antigravity-auth 1.6.0 → 1.7.1

package/dist/plugin/search.js

@@ -1,185 +0,0 @@
-/**
- * Google Search Tool Implementation
- *
- * Due to Gemini API limitations, native search tools (googleSearch, urlContext)
- * cannot be combined with function declarations. This module implements a
- * wrapper that makes separate API calls with only the grounding tools enabled.
- */
-import { ANTIGRAVITY_ENDPOINT, getAntigravityHeaders, SEARCH_MODEL, SEARCH_TIMEOUT_MS, SEARCH_SYSTEM_INSTRUCTION, } from "../constants";
-import { createLogger } from "./logger";
-const log = createLogger("search");
-// ============================================================================
-// ============================================================================
-let sessionCounter = 0;
-const sessionPrefix = `search-${Date.now().toString(36)}`;
-function generateRequestId() {
-    return `search-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
-}
-function getSessionId() {
-    sessionCounter++;
-    return `${sessionPrefix}-${sessionCounter}`;
-}
-function formatSearchResult(result) {
-    const lines = [];
-    lines.push("## Search Results\n");
-    lines.push(result.text);
-    lines.push("");
-    if (result.sources.length > 0) {
-        lines.push("### Sources");
-        for (const source of result.sources) {
-            lines.push(`- [${source.title}](${source.url})`);
-        }
-        lines.push("");
-    }
-    if (result.urlsRetrieved.length > 0) {
-        lines.push("### URLs Retrieved");
-        for (const url of result.urlsRetrieved) {
-            const status = url.status === "URL_RETRIEVAL_STATUS_SUCCESS" ? "✓" : "✗";
-            lines.push(`- ${status} ${url.url}`);
-        }
-        lines.push("");
-    }
-    if (result.searchQueries.length > 0) {
-        lines.push("### Search Queries Used");
-        for (const q of result.searchQueries) {
-            lines.push(`- "${q}"`);
-        }
-    }
-    return lines.join("\n");
-}
-function parseSearchResponse(data) {
-    const result = {
-        text: "",
-        sources: [],
-        searchQueries: [],
-        urlsRetrieved: [],
-    };
-    const response = data.response;
-    if (!response || !response.candidates || response.candidates.length === 0) {
-        if (data.error) {
-            result.text = `Error: ${data.error.message ?? "Unknown error"}`;
-        }
-        else if (response?.error) {
-            result.text = `Error: ${response.error.message ?? "Unknown error"}`;
-        }
-        return result;
-    }
-    const candidate = response.candidates[0];
-    if (!candidate) {
-        return result;
-    }
-    if (candidate.content?.parts) {
-        result.text = candidate.content.parts
-            .map((p) => p.text ?? "")
-            .filter(Boolean)
-            .join("\n");
-    }
-    if (candidate.groundingMetadata) {
-        const groundingMeta = candidate.groundingMetadata;
-        if (groundingMeta.webSearchQueries) {
-            result.searchQueries = groundingMeta.webSearchQueries;
-        }
-        if (groundingMeta.groundingChunks) {
-            for (const chunk of groundingMeta.groundingChunks) {
-                if (chunk.web?.uri && chunk.web?.title) {
-                    result.sources.push({
-                        title: chunk.web.title,
-                        url: chunk.web.uri,
-                    });
-                }
-            }
-        }
-    }
-    if (candidate.urlContextMetadata?.url_metadata) {
-        for (const meta of candidate.urlContextMetadata.url_metadata) {
-            if (meta.retrieved_url) {
-                result.urlsRetrieved.push({
-                    url: meta.retrieved_url,
-                    status: meta.url_retrieval_status ?? "UNKNOWN",
-                });
-            }
-        }
-    }
-    return result;
-}
-// ============================================================================
-// ============================================================================
-/**
- * Execute a Google Search using the Gemini grounding API.
- *
- * This makes a SEPARATE API call with only googleSearch/urlContext tools,
- * which is required because these tools cannot be combined with function declarations.
- */
-export async function executeSearch(args, accessToken, projectId, abortSignal) {
-    const { query, urls, thinking = true } = args;
-    let prompt = query;
-    if (urls && urls.length > 0) {
-        const urlList = urls.join("\n");
-        prompt = `${query}\n\nURLs to analyze:\n${urlList}`;
-    }
-    const tools = [];
-    tools.push({ googleSearch: {} });
-    if (urls && urls.length > 0) {
-        tools.push({ urlContext: {} });
-    }
-    const requestPayload = {
-        systemInstruction: {
-            parts: [{ text: SEARCH_SYSTEM_INSTRUCTION }],
-        },
-        contents: [
-            {
-                role: "user",
-                parts: [{ text: prompt }],
-            },
-        ],
-        tools,
-        generationConfig: {
-            temperature: 0,
-            topP: 1,
-        },
-    };
-    const wrappedBody = {
-        project: projectId,
-        model: SEARCH_MODEL,
-        userAgent: "antigravity",
-        requestId: generateRequestId(),
-        request: {
-            ...requestPayload,
-            sessionId: getSessionId(),
-        },
-    };
-    const url = `${ANTIGRAVITY_ENDPOINT}/v1internal:generateContent`;
-    log.debug("Executing search", {
-        query,
-        urlCount: urls?.length ?? 0,
-        thinking,
-    });
-    try {
-        const response = await fetch(url, {
-            method: "POST",
-            headers: {
-                ...getAntigravityHeaders(),
-                Authorization: `Bearer ${accessToken}`,
-                "Content-Type": "application/json",
-            },
-            body: JSON.stringify(wrappedBody),
-            signal: abortSignal ?? AbortSignal.timeout(SEARCH_TIMEOUT_MS),
-        });
-        if (!response.ok) {
-            const errorText = await response.text();
-            log.debug("Search API error", { status: response.status, error: errorText });
-            return `## Search Error\n\nFailed to execute search: ${response.status} ${response.statusText}\n\n${errorText}\n\nPlease try again with a different query.`;
-        }
-        const data = (await response.json());
-        log.debug("Search response received", { hasResponse: !!data.response });
-        const result = parseSearchResponse(data);
-        const formatted = formatSearchResult(result);
-        log.debug("Search response formatted", { resultLength: formatted.length });
-        return formatted;
-    }
-    catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        log.debug("Search execution error", { error: message });
-        return `## Search Error\n\nFailed to execute search: ${message}. Please try again with a different query.`;
-    }
-}

package/dist/plugin/server.d.ts

@@ -1,22 +0,0 @@
-interface OAuthListenerOptions {
-    /**
-     * How long to wait for the OAuth redirect before timing out (in milliseconds).
-     */
-    timeoutMs?: number;
-}
-export interface OAuthListener {
-    /**
-     * Resolves with the callback URL once Google redirects back to the local server.
-     */
-    waitForCallback(): Promise<URL>;
-    /**
-     * Cleanly stop listening for callbacks.
-     */
-    close(): Promise<void>;
-}
-/**
- * Starts a lightweight HTTP server that listens for the Antigravity OAuth redirect
- * and resolves with the captured callback URL.
- */
-export declare function startOAuthListener({ timeoutMs }?: OAuthListenerOptions): Promise<OAuthListener>;
-export {};

package/dist/plugin/server.js

@@ -1,306 +0,0 @@
-import { createServer } from "node:http";
-import { readFileSync, existsSync } from "node:fs";
-import { ANTIGRAVITY_REDIRECT_URI } from "../constants";
-const redirectUri = new URL(ANTIGRAVITY_REDIRECT_URI);
-const callbackPath = redirectUri.pathname || "/";
-/**
- * Detect if running in OrbStack Docker with --network host mode.
- * OrbStack's host networking only forwards ports bound to 127.0.0.1 to macOS.
- */
-function isOrbStackDockerHost() {
-    if (!existsSync("/.dockerenv")) {
-        return false;
-    }
-    try {
-        if (existsSync("/proc/version")) {
-            const version = readFileSync("/proc/version", "utf8").toLowerCase();
-            if (version.includes("orbstack")) {
-                return true;
-            }
-        }
-        const hostname = process.env.HOSTNAME || "";
-        if (hostname.startsWith("orbstack-") || hostname.endsWith(".orb") || hostname === "orbstack") {
-            return true;
-        }
-        if (existsSync("/etc/resolv.conf")) {
-            const resolv = readFileSync("/etc/resolv.conf", "utf8");
-            if (resolv.includes("orb.local") || resolv.includes("orbstack")) {
-                return true;
-            }
-        }
-        if (process.platform === "linux" && existsSync("/.dockerenv")) {
-            if (existsSync("/run/host-services")) {
-                return true;
-            }
-        }
-    }
-    catch {
-    }
-    return false;
-}
-/**
- * Detect WSL (Windows Subsystem for Linux) environment.
- */
-function isWSL() {
-    if (process.platform !== "linux")
-        return false;
-    try {
-        const release = readFileSync("/proc/version", "utf8").toLowerCase();
-        return release.includes("microsoft") || release.includes("wsl");
-    }
-    catch {
-        return false;
-    }
-}
-/**
- * Detect remote/SSH environment where localhost may not be accessible from browser.
- */
-function isRemoteEnvironment() {
-    if (process.env.SSH_CLIENT || process.env.SSH_TTY || process.env.SSH_CONNECTION) {
-        return true;
-    }
-    if (process.env.REMOTE_CONTAINERS || process.env.CODESPACES) {
-        return true;
-    }
-    return false;
-}
-/**
- * Determine the best bind address for the OAuth callback server.
- *
- * Priority:
- * 1. OPENCODE_ANTIGRAVITY_OAUTH_BIND environment variable (user override)
- * 2. OrbStack Docker with --network host: 127.0.0.1 (required for port forwarding)
- * 3. WSL/SSH/Remote: 0.0.0.0 (needed for cross-network access)
- * 4. Default: 127.0.0.1 (most secure for local development)
- */
-function getBindAddress() {
-    const envBind = process.env.OPENCODE_ANTIGRAVITY_OAUTH_BIND;
-    if (envBind) {
-        return envBind;
-    }
-    if (isOrbStackDockerHost()) {
-        return "127.0.0.1";
-    }
-    if (isWSL() || isRemoteEnvironment()) {
-        return "0.0.0.0";
-    }
-    return "127.0.0.1";
-}
-/**
- * Starts a lightweight HTTP server that listens for the Antigravity OAuth redirect
- * and resolves with the captured callback URL.
- */
-export async function startOAuthListener({ timeoutMs = 5 * 60 * 1000 } = {}) {
-    const port = redirectUri.port
-        ? Number.parseInt(redirectUri.port, 10)
-        : redirectUri.protocol === "https:"
-            ? 443
-            : 80;
-    const origin = `${redirectUri.protocol}//${redirectUri.host}`;
-    let settled = false;
-    let resolveCallback;
-    let rejectCallback;
-    let timeoutHandle;
-    const callbackPromise = new Promise((resolve, reject) => {
-        resolveCallback = (url) => {
-            if (settled)
-                return;
-            settled = true;
-            if (timeoutHandle)
-                clearTimeout(timeoutHandle);
-            resolve(url);
-        };
-        rejectCallback = (error) => {
-            if (settled)
-                return;
-            settled = true;
-            if (timeoutHandle)
-                clearTimeout(timeoutHandle);
-            reject(error);
-        };
-    });
-    const successResponse = `<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>Authentication Successful</title>
-    <style>
-      :root {
-        --bg: #FAFAFA;
-        --card-bg: #FFFFFF;
-        --text-primary: #1F2937;
-        --text-secondary: #6B7280;
-        --accent: #2563EB;
-        --success: #10B981;
-        --border: #E5E7EB;
-      }
-      @media (prefers-color-scheme: dark) {
-        :root {
-          --bg: #111827;
-          --card-bg: #1F2937;
-          --text-primary: #F9FAFB;
-          --text-secondary: #9CA3AF;
-          --accent: #3B82F6;
-          --success: #34D399;
-          --border: #374151;
-        }
-      }
-      body {
-        margin: 0;
-        min-height: 100vh;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
-        background: var(--bg);
-        color: var(--text-primary);
-        padding: 1rem;
-      }
-      .card {
-        background: var(--card-bg);
-        border-radius: 16px;
-        padding: 3rem 2rem;
-        width: 100%;
-        max-width: 400px;
-        text-align: center;
-        box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1), 0 2px 4px -1px rgba(0, 0, 0, 0.06);
-        border: 1px solid var(--border);
-      }
-      .icon-wrapper {
-        width: 64px;
-        height: 64px;
-        background: rgba(16, 185, 129, 0.1);
-        border-radius: 50%;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        margin: 0 auto 1.5rem;
-      }
-      .icon {
-        width: 32px;
-        height: 32px;
-        color: var(--success);
-      }
-      h1 {
-        font-size: 1.5rem;
-        font-weight: 600;
-        margin: 0 0 0.5rem;
-        letter-spacing: -0.025em;
-      }
-      p {
-        color: var(--text-secondary);
-        font-size: 0.95rem;
-        line-height: 1.5;
-        margin: 0 0 2rem;
-      }
-      .btn {
-        display: inline-flex;
-        align-items: center;
-        justify-content: center;
-        background: var(--text-primary);
-        color: var(--card-bg);
-        font-weight: 500;
-        padding: 0.75rem 1.5rem;
-        border-radius: 8px;
-        text-decoration: none;
-        transition: opacity 0.2s;
-        font-size: 0.95rem;
-        border: none;
-        cursor: pointer;
-        width: 100%;
-        box-sizing: border-box;
-      }
-      .btn:hover {
-        opacity: 0.9;
-      }
-      .sub-text {
-        margin-top: 1rem;
-        font-size: 0.8rem;
-        color: var(--text-secondary);
-      }
-    </style>
-  </head>
-  <body>
-    <div class="card">
-      <div class="icon-wrapper">
-        <svg class="icon" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M5 13l4 4L19 7" />
-        </svg>
-      </div>
-      <h1>All set!</h1>
-      <p>You've successfully authenticated with Antigravity. You can now return to Opencode.</p>
-      <button class="btn" onclick="closeWindow()">Close this tab</button>
-      <div class="sub-text">Usage Tip: Most browsers block auto-closing. If the button doesn't work, please close the tab manually.</div>
-    </div>
-    <script>
-      function closeWindow() {
-        window.close();
-
-        document.querySelector('.btn').textContent = "Tab cannot be closed automatically";
-        document.querySelector('.btn').style.opacity = "0.5";
-        document.querySelector('.btn').style.cursor = "default";
-      }
-    </script>
-  </body>
-</html>`;
-    timeoutHandle = setTimeout(() => {
-        rejectCallback(new Error("Timed out waiting for OAuth callback"));
-    }, timeoutMs);
-    timeoutHandle.unref?.();
-    const server = createServer((request, response) => {
-        if (!request.url) {
-            response.writeHead(400, { "Content-Type": "text/plain" });
-            response.end("Invalid request");
-            return;
-        }
-        const url = new URL(request.url, origin);
-        if (url.pathname !== callbackPath) {
-            response.writeHead(404, { "Content-Type": "text/plain" });
-            response.end("Not found");
-            return;
-        }
-        response.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
-        response.end(successResponse);
-        resolveCallback(url);
-        setImmediate(() => {
-            server.close();
-        });
-    });
-    const bindAddress = getBindAddress();
-    await new Promise((resolve, reject) => {
-        const handleError = (error) => {
-            server.off("error", handleError);
-            if (error.code === "EADDRINUSE") {
-                reject(new Error(`Port ${port} is already in use. ` +
-                    `Another process is occupying this port. ` +
-                    `Please terminate the process or try again later.`));
-                return;
-            }
-            reject(error);
-        };
-        server.once("error", handleError);
-        server.listen(port, bindAddress, () => {
-            server.off("error", handleError);
-            resolve();
-        });
-    });
-    server.on("error", (error) => {
-        rejectCallback(error instanceof Error ? error : new Error(String(error)));
-    });
-    return {
-        waitForCallback: () => callbackPromise,
-        close: () => new Promise((resolve, reject) => {
-            server.close((error) => {
-                if (error && error.code !== "ERR_SERVER_NOT_RUNNING") {
-                    reject(error);
-                    return;
-                }
-                if (!settled) {
-                    rejectCallback(new Error("OAuth listener closed before callback"));
-                }
-                resolve();
-            });
-        }),
-    };
-}

package/dist/plugin/storage.d.ts

@@ -1,136 +0,0 @@
-import type { HeaderStyle } from "../constants";
-/**
- * Files/directories that should be gitignored in the config directory.
- * These contain sensitive data or machine-specific state.
- */
-export declare const GITIGNORE_ENTRIES: string[];
-/**
- * Ensures a .gitignore file exists in the config directory with entries
- * for sensitive files. Creates the file if missing, or appends missing
- * entries if it already exists.
- */
-export declare function ensureGitignore(configDir: string): Promise<void>;
-/**
- * Synchronous version of ensureGitignore for use in sync code paths.
- */
-export declare function ensureGitignoreSync(configDir: string): void;
-export type ModelFamily = "claude" | "gemini";
-export type { HeaderStyle };
-export interface RateLimitState {
-    claude?: number;
-    gemini?: number;
-}
-export interface RateLimitStateV3 {
-    claude?: number;
-    "gemini-antigravity"?: number;
-    "gemini-cli"?: number;
-    [key: string]: number | undefined;
-}
-export interface AccountMetadataV1 {
-    email?: string;
-    refreshToken: string;
-    projectId?: string;
-    managedProjectId?: string;
-    addedAt: number;
-    lastUsed: number;
-    isRateLimited?: boolean;
-    rateLimitResetTime?: number;
-    lastSwitchReason?: "rate-limit" | "initial" | "rotation";
-}
-export interface AccountStorageV1 {
-    version: 1;
-    accounts: AccountMetadataV1[];
-    activeIndex: number;
-}
-export interface AccountMetadata {
-    email?: string;
-    refreshToken: string;
-    projectId?: string;
-    managedProjectId?: string;
-    addedAt: number;
-    lastUsed: number;
-    lastSwitchReason?: "rate-limit" | "initial" | "rotation";
-    rateLimitResetTimes?: RateLimitState;
-}
-export interface AccountStorage {
-    version: 2;
-    accounts: AccountMetadata[];
-    activeIndex: number;
-}
-export type CooldownReason = "auth-failure" | "network-error" | "project-error" | "validation-required";
-export interface AccountMetadataV3 {
-    email?: string;
-    refreshToken: string;
-    projectId?: string;
-    managedProjectId?: string;
-    addedAt: number;
-    lastUsed: number;
-    enabled?: boolean;
-    proxies?: string[];
-    lastSwitchReason?: "rate-limit" | "initial" | "rotation";
-    rateLimitResetTimes?: RateLimitStateV3;
-    coolingDownUntil?: number;
-    cooldownReason?: CooldownReason;
-    /** Per-account device fingerprint for rate limit mitigation */
-    fingerprint?: import("./fingerprint").Fingerprint;
-    fingerprintHistory?: import("./fingerprint").FingerprintVersion[];
-    /** Set when Google asks the user to verify this account before requests can continue. */
-    verificationRequired?: boolean;
-    verificationRequiredAt?: number;
-    verificationRequiredReason?: string;
-    verificationUrl?: string;
-    /** Cached soft quota data */
-    cachedQuota?: Record<string, {
-        remainingFraction?: number;
-        resetTime?: string;
-        modelCount: number;
-    }>;
-    cachedQuotaUpdatedAt?: number;
-}
-export interface AccountStorageV3 {
-    version: 3;
-    accounts: AccountMetadataV3[];
-    activeIndex: number;
-    activeIndexByFamily?: {
-        claude?: number;
-        gemini?: number;
-    };
-}
-export interface AccountStorageV4 {
-    version: 4;
-    accounts: AccountMetadataV3[];
-    activeIndex: number;
-    activeIndexByFamily?: {
-        claude?: number;
-        gemini?: number;
-    };
-}
-/**
- * Gets the config directory path, with the following precedence:
- * 1. OPENCODE_CONFIG_DIR env var (if set)
- * 2. ~/.config/opencode (all platforms, including Windows)
- *
- * On Windows, also checks for legacy %APPDATA%\opencode path for migration.
- */
-declare function getConfigDir(): string;
-export declare function getStoragePath(): string;
-/**
- * Gets the config directory path. Exported for use by other modules.
- */
-export { getConfigDir };
-export declare function deduplicateAccountsByEmail<T extends {
-    email?: string;
-    lastUsed?: number;
-    addedAt?: number;
-}>(accounts: T[]): T[];
-export declare function migrateV2ToV3(v2: AccountStorage): AccountStorageV3;
-export declare function migrateV3ToV4(v3: AccountStorageV3): AccountStorageV4;
-export declare function loadAccounts(): Promise<AccountStorageV4 | null>;
-export declare function saveAccounts(storage: AccountStorageV4): Promise<void>;
-/**
- * Save accounts storage by replacing the entire file (no merge).
- * Use this for destructive operations like delete where we need to
- * remove accounts that would otherwise be merged back from existing storage.
- */
-export declare function saveAccountsReplace(storage: AccountStorageV4): Promise<void>;
-export declare function clearAccounts(): Promise<void>;