antigravity-claude-proxy 2.2.0 → 2.2.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "antigravity-claude-proxy",
-  "version": "2.2.0",
+  "version": "2.2.2",
   "description": "Proxy server to use Antigravity's Claude models with Claude Code CLI",
   "main": "src/index.js",
   "type": "module",

package/src/account-manager/credentials.js

@@ -11,11 +11,47 @@ import {
     LOAD_CODE_ASSIST_HEADERS,
     DEFAULT_PROJECT_ID
 } from '../constants.js';
-import { refreshAccessToken } from '../auth/oauth.js';
+import { refreshAccessToken, parseRefreshParts, formatRefreshParts } from '../auth/oauth.js';
 import { getAuthStatus } from '../auth/database.js';
 import { logger } from '../utils/logger.js';
 import { isNetworkError } from '../utils/helpers.js';
 import { onboardUser, getDefaultTierId } from './onboarding.js';
+import { parseTierId } from '../cloudcode/model-api.js';
+
+// Track accounts currently fetching subscription to avoid duplicate calls
+const subscriptionFetchInProgress = new Set();
+
+/**
+ * Fetch subscription tier and save it (blocking)
+ * Used when we have a cached project but missing subscription data
+ *
+ * @param {string} token - OAuth access token
+ * @param {Object} account - Account object
+ * @param {Function} [onSave] - Callback to save account changes
+ */
+async function fetchAndSaveSubscription(token, account, onSave) {
+    // Avoid duplicate fetches for the same account
+    if (subscriptionFetchInProgress.has(account.email)) {
+        return;
+    }
+    subscriptionFetchInProgress.add(account.email);
+
+    try {
+        // Call discoverProject just to get subscription info
+        const { subscription } = await discoverProject(token, account.projectId);
+        if (subscription && subscription.tier !== 'unknown') {
+            account.subscription = subscription;
+            if (onSave) {
+                await onSave();
+            }
+            logger.info(`[AccountManager] Updated subscription tier for ${account.email}: ${subscription.tier}`);
+        }
+    } catch (e) {
+        logger.debug(`[AccountManager] Subscription fetch failed for ${account.email}: ${e.message}`);
+    } finally {
+        subscriptionFetchInProgress.delete(account.email);
+    }
+}
 
 /**
  * Get OAuth token for an account
@@ -82,27 +118,92 @@ export async function getTokenForAccount(account, tokenCache, onInvalid, onSave)
 
 /**
  * Get project ID for an account
+ * Aligned with opencode-antigravity-auth: parses refresh token for stored project IDs
  *
  * @param {Object} account - Account object
  * @param {string} token - OAuth access token
  * @param {Map} projectCache - Project cache map
+ * @param {Function} [onSave] - Callback to save account changes
  * @returns {Promise<string>} Project ID
  */
-export async function getProjectForAccount(account, token, projectCache) {
+export async function getProjectForAccount(account, token, projectCache, onSave = null) {
     // Check cache first
     const cached = projectCache.get(account.email);
     if (cached) {
         return cached;
     }
 
-    // OAuth or manual accounts may have projectId specified
+    // Parse refresh token to get stored project IDs (aligned with opencode-antigravity-auth)
+    const parts = account.refreshToken ? parseRefreshParts(account.refreshToken) : { refreshToken: null, projectId: undefined, managedProjectId: undefined };
+
+    // If we have a managedProjectId in the refresh token, use it
+    if (parts.managedProjectId) {
+        projectCache.set(account.email, parts.managedProjectId);
+        // If subscription is missing/unknown, fetch it now (blocking)
+        if (!account.subscription || account.subscription.tier === 'unknown') {
+            await fetchAndSaveSubscription(token, account, onSave);
+        }
+        return parts.managedProjectId;
+    }
+
+    // Legacy: check account.projectId for backward compatibility
     if (account.projectId) {
         projectCache.set(account.email, account.projectId);
+        // If subscription is missing/unknown, fetch it now (blocking)
+        if (!account.subscription || account.subscription.tier === 'unknown') {
+            await fetchAndSaveSubscription(token, account, onSave);
+        }
         return account.projectId;
     }
 
-    // Discover project via loadCodeAssist API
-    const project = await discoverProject(token);
+    // Discover managed project, passing projectId for metadata.duetProject
+    // Reference: opencode-antigravity-auth - discoverProject handles fallback internally
+    const { project, subscription } = await discoverProject(token, parts.projectId);
+
+    // Store managedProjectId back in refresh token (if we got a real project)
+    if (project && project !== DEFAULT_PROJECT_ID) {
+        let needsSave = false;
+
+        if (account.refreshToken) {
+            // OAuth accounts: encode in refresh token
+            account.refreshToken = formatRefreshParts({
+                refreshToken: parts.refreshToken,
+                projectId: parts.projectId,
+                managedProjectId: project,
+            });
+            needsSave = true;
+        } else if (account.source === 'database' || account.source === 'manual') {
+            // Database/manual accounts: store in projectId field
+            account.projectId = project;
+            needsSave = true;
+        }
+
+        // Save subscription tier if discovered
+        if (subscription) {
+            account.subscription = subscription;
+            needsSave = true;
+        }
+
+        // Trigger save to persist the updated project and subscription
+        if (needsSave && onSave) {
+            try {
+                await onSave();
+            } catch (e) {
+                logger.warn(`[AccountManager] Failed to save updated project: ${e.message}`);
+            }
+        }
+    } else if (subscription) {
+        // Even if no project discovered, save subscription if we got it
+        account.subscription = subscription;
+        if (onSave) {
+            try {
+                await onSave();
+            } catch (e) {
+                logger.warn(`[AccountManager] Failed to save subscription: ${e.message}`);
+            }
+        }
+    }
+
     projectCache.set(account.email, project);
     return project;
 }
@@ -111,13 +212,23 @@ export async function getProjectForAccount(account, token, projectCache) {
  * Discover project ID via Cloud Code API
  *
  * @param {string} token - OAuth access token
- * @returns {Promise<string>} Project ID
+ * @param {string} [projectId] - Optional project ID from refresh token (for metadata.duetProject)
+ * @returns {Promise<{project: string, subscription: {tier: string, projectId: string|null, detectedAt: string}|null}>} Project and subscription info
  */
-export async function discoverProject(token) {
+export async function discoverProject(token, projectId = undefined) {
     let lastError = null;
     let gotSuccessfulResponse = false;
     let loadCodeAssistData = null;
 
+    const metadata = {
+        ideType: 'IDE_UNSPECIFIED',
+        platform: 'PLATFORM_UNSPECIFIED',
+        pluginType: 'GEMINI'
+    };
+    if (projectId) {
+        metadata.duetProject = projectId;
+    }
+
     for (const endpoint of LOAD_CODE_ASSIST_ENDPOINTS) {
         try {
             const response = await fetch(`${endpoint}/v1internal:loadCodeAssist`, {
@@ -127,14 +238,7 @@ export async function discoverProject(token) {
                     'Content-Type': 'application/json',
                     ...LOAD_CODE_ASSIST_HEADERS
                 },
-                body: JSON.stringify({
-                    metadata: {
-                        ideType: 'IDE_UNSPECIFIED',
-                        platform: 'PLATFORM_UNSPECIFIED',
-                        pluginType: 'GEMINI',
-                        duetProject: DEFAULT_PROJECT_ID
-                    }
-                })
+                body: JSON.stringify({ metadata })
             });
 
             if (!response.ok) {
@@ -150,13 +254,16 @@ export async function discoverProject(token) {
 
             logger.debug(`[AccountManager] loadCodeAssist response from ${endpoint}:`, JSON.stringify(data));
 
+            // Extract subscription tier from response
+            const subscription = extractSubscriptionFromResponse(data);
+
             if (typeof data.cloudaicompanionProject === 'string') {
                 logger.success(`[AccountManager] Discovered project: ${data.cloudaicompanionProject}`);
-                return data.cloudaicompanionProject;
+                return { project: data.cloudaicompanionProject, subscription };
             }
             if (data.cloudaicompanionProject?.id) {
                 logger.success(`[AccountManager] Discovered project: ${data.cloudaicompanionProject.id}`);
-                return data.cloudaicompanionProject.id;
+                return { project: data.cloudaicompanionProject.id, subscription };
             }
 
             // No project found - log tier data and try to onboard the user
@@ -171,47 +278,72 @@ export async function discoverProject(token) {
 
     // If we got a successful response but no project, try onboarding
     if (gotSuccessfulResponse && loadCodeAssistData) {
-        // Priority: paidTier > currentTier > allowedTiers (consistent with model-api.js)
-        let tierId = null;
-        let tierSource = null;
-
-        if (loadCodeAssistData.paidTier?.id) {
-            tierId = loadCodeAssistData.paidTier.id;
-            tierSource = 'paidTier';
-        } else if (loadCodeAssistData.currentTier?.id) {
-            tierId = loadCodeAssistData.currentTier.id;
-            tierSource = 'currentTier';
-        } else {
-            tierId = getDefaultTierId(loadCodeAssistData.allowedTiers);
-            tierSource = 'allowedTiers';
-        }
+        // Only use allowedTiers for onboarding (matching opencode-antigravity-auth and oauth.js)
+        // Note: paidTier (g1-pro-tier, g1-ultra-tier) is NOT valid for onboardUser API
+        // The paidTier is used for subscription detection only, not for onboarding
+        const tierId = getDefaultTierId(loadCodeAssistData.allowedTiers) || 'free-tier';
+        logger.info(`[AccountManager] Onboarding user with tier: ${tierId}`);
 
-        tierId = tierId || 'free-tier';
-        logger.info(`[AccountManager] Onboarding user with tier: ${tierId} (source: ${tierSource})`);
-
-        // Check if this is a free tier (raw API values contain 'free')
-        const isFree = tierId.toLowerCase().includes('free');
-
-        // For non-free tiers, pass DEFAULT_PROJECT_ID as the GCP project
-        // The API requires a project for paid tier onboarding
+        // Pass projectId for metadata.duetProject (without fallback, matching reference)
+        // Reference: opencode-antigravity-auth passes parts.projectId (not fallback) to onboardManagedProject
         const onboardedProject = await onboardUser(
             token,
             tierId,
-            isFree ? null : DEFAULT_PROJECT_ID
+            projectId  // Original projectId without fallback
         );
         if (onboardedProject) {
             logger.success(`[AccountManager] Successfully onboarded, project: ${onboardedProject}`);
-            return onboardedProject;
+            const subscription = extractSubscriptionFromResponse(loadCodeAssistData);
+            return { project: onboardedProject, subscription };
         }
 
-        logger.warn(`[AccountManager] Onboarding failed, using default project: ${DEFAULT_PROJECT_ID}`);
+        logger.warn(`[AccountManager] Onboarding failed - account may not work correctly`);
     }
 
     // Only warn if all endpoints failed with errors (not just missing project)
     if (!gotSuccessfulResponse) {
         logger.warn(`[AccountManager] loadCodeAssist failed for all endpoints: ${lastError}`);
     }
-    return DEFAULT_PROJECT_ID;
+
+    // Fallback: use projectId if available, otherwise use default
+    // Reference: opencode-antigravity-auth/src/plugin/project.ts
+    if (projectId) {
+        return { project: projectId, subscription: null };
+    }
+    return { project: DEFAULT_PROJECT_ID, subscription: null };
+}
+
+/**
+ * Extract subscription tier from loadCodeAssist response
+ *
+ * @param {Object} data - loadCodeAssist response data
+ * @returns {{tier: string, projectId: string|null, detectedAt: string}|null} Subscription info
+ */
+function extractSubscriptionFromResponse(data) {
+    if (!data) return null;
+
+    // Priority: paidTier > currentTier (consistent with model-api.js)
+    let tier = 'free';
+    let cloudProject = null;
+
+    if (data.paidTier?.id) {
+        tier = parseTierId(data.paidTier.id);
+    } else if (data.currentTier?.id) {
+        tier = parseTierId(data.currentTier.id);
+    }
+
+    // Get project ID
+    if (typeof data.cloudaicompanionProject === 'string') {
+        cloudProject = data.cloudaicompanionProject;
+    } else if (data.cloudaicompanionProject?.id) {
+        cloudProject = data.cloudaicompanionProject.id;
+    }
+
+    return {
+        tier,
+        projectId: cloudProject,
+        detectedAt: new Date().toISOString()
+    };
 }
 
 /**

package/src/account-manager/index.js

@@ -297,7 +297,8 @@ export class AccountManager {
      * @returns {Promise<string>} Project ID
      */
     async getProjectForAccount(account, token) {
-        return fetchProject(account, token, this.#projectCache);
+        // Pass onSave callback to persist managedProjectId in refresh token
+        return fetchProject(account, token, this.#projectCache, () => this.saveToDisk());
     }
 
     /**

package/src/account-manager/onboarding.js

@@ -43,7 +43,7 @@ export function getDefaultTierId(allowedTiers) {
  * @param {number} [delayMs=5000] - Delay between polling attempts
  * @returns {Promise<string|null>} Managed project ID or null if failed
  */
-export async function onboardUser(token, tierId, projectId = null, maxAttempts = 10, delayMs = 5000) {
+export async function onboardUser(token, tierId, projectId = undefined, maxAttempts = 10, delayMs = 5000) {
     const metadata = {
         ideType: 'IDE_UNSPECIFIED',
         platform: 'PLATFORM_UNSPECIFIED',
@@ -58,16 +58,11 @@ export async function onboardUser(token, tierId, projectId = null, maxAttempts =
         tierId,
         metadata
     };
+    // Note: Do NOT add cloudaicompanionProject to requestBody
+    // Reference implementation only sets metadata.duetProject, not the body field
+    // Adding cloudaicompanionProject causes 400 errors for auto-provisioned tiers (g1-pro, g1-ultra)
 
-    // Check if this is a free tier (handles raw API values like 'free-tier')
-    const isFree = tierId.toLowerCase().includes('free');
-
-    // Non-free tiers require a cloudaicompanionProject
-    if (!isFree && projectId) {
-        requestBody.cloudaicompanionProject = projectId;
-    }
-
-    logger.debug(`[Onboarding] Starting onboard with tierId: ${tierId}, projectId: ${projectId}, isFree: ${isFree}`);
+    logger.debug(`[Onboarding] Starting onboard with tierId: ${tierId}, projectId: ${projectId}`);
 
     for (const endpoint of ONBOARD_USER_ENDPOINTS) {
         for (let attempt = 0; attempt < maxAttempts; attempt++) {

package/src/account-manager/strategies/index.js

@@ -10,20 +10,14 @@ import { HybridStrategy } from './hybrid-strategy.js';
 import { logger } from '../../utils/logger.js';
 import {
     SELECTION_STRATEGIES,
-    DEFAULT_SELECTION_STRATEGY
+    DEFAULT_SELECTION_STRATEGY,
+    STRATEGY_LABELS
 } from '../../constants.js';
 
 // Re-export strategy constants for convenience
 export const STRATEGY_NAMES = SELECTION_STRATEGIES;
 export const DEFAULT_STRATEGY = DEFAULT_SELECTION_STRATEGY;
 
-// Strategy display labels
-export const STRATEGY_LABELS = {
-    'sticky': 'Sticky (Cache Optimized)',
-    'round-robin': 'Round Robin (Load Balanced)',
-    'hybrid': 'Hybrid (Smart Distribution)'
-};
-
 /**
  * Create a strategy instance
  * @param {string} strategyName - Name of the strategy ('sticky', 'round-robin', 'hybrid')

package/src/auth/oauth.js

@@ -17,6 +17,34 @@ import {
 import { logger } from '../utils/logger.js';
 import { onboardUser, getDefaultTierId } from '../account-manager/onboarding.js';
 
+/**
+ * Parse refresh token parts (aligned with opencode-antigravity-auth)
+ * Format: refreshToken|projectId|managedProjectId
+ *
+ * @param {string} refresh - Composite refresh token string
+ * @returns {{refreshToken: string, projectId: string|undefined, managedProjectId: string|undefined}}
+ */
+export function parseRefreshParts(refresh) {
+    const [refreshToken = '', projectId = '', managedProjectId = ''] = (refresh ?? '').split('|');
+    return {
+        refreshToken,
+        projectId: projectId || undefined,
+        managedProjectId: managedProjectId || undefined,
+    };
+}
+
+/**
+ * Format refresh token parts back into composite string
+ *
+ * @param {{refreshToken: string, projectId?: string|undefined, managedProjectId?: string|undefined}} parts
+ * @returns {string} Composite refresh token
+ */
+export function formatRefreshParts(parts) {
+    const projectSegment = parts.projectId ?? '';
+    const base = `${parts.refreshToken}|${projectSegment}`;
+    return parts.managedProjectId ? `${base}|${parts.managedProjectId}` : base;
+}
+
 /**
  * Generate PKCE code verifier and challenge
  */
@@ -267,11 +295,15 @@ export async function exchangeCode(code, verifier) {
 
 /**
  * Refresh access token using refresh token
+ * Handles composite refresh tokens (refreshToken|projectId|managedProjectId)
  *
- * @param {string} refreshToken - OAuth refresh token
+ * @param {string} compositeRefresh - OAuth refresh token (may be composite)
  * @returns {Promise<{accessToken: string, expiresIn: number}>} New access token
  */
-export async function refreshAccessToken(refreshToken) {
+export async function refreshAccessToken(compositeRefresh) {
+    // Parse the composite refresh token to extract the actual OAuth token
+    const parts = parseRefreshParts(compositeRefresh);
+
     const response = await fetch(OAUTH_CONFIG.tokenUrl, {
         method: 'POST',
         headers: {
@@ -280,7 +312,7 @@ export async function refreshAccessToken(refreshToken) {
         body: new URLSearchParams({
             client_id: OAUTH_CONFIG.clientId,
             client_secret: OAUTH_CONFIG.clientSecret,
-            refresh_token: refreshToken,
+            refresh_token: parts.refreshToken,  // Use the actual OAuth token
             grant_type: 'refresh_token'
         })
     });
@@ -408,6 +440,8 @@ export async function completeOAuthFlow(code, verifier) {
 }
 
 export default {
+    parseRefreshParts,
+    formatRefreshParts,
     getAuthorizationUrl,
     extractCodeFromInput,
     startCallbackServer,

package/src/cli/accounts.js

@@ -95,7 +95,7 @@ function openBrowser(url) {
         args = [url];
     } else if (platform === 'win32') {
         command = 'cmd';
-        args = ['/c', 'start', '', url];
+        args = ['/c', 'start', '', url.replace(/&/g, '^&')];
     } else {
         command = 'xdg-open';
         args = [url];
@@ -210,20 +210,18 @@ async function addAccount(existingAccounts) {
         if (existing) {
             console.log(`\n⚠ Account ${result.email} already exists. Updating tokens.`);
             existing.refreshToken = result.refreshToken;
-            existing.projectId = result.projectId;
+            // Note: projectId will be discovered and stored in refresh token on first use
             existing.addedAt = new Date().toISOString();
             return null; // Don't add duplicate
         }
 
         console.log(`\n✓ Successfully authenticated: ${result.email}`);
-        if (result.projectId) {
-            console.log(`  Project ID: ${result.projectId}`);
-        }
+        console.log('  Project will be discovered on first API request.');
 
         return {
             email: result.email,
             refreshToken: result.refreshToken,
-            projectId: result.projectId,
+            // Note: projectId stored in refresh token, not as separate field
             addedAt: new Date().toISOString(),
             modelRateLimits: {}
         };
@@ -267,20 +265,18 @@ async function addAccountNoBrowser(existingAccounts, rl) {
         if (existing) {
             console.log(`\n⚠ Account ${result.email} already exists. Updating tokens.`);
             existing.refreshToken = result.refreshToken;
-            existing.projectId = result.projectId;
+            // Note: projectId will be discovered and stored in refresh token on first use
             existing.addedAt = new Date().toISOString();
             return null; // Don't add duplicate
         }
 
         console.log(`\n✓ Successfully authenticated: ${result.email}`);
-        if (result.projectId) {
-            console.log(`  Project ID: ${result.projectId}`);
-        }
+        console.log('  Project will be discovered on first API request.');
 
         return {
             email: result.email,
             refreshToken: result.refreshToken,
-            projectId: result.projectId,
+            // Note: projectId stored in refresh token, not as separate field
             addedAt: new Date().toISOString(),
             modelRateLimits: {}
         };

package/src/cloudcode/model-api.js

@@ -128,7 +128,7 @@ export async function getModelQuotas(token, projectId = null) {
  * @param {string} tierId - The tier ID from the API
  * @returns {'free' | 'pro' | 'ultra' | 'unknown'} The subscription tier
  */
-function parseTierId(tierId) {
+export function parseTierId(tierId) {
     if (!tierId) return 'unknown';
     const lower = tierId.toLowerCase();
 

package/src/constants.js

@@ -121,6 +121,13 @@ export const MIN_SIGNATURE_LENGTH = 50; // Minimum valid thinking signature leng
 export const SELECTION_STRATEGIES = ['sticky', 'round-robin', 'hybrid'];
 export const DEFAULT_SELECTION_STRATEGY = 'hybrid';
 
+// Strategy display labels
+export const STRATEGY_LABELS = {
+    'sticky': 'Sticky (Cache Optimized)',
+    'round-robin': 'Round Robin (Load Balanced)',
+    'hybrid': 'Hybrid (Smart Distribution)'
+};
+
 // Gemini-specific limits
 export const GEMINI_MAX_OUTPUT_TOKENS = 16384;
 
@@ -263,6 +270,7 @@ export default {
     isThinkingModel,
     OAUTH_CONFIG,
     OAUTH_REDIRECT_URI,
+    STRATEGY_LABELS,
     MODEL_FALLBACK_MAP,
     TEST_MODELS,
     DEFAULT_PRESETS,

package/src/index.js

@@ -60,8 +60,11 @@ const server = app.listen(PORT, () => {
     const align4 = (text) => text + ' '.repeat(Math.max(0, 58 - text.length));
     
     // Build Control section dynamically
+    const strategyOptions = `(${STRATEGY_NAMES.join('/')})`;
+    const strategyLine2 = '                       ' + strategyOptions;
     let controlSection = '║  Control:                                                    ║\n';
-    controlSection += '║    --strategy=<s>     Set selection strategy (sticky/hybrid) ║\n';
+    controlSection += '║    --strategy=<s>     Set account selection strategy         ║\n';
+    controlSection += `${border}  ${align(strategyLine2)}${border}\n`;
     if (!isDebug) {
         controlSection += '║    --debug            Enable debug logging                   ║\n';
     }

package/src/webui/index.js

@@ -668,10 +668,11 @@ export function mountWebUI(app, dirname, accountManager) {
                         const accountData = await completeOAuthFlow(code, verifier);
 
                         // Add or update the account
+                        // Note: Don't set projectId here - it will be discovered and stored
+                        // in the refresh token via getProjectForAccount() on first use
                         await addAccount({
                             email: accountData.email,
                             refreshToken: accountData.refreshToken,
-                            projectId: accountData.projectId,
                             source: 'oauth'
                         });