Summary

Bug: Internal tool→gateway RPC calls incorrectly blocked by ws:// security check

Environment:

• OpenClaw version: 2026.2.14+
• Setup: Docker container, gateway.bind: "lan"

Summary:
The CWE-319 security check correctly blocks plaintext ws:// to remote hosts, but incorrectly blocks internal tool→gateway RPC calls that happen within the same process. This is a regression — these calls worked before v2026.2.14.

The bug:
When bind: "lan", the code resolves the gateway URL for internal RPC calls to the container's Docker network IP (e.g., ws://172.18.0.2:18789) instead of ws://127.0.0.1:18789. The security check then blocks this as "insecure."

Why this is a bug, not a feature request:

1. The security check's intent is to prevent credential interception over the network
2. Internal calls (agent → gateway in same process) have zero interception risk — there is no network
3. The gateway listens on 0.0.0.0 which includes 127.0.0.1 — localhost would work
4. The code choosing LAN IP instead of localhost for internal calls is the actual bug
5. This broke existing functionality that worked in v2026.2.13

Current workarounds:

• Downgrade to v2026.2.13
• Use bind: "loopback" (breaks external WebUI access)
• Complex TLS/reverse proxy setup

Steps to reproduce

Reproduction:

1. Run OpenClaw in Docker with gateway.bind: "lan"
2. Upgrade to v2026.2.14+
3. Try sessions_list tool → fails with:

Expected behavior

Expected behavior:
Internal RPC calls should use ws://127.0.0.1:<port> since agent and gateway are co-located.

Actual behavior

Tools cannot connect to gateway

OpenClaw version

2026.2.14+

Operating system

Linux

Install method

docker

Logs, screenshots, and evidence

Impact and severity

Affected tools:

• sessions_list
• sessions_history
• cron (list/add/remove)
• Any tool that calls gateway RPCs

Additional information

No response