMode = hasProxyEnvConfigured() 
  ? withTrustedEnvProxyGuardedFetchMode()
  : undefined;
const response = await fetchWithSsrFGuard(url, { ...options, ...fetchMode });

Why this is isolated to the embeddings path

The OpenAI SDK used for regular LLM calls respects HTTPS_PROXY/HTTP_PROXY natively via its own fetch implementation. But the memory embeddings path calls fetchWithSsrFGuard() directly (a custom fetch with SSRF protection), and STRICT mode in that function performs dns.lookup() before connecting — which fails in fake-IP/TUN environments where DNS resolution must go through the proxy.

Affected scenarios

• Clash TUN mode (fake IP) — DNS lookup to the real IP fails, TUN intercepts the connection by fake IP
• Corporate HTTP proxies where internal DNS doesn't resolve external hostnames
• Any setup where getaddrinfo fails but proxy-routed requests succeed

Two places to fix

1. withRemoteHttpResponse() — the reported location
2. Any other direct fetchWithSsrFGuard() calls in the memory/embedding subsystem that don't already have the proxy guard

Run grep -r 'fetchWithSsrFGuard' src/ to find all call sites and audit which ones are missing the hasProxyEnvConfigured() guard. The OpenAI client and Brave search paths seem to have this already — embeddings is the gap.

[Yiaos]

Confirming this issue on macOS with Clash fake-IP mode + OpenClaw 2026.3.23-1.

Environment: macOS 22.6.0, Clash proxy with fake-IP DNS (resolves proxied domains to 0.0.22.x synthetic IPs), HTTPS_PROXY=http://127.0.0.1:7890 configured in openclaw.json env.

Symptoms: memory_search fails with fetch failed on every call. Gateway logs show repeated [memory] sync failed (session-start/search/watch): TypeError: fetch failed. The SSRF guard blocks the request because 0.0.22.x falls in the 0.0.0.0/8 special-use range, before any network request is made.

Root cause verified by source inspection: withRemoteHttpResponse() in packages/memory-host-sdk/src/host/remote-http.ts calls fetchWithSsrFGuard() without passing mode, defaulting to STRICT. Strict mode does DNS pinning via dns.lookup(), gets fake-IP 0.0.22.x, and blocks. Meanwhile web_fetch and web_search work fine because they use withTrustedEnvProxyGuardedFetchMode().

Workaround attempted: Injecting HTTP_PROXY/HTTPS_PROXY into OpenClaw's env config fixes web_fetch (which uses trusted_env_proxy mode) but does NOT fix memory embeddings (which uses strict mode that overrides the global undici proxy dispatcher with a per-request PinnedDispatcher).

PR #52191 looks correct — the one-line fix to check hasProxyEnvConfigured() and use withTrustedEnvProxyGuardedFetchMode() is exactly what's needed. Would love to see this merged.

[tongmd]

I hit what looks like another concrete remaining proxy gap in the memory embeddings path, this time on a newer build (OpenClaw 2026.4.9).

What I reproduced

• agents.defaults.memorySearch.provider = "gemini"
• agents.defaults.memorySearch.model = "gemini-embedding-001"
• env proxy configured (HTTP_PROXY / HTTPS_PROXY)
• gateway starts fine, other proxy-aware paths work
• but memory_search(...) failed with:

fetch failed | Connect Timeout Error (... 142.250.x.x:443 ... timeout: 10000ms)

The key signal was that the failure still looked like a direct Google connect timeout, which suggested the Gemini embedding request path was still bypassing the proxy.

Root cause I found

In the Gemini memory embedding path:

• resolveGeminiEmbeddingClient(...) correctly builds
  • fetchImpl: options.fetchImpl ?? resolveProxyFetchFromEnv()
• but the actual Gemini HTTP call sites were not forwarding that fetchImpl into withRemoteHttpResponse(...)

So the client had a proxy-aware fetch, but the real requests still fell back to the default fetch path.

Concrete locations

In my local 2026.4.9 dist bundle, the missing propagation was in engine-embeddings-*.js at least for:

• direct embed request (fetchGeminiEmbeddingPayload)
• Gemini batch upload
• Gemini batch create
• Gemini batch status polling
• Gemini batch download

The fix was effectively to pass the resolved fetch through, e.g.

return await withRemoteHttpResponse({
  url: params.endpoint,
  ssrfPolicy: params.client.ssrfPolicy,
  fetchImpl: params.client.fetchImpl,
  init: { ... },
  onResponse: ...
});

and similarly for the batch helper calls using params.gemini.fetchImpl.

Validation

After patching those call sites locally and restarting the gateway, memory_search recovered immediately and returned normal results again:

• provider: gemini
• model: gemini-embedding-001
• mode: hybrid
• actual search hits returned instead of disabled/unavailable/fetch failed

Why I think this matters alongside the existing issue

#52162 is about the memory remote path not correctly honoring proxy-aware fetch mode / trusted env proxy behavior. What I found seems like a sibling bug in the same area:

• even when the Gemini embedding client resolves a proxy-aware fetch implementation,
• the implementation is ineffective if the downstream HTTP helpers do not actually receive and use that fetchImpl.

So there may be two layers to audit in memory embeddings:

1. choosing the correct proxy/trusted-env mode
2. making sure the selected fetchImpl is actually threaded through every remote call site

If useful, I can turn this into a minimal source-level patch instead of only reporting the dist-level symptom.

[mjamiv]

Same root cause also affects the image / music / video / audio generation provider paths on 2026.4.11-beta.1, not just memory embeddings. Adding a concrete datapoint in case it helps with scoping the fix.

Environment

• Docker-based sandbox, no direct DNS, all outbound via HTTP CONNECT proxy (HTTPS_PROXY=http://<proxy>:3128)
• NODE_USE_ENV_PROXY=1, undici's global dispatcher set to EnvHttpProxyAgent at require-time via a small bootstrap
• LLM chat paths work fine in this env (they inherit the global dispatcher)
• 2026.3.x / 2026.4.9 behaves the same — this is not a recent regression, it's a long-standing gap

Affected call sites (2026.4.11-beta.1)

All of these go through the same postJsonRequest → fetchWithTimeoutGuarded → fetchWithSsrFGuard chain in dist/shared-CfaHrC7m.js, none of them wrap with withTrustedEnvProxyGuardedFetchMode:

• dist/image-generation-provider-17J9DXKM.js — generateImage() for minimax / openai / google / fal / comfy / vydra
• dist/music-generation-provider-B0kBuVED.js
• dist/video-generation-provider-Bo-Z2xxH.js
• dist/audio-DIJTFAPs.js — postTranscriptionRequest() path

Symptom

generateImage() -> postJsonRequest() -> fetchWithTimeoutGuarded() ->
fetchWithSsrFGuard({ ..., mode: undefined })  // defaults to STRICT
-> resolvePinnedHostnameWithPolicy('api.minimax.io', { lookupFn: dns.lookup })
-> Error: getaddrinfo EAI_AGAIN api.minimax.io

LLM chat (minimax/MiniMax-M2.7 via api.minimax.io/anthropic/v1/messages) to the exact same host succeeds concurrently because that code path resolves through undici's global dispatcher. Only the guarded-fetch paths force local DNS pre-resolution.

Why the guard's existing env-proxy branch doesn't help

In dist/fetch-guard-Cy8m87y2.js:160:

if (mode === GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY && hasProxyEnvConfigured())
    dispatcher = createHttp1EnvHttpProxyAgent();

The mode check gates it — and image/music/video/audio provider call sites never pass mode: TRUSTED_ENV_PROXY, so the branch is dead for them.

Two-line suggested fix

Either wrap each affected call site:

// in image-generation-provider, music-generation-provider, etc.
return postJsonRequest({
  url: `${resolvedBaseUrl}/v1/image_generation`,
  ...,
  mode: GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY,  // NEW
});

Or, more broadly, default to env-proxy mode in resolveGuardedFetchMode when hasProxyEnvConfigured() returns true and no caller-supplied mode:

function resolveGuardedFetchMode(params) {
    if (params.mode) return params.mode;
    if (params.proxy === "env" && params.dangerouslyAllowEnvProxyWithoutPinnedDns === true) return GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY;
    if (hasProxyEnvConfigured()) return GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY;  // NEW
    return GUARDED_FETCH_MODE.STRICT;
}

The second form fixes all affected providers in one line without auditing each call site. It is equivalent to the dist-level workaround several deployments (including this one) are already running.

Verification

Applying the broader fix at the dist level produces a working image-01 generation end-to-end through api.minimax.io from the same sandbox that returns EAI_AGAIN without it. Same test passes for openai/gpt-image-1 when the OpenAI key is configured.

Happy to open a PR against main if that would be useful — can do either form.

[mjamiv]

Opened #64974 with the narrow shape — only touches fetchWithTimeoutGuarded in src/media-understanding/shared.ts so the lower-level fetchWithSsrFGuard default stays unchanged. Covers image / music / video / audio generation and transcription paths (all route through the same helper). Adds four new vitest cases for the new behavior. Happy to rebase / split / narrow further if you'd prefer a different shape.