PR #1187, merged on 2026-05-19 by @baychak, raises the maximum nesting depth allowed for OpenAI-format tool schemas in the Gonka DevShard gateway from 5 to 16. The change addresses the dominant false-positive class seen in production-captured rejections from 2026-05-18, where legitimate agent tool schemas were being turned away for being too deeply nested.

What changed

DevShard runs an input filter on incoming chat completion requests that bounds the structure of tool schemas to prevent schema-bomb attacks. One of those bounds is MaxDepth on the tools[].function.parameters JSON schema. Until this PR it was set to 5.

  • request_filters_parameters.goToolsValidator.MaxDepth raised from 5 to 16 for the tools registration only. The matching constant for response_format.json_schema.schema and chat_template_kwargs stays at 5 for now, since no false positives have been observed there.
  • tools_test.go — the default tools validator's depth bound is now 16; a new fixture locks in the OpenClaw message.presentation.blocks[].buttons[].label case at depth 12; the deep-recursion attack at depth 200 still rejects.
  • supported-params.md — the public DevShard parameter docs now state depth <= 16, with the rationale inline.

Total diff: 6 additions, 5 deletions, 3 changed files.

Why it matters

The previous depth limit of 5 was strictly tighter than what every upstream model provider in the chain actually accepts. Industry JSON parsers default to depths of 512 to 1000 for stack-overflow safety. OpenAI's docs name 5 as the strict-mode cap, but its API accepts deeper schemas in practice. Anthropic, vLLM, LiteLLM, and OpenRouter do not enforce a hard depth cap on tool schemas at all.

What this meant for users: any client whose tool schemas legitimately nested past five levels would hit a 400 nesting-depth rejection on DevShard while working everywhere else. The captured production traffic showed concrete examples: the OpenClaw message tool at depth 12, OpenClaw sessions_spawn and update_plan at depth 7, Cursor / Claude Code / Kilo edit tools at depths 5 to 8, MCP server tool schemas at depths 4 to 10, and LangChain Pydantic-derived tools at depths 4 to 7.

With the cap at 16 there is roughly 33% headroom over the deepest legitimate schema observed in captured traffic, while staying 64x below industry parser defaults. The actual schema-bomb defense — MaxNodes=128, MaxSize=16 KiB, MaxBranch=16, and the ban on $ref, $defs, and definitions — is unchanged. A real schema bomb is wide, not deep within 16 levels.

Tradeoffs and follow-ups

The PR is intentionally narrow: only the tools-schema validator was bumped. The same depth-5 cap on response_format.json_schema.schema and chat_template_kwargs remains in place. The PR notes that those will be raised in a follow-up if similar false positives appear in filter_rejected/ captures from those code paths. The next verification step is a production canary on Kimi-K2.6 nodes, watching the filter_rejected rate for the nesting-depth class to drop toward zero.