Vertex AI Gemini function calls fail with 'Function call is missing a thought_signature in functionCall parts'

[tmote]

Bug: Vertex AI Gemini function calls fail with Function call is missing a thought_signature in functionCall parts

Summary

When OpenClaw routes a tool-using request through LiteLLM to Vertex AI Gemini (gemini-flash, gemini-2.x, etc.), Vertex returns HTTP 400 with the error message Function call is missing a thought_signature in functionCall parts. This is required for tools to work correctly, and missing thought_signature may lead to degraded model performance. The function call payload OpenClaw constructs for Vertex/Gemini doesn't include the thought_signature field that Vertex's beta API now requires for tool use.

The error surfaces immediately on any agent run that:

1. Has tool definitions registered (built-in OR MCP)
2. Falls through to a Gemini model in the fallback chain

Environment

• OpenClaw 2026.4.5 (3e72c03)
• Ubuntu 24.04.4 LTS, Node v24.14.1 via nvm
• LiteLLM proxy with Gemini configured via gemini-flash model alias
• MCP server: @softeria/ms-365-mcp-server (110+ tool definitions, but the issue is general — happens with any tool-using request)

Steps to reproduce

1. Configure a LiteLLM model entry for Gemini Flash and a fallback chain that points to it. Example:

   model_list:
     - model_name: gemini-flash
       litellm_params:
         model: gemini/gemini-flash-latest
         api_key: os.environ/GEMINI_API_KEY
   
   router_settings:
     fallbacks:
       - claude-haiku-4-5: [claude-sonnet-4-6, gemini-flash]

2. Configure an OpenClaw agent that uses litellm/claude-haiku-4-5 and has access to any tool (built-in or MCP).

3. Trigger an agent run that requires the agent to call a tool. (Easiest: register an MCP server with a tool the agent will plausibly use, then send a Teams/Signal/etc. message that triggers the tool call.)

4. Force fallback to Gemini by either rate-limiting Anthropic temporarily, or by setting Gemini as the primary model directly.

5. Observed: HTTP 400 from Vertex with the thought_signature error. Full error from our logs:

   FailoverError: HTTP 400: litellm.BadRequestError: Vertex_ai_betaException BadRequestError - b'{
     "error": {
       "code": 400,
       "message": "Function call is missing a thought_signature in functionCall parts. This is required for tools to work correctly, and missing thought_signature may lead to degraded model performance. Additional data, function call `default_api:ms365__list-calendar-events`, position 37. Please refer to https://ai.google.dev/gemini-api/docs/thought-signatures for more details.",
       "status": "INVALID_ARGUMENT"
     }
   }'
   

Expected behavior

OpenClaw's Gemini provider adapter (or the LiteLLM-passed payload) should include a thought_signature field in the functionCall parts of any request that includes tool definitions. The required format is documented at https://ai.google.dev/gemini-api/docs/thought-signatures.

Actual behavior

The function call payload OpenClaw constructs lacks the thought_signature field. Vertex returns HTTP 400. The agent run fails. With retries enabled in the fallback chain, the error compounds (multiple failed retries before giving up).

Severity

Medium-high. Anyone who lists Gemini in their LiteLLM fallback chain will hit this the moment a tool call routes through Gemini. For OpenClaw deployments using LiteLLM with mixed-provider fallback chains (a common pattern), this is a hidden trap that only surfaces when the primary provider fails.

Workaround

Remove gemini-flash (and any other Gemini variant) from any LiteLLM fallback chain that may include tool-using models:

router_settings:
  fallbacks:
    - claude-haiku-4-5: [claude-sonnet-4-6]   # was: [claude-sonnet-4-6, gemini-flash]
    - routellm-auto: [gpt-5-mini]              # was: [gemini-flash, gpt-5-mini]

Gemini can still be used as a primary model for non-tool-using requests, but should not be reached via fallback for any agent that has tools enabled.

Suggested fix paths

1. Add thought_signature to the function call payload in OpenClaw's Gemini/Vertex provider adapter. The Vertex API docs at https://ai.google.dev/gemini-api/docs/thought-signatures specify the format.
2. Detect Gemini in the LiteLLM target and either include the field automatically OR refuse to send tool-using requests to Gemini until support lands.
3. Document the limitation in the OpenClaw docs page for litellm provider configuration so operators know to exclude Gemini from tool-using fallback chains.

Where this bit us

Synap deployment, 2026-04-08. We were wiring @softeria/ms-365-mcp-server to give pleres and family agents access to Microsoft 365 calendar/email/SharePoint. When Anthropic Haiku rate-limited under heavy testing, the LiteLLM fallback chain dispatched to Gemini, which returned the Vertex 400 on every tool call. Once removed from the fallback chain, the immediate issue went away — but Gemini is now effectively unusable for any tool-using request in this deployment until this is fixed.

Related upstream issues

• openclaw doctor --fix corrupts signal multi-account config by inventing a phantom accounts.default block #62763, openclaw doctor --fix regenerates user-systemd unit even when system unit owns the gateway, causing dual-instance deadlock #62764, msteams dmPolicy=pairing silently drops unpaired senders with HTTP 200, no log line, no auto-reply #62765, Add channels.msteams.webhook.host to bind the bot webhook to loopback only #62766, Agent runtime per-turn startup overhead is ~17s on CPU-only systems, dominating end-to-end latency for fast cloud models #63357, mcp.servers.<name>.env field is silently dropped at spawn time #63394 (other OpenClaw issues filed during the same Synap deployment)

[shaharsha]

Adding a data point from a different API path — not to derail the Vertex-focused thread, but to make sure the fix covers the native-Gemini-API variant too:

Failure mode on generativelanguage.googleapis.com/v1beta (native Gemini API, not Vertex): instead of returning HTTP 400, the server returns HTTP 200 with finish_reason=stop and zero content parts when thought_signature is missing from preceding function-call turns. Same root cause (OpenClaw not round-tripping thought_signature — verified via grep -c thought_signature /app/dist/pi-embedded-runner-*.js → 0), different downstream behavior.

User-facing impact is arguably worse than the 400 variant: OpenClaw's agent/embedded runtime sees stopReason=stop payloads=0 and logs incomplete turn detected … surfacing error to user. The user gets a generic "Agent couldn't generate a response" message. The internal empty-response-retry path (maxEmptyResponseRetryAttempts = 1) is suppressed whenever attempt.lastToolError is set, so any turn where a tool errored and Gemini then silently degrades goes straight to the user as an error, no retry.

Environment:

• OpenClaw 2026.4.15
• Model: gemini-3-flash-preview (preview) via google-generative-ai provider api
• Path: OpenClaw container → internal gateway proxy → generativelanguage.googleapis.com/v1beta/models/gemini-3-flash-preview:streamGenerateContent?alt=sse
• tools.web.search.provider = metered-gemini, plus default web_fetch
• Incidence scales with tool-error density — an agent with heavy web_fetch usage (where Cloudflare-protected domains return 403) hits this ~2x/week; an agent in the same cluster with zero web_fetch usage has hit it 0 times in the same window.

Happy to share sanitized logs / a minimal repro if useful.

For cross-reference, the same underlying bug has been observed in other SDK ecosystems that also don't round-trip signatures: BerriAI/litellm#19403, BerriAI/litellm#21041, BerriAI/litellm#25322, google/adk-python#4090.

[steipete]

Closing this as implemented after Codex review.

Current main already round-trips Gemini thought_signature values for both OpenAI-compatible Google routes (including LiteLLM/Vertex-style proxy paths) and native Google Generative AI transport, and the same behavior is already present in released v2026.4.23.

What I checked:

• Current main injects Google thought signatures on OpenAI-compatible replay: buildOpenAICompletionsParams() calls injectToolCallThoughtSignatures(), which re-attaches stored thoughtSignature values to outgoing tool_calls[*].extra_content.google.thought_signature for matching Google-compatible routes. (src/agents/openai-transport-stream.ts:1638, 86f8c826e20a)
• Current main preserves thought signatures on native Google transport replay: The native Google transport includes thoughtSignature when converting prior assistant tool calls back into Gemini functionCall parts, which addresses the native Gemini API path raised in the issue comments. (extensions/google/transport-stream.ts:355, 86f8c826e20a)
• Current main captures thought signatures from native Google streamed function calls: When parsing streamed Gemini responses, the Google transport stores part.thoughtSignature onto the emitted toolCall content block, so the signature is available for subsequent replay turns. (extensions/google/transport-stream.ts:715, 86f8c826e20a)
• Released v2026.4.23 already shipped the OpenAI-compatible replay fix: The v2026.4.23 tag contains the same injectToolCallThoughtSignatures() path and replay hook in buildOpenAICompletionsParams(), so this is not just on unreleased main. (src/agents/openai-transport-stream.ts:1605, a9797214338b)
• Released regression tests cover the LiteLLM/Vertex-style OpenAI-compatible path: v2026.4.23 includes tests that capture extra_content.google.thought_signature from streamed Google-compatible tool calls and verify it is re-emitted on replay. (src/agents/openai-transport-stream.test.ts:1691, a9797214338b)
• Released regression tests cover the native Gemini API path noted in comments: v2026.4.23 also includes native Google transport tests that parse a streamed Gemini functionCall carrying thoughtSignature and replay that signature back into outgoing Gemini contents[].parts[]. (extensions/google/transport-stream.test.ts:80, a9797214338b)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against 86f8c826e20a; fix evidence: release v2026.4.23, commit a9797214338b.