antigravity-claude-proxy 2.7.1 → 2.7.3

package/src/account-manager/rate-limits.js

@@ -156,15 +156,17 @@ export function markRateLimited(accounts, email, resetMs = null, modelId) {
  * @param {Array} accounts - Array of account objects
  * @param {string} email - Email of the account to mark
  * @param {string} reason - Reason for marking as invalid
+ * @param {string|null} verifyUrl - Optional verification URL (for 403 VALIDATION_REQUIRED)
  * @returns {boolean} True if account was found and marked
  */
-export function markInvalid(accounts, email, reason = 'Unknown error') {
+export function markInvalid(accounts, email, reason = 'Unknown error', verifyUrl = null) {
     const account = accounts.find(a => a.email === email);
     if (!account) return false;
 
     account.isInvalid = true;
     account.invalidReason = reason;
     account.invalidAt = Date.now();
+    account.verifyUrl = verifyUrl || null;
 
     logger.error(
         `[AccountManager] ⚠ Account INVALID: ${email}`
@@ -172,6 +174,11 @@ export function markInvalid(accounts, email, reason = 'Unknown error') {
     logger.error(
         `[AccountManager]   Reason: ${reason}`
     );
+    if (verifyUrl) {
+        logger.error(
+            `[AccountManager]   Verification URL: ${verifyUrl}`
+        );
+    }
     logger.error(
         `[AccountManager]   Run 'npm run accounts' to re-authenticate this account`
     );
@@ -179,6 +186,25 @@ export function markInvalid(accounts, email, reason = 'Unknown error') {
     return true;
 }
 
+/**
+ * Clear invalid status for an account (after user completes verification)
+ *
+ * @param {Array} accounts - Array of account objects
+ * @param {string} email - Email of the account to clear
+ * @returns {boolean} True if account was found and cleared
+ */
+export function clearInvalid(accounts, email) {
+    const account = accounts.find(a => a.email === email);
+    if (!account) return false;
+
+    account.isInvalid = false;
+    account.invalidReason = null;
+    account.verifyUrl = null;
+
+    logger.info(`[AccountManager] ✓ Account re-enabled: ${email}`);
+    return true;
+}
+
 /**
  * Get the minimum wait time until any account becomes available for a model
  *

package/src/account-manager/storage.js

@@ -10,7 +10,6 @@ import { dirname } from 'path';
 import { ACCOUNT_CONFIG_PATH } from '../constants.js';
 import { getAuthStatus } from '../auth/database.js';
 import { logger } from '../utils/logger.js';
-import { generateFingerprint, updateFingerprintVersion } from '../utils/fingerprint.js';
 
 /**
  * Load accounts from the config file
@@ -29,21 +28,18 @@ export async function loadAccounts(configPath = ACCOUNT_CONFIG_PATH) {
             ...acc,
             lastUsed: acc.lastUsed || null,
             enabled: acc.enabled !== false, // Default to true if not specified
-            // Reset invalid flag on startup - give accounts a fresh chance to refresh
-            isInvalid: false,
-            invalidReason: null,
+            // Reset invalid flag on startup - give accounts a fresh chance
+            // EXCEPT accounts with a verifyUrl — those need user intervention
+            isInvalid: acc.verifyUrl ? (acc.isInvalid || false) : false,
+            invalidReason: acc.verifyUrl ? (acc.invalidReason || null) : null,
+            verifyUrl: acc.verifyUrl || null,
             modelRateLimits: acc.modelRateLimits || {},
             // New fields for subscription and quota tracking
             subscription: acc.subscription || { tier: 'unknown', projectId: null, detectedAt: null },
             quota: acc.quota || { models: {}, lastChecked: null },
             // Quota threshold settings (per-account and per-model overrides)
             quotaThreshold: acc.quotaThreshold,  // undefined means use global
-            modelQuotaThresholds: acc.modelQuotaThresholds || {},
-            // Fingerprint management
-            fingerprint: acc.fingerprint
-                ? updateFingerprintVersion(acc.fingerprint)
-                : generateFingerprint(),
-            fingerprintHistory: acc.fingerprintHistory || []
+            modelQuotaThresholds: acc.modelQuotaThresholds || {}
         }));
 
         const settings = config.settings || {};
@@ -82,8 +78,7 @@ export function loadDefaultAccount(dbPath) {
                 email: authData.email || 'default@antigravity',
                 source: 'database',
                 lastUsed: null,
-                modelRateLimits: {},
-                fingerprint: generateFingerprint()
+                modelRateLimits: {}
             };
 
             const tokenCache = new Map();
@@ -129,6 +124,7 @@ export async function saveAccounts(configPath, accounts, settings, activeIndex)
                 addedAt: acc.addedAt || undefined,
                 isInvalid: acc.isInvalid || false,
                 invalidReason: acc.invalidReason || null,
+                verifyUrl: acc.verifyUrl || null,
                 modelRateLimits: acc.modelRateLimits || {},
                 lastUsed: acc.lastUsed,
                 // Persist subscription and quota data
@@ -136,10 +132,7 @@ export async function saveAccounts(configPath, accounts, settings, activeIndex)
                 quota: acc.quota || { models: {}, lastChecked: null },
                 // Persist quota threshold settings
                 quotaThreshold: acc.quotaThreshold,  // undefined omitted from JSON
-                modelQuotaThresholds: Object.keys(acc.modelQuotaThresholds || {}).length > 0 ? acc.modelQuotaThresholds : undefined,
-                // Persist fingerprint data
-                fingerprint: acc.fingerprint,
-                fingerprintHistory: acc.fingerprintHistory && acc.fingerprintHistory.length > 0 ? acc.fingerprintHistory : undefined
+                modelQuotaThresholds: Object.keys(acc.modelQuotaThresholds || {}).length > 0 ? acc.modelQuotaThresholds : undefined
             })),
             settings: settings,
             activeIndex: activeIndex

package/src/auth/oauth.js

@@ -16,6 +16,7 @@ import {
     OAUTH_REDIRECT_URI
 } from '../constants.js';
 import { logger } from '../utils/logger.js';
+import { throttledFetch } from '../utils/helpers.js';
 import { onboardUser, getDefaultTierId } from '../account-manager/onboarding.js';
 
 /**
@@ -354,7 +355,7 @@ Option 4: Exclude port from reservation (run as Administrator)
  * @returns {Promise<{accessToken: string, refreshToken: string, expiresIn: number}>} OAuth tokens
  */
 export async function exchangeCode(code, verifier) {
-    const response = await fetch(OAUTH_CONFIG.tokenUrl, {
+    const response = await throttledFetch(OAUTH_CONFIG.tokenUrl, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/x-www-form-urlencoded'
@@ -402,7 +403,7 @@ export async function refreshAccessToken(compositeRefresh) {
     // Parse the composite refresh token to extract the actual OAuth token
     const parts = parseRefreshParts(compositeRefresh);
 
-    const response = await fetch(OAUTH_CONFIG.tokenUrl, {
+    const response = await throttledFetch(OAUTH_CONFIG.tokenUrl, {
         method: 'POST',
         headers: {
             'Content-Type': 'application/x-www-form-urlencoded'
@@ -434,7 +435,7 @@ export async function refreshAccessToken(compositeRefresh) {
  * @returns {Promise<string>} User's email address
  */
 export async function getUserEmail(accessToken) {
-    const response = await fetch(OAUTH_CONFIG.userInfoUrl, {
+    const response = await throttledFetch(OAUTH_CONFIG.userInfoUrl, {
         headers: {
             'Authorization': `Bearer ${accessToken}`
         }
@@ -461,7 +462,7 @@ export async function discoverProjectId(accessToken) {
 
     for (const endpoint of ANTIGRAVITY_ENDPOINT_FALLBACKS) {
         try {
-            const response = await fetch(`${endpoint}/v1internal:loadCodeAssist`, {
+            const response = await throttledFetch(`${endpoint}/v1internal:loadCodeAssist`, {
                 method: 'POST',
                 headers: {
                     'Authorization': `Bearer ${accessToken}`,

package/src/cli/accounts.js

@@ -50,7 +50,7 @@ function isServerRunning() {
             resolve(false);
         });
 
-        socket.on('error', () => {
+        socket.on('error', (err) => {
             socket.destroy();
             resolve(false); // Port free
         });
@@ -143,9 +143,7 @@ function saveAccounts(accounts, settings = {}) {
                 projectId: acc.projectId,
                 addedAt: acc.addedAt || new Date().toISOString(),
                 lastUsed: acc.lastUsed || null,
-                modelRateLimits: acc.modelRateLimits || {},
-                fingerprint: acc.fingerprint,
-                fingerprintHistory: acc.fingerprintHistory
+                modelRateLimits: acc.modelRateLimits || {}
             })),
             settings: {
                 maxRetries: 5,

package/src/cloudcode/message-handler.js

@@ -19,8 +19,8 @@ import {
     isThinkingModel
 } from '../constants.js';
 import { convertGoogleToAnthropic } from '../format/index.js';
-import { isRateLimitError, isAuthError } from '../errors.js';
-import { formatDuration, sleep, isNetworkError } from '../utils/helpers.js';
+import { isRateLimitError, isAuthError, isAccountForbiddenError, AccountForbiddenError } from '../errors.js';
+import { formatDuration, sleep, isNetworkError, throttledFetch } from '../utils/helpers.js';
 import { logger } from '../utils/logger.js';
 import { parseResetTime } from './rate-limit-parser.js';
 import { buildCloudCodeRequest, buildHeaders } from './request-builder.js';
@@ -31,6 +31,8 @@ import {
     clearRateLimitState,
     isPermanentAuthFailure,
     isModelCapacityExhausted,
+    isValidationRequired,
+    extractVerificationUrl,
     calculateSmartBackoff
 } from './rate-limit-state.js';
 
@@ -64,6 +66,16 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
 
         // If no accounts available, check if we should wait or throw error
         if (availableAccounts.length === 0) {
+            // All accounts invalid? Fail immediately — they need user intervention (WebUI FIX button)
+            // Invalid accounts won't self-recover, so waiting would be an infinite loop
+            if (accountManager.isAllAccountsInvalid()) {
+                const invalidAccounts = accountManager.getInvalidAccounts();
+                const reasons = [...new Set(invalidAccounts.map(a => a.invalidReason).filter(Boolean))];
+                throw new Error(
+                    `All accounts are invalid: ${reasons.join('; ') || 'unknown reason'}. Visit the WebUI to fix them.`
+                );
+            }
+
             if (accountManager.isAllRateLimited(model)) {
                 const minWaitMs = accountManager.getMinWaitTimeMs(model);
                 const resetTime = new Date(Date.now() + minWaitMs).toISOString();
@@ -143,9 +155,9 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                         ? `${endpoint}/v1internal:streamGenerateContent?alt=sse`
                         : `${endpoint}/v1internal:generateContent`;
 
-                    const response = await fetch(url, {
+                    const response = await throttledFetch(url, {
                         method: 'POST',
-                        headers: buildHeaders(token, model, isThinking ? 'text/event-stream' : 'application/json', account.fingerprint),
+                        headers: buildHeaders(token, model, isThinking ? 'text/event-stream' : 'application/json'),
                         body: JSON.stringify(payload)
                     });
 
@@ -273,6 +285,16 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                                 throw new Error(`invalid_request_error: ${errorText}`);
                             }
 
+                            // 403 with VALIDATION_REQUIRED or PERMISSION_DENIED is an account-level error
+                            // The account needs validation (captcha, terms, etc.) - trying different endpoints won't help
+                            // Mark account as invalid (requires user intervention) and rotate (fixes #248)
+                            if (response.status === 403 && isValidationRequired(errorText)) {
+                                const verifyUrl = extractVerificationUrl(errorText);
+                                logger.warn(`[CloudCode] 403 VALIDATION_REQUIRED/PERMISSION_DENIED for ${account.email}, marking invalid and rotating account...`);
+                                accountManager.markInvalid(account.email, 'Account requires verification', verifyUrl);
+                                throw new AccountForbiddenError(errorText, account.email);
+                            }
+
                             lastError = new Error(`API error ${response.status}: ${errorText}`);
                             // Try next endpoint for 403/404/5xx errors (matches opencode-antigravity-auth behavior)
                             if (response.status === 403 || response.status === 404) {
@@ -307,6 +329,10 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                     if (isRateLimitError(endpointError)) {
                         throw endpointError; // Re-throw to trigger account switch
                     }
+                    // 403 account-level errors - re-throw to trigger account rotation
+                    if (isAccountForbiddenError(endpointError)) {
+                        throw endpointError;
+                    }
                     // 400 errors are client errors - re-throw immediately, don't retry
                     if (endpointError.message?.includes('400')) {
                         throw endpointError;
@@ -347,6 +373,13 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                 logger.warn(`[CloudCode] Account ${account.email} has invalid credentials, trying next...`);
                 continue;
             }
+            if (isAccountForbiddenError(error)) {
+                // 403 VALIDATION_REQUIRED / PERMISSION_DENIED - account-level error
+                // Already marked with cooldown, notify strategy and rotate to next account
+                accountManager.notifyFailure(account, model);
+                logger.warn(`[CloudCode] Account ${account.email} forbidden (403 VALIDATION_REQUIRED), trying next...`);
+                continue;
+            }
             // Handle 5xx errors
             if (error.message.includes('API error 5') || error.message.includes('500') || error.message.includes('503')) {
                 accountManager.notifyFailure(account, model);

package/src/cloudcode/model-api.js

@@ -14,6 +14,7 @@ import {
     MODEL_VALIDATION_CACHE_TTL_MS
 } from '../constants.js';
 import { logger } from '../utils/logger.js';
+import { throttledFetch } from '../utils/helpers.js';
 
 // Model validation cache
 const modelCache = {
@@ -86,7 +87,7 @@ export async function fetchAvailableModels(token, projectId = null) {
     for (const endpoint of ANTIGRAVITY_ENDPOINT_FALLBACKS) {
         try {
             const url = `${endpoint}/v1internal:fetchAvailableModels`;
-            const response = await fetch(url, {
+            const response = await throttledFetch(url, {
                 method: 'POST',
                 headers,
                 body: JSON.stringify(body)
@@ -178,7 +179,7 @@ export async function getSubscriptionTier(token) {
     for (const endpoint of LOAD_CODE_ASSIST_ENDPOINTS) {
         try {
             const url = `${endpoint}/v1internal:loadCodeAssist`;
-            const response = await fetch(url, {
+            const response = await throttledFetch(url, {
                 method: 'POST',
                 headers,
                 body: JSON.stringify({

package/src/cloudcode/rate-limit-state.js

@@ -98,6 +98,47 @@ export function isPermanentAuthFailure(errorText) {
         lower.includes('credentials are invalid');
 }
 
+/**
+ * Detect if 403 error is due to VALIDATION_REQUIRED or PERMISSION_DENIED.
+ * These are account-level errors that should trigger account rotation,
+ * not just endpoint rotation. The account needs validation (e.g., captcha,
+ * terms acceptance) which cannot be resolved by trying different endpoints.
+ * @param {string} errorText - Error message from API
+ * @returns {boolean} True if validation/permission error requiring account rotation
+ */
+export function isValidationRequired(errorText) {
+    const lower = (errorText || '').toLowerCase();
+    return lower.includes('validation_required') ||
+        lower.includes('account_disabled') ||
+        lower.includes('user_disabled');
+}
+
+/**
+ * Extract the Google verification URL from an error message.
+ * The 403 VALIDATION_REQUIRED error contains a URL the user must visit.
+ * @param {string} errorText - Error message from the API
+ * @returns {string|null} The verification URL, or null if not found
+ */
+export function extractVerificationUrl(errorText) {
+    if (!errorText) return null;
+    // Try structured JSON first — the 403 response often has details[].metadata.validation_url
+    try {
+        const parsed = JSON.parse(errorText);
+        const details = parsed?.error?.details || [];
+        for (const detail of details) {
+            if (detail?.metadata?.validation_url) {
+                return detail.metadata.validation_url;
+            }
+        }
+    } catch {
+        // Not valid JSON or no structured field — fall through to regex
+    }
+    // Fallback: regex match for verification URL in unstructured text
+    const raw = errorText.match(/https:\/\/accounts\.google\.com\/signin\/continue\?[^\s"\\]+/);
+    if (!raw) return null;
+    return raw[0].replace(/[,.)}>\]]+$/, '');
+}
+
 /**
  * Detect if 429 error is due to model capacity (not user quota).
  * Capacity issues should retry on same account with shorter delay.

package/src/cloudcode/request-builder.js

@@ -13,7 +13,6 @@ import {
 } from '../constants.js';
 import { convertAnthropicToGoogle } from '../format/index.js';
 import { deriveSessionId } from './session-manager.js';
-import { buildFingerprintHeaders } from '../utils/fingerprint.js';
 
 /**
  * Build the wrapped request body for Cloud Code API
@@ -70,17 +69,13 @@ export function buildCloudCodeRequest(anthropicRequest, projectId) {
  * @param {string} token - OAuth access token
  * @param {string} model - Model name
  * @param {string} accept - Accept header value (default: 'application/json')
- * @param {Object} [fingerprint] - Optional device fingerprint for header randomization
  * @returns {Object} Headers object
  */
-export function buildHeaders(token, model, accept = 'application/json', fingerprint = null) {
-    const fingerprintHeaders = fingerprint ? buildFingerprintHeaders(fingerprint) : {};
-
+export function buildHeaders(token, model, accept = 'application/json') {
     const headers = {
         'Authorization': `Bearer ${token}`,
         'Content-Type': 'application/json',
-        ...ANTIGRAVITY_HEADERS,
-        ...fingerprintHeaders
+        ...ANTIGRAVITY_HEADERS
     };
 
     const modelFamily = getModelFamily(model);

package/src/cloudcode/streaming-handler.js

@@ -18,8 +18,8 @@ import {
     MAX_CAPACITY_RETRIES,
     BACKOFF_BY_ERROR_TYPE
 } from '../constants.js';
-import { isRateLimitError, isAuthError, isEmptyResponseError } from '../errors.js';
-import { formatDuration, sleep, isNetworkError } from '../utils/helpers.js';
+import { isRateLimitError, isAuthError, isEmptyResponseError, isAccountForbiddenError, AccountForbiddenError } from '../errors.js';
+import { formatDuration, sleep, isNetworkError, throttledFetch } from '../utils/helpers.js';
 import { logger } from '../utils/logger.js';
 import { parseResetTime } from './rate-limit-parser.js';
 import { buildCloudCodeRequest, buildHeaders } from './request-builder.js';
@@ -30,6 +30,8 @@ import {
     clearRateLimitState,
     isPermanentAuthFailure,
     isModelCapacityExhausted,
+    isValidationRequired,
+    extractVerificationUrl,
     calculateSmartBackoff
 } from './rate-limit-state.js';
 import crypto from 'crypto';
@@ -63,6 +65,16 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
 
         // If no accounts available, check if we should wait or throw error
         if (availableAccounts.length === 0) {
+            // All accounts invalid? Fail immediately — they need user intervention (WebUI FIX button)
+            // Invalid accounts won't self-recover, so waiting would be an infinite loop
+            if (accountManager.isAllAccountsInvalid()) {
+                const invalidAccounts = accountManager.getInvalidAccounts();
+                const reasons = [...new Set(invalidAccounts.map(a => a.invalidReason).filter(Boolean))];
+                throw new Error(
+                    `All accounts are invalid: ${reasons.join('; ') || 'unknown reason'}. Visit the WebUI to fix them.`
+                );
+            }
+
             if (accountManager.isAllRateLimited(model)) {
                 const minWaitMs = accountManager.getMinWaitTimeMs(model);
                 const resetTime = new Date(Date.now() + minWaitMs).toISOString();
@@ -141,9 +153,9 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                 try {
                     const url = `${endpoint}/v1internal:streamGenerateContent?alt=sse`;
 
-                    const response = await fetch(url, {
+                    const response = await throttledFetch(url, {
                         method: 'POST',
-                        headers: buildHeaders(token, model, 'text/event-stream', account.fingerprint),
+                        headers: buildHeaders(token, model, 'text/event-stream'),
                         body: JSON.stringify(payload)
                     });
 
@@ -268,6 +280,16 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                             throw new Error(`invalid_request_error: ${errorText}`);
                         }
 
+                        // 403 with VALIDATION_REQUIRED or PERMISSION_DENIED is an account-level error
+                        // The account needs validation (captcha, terms, etc.) - trying different endpoints won't help
+                        // Mark account as invalid (requires user intervention) and rotate (fixes #248)
+                        if (response.status === 403 && isValidationRequired(errorText)) {
+                            const verifyUrl = extractVerificationUrl(errorText);
+                            logger.warn(`[CloudCode] 403 VALIDATION_REQUIRED/PERMISSION_DENIED for ${account.email}, marking invalid and rotating account...`);
+                            accountManager.markInvalid(account.email, 'Account requires verification', verifyUrl);
+                            throw new AccountForbiddenError(errorText, account.email);
+                        }
+
                         lastError = new Error(`API error ${response.status}: ${errorText}`);
 
                         // Try next endpoint for 403/404/5xx errors (matches opencode-antigravity-auth behavior)
@@ -312,9 +334,9 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                             await sleep(backoffMs);
 
                             // Refetch the response
-                            currentResponse = await fetch(url, {
+                            currentResponse = await throttledFetch(url, {
                                 method: 'POST',
-                                headers: buildHeaders(token, model, 'text/event-stream', account.fingerprint),
+                                headers: buildHeaders(token, model, 'text/event-stream'),
                                 body: JSON.stringify(payload)
                             });
 
@@ -345,9 +367,9 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                                 if (currentResponse.status >= 500) {
                                     logger.warn(`[CloudCode] Retry got ${currentResponse.status}, will retry...`);
                                     await sleep(1000);
-                                    currentResponse = await fetch(url, {
+                                    currentResponse = await throttledFetch(url, {
                                         method: 'POST',
-                                        headers: buildHeaders(token, model, 'text/event-stream', account.fingerprint),
+                                        headers: buildHeaders(token, model, 'text/event-stream'),
                                         body: JSON.stringify(payload)
                                     });
                                     if (currentResponse.ok) {
@@ -367,6 +389,10 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                     if (isEmptyResponseError(endpointError)) {
                         throw endpointError;
                     }
+                    // 403 account-level errors - re-throw to trigger account rotation
+                    if (isAccountForbiddenError(endpointError)) {
+                        throw endpointError;
+                    }
                     // 400 errors are client errors - re-throw immediately, don't retry
                     if (endpointError.message?.includes('400')) {
                         throw endpointError;
@@ -407,6 +433,13 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                 logger.warn(`[CloudCode] Account ${account.email} has invalid credentials, trying next...`);
                 continue;
             }
+            if (isAccountForbiddenError(error)) {
+                // 403 VALIDATION_REQUIRED / PERMISSION_DENIED - account-level error
+                // Already marked with cooldown, notify strategy and rotate to next account
+                accountManager.notifyFailure(account, model);
+                logger.warn(`[CloudCode] Account ${account.email} forbidden (403 VALIDATION_REQUIRED), trying next...`);
+                continue;
+            }
             // Handle 5xx errors
             if (error.message.includes('API error 5') || error.message.includes('500') || error.message.includes('503')) {
                 accountManager.notifyFailure(account, model);

package/src/config.js

@@ -43,6 +43,8 @@ const DEFAULT_CONFIG = {
     maxWaitBeforeErrorMs: 120000, // 2 minutes
     maxAccounts: 10, // Maximum number of accounts allowed
     globalQuotaThreshold: 0, // 0 = disabled, 0.01-0.99 = minimum quota fraction before switching accounts
+    requestThrottlingEnabled: false, // Opt-in: enable delay before Google API requests
+    requestDelayMs: 200, // Delay in ms when throttling enabled (100-5000ms)
     // Rate limit handling (matches opencode-antigravity-auth)
     rateLimitDedupWindowMs: 2000,  // 2 seconds - prevents concurrent retry storms
     maxConsecutiveFailures: 3,     // Before applying extended cooldown

package/src/constants.js

@@ -33,7 +33,7 @@ function getAntigravityDbPath() {
 function getPlatformUserAgent() {
     const os = platform();
     const architecture = arch();
-    return `antigravity/${ANTIGRAVITY_VERSION} ${os}/${architecture}`;
+    return `antigravity/1.16.5 ${os}/${architecture}`;
 }
 
 // IDE Type enum (numeric values as expected by Cloud Code API)
@@ -92,9 +92,6 @@ export const ANTIGRAVITY_ENDPOINT_FALLBACKS = [
     ANTIGRAVITY_ENDPOINT_PROD
 ];
 
-// Antigravity version used for User-Agent
-export const ANTIGRAVITY_VERSION = '1.16.5';
-
 // Required headers for Antigravity API requests
 export const ANTIGRAVITY_HEADERS = {
     'User-Agent': getPlatformUserAgent(),

package/src/errors.js

@@ -166,6 +166,37 @@ export class CapacityExhaustedError extends AntigravityError {
     }
 }
 
+/**
+ * Account forbidden error (403 VALIDATION_REQUIRED / PERMISSION_DENIED)
+ * These are account-level errors where the account needs validation or has been
+ * disabled. Trying different endpoints won't help - need to rotate to another account.
+ */
+export class AccountForbiddenError extends AntigravityError {
+    /**
+     * @param {string} message - Error message
+     * @param {string} accountEmail - Email of the forbidden account
+     */
+    constructor(message, accountEmail = null) {
+        super(message, 'ACCOUNT_FORBIDDEN', false, { accountEmail });
+        this.name = 'AccountForbiddenError';
+        this.accountEmail = accountEmail;
+    }
+}
+
+/**
+ * Check if an error is an account forbidden error (403 VALIDATION_REQUIRED / PERMISSION_DENIED)
+ * These errors indicate the account itself is blocked and need account rotation, not endpoint rotation.
+ * @param {Error} error - Error to check
+ * @returns {boolean}
+ */
+export function isAccountForbiddenError(error) {
+    if (error instanceof AccountForbiddenError) return true;
+    // Fallback string check only for errors that couldn't use the typed class
+    // (e.g., errors crossing module boundaries). Only match our own prefixed format.
+    const msg = (error.message || '');
+    return msg.startsWith('ACCOUNT_FORBIDDEN:');
+}
+
 /**
  * Check if an error is a rate limit error
  * Works with both custom error classes and legacy string-based errors
@@ -225,6 +256,7 @@ export default {
     AntigravityError,
     RateLimitError,
     AuthError,
+    AccountForbiddenError,
     NoAccountsError,
     MaxRetriesError,
     ApiError,
@@ -233,6 +265,7 @@ export default {
     CapacityExhaustedError,
     isRateLimitError,
     isAuthError,
+    isAccountForbiddenError,
     isEmptyResponseError,
     isCapacityExhaustedError
 };

package/src/server.js

@@ -576,8 +576,6 @@ app.get('/account-limits', async (req, res) => {
                     // Quota threshold settings
                     quotaThreshold: metadata.quotaThreshold,
                     modelQuotaThresholds: metadata.modelQuotaThresholds || {},
-                    // Include fingerprint existence (details via /api/accounts/:email/fingerprint)
-                    hasFingerprint: !!metadata.fingerprint,
                     // Subscription data (new)
                     subscription: acc.subscription || metadata.subscription || { tier: 'unknown', projectId: null },
                     // Quota limits

package/src/utils/helpers.js

@@ -1,6 +1,7 @@
 import { readFileSync } from 'fs';
 import { fileURLToPath } from 'url';
 import path from 'path';
+import { config } from '../config.js';
 
 /**
  * Shared Utility Functions
@@ -71,6 +72,23 @@ export function isNetworkError(error) {
     );
 }
 
+/**
+ * Throttled fetch that applies a configurable delay before each request
+ * Only applies delay when requestThrottlingEnabled is true
+ * @param {string|URL} url - The URL to fetch
+ * @param {RequestInit} [options] - Fetch options
+ * @returns {Promise<Response>} Fetch response
+ */
+export async function throttledFetch(url, options) {
+    if (config.requestThrottlingEnabled) {
+        const delayMs = config.requestDelayMs || 200;
+        if (delayMs > 0) {
+            await sleep(delayMs);
+        }
+    }
+    return fetch(url, options);
+}
+
 /**
  * Generate random jitter for backoff timing (Thundering Herd Prevention)
  * Prevents all clients from retrying at the exact same moment after errors.