@kamel-ahmed/proxy-claude 1.0.0

package/src/cloudcode/message-handler.js

@@ -0,0 +1,386 @@
+/**
+ * Message Handler for Cloud Code
+ *
+ * Handles non-streaming message requests with multi-account support,
+ * retry logic, and endpoint failover.
+ */
+
+import {
+    ANTIGRAVITY_ENDPOINT_FALLBACKS,
+    MAX_RETRIES,
+    MAX_WAIT_BEFORE_ERROR_MS,
+    DEFAULT_COOLDOWN_MS,
+    RATE_LIMIT_DEDUP_WINDOW_MS,
+    MAX_CONSECUTIVE_FAILURES,
+    EXTENDED_COOLDOWN_MS,
+    CAPACITY_RETRY_DELAY_MS,
+    MAX_CAPACITY_RETRIES,
+    isThinkingModel
+} from '../constants.js';
+import { convertGoogleToAnthropic } from '../format/index.js';
+import { isRateLimitError, isAuthError } from '../errors.js';
+import { formatDuration, sleep, isNetworkError } from '../utils/helpers.js';
+import { logger } from '../utils/logger.js';
+import { parseResetTime } from './rate-limit-parser.js';
+import { buildCloudCodeRequest, buildHeaders } from './request-builder.js';
+import { parseThinkingSSEResponse } from './sse-parser.js';
+import { getFallbackModel } from '../fallback-config.js';
+
+/**
+ * Gap 1: Rate limit deduplication - prevents thundering herd on concurrent rate limits
+ * Tracks last rate limit timestamp per model to skip duplicate retries
+ */
+const lastRateLimitTimestamps = new Map(); // modelId -> timestamp
+
+/**
+ * Check if we should skip retry due to recent rate limit on this model
+ * @param {string} model - Model ID
+ * @returns {boolean} True if retry should be skipped (within dedup window)
+ */
+function shouldSkipRetryDueToDedup(model) {
+    const lastTimestamp = lastRateLimitTimestamps.get(model);
+    if (!lastTimestamp) return false;
+
+    const elapsed = Date.now() - lastTimestamp;
+    if (elapsed < RATE_LIMIT_DEDUP_WINDOW_MS) {
+        logger.debug(`[CloudCode] Rate limit on ${model} within dedup window (${elapsed}ms ago), skipping retry`);
+        return true;
+    }
+    return false;
+}
+
+/**
+ * Record rate limit timestamp for deduplication
+ * @param {string} model - Model ID
+ */
+function recordRateLimitTimestamp(model) {
+    lastRateLimitTimestamps.set(model, Date.now());
+}
+
+/**
+ * Clear rate limit timestamp after successful retry
+ * @param {string} model - Model ID
+ */
+function clearRateLimitTimestamp(model) {
+    lastRateLimitTimestamps.delete(model);
+}
+
+/**
+ * Gap 3: Detect permanent authentication failures that require re-authentication
+ * These should mark the account as invalid rather than just clearing cache
+ * @param {string} errorText - Error message from API
+ * @returns {boolean} True if permanent auth failure
+ */
+function isPermanentAuthFailure(errorText) {
+    const lower = (errorText || '').toLowerCase();
+    return lower.includes('invalid_grant') ||
+        lower.includes('token revoked') ||
+        lower.includes('token has been expired or revoked') ||
+        lower.includes('token_revoked') ||
+        lower.includes('invalid_client') ||
+        lower.includes('credentials are invalid');
+}
+
+/**
+ * Gap 4: Detect if 429 error is due to model capacity (not user quota)
+ * Capacity issues should retry on same account with shorter delay
+ * @param {string} errorText - Error message from API
+ * @returns {boolean} True if capacity exhausted (not quota)
+ */
+function isModelCapacityExhausted(errorText) {
+    const lower = (errorText || '').toLowerCase();
+    return lower.includes('model_capacity_exhausted') ||
+        lower.includes('capacity_exhausted') ||
+        lower.includes('model is currently overloaded') ||
+        lower.includes('service temporarily unavailable');
+}
+
+// Periodically clean up stale dedup timestamps (every 60 seconds)
+setInterval(() => {
+    const cutoff = Date.now() - 60000; // 1 minute
+    for (const [model, timestamp] of lastRateLimitTimestamps.entries()) {
+        if (timestamp < cutoff) {
+            lastRateLimitTimestamps.delete(model);
+        }
+    }
+}, 60000);
+
+/**
+ * Send a non-streaming request to Cloud Code with multi-account support
+ * Uses SSE endpoint for thinking models (non-streaming doesn't return thinking blocks)
+ *
+ * @param {Object} anthropicRequest - The Anthropic-format request
+ * @param {Object} anthropicRequest.model - Model name to use
+ * @param {Array} anthropicRequest.messages - Array of message objects
+ * @param {number} [anthropicRequest.max_tokens] - Maximum tokens to generate
+ * @param {Object} [anthropicRequest.thinking] - Thinking configuration
+ * @param {import('../account-manager/index.js').default} accountManager - The account manager instance
+ * @returns {Promise<Object>} Anthropic-format response object
+ * @throws {Error} If max retries exceeded or no accounts available
+ */
+export async function sendMessage(anthropicRequest, accountManager, fallbackEnabled = false) {
+    const model = anthropicRequest.model;
+    const isThinking = isThinkingModel(model);
+
+    // Retry loop with account failover
+    // Ensure we try at least as many times as there are accounts to cycle through everyone
+    const maxAttempts = Math.max(MAX_RETRIES, accountManager.getAccountCount() + 1);
+
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+        // Clear any expired rate limits before picking
+        accountManager.clearExpiredLimits();
+
+        // Get available accounts for this model
+        const availableAccounts = accountManager.getAvailableAccounts(model);
+
+        // If no accounts available, check if we should wait or throw error
+        if (availableAccounts.length === 0) {
+            if (accountManager.isAllRateLimited(model)) {
+                const minWaitMs = accountManager.getMinWaitTimeMs(model);
+                const resetTime = new Date(Date.now() + minWaitMs).toISOString();
+
+                // If wait time is too long (> 2 minutes), try fallback first, then throw error
+                if (minWaitMs > MAX_WAIT_BEFORE_ERROR_MS) {
+                    // Check if fallback is enabled and available
+                    if (fallbackEnabled) {
+                        const fallbackModel = getFallbackModel(model);
+                        if (fallbackModel) {
+                            logger.warn(`[CloudCode] All accounts exhausted for ${model} (${formatDuration(minWaitMs)} wait). Attempting fallback to ${fallbackModel}`);
+                            const fallbackRequest = { ...anthropicRequest, model: fallbackModel };
+                            return await sendMessage(fallbackRequest, accountManager, false);
+                        }
+                    }
+                    throw new Error(
+                        `RESOURCE_EXHAUSTED: Rate limited on ${model}. Quota will reset after ${formatDuration(minWaitMs)}. Next available: ${resetTime}`
+                    );
+                }
+
+                // Wait for shortest reset time
+                const accountCount = accountManager.getAccountCount();
+                logger.warn(`[CloudCode] All ${accountCount} account(s) rate-limited. Waiting ${formatDuration(minWaitMs)}...`);
+                await sleep(minWaitMs + 500); // Add 500ms buffer
+                accountManager.clearExpiredLimits();
+                continue; // Retry the loop
+            }
+
+            // No accounts available and not rate-limited (shouldn't happen normally)
+            throw new Error('No accounts available');
+        }
+
+        // Select account using configured strategy
+        const { account, waitMs } = accountManager.selectAccount(model);
+
+        // If strategy returns a wait time, sleep and retry
+        if (!account && waitMs > 0) {
+            logger.info(`[CloudCode] Waiting ${formatDuration(waitMs)} for account...`);
+            await sleep(waitMs + 500);
+            continue;
+        }
+
+        if (!account) {
+            continue; // Shouldn't happen, but safety check
+        }
+
+        try {
+            // Get token and project for this account
+            const token = await accountManager.getTokenForAccount(account);
+            const project = await accountManager.getProjectForAccount(account, token);
+            const payload = buildCloudCodeRequest(anthropicRequest, project);
+
+            logger.debug(`[CloudCode] Sending request for model: ${model}`);
+
+            // Try each endpoint with index-based loop for capacity retry support
+            let lastError = null;
+            let retriedOnce = false; // Track if we've already retried for short rate limit
+            let capacityRetryCount = 0; // Gap 4: Track capacity exhaustion retries
+            let endpointIndex = 0;
+
+            while (endpointIndex < ANTIGRAVITY_ENDPOINT_FALLBACKS.length) {
+                const endpoint = ANTIGRAVITY_ENDPOINT_FALLBACKS[endpointIndex];
+                try {
+                    const url = isThinking
+                        ? `${endpoint}/v1internal:streamGenerateContent?alt=sse`
+                        : `${endpoint}/v1internal:generateContent`;
+
+                    const response = await fetch(url, {
+                        method: 'POST',
+                        headers: buildHeaders(token, model, isThinking ? 'text/event-stream' : 'application/json'),
+                        body: JSON.stringify(payload)
+                    });
+
+                    if (!response.ok) {
+                        const errorText = await response.text();
+                        logger.warn(`[CloudCode] Error at ${endpoint}: ${response.status} - ${errorText}`);
+
+                        if (response.status === 401) {
+                            // Gap 3: Check for permanent auth failures
+                            if (isPermanentAuthFailure(errorText)) {
+                                logger.error(`[CloudCode] Permanent auth failure for ${account.email}: ${errorText.substring(0, 100)}`);
+                                accountManager.markInvalid(account.email, 'Token revoked - re-authentication required');
+                                throw new Error(`AUTH_INVALID_PERMANENT: ${errorText}`);
+                            }
+
+                            // Transient auth error - clear caches and retry with fresh token
+                            logger.warn('[CloudCode] Transient auth error, refreshing token...');
+                            accountManager.clearTokenCache(account.email);
+                            accountManager.clearProjectCache(account.email);
+                            endpointIndex++;
+                            continue;
+                        }
+
+                        if (response.status === 429) {
+                            const resetMs = parseResetTime(response, errorText);
+
+                            // Gap 4: Check if capacity issue (NOT quota) - retry SAME endpoint
+                            if (isModelCapacityExhausted(errorText)) {
+                                if (capacityRetryCount < MAX_CAPACITY_RETRIES) {
+                                    capacityRetryCount++;
+                                    const waitMs = resetMs || CAPACITY_RETRY_DELAY_MS;
+                                    logger.info(`[CloudCode] Model capacity exhausted, retry ${capacityRetryCount}/${MAX_CAPACITY_RETRIES} after ${formatDuration(waitMs)}...`);
+                                    await sleep(waitMs);
+                                    // Don't increment endpointIndex - retry same endpoint
+                                    continue;
+                                }
+                                // Max capacity retries exceeded - treat as quota exhaustion
+                                logger.warn(`[CloudCode] Max capacity retries (${MAX_CAPACITY_RETRIES}) exceeded, switching account`);
+                            }
+
+                            // Gap 1: Check deduplication window to prevent thundering herd
+                            if (shouldSkipRetryDueToDedup(model)) {
+                                logger.info(`[CloudCode] Skipping retry due to recent rate limit, switching account...`);
+                                accountManager.markRateLimited(account.email, resetMs || DEFAULT_COOLDOWN_MS, model);
+                                throw new Error(`RATE_LIMITED_DEDUP: ${errorText}`);
+                            }
+
+                            // Decision: wait and retry OR switch account
+                            if (resetMs && resetMs > DEFAULT_COOLDOWN_MS) {
+                                // Long-term quota exhaustion (> 10s) - switch to next account
+                                logger.info(`[CloudCode] Quota exhausted for ${account.email} (${formatDuration(resetMs)}), switching account...`);
+                                accountManager.markRateLimited(account.email, resetMs, model);
+                                throw new Error(`QUOTA_EXHAUSTED: ${errorText}`);
+                            } else {
+                                // Short-term rate limit (<= 10s) - wait and retry once
+                                const waitMs = resetMs || DEFAULT_COOLDOWN_MS;
+
+                                if (!retriedOnce) {
+                                    retriedOnce = true;
+                                    recordRateLimitTimestamp(model); // Gap 1: Record before retry
+                                    logger.info(`[CloudCode] Short rate limit (${formatDuration(waitMs)}), waiting and retrying...`);
+                                    await sleep(waitMs);
+                                    // Don't increment endpointIndex - retry same endpoint
+                                    continue;
+                                } else {
+                                    // Already retried once, mark and switch
+                                    accountManager.markRateLimited(account.email, waitMs, model);
+                                    throw new Error(`RATE_LIMITED: ${errorText}`);
+                                }
+                            }
+                        }
+
+                        if (response.status >= 400) {
+                            lastError = new Error(`API error ${response.status}: ${errorText}`);
+                            // If it's a 5xx error, wait a bit before trying the next endpoint
+                            if (response.status >= 500) {
+                                logger.warn(`[CloudCode] ${response.status} error, waiting 1s before retry...`);
+                                await sleep(1000);
+                            }
+                            endpointIndex++;
+                            continue;
+                        }
+                    }
+
+                    // For thinking models, parse SSE and accumulate all parts
+                    if (isThinking) {
+                        const result = await parseThinkingSSEResponse(response, anthropicRequest.model);
+                        // Gap 1: Clear timestamp on success
+                        clearRateLimitTimestamp(model);
+                        accountManager.notifySuccess(account, model);
+                        return result;
+                    }
+
+                    // Non-thinking models use regular JSON
+                    const data = await response.json();
+                    logger.debug('[CloudCode] Response received');
+                    // Gap 1: Clear timestamp on success
+                    clearRateLimitTimestamp(model);
+                    accountManager.notifySuccess(account, model);
+                    return convertGoogleToAnthropic(data, anthropicRequest.model);
+
+                } catch (endpointError) {
+                    if (isRateLimitError(endpointError)) {
+                        throw endpointError; // Re-throw to trigger account switch
+                    }
+                    logger.warn(`[CloudCode] Error at ${endpoint}:`, endpointError.message);
+                    lastError = endpointError;
+                    endpointIndex++;
+                }
+            }
+
+            // If all endpoints failed for this account
+            if (lastError) {
+                if (lastError.is429) {
+                    logger.warn(`[CloudCode] All endpoints rate-limited for ${account.email}`);
+                    accountManager.markRateLimited(account.email, lastError.resetMs, model);
+                    throw new Error(`Rate limited: ${lastError.errorText}`);
+                }
+                throw lastError;
+            }
+
+        } catch (error) {
+            if (isRateLimitError(error)) {
+                // Rate limited - already marked, notify strategy and continue to next account
+                accountManager.notifyRateLimit(account, model);
+                logger.info(`[CloudCode] Account ${account.email} rate-limited, trying next...`);
+                continue;
+            }
+            if (isAuthError(error)) {
+                // Auth invalid - already marked, continue to next account
+                logger.warn(`[CloudCode] Account ${account.email} has invalid credentials, trying next...`);
+                continue;
+            }
+            // Handle 5xx errors
+            if (error.message.includes('API error 5') || error.message.includes('500') || error.message.includes('503')) {
+                accountManager.notifyFailure(account, model);
+
+                // Gap 2: Check consecutive failures for extended cooldown
+                const consecutiveFailures = accountManager.getHealthTracker()?.getConsecutiveFailures(account.email) || 0;
+                if (consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {
+                    logger.warn(`[CloudCode] Account ${account.email} has ${consecutiveFailures} consecutive failures, applying extended cooldown (${formatDuration(EXTENDED_COOLDOWN_MS)})`);
+                    accountManager.markRateLimited(account.email, EXTENDED_COOLDOWN_MS, model);
+                } else {
+                    logger.warn(`[CloudCode] Account ${account.email} failed with 5xx error, trying next...`);
+                }
+                continue;
+            }
+
+            if (isNetworkError(error)) {
+                accountManager.notifyFailure(account, model);
+
+                // Gap 2: Check consecutive failures for extended cooldown
+                const consecutiveFailures = accountManager.getHealthTracker()?.getConsecutiveFailures(account.email) || 0;
+                if (consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {
+                    logger.warn(`[CloudCode] Account ${account.email} has ${consecutiveFailures} consecutive network failures, applying extended cooldown (${formatDuration(EXTENDED_COOLDOWN_MS)})`);
+                    accountManager.markRateLimited(account.email, EXTENDED_COOLDOWN_MS, model);
+                } else {
+                    logger.warn(`[CloudCode] Network error for ${account.email}, trying next account... (${error.message})`);
+                }
+                await sleep(1000);
+                continue;
+            }
+
+            throw error;
+        }
+    }
+
+    // All retries exhausted - try fallback model if enabled
+    if (fallbackEnabled) {
+        const fallbackModel = getFallbackModel(model);
+        if (fallbackModel) {
+            logger.warn(`[CloudCode] All retries exhausted for ${model}. Attempting fallback to ${fallbackModel}`);
+            const fallbackRequest = { ...anthropicRequest, model: fallbackModel };
+            return await sendMessage(fallbackRequest, accountManager, false);
+        }
+    }
+
+    throw new Error('Max retries exceeded');
+}

package/src/cloudcode/model-api.js

@@ -0,0 +1,248 @@
+/**
+ * Model API for Cloud Code
+ *
+ * Handles model listing and quota retrieval from the Cloud Code API.
+ */
+
+import {
+    ANTIGRAVITY_ENDPOINT_FALLBACKS,
+    ANTIGRAVITY_HEADERS,
+    LOAD_CODE_ASSIST_ENDPOINTS,
+    LOAD_CODE_ASSIST_HEADERS,
+    getModelFamily
+} from '../constants.js';
+import { logger } from '../utils/logger.js';
+
+/**
+ * Check if a model is supported (Claude or Gemini)
+ * @param {string} modelId - Model ID to check
+ * @returns {boolean} True if model is supported
+ */
+function isSupportedModel(modelId) {
+    const family = getModelFamily(modelId);
+    return family === 'claude' || family === 'gemini';
+}
+
+/**
+ * List available models in Anthropic API format
+ * Fetches models dynamically from the Cloud Code API
+ *
+ * @param {string} token - OAuth access token
+ * @returns {Promise<{object: string, data: Array<{id: string, object: string, created: number, owned_by: string, description: string}>}>} List of available models
+ */
+export async function listModels(token) {
+    const data = await fetchAvailableModels(token);
+    if (!data || !data.models) {
+        return { object: 'list', data: [] };
+    }
+
+    const modelList = Object.entries(data.models)
+        .filter(([modelId]) => isSupportedModel(modelId))
+        .map(([modelId, modelData]) => ({
+        id: modelId,
+        object: 'model',
+        created: Math.floor(Date.now() / 1000),
+        owned_by: 'anthropic',
+        description: modelData.displayName || modelId
+    }));
+
+    return {
+        object: 'list',
+        data: modelList
+    };
+}
+
+/**
+ * Fetch available models with quota info from Cloud Code API
+ * Returns model quotas including remaining fraction and reset time
+ *
+ * @param {string} token - OAuth access token
+ * @param {string} [projectId] - Optional project ID for accurate quota info
+ * @returns {Promise<Object>} Raw response from fetchAvailableModels API
+ */
+export async function fetchAvailableModels(token, projectId = null) {
+    const headers = {
+        'Authorization': `Bearer ${token}`,
+        'Content-Type': 'application/json',
+        ...ANTIGRAVITY_HEADERS
+    };
+
+    // Include project ID in body for accurate quota info (per Quotio implementation)
+    const body = projectId ? { project: projectId } : {};
+
+    for (const endpoint of ANTIGRAVITY_ENDPOINT_FALLBACKS) {
+        try {
+            const url = `${endpoint}/v1internal:fetchAvailableModels`;
+            const response = await fetch(url, {
+                method: 'POST',
+                headers,
+                body: JSON.stringify(body)
+            });
+
+            if (!response.ok) {
+                const errorText = await response.text();
+                logger.warn(`[CloudCode] fetchAvailableModels error at ${endpoint}: ${response.status}`);
+                continue;
+            }
+
+            return await response.json();
+        } catch (error) {
+            logger.warn(`[CloudCode] fetchAvailableModels failed at ${endpoint}:`, error.message);
+        }
+    }
+
+    throw new Error('Failed to fetch available models from all endpoints');
+}
+
+/**
+ * Get model quotas for an account
+ * Extracts quota info (remaining fraction and reset time) for each model
+ *
+ * @param {string} token - OAuth access token
+ * @param {string} [projectId] - Optional project ID for accurate quota info
+ * @returns {Promise<Object>} Map of modelId -> { remainingFraction, resetTime }
+ */
+export async function getModelQuotas(token, projectId = null) {
+    const data = await fetchAvailableModels(token, projectId);
+    if (!data || !data.models) return {};
+
+    const quotas = {};
+    for (const [modelId, modelData] of Object.entries(data.models)) {
+        // Only include Claude and Gemini models
+        if (!isSupportedModel(modelId)) continue;
+
+        if (modelData.quotaInfo) {
+            quotas[modelId] = {
+                // When remainingFraction is missing but resetTime is present, quota is exhausted (0%)
+                remainingFraction: modelData.quotaInfo.remainingFraction ?? (modelData.quotaInfo.resetTime ? 0 : null),
+                resetTime: modelData.quotaInfo.resetTime ?? null
+            };
+        }
+    }
+
+    return quotas;
+}
+
+/**
+ * Parse tier ID string to determine subscription level
+ * @param {string} tierId - The tier ID from the API
+ * @returns {'free' | 'pro' | 'ultra' | 'unknown'} The subscription tier
+ */
+function parseTierId(tierId) {
+    if (!tierId) return 'unknown';
+    const lower = tierId.toLowerCase();
+
+    if (lower.includes('ultra')) {
+        return 'ultra';
+    }
+    if (lower === 'standard-tier') {
+        // standard-tier = "Gemini Code Assist" (paid, project-based)
+        return 'pro';
+    }
+    if (lower.includes('pro') || lower.includes('premium')) {
+        return 'pro';
+    }
+    if (lower === 'free-tier' || lower.includes('free')) {
+        return 'free';
+    }
+    return 'unknown';
+}
+
+/**
+ * Get subscription tier for an account
+ * Calls loadCodeAssist API to discover project ID and subscription tier
+ *
+ * @param {string} token - OAuth access token
+ * @returns {Promise<{tier: string, projectId: string|null}>} Subscription tier (free/pro/ultra) and project ID
+ */
+export async function getSubscriptionTier(token) {
+    const headers = {
+        'Authorization': `Bearer ${token}`,
+        'Content-Type': 'application/json',
+        ...LOAD_CODE_ASSIST_HEADERS
+    };
+
+    for (const endpoint of LOAD_CODE_ASSIST_ENDPOINTS) {
+        try {
+            const url = `${endpoint}/v1internal:loadCodeAssist`;
+            const response = await fetch(url, {
+                method: 'POST',
+                headers,
+                body: JSON.stringify({
+                    metadata: {
+                        ideType: 'IDE_UNSPECIFIED',
+                        platform: 'PLATFORM_UNSPECIFIED',
+                        pluginType: 'GEMINI',
+                        duetProject: 'rising-fact-p41fc'
+                    }
+                })
+            });
+
+            if (!response.ok) {
+                logger.warn(`[CloudCode] loadCodeAssist error at ${endpoint}: ${response.status}`);
+                continue;
+            }
+
+            const data = await response.json();
+
+            // Debug: Log all tier-related fields from the response
+            logger.debug(`[CloudCode] loadCodeAssist tier data: paidTier=${JSON.stringify(data.paidTier)}, currentTier=${JSON.stringify(data.currentTier)}, allowedTiers=${JSON.stringify(data.allowedTiers?.map(t => ({ id: t?.id, isDefault: t?.isDefault })))}`);
+
+            // Extract project ID
+            let projectId = null;
+            if (typeof data.cloudaicompanionProject === 'string') {
+                projectId = data.cloudaicompanionProject;
+            } else if (data.cloudaicompanionProject?.id) {
+                projectId = data.cloudaicompanionProject.id;
+            }
+
+            // Extract subscription tier
+            // Priority: paidTier > currentTier > allowedTiers
+            // - paidTier.id: "g1-pro-tier", "g1-ultra-tier" (Google One subscription)
+            // - currentTier.id: "standard-tier" (pro), "free-tier" (free)
+            // - allowedTiers: fallback when currentTier is missing
+            // Note: paidTier is sometimes missing from the response even for Pro accounts
+            let tier = 'unknown';
+            let tierId = null;
+            let tierSource = null;
+
+            // 1. Check paidTier first (Google One AI subscription - most reliable)
+            if (data.paidTier?.id) {
+                tierId = data.paidTier.id;
+                tier = parseTierId(tierId);
+                tierSource = 'paidTier';
+            }
+
+            // 2. Fall back to currentTier if paidTier didn't give us a tier
+            if (tier === 'unknown' && data.currentTier?.id) {
+                tierId = data.currentTier.id;
+                tier = parseTierId(tierId);
+                tierSource = 'currentTier';
+            }
+
+            // 3. Fall back to allowedTiers (find the default or first non-free tier)
+            if (tier === 'unknown' && Array.isArray(data.allowedTiers) && data.allowedTiers.length > 0) {
+                // First look for the default tier
+                let defaultTier = data.allowedTiers.find(t => t?.isDefault);
+                if (!defaultTier) {
+                    defaultTier = data.allowedTiers[0];
+                }
+                if (defaultTier?.id) {
+                    tierId = defaultTier.id;
+                    tier = parseTierId(tierId);
+                    tierSource = 'allowedTiers';
+                }
+            }
+
+            logger.debug(`[CloudCode] Subscription detected: ${tier} (tierId: ${tierId}, source: ${tierSource}), Project: ${projectId}`);
+
+            return { tier, projectId };
+        } catch (error) {
+            logger.warn(`[CloudCode] loadCodeAssist failed at ${endpoint}:`, error.message);
+        }
+    }
+
+    // Fallback: return default values if all endpoints fail
+    logger.warn('[CloudCode] Failed to detect subscription tier from all endpoints. Defaulting to free.');
+    return { tier: 'free', projectId: null };
+}