[BUG] Using GCP Gemini API with Roo-Code may lead to immediate account suspension

[YoongiKim]

Problem (one or two sentences)

Using the GCP Gemini API with Roo-Code for extended periods can trigger Google’s "malicious activity" detection, resulting in an immediate and unannounced account suspension. It appears Google’s automated systems flag the high-frequency API calls from 3rd-party IDEs as a policy violation.

Context (who is affected and when)

This affects developers using Google Cloud Platform (GCP) API keys (including Free Trial credits) within Roo-Code. My account was suspended after a full day of development, citing a violation of Google's Additional Terms of Service regarding "unauthorized 3rd party products." Users should be extremely cautious as this can lead to a total loss of access to their GCP projects and data.

Reproduction steps

Using RooCode with Gemini API Key will block the whole GCP account without notice.

Expected result

.

Actual result

.

Variations tried (optional)

No response

App Version

.

API Provider (optional)

Google Gemini

Model Used (optional)

No response

Roo Code Task Links (optional)

No response

Relevant logs or errors (optional)

[roomote-v0]

I've analyzed this issue and here's my assessment:

Root Cause Analysis:
This appears to be a Google Cloud Platform policy enforcement issue rather than a bug in Roo-Code itself. Google's automated systems are flagging high-frequency API calls made via GCP API keys from third-party IDE extensions as a violation of their Additional Terms of Service regarding "unauthorized 3rd party products."

Current State in Roo-Code:

• Roo-Code already has a configurable rateLimitSeconds setting (defaults to 0) that adds a delay between API requests
• The Gemini handler (src/api/providers/gemini.ts) does not add any provider-specific rate limiting or request identification headers beyond the standard Google GenAI SDK behavior

Proposed Implementation Plan:

Since this is primarily a Google policy enforcement concern, the most practical mitigation from Roo-Code's side would be:

1. Add a documentation warning in the Gemini provider settings UI -- Display a notice in the settings view when users configure the Gemini (GCP API key) provider, warning that extended use may trigger Google's automated abuse detection and recommending users consider using the rateLimitSeconds setting or Google AI Studio API keys instead of direct GCP API keys
2. Consider a default rate limit for the Gemini provider -- Optionally set a sensible default rateLimitSeconds value (e.g., 2-5 seconds) specifically for the Gemini provider to reduce the chance of triggering Google's detection systems

However, I want to flag that this may not be fully solvable on Roo-Code's side -- Google's Terms of Service enforcement is ultimately their decision, and rate limiting alone may not prevent account suspension if Google considers any third-party IDE API usage a violation regardless of frequency.

Questions for clarification:

• Would a warning/documentation approach be sufficient, or do you want a more aggressive default rate limit specifically for the Gemini provider?
• Should this be scoped only to direct GCP Gemini API keys, or also Vertex AI configurations?
• Is there any additional context on whether Google AI Studio keys (as opposed to GCP project API keys) are also affected?

Please mention @roomote in a comment saying that you approve this plan (or with adjustments), and I'll proceed with the implementation.

[YoongiKim]

I mean Google AI Studio API Key, and it is not related to rate limit but the usage itself.
Whoever use RooCode with Gemini API Key should isolate from your own main account.