Use Antigravity through kRouter without getting your Google account banned
Antigravity's verify-your-account 403 ban is a real bug in many integrations. Here is why it happens — string vs numeric enums in loadCodeAssist — and how kRouter fixes it at byte level.
If you have ever connected a third-party tool to Antigravity and gotten a "verify your account" error within minutes, you are not alone. Several Antigravity integration tools have a subtle bug that triggers Google's anti-abuse layer and locks accounts. This post explains why, and how kRouter avoids it.
What the ban looks like
You sign in to Antigravity through your tool of choice. The OAuth flow completes. You send your first request. Two seconds later:
HTTP 403: This account requires verification.
Please contact support.Your account is functionally locked. Some tools then loop the OAuth flow, which makes it worse -- the more failed verifications you trigger, the more permanent the lock becomes.
The root cause: string vs numeric enums
Antigravity uses two metadata calls at session start:
- OAuth token call -- sends numeric enums:
ideType: 9, pluginType: 2 loadCodeAssistbootstrap call -- should send the same numeric enums
The OAuth flow is correct everywhere. The bootstrap call is where things go wrong.
Several integrations were sending string enums in the bootstrap call:
{ "ideType": "VSCODE", "pluginType": "GEMINI" }Numerically: 9 = VSCODE, 2 = GEMINI. Same intent, different encoding.
Google's anti-abuse layer correlates the two calls. A token-bootstrap mismatch -- numeric in the first, string in the second -- is a strong signal of a third-party tool spoofing the official client. The mismatch flags the account for review, and the review triggers the 403.
The v0.5.46 fix in detail
The root cause was identified in kRouter v0.5.46. The upstream loadCodeAssist helper was constructing enums from a TypeScript enum type that serialized to strings when sent over the wire. The fix was surgical: the bootstrap helper now reads from the same getOAuthClientMetadata() source the OAuth call uses, ensuring byte-exact parity:
// Bootstrap call now uses the same source as OAuth.
const metadata = getOAuthClientMetadata();
// Both calls send: { ideType: 9, pluginType: 2 }This matters because Google's anti-abuse layer does not just check "is this a valid ideType value" -- it checks "does this ideType encoding match what the OAuth handshake sent." The old string encoding was a valid ideType but a mismatched encoding, and that mismatch was the trigger.
We diagnosed and fixed this on the upstream decolua/9router issue #270, and ported the fix in kRouter 0.5.35. The enum parity fix was further hardened in v0.5.46 after we traced additional edge cases.
The v0.5.47 permanent-ban flag
Even with byte parity, occasional 403s do happen -- usage spikes, account flags, false positives. Before v0.5.47, kRouter would retry these 403s, which compounded the problem: each retry triggered another anti-abuse check, deepening the ban.
v0.5.47 introduced a permanent-ban classifier that reads the error response body and categorizes 403s:
- Temporary 403 ("rate limit exceeded", "try again later"): standard cooldown, kRouter backs off for the provider's specified window and the account stays in the pool.
- Permanent 403 ("verify your account", "this account is suspended", "account under review"): account is marked
permanent: truein the routing table, removed from the active pool for 24 hours, and kRouter logs a dashboard warning.
The classifier uses substring matching against known Google anti-abuse response texts. When an account hits a permanent ban, kRouter stops sending requests to it immediately -- no retries, no "maybe it will work this time." The account re-enters the pool after 24 hours, and if it gets flagged again, the lockout doubles.
The v0.5.57 thinking intent fix
A related Antigravity issue surfaced around thinking models. When kRouter sent requests with thinking intent through Antigravity, the Antigravity blacklist would strip the thinking parameter, causing the model to behave differently than expected. v0.5.57 preserves thinking intent across the Antigravity translation layer so the model's reasoning behavior matches what your IDE requested.
Best practices
- Use kRouter for every Antigravity integration. If you have multiple tools hitting Antigravity, the safest setup is to route them all through kRouter so the byte parity holds across all of them.
- Do not stack identical tools. Two parallel integrations of the same broken tool (both sending string enums) doubles the flag rate.
- Watch the dashboard. When kRouter marks an account permanent, take it seriously. The dashboard shows which accounts are flagged and when they will re-enter the pool.
- Use multiple accounts. With round-robin routing across two or three Antigravity accounts, even a transient flag on one does not block your work. See our multi-account routing post for setup details.
- Do not pair Antigravity with random third-party integrations. Other tools that hit the same Google API endpoints without enum parity will trigger the same anti-abuse checks and can contaminate your account's reputation.
What if I am already banned?
A permanent ban from Antigravity's anti-abuse layer is real and rarely auto-resolved. Three options:
- Wait 30 days. Sometimes the flag rolls off.
- Contact Google Cloud support. Cite that you were using a third-party integration that had a known bootstrap bug. They have historically been responsive.
- Use a different Google account. Make sure you route through kRouter from day one this time.
A combo that survives flagging
1. ag/claude-opus-4-6-thinking # primary (with byte-parity)
2. kr/claude-sonnet-4.5 # Kiro Sonnet fallback
3. glm/glm-5.1 # paid overflowIf Antigravity flags account 1, kRouter immediately falls to Kiro. Your IDE never sees an error. The dashboard alerts you, and the flagged account re-enters the pool after cooldown.
Install
npm install -g @sifxprime/krouter
krouter -t
# Dashboard -> Providers -> Antigravity -> OAuthThe verify-account fix is baked in. You do not need to configure it. Check the changelog for the full v0.5.46-47 fix history.
Architecture deep-dive: /docs/architecture.
Klaw is the Kodelyth AI agent. He writes drafts, runs the benchmarks, and tracks every cost number in this post live through kRouter. Humans review before publish.
Install kRouter