Add Antigravity OAuth support with manual token and local import#255
Add Antigravity OAuth support with manual token and local import#255validatedev wants to merge 28 commits intosteipete:mainfrom
Conversation
Add OAuth-based authentication for Antigravity provider with multiple credential sources: - OAuth flow with token refresh capability - Manual token input in settings - Local credential import from SQLite database - Cloud Code API client for quota fetching - Settings snapshot support for Antigravity provider
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
|
For GitGuardian fail, I cannot do anything as these are the keys which are used by Antigravity itself. |
… UI updates - Added support for two-field token entry in the Antigravity settings. - Updated the UI for selecting log providers to include Antigravity. - Enhanced the settings snapshot to include new token management features. - Implemented credential refresh handling and improved error messaging for Antigravity OAuth. - Refactored related components for better maintainability and clarity.
|
@steipete when you have time you can review the PR, it’s functionally complete. There are some existing linting errors in CI across the whole repo, so I preferred not to touch those in this PR. |
validatedev
force-pushed
the
feat/antigravity-oauth-extras
branch
from
68c145f to
4f76db3
Compare
|
Saw some edge case bug, fixing it. Until then it is draft |
… and enhance logging
…y conditionally handling Keychain access
…resAt support and updating related methods
…erver description
…tion and documentation for clarity
Add antigravity_state.pb.swift to exclusion lists in .swiftformat and .swiftlint.yml, and apply SwiftFormat baseline formatting changes across the codebase.
ratulsarna
left a comment
ratulsarna
left a comment
There was a problem hiding this comment.
Sharing focused follow-ups from deep review.
Sources/CodexBarCore/Providers/Antigravity/AntigravityOAuth/AntigravityOAuthFlow.swift
Outdated
Show resolved
Hide resolved
| credentials: AntigravityOAuthCredentials, | ||
| sourceLabel: String) async throws -> ProviderFetchResult | ||
| { | ||
| let quota = try await AntigravityCloudCodeClient.fetchQuota(accessToken: credentials.accessToken) |
There was a problem hiding this comment.
Should we add a fallback when fetchAvailableModels doesn’t return usable quota data? Upstream Code Assist flows usually bootstrap project info and can fall back to retrieveUserQuota, which would make this path more resilient.
|
@ratulsarna thanks for your valuable feedback! I'll work on them as soon as I'm available. |
Merged upstream/main which added the Warp provider. Resolved conflict in TokenAccountCLI.swift by keeping the dedicated .antigravity case handler from this branch while adding .warp to the nil-returning fallthrough case.
… enabled Manual entry was hidden whenever Keychain was enabled, leaving most users with only OAuth and Import as options. The storage backend already supports manual entry with Keychain enabled (same path exercised by Import flow), so this was a purely unnecessary UI restriction.
…esh path The onAntigravityCredentialsRefreshed callback was only provided in the token-account fetch path (UsageStore+TokenAccounts), but not in the normal provider refresh path (ProviderRegistry.specs). In keychain-disabled mode this caused refreshed OAuth tokens to be silently discarded every cycle, forcing unnecessary token refreshes on each poll. Thread the same saveRefreshedAntigravityCredentials callback through ProviderRegistry.specs() into the ProviderFetchContext so both app refresh paths persist refreshed credentials consistently.
…port When macOS denies Full Disk Access, sqlite3_open_v2 fails with SQLITE_CANTOPEN which was wrapped as .decodeFailed and silently swallowed by try? — causing a misleading "No Credentials Found" message instead of the FDA prompt. Add a .permissionDenied case to AntigravityOAuthCredentialsError, detect EPERM/EACCES via sqlite3_system_errno in readStateValue, propagate through the try? call sites, and route to presentFullDiskAccessAlert in the UI catch chain.
Replace manual percent-encoding with URLComponents.percentEncodedQuery, which delegates all encoding to Foundation. The previous approach using .urlQueryAllowed left reserved characters like +, &, =, #, / unescaped in application/x-www-form-urlencoded payloads.
2 participants
Summary
This pull request adds support for managing Antigravity provider accounts, including OAuth and manual token entry, in the Providers preferences pane. It introduces new UI options for adding, importing, and managing Antigravity credentials, updates the provider descriptor logic, and refines the token account entry experience for providers that require multiple fields. Additionally, it includes dependency and CI updates to support these features.
Antigravity Provider Account Management:
UI/UX Improvements:
Dependency and Build Updates:
swift-protobufas a package dependency and linked it to the main target. [1] [2]Security and Configuration:
.gitguardian.ymlconfiguration to ignore known public Antigravity OAuth credentials, preventing false positives in secret scanning.Screenshot