Issue Station
Sign In
Tools hereToolbox

openclaw - 💡(How to fix) Fix [Feature]: Support custom inference servers (OpenAI-compatible) [1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#56920Fetched 2026-04-08 01:45:58
View on GitHub
Comments
0
Participants
1
Timeline
2
Reactions
0
Author
leemgsleemgs
Participants
leemgsleemgs
Timeline (top)
cross-referenced ×1labeled ×1

Support custom inference servers (OpenAI-compatible) with Basic authentication and enable secure private network access for self-hosted and local endpoints.

My Motivation is users need flexibility to:

  • Integrate with self-hosted or third-party inference APIs
  • Use non-Bearer authentication methods (e.g., Basic auth)
  • Access internal/private network resources securely

This is especially important for enterprise and on-prem deployments where data privacy and network isolation are critical.

Root Cause

Support custom inference servers (OpenAI-compatible) with Basic authentication and enable secure private network access for self-hosted and local endpoints.

My Motivation is users need flexibility to:

  • Integrate with self-hosted or third-party inference APIs
  • Use non-Bearer authentication methods (e.g., Basic auth)
  • Access internal/private network resources securely

This is especially important for enterprise and on-prem deployments where data privacy and network isolation are critical.

Fix Action

Fix / Workaround

The current system only supports predefined inference providers and Bearer authentication, making it difficult to use custom or self-hosted APIs. It also blocks access to private or local network resources by default, preventing valid internal integrations. As a result, users must rely on complex workarounds, limiting flexibility and making the platform less suitable for enterprise and on-premise environments.

RAW_BUFFERClick to expand / collapse

Summary

Support custom inference servers (OpenAI-compatible) with Basic authentication and enable secure private network access for self-hosted and local endpoints.

My Motivation is users need flexibility to:

  • Integrate with self-hosted or third-party inference APIs
  • Use non-Bearer authentication methods (e.g., Basic auth)
  • Access internal/private network resources securely

This is especially important for enterprise and on-prem deployments where data privacy and network isolation are critical.

Problem to solve

The current system only supports predefined inference providers and Bearer authentication, making it difficult to use custom or self-hosted APIs. It also blocks access to private or local network resources by default, preventing valid internal integrations. As a result, users must rely on complex workarounds, limiting flexibility and making the platform less suitable for enterprise and on-premise environments.

Proposed solution

1. Custom Inference API Support

  • Introduce a new provider: owl

  • Support OpenAI-compatible APIs

  • Add Basic authentication (in addition to Bearer tokens)

  • Standardize environment variable:

    • OWL_API_KEY

  • Provide configuration guide:

    • docs/custom-inference-api.md

2. Private Network Access

  • Add allowPrivateNetwork option to:

    • Gateway configuration
    • Tool schemas

  • Enable controlled access to:

    • Localhost
    • Internal/private IP ranges

  • Update tools:

    • web_fetch
    • image_tool

  • Maintain SSRF protection by default (opt-in required for private access)

3. Maintenance Improvements

  • Remove deprecated SearXNG tests from web-search suite
  • Clean up unused gatewayMode property

Alternatives considered

  • Proxy-based integration: Requires additional infrastructure and increases complexity and maintenance overhead.
  • Extending only Bearer authentication: Does not address compatibility with systems using other auth methods like Basic.
  • Keeping strict network restrictions: Ensures security but blocks legitimate internal use cases, reducing flexibility.

These approaches were considered weaker due to limited flexibility, higher operational burden, or inability to support real-world enterprise needs.

Impact

  • Users can configure and use custom inference endpoints via the owl provider
  • Requests to private/internal services are blocked by default but allowed when explicitly enabled
  • Authentication works with both Bearer and Basic methods
  • Existing functionality remains unaffected

Evidence/examples

No response

Additional information

No response

extent analysis

Fix Plan

To implement custom inference servers with Basic authentication and enable secure private network access, follow these steps:

  • Introduce a new provider: Add a new provider named owl to support OpenAI-compatible APIs.
  • Implement Basic authentication: Update the authentication mechanism to support Basic authentication in addition to Bearer tokens.
  • Standardize environment variable: Use the OWL_API_KEY environment variable to store the API key for the custom inference server.
  • Update configuration guide: Create a new documentation file docs/custom-inference-api.md to provide a configuration guide for users.

Example code snippet to add Basic authentication:

import requests
from requests.auth import HTTPBasicAuth

# Set API key and endpoint
api_key = os.environ['OWL_API_KEY']
endpoint = 'https://example.com/inference'

# Set Basic authentication credentials
username = 'your_username'
password = 'your_password'

# Make request with Basic authentication
response = requests.post(endpoint, auth=HTTPBasicAuth(username, password), json={'input': 'your_input'})
  • Add private network access option: Introduce an allowPrivateNetwork option to the gateway configuration and tool schemas to enable controlled access to private or local network resources.
  • Update tools: Update tools such as web_fetch and image_tool to maintain SSRF protection by default and require opt-in for private access.

Example code snippet to add private network access option:

# Set allowPrivateNetwork option to True
gateway_config = {'allowPrivateNetwork': True}

# Make request to private network resource
response = requests.get('http://localhost:8080/resource', config=gateway_config)

Verification

To verify that the fix worked, test the following scenarios:

  • Configure a custom inference server using the owl provider and Basic authentication.
  • Make requests to the custom inference server using the OWL_API_KEY environment variable.
  • Test access to private or local network resources using the allowPrivateNetwork option.

Extra Tips

  • Ensure that the OWL_API_KEY environment variable is properly secured and not exposed to unauthorized users.
  • Monitor and log requests to private or local network resources to detect potential security issues.
  • Consider implementing additional security measures, such as IP whitelisting or rate limiting, to protect against unauthorized access.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#ssr#latency issue#model loading#environment variable

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING