antigravity-claude-proxy 2.7.7 → 2.8.0

package/public/views/accounts.html

@@ -190,12 +190,18 @@
                                 <div class="w-2 h-2 rounded-full flex-shrink-0"
                                      :class="acc.status === 'ok' ?
                                              'bg-neon-green shadow-[0_0_8px_rgba(34,197,94,0.6)] animate-pulse' :
-                                             'bg-red-500 shadow-[0_0_8px_rgba(239,68,68,0.6)]'">
+                                             (acc.status === 'banned' ? 
+                                              'bg-red-800 shadow-[0_0_8px_rgba(153,27,27,0.6)]' :
+                                              'bg-red-500 shadow-[0_0_8px_rgba(239,68,68,0.6)]')">
                                 </div>
                                 <span class="text-xs font-mono font-semibold"
-                                      :class="acc.status === 'ok' ? 'text-neon-green' : 'text-red-400'"
+                                      :class="acc.status === 'ok' ? 'text-neon-green' : (acc.status === 'banned' ? 'text-red-800' : 'text-red-400')"
                                       x-text="acc.status.toUpperCase()">
                                 </span>
+                                <p x-show="acc.status === 'banned'" 
+                                   class="text-[9px] text-red-600/70 mt-0.5 max-w-[200px] leading-tight"
+                                   x-text="acc.error || 'Gemini disabled for ToS violation'">
+                                </p>
                             </div>
                         </td>
                         <td class="py-4 pr-6">
@@ -207,6 +213,13 @@
                                     x-text="$store.global.t('fix')">
                                     FIX
                                 </button>
+                                <!-- Appeal Button (banned accounts only) -->
+                                <a x-show="acc.status === 'banned'"
+                                   href="mailto:gemini-code-assist-user-feedback@google.com"
+                                   class="px-3 py-1 text-[10px] font-bold font-mono uppercase tracking-wider rounded bg-red-900/20 text-red-400 hover:bg-red-900/30 border border-red-800/30 hover:border-red-800/50 transition-all"
+                                   title="Email Google to appeal this ban">
+                                   APPEAL
+                                </a>
                                 <!-- Settings Button (threshold) -->
                                 <button class="p-2 rounded hover:bg-white/10 text-gray-500 hover:text-neon-yellow transition-colors"
                                     @click="openThresholdModal(acc)"

package/src/account-manager/storage.js

@@ -4,13 +4,15 @@
  * Handles loading and saving account configuration to disk.
  */
 
-import { readFile, writeFile, mkdir, access } from 'fs/promises';
+import { readFile, writeFile, mkdir, access, rename } from 'fs/promises';
 import { constants as fsConstants } from 'fs';
 import { dirname } from 'path';
 import { ACCOUNT_CONFIG_PATH } from '../constants.js';
 import { getAuthStatus } from '../auth/database.js';
 import { logger } from '../utils/logger.js';
 
+let writeLock = null;
+
 /**
  * Load accounts from the config file
  *
@@ -107,8 +109,18 @@ export function loadDefaultAccount(dbPath) {
  * @param {number} activeIndex - Current active account index
  */
 export async function saveAccounts(configPath, accounts, settings, activeIndex) {
+    // Serialize writes to prevent concurrent corruption
+    const previousLock = writeLock;
+    let resolve;
+    writeLock = new Promise(r => { resolve = r; });
+
+    try {
+        if (previousLock) await previousLock;
+    } catch {
+        // Previous write failed, proceed anyway
+    }
+
     try {
-        // Ensure directory exists
         const dir = dirname(configPath);
         await mkdir(dir, { recursive: true });
 
@@ -116,7 +128,7 @@ export async function saveAccounts(configPath, accounts, settings, activeIndex)
             accounts: accounts.map(acc => ({
                 email: acc.email,
                 source: acc.source,
-                enabled: acc.enabled !== false, // Persist enabled state
+                enabled: acc.enabled !== false,
                 dbPath: acc.dbPath || null,
                 refreshToken: acc.source === 'oauth' ? acc.refreshToken : undefined,
                 apiKey: acc.source === 'manual' ? acc.apiKey : undefined,
@@ -127,19 +139,27 @@ export async function saveAccounts(configPath, accounts, settings, activeIndex)
                 verifyUrl: acc.verifyUrl || null,
                 modelRateLimits: acc.modelRateLimits || {},
                 lastUsed: acc.lastUsed,
-                // Persist subscription and quota data
                 subscription: acc.subscription || { tier: 'unknown', projectId: null, detectedAt: null },
                 quota: acc.quota || { models: {}, lastChecked: null },
-                // Persist quota threshold settings
-                quotaThreshold: acc.quotaThreshold,  // undefined omitted from JSON
+                quotaThreshold: acc.quotaThreshold,
                 modelQuotaThresholds: Object.keys(acc.modelQuotaThresholds || {}).length > 0 ? acc.modelQuotaThresholds : undefined
             })),
             settings: settings,
             activeIndex: activeIndex
         };
 
-        await writeFile(configPath, JSON.stringify(config, null, 2));
+        const json = JSON.stringify(config, null, 2);
+
+        // Validate JSON before writing (prevent saving corrupt data)
+        JSON.parse(json);
+
+        // Atomic write: write to temp file then rename
+        const tmpPath = configPath + '.tmp';
+        await writeFile(tmpPath, json);
+        await rename(tmpPath, configPath);
     } catch (error) {
         logger.error('[AccountManager] Failed to save config:', error.message);
+    } finally {
+        resolve();
     }
 }

package/src/cloudcode/message-handler.js

@@ -33,6 +33,7 @@ import {
     isModelCapacityExhausted,
     isValidationRequired,
     extractVerificationUrl,
+    isAccountBanned,
     calculateSmartBackoff
 } from './rate-limit-state.js';
 
@@ -295,6 +296,14 @@ export async function sendMessage(anthropicRequest, accountManager, fallbackEnab
                                 throw new AccountForbiddenError(errorText, account.email);
                             }
 
+                            // 403 with permanent ToS ban — account is permanently disabled by Google
+                            // Unlike VALIDATION_REQUIRED, this cannot be resolved by verification
+                            if (response.status === 403 && isAccountBanned(errorText)) {
+                                logger.warn(`[CloudCode] 403 ToS BANNED for ${account.email}, marking invalid permanently...`);
+                                accountManager.markInvalid(account.email, 'Account banned — Gemini disabled for Terms of Service violation');
+                                throw new AccountForbiddenError(errorText, account.email);
+                            }
+
                             lastError = new Error(`API error ${response.status}: ${errorText}`);
                             // Try next endpoint for 403/404/5xx errors (matches opencode-antigravity-auth behavior)
                             if (response.status === 403 || response.status === 404) {

package/src/cloudcode/model-api.js

@@ -96,6 +96,13 @@ export async function fetchAvailableModels(token, projectId = null) {
             if (!response.ok) {
                 const errorText = await response.text();
                 logger.warn(`[CloudCode] fetchAvailableModels error at ${endpoint}: ${response.status}`);
+                // Detect permanent ToS ban — no point trying other endpoints
+                if (response.status === 403) {
+                    const lower = (errorText || '').toLowerCase();
+                    if (lower.includes('has been disabled') && lower.includes('violation of terms of service')) {
+                        throw new Error(`ACCOUNT_BANNED: ${errorText}`);
+                    }
+                }
                 continue;
             }
 
@@ -189,7 +196,15 @@ export async function getSubscriptionTier(token) {
             });
 
             if (!response.ok) {
+                const errorText = await response.text().catch(() => '');
                 logger.warn(`[CloudCode] loadCodeAssist error at ${endpoint}: ${response.status}`);
+                // Detect permanent ToS ban — no point trying other endpoints
+                if (response.status === 403) {
+                    const lower = (errorText || '').toLowerCase();
+                    if (lower.includes('has been disabled') && lower.includes('violation of terms of service')) {
+                        throw new Error(`ACCOUNT_BANNED: ${errorText}`);
+                    }
+                }
                 continue;
             }
 

package/src/cloudcode/rate-limit-state.js

@@ -139,6 +139,18 @@ export function extractVerificationUrl(errorText) {
     return raw[0].replace(/[,.)}>\]]+$/, '');
 }
 
+/**
+ * Detect if 403 error is due to a permanent account ban (ToS violation).
+ * These accounts are permanently disabled by Google and cannot be recovered
+ * by retrying or re-authenticating. User must contact Google support to appeal.
+ * @param {string} errorText - Error message from API
+ * @returns {boolean} True if account is permanently banned
+ */
+export function isAccountBanned(errorText) {
+    const lower = (errorText || '').toLowerCase();
+    return lower.includes('has been disabled') && lower.includes('violation of terms of service');
+}
+
 /**
  * Detect if 429 error is due to model capacity (not user quota).
  * Capacity issues should retry on same account with shorter delay.

package/src/cloudcode/streaming-handler.js

@@ -32,6 +32,7 @@ import {
     isModelCapacityExhausted,
     isValidationRequired,
     extractVerificationUrl,
+    isAccountBanned,
     calculateSmartBackoff
 } from './rate-limit-state.js';
 import crypto from 'crypto';
@@ -290,6 +291,14 @@ export async function* sendMessageStream(anthropicRequest, accountManager, fallb
                             throw new AccountForbiddenError(errorText, account.email);
                         }
 
+                        // 403 with permanent ToS ban — account is permanently disabled by Google
+                        // Unlike VALIDATION_REQUIRED, this cannot be resolved by verification
+                        if (response.status === 403 && isAccountBanned(errorText)) {
+                            logger.warn(`[CloudCode] 403 ToS BANNED for ${account.email}, marking invalid permanently...`);
+                            accountManager.markInvalid(account.email, 'Account banned — Gemini disabled for Terms of Service violation');
+                            throw new AccountForbiddenError(errorText, account.email);
+                        }
+
                         lastError = new Error(`API error ${response.status}: ${errorText}`);
 
                         // Try next endpoint for 403/404/5xx errors (matches opencode-antigravity-auth behavior)

package/src/format/request-converter.js

@@ -19,7 +19,8 @@ import {
     hasUnsignedThinkingBlocks,
     needsThinkingRecovery,
     closeToolLoopForThinking,
-    cleanCacheControl
+    cleanCacheControl,
+    clampGeminiThinkingBudget
 } from './thinking-utils.js';
 import { logger } from '../utils/logger.js';
 
@@ -165,31 +166,32 @@ export function convertAnthropicToGoogle(anthropicRequest) {
                 include_thoughts: true
             };
 
-            // Only set thinking_budget if explicitly provided
-            const thinkingBudget = thinking?.budget_tokens;
-            if (thinkingBudget) {
-                thinkingConfig.thinking_budget = thinkingBudget;
-                logger.debug(`[RequestConverter] Claude thinking enabled with budget: ${thinkingBudget}`);
-
-                // Validate max_tokens > thinking_budget as required by the API
-                const currentMaxTokens = googleRequest.generationConfig.maxOutputTokens;
-                if (currentMaxTokens && currentMaxTokens <= thinkingBudget) {
-                    // Bump max_tokens to allow for some response content
-                    // Default to budget + 8192 (standard output buffer)
-                    const adjustedMaxTokens = thinkingBudget + 8192;
+            // Cloud Code API requires thinking_budget to actually produce thinking blocks.
+            // Without it, include_thoughts alone is ignored and Claude falls back to
+            // <thinking> XML tags in text. Default to 32000 when not provided (e.g. adaptive mode).
+            const thinkingBudget = thinking?.budget_tokens || 32000;
+            thinkingConfig.thinking_budget = thinkingBudget;
+            logger.debug(`[RequestConverter] Claude thinking enabled with budget: ${thinkingBudget}${!thinking?.budget_tokens ? ' (default)' : ''}`);
+
+            // Validate max_tokens > thinking_budget as required by the API
+            const currentMaxTokens = googleRequest.generationConfig.maxOutputTokens;
+            if (currentMaxTokens && currentMaxTokens <= thinkingBudget) {
+                const adjustedMaxTokens = thinkingBudget + 8192;
+                if (thinking?.budget_tokens) {
                     logger.warn(`[RequestConverter] max_tokens (${currentMaxTokens}) <= thinking_budget (${thinkingBudget}). Adjusting to ${adjustedMaxTokens} to satisfy API requirements`);
-                    googleRequest.generationConfig.maxOutputTokens = adjustedMaxTokens;
+                } else {
+                    logger.debug(`[RequestConverter] Adjusting max_tokens to ${adjustedMaxTokens} for default thinking budget`);
                 }
-            } else {
-                logger.debug('[RequestConverter] Claude thinking enabled (no budget specified)');
+                googleRequest.generationConfig.maxOutputTokens = adjustedMaxTokens;
             }
 
             googleRequest.generationConfig.thinkingConfig = thinkingConfig;
         } else if (isGeminiModel) {
             // Gemini thinking config (uses camelCase)
+            // Clamp budget to model-specific max (e.g., Gemini 2.5 Flash max is 24,576)
             const thinkingConfig = {
                 includeThoughts: true,
-                thinkingBudget: thinking?.budget_tokens || 16000
+                thinkingBudget: clampGeminiThinkingBudget(modelName, thinking?.budget_tokens)
             };
             logger.debug(`[RequestConverter] Gemini thinking enabled with budget: ${thinkingConfig.thinkingBudget}`);
 

package/src/format/thinking-utils.js

@@ -7,6 +7,56 @@ import { MIN_SIGNATURE_LENGTH } from '../constants.js';
 import { getCachedSignatureFamily } from './signature-cache.js';
 import { logger } from '../utils/logger.js';
 
+// ============================================================================
+// Gemini Thinking Budget Limits (Issue #289)
+// ============================================================================
+
+// Max thinking budget per Gemini model version
+// Gemini 2.5 Flash: max 24,576 (API error: "supported values are integers from 1 to 24576")
+const GEMINI_THINKING_BUDGET_LIMITS = {
+    '2.5': 24576,
+};
+const GEMINI_DEFAULT_THINKING_BUDGET = 16000;
+const GEMINI_DEFAULT_THINKING_BUDGET_LIMIT = 128000;
+
+/**
+ * Clamp thinking budget to the maximum supported by a Gemini model.
+ * Different Gemini versions have different limits (e.g., 2.5 Flash max is 24,576).
+ *
+ * @param {string} modelName - The Gemini model name
+ * @param {number|undefined} budget - Requested thinking budget from the client
+ * @returns {number} Clamped thinking budget
+ */
+export function clampGeminiThinkingBudget(modelName, budget) {
+    const requestedBudget = budget || GEMINI_DEFAULT_THINKING_BUDGET;
+    const lower = (modelName || '').toLowerCase();
+
+    // Extract version like "2.5" or "3" from "gemini-2.5-flash-thinking"
+    const versionMatch = lower.match(/gemini-(\d+(?:\.\d+)?)/);
+    let maxBudget = GEMINI_DEFAULT_THINKING_BUDGET_LIMIT;
+
+    if (versionMatch) {
+        const version = versionMatch[1];
+        // Check exact version (e.g., "2.5")
+        if (GEMINI_THINKING_BUDGET_LIMITS[version]) {
+            maxBudget = GEMINI_THINKING_BUDGET_LIMITS[version];
+        } else {
+            // Check major version (e.g., "2" for "2.5")
+            const major = version.split('.')[0];
+            if (GEMINI_THINKING_BUDGET_LIMITS[major]) {
+                maxBudget = GEMINI_THINKING_BUDGET_LIMITS[major];
+            }
+        }
+    }
+
+    if (requestedBudget > maxBudget) {
+        logger.debug(`[ThinkingUtils] Clamping Gemini thinking budget from ${requestedBudget} to ${maxBudget} for ${modelName}`);
+        return maxBudget;
+    }
+
+    return requestedBudget;
+}
+
 // ============================================================================
 // Cache Control Cleaning (Issue #189)
 // ============================================================================

package/src/server.js

@@ -259,9 +259,11 @@ app.get('/health', async (req, res) => {
 
                 // Skip invalid accounts for quota check
                 if (account.isInvalid) {
+                    const isBanned = account.invalidReason?.toLowerCase().includes('banned') || 
+                                     account.invalidReason?.toLowerCase().includes('terms of service');
                     return {
                         ...baseInfo,
-                        status: 'invalid',
+                        status: isBanned ? 'banned' : 'invalid',
                         error: account.invalidReason,
                         models: {}
                     };
@@ -394,6 +396,17 @@ app.get('/account-limits', async (req, res) => {
                         models: quotas
                     };
                 } catch (error) {
+                    // Detect ToS ban from quota/subscription fetch and mark account invalid
+                    if (error.message?.startsWith('ACCOUNT_BANNED:')) {
+                        accountManager.markInvalid(account.email, 'Account banned — Gemini disabled for Terms of Service violation');
+                        return {
+                            email: account.email,
+                            status: 'banned',
+                            error: 'Account banned — Gemini disabled for Terms of Service violation',
+                            subscription: account.subscription || { tier: 'unknown', projectId: null },
+                            models: {}
+                        };
+                    }
                     return {
                         email: account.email,
                         status: 'error',

package/src/utils/version-detector.js

@@ -10,7 +10,7 @@ import { existsSync } from 'fs';
  */
 
 // Fallback constant
-const FALLBACK_ANTIGRAVITY_VERSION = '1.18.3';
+const FALLBACK_ANTIGRAVITY_VERSION = '1.18.4';
 
 // Cache for the generated User-Agent string
 let cachedUserAgent = null;