[BUG] Discord integration fails — OpenShell proxy returns 403 on CONNECT tunnels despite valid network policy (WSL2) #685
Description
Summary
Discord integration is non-functional on NemoClaw (WSL2). The OpenShell sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on all CONNECT tunnel requests to Discord endpoints, even though the network policy correctly includes discord.com, gateway.discord.gg, and cdn.discordapp.com on port 443. The policy is confirmed loaded (visible in TUI, policy version accepted via openshell policy set), but the proxy's L7 REST TLS-terminate enforcement mode does not appear to support the CONNECT method required for HTTPS tunneling.
This is related to #481 (macOS) but confirmed independently on WSL2 with additional root-cause investigation.
Environment
- OS: Windows 11 + WSL2 (Ubuntu)
- GPU: NVIDIA RTX desktop GPU
- Docker: Docker Desktop for Windows with WSL2 backend
- Node.js: v22.x
- OpenClaw: 2026.3.11 (29dc654)
- NemoClaw: 0.1.0 (installed via
curl -fsSL https://nvidia.com/nemoclaw.sh | bash) - OpenShell CLI: 0.0.13
- OpenShell gateway image:
ghcr.io/nvidia/openshell/gateway:0.0.13 - Sandbox image:
openshell/sandbox-from:17742241 - Inference: NVIDIA Cloud API —
nvidia/nemotron-3-super-120b-a12b
Steps to Reproduce
- Install NemoClaw on WSL2 via the standard installer.
- Run
nemoclaw onboard— sandbox creates successfully, TUI chat works, inference works. - Configure Discord bot token inside the sandbox:
nemoclaw my-ai-assistant connect export DISCORD_BOT_TOKEN="<token>" openclaw config set channels.discord.token "$DISCORD_BOT_TOKEN" openclaw config set gateway.mode local openclaw doctor --fix
- Start the gateway:
openclaw gateway
- Gateway logs show:
[discord] [default] starting provider Non-fatal unhandled rejection: Error: Failed to get gateway information from Discord: fetch failed [discord] failed to deploy native commands: fetch failed [discord] failed to fetch bot identity: TypeError: fetch failed [discord] logged in to discord openclaw channels status --probereports:disconnected, probe failed
Root Cause Investigation
Proxy blocks CONNECT tunnels
The sandbox uses an HTTPS proxy at 10.200.0.1:3128 (set via https_proxy env var). All outbound HTTPS traffic must go through this proxy. The proxy returns 403 for Discord:
$ curl -v https://discord.com 2>&1
> CONNECT discord.com:443 HTTP/1.1
> Host: discord.com:443
< HTTP/1.1 403 Forbidden
No direct network access
The sandbox has no direct internet access — DNS resolution fails without the proxy:
$ curl -v --noproxy '*' https://discord.com 2>&1
* Could not resolve host: discord.com
Policy is correctly loaded
The Discord policy is present in the sandbox policy YAML at /opt/nemoclaw-blueprint/policies/openclaw-sandbox.yaml and visible in the OpenShell TUI under "Network Rules" showing all three Discord endpoints.
The policy was also explicitly re-pushed:
openshell policy set --policy /path/to/openclaw-sandbox.yaml my-ai-assistant
# ✓ Policy version 7 submitted (hash: 3b4042f8cd95)Even after pod deletion and recreation with the new policy version, the proxy still returns 403.
The proxy is PID 1 inside the sandbox
$ ss -tlnp | grep 3128
LISTEN 0 4096 10.200.0.1:3128 0.0.0.0:* users:(("openshell-sandb",pid=1,fd=12))
The proxy is the openshell-sandbox binary itself (/opt/openshell/bin/openshell-sandbox), running as the init process. It fetches policy via gRPC from the gateway (OPENSHELL_ENDPOINT), not from the local YAML file. The OPENSHELL_POLICY_RULES and OPENSHELL_POLICY_DATA environment variables are both empty.
L7 TLS termination likely incompatible with CONNECT
The TUI shows the Discord policy as (L7 REST, TLS terminate). This enforcement mode intercepts TLS at the proxy level. The CONNECT HTTP method used by standard HTTPS proxy clients (including Node.js fetch via EnvHttpProxyAgent) creates a raw TCP tunnel that the L7 proxy may not understand or may reject because it expects to terminate TLS itself.
Attempted Workarounds (all failed)
| Workaround | Result |
|---|---|
nemoclaw my-ai-assistant policy-add discord |
Policy shows as applied but proxy still returns 403 |
openshell policy set --policy <file> my-ai-assistant |
Policy v7 accepted, proxy still returns 403 |
Full nemoclaw destroy + nemoclaw onboard rebuild |
Fresh sandbox, same 403 |
Pod deletion (kubectl delete pod) + recreation |
New pod with policy v7, same 403 |
export no_proxy="discord.com,gateway.discord.gg,cdn.discordapp.com" |
DNS resolution fails — no direct network path |
Unsetting https_proxy entirely |
DNS resolution fails — no direct network path |
Expected Behavior
When Discord endpoints are listed in the network policy, the OpenShell proxy should allow HTTPS connections to those endpoints — either by supporting CONNECT tunnels or by transparently proxying TLS connections.
Suggested Fix
The proxy's L7 REST enforcement mode needs to handle one of:
- Support
CONNECTtunnels for policy-allowed endpoints — this is how standard HTTPS proxying works and what all Node.js HTTP clients expect. - Offer a passthrough/L4 mode for endpoints that use WebSockets or persistent connections (like Discord's gateway at
gateway.discord.gg), where TLS termination is not appropriate. - Document the limitation and provide a working alternative (e.g., running a CONNECT-capable sidecar proxy, or a bridge service outside the sandbox like the Telegram bridge).
Related Issues
- Can't connect discord or tg to neemoclaw #481 — Discord and Telegram both fail with 403 on macOS (same root cause)
- WSL2 Support Tracking — Known Gaps & Workarounds #305 — WSL2 support tracking (nested networking issues)
Additional Context
- The Telegram bridge (
nemoclaw start) works because it runs outside the sandbox, bypassing the proxy entirely. A similar "Discord bridge" service would solve this. - The base sandbox functionality (TUI chat, inference) works perfectly — only external messaging integrations are affected.
- OpenClaw's Discord integration works correctly when run outside NemoClaw (no proxy restrictions).
Confirmation
- I confirmed this bug is reproducible
- I searched existing issues and this is related to but distinct from Can't connect discord or tg to neemoclaw #481
- The sandbox, gateway, and inference are all healthy — only the proxy blocks Discord