fix: skip cached-blocked fallback retries

Author: ndycode

index.ts

@@ -2131,6 +2131,19 @@ while (attempted.size < Math.max(1, accountCount)) {
 											refreshToken: fallbackAccount.refreshToken,
 											index: fallbackAccount.index,
 										});
+										const fallbackEntitlementBlock = entitlementCache.isBlocked(
+											fallbackEntitlementAccountKey,
+											model ?? modelFamily,
+										);
+										if (fallbackEntitlementBlock.blocked) {
+											runtimeMetrics.accountRotations++;
+											runtimeMetrics.lastError =
+												`Entitlement cached block for account ${fallbackAccount.index + 1}`;
+											logWarn(
+												`Skipping account ${fallbackAccount.index + 1} due to cached entitlement block (${formatWaitTime(fallbackEntitlementBlock.waitMs)} remaining).`,
+											);
+											continue;
+										}
 
 										if (!accountManager.consumeToken(fallbackAccount, modelFamily, model)) {
 											continue;

test/index-retry.test.ts

@@ -121,16 +121,18 @@ vi.mock("../lib/accounts.js", async () => {
 			source,
 			storedEmail,
 			accessToken,
+			idToken,
 		}: {
 			storedAccountId?: string;
 			source?: string;
 			storedEmail?: string;
 			accessToken?: string;
+			idToken?: string;
 		}) => {
 			const tokenUtilsModule = tokenUtils as typeof import("../lib/auth/token-utils.js");
 			const tokenAccountId = accessToken ? "account-1" : undefined;
 			const tokenEmail = tokenUtilsModule.sanitizeEmail(
-				tokenUtilsModule.extractAccountEmail(accessToken, undefined),
+				tokenUtilsModule.extractAccountEmail(accessToken, idToken),
 			);
 			const sanitizedStoredEmail = tokenUtilsModule.sanitizeEmail(storedEmail);
 			return {

test/index.test.ts

@@ -1240,19 +1240,22 @@ describe("OpenAIOAuthPlugin fetch handler", () => {
 	});
 
 	it("uses the refreshed token email when checking entitlement blocks", async () => {
-		mockStorage.accounts = [
+		const { AccountManager } = await import("../lib/accounts.js");
+		const manager = buildRoutingManager([
 			{
+				index: 0,
 				accountId: "acc-1",
 				email: "stale@example.com",
 				refreshToken: "refresh-1",
 			},
-		];
+		]);
+		vi.spyOn(AccountManager, "loadFromDisk").mockResolvedValueOnce(manager as never);
 		extractAccountEmailMock.mockReturnValueOnce("fresh@example.com");
 		const entitlementModule = await import("../lib/entitlement-cache.js");
 		const isBlockedSpy = vi
 			.spyOn(entitlementModule.EntitlementCache.prototype, "isBlocked")
 			.mockImplementation(() => {
-				expect(mockStorage.accounts[0]?.email).toBe("stale@example.com");
+				expect(manager.getAccountsSnapshot()[0]?.email).toBe("stale@example.com");
 				return { blocked: false, waitMs: 0 };
 			});
 		globalThis.fetch = vi.fn().mockResolvedValue(
@@ -1270,6 +1273,7 @@ describe("OpenAIOAuthPlugin fetch handler", () => {
 			"account:acc-1::email:fresh@example.com",
 			"gpt-5.1",
 		);
+		expect(manager.getAccountsSnapshot()[0]?.email).toBe("fresh@example.com");
 	});
 
 	it.each([