Description
File the Bug at GitHub
Go to github.com/NVIDIA/NemoClaw/issues/new and file a bug using this summary:
Title: CONNECT tunnel blocked (403) for policy-allowlisted hosts — Slack Socket Mode and Brave Search non-functional
Body:
Environment: NemoClaw v0.0.13, Windows WSL2, Docker Desktop, Ubuntu
Problem: The sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on CONNECT tunnel requests for hosts that are explicitly listed in policy presets with access: full (e.g. wss-primary.slack.com) or protocol: rest (e.g. api.search.brave.com). Both Slack Socket Mode and Brave Search are completely non-functional as a result.
Steps to reproduce:
Apply slack and brave presets via nemoclaw my-assistant policy-add
From inside sandbox: curl -v https://wss-primary.slack.com/link → 403 Forbidden via proxy
From inside sandbox: curl -v https://api.search.brave.com/... → 403 Forbidden via proxy
From host WSL2 (outside sandbox): same URLs return expected responses
Expected: CONNECT tunnels to policy-allowlisted hosts should be permitted
Actual: All CONNECT tunnels return 403 regardless of policy
Reproduction Steps
File the Bug at GitHub
Go to github.com/NVIDIA/NemoClaw/issues/new and file a bug using this summary:
Title: CONNECT tunnel blocked (403) for policy-allowlisted hosts — Slack Socket Mode and Brave Search non-functional
Body:
Environment: NemoClaw v0.0.13, Windows WSL2, Docker Desktop, Ubuntu
Problem: The sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on CONNECT tunnel requests for hosts that are explicitly listed in policy presets with access: full (e.g. wss-primary.slack.com) or protocol: rest (e.g. api.search.brave.com). Both Slack Socket Mode and Brave Search are completely non-functional as a result.
Steps to reproduce:
Apply slack and brave presets via nemoclaw my-assistant policy-add
From inside sandbox: curl -v https://wss-primary.slack.com/link → 403 Forbidden via proxy
From inside sandbox: curl -v https://api.search.brave.com/... → 403 Forbidden via proxy
From host WSL2 (outside sandbox): same URLs return expected responses
Expected: CONNECT tunnels to policy-allowlisted hosts should be permitted
Actual: All CONNECT tunnels return 403 regardless of policy
Environment
File the Bug at GitHub
Go to github.com/NVIDIA/NemoClaw/issues/new and file a bug using this summary:
Title: CONNECT tunnel blocked (403) for policy-allowlisted hosts — Slack Socket Mode and Brave Search non-functional
Body:
Environment: NemoClaw v0.0.13, Windows WSL2, Docker Desktop, Ubuntu
Problem: The sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on CONNECT tunnel requests for hosts that are explicitly listed in policy presets with access: full (e.g. wss-primary.slack.com) or protocol: rest (e.g. api.search.brave.com). Both Slack Socket Mode and Brave Search are completely non-functional as a result.
Steps to reproduce:
Apply slack and brave presets via nemoclaw my-assistant policy-add
From inside sandbox: curl -v https://wss-primary.slack.com/link → 403 Forbidden via proxy
From inside sandbox: curl -v https://api.search.brave.com/... → 403 Forbidden via proxy
From host WSL2 (outside sandbox): same URLs return expected responses
Expected: CONNECT tunnels to policy-allowlisted hosts should be permitted
Actual: All CONNECT tunnels return 403 regardless of policy
Debug Output
File the Bug at GitHub
Go to github.com/NVIDIA/NemoClaw/issues/new and file a bug using this summary:
Title: CONNECT tunnel blocked (403) for policy-allowlisted hosts — Slack Socket Mode and Brave Search non-functional
Body:
Environment: NemoClaw v0.0.13, Windows WSL2, Docker Desktop, Ubuntu
Problem: The sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on CONNECT tunnel requests for hosts that are explicitly listed in policy presets with access: full (e.g. wss-primary.slack.com) or protocol: rest (e.g. api.search.brave.com). Both Slack Socket Mode and Brave Search are completely non-functional as a result.
Steps to reproduce:
Apply slack and brave presets via nemoclaw my-assistant policy-add
From inside sandbox: curl -v https://wss-primary.slack.com/link → 403 Forbidden via proxy
From inside sandbox: curl -v https://api.search.brave.com/... → 403 Forbidden via proxy
From host WSL2 (outside sandbox): same URLs return expected responses
Expected: CONNECT tunnels to policy-allowlisted hosts should be permitted
Actual: All CONNECT tunnels return 403 regardless of policy
Logs
File the Bug at GitHub
Go to github.com/NVIDIA/NemoClaw/issues/new and file a bug using this summary:
Title: CONNECT tunnel blocked (403) for policy-allowlisted hosts — Slack Socket Mode and Brave Search non-functional
Body:
Environment: NemoClaw v0.0.13, Windows WSL2, Docker Desktop, Ubuntu
Problem: The sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on CONNECT tunnel requests for hosts that are explicitly listed in policy presets with access: full (e.g. wss-primary.slack.com) or protocol: rest (e.g. api.search.brave.com). Both Slack Socket Mode and Brave Search are completely non-functional as a result.
Steps to reproduce:
Apply slack and brave presets via nemoclaw my-assistant policy-add
From inside sandbox: curl -v https://wss-primary.slack.com/link → 403 Forbidden via proxy
From inside sandbox: curl -v https://api.search.brave.com/... → 403 Forbidden via proxy
From host WSL2 (outside sandbox): same URLs return expected responses
Expected: CONNECT tunnels to policy-allowlisted hosts should be permitted
Actual: All CONNECT tunnels return 403 regardless of policy
Checklist
Description
File the Bug at GitHub
Go to github.com/NVIDIA/NemoClaw/issues/new and file a bug using this summary:
Title: CONNECT tunnel blocked (403) for policy-allowlisted hosts — Slack Socket Mode and Brave Search non-functional
Body:
Environment: NemoClaw v0.0.13, Windows WSL2, Docker Desktop, Ubuntu
Problem: The sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on CONNECT tunnel requests for hosts that are explicitly listed in policy presets with access: full (e.g. wss-primary.slack.com) or protocol: rest (e.g. api.search.brave.com). Both Slack Socket Mode and Brave Search are completely non-functional as a result.
Steps to reproduce:
Apply slack and brave presets via nemoclaw my-assistant policy-add
From inside sandbox: curl -v https://wss-primary.slack.com/link → 403 Forbidden via proxy
From inside sandbox: curl -v https://api.search.brave.com/... → 403 Forbidden via proxy
From host WSL2 (outside sandbox): same URLs return expected responses
Expected: CONNECT tunnels to policy-allowlisted hosts should be permitted
Actual: All CONNECT tunnels return 403 regardless of policy
Reproduction Steps
File the Bug at GitHub
Go to github.com/NVIDIA/NemoClaw/issues/new and file a bug using this summary:
Title: CONNECT tunnel blocked (403) for policy-allowlisted hosts — Slack Socket Mode and Brave Search non-functional
Body:
Environment: NemoClaw v0.0.13, Windows WSL2, Docker Desktop, Ubuntu
Problem: The sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on CONNECT tunnel requests for hosts that are explicitly listed in policy presets with access: full (e.g. wss-primary.slack.com) or protocol: rest (e.g. api.search.brave.com). Both Slack Socket Mode and Brave Search are completely non-functional as a result.
Steps to reproduce:
Apply slack and brave presets via nemoclaw my-assistant policy-add
From inside sandbox: curl -v https://wss-primary.slack.com/link → 403 Forbidden via proxy
From inside sandbox: curl -v https://api.search.brave.com/... → 403 Forbidden via proxy
From host WSL2 (outside sandbox): same URLs return expected responses
Expected: CONNECT tunnels to policy-allowlisted hosts should be permitted
Actual: All CONNECT tunnels return 403 regardless of policy
Environment
File the Bug at GitHub
Go to github.com/NVIDIA/NemoClaw/issues/new and file a bug using this summary:
Title: CONNECT tunnel blocked (403) for policy-allowlisted hosts — Slack Socket Mode and Brave Search non-functional
Body:
Environment: NemoClaw v0.0.13, Windows WSL2, Docker Desktop, Ubuntu
Problem: The sandbox proxy at 10.200.0.1:3128 returns HTTP 403 Forbidden on CONNECT tunnel requests for hosts that are explicitly listed in policy presets with access: full (e.g. wss-primary.slack.com) or protocol: rest (e.g. api.search.brave.com). Both Slack Socket Mode and Brave Search are completely non-functional as a result.
Steps to reproduce:
Apply slack and brave presets via nemoclaw my-assistant policy-add
From inside sandbox: curl -v https://wss-primary.slack.com/link → 403 Forbidden via proxy
From inside sandbox: curl -v https://api.search.brave.com/... → 403 Forbidden via proxy
From host WSL2 (outside sandbox): same URLs return expected responses
Expected: CONNECT tunnels to policy-allowlisted hosts should be permitted
Actual: All CONNECT tunnels return 403 regardless of policy
Debug Output
Logs
Checklist