feat: Antigravity OAuth fallback#128
Conversation
…avity - Updated authentication to support API key retrieval from SQLite as a fallback. - Improved the requirements for running the Antigravity IDE, allowing for signed-in credentials in SQLite. - Added detailed documentation on local SQLite database structure and token management. - Implemented a new strategy for fetching available models from the Cloud Code API when the language server is not running. - Enhanced tests to cover new authentication flows and ensure proper handling of API keys.
- Updated the model fetching logic to filter out non-user-facing models based on the `isInternal` flag, empty `displayName`, and a blacklist of deprecated model IDs. - Improved documentation to clarify the differences between Cloud Code and LS model sets. - Added tests to ensure that models with the `isInternal` flag, empty display names, and blacklisted IDs are correctly excluded from the results.
- LS does not expose this model, so we are going to filter this too
There was a problem hiding this comment.
1 issue found across 3 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="plugins/antigravity/plugin.js">
<violation number="1" location="plugins/antigravity/plugin.js:11">
P1: Hard-coded OAuth client secret is embedded in client-side plugin code, exposing sensitive credentials in the distributed JS.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
robinebers
left a comment
There was a problem hiding this comment.
Nice work — this is solid. Auth flow, Cloud Code fallback, protobuf decoder, filtering, test coverage, docs all look great. Clean and safe to merge.
One small optimization you could make: loadProtoTokens already extracts expirySeconds but probe() never checks it. So if the proto token is expired, it still gets sent to Cloud Code, gets a 401, and then falls back. You could skip it upfront:
if (proto && proto.accessToken) {
if (!proto.expirySeconds || proto.expirySeconds > Math.floor(Date.now() / 1000)) {
tokens.push(proto.accessToken)
}
}Saves one unnecessary HTTP round-trip when the token is known-expired. Not blocking — just a free perf win.
|
@robinebers thanks for the valuable feedback. Yes I missed that opportunity of that optimization. Fixing it! |
- Updated the authentication logic to skip expired proto tokens based on their expiry time, ensuring that only valid tokens are used. - Added a test case to verify that the system falls back to the next available token when the proto token is expired.
|
All done! |
|
Thank you! |
Description
This pull request significantly enhances the Antigravity plugin by adding robust support for authentication and quota discovery through both the local language server and Google's Cloud Code API. It introduces logic for reading and refreshing Google OAuth tokens from a local SQLite database, implements fallback strategies for model discovery, and improves error handling and deduplication of model quota data. The documentation is also updated to reflect these changes and provide detailed insight into the new authentication flow.
Authentication and Token Management:
state.vscdb). Includes a minimal protobuf wire-format parser to extract tokens. [1] [2]Cloud Code API Fallback and Model Discovery:
Language Server Improvements:
Documentation Updates:
Refactoring and Code Quality:
These changes make the plugin more robust in a variety of user environments and ensure continued operation even if the local language server is unavailable or authentication tokens expire.
Note: I intentionally didn't modify the local database, unlike the implementation in Cursor. I used a file to hold the keys instead.
Type of Change
Testing
bun run buildand it succeededbun run testand all tests passbun tauri devScreenshots
Checklist
mainbranchSummary by cubic
Adds an OAuth-backed fallback so Antigravity keeps showing model quotas when the language server isn’t running. Tokens are read from SQLite, refreshed and cached, with strict model filtering and expired proto tokens skipped.
New Features
Bug Fixes
Written for commit b6008fc. Summary will update on new commits.