Bug: memory search live embedding fails ~20–40% with `fetch failed | other side closed` (provider-agnostic; upstream healthy)

[kevinheinrichs]

Bug: Memory search transient fetch failed | other side closed / Client network socket disconnected before secure TLS connection was established for live embedding queries (provider-agnostic)

Summary

Live memory search queries fail intermittently (~20–40% of calls) with one of two transient TLS/socket errors when using any remote embedding provider (OpenAI, Gemini). The same endpoint works perfectly via curl and via a plain Node.js fetch() from the same host, so the upstream API is healthy. The failure originates inside OpenClaw's internal SSRF-guarded fetch path.

Bulk reindex via the batch endpoint is not affected. Only the per-query single-embed path used by openclaw memory search (and presumably the in-conversation memory recall path) shows the issue.

This makes semantic memory recall unreliable in interactive sessions even though openclaw memory status reports Embeddings: ready.

---

Environment

Item	Value
OpenClaw version	2026.4.24 (cbcfdf6)
Node.js	v24.14.1
OS	Ubuntu 24.04 LTS, kernel 6.8.0-110-generic (x86_64)
Network	direct outbound, no proxy, IPv4+IPv6 both working
memory.backend	builtin
sqlite-vec	enabled, vec0.so loaded, Vector dims: 3072, FTS: ready

Reproduced on two different remote embedding providers configured via openclaw config set:

• openai / text-embedding-3-large (3072-dim, ~30 KB response)
• gemini / gemini-embedding-2-preview (3072-dim, ~60 KB response)

Both fail with the same intermittent socket error. The Gemini case fails more often, consistent with a payload-size correlation, but OpenAI also fails repeatably.

---

Repro

1. Configure a remote embedding provider

openclaw config set memory.backend builtin
openclaw config set agents.defaults.memorySearch.provider openai
openclaw config set agents.defaults.memorySearch.model text-embedding-3-large
openclaw config set models.providers.openai \
  '{"baseUrl":"https://api.openai.com/v1","apiKey":"sk-...","models":[]}' --strict-json
openclaw gateway restart

2. Reindex (works fine, uses batch endpoint)

openclaw memory index --force --agent main
# → Memory index updated (main).

openclaw memory status --deep --agent main then reports:

Provider: openai (requested: openai)
Model: text-embedding-3-large
Vector: ready
Vector dims: 3072
FTS: ready
Embeddings: ready

3. Run live queries (fails ~20–40% of the time)

for i in 1 2 3 4 5 6 7 8 9 10; do
  result=$(openclaw memory search "pool stress test query $i" --agent main 2>&1 | tail -3)
  if echo "$result" | grep -qE "fetch failed|other side closed|socket disconnected"; then
    echo "Q$i: FAIL"
  else
    echo "Q$i: OK"
  fi
done

Observed output (idle gateway):

Q1: OK
Q2: OK
Q3: OK
Q4: OK
Q5: FAIL
Q6: FAIL
Q7: OK
Q8: OK
Q9: OK
Q10: OK
→ OK: 8 / FAIL: 2

Under concurrent load (background reindex of other agents running):

→ OK: 6 / FAIL: 4

4. Two distinct error messages observed

From the gateway log (/tmp/openclaw/openclaw-<date>.log):

ERROR Memory search failed: fetch failed | other side closed
ERROR Memory search failed: fetch failed | Client network socket disconnected before secure TLS connection was established

Both originate from dist/subsystem-CWI_MDy_.js:161 (search subsystem) wrapping a lower-level error from dist/engine-embeddings-DVkdyn0v.js → withRemoteHttpResponse → fetchWithSsrFGuard → undici dispatcher.

The two strings correspond to undici error causes:

• other side closed → server closed the keep-alive socket between requests, request reused a dead socket.
• Client network socket disconnected before secure TLS connection was established → TLS handshake aborted on a fresh socket (typical for pinned-DNS + Agent reuse with broken keep-alive).

Both are classic symptoms of a misconfigured / overly aggressive HTTP keep-alive pool.

---

Why this is not the upstream API

Same host, same network, same time:

# Direct curl to OpenAI: 100% success
curl -sS -o /dev/null -w "HTTP %{http_code} time=%{time_total}\n" -X POST \
  https://api.openai.com/v1/embeddings \
  -H "Authorization: Bearer sk-..." -H "Content-Type: application/json" \
  -d '{"input":"transient pool test","model":"text-embedding-3-large"}'
# → HTTP 200 time=0.477410

# Native Node.js fetch to Gemini: 100% success, full 3072-dim payload returned
node -e "
fetch('https://generativelanguage.googleapis.com/v1beta/models/gemini-embedding-2-preview:embedContent', {
  method:'POST',
  headers:{'Content-Type':'application/json','x-goog-api-key':'***'},
  body:JSON.stringify({content:{parts:[{text:'test'}]},taskType:'RETRIEVAL_QUERY',outputDimensionality:3072})
}).then(r=>r.json()).then(j=>console.log('OK dims=',(j.embedding?.values||[]).length))
  .catch(e=>console.error('FAIL:', e.message, e.cause?.message));
"
# → OK dims= 3072

Repeated curl and Node fetch runs against both endpoints from the same machine never reproduce the disconnect. The failure is specific to OpenClaw's internal fetch path.

---

Why it is not provider-specific

Provider	Model	Response size	Failure rate observed
OpenAI	text-embedding-3-large (3072-dim)	~30 KB	~20–40%
Google	gemini-embedding-2-preview (3072-dim)	~60 KB	~80–100%

Same host, same gateway version, same code path (withRemoteHttpResponse → fetchWithSsrFGuard). Switching provider does not eliminate the bug, only changes its frequency. Larger response bodies / longer-held sockets correlate with higher failure rates, which strongly suggests a connection-pool / keep-alive issue rather than a per-provider authentication or URL bug.

---

Suspected root cause

Looking at the bundled code paths in 2026.4.24 (cbcfdf6):

• dist/extensions/google/embedding-provider.js and the corresponding OpenAI path both call withRemoteHttpResponse({ url, ssrfPolicy, init }).
• dist/engine-embeddings-DVkdyn0v.js defines withRemoteHttpResponse → fetchWithSsrFGuard.
• dist/fetch-guard-DKbwHPzH.js instantiates per-call undici dispatchers via:
  • createPolicyDispatcherWithoutPinnedDns(...) for direct mode, or
  • createPinnedDispatcher(await resolvePinnedHostnameWithPolicy(...)) for the SSRF-pinned path,
• backed by createHttp1Agent / createHttp1EnvHttpProxyAgent / createHttp1ProxyAgent from dist/undici-runtime-x3fQiq5e.js, with a global stream timeout from dist/undici-global-dispatcher-KzKcGOUY.js.

The user-visible error patterns (other side closed, Client network socket disconnected before secure TLS connection was established) are the classic undici socket-reuse-on-dead-keepalive failure mode. The per-call dispatcher / pinned-DNS approach appears to either:

1. share a connection pool across calls without reliably retiring sockets that the upstream has already half-closed,
2. or interact badly with undici keep-alive defaults (keepAliveTimeout, keepAliveMaxTimeout, pipelining) for high-latency TLS endpoints like api.openai.com and generativelanguage.googleapis.com,
3. or close/release the dispatcher (release(dispatcher) → closeDispatcher) in a way that leaves an in-flight socket reusable for the next call.

A single retry on UND_ERR_SOCKET / ECONNRESET / TLS-handshake-aborted errors at the withRemoteHttpResponse layer would mask this for users, but the underlying pool behavior likely deserves a fix.

---

Impact

• Semantic recall is unreliable in interactive sessions despite Embeddings: ready reporting healthy.
• Users see "no matches" results or hard Memory search failed: fetch failed | … errors at a measurable rate (~20–40% in this environment, higher under concurrent load).
• Active-memory plugin recall similarly degrades.
• openclaw doctor does not surface this — memory status reports the provider as ready because the readiness probe happens to pass.

---

Workarounds tried

Action	Result
Switch provider OpenAI ↔ Gemini	Same bug, different frequency.
Use gemini-embedding-001 instead of 2-preview	Same bug.
Reduce outputDimensionality (3072 → default)	Helps slightly (smaller payload) but does not eliminate.
gateway restart	No effect; reproduces immediately.
Direct curl / native Node fetch from same host	Always succeeds — confirms not a network/upstream issue.

No workaround at the user-config level reliably eliminates the failures.

---

Suggested fixes

1. Add a bounded retry (e.g. 1–2 retries with short backoff) around withRemoteHttpResponse for embedding calls, scoped to undici/TLS connection-reset error classes (UND_ERR_SOCKET, ECONNRESET, EPIPE, Client network socket disconnected before secure TLS connection was established, other side closed). This alone would make the user-visible behavior reliable.
2. Tune the undici dispatcher for the embedding pool: explicit keepAliveTimeout / keepAliveMaxTimeout lower than the typical Google/OpenAI server-side keep-alive idle (e.g. 4 s), and pipelining: 0. Right now the symptoms are fully consistent with reusing a socket the server has already half-closed.
3. Surface the error class better in openclaw memory status --deep so users can distinguish "auth misconfig" vs. "transient socket pool failure". Currently both look the same as Embeddings error: fetch failed | other side closed.
4. Optional: a memorySearch.remote.retry config knob ({enabled: true, maxAttempts: 2, backoffMs: 250}) so users can opt in/out without code changes.

---

Additional notes

• This affects memory.backend: builtin. QMD-backed workspaces are not affected because they do not exercise the same per-query fetch path.
• The bundled embedding-provider.js already uses executeWithApiKeyRotation, but rotation only kicks in for API-key-level failures, not for transient network/socket errors, so it does not help here.
• Happy to provide more detailed undici-level logs if a debug flag is available — please point me at the right env var (NODE_DEBUG=undici was tried but the gateway buffers its own logger).

---

TL;DR

openclaw memory search (live single-embed path) fails ~20–40% of the time with fetch failed | other side closed or … socket disconnected before secure TLS connection was established, while the exact same upstream endpoint works 100% via curl and native Node fetch from the same host. Affects all remote embedding providers, gets worse with bigger responses and concurrent load. Looks like a keep-alive / pool-reuse bug in the SSRF-guarded fetch path; a retry layer + dispatcher tuning should fix the user-visible symptom.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open. Current main and the latest release still run live memory-search query embeddings through a timeout-only helper, while the existing retry classifier already recognizes the reported socket failures; the related open PR is for batch/reindex resilience and does not cover this live query path.

Reproducibility: yes. at source level. Mock provider.embedQuery() to throw TypeError("fetch failed | other side closed") once and current main will still abort through embedQueryWithTimeout() because that helper is not wrapped in the retry loop.

Next step
This is a narrow source-provable memory-core bug with clear files and focused regression coverage.

Review details

Best possible solution:

Wrap live query embeddings in the existing bounded memory embedding retry loop, preserving timeout cancellation, provider contracts, and fast failure for non-retryable errors.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level. Mock provider.embedQuery() to throw TypeError("fetch failed | other side closed") once and current main will still abort through embedQueryWithTimeout() because that helper is not wrapped in the retry loop.

Is this the best way to solve the issue?

Yes. Reusing the existing retry classifier and bounded retry loop for live query embeddings is the narrowest maintainable fix; dispatcher tuning or a new config knob should only be considered if retry evidence proves insufficient.

Label changes:

• add P2: This is a normal-priority memory recall reliability bug with a clear but limited memory-core blast radius.
• add impact:session-state: The failure affects semantic memory recall and memory-backed session context rather than provider auth or message delivery.
• add issue-rating: 🦞 diamond lobster: Current issue advisory state selects this label.
• add clawsweeper:source-repro: Current issue advisory state selects this label.
• add clawsweeper:queueable-fix: Current issue advisory state selects this label.
• add clawsweeper:fix-shape-clear: Current issue advisory state selects this label.

Label justifications:

• P2: This is a normal-priority memory recall reliability bug with a clear but limited memory-core blast radius.
• impact:session-state: The failure affects semantic memory recall and memory-backed session context rather than provider auth or message delivery.

Acceptance criteria:

• node scripts/run-vitest.mjs extensions/memory-core/src/memory/manager-embedding-policy.test.ts extensions/memory-core/src/memory/manager-search.test.ts extensions/memory-core/src/memory/index.test.ts
• node scripts/run-vitest.mjs packages/memory-host-sdk/src/host/embeddings-remote-fetch.test.ts packages/memory-host-sdk/src/host/remote-http.test.ts extensions/openai/embedding-provider.test.ts extensions/google/embedding-provider.test.ts
• node scripts/crabbox-wrapper.mjs run --provider blacksmith-testbox --shell -- "pnpm check:changed" if the fix expands beyond the focused query retry path

What I checked:

• Current live search path is single-shot: MemoryIndexManager.search() calls embedQueryWithTimeout(cleaned) before vector search, so a transient query embedding failure aborts the live search path before vector results are produced. (extensions/memory-core/src/memory/manager.ts:477, d5cc0d53b7e3)
• Query helper lacks retry loop: embedQueryWithTimeout() wraps provider.embedQuery(text, { signal }) in runEmbeddingOperationWithTimeout() but does not call runMemoryEmbeddingRetryLoop(). (extensions/memory-core/src/memory/manager-embedding-ops.ts:401, d5cc0d53b7e3)
• Batch path already has the reusable retry mechanism: embedBatchWithRetry() and embedBatchInputsWithRetry() already use runMemoryEmbeddingRetryLoop(), showing the existing policy can be applied without inventing a new retry surface. (extensions/memory-core/src/memory/manager-embedding-ops.ts:327, d5cc0d53b7e3)
• Classifier covers the reported errors: isRetryableMemoryEmbeddingError() matches fetch failed, other side closed, ECONNRESET, EPIPE, UND_ERR_, socket hangups, network errors, and timeouts. (extensions/memory-core/src/memory/manager-embedding-policy.ts:83, d5cc0d53b7e3)
• Remote providers use the guarded fetch path from the report: OpenAI query embeddings call fetchRemoteEmbeddingVectors() and Gemini embeddings call withRemoteHttpResponse(), matching the provider-agnostic guarded remote fetch surface described in the issue. (extensions/openai/embedding-provider.ts:59, d5cc0d53b7e3)
• Latest release still has the gap: Release v2026.5.18 still shows embedQueryWithTimeout() calling provider.embedQuery() through the timeout wrapper only, and MemoryIndexManager.search() still calls that helper for live query vectors. (extensions/memory-core/src/memory/manager-embedding-ops.ts:401, 50a2481652b6)

Likely related people:

• steipete: History shows major memory manager extraction and plugin-move commits around the affected manager and embedding operation files. (role: recent memory-core area contributor; confidence: high; commits: 4c401d336dae, cad83db8b2f7; files: extensions/memory-core/src/memory/manager.ts, extensions/memory-core/src/memory/manager-embedding-ops.ts)
• buyitsydney: Authored the merged socket-error retry classifier change that current main carries and that the live query path should reuse. (role: retry-classifier contributor; confidence: high; commits: 5f5e0a3633c2; files: extensions/memory-core/src/memory/manager-embedding-policy.ts, extensions/memory-core/src/memory/manager-embedding-policy.test.ts)
• DhtIsCoding: Authored the merged withRemoteHttpResponse() proxy-mode change in the guarded remote embedding transport layer below the affected providers. (role: adjacent remote embedding transport contributor; confidence: medium; commits: f408bba9de72; files: packages/memory-host-sdk/src/host/remote-http.ts)
• obviyus: Current-line blame for the affected extension-local files points to the commit that recreated these files on current main, though the domain logic predates that move. (role: recent file rehoming contributor; confidence: medium; commits: de195645f94a; files: extensions/memory-core/src/memory/manager.ts, extensions/memory-core/src/memory/manager-embedding-ops.ts, extensions/memory-core/src/memory/manager-embedding-policy.ts)

Remaining risk / open question:

• No live remote-provider reproduction was run in this read-only review; the conclusion is source-reproducible and supported by reporter retests.
• The open batch/reindex PR may overlap if maintainers broaden its scope, but as written it does not solve the live query embedding path.
• The issue body also mentions hangs and reindex stalls that are tracked by adjacent memory issues; the fix for this issue should stay scoped to live query embedding transport retries.

Codex review notes: model gpt-5.5, reasoning high; reviewed against d5cc0d53b7e3.

[heithmurray]

We just retested this on a live production-ish box after upgrading from 2026.4.25 to 2026.4.26, and the issue class still reproduces here.

What changed after 4.26

• OpenClaw updated cleanly to 2026.4.26
• memory was re-enabled explicitly:
  • plugins.slots.memory = "memory-core"
  • plugins.entries.memory-core.enabled = true
  • plugins.entries.memory-core.config.dreaming.enabled = true
  • agents.defaults.memorySearch.enabled = true
• gateway restarted cleanly
• openclaw status now reports memory as healthy at a high level:
  • 83 files
  • 857 chunks
  • plugin memory-core
  • vector ready
  • fts ready
  • embedding cache enabled
• dreaming artifacts and promotion harness are back online (DREAMS.md, recall store, managed dreaming cron)

What still fails

1) semantic search hangs / times out

openclaw memory search --agent main --query "Heith" --max-results 1 --json

This repeatedly hung until killed by timeout.

2) forced reindex can also stall

timeout 300s openclaw memory index --agent main --force --verbose

This exited with timeout (124) after 5 minutes.

3) we also saw the transport-side symptom

A prior search run surfaced:

• Memory search failed: fetch failed | other side closed

Why this does not look like upstream Gemini/OpenAI outage

From the same host, using the same configured Gemini key, a direct embedding request succeeds immediately with HTTP 200 against:

• models/gemini-embedding-001:embedContent

So on this box:

• direct provider call = healthy
• OpenClaw memory search path = hangs / transport-fails

That lines up closely with the diagnosis in this issue: upstream API healthy, failure appears to be inside OpenClaw's memory/transport path.

Extra context

We also found these related open reports while triaging:

• openclaw memory search CLI hangs indefinitely #61182 openclaw memory search CLI hangs indefinitely
• memory search can hit QMD SQLite lock contention during normal runtime #66339 memory search can hit QMD SQLite lock contention during normal runtime

So our current read is that 2026.4.26 improved the enablement/dreaming side, but did not fully resolve the core semantic memory search instability.

If helpful, I can add more exact command output from this box.

[kaufmanchang]

Environment: OpenClaw 2026.4.26, macOS 26.3, undici 8.1.0, provider OpenRouter (openrouter.ai/api/v1), model text-embedding-3-small.

Confirmed root cause: undici HTTP/1.1 connection pool reuses sockets that OpenRouter has already closed server-side. OpenRouter responds with Connection: close but there is a race condition — the next request arrives before the socket is marked as closed, resulting in the request being sent on a dead socket. Each fresh process (curl, standalone Node.js https.request) succeeds reliably. The first search after a gateway restart succeeds; subsequent ones fail with fetch failed | other side closed, read ECONNRESET, write EPIPE, or Client network socket disconnected before secure TLS connection was established.

What we tried without success:

• Gateway restart (recovers temporarily, recurs on next search)
• Adding Connection: close to memorySearch.remote.headers (undici ignores client-side header for pool decisions)
• Clearing the embedding cache entirely
• VACUUM on the SQLite store
• Reducing agent maxConcurrent to 1

Specific ask: Add retry-on-ECONNRESET/EPIPE in the embedding fetch path (fetchRemoteEmbeddingVectors in memory-core-host-engine-embeddings). The fix in undici would be to either:

1. Catch socket errors and retry the request with a new connection, or
2. Set keepAliveTimeout in the undici Agent to a value shorter than OpenRouter's server-side idle timeout (~5s seems safe based on testing)

Currently there is no retry for connection-class errors in the non-batch embedding path. This affects any active agent — the more frequently memory_search is called, the more often the stale connection is hit.