antigravity-claude-proxy 2.7.0 → 2.7.2

package/public/js/components/account-manager.js

@@ -118,6 +118,15 @@ window.Components.accountManager = () => ({
 
     async fixAccount(email) {
         const store = Alpine.store('global');
+        const dataStore = Alpine.store('data');
+        // If the account has a verification URL (403 VALIDATION_REQUIRED), open it directly
+        const account = (dataStore.accounts || []).find(a => a.email === email);
+        if (account?.verifyUrl) {
+            window.open(account.verifyUrl, '_blank');
+            store.showToast(store.t('verifyThenRefresh') || 'After completing verification, click the ↻ Refresh button to re-enable this account', 'info', 10000);
+            return;
+        }
+        // Otherwise fall back to OAuth re-auth
         store.showToast(store.t('reauthenticating', { email: Redact.email(email) }), 'info');
         const password = store.webuiPassword;
         try {

package/public/js/components/server-config.js

@@ -323,6 +323,38 @@ window.Components.serverConfig = () => ({
         }, window.AppConstants.INTERVALS.CONFIG_DEBOUNCE);
     },
 
+    async toggleRequestThrottling(enabled) {
+        const store = Alpine.store('global');
+        const previousValue = this.serverConfig.requestThrottlingEnabled;
+        this.serverConfig.requestThrottlingEnabled = enabled;
+
+        try {
+            const { response, newPassword } = await window.utils.request('/api/config', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ requestThrottlingEnabled: enabled })
+            }, store.webuiPassword);
+
+            if (newPassword) store.webuiPassword = newPassword;
+
+            const data = await response.json();
+            if (data.status === 'ok') {
+                store.showToast(`Request Throttling ${enabled ? 'enabled' : 'disabled'}`, 'success');
+            } else {
+                throw new Error(data.error || 'Failed to update');
+            }
+        } catch (e) {
+            this.serverConfig.requestThrottlingEnabled = previousValue;
+            store.showToast('Failed to update Request Throttling: ' + e.message, 'error');
+        }
+    },
+
+    toggleRequestDelayMs(value) {
+        const { REQUEST_DELAY_MIN, REQUEST_DELAY_MAX } = window.AppConstants.VALIDATION;
+        this.saveConfigField('requestDelayMs', value, 'Request Delay',
+            (v) => window.Validators.validateRange(v, REQUEST_DELAY_MIN, REQUEST_DELAY_MAX, 'Request Delay'));
+    },
+
     toggleMaxAccounts(value) {
         const { MAX_ACCOUNTS_MIN, MAX_ACCOUNTS_MAX } = window.AppConstants.VALIDATION;
         this.saveConfigField('maxAccounts', value, 'Max Accounts',

package/public/js/config/constants.js

@@ -96,6 +96,10 @@ window.AppConstants.VALIDATION = {
     GLOBAL_QUOTA_THRESHOLD_MIN: 0,
     GLOBAL_QUOTA_THRESHOLD_MAX: 99,
 
+    // Request delay (100 - 5000ms)
+    REQUEST_DELAY_MIN: 100,
+    REQUEST_DELAY_MAX: 5000,
+
     // Switch account delay (1s - 60s)
     SWITCH_ACCOUNT_DELAY_MIN: 1000,
     SWITCH_ACCOUNT_DELAY_MAX: 60000,

package/public/views/settings.html

@@ -1750,6 +1750,64 @@
                             </div>
                         </div>
 
+                        <!-- Request Throttling -->
+                        <div class="space-y-4 pt-2 border-t border-space-border/10">
+                            <div class="flex items-center gap-2 mb-2">
+                                <span class="text-[10px] text-gray-500 font-bold uppercase tracking-widest">Request Throttling</span>
+                                <span class="px-1.5 py-0.5 text-[9px] font-semibold uppercase tracking-wide rounded bg-amber-500/20 text-amber-400 border border-amber-500/40">Experimental</span>
+                            </div>
+
+                            <!-- Request Throttling Card -->
+                            <div class="form-control bg-space-900/50 rounded-lg border transition-all duration-300 hover:border-amber-500/50"
+                                :class="serverConfig.requestThrottlingEnabled ? 'border-amber-500 bg-amber-500/10 shadow-[0_0_25px_rgba(245,158,11,0.2)] ring-1 ring-amber-500/30' : 'border-space-border/50'">
+
+                                <!-- Toggle Row -->
+                                <div class="flex items-center justify-between p-4">
+                                    <div class="flex flex-col gap-1">
+                                        <span class="label-text font-medium transition-colors"
+                                            :class="serverConfig.requestThrottlingEnabled ? 'text-amber-300' : 'text-gray-300'">Enable Request Throttling</span>
+                                        <span class="text-xs transition-colors"
+                                            :class="serverConfig.requestThrottlingEnabled ? 'text-amber-100/50' : 'text-gray-500'">Add delay before each Google API request to avoid rate limits.</span>
+                                    </div>
+                                    <label class="relative inline-flex items-center cursor-pointer">
+                                        <input type="checkbox" class="sr-only peer"
+                                            :checked="serverConfig.requestThrottlingEnabled"
+                                            @change="toggleRequestThrottling($event.target.checked)"
+                                            aria-label="Request throttling toggle">
+                                        <div
+                                            class="w-9 h-5 bg-space-800 peer-focus:outline-none rounded-full peer peer-checked:after:translate-x-full rtl:peer-checked:after:-translate-x-full peer-checked:after:border-white after:content-[''] after:absolute after:top-[2px] after:start-[2px] after:bg-gray-600 after:rounded-full after:h-4 after:w-4 after:transition-all peer-checked:bg-neon-green peer-checked:after:bg-white">
+                                        </div>
+                                    </label>
+                                </div>
+
+                                <!-- Delay Slider (only shown when enabled) -->
+                                <div x-show="serverConfig.requestThrottlingEnabled" x-transition x-collapse>
+                                    <div class="border-t border-amber-500/20 px-4 pb-4 pt-3">
+                                        <label class="flex justify-between items-center mb-2">
+                                            <span class="text-xs text-amber-200/70">Delay per Request</span>
+                                            <span class="font-mono text-amber-400 text-xs font-semibold"
+                                                x-text="(serverConfig.requestDelayMs || 200) + 'ms'"></span>
+                                        </label>
+                                        <div class="flex gap-3 items-center">
+                                            <input type="range" min="100" max="5000" step="100"
+                                                class="custom-range custom-range-yellow flex-1"
+                                                :value="serverConfig.requestDelayMs || 200"
+                                                :style="`background-size: ${((serverConfig.requestDelayMs || 200) - 100) / 49}% 100%`"
+                                                @input="toggleRequestDelayMs($event.target.value)"
+                                                aria-label="Request delay slider">
+                                            <input type="number" min="100" max="5000" step="100"
+                                                class="input input-xs input-bordered w-20 bg-space-800/50 border-amber-500/30 text-white font-mono text-center"
+                                                :value="serverConfig.requestDelayMs || 200"
+                                                @change="toggleRequestDelayMs($event.target.value)"
+                                                aria-label="Request delay value">
+                                        </div>
+                                        <p class="text-[9px] text-amber-100/40 mt-2 leading-tight">
+                                            Milliseconds to wait before each API call (token refresh, quota check, messages, etc).</p>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+
                         <!-- Error Handling Tuning -->
                         <div class="space-y-4 pt-2 border-t border-space-border/10">
                             <div class="flex items-center gap-2 mb-2">

package/src/account-manager/credentials.js

@@ -15,7 +15,7 @@ import {
 import { refreshAccessToken, parseRefreshParts, formatRefreshParts } from '../auth/oauth.js';
 import { getAuthStatus } from '../auth/database.js';
 import { logger } from '../utils/logger.js';
-import { isNetworkError } from '../utils/helpers.js';
+import { isNetworkError, throttledFetch } from '../utils/helpers.js';
 import { onboardUser, getDefaultTierId } from './onboarding.js';
 import { parseTierId } from '../cloudcode/model-api.js';
 
@@ -228,7 +228,7 @@ export async function discoverProject(token, projectId = undefined) {
 
     for (const endpoint of LOAD_CODE_ASSIST_ENDPOINTS) {
         try {
-            const response = await fetch(`${endpoint}/v1internal:loadCodeAssist`, {
+            const response = await throttledFetch(`${endpoint}/v1internal:loadCodeAssist`, {
                 method: 'POST',
                 headers: {
                     'Authorization': `Bearer ${token}`,

package/src/account-manager/index.js

@@ -15,6 +15,7 @@ import {
     resetAllRateLimits as resetLimits,
     markRateLimited as markLimited,
     markInvalid as markAccountInvalid,
+    clearInvalid as clearAccountInvalid,
     getMinWaitTimeMs as getMinWait,
     getRateLimitInfo as getLimitInfo,
     getConsecutiveFailures as getFailures,
@@ -138,6 +139,16 @@ export class AccountManager {
         return getInvalid(this.#accounts);
     }
 
+    /**
+     * Check if all enabled accounts are invalid (need user intervention).
+     * Unlike rate limits, invalid accounts won't self-recover — waiting is pointless.
+     * @returns {boolean} True if every enabled account is invalid
+     */
+    isAllAccountsInvalid() {
+        const enabled = this.#accounts.filter(a => a.enabled !== false);
+        return enabled.length > 0 && enabled.every(a => a.isInvalid);
+    }
+
     /**
      * Clear expired rate limits
      * @returns {number} Number of rate limits cleared
@@ -283,9 +294,19 @@ export class AccountManager {
      * Mark an account as invalid (credentials need re-authentication)
      * @param {string} email - Email of the account to mark
      * @param {string} reason - Reason for marking as invalid
+     * @param {string|null} verifyUrl - Optional verification URL (for 403 VALIDATION_REQUIRED)
+     */
+    markInvalid(email, reason = 'Unknown error', verifyUrl = null) {
+        markAccountInvalid(this.#accounts, email, reason, verifyUrl);
+        this.saveToDisk();
+    }
+
+    /**
+     * Clear invalid status for an account (after user completes verification)
+     * @param {string} email - Email of the account to clear
      */
-    markInvalid(email, reason = 'Unknown error') {
-        markAccountInvalid(this.#accounts, email, reason);
+    clearInvalid(email) {
+        clearAccountInvalid(this.#accounts, email);
         this.saveToDisk();
     }
 
@@ -434,11 +455,12 @@ export class AccountManager {
                 modelRateLimits: a.modelRateLimits || {},
                 isInvalid: a.isInvalid || false,
                 invalidReason: a.invalidReason || null,
+                verifyUrl: a.verifyUrl || null,
                 lastUsed: a.lastUsed,
                 // Include quota threshold settings
                 quotaThreshold: a.quotaThreshold,
                 modelQuotaThresholds: a.modelQuotaThresholds || {},
-                fingerprint: a.fingerprint
+                hasFingerprint: !!a.fingerprint
             }))
         };
     }
@@ -560,6 +582,10 @@ export class AccountManager {
             account.fingerprintHistory.unshift(historyEntry);
         }
 
+        // Remove the restored entry from history (shifted by 1 if we just unshifted)
+        const removeIndex = account.fingerprint ? historyIndex + 1 : historyIndex;
+        account.fingerprintHistory.splice(removeIndex, 1);
+
         // Restore
         account.fingerprint = { ...restoredEntry.fingerprint, createdAt: Date.now() };
 

package/src/account-manager/onboarding.js

@@ -10,7 +10,7 @@ import {
     CLIENT_METADATA
 } from '../constants.js';
 import { logger } from '../utils/logger.js';
-import { sleep } from '../utils/helpers.js';
+import { sleep, throttledFetch } from '../utils/helpers.js';
 
 /**
  * Get the default tier ID from allowed tiers list
@@ -64,7 +64,7 @@ export async function onboardUser(token, tierId, projectId = undefined, maxAttem
     for (const endpoint of ONBOARD_USER_ENDPOINTS) {
         for (let attempt = 0; attempt < maxAttempts; attempt++) {
             try {
-                const response = await fetch(`${endpoint}/v1internal:onboardUser`, {
+                const response = await throttledFetch(`${endpoint}/v1internal:onboardUser`, {
                     method: 'POST',
                     headers: {
                         'Authorization': `Bearer ${token}`,

package/src/account-manager/rate-limits.js

@@ -156,15 +156,17 @@ export function markRateLimited(accounts, email, resetMs = null, modelId) {
  * @param {Array} accounts - Array of account objects
  * @param {string} email - Email of the account to mark
  * @param {string} reason - Reason for marking as invalid
+ * @param {string|null} verifyUrl - Optional verification URL (for 403 VALIDATION_REQUIRED)
  * @returns {boolean} True if account was found and marked
  */
-export function markInvalid(accounts, email, reason = 'Unknown error') {
+export function markInvalid(accounts, email, reason = 'Unknown error', verifyUrl = null) {
     const account = accounts.find(a => a.email === email);
     if (!account) return false;
 
     account.isInvalid = true;
     account.invalidReason = reason;
     account.invalidAt = Date.now();
+    account.verifyUrl = verifyUrl || null;
 
     logger.error(
         `[AccountManager] ⚠ Account INVALID: ${email}`
@@ -172,6 +174,11 @@ export function markInvalid(accounts, email, reason = 'Unknown error') {
     logger.error(
         `[AccountManager]   Reason: ${reason}`
     );
+    if (verifyUrl) {
+        logger.error(
+            `[AccountManager]   Verification URL: ${verifyUrl}`
+        );
+    }
     logger.error(
         `[AccountManager]   Run 'npm run accounts' to re-authenticate this account`
     );
@@ -179,6 +186,25 @@ export function markInvalid(accounts, email, reason = 'Unknown error') {
     return true;
 }
 
+/**
+ * Clear invalid status for an account (after user completes verification)
+ *
+ * @param {Array} accounts - Array of account objects
+ * @param {string} email - Email of the account to clear
+ * @returns {boolean} True if account was found and cleared
+ */
+export function clearInvalid(accounts, email) {
+    const account = accounts.find(a => a.email === email);
+    if (!account) return false;
+
+    account.isInvalid = false;
+    account.invalidReason = null;
+    account.verifyUrl = null;
+
+    logger.info(`[AccountManager] ✓ Account re-enabled: ${email}`);
+    return true;
+}
+
 /**
  * Get the minimum wait time until any account becomes available for a model
  *

package/src/account-manager/storage.js

@@ -29,9 +29,11 @@ export async function loadAccounts(configPath = ACCOUNT_CONFIG_PATH) {
             ...acc,
             lastUsed: acc.lastUsed || null,
             enabled: acc.enabled !== false, // Default to true if not specified
-            // Reset invalid flag on startup - give accounts a fresh chance to refresh
-            isInvalid: false,
-            invalidReason: null,
+            // Reset invalid flag on startup - give accounts a fresh chance
+            // EXCEPT accounts with a verifyUrl — those need user intervention
+            isInvalid: acc.verifyUrl ? (acc.isInvalid || false) : false,
+            invalidReason: acc.verifyUrl ? (acc.invalidReason || null) : null,
+            verifyUrl: acc.verifyUrl || null,
             modelRateLimits: acc.modelRateLimits || {},
             // New fields for subscription and quota tracking
             subscription: acc.subscription || { tier: 'unknown', projectId: null, detectedAt: null },
@@ -82,7 +84,8 @@ export function loadDefaultAccount(dbPath) {
                 email: authData.email || 'default@antigravity',
                 source: 'database',
                 lastUsed: null,
-                modelRateLimits: {}
+                modelRateLimits: {},
+                fingerprint: generateFingerprint()
             };
 
             const tokenCache = new Map();
@@ -128,6 +131,7 @@ export async function saveAccounts(configPath, accounts, settings, activeIndex)
                 addedAt: acc.addedAt || undefined,
                 isInvalid: acc.isInvalid || false,
                 invalidReason: acc.invalidReason || null,
+                verifyUrl: acc.verifyUrl || null,
                 modelRateLimits: acc.modelRateLimits || {},
                 lastUsed: acc.lastUsed,
                 // Persist subscription and quota data

package/src/auth/oauth.js

@@ -16,6 +16,7 @@ import {
     OAUTH_REDIRECT_URI
 } from '../constants.js';
 import { logger } from '../utils/logger.js';
+import { throttledFetch } from '../utils/helpers.js';
 import { onboardUser, getDefaultTierId } from '../account-manager/onboarding.js';
 
 /**
@@ -354,7 +355,7 @@ Option 4: Exclude port from reservation (run as Administrator)
  * @returns {Promise<{accessToken: string, refreshToken: string, expiresIn: number}>} OAuth tokens
  */
 export async function exchangeCode(code, verifier) {
-    const response = await fetch(OAUTH_CONFIG.tokenUrl, {
+    const response = await throttledFetch(OAUTH_CONFIG.tokenUrl, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/x-www-form-urlencoded'
@@ -402,7 +403,7 @@ export async function refreshAccessToken(compositeRefresh) {
     // Parse the composite refresh token to extract the actual OAuth token
     const parts = parseRefreshParts(compositeRefresh);
 
-    const response = await fetch(OAUTH_CONFIG.tokenUrl, {
+    const response = await throttledFetch(OAUTH_CONFIG.tokenUrl, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/x-www-form-urlencoded'
@@ -434,7 +435,7 @@ export async function refreshAccessToken(compositeRefresh) {
  * @returns {Promise<string>} User's email address
  */
 export async function getUserEmail(accessToken) {
-    const response = await fetch(OAUTH_CONFIG.userInfoUrl, {
+    const response = await throttledFetch(OAUTH_CONFIG.userInfoUrl, {
         headers: {
             'Authorization': `Bearer ${accessToken}`
         }
@@ -461,7 +462,7 @@ export async function discoverProjectId(accessToken) {
 
     for (const endpoint of ANTIGRAVITY_ENDPOINT_FALLBACKS) {
         try {
-            const response = await fetch(`${endpoint}/v1internal:loadCodeAssist`, {
+            const response = await throttledFetch(`${endpoint}/v1internal:loadCodeAssist`, {
                 method: 'POST',
                 headers: {
                     'Authorization': `Bearer ${accessToken}`,

package/src/cloudcode/message-handler.js

@@ -19,8 +19,8 @@ import {
     isThinkingModel
 } from '../constants.js';
 import { convertGoogleToAnthropic } from '../format/index.js';
-import { isRateLimitError, isAuthError } from '../errors.js';
-import { formatDuration, sleep, isNetworkError } from '../utils/helpers.js';
+import { isRateLimitError, isAuthError, isAccountForbiddenError, AccountForbiddenError } from '../errors.js';
+import { formatDuration, sleep, isNetworkError, throttledFetch } from '../utils/helpers.js';
 import { logger } from '../utils/logger.js';
 import { parseResetTime } from './rate-limit-parser.js';
 import { buildCloudCodeRequest, buildHeaders } from './request-builder.js';
@@ -31,6 +31,8 @@ import {
     clearRateLimitState,
     isPermanentAuthFailure,
     isModelCapacityExhausted,
+    isValidationRequired,
+    extractVerificationUrl,
     calculateSmartBackoff
 } from './rate-limit-state.js';
 
@@ -64,6 +66,16 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
 
         // If no accounts available, check if we should wait or throw error
         if (availableAccounts.length === 0) {
+            // All accounts invalid? Fail immediately — they need user intervention (WebUI FIX button)
+            // Invalid accounts won't self-recover, so waiting would be an infinite loop
+            if (accountManager.isAllAccountsInvalid()) {
+                const invalidAccounts = accountManager.getInvalidAccounts();
+                const reasons = [...new Set(invalidAccounts.map(a => a.invalidReason).filter(Boolean))];
+                throw new Error(
+                    `All accounts are invalid: ${reasons.join('; ') || 'unknown reason'}. Visit the WebUI to fix them.`
+                );
+            }
+
             if (accountManager.isAllRateLimited(model)) {
                 const minWaitMs = accountManager.getMinWaitTimeMs(model);
                 const resetTime = new Date(Date.now() + minWaitMs).toISOString();
@@ -143,7 +155,7 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                         ? `${endpoint}/v1internal:streamGenerateContent?alt=sse`
                         : `${endpoint}/v1internal:generateContent`;
 
-                    const response = await fetch(url, {
+                    const response = await throttledFetch(url, {
                         method: 'POST',
                         headers: buildHeaders(token, model, isThinking ? 'text/event-stream' : 'application/json', account.fingerprint),
                         body: JSON.stringify(payload)
@@ -273,6 +285,16 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                                 throw new Error(`invalid_request_error: ${errorText}`);
                             }
 
+                            // 403 with VALIDATION_REQUIRED or PERMISSION_DENIED is an account-level error
+                            // The account needs validation (captcha, terms, etc.) - trying different endpoints won't help
+                            // Mark account as invalid (requires user intervention) and rotate (fixes #248)
+                            if (response.status === 403 && isValidationRequired(errorText)) {
+                                const verifyUrl = extractVerificationUrl(errorText);
+                                logger.warn(`[CloudCode] 403 VALIDATION_REQUIRED/PERMISSION_DENIED for ${account.email}, marking invalid and rotating account...`);
+                                accountManager.markInvalid(account.email, 'Account requires verification', verifyUrl);
+                                throw new AccountForbiddenError(errorText, account.email);
+                            }
+
                             lastError = new Error(`API error ${response.status}: ${errorText}`);
                             // Try next endpoint for 403/404/5xx errors (matches opencode-antigravity-auth behavior)
                             if (response.status === 403 || response.status === 404) {
@@ -307,6 +329,10 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                     if (isRateLimitError(endpointError)) {
                         throw endpointError; // Re-throw to trigger account switch
                     }
+                    // 403 account-level errors - re-throw to trigger account rotation
+                    if (isAccountForbiddenError(endpointError)) {
+                        throw endpointError;
+                    }
                     // 400 errors are client errors - re-throw immediately, don't retry
                     if (endpointError.message?.includes('400')) {
                         throw endpointError;
@@ -347,6 +373,13 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                 logger.warn(`[CloudCode] Account ${account.email} has invalid credentials, trying next...`);
                 continue;
             }
+            if (isAccountForbiddenError(error)) {
+                // 403 VALIDATION_REQUIRED / PERMISSION_DENIED - account-level error
+                // Already marked with cooldown, notify strategy and rotate to next account
+                accountManager.notifyFailure(account, model);
+                logger.warn(`[CloudCode] Account ${account.email} forbidden (403 VALIDATION_REQUIRED), trying next...`);
+                continue;
+            }
             // Handle 5xx errors
             if (error.message.includes('API error 5') || error.message.includes('500') || error.message.includes('503')) {
                 accountManager.notifyFailure(account, model);

package/src/cloudcode/model-api.js

@@ -14,6 +14,7 @@ import {
     MODEL_VALIDATION_CACHE_TTL_MS
 } from '../constants.js';
 import { logger } from '../utils/logger.js';
+import { throttledFetch } from '../utils/helpers.js';
 
 // Model validation cache
 const modelCache = {
@@ -86,7 +87,7 @@ export async function fetchAvailableModels(token, projectId = null) {
     for (const endpoint of ANTIGRAVITY_ENDPOINT_FALLBACKS) {
         try {
             const url = `${endpoint}/v1internal:fetchAvailableModels`;
-            const response = await fetch(url, {
+            const response = await throttledFetch(url, {
                 method: 'POST',
                 headers,
                 body: JSON.stringify(body)
@@ -178,7 +179,7 @@ export async function getSubscriptionTier(token) {
     for (const endpoint of LOAD_CODE_ASSIST_ENDPOINTS) {
         try {
             const url = `${endpoint}/v1internal:loadCodeAssist`;
-            const response = await fetch(url, {
+            const response = await throttledFetch(url, {
                 method: 'POST',
                 headers,
                 body: JSON.stringify({

package/src/cloudcode/rate-limit-state.js

@@ -98,6 +98,47 @@ export function isPermanentAuthFailure(errorText) {
         lower.includes('credentials are invalid');
 }
 
+/**
+ * Detect if 403 error is due to VALIDATION_REQUIRED or PERMISSION_DENIED.
+ * These are account-level errors that should trigger account rotation,
+ * not just endpoint rotation. The account needs validation (e.g., captcha,
+ * terms acceptance) which cannot be resolved by trying different endpoints.
+ * @param {string} errorText - Error message from API
+ * @returns {boolean} True if validation/permission error requiring account rotation
+ */
+export function isValidationRequired(errorText) {
+    const lower = (errorText || '').toLowerCase();
+    return lower.includes('validation_required') ||
+        lower.includes('account_disabled') ||
+        lower.includes('user_disabled');
+}
+
+/**
+ * Extract the Google verification URL from an error message.
+ * The 403 VALIDATION_REQUIRED error contains a URL the user must visit.
+ * @param {string} errorText - Error message from the API
+ * @returns {string|null} The verification URL, or null if not found
+ */
+export function extractVerificationUrl(errorText) {
+    if (!errorText) return null;
+    // Try structured JSON first — the 403 response often has details[].metadata.validation_url
+    try {
+        const parsed = JSON.parse(errorText);
+        const details = parsed?.error?.details || [];
+        for (const detail of details) {
+            if (detail?.metadata?.validation_url) {
+                return detail.metadata.validation_url;
+            }
+        }
+    } catch {
+        // Not valid JSON or no structured field — fall through to regex
+    }
+    // Fallback: regex match for verification URL in unstructured text
+    const raw = errorText.match(/https:\/\/accounts\.google\.com\/signin\/continue\?[^\s"\\]+/);
+    if (!raw) return null;
+    return raw[0].replace(/[,.)}>\]]+$/, '');
+}
+
 /**
  * Detect if 429 error is due to model capacity (not user quota).
  * Capacity issues should retry on same account with shorter delay.

package/src/cloudcode/streaming-handler.js

@@ -18,8 +18,8 @@ import {
     MAX_CAPACITY_RETRIES,
     BACKOFF_BY_ERROR_TYPE
 } from '../constants.js';
-import { isRateLimitError, isAuthError, isEmptyResponseError } from '../errors.js';
-import { formatDuration, sleep, isNetworkError } from '../utils/helpers.js';
+import { isRateLimitError, isAuthError, isEmptyResponseError, isAccountForbiddenError, AccountForbiddenError } from '../errors.js';
+import { formatDuration, sleep, isNetworkError, throttledFetch } from '../utils/helpers.js';
 import { logger } from '../utils/logger.js';
 import { parseResetTime } from './rate-limit-parser.js';
 import { buildCloudCodeRequest, buildHeaders } from './request-builder.js';
@@ -30,6 +30,8 @@ import {
     clearRateLimitState,
     isPermanentAuthFailure,
     isModelCapacityExhausted,
+    isValidationRequired,
+    extractVerificationUrl,
     calculateSmartBackoff
 } from './rate-limit-state.js';
 import crypto from 'crypto';
@@ -63,6 +65,16 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
 
         // If no accounts available, check if we should wait or throw error
         if (availableAccounts.length === 0) {
+            // All accounts invalid? Fail immediately — they need user intervention (WebUI FIX button)
+            // Invalid accounts won't self-recover, so waiting would be an infinite loop
+            if (accountManager.isAllAccountsInvalid()) {
+                const invalidAccounts = accountManager.getInvalidAccounts();
+                const reasons = [...new Set(invalidAccounts.map(a => a.invalidReason).filter(Boolean))];
+                throw new Error(
+                    `All accounts are invalid: ${reasons.join('; ') || 'unknown reason'}. Visit the WebUI to fix them.`
+                );
+            }
+
             if (accountManager.isAllRateLimited(model)) {
                 const minWaitMs = accountManager.getMinWaitTimeMs(model);
                 const resetTime = new Date(Date.now() + minWaitMs).toISOString();
@@ -141,7 +153,7 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                 try {
                     const url = `${endpoint}/v1internal:streamGenerateContent?alt=sse`;
 
-                    const response = await fetch(url, {
+                    const response = await throttledFetch(url, {
                         method: 'POST',
                         headers: buildHeaders(token, model, 'text/event-stream', account.fingerprint),
                         body: JSON.stringify(payload)
@@ -268,6 +280,16 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                             throw new Error(`invalid_request_error: ${errorText}`);
                         }
 
+                        // 403 with VALIDATION_REQUIRED or PERMISSION_DENIED is an account-level error
+                        // The account needs validation (captcha, terms, etc.) - trying different endpoints won't help
+                        // Mark account as invalid (requires user intervention) and rotate (fixes #248)
+                        if (response.status === 403 && isValidationRequired(errorText)) {
+                            const verifyUrl = extractVerificationUrl(errorText);
+                            logger.warn(`[CloudCode] 403 VALIDATION_REQUIRED/PERMISSION_DENIED for ${account.email}, marking invalid and rotating account...`);
+                            accountManager.markInvalid(account.email, 'Account requires verification', verifyUrl);
+                            throw new AccountForbiddenError(errorText, account.email);
+                        }
+
                         lastError = new Error(`API error ${response.status}: ${errorText}`);
 
                         // Try next endpoint for 403/404/5xx errors (matches opencode-antigravity-auth behavior)
@@ -312,7 +334,7 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                             await sleep(backoffMs);
 
                             // Refetch the response
-                            currentResponse = await fetch(url, {
+                            currentResponse = await throttledFetch(url, {
                                 method: 'POST',
                                 headers: buildHeaders(token, model, 'text/event-stream', account.fingerprint),
                                 body: JSON.stringify(payload)
@@ -345,7 +367,7 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                                 if (currentResponse.status >= 500) {
                                     logger.warn(`[CloudCode] Retry got ${currentResponse.status}, will retry...`);
                                     await sleep(1000);
-                                    currentResponse = await fetch(url, {
+                                    currentResponse = await throttledFetch(url, {
                                         method: 'POST',
                                         headers: buildHeaders(token, model, 'text/event-stream', account.fingerprint),
                                         body: JSON.stringify(payload)
@@ -367,6 +389,10 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                     if (isEmptyResponseError(endpointError)) {
                         throw endpointError;
                     }
+                    // 403 account-level errors - re-throw to trigger account rotation
+                    if (isAccountForbiddenError(endpointError)) {
+                        throw endpointError;
+                    }
                     // 400 errors are client errors - re-throw immediately, don't retry
                     if (endpointError.message?.includes('400')) {
                         throw endpointError;
@@ -407,6 +433,13 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                 logger.warn(`[CloudCode] Account ${account.email} has invalid credentials, trying next...`);
                 continue;
             }
+            if (isAccountForbiddenError(error)) {
+                // 403 VALIDATION_REQUIRED / PERMISSION_DENIED - account-level error
+                // Already marked with cooldown, notify strategy and rotate to next account
+                accountManager.notifyFailure(account, model);
+                logger.warn(`[CloudCode] Account ${account.email} forbidden (403 VALIDATION_REQUIRED), trying next...`);
+                continue;
+            }
             // Handle 5xx errors
             if (error.message.includes('API error 5') || error.message.includes('500') || error.message.includes('503')) {
                 accountManager.notifyFailure(account, model);