Add Antigravity OAuth support with manual token and local import#255
Add Antigravity OAuth support with manual token and local import#255validatedev wants to merge 23 commits intosteipete:mainfrom
Conversation
Add OAuth-based authentication for Antigravity provider with multiple credential sources: - OAuth flow with token refresh capability - Manual token input in settings - Local credential import from SQLite database - Cloud Code API client for quota fetching - Settings snapshot support for Antigravity provider
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
|
For GitGuardian fail, I cannot do anything as these are the keys which are used by Antigravity itself. |
… UI updates - Added support for two-field token entry in the Antigravity settings. - Updated the UI for selecting log providers to include Antigravity. - Enhanced the settings snapshot to include new token management features. - Implemented credential refresh handling and improved error messaging for Antigravity OAuth. - Refactored related components for better maintainability and clarity.
|
@steipete when you have time you can review the PR, it’s functionally complete. There are some existing linting errors in CI across the whole repo, so I preferred not to touch those in this PR. |
validatedev
force-pushed
the
feat/antigravity-oauth-extras
branch
from
68c145f to
4f76db3
Compare
|
Saw some edge case bug, fixing it. Until then it is draft |
… and enhance logging
…y conditionally handling Keychain access
…resAt support and updating related methods
…erver description
…tion and documentation for clarity
Add antigravity_state.pb.swift to exclusion lists in .swiftformat and .swiftlint.yml, and apply SwiftFormat baseline formatting changes across the codebase.
ratulsarna
left a comment
ratulsarna
left a comment
There was a problem hiding this comment.
Sharing focused follow-ups from deep review.
| let supportsTwoFieldEntry = isAntigravity | ||
| let supportsManualEntry = !isAntigravity || !keychainEnabled | ||
| let addActionTitle = isAntigravity ? "Sign in with Google" : nil | ||
| let addAction: (() async -> Void)? = isAntigravity |
There was a problem hiding this comment.
Looks like manual token entry gets hidden whenever Keychain is enabled (supportsManualEntry = !isAntigravity || !keychainEnabled). That means most users won’t see the manual paste flow even though storage logic supports it. Can we keep manual entry visible and only switch storage backend internally?
| public let fetcher: UsageFetcher | ||
| public let claudeFetcher: any ClaudeUsageFetching | ||
| public let browserDetection: BrowserDetection | ||
| public let onAntigravityCredentialsRefreshed: (@Sendable (String, AntigravityOAuthCredentials) -> Void)? |
There was a problem hiding this comment.
Nice addition of this callback hook. One thing to double-check: it looks wired in token-account fetches, but not on the normal provider refresh path. In keychain-disabled mode that can leave refreshed Antigravity tokens/expiry unpersisted during regular refreshes. Could we make sure all app fetch contexts pass this consistently?
| message: """ | ||
| Antigravity database found, but no credentials were found inside. | ||
|
|
||
| Please ensure: |
There was a problem hiding this comment.
I think Full Disk Access failures may get swallowed by this typed catch before we reach the POSIX error branch below. Could we add a dedicated permission-denied case and route it directly to presentFullDiskAccessAlert()?
| ] | ||
|
|
||
| let body = params | ||
| .map { "\($0.key)=\($0.value.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed) ?? $0.value)" } |
There was a problem hiding this comment.
We’re building an application/x-www-form-urlencoded body using .urlQueryAllowed. That can be unsafe for form payloads (+, &, = edge cases). Can we switch to a strict form encoder here (and in the token refresher path too)?
| credentials: AntigravityOAuthCredentials, | ||
| sourceLabel: String) async throws -> ProviderFetchResult | ||
| { | ||
| let quota = try await AntigravityCloudCodeClient.fetchQuota(accessToken: credentials.accessToken) |
There was a problem hiding this comment.
Should we add a fallback when fetchAvailableModels doesn’t return usable quota data? Upstream Code Assist flows usually bootstrap project info and can fall back to retrieveUserQuota, which would make this path more resilient.
|
@ratulsarna thanks for your valuable feedback! I'll work on them as soon as I'm available. |
2 participants
Summary
This pull request adds support for managing Antigravity provider accounts, including OAuth and manual token entry, in the Providers preferences pane. It introduces new UI options for adding, importing, and managing Antigravity credentials, updates the provider descriptor logic, and refines the token account entry experience for providers that require multiple fields. Additionally, it includes dependency and CI updates to support these features.
Antigravity Provider Account Management:
UI/UX Improvements:
Dependency and Build Updates:
swift-protobufas a package dependency and linked it to the main target. [1] [2]Security and Configuration:
.gitguardian.ymlconfiguration to ignore known public Antigravity OAuth credentials, preventing false positives in secret scanning.Screenshot