fix(container): WebSocket reload, startup retry, loopback bypass

nnemirovsky · nnemirovsky · commit 7aea850a27eb · 2026-04-08T13:40:23.000+08:00
- Replace `openclaw secrets reload` with direct WebSocket RPC via
  node. The openclaw CLI hangs in container environments (confirmed
  bug in openclaw 2026.4.5 where any subcommand hangs). The node
  script reads gateway config from disk, opens a WebSocket to
  127.0.0.1, and sends the secrets.reload RPC directly.

- Add retry with backoff for startup env injection. Sluice starts
  before openclaw (compose healthcheck ordering), so the first few
  docker exec attempts fail with "container not running". Retries
  at 0, 2, 5, 10, 30 second intervals.

- Add --bypass 127.0.0.0/8 and ::1/128 to tun2proxy in all compose
  files so localhost traffic inside the openclaw container stays on
  loopback and doesn't get routed through the SOCKS5 proxy.
diff --git a/cmd/sluice/main.go b/cmd/sluice/main.go
@@ -341,10 +341,27 @@ func main() {
 	// Inject phantom env vars into the agent container at startup.
 	// Bindings with env_var set produce env var entries (e.g. OPENAI_API_KEY=phantom-xxx)
 	// that are written into the agent's .env file via docker exec.
+	// Retry with backoff because the agent container may still be starting
+	// (compose healthcheck ordering ensures sluice starts first).
 	if containerMgr != nil && db != nil {
-		if err := injectEnvVarsFromStore(db, containerMgr); err != nil {
-			log.Printf("WARNING: startup env injection failed: %v", err)
-		}
+		go func() {
+			backoff := []time.Duration{0, 2 * time.Second, 5 * time.Second, 10 * time.Second, 30 * time.Second}
+			for i, delay := range backoff {
+				if delay > 0 {
+					time.Sleep(delay)
+				}
+				if err := injectEnvVarsFromStore(db, containerMgr); err != nil {
+					if i < len(backoff)-1 {
+						log.Printf("startup env injection attempt %d/%d failed: %v (retrying)", i+1, len(backoff), err)
+						continue
+					}
+					log.Printf("WARNING: startup env injection failed after %d attempts: %v", len(backoff), err)
+				} else {
+					log.Printf("startup env injection succeeded (attempt %d/%d)", i+1, len(backoff))
+					return
+				}
+			}
+		}()
 	}
 
 	// Configure the OAuth refresh callback so that after a token refresh
diff --git a/compose.dev.yml b/compose.dev.yml
@@ -32,7 +32,7 @@ services:
     cap_add: [NET_ADMIN]
     devices:
       - /dev/net/tun:/dev/net/tun
-    command: ["--proxy", "socks5://sluice:1080"]
+    command: ["--proxy", "socks5://sluice:1080", "--bypass", "127.0.0.0/8", "--bypass", "::1/128"]
     ports:
       - "${OPENCLAW_GATEWAY_PORT:-18789}:18789"
     healthcheck:
diff --git a/compose.e2e.yml b/compose.e2e.yml
@@ -28,7 +28,7 @@ services:
     cap_add: [NET_ADMIN]
     devices:
       - /dev/net/tun:/dev/net/tun
-    command: ["--proxy", "socks5://sluice:1080"]
+    command: ["--proxy", "socks5://sluice:1080", "--bypass", "127.0.0.0/8", "--bypass", "::1/128"]
     healthcheck:
       test: ["CMD-SHELL", "ip link show tun0 || exit 1"]
       interval: 5s
diff --git a/compose.yml b/compose.yml
@@ -46,7 +46,7 @@ services:
     cap_add: [NET_ADMIN]
     devices:
       - /dev/net/tun:/dev/net/tun
-    command: ["--proxy", "socks5://sluice:1080"]
+    command: ["--proxy", "socks5://sluice:1080", "--bypass", "127.0.0.0/8", "--bypass", "::1/128"]
     # OpenClaw uses network_mode: "service:tun2proxy", so its ports are
     # exposed here. Gateway (18789) serves the web UI and API.
     ports:
diff --git a/internal/container/docker.go b/internal/container/docker.go
@@ -92,14 +92,44 @@ func (m *DockerManager) InjectEnvVars(ctx context.Context, envMap map[string]str
 	}
 
 	// Signal the agent to reload secrets from the updated env file.
+	// The openclaw CLI hangs in container environments (confirmed bug in
+	// 2026.4.5), so we send the secrets.reload RPC directly via WebSocket
+	// using node which is available in the openclaw container.
 	if reloadErr := m.client.ExecInContainer(ctx, m.containerName,
-		[]string{"openclaw", "secrets", "reload"}); reloadErr != nil {
+		[]string{"node", "-e", reloadSecretsScript}); reloadErr != nil {
 		log.Printf("env vars injected but secrets reload failed: %v", reloadErr)
 	}
 
 	return nil
 }
 
+// reloadSecretsScript is a Node.js one-liner that sends a secrets.reload
+// RPC to the openclaw gateway via WebSocket. It reads the gateway config
+// from disk to discover the port and auth token. This bypasses the openclaw
+// CLI which hangs in container/non-TTY environments.
+const reloadSecretsScript = `const fs=require("fs"),http=require("http"),crypto=require("crypto");` +
+	`let port=18789,token="";` +
+	`try{const c=JSON.parse(fs.readFileSync(process.env.HOME+"/.openclaw/openclaw.json","utf8"));` +
+	`port=c.gateway?.port||18789;token=c.gateway?.auth?.token||"";}catch(e){}` +
+	`const key=crypto.randomBytes(16).toString("base64");` +
+	`const req=http.request({hostname:"127.0.0.1",port,path:"/",headers:{` +
+	`"Upgrade":"websocket","Connection":"Upgrade",` +
+	`"Sec-WebSocket-Key":key,"Sec-WebSocket-Version":"13",` +
+	`"Authorization":"Bearer "+token}});` +
+	`req.on("upgrade",(res,socket)=>{` +
+	`const id=crypto.randomUUID();` +
+	`const msg=JSON.stringify({type:"req",id,method:"secrets.reload"});` +
+	`const p=Buffer.from(msg),mask=crypto.randomBytes(4);` +
+	`let h;if(p.length<126){h=Buffer.alloc(2);h[0]=0x81;h[1]=0x80|p.length;}` +
+	`else{h=Buffer.alloc(4);h[0]=0x81;h[1]=0x80|126;h.writeUInt16BE(p.length,2);}` +
+	`const m=Buffer.alloc(p.length);for(let i=0;i<p.length;i++)m[i]=p[i]^mask[i%4];` +
+	`socket.write(Buffer.concat([h,mask,m]));` +
+	`socket.on("data",()=>{console.log("secrets reloaded");process.exit(0);});` +
+	`setTimeout(()=>process.exit(0),5000);});` +
+	`req.on("error",e=>{console.error(e.message);process.exit(1);});` +
+	`req.setTimeout(5000,()=>{req.destroy();process.exit(1);});` +
+	`req.end();`
+
 // RestartWithEnv recreates the container with updated environment variables.
 // It inspects the current container config, stops and removes it, creates a
 // new container with the same config plus updated env vars, and starts it.
diff --git a/internal/container/docker_test.go b/internal/container/docker_test.go
@@ -514,16 +514,11 @@ func TestInjectEnvVarsWritesEnvFile(t *testing.T) {
 		t.Errorf("script should reference .openclaw/.env, got %s", script)
 	}
 
-	// Second call: secrets reload.
-	wantReload := []string{"openclaw", "secrets", "reload"}
+	// Second call: secrets reload via node WebSocket script.
 	if len(mc.execCalls[1]) != 3 {
-		t.Errorf("reload cmd = %v, want %v", mc.execCalls[1], wantReload)
-	} else {
-		for i, w := range wantReload {
-			if mc.execCalls[1][i] != w {
-				t.Errorf("reload cmd[%d] = %q, want %q", i, mc.execCalls[1][i], w)
-			}
-		}
+		t.Errorf("reload cmd len = %d, want 3", len(mc.execCalls[1]))
+	} else if mc.execCalls[1][0] != "node" || mc.execCalls[1][1] != "-e" {
+		t.Errorf("reload cmd = %v, want [node -e <script>]", mc.execCalls[1][:2])
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -514,16 +514,11 @@ func TestInjectEnvVarsWritesEnvFile(t *testing.T) {`
`514`	`514`	`t.Errorf("script should reference .openclaw/.env, got %s", script)`
`515`	`515`	`}`
`516`	`516`
`517`		`- // Second call: secrets reload.`
`518`		`- wantReload := []string{"openclaw", "secrets", "reload"}`
	`517`	`+ // Second call: secrets reload via node WebSocket script.`
`519`	`518`	`if len(mc.execCalls[1]) != 3 {`
`520`		`- t.Errorf("reload cmd = %v, want %v", mc.execCalls[1], wantReload)`
`521`		`- } else {`
`522`		`- for i, w := range wantReload {`
`523`		`- if mc.execCalls[1][i] != w {`
`524`		`- t.Errorf("reload cmd[%d] = %q, want %q", i, mc.execCalls[1][i], w)`
`525`		`- }`
`526`		`- }`
	`519`	`+ t.Errorf("reload cmd len = %d, want 3", len(mc.execCalls[1]))`
	`520`	`+ } else if mc.execCalls[1][0] != "node" \|\| mc.execCalls[1][1] != "-e" {`
	`521`	`+ t.Errorf("reload cmd = %v, want [node -e <script>]", mc.execCalls[1][:2])`
`527`	`522`	`}`
`528`	`523`	`}`
`529`	`524`