Summary
Network policy entries using TLD wildcards (e.g., *.com, *.org) are accepted by openshell policy set without error, but the proxy silently rejects matching CONNECT requests — 0 bytes returned, connection closed. No denial logged anywhere.
Subdomain wildcards (*.wikipedia.org) and explicit domains (example.com) work correctly.
Environment
- OpenShell v0.0.25
- Ubuntu 22.04 x64
- Sandbox running OpenClaw with HTTP CONNECT proxy at 10.200.0.1:3128
Reproduction
- Create a policy with a TLD wildcard entry:
network_policies:
web_general:
name: web-general
endpoints:
- { host: "*.com", port: 443, enforcement: audit }
binaries:
- { path: /usr/bin/node }
- { path: /usr/bin/curl }
-
Apply: openshell policy set <sandbox> --policy policy.yaml → succeeds, new version submitted.
-
From inside sandbox:
# TLD wildcard — silently fails
HTTPS_PROXY=http://10.200.0.1:3128 curl -s -o /dev/null -w '%{http_code}' https://example.com
# Returns 000, exit code 56 (receive error, 0 bytes from proxy)
# Explicit domain — works
# (after adding explicit example.com to policy)
HTTPS_PROXY=http://10.200.0.1:3128 curl -s -o /dev/null -w '%{http_code}' https://example.com
# Returns 200
- Node.js
fetch() via EnvHttpProxyAgent shows the same behavior:
SocketError: UND_ERR_SOCKET
remoteAddress: 10.200.0.1, remotePort: 3128
bytesWritten: 207, bytesRead: 0
Expected Behavior
Either:
- TLD wildcards should match (e.g.,
*.com matches example.com, en.wikipedia.org)
- OR
openshell policy set should reject TLD wildcards with a validation error
The current behavior (accepted but silently non-functional) is the worst case for debugging — no error at submission time, no denial log at request time.
Workaround
Use subdomain wildcards (*.wikipedia.org) or explicit domains. For general web access (e.g., web_fetch tool), route through a server-side API like Firecrawl so only api.firecrawl.dev needs to be in the policy.
Notes
The OpenClaw-init deployment guide documents this as "TLD wildcards cause OPA errors," but on v0.0.25 there are no OPA errors — just silent rejection. The behavior may have changed between versions.
Related: #704 (log proxy denials at warn level) — if denials were logged, this would have been immediately obvious.
Summary
Network policy entries using TLD wildcards (e.g.,
*.com,*.org) are accepted byopenshell policy setwithout error, but the proxy silently rejects matching CONNECT requests — 0 bytes returned, connection closed. No denial logged anywhere.Subdomain wildcards (
*.wikipedia.org) and explicit domains (example.com) work correctly.Environment
Reproduction
Apply:
openshell policy set <sandbox> --policy policy.yaml→ succeeds, new version submitted.From inside sandbox:
fetch()viaEnvHttpProxyAgentshows the same behavior:Expected Behavior
Either:
*.commatchesexample.com,en.wikipedia.org)openshell policy setshould reject TLD wildcards with a validation errorThe current behavior (accepted but silently non-functional) is the worst case for debugging — no error at submission time, no denial log at request time.
Workaround
Use subdomain wildcards (
*.wikipedia.org) or explicit domains. For general web access (e.g.,web_fetchtool), route through a server-side API like Firecrawl so onlyapi.firecrawl.devneeds to be in the policy.Notes
The OpenClaw-init deployment guide documents this as "TLD wildcards cause OPA errors," but on v0.0.25 there are no OPA errors — just silent rejection. The behavior may have changed between versions.
Related: #704 (log proxy denials at warn level) — if denials were logged, this would have been immediately obvious.