Add Antigravity CLI fallback to Antigravity provider

[rohithgoud30]

Summary

• add Antigravity CLI (agy) as a fallback inside the existing antigravity provider instead of introducing a separate provider
• keep the probe order aligned with the review feedback from Add Antigravity CLI provider #477: local language server first, app SQLite/OAuth Cloud Code fallback second, CLI keychain/Cloud Code fallback last
• try Antigravity IDE SQLite credentials before legacy Antigravity credentials, and try all app SQLite token candidates so stale credentials in one DB do not hide valid credentials in another
• support account-scoped keychain reads with host.keychain.readGenericPassword(service, account?)
• document the IDE/App/CLI data sources and why Antigravity should not show guessed Claude/Codex-style token/cost history

Closes #475.

Why

#477 added an antigravity-cli provider, but the review feedback was to consolidate this into one Antigravity provider because the IDE, app, and CLI share the same quota pools. Gemini stays unchanged for now.

This keeps the UI simple: one Antigravity entry, same existing quota rows, more fallback paths when the standalone app or CLI is the only authenticated source.

Notes

I kept plugins/antigravity/plugin.json unchanged, so this does not add new links, rows, or visual layout changes. The provider still shows quota only; local Antigravity transcripts/logs do not expose reliable token/cost accounting.

Manual verification with only the standalone /Applications/Antigravity.app installed returned:

Plan: Google AI Pro
Gemini Pro: 0% used
Gemini Flash: 0% used
Claude: 0% used

Validation

• git diff --check
• bun run build
• CI=1 bun run test (1118 tests passed)
• cargo test --manifest-path src-tauri/Cargo.toml keychain
• cargo test --manifest-path src-tauri/Cargo.toml redact_log_message_redacts_account_and_paths

Summary by CodeRabbit

• Documentation

  • Updated Keychain API docs to show optional account parameter for password lookups
  • Revised Antigravity provider docs with clearer auth requirements, discovery, and CLI fallback details

• New Features

  • Antigravity now supports CLI authentication fallback when other credential methods are unavailable
  • Keychain lookups can be scoped by account

• User Experience

  • Improved authentication failure messaging to guide next steps (Antigravity or CLI)

[cubic-dev-ai]

1 issue found across 5 files

<sub>Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic</sub>

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: aa6efe98-ad53-43bc-9db7-06b300fcddb6

📥 Commits

Reviewing files that changed from the base of the PR and between 2e6e123 and 91aa6c8.

📒 Files selected for processing (5)

• docs/plugins/api.md
• docs/providers/antigravity.md
• plugins/antigravity/plugin.js
• plugins/antigravity/plugin.test.js
• src-tauri/src/plugin_engine/host_api.rs

✅ Files skipped from review due to trivial changes (1)

• docs/plugins/api.md

🚧 Files skipped from review as they are similar to previous changes (3)

• docs/providers/antigravity.md
• plugins/antigravity/plugin.js
• plugins/antigravity/plugin.test.js

---

📝 Walkthrough

Walkthrough

The PR adds multi-DB OAuth discovery and an Antigravity CLI keychain fallback to the Antigravity plugin, centralizes Cloud Code requests, updates model parsing, adds refresh/retry orchestration, exposes an optional account parameter on host.keychain.readGenericPassword, and expands tests and provider docs for the new flows.

Changes

Antigravity CLI Token Fallback Support

Layer / File(s)	Summary
Keychain API - Optional Account Parameter docs/plugins/api.md, src-tauri/src/plugin_engine/host_api.rs	Extends host.keychain.readGenericPassword to accept an optional account parameter for account-scoped macOS Keychain lookups, trimming and redacting the account and emitting hit/miss logs.
Antigravity Provider Documentation - CLI Support Specification docs/providers/antigravity.md	Documents three OAuth token sources (LS, multi-path SQLite databases, CLI keychain), revised discovery command for CSRF extraction, new CLI fallback section detailing keychain token formats and Cloud Code quota endpoints, and updated three-tier plugin strategy.
Plugin Constants and Multi-DB OAuth Loader plugins/antigravity/plugin.js	Adds STATE_DBS and CLI keychain constants, central LOGIN_MESSAGE, and replaces single-DB loader with loadOAuthTokensFromDb and loadOAuthTokenCandidates to aggregate tokens across IDE and legacy app SQLite paths.
CLI Keychain Token Discovery plugins/antigravity/plugin.js	Implements CLI token extraction from OS keychain with support for go-keyring-base64: encoding, recursive JSON/token-object extraction, and loadCliKeychainToken(ctx) with error handling.
Cloud Code API Abstraction and Model Parsing plugins/antigravity/plugin.js	Centralizes Cloud Code requests into requestCloudCodeJson helper with Bearer auth and configurable User-Agent; delegates probeCloudCode and defensively derives model display names from displayName or label.
CLI Cloud Code Quota Handling plugins/antigravity/plugin.js	Adds readCliPlan, parseCliQuotaBuckets, and probeCliCloudCode to call CLI-specific Cloud Code endpoints and convert quota fractions into the same quota-line format used elsewhere.
Main Probe Flow - Token Collection, Refresh, and Fallback plugins/antigravity/plugin.js	Refactors probe orchestration to prefer LS discovery, build/dedupe access-token candidates from DBs and cache, refresh unique refresh tokens on auth failure, and probe using CLI keychain token before throwing standardized LOGIN_MESSAGE.
Test Coverage - CLI Keychain and SQLite Fallback Scenarios plugins/antigravity/plugin.test.js	Adds CLI fixture helpers for load/quota responses; introduces CLI keychain fallback tests including go-keyring base64 decoding; adds SQLite path prioritization and token/refresh retry tests; verifies keychain read suppression when app credentials succeed; updates many error expectations to the new login message.

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant Probe as probe()
  participant LS as LS probe
  participant DBs as DB candidates
  participant Refresh as OAuth refresh
  participant CloudCode as Cloud Code API
  participant CliKeychain as CLI Keychain
  
  Caller->>Probe: probe()
  Probe->>LS: discover language server
  alt LS succeeds
    LS-->>Probe: quota result
  else LS fails or no port
    Probe->>DBs: collect access tokens
    Probe->>CloudCode: probe with DB token
    alt Cloud Code succeeds
      CloudCode-->>Probe: quota result
    else auth failure
      Probe->>DBs: collect refresh tokens
      Probe->>Refresh: refresh tokens
      Refresh-->>Probe: new access tokens
      Probe->>CloudCode: retry with refreshed token
      alt Cloud Code succeeds
        CloudCode-->>Probe: quota result
      else still fails
        Probe->>CliKeychain: read CLI token
        Probe->>CloudCode: probe with CLI token
        alt Cloud Code succeeds
          CloudCode-->>Probe: quota result
        else CLI fallback fails
          Probe->>Caller: throw LOGIN_MESSAGE
        end
      end
    end
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 28.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main objective of the pull request: adding Antigravity CLI as a fallback mechanism within the existing Antigravity provider.
Linked Issues check	✅ Passed	The PR successfully implements all core objectives from #475: CLI auth from macOS keychain, Cloud Code quota endpoints, unified token handling across IDE/app/CLI sources, and proper probe ordering with appropriate fallbacks.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with PR objectives. Host keychain API extension to support account-scoped reads is a necessary enabler for CLI keychain integration. Documentation and test updates support the implemented functionality.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/providers/antigravity.md`:
- Around line 24-25: The ps pipeline using "ps -ax -o pid=,command=" followed by
"grep 'language_server.*antigravity'" can false-match the grep process and miss
case variants; update the pipeline to perform a case-insensitive search for the
language_server + antigravity pattern and avoid matching the grep command itself
(for example, use a pattern that prevents self-match or switch to pgrep with
-i/-f options) so process discovery is robust and case-insensitive while still
locating the language_server antigravity process.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: d57bd421-ec43-49e2-940f-b744139524a2

📥 Commits

Reviewing files that changed from the base of the PR and between 810b122 and 2e6e123.

📒 Files selected for processing (5)

• docs/plugins/api.md
• docs/providers/antigravity.md
• plugins/antigravity/plugin.js
• plugins/antigravity/plugin.test.js
• src-tauri/src/plugin_engine/host_api.rs