diff --git a/cmd/picoclaw/main.go b/cmd/picoclaw/main.go index fd7ec484ad..07bddf8758 100644 --- a/cmd/picoclaw/main.go +++ b/cmd/picoclaw/main.go @@ -10,6 +10,7 @@ import ( "bufio" "context" "embed" + "encoding/json" "fmt" "io" "io/fs" @@ -373,6 +374,7 @@ func migrateHelp() { func agentCmd() { message := "" sessionKey := "cli:default" + modelOverride := "" args := os.Args[2:] for i := 0; i < len(args); i++ { @@ -390,6 +392,11 @@ func agentCmd() { sessionKey = args[i+1] i++ } + case "--model", "-model": + if i+1 < len(args) { + modelOverride = args[i+1] + i++ + } } } @@ -399,6 +406,10 @@ func agentCmd() { os.Exit(1) } + if modelOverride != "" { + cfg.Agents.Defaults.Model = modelOverride + } + provider, err := providers.CreateProvider(cfg) if err != nil { fmt.Printf("Error creating provider: %v\n", err) @@ -777,6 +788,8 @@ func authCmd() { authLogoutCmd() case "status": authStatusCmd() + case "models": + authModelsCmd() default: fmt.Printf("Unknown auth command: %s\n", os.Args[2]) authHelp() @@ -788,15 +801,18 @@ func authHelp() { fmt.Println(" login Login via OAuth or paste token") fmt.Println(" logout Remove stored credentials") fmt.Println(" status Show current auth status") + fmt.Println(" models List available Antigravity models") fmt.Println() fmt.Println("Login options:") - fmt.Println(" --provider Provider to login with (openai, anthropic)") + fmt.Println(" --provider Provider to login with (openai, anthropic, google-antigravity)") fmt.Println(" --device-code Use device code flow (for headless environments)") fmt.Println() fmt.Println("Examples:") fmt.Println(" picoclaw auth login --provider openai") fmt.Println(" picoclaw auth login --provider openai --device-code") fmt.Println(" picoclaw auth login --provider anthropic") + fmt.Println(" picoclaw auth login --provider google-antigravity") + fmt.Println(" picoclaw auth models") fmt.Println(" picoclaw auth logout --provider openai") fmt.Println(" picoclaw auth status") } @@ -820,7 +836,7 @@ func authLoginCmd() { if provider == "" { fmt.Println("Error: --provider is required") - fmt.Println("Supported providers: openai, anthropic") + fmt.Println("Supported providers: openai, anthropic, google-antigravity") return } @@ -829,9 +845,11 @@ func authLoginCmd() { authLoginOpenAI(useDeviceCode) case "anthropic": authLoginPasteToken(provider) + case "google-antigravity", "antigravity": + authLoginGoogleAntigravity() default: fmt.Printf("Unsupported provider: %s\n", provider) - fmt.Println("Supported providers: openai, anthropic") + fmt.Println("Supported providers: openai, anthropic, google-antigravity") } } @@ -871,6 +889,88 @@ func authLoginOpenAI(useDeviceCode bool) { } } +func authLoginGoogleAntigravity() { + cfg := auth.GoogleAntigravityOAuthConfig() + + cred, err := auth.LoginBrowser(cfg) + if err != nil { + fmt.Printf("Login failed: %v\n", err) + os.Exit(1) + } + + cred.Provider = "google-antigravity" + + // Fetch user email from Google userinfo + email, err := fetchGoogleUserEmail(cred.AccessToken) + if err != nil { + fmt.Printf("Warning: could not fetch email: %v\n", err) + } else { + cred.Email = email + fmt.Printf("Email: %s\n", email) + } + + // Fetch Cloud Code Assist project ID + projectID, err := providers.FetchAntigravityProjectID(cred.AccessToken) + if err != nil { + fmt.Printf("Warning: could not fetch project ID: %v\n", err) + fmt.Println("You may need Google Cloud Code Assist enabled on your account.") + } else { + cred.ProjectID = projectID + fmt.Printf("Project: %s\n", projectID) + } + + if err := auth.SetCredential("google-antigravity", cred); err != nil { + fmt.Printf("Failed to save credentials: %v\n", err) + os.Exit(1) + } + + appCfg, err := loadConfig() + if err == nil { + appCfg.Providers.Antigravity.AuthMethod = "oauth" + if appCfg.Agents.Defaults.Provider == "" { + appCfg.Agents.Defaults.Provider = "antigravity" + } + if appCfg.Agents.Defaults.Provider == "antigravity" || appCfg.Agents.Defaults.Provider == "google-antigravity" { + appCfg.Agents.Defaults.Model = "gemini-3-flash" + } + if err := config.SaveConfig(getConfigPath(), appCfg); err != nil { + fmt.Printf("Warning: could not update config: %v\n", err) + } + } + + fmt.Println("\n✓ Google Antigravity login successful!") + fmt.Println("Config updated: provider=antigravity, model=gemini-3-flash") + fmt.Println("Try it: picoclaw agent -m \"Hello world\"") +} + +func fetchGoogleUserEmail(accessToken string) (string, error) { + req, err := http.NewRequest("GET", "https://www.googleapis.com/oauth2/v2/userinfo", nil) + if err != nil { + return "", err + } + req.Header.Set("Authorization", "Bearer "+accessToken) + + client := &http.Client{Timeout: 10 * time.Second} + resp, err := client.Do(req) + if err != nil { + return "", err + } + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + if resp.StatusCode != http.StatusOK { + return "", fmt.Errorf("userinfo request failed: %s", string(body)) + } + + var userInfo struct { + Email string `json:"email"` + } + if err := json.Unmarshal(body, &userInfo); err != nil { + return "", err + } + return userInfo.Email, nil +} + func authLoginPasteToken(provider string) { cred, err := auth.LoginPasteToken(provider, os.Stdin) if err != nil { @@ -926,6 +1026,8 @@ func authLogoutCmd() { appCfg.Providers.OpenAI.AuthMethod = "" case "anthropic": appCfg.Providers.Anthropic.AuthMethod = "" + case "google-antigravity", "antigravity": + appCfg.Providers.Antigravity.AuthMethod = "" } config.SaveConfig(getConfigPath(), appCfg) } @@ -941,6 +1043,7 @@ func authLogoutCmd() { if err == nil { appCfg.Providers.OpenAI.AuthMethod = "" appCfg.Providers.Anthropic.AuthMethod = "" + appCfg.Providers.Antigravity.AuthMethod = "" config.SaveConfig(getConfigPath(), appCfg) } @@ -977,12 +1080,70 @@ func authStatusCmd() { if cred.AccountID != "" { fmt.Printf(" Account: %s\n", cred.AccountID) } + if cred.Email != "" { + fmt.Printf(" Email: %s\n", cred.Email) + } + if cred.ProjectID != "" { + fmt.Printf(" Project: %s\n", cred.ProjectID) + } if !cred.ExpiresAt.IsZero() { fmt.Printf(" Expires: %s\n", cred.ExpiresAt.Format("2006-01-02 15:04")) } } } +func authModelsCmd() { + cred, err := auth.GetCredential("google-antigravity") + if err != nil || cred == nil { + fmt.Println("Not logged in to Google Antigravity.") + fmt.Println("Run: picoclaw auth login --provider google-antigravity") + return + } + + // Refresh token if needed + if cred.NeedsRefresh() && cred.RefreshToken != "" { + oauthCfg := auth.GoogleAntigravityOAuthConfig() + refreshed, refreshErr := auth.RefreshAccessToken(cred, oauthCfg) + if refreshErr == nil { + cred = refreshed + _ = auth.SetCredential("google-antigravity", cred) + } + } + + projectID := cred.ProjectID + if projectID == "" { + fmt.Println("No project ID stored. Try logging in again.") + return + } + + fmt.Printf("Fetching models for project: %s\n\n", projectID) + + models, err := providers.FetchAntigravityModels(cred.AccessToken, projectID) + if err != nil { + fmt.Printf("Error fetching models: %v\n", err) + return + } + + if len(models) == 0 { + fmt.Println("No models available.") + return + } + + fmt.Println("Available Antigravity Models:") + fmt.Println("-----------------------------") + for _, m := range models { + status := "✓" + if m.IsExhausted { + status = "✗ (quota exhausted)" + } + name := m.ID + if m.DisplayName != "" { + name = fmt.Sprintf("%s (%s)", m.ID, m.DisplayName) + } + fmt.Printf(" %s %s\n", status, name) + } +} + func getConfigPath() string { home, _ := os.UserHomeDir() return filepath.Join(home, ".picoclaw", "config.json") diff --git a/docs/ANTIGRAVITY_AUTH.md b/docs/ANTIGRAVITY_AUTH.md new file mode 100644 index 0000000000..5d68de4278 --- /dev/null +++ b/docs/ANTIGRAVITY_AUTH.md @@ -0,0 +1,1002 @@ +# Antigravity Authentication & Integration Guide + +## Overview + +**Antigravity** (Google Cloud Code Assist) is a Google-backed AI model provider that offers access to models like Claude Opus 4.6 and Gemini through Google's Cloud infrastructure. This document provides a complete guide on how authentication works, how to fetch models, and how to implement a new provider in PicoClaw. + +--- + +## Table of Contents + +1. [Authentication Flow](#authentication-flow) +2. [OAuth Implementation Details](#oauth-implementation-details) +3. [Token Management](#token-management) +4. [Models List Fetching](#models-list-fetching) +5. [Usage Tracking](#usage-tracking) +6. [Provider Plugin Structure](#provider-plugin-structure) +7. [Integration Requirements](#integration-requirements) +8. [API Endpoints](#api-endpoints) +9. [Configuration](#configuration) +10. [Creating a New Provider in PicoClaw](#creating-a-new-provider-in-picoclaw) + +--- + +## Authentication Flow + +### 1. OAuth 2.0 with PKCE + +Antigravity uses **OAuth 2.0 with PKCE (Proof Key for Code Exchange)** for secure authentication: + +``` +┌─────────────┐ ┌─────────────────┐ +│ Client │ ───(1) Generate PKCE Pair────────> │ │ +│ │ ───(2) Open Auth URL─────────────> │ Google OAuth │ +│ │ │ Server │ +│ │ <──(3) Redirect with Code───────── │ │ +│ │ └─────────────────┘ +│ │ ───(4) Exchange Code for Tokens──> │ Token URL │ +│ │ │ │ +│ │ <──(5) Access + Refresh Tokens──── │ │ +└─────────────┘ └─────────────────┘ +``` + +### 2. Detailed Steps + +#### Step 1: Generate PKCE Parameters +```typescript +function generatePkce(): { verifier: string; challenge: string } { + const verifier = randomBytes(32).toString("hex"); + const challenge = createHash("sha256").update(verifier).digest("base64url"); + return { verifier, challenge }; +} +``` + +#### Step 2: Build Authorization URL +```typescript +const AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth"; +const REDIRECT_URI = "http://localhost:51121/oauth-callback"; + +function buildAuthUrl(params: { challenge: string; state: string }): string { + const url = new URL(AUTH_URL); + url.searchParams.set("client_id", CLIENT_ID); + url.searchParams.set("response_type", "code"); + url.searchParams.set("redirect_uri", REDIRECT_URI); + url.searchParams.set("scope", SCOPES.join(" ")); + url.searchParams.set("code_challenge", params.challenge); + url.searchParams.set("code_challenge_method", "S256"); + url.searchParams.set("state", params.state); + url.searchParams.set("access_type", "offline"); + url.searchParams.set("prompt", "consent"); + return url.toString(); +} +``` + +**Required Scopes:** +```typescript +const SCOPES = [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/userinfo.profile", + "https://www.googleapis.com/auth/cclog", + "https://www.googleapis.com/auth/experimentsandconfigs", +]; +``` + +#### Step 3: Handle OAuth Callback + +**Automatic Mode (Local Development):** +- Start a local HTTP server on port 51121 +- Wait for the redirect from Google +- Extract the authorization code from the query parameters + +**Manual Mode (Remote/Headless):** +- Display the authorization URL to the user +- User completes authentication in their browser +- User pastes the full redirect URL back into the terminal +- Parse the code from the pasted URL + +#### Step 4: Exchange Code for Tokens +```typescript +const TOKEN_URL = "https://oauth2.googleapis.com/token"; + +async function exchangeCode(params: { + code: string; + verifier: string; +}): Promise<{ access: string; refresh: string; expires: number }> { + const response = await fetch(TOKEN_URL, { + method: "POST", + headers: { "Content-Type": "application/x-www-form-urlencoded" }, + body: new URLSearchParams({ + client_id: CLIENT_ID, + client_secret: CLIENT_SECRET, + code: params.code, + grant_type: "authorization_code", + redirect_uri: REDIRECT_URI, + code_verifier: params.verifier, + }), + }); + + const data = await response.json(); + + return { + access: data.access_token, + refresh: data.refresh_token, + expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000, // 5 min buffer + }; +} +``` + +#### Step 5: Fetch Additional User Data + +**User Email:** +```typescript +async function fetchUserEmail(accessToken: string): Promise { + const response = await fetch( + "https://www.googleapis.com/oauth2/v1/userinfo?alt=json", + { headers: { Authorization: `Bearer ${accessToken}` } } + ); + const data = await response.json(); + return data.email; +} +``` + +**Project ID (Required for API calls):** +```typescript +async function fetchProjectId(accessToken: string): Promise { + const headers = { + Authorization: `Bearer ${accessToken}`, + "Content-Type": "application/json", + "User-Agent": "google-api-nodejs-client/9.15.1", + "X-Goog-Api-Client": "google-cloud-sdk vscode_cloudshelleditor/0.1", + "Client-Metadata": JSON.stringify({ + ideType: "IDE_UNSPECIFIED", + platform: "PLATFORM_UNSPECIFIED", + pluginType: "GEMINI", + }), + }; + + const response = await fetch( + "https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist", + { + method: "POST", + headers, + body: JSON.stringify({ + metadata: { + ideType: "IDE_UNSPECIFIED", + platform: "PLATFORM_UNSPECIFIED", + pluginType: "GEMINI", + }, + }), + } + ); + + const data = await response.json(); + return data.cloudaicompanionProject || "rising-fact-p41fc"; // Default fallback +} +``` + +--- + +## OAuth Implementation Details + +### Client Credentials + +**Important:** These are base64-encoded in the source code for sync with pi-ai: + +```typescript +const decode = (s: string) => Buffer.from(s, "base64").toString(); + +const CLIENT_ID = decode( + "MTA3MTAwNjA2MDU5MS10bWhzc2luMmgyMWxjcmUyMzV2dG9sb2poNGc0MDNlcC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbQ==" +); +const CLIENT_SECRET = decode("R09DU1BYLUs1OEZXUjQ4NkxkTEoxbUxCOHNYQzR6NnFEQWY="); +``` + +### OAuth Flow Modes + +1. **Automatic Flow** (Local machines with browser): + - Opens browser automatically + - Local callback server captures redirect + - No user interaction required after initial auth + +2. **Manual Flow** (Remote/headless/WSL2): + - URL displayed for manual copy-paste + - User completes auth in external browser + - User pastes full redirect URL back + +```typescript +function shouldUseManualOAuthFlow(isRemote: boolean): boolean { + return isRemote || isWSL2Sync(); +} +``` + +--- + +## Token Management + +### Auth Profile Structure + +```typescript +type OAuthCredential = { + type: "oauth"; + provider: "google-antigravity"; + access: string; // Access token + refresh: string; // Refresh token + expires: number; // Expiration timestamp (ms since epoch) + email?: string; // User email + projectId?: string; // Google Cloud project ID +}; +``` + +### Token Refresh + +The credential includes a refresh token that can be used to obtain new access tokens when the current one expires. The expiration is set with a 5-minute buffer to prevent race conditions. + +--- + +## Models List Fetching + +### Fetch Available Models + +```typescript +const BASE_URL = "https://cloudcode-pa.googleapis.com"; + +async function fetchAvailableModels( + accessToken: string, + projectId: string +): Promise { + const headers = { + Authorization: `Bearer ${accessToken}`, + "Content-Type": "application/json", + "User-Agent": "antigravity", + "X-Goog-Api-Client": "google-cloud-sdk vscode_cloudshelleditor/0.1", + }; + + const response = await fetch( + `${BASE_URL}/v1internal:fetchAvailableModels`, + { + method: "POST", + headers, + body: JSON.stringify({ project: projectId }), + } + ); + + const data = await response.json(); + + // Returns models with quota information + return Object.entries(data.models).map(([modelId, modelInfo]) => ({ + id: modelId, + displayName: modelInfo.displayName, + quotaInfo: { + remainingFraction: modelInfo.quotaInfo?.remainingFraction, + resetTime: modelInfo.quotaInfo?.resetTime, + isExhausted: modelInfo.quotaInfo?.isExhausted, + }, + })); +} +``` + +### Response Format + +```typescript +type FetchAvailableModelsResponse = { + models?: Record; +}; +``` + +--- + +## Usage Tracking + +### Fetch Usage Data + +```typescript +export async function fetchAntigravityUsage( + token: string, + timeoutMs: number +): Promise { + // 1. Fetch credits and plan info + const loadCodeAssistRes = await fetch( + `${BASE_URL}/v1internal:loadCodeAssist`, + { + method: "POST", + headers: { + Authorization: `Bearer ${token}`, + "Content-Type": "application/json", + }, + body: JSON.stringify({ + metadata: { + ideType: "ANTIGRAVITY", + platform: "PLATFORM_UNSPECIFIED", + pluginType: "GEMINI", + }, + }), + } + ); + + // Extract credits info + const { availablePromptCredits, planInfo, currentTier } = data; + + // 2. Fetch model quotas + const modelsRes = await fetch( + `${BASE_URL}/v1internal:fetchAvailableModels`, + { + method: "POST", + headers: { Authorization: `Bearer ${token}` }, + body: JSON.stringify({ project: projectId }), + } + ); + + // Build usage windows + return { + provider: "google-antigravity", + displayName: "Google Antigravity", + windows: [ + { label: "Credits", usedPercent: calculateUsedPercent(available, monthly) }, + // Individual model quotas... + ], + plan: currentTier?.name || planType, + }; +} +``` + +### Usage Response Structure + +```typescript +type ProviderUsageSnapshot = { + provider: "google-antigravity"; + displayName: string; + windows: UsageWindow[]; + plan?: string; + error?: string; +}; + +type UsageWindow = { + label: string; // "Credits" or model ID + usedPercent: number; // 0-100 + resetAt?: number; // Timestamp when quota resets +}; +``` + +--- + +## Provider Plugin Structure + +### Plugin Definition + +```typescript +const antigravityPlugin = { + id: "google-antigravity-auth", + name: "Google Antigravity Auth", + description: "OAuth flow for Google Antigravity (Cloud Code Assist)", + configSchema: emptyPluginConfigSchema(), + + register(api: OpenClawPluginApi) { + api.registerProvider({ + id: "google-antigravity", + label: "Google Antigravity", + docsPath: "/providers/models", + aliases: ["antigravity"], + + auth: [ + { + id: "oauth", + label: "Google OAuth", + hint: "PKCE + localhost callback", + kind: "oauth", + run: async (ctx: ProviderAuthContext) => { + // OAuth implementation here + }, + }, + ], + }); + }, +}; +``` + +### ProviderAuthContext + +```typescript +type ProviderAuthContext = { + config: OpenClawConfig; + agentDir?: string; + workspaceDir?: string; + prompter: WizardPrompter; // UI prompts/notifications + runtime: RuntimeEnv; // Logging, etc. + isRemote: boolean; // Whether running remotely + openUrl: (url: string) => Promise; // Browser opener + oauth: { + createVpsAwareHandlers: Function; + }; +}; +``` + +### ProviderAuthResult + +```typescript +type ProviderAuthResult = { + profiles: Array<{ + profileId: string; + credential: AuthProfileCredential; + }>; + configPatch?: Partial; + defaultModel?: string; + notes?: string[]; +}; +``` + +--- + +## Integration Requirements + +### 1. Required Environment/Dependencies + +- Node.js ≥ 22 +- OpenClaw plugin-sdk +- crypto module (built-in) +- http module (built-in) + +### 2. Required Headers for API Calls + +```typescript +const REQUIRED_HEADERS = { + "Authorization": `Bearer ${accessToken}`, + "Content-Type": "application/json", + "User-Agent": "antigravity", // or "google-api-nodejs-client/9.15.1" + "X-Goog-Api-Client": "google-cloud-sdk vscode_cloudshelleditor/0.1", +}; + +// For loadCodeAssist calls, also include: +const CLIENT_METADATA = { + ideType: "ANTIGRAVITY", // or "IDE_UNSPECIFIED" + platform: "PLATFORM_UNSPECIFIED", + pluginType: "GEMINI", +}; +``` + +### 3. Model Schema Sanitization + +Antigravity uses Gemini-compatible models, so tool schemas must be sanitized: + +```typescript +const GOOGLE_SCHEMA_UNSUPPORTED_KEYWORDS = new Set([ + "patternProperties", + "additionalProperties", + "$schema", + "$id", + "$ref", + "$defs", + "definitions", + "examples", + "minLength", + "maxLength", + "minimum", + "maximum", + "multipleOf", + "pattern", + "format", + "minItems", + "maxItems", + "uniqueItems", + "minProperties", + "maxProperties", +]); + +// Clean schema before sending +function cleanToolSchemaForGemini(schema: Record): unknown { + // Remove unsupported keywords + // Ensure top-level has type: "object" + // Flatten anyOf/oneOf unions +} +``` + +### 4. Thinking Block Handling (Claude Models) + +For Antigravity Claude models, thinking blocks require special handling: + +```typescript +const ANTIGRAVITY_SIGNATURE_RE = /^[A-Za-z0-9+/]+={0,2}$/; + +export function sanitizeAntigravityThinkingBlocks( + messages: AgentMessage[] +): AgentMessage[] { + // Validate thinking signatures + // Normalize signature fields + // Discard unsigned thinking blocks +} +``` + +--- + +## API Endpoints + +### Authentication Endpoints + +| Endpoint | Method | Purpose | +|----------|--------|---------| +| `https://accounts.google.com/o/oauth2/v2/auth` | GET | OAuth authorization | +| `https://oauth2.googleapis.com/token` | POST | Token exchange | +| `https://www.googleapis.com/oauth2/v1/userinfo` | GET | User info (email) | + +### Cloud Code Assist Endpoints + +| Endpoint | Method | Purpose | +|----------|--------|---------| +| `https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist` | POST | Load project info, credits, plan | +| `https://cloudcode-pa.googleapis.com/v1internal:fetchAvailableModels` | POST | List available models with quotas | +| `https://cloudcode-pa.googleapis.com/v1internal:streamGenerateContent?alt=sse` | POST | Chat streaming endpoint | + +**API Request Format (Chat):** +The `v1internal:streamGenerateContent` endpoint expects an envelope wrapping the standard Gemini request: + +```json +{ + "project": "your-project-id", + "model": "model-id", + "request": { + "contents": [...], + "systemInstruction": {...}, + "generationConfig": {...}, + "tools": [...] + }, + "requestType": "agent", + "userAgent": "antigravity", + "requestId": "agent-timestamp-random" +} +``` + +**API Response Format (SSE):** +Each SSE message (`data: {...}`) is wrapped in a `response` field: + +```json +{ + "response": { + "candidates": [...], + "usageMetadata": {...}, + "modelVersion": "...", + "responseId": "..." + }, + "traceId": "...", + "metadata": {} +} +``` + +--- + +## Configuration + +### openclaw.json Configuration + +```json5 +{ + agents: { + defaults: { + model: { + primary: "google-antigravity/claude-opus-4-6-thinking", + }, + }, + }, +} +``` + +### Auth Profile Storage + +Auth profiles are stored in `~/.openclaw/agent/auth-profiles.json`: + +```json +{ + "version": 1, + "profiles": { + "google-antigravity:user@example.com": { + "type": "oauth", + "provider": "google-antigravity", + "access": "ya29...", + "refresh": "1//...", + "expires": 1704067200000, + "email": "user@example.com", + "projectId": "my-project-id" + } + } +} +``` + +--- + +## Creating a New Provider in PicoClaw + +### Step-by-Step Implementation + +#### 1. Create Plugin Structure + +``` +extensions/ +└── your-provider-auth/ + ├── openclaw.plugin.json + ├── package.json + ├── README.md + └── index.ts +``` + +#### 2. Define Plugin Manifest + +**openclaw.plugin.json:** +```json +{ + "id": "your-provider-auth", + "providers": ["your-provider"], + "configSchema": { + "type": "object", + "additionalProperties": false, + "properties": {} + } +} +``` + +**package.json:** +```json +{ + "name": "@openclaw/your-provider-auth", + "version": "1.0.0", + "private": true, + "description": "Your Provider OAuth plugin", + "type": "module" +} +``` + +#### 3. Implement OAuth Flow + +```typescript +import { + buildOauthProviderAuthResult, + emptyPluginConfigSchema, + type OpenClawPluginApi, + type ProviderAuthContext, +} from "openclaw/plugin-sdk"; + +const YOUR_CLIENT_ID = "your-client-id"; +const YOUR_CLIENT_SECRET = "your-client-secret"; +const AUTH_URL = "https://provider.com/oauth/authorize"; +const TOKEN_URL = "https://provider.com/oauth/token"; +const REDIRECT_URI = "http://localhost:PORT/oauth-callback"; + +async function loginYourProvider(params: { + isRemote: boolean; + openUrl: (url: string) => Promise; + prompt: (message: string) => Promise; + note: (message: string, title?: string) => Promise; + log: (message: string) => void; + progress: { update: (msg: string) => void; stop: (msg?: string) => void }; +}) { + // 1. Generate PKCE + const { verifier, challenge } = generatePkce(); + const state = randomBytes(16).toString("hex"); + + // 2. Build auth URL + const authUrl = buildAuthUrl({ challenge, state }); + + // 3. Start callback server (if not remote) + const callbackServer = !params.isRemote + ? await startCallbackServer({ timeoutMs: 5 * 60 * 1000 }) + : null; + + // 4. Open browser or show URL + if (callbackServer) { + await params.openUrl(authUrl); + const callback = await callbackServer.waitForCallback(); + code = callback.searchParams.get("code"); + } else { + await params.note(`Auth URL: ${authUrl}`, "OAuth"); + const input = await params.prompt("Paste redirect URL:"); + const parsed = parseCallbackInput(input); + code = parsed.code; + } + + // 5. Exchange code for tokens + const tokens = await exchangeCode({ code, verifier }); + + // 6. Fetch additional user data + const email = await fetchUserEmail(tokens.access); + + return { ...tokens, email }; +} +``` + +#### 4. Register Provider + +```typescript +const yourProviderPlugin = { + id: "your-provider-auth", + name: "Your Provider Auth", + description: "OAuth for Your Provider", + configSchema: emptyPluginConfigSchema(), + + register(api: OpenClawPluginApi) { + api.registerProvider({ + id: "your-provider", + label: "Your Provider", + docsPath: "/providers/models", + aliases: ["yp"], + + auth: [ + { + id: "oauth", + label: "OAuth Login", + hint: "Browser-based authentication", + kind: "oauth", + + run: async (ctx: ProviderAuthContext) => { + const spin = ctx.prompter.progress("Starting OAuth..."); + + try { + const result = await loginYourProvider({ + isRemote: ctx.isRemote, + openUrl: ctx.openUrl, + prompt: async (msg) => String(await ctx.prompter.text({ message: msg })), + note: ctx.prompter.note, + log: (msg) => ctx.runtime.log(msg), + progress: spin, + }); + + return buildOauthProviderAuthResult({ + providerId: "your-provider", + defaultModel: "your-provider/model-name", + access: result.access, + refresh: result.refresh, + expires: result.expires, + email: result.email, + notes: ["Provider-specific notes"], + }); + } catch (err) { + spin.stop("OAuth failed"); + throw err; + } + }, + }, + ], + }); + }, +}; + +export default yourProviderPlugin; +``` + +#### 5. Implement Usage Tracking (Optional) + +```typescript +// src/infra/provider-usage.fetch.your-provider.ts +export async function fetchYourProviderUsage( + token: string, + timeoutMs: number, + fetchFn: typeof fetch +): Promise { + // Fetch usage data from provider API + const response = await fetchFn("https://api.provider.com/usage", { + headers: { Authorization: `Bearer ${token}` }, + }); + + const data = await response.json(); + + return { + provider: "your-provider", + displayName: "Your Provider", + windows: [ + { label: "Credits", usedPercent: data.usedPercent }, + ], + plan: data.planName, + }; +} +``` + +#### 6. Register Usage Fetcher + +```typescript +// src/infra/provider-usage.load.ts +case "your-provider": + return await fetchYourProviderUsage(auth.token, timeoutMs, fetchFn); +``` + +#### 7. Add Provider to Type Definitions + +```typescript +// src/infra/provider-usage.types.ts +export type SupportedProvider = + | "anthropic" + | "github-copilot" + | "google-gemini-cli" + | "google-antigravity" + | "your-provider" // Add here + | "minimax" + | "openai-codex"; +``` + +#### 8. Add Auth Choice Handler + +```typescript +// src/commands/auth-choice.apply.your-provider.ts +import { applyAuthChoicePluginProvider } from "./auth-choice.apply.plugin-provider.js"; + +export async function applyAuthChoiceYourProvider( + params: ApplyAuthChoiceParams +): Promise { + return await applyAuthChoicePluginProvider(params, { + authChoice: "your-provider", + pluginId: "your-provider-auth", + providerId: "your-provider", + methodId: "oauth", + label: "Your Provider", + }); +} +``` + +#### 9. Export from Main Index + +```typescript +// src/commands/auth-choice.apply.ts +import { applyAuthChoiceYourProvider } from "./auth-choice.apply.your-provider.js"; + +// In the switch statement: +case "your-provider": + return await applyAuthChoiceYourProvider(params); +``` + +### Helper Utilities + +#### PKCE Generation +```typescript +function generatePkce(): { verifier: string; challenge: string } { + const verifier = randomBytes(32).toString("hex"); + const challenge = createHash("sha256").update(verifier).digest("base64url"); + return { verifier, challenge }; +} +``` + +#### Callback Server +```typescript +async function startCallbackServer(params: { timeoutMs: number }) { + const port = 51121; // Your port + + const server = createServer((request, response) => { + const url = new URL(request.url!, `http://localhost:${port}`); + + if (url.pathname === "/oauth-callback") { + response.writeHead(200, { "Content-Type": "text/html" }); + response.end("

Authentication complete

"); + resolveCallback(url); + server.close(); + } + }); + + await new Promise((resolve, reject) => { + server.listen(port, "127.0.0.1", resolve); + server.once("error", reject); + }); + + return { + waitForCallback: () => callbackPromise, + close: () => new Promise((resolve) => server.close(resolve)), + }; +} +``` + +--- + +## Testing Your Implementation + +### CLI Commands + +```bash +# Enable the plugin +openclaw plugins enable your-provider-auth + +# Restart gateway +openclaw gateway restart + +# Authenticate +openclaw models auth login --provider your-provider --set-default + +# List models +openclaw models list + +# Set model +openclaw models set your-provider/model-name + +# Check usage +openclaw models usage +``` + +### Environment Variables for Testing + +```bash +# Test specific providers only +export OPENCLAW_LIVE_PROVIDERS="your-provider,google-antigravity" + +# Test with specific models +export OPENCLAW_LIVE_GATEWAY_MODELS="your-provider/model-name" +``` + +--- + +## References + +- **Source Files:** + - `extensions/google-antigravity-auth/index.ts` - Full OAuth implementation + - `src/infra/provider-usage.fetch.antigravity.ts` - Usage fetching + - `src/agents/pi-embedded-runner/google.ts` - Model sanitization + - `src/agents/model-forward-compat.ts` - Forward compatibility + - `src/plugin-sdk/provider-auth-result.ts` - Auth result builder + - `src/plugins/types.ts` - Plugin type definitions + +- **Documentation:** + - `docs/concepts/model-providers.md` - Provider overview + - `docs/concepts/usage-tracking.md` - Usage tracking + +--- + +## Notes + +1. **Google Cloud Project:** Antigravity requires Gemini for Google Cloud to be enabled on your Google Cloud project +2. **Quotas:** Uses Google Cloud project quotas (not separate billing) +3. **Model Access:** Available models depend on your Google Cloud project configuration +4. **Thinking Blocks:** Claude models via Antigravity require special handling of thinking blocks with signatures +5. **Schema Sanitization:** Tool schemas must be sanitized to remove unsupported JSON Schema keywords + +--- + +--- + +## Common Error Handling + +### 1. Rate Limiting (HTTP 429) + +Antigravity returns a 429 error when project/model quotas are exhausted. The error response often contains a `quotaResetDelay` in the `details` field. + +**Example 429 Error:** +```json +{ + "error": { + "code": 429, + "message": "You have exhausted your capacity on this model. Your quota will reset after 4h30m28s.", + "status": "RESOURCE_EXHAUSTED", + "details": [ + { + "@type": "type.googleapis.com/google.rpc.ErrorInfo", + "metadata": { + "quotaResetDelay": "4h30m28.060903746s" + } + } + ] + } +} +``` + +### 2. Empty Responses (Restricted Models) + +Some models might show up in the available models list but return an empty response (200 OK but empty SSE stream). This usually happens for preview or restricted models that the current project doesn't have permission to use. + +**Treatment:** Treat empty responses as errors informing the user that the model might be restricted or invalid for their project. + +--- + +## Troubleshooting + +### "Token expired" +- Refresh OAuth tokens: `openclaw models auth login --provider google-antigravity` + +### "Gemini for Google Cloud is not enabled" +- Enable the API in your Google Cloud Console + +### "Project not found" +- Ensure your Google Cloud project has the necessary APIs enabled +- Check that the project ID is correctly fetched during authentication + +### Models not appearing in list +- Verify OAuth authentication completed successfully +- Check auth profile storage: `~/.openclaw/agent/auth-profiles.json` +- Ensure the plugin is enabled: `openclaw plugins list` diff --git a/docs/ANTIGRAVITY_USAGE.md b/docs/ANTIGRAVITY_USAGE.md new file mode 100644 index 0000000000..8bf1fdfdb8 --- /dev/null +++ b/docs/ANTIGRAVITY_USAGE.md @@ -0,0 +1,72 @@ +# Using Antigravity Provider in PicoClaw + +This guide explains how to set up and use the **Antigravity** (Google Cloud Code Assist) provider in PicoClaw. + +## Prerequisites + +1. A Google account. +2. Google Cloud Code Assist enabled (usually available via the "Gemini for Google Cloud" onboarding). + +## 1. Authentication + +To authenticate with Antigravity, run the following command: + +```bash +picoclaw auth login --provider antigravity +``` + +### Manual Authentication (Headless/VPS) +If you are running on a server (Coolify/Docker) and cannot reach `localhost`, follow these steps: +1. Run the command above. +2. Copy the URL provided and open it in your local browser. +3. Complete the login. +4. Your browser will redirect to a `localhost:51121` URL (which will fail to load). +5. **Copy that final URL** from your browser's address bar. +6. **Paste it back into the terminal** where PicoClaw is waiting. + +PicoClaw will extract the authorization code and complete the process automatically. + +## 2. Managing Models + +### List Available Models +To see which models your project has access to and check their quotas: + +```bash +picoclaw auth models +``` + +### Switch Models +You can change the default model in `~/.picoclaw/config.json` or override it via the CLI: + +```bash +# Override for a single command +picoclaw agent -m "Hello" --model claude-opus-4-6-thinking +``` + +## 3. Real-world Usage (Coolify/Docker) + +If you are deploying via Coolify or Docker, follow these steps to test: + +1. **Branch**: Use the `feat/antigravity-provider` branch. +2. **Environment Variables**: + * `PICOCLAW_AGENTS_DEFAULTS_PROVIDER=antigravity` + * `PICOCLAW_AGENTS_DEFAULTS_MODEL=gemini-3-flash` +3. **Authentication persistence**: + If you've logged in locally, you can copy your credentials to the server: + ```bash + scp ~/.picoclaw/auth-profiles.json user@your-server:~/.picoclaw/ + ``` + *Alternatively*, run the `auth login` command once on the server if you have terminal access. + +## 4. Troubleshooting + +* **Empty Response**: If a model returns an empty reply, it may be restricted for your project. Try `gemini-3-flash` or `claude-opus-4-6-thinking`. +* **429 Rate Limit**: Antigravity has strict quotas. PicoClaw will display the "reset time" in the error message if you hit a limit. +* **404 Not Found**: Ensure you are using a model ID from the `picoclaw auth models` list. Use the short ID (e.g., `gemini-3-flash`) not the full path. + +## 5. Summary of Working Models + +Based on testing, the following models are most reliable: +* `gemini-3-flash` (Fast, highly available) +* `gemini-2.5-flash-lite` (Lightweight) +* `claude-opus-4-6-thinking` (Powerful, includes reasoning) diff --git a/pkg/agent/context.go b/pkg/agent/context.go index cf5ce29134..27e3ef9dce 100644 --- a/pkg/agent/context.go +++ b/pkg/agent/context.go @@ -189,16 +189,7 @@ func (cb *ContextBuilder) BuildMessages(history []providers.Message, summary str systemPrompt += "\n\n## Summary of Previous Conversation\n\n" + summary } - //This fix prevents the session memory from LLM failure due to elimination of toolu_IDs required from LLM - // --- INICIO DEL FIX --- - //Diegox-17 - for len(history) > 0 && (history[0].Role == "tool") { - logger.DebugCF("agent", "Removing orphaned tool message from history to prevent LLM error", - map[string]interface{}{"role": history[0].Role}) - history = history[1:] - } - //Diegox-17 - // --- FIN DEL FIX --- + history = sanitizeHistoryForProvider(history) messages = append(messages, providers.Message{ Role: "system", @@ -207,14 +198,58 @@ func (cb *ContextBuilder) BuildMessages(history []providers.Message, summary str messages = append(messages, history...) - messages = append(messages, providers.Message{ - Role: "user", - Content: currentMessage, - }) + if strings.TrimSpace(currentMessage) != "" { + messages = append(messages, providers.Message{ + Role: "user", + Content: currentMessage, + }) + } return messages } +func sanitizeHistoryForProvider(history []providers.Message) []providers.Message { + if len(history) == 0 { + return history + } + + sanitized := make([]providers.Message, 0, len(history)) + for _, msg := range history { + switch msg.Role { + case "tool": + if len(sanitized) == 0 { + logger.DebugCF("agent", "Dropping orphaned leading tool message", map[string]interface{}{}) + continue + } + last := sanitized[len(sanitized)-1] + if last.Role != "assistant" || len(last.ToolCalls) == 0 { + logger.DebugCF("agent", "Dropping orphaned tool message", map[string]interface{}{}) + continue + } + sanitized = append(sanitized, msg) + + case "assistant": + if len(msg.ToolCalls) > 0 { + if len(sanitized) == 0 { + logger.DebugCF("agent", "Dropping assistant tool-call turn at history start", map[string]interface{}{}) + continue + } + prev := sanitized[len(sanitized)-1] + if prev.Role != "user" && prev.Role != "tool" { + logger.DebugCF("agent", "Dropping assistant tool-call turn with invalid predecessor", map[string]interface{}{"prev_role": prev.Role}) + continue + } + } + sanitized = append(sanitized, msg) + + default: + sanitized = append(sanitized, msg) + } + } + + return sanitized +} + func (cb *ContextBuilder) AddToolResult(messages []providers.Message, toolCallID, toolName, result string) []providers.Message { messages = append(messages, providers.Message{ Role: "tool", diff --git a/pkg/agent/loop.go b/pkg/agent/loop.go index d3afa298ea..b90c473f19 100644 --- a/pkg/agent/loop.go +++ b/pkg/agent/loop.go @@ -605,15 +605,20 @@ func (al *AgentLoop) runLLMIteration(ctx context.Context, messages []providers.M break } - // Log tool calls - toolNames := make([]string, 0, len(response.ToolCalls)) + normalizedToolCalls := make([]providers.ToolCall, 0, len(response.ToolCalls)) for _, tc := range response.ToolCalls { + normalizedToolCalls = append(normalizedToolCalls, normalizeProviderToolCall(tc)) + } + + // Log tool calls + toolNames := make([]string, 0, len(normalizedToolCalls)) + for _, tc := range normalizedToolCalls { toolNames = append(toolNames, tc.Name) } logger.InfoCF("agent", "LLM requested tool calls", map[string]interface{}{ "tools": toolNames, - "count": len(response.ToolCalls), + "count": len(normalizedToolCalls), "iteration": iteration, }) @@ -622,14 +627,22 @@ func (al *AgentLoop) runLLMIteration(ctx context.Context, messages []providers.M Role: "assistant", Content: response.Content, } - for _, tc := range response.ToolCalls { + for _, tc := range normalizedToolCalls { argumentsJSON, _ := json.Marshal(tc.Arguments) + thoughtSignature := "" + if tc.Function != nil { + thoughtSignature = tc.Function.ThoughtSignature + } + assistantMsg.ToolCalls = append(assistantMsg.ToolCalls, providers.ToolCall{ - ID: tc.ID, - Type: "function", + ID: tc.ID, + Type: "function", + Name: tc.Name, + Arguments: tc.Arguments, Function: &providers.FunctionCall{ - Name: tc.Name, - Arguments: string(argumentsJSON), + Name: tc.Name, + Arguments: string(argumentsJSON), + ThoughtSignature: thoughtSignature, }, }) } @@ -639,7 +652,7 @@ func (al *AgentLoop) runLLMIteration(ctx context.Context, messages []providers.M al.sessions.AddFullMessage(opts.SessionKey, assistantMsg) // Execute tool calls - for _, tc := range response.ToolCalls { + for _, tc := range normalizedToolCalls { // Log tool call with arguments preview argsJSON, _ := json.Marshal(tc.Arguments) argsPreview := utils.Truncate(string(argsJSON), 200) @@ -702,6 +715,45 @@ func (al *AgentLoop) runLLMIteration(ctx context.Context, messages []providers.M return finalContent, iteration, nil } +func normalizeProviderToolCall(tc providers.ToolCall) providers.ToolCall { + normalized := tc + + if normalized.Name == "" && normalized.Function != nil { + normalized.Name = normalized.Function.Name + } + + if normalized.Arguments == nil { + normalized.Arguments = map[string]interface{}{} + } + + if len(normalized.Arguments) == 0 && normalized.Function != nil && normalized.Function.Arguments != "" { + var parsed map[string]interface{} + if err := json.Unmarshal([]byte(normalized.Function.Arguments), &parsed); err == nil && parsed != nil { + normalized.Arguments = parsed + } + } + + argsJSON, _ := json.Marshal(normalized.Arguments) + if normalized.Function == nil { + normalized.Function = &providers.FunctionCall{ + Name: normalized.Name, + Arguments: string(argsJSON), + } + } else { + if normalized.Function.Name == "" { + normalized.Function.Name = normalized.Name + } + if normalized.Name == "" { + normalized.Name = normalized.Function.Name + } + if normalized.Function.Arguments == "" { + normalized.Function.Arguments = string(argsJSON) + } + } + + return normalized +} + // updateToolContexts updates the context for tools that need channel/chatID info. func (al *AgentLoop) updateToolContexts(channel, chatID string) { // Use ContextualTool interface instead of type assertions diff --git a/pkg/auth/oauth.go b/pkg/auth/oauth.go index dcd91bebd7..4376f24d4c 100644 --- a/pkg/auth/oauth.go +++ b/pkg/auth/oauth.go @@ -1,6 +1,7 @@ package auth import ( + "bufio" "context" "crypto/rand" "encoding/base64" @@ -11,6 +12,7 @@ import ( "net" "net/http" "net/url" + "os" "os/exec" "runtime" "strconv" @@ -19,11 +21,13 @@ import ( ) type OAuthProviderConfig struct { - Issuer string - ClientID string - Scopes string - Originator string - Port int + Issuer string + ClientID string + ClientSecret string // Required for Google OAuth (confidential client) + TokenURL string // Override token endpoint (Google uses a different URL than issuer) + Scopes string + Originator string + Port int } func OpenAIOAuthConfig() OAuthProviderConfig { @@ -36,6 +40,30 @@ func OpenAIOAuthConfig() OAuthProviderConfig { } } +// GoogleAntigravityOAuthConfig returns the OAuth configuration for Google Cloud Code Assist (Antigravity). +// Client credentials are the same ones used by OpenCode/pi-ai for Cloud Code Assist access. +func GoogleAntigravityOAuthConfig() OAuthProviderConfig { + // These are the same client credentials used by the OpenCode antigravity plugin. + clientID := decodeBase64("MTA3MTAwNjA2MDU5MS10bWhzc2luMmgyMWxjcmUyMzV2dG9sb2poNGc0MDNlcC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbQ==") + clientSecret := decodeBase64("R09DU1BYLUs1OEZXUjQ4NkxkTEoxbUxCOHNYQzR6NnFEQWY=") + return OAuthProviderConfig{ + Issuer: "https://accounts.google.com/o/oauth2/v2", + TokenURL: "https://oauth2.googleapis.com/token", + ClientID: clientID, + ClientSecret: clientSecret, + Scopes: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/cclog https://www.googleapis.com/auth/experimentsandconfigs", + Port: 51121, + } +} + +func decodeBase64(s string) string { + data, err := base64.StdEncoding.DecodeString(s) + if err != nil { + return s + } + return string(data) +} + func generateState() (string, error) { buf := make([]byte, 32) if _, err := rand.Read(buf); err != nil { @@ -101,8 +129,17 @@ func LoginBrowser(cfg OAuthProviderConfig) (*AuthCredential, error) { fmt.Printf("Could not open browser automatically.\nPlease open this URL manually:\n\n%s\n\n", authURL) } - fmt.Println("If you're running in a headless environment, use: picoclaw auth login --provider openai --device-code") - fmt.Println("Waiting for authentication in browser...") + fmt.Printf("Wait! If you are in a headless environment (like Coolify/VPS) and cannot reach localhost:%d,\n", cfg.Port) + fmt.Println("please complete the login in your local browser and then PASTE the final redirect URL (or just the code) here.") + fmt.Println("Waiting for authentication (browser or manual paste)...") + + // Start manual input in a goroutine + manualCh := make(chan string) + go func() { + reader := bufio.NewReader(os.Stdin) + input, _ := reader.ReadString('\n') + manualCh <- strings.TrimSpace(input) + }() select { case result := <-resultCh: @@ -110,6 +147,22 @@ func LoginBrowser(cfg OAuthProviderConfig) (*AuthCredential, error) { return nil, result.err } return exchangeCodeForTokens(cfg, result.code, pkce.CodeVerifier, redirectURI) + case manualInput := <-manualCh: + if manualInput == "" { + return nil, fmt.Errorf("manual input cancelled") + } + // Extract code from URL if it's a full URL + code := manualInput + if strings.Contains(manualInput, "?") { + u, err := url.Parse(manualInput) + if err == nil { + code = u.Query().Get("code") + } + } + if code == "" { + return nil, fmt.Errorf("could not find authorization code in input") + } + return exchangeCodeForTokens(cfg, code, pkce.CodeVerifier, redirectURI) case <-time.After(5 * time.Minute): return nil, fmt.Errorf("authentication timed out after 5 minutes") } @@ -269,8 +322,16 @@ func RefreshAccessToken(cred *AuthCredential, cfg OAuthProviderConfig) (*AuthCre "refresh_token": {cred.RefreshToken}, "scope": {"openid profile email"}, } + if cfg.ClientSecret != "" { + data.Set("client_secret", cfg.ClientSecret) + } + + tokenURL := cfg.Issuer + "/oauth/token" + if cfg.TokenURL != "" { + tokenURL = cfg.TokenURL + } - resp, err := http.PostForm(cfg.Issuer+"/oauth/token", data) + resp, err := http.PostForm(tokenURL, data) if err != nil { return nil, fmt.Errorf("refreshing token: %w", err) } @@ -291,6 +352,12 @@ func RefreshAccessToken(cred *AuthCredential, cfg OAuthProviderConfig) (*AuthCre if refreshed.AccountID == "" { refreshed.AccountID = cred.AccountID } + if cred.Email != "" && refreshed.Email == "" { + refreshed.Email = cred.Email + } + if cred.ProjectID != "" && refreshed.ProjectID == "" { + refreshed.ProjectID = cred.ProjectID + } return refreshed, nil } @@ -300,21 +367,35 @@ func BuildAuthorizeURL(cfg OAuthProviderConfig, pkce PKCECodes, state, redirectU func buildAuthorizeURL(cfg OAuthProviderConfig, pkce PKCECodes, state, redirectURI string) string { params := url.Values{ - "response_type": {"code"}, - "client_id": {cfg.ClientID}, - "redirect_uri": {redirectURI}, - "scope": {cfg.Scopes}, - "code_challenge": {pkce.CodeChallenge}, - "code_challenge_method": {"S256"}, - "id_token_add_organizations": {"true"}, - "codex_cli_simplified_flow": {"true"}, - "state": {state}, - } - if strings.Contains(strings.ToLower(cfg.Issuer), "auth.openai.com") { - params.Set("originator", "picoclaw") - } - if cfg.Originator != "" { - params.Set("originator", cfg.Originator) + "response_type": {"code"}, + "client_id": {cfg.ClientID}, + "redirect_uri": {redirectURI}, + "scope": {cfg.Scopes}, + "code_challenge": {pkce.CodeChallenge}, + "code_challenge_method": {"S256"}, + "state": {state}, + } + + isGoogle := strings.Contains(strings.ToLower(cfg.Issuer), "accounts.google.com") + if isGoogle { + // Google OAuth requires these for refresh token support + params.Set("access_type", "offline") + params.Set("prompt", "consent") + } else { + // OpenAI-specific parameters + params.Set("id_token_add_organizations", "true") + params.Set("codex_cli_simplified_flow", "true") + if strings.Contains(strings.ToLower(cfg.Issuer), "auth.openai.com") { + params.Set("originator", "picoclaw") + } + if cfg.Originator != "" { + params.Set("originator", cfg.Originator) + } + } + + // Google uses /auth path, OpenAI uses /oauth/authorize + if isGoogle { + return cfg.Issuer + "/auth?" + params.Encode() } return cfg.Issuer + "/oauth/authorize?" + params.Encode() } @@ -327,8 +408,22 @@ func exchangeCodeForTokens(cfg OAuthProviderConfig, code, codeVerifier, redirect "client_id": {cfg.ClientID}, "code_verifier": {codeVerifier}, } + if cfg.ClientSecret != "" { + data.Set("client_secret", cfg.ClientSecret) + } + + tokenURL := cfg.Issuer + "/oauth/token" + if cfg.TokenURL != "" { + tokenURL = cfg.TokenURL + } + + // Determine provider name from config + provider := "openai" + if cfg.TokenURL != "" && strings.Contains(cfg.TokenURL, "googleapis.com") { + provider = "google-antigravity" + } - resp, err := http.PostForm(cfg.Issuer+"/oauth/token", data) + resp, err := http.PostForm(tokenURL, data) if err != nil { return nil, fmt.Errorf("exchanging code for tokens: %w", err) } @@ -339,7 +434,7 @@ func exchangeCodeForTokens(cfg OAuthProviderConfig, code, codeVerifier, redirect return nil, fmt.Errorf("token exchange failed: %s", string(body)) } - return parseTokenResponse(body, "openai") + return parseTokenResponse(body, provider) } func parseTokenResponse(body []byte, provider string) (*AuthCredential, error) { diff --git a/pkg/auth/store.go b/pkg/auth/store.go index 20724929a7..785d5858e7 100644 --- a/pkg/auth/store.go +++ b/pkg/auth/store.go @@ -14,6 +14,8 @@ type AuthCredential struct { ExpiresAt time.Time `json:"expires_at,omitempty"` Provider string `json:"provider"` AuthMethod string `json:"auth_method"` + Email string `json:"email,omitempty"` + ProjectID string `json:"project_id,omitempty"` } type AuthStore struct { diff --git a/pkg/config/config.go b/pkg/config/config.go index 1d34f56f30..d8b3f4a138 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -180,6 +180,7 @@ type ProvidersConfig struct { ShengSuanYun ProviderConfig `json:"shengsuanyun"` DeepSeek ProviderConfig `json:"deepseek"` GitHubCopilot ProviderConfig `json:"github_copilot"` + Antigravity ProviderConfig `json:"antigravity"` } type ProviderConfig struct { diff --git a/pkg/providers/antigravity_provider.go b/pkg/providers/antigravity_provider.go new file mode 100644 index 0000000000..6c6bf78306 --- /dev/null +++ b/pkg/providers/antigravity_provider.go @@ -0,0 +1,827 @@ +package providers + +import ( + "bufio" + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "math/rand" + "net/http" + "strings" + "time" + + "github.com/sipeed/picoclaw/pkg/auth" + "github.com/sipeed/picoclaw/pkg/logger" +) + +const ( + antigravityBaseURL = "https://cloudcode-pa.googleapis.com" + antigravityDefaultModel = "gemini-3-flash" + antigravityUserAgent = "antigravity" + antigravityXGoogClient = "google-cloud-sdk vscode_cloudshelleditor/0.1" + antigravityVersion = "1.15.8" +) + +// AntigravityProvider implements LLMProvider using Google's Cloud Code Assist (Antigravity) API. +// This provider authenticates via Google OAuth and provides access to models like Claude and Gemini +// through Google's infrastructure. +type AntigravityProvider struct { + tokenSource func() (string, string, error) // Returns (accessToken, projectID, error) + httpClient *http.Client +} + +// NewAntigravityProvider creates a new Antigravity provider using stored auth credentials. +func NewAntigravityProvider() *AntigravityProvider { + return &AntigravityProvider{ + tokenSource: createAntigravityTokenSource(), + httpClient: &http.Client{ + Timeout: 120 * time.Second, + }, + } +} + +// Chat implements LLMProvider.Chat using the Cloud Code Assist v1internal API. +// The v1internal endpoint wraps the standard Gemini request in an envelope with +// project, model, request, requestType, userAgent, and requestId fields. +func (p *AntigravityProvider) Chat(ctx context.Context, messages []Message, tools []ToolDefinition, model string, options map[string]interface{}) (*LLMResponse, error) { + accessToken, projectID, err := p.tokenSource() + if err != nil { + return nil, fmt.Errorf("antigravity auth: %w", err) + } + + if model == "" || model == "antigravity" || model == "google-antigravity" { + model = antigravityDefaultModel + } + // Strip provider prefixes if present + model = strings.TrimPrefix(model, "google-antigravity/") + model = strings.TrimPrefix(model, "antigravity/") + + logger.DebugCF("provider.antigravity", "Starting chat", map[string]interface{}{ + "model": model, + "project": projectID, + "requestId": fmt.Sprintf("agent-%d-%s", time.Now().UnixMilli(), randomString(9)), + }) + + // Build the inner Gemini-format request + innerRequest := p.buildRequest(messages, tools, model, options) + + // Wrap in v1internal envelope (matches pi-ai SDK format) + envelope := map[string]interface{}{ + "project": projectID, + "model": model, + "request": innerRequest, + "requestType": "agent", + "userAgent": antigravityUserAgent, + "requestId": fmt.Sprintf("agent-%d-%s", time.Now().UnixMilli(), randomString(9)), + } + + bodyBytes, err := json.Marshal(envelope) + if err != nil { + return nil, fmt.Errorf("marshaling request: %w", err) + } + + // Build API URL — uses Cloud Code Assist v1internal streaming endpoint + apiURL := fmt.Sprintf("%s/v1internal:streamGenerateContent?alt=sse", antigravityBaseURL) + + req, err := http.NewRequestWithContext(ctx, "POST", apiURL, bytes.NewReader(bodyBytes)) + if err != nil { + return nil, fmt.Errorf("creating request: %w", err) + } + + // Headers matching the pi-ai SDK antigravity format + clientMetadata, _ := json.Marshal(map[string]string{ + "ideType": "IDE_UNSPECIFIED", + "platform": "PLATFORM_UNSPECIFIED", + "pluginType": "GEMINI", + }) + req.Header.Set("Authorization", "Bearer "+accessToken) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Accept", "text/event-stream") + req.Header.Set("User-Agent", fmt.Sprintf("antigravity/%s linux/amd64", antigravityVersion)) + req.Header.Set("X-Goog-Api-Client", antigravityXGoogClient) + req.Header.Set("Client-Metadata", string(clientMetadata)) + + resp, err := p.httpClient.Do(req) + if err != nil { + return nil, fmt.Errorf("antigravity API call: %w", err) + } + defer resp.Body.Close() + + respBody, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("reading response: %w", err) + } + + if resp.StatusCode != http.StatusOK { + logger.ErrorCF("provider.antigravity", "API call failed", map[string]interface{}{ + "status_code": resp.StatusCode, + "response": string(respBody), + "model": model, + }) + + return nil, p.parseAntigravityError(resp.StatusCode, respBody) + } + + // Response is always SSE from streamGenerateContent — each line is "data: {...}" + // with a "response" wrapper containing the standard Gemini response + llmResp, err := p.parseSSEResponse(string(respBody)) + if err != nil { + return nil, err + } + + // Check for empty response (some models might return valid success but empty text) + if llmResp.Content == "" && len(llmResp.ToolCalls) == 0 { + return nil, fmt.Errorf("antigravity: model returned an empty response (this model might be invalid or restricted)") + } + + return llmResp, nil +} + +// GetDefaultModel returns the default model identifier. +func (p *AntigravityProvider) GetDefaultModel() string { + return antigravityDefaultModel +} + +// --- Request building --- + +type antigravityRequest struct { + Contents []antigravityContent `json:"contents"` + Tools []antigravityTool `json:"tools,omitempty"` + SystemPrompt *antigravitySystemPrompt `json:"systemInstruction,omitempty"` + Config *antigravityGenConfig `json:"generationConfig,omitempty"` +} + +type antigravityContent struct { + Role string `json:"role"` + Parts []antigravityPart `json:"parts"` +} + +type antigravityPart struct { + Text string `json:"text,omitempty"` + ThoughtSignature string `json:"thoughtSignature,omitempty"` + ThoughtSignatureSnake string `json:"thought_signature,omitempty"` + FunctionCall *antigravityFunctionCall `json:"functionCall,omitempty"` + FunctionResponse *antigravityFunctionResponse `json:"functionResponse,omitempty"` +} + +type antigravityFunctionCall struct { + Name string `json:"name"` + Args map[string]interface{} `json:"args"` +} + +type antigravityFunctionResponse struct { + Name string `json:"name"` + Response map[string]interface{} `json:"response"` +} + +type antigravityTool struct { + FunctionDeclarations []antigravityFuncDecl `json:"functionDeclarations"` +} + +type antigravityFuncDecl struct { + Name string `json:"name"` + Description string `json:"description,omitempty"` + Parameters interface{} `json:"parameters,omitempty"` +} + +type antigravitySystemPrompt struct { + Parts []antigravityPart `json:"parts"` +} + +type antigravityGenConfig struct { + MaxOutputTokens int `json:"maxOutputTokens,omitempty"` + Temperature float64 `json:"temperature,omitempty"` +} + +func (p *AntigravityProvider) buildRequest(messages []Message, tools []ToolDefinition, model string, options map[string]interface{}) antigravityRequest { + req := antigravityRequest{} + toolCallNames := make(map[string]string) + + // Build contents from messages + for _, msg := range messages { + switch msg.Role { + case "system": + req.SystemPrompt = &antigravitySystemPrompt{ + Parts: []antigravityPart{{Text: msg.Content}}, + } + case "user": + if msg.ToolCallID != "" { + toolName := resolveToolResponseName(msg.ToolCallID, toolCallNames) + // Tool result + req.Contents = append(req.Contents, antigravityContent{ + Role: "user", + Parts: []antigravityPart{{ + FunctionResponse: &antigravityFunctionResponse{ + Name: toolName, + Response: map[string]interface{}{ + "result": msg.Content, + }, + }, + }}, + }) + } else { + req.Contents = append(req.Contents, antigravityContent{ + Role: "user", + Parts: []antigravityPart{{Text: msg.Content}}, + }) + } + case "assistant": + content := antigravityContent{ + Role: "model", + } + if msg.Content != "" { + content.Parts = append(content.Parts, antigravityPart{Text: msg.Content}) + } + for _, tc := range msg.ToolCalls { + toolName, toolArgs, thoughtSignature := normalizeStoredToolCall(tc) + if toolName == "" { + logger.WarnCF("provider.antigravity", "Skipping tool call with empty name in history", map[string]interface{}{ + "tool_call_id": tc.ID, + }) + continue + } + if tc.ID != "" { + toolCallNames[tc.ID] = toolName + } + content.Parts = append(content.Parts, antigravityPart{ + ThoughtSignature: thoughtSignature, + ThoughtSignatureSnake: thoughtSignature, + FunctionCall: &antigravityFunctionCall{ + Name: toolName, + Args: toolArgs, + }, + }) + } + if len(content.Parts) > 0 { + req.Contents = append(req.Contents, content) + } + case "tool": + toolName := resolveToolResponseName(msg.ToolCallID, toolCallNames) + req.Contents = append(req.Contents, antigravityContent{ + Role: "user", + Parts: []antigravityPart{{ + FunctionResponse: &antigravityFunctionResponse{ + Name: toolName, + Response: map[string]interface{}{ + "result": msg.Content, + }, + }, + }}, + }) + } + } + + // Build tools (sanitize schemas for Gemini compatibility) + if len(tools) > 0 { + var funcDecls []antigravityFuncDecl + for _, t := range tools { + if t.Type != "function" { + continue + } + params := sanitizeSchemaForGemini(t.Function.Parameters) + funcDecls = append(funcDecls, antigravityFuncDecl{ + Name: t.Function.Name, + Description: t.Function.Description, + Parameters: params, + }) + } + if len(funcDecls) > 0 { + req.Tools = []antigravityTool{{FunctionDeclarations: funcDecls}} + } + } + + // Generation config + config := &antigravityGenConfig{} + if val, ok := options["max_tokens"]; ok { + if maxTokens, ok := val.(int); ok && maxTokens > 0 { + config.MaxOutputTokens = maxTokens + } else if maxTokens, ok := val.(float64); ok && maxTokens > 0 { + config.MaxOutputTokens = int(maxTokens) + } + } + if temp, ok := options["temperature"].(float64); ok { + config.Temperature = temp + } + if config.MaxOutputTokens > 0 || config.Temperature > 0 { + req.Config = config + } + + return req +} + +func normalizeStoredToolCall(tc ToolCall) (string, map[string]interface{}, string) { + name := tc.Name + args := tc.Arguments + thoughtSignature := "" + + if name == "" && tc.Function != nil { + name = tc.Function.Name + thoughtSignature = tc.Function.ThoughtSignature + } else if tc.Function != nil { + thoughtSignature = tc.Function.ThoughtSignature + } + + if args == nil { + args = map[string]interface{}{} + } + + if len(args) == 0 && tc.Function != nil && tc.Function.Arguments != "" { + var parsed map[string]interface{} + if err := json.Unmarshal([]byte(tc.Function.Arguments), &parsed); err == nil && parsed != nil { + args = parsed + } + } + + return name, args, thoughtSignature +} + +func resolveToolResponseName(toolCallID string, toolCallNames map[string]string) string { + if toolCallID == "" { + return "" + } + + if name, ok := toolCallNames[toolCallID]; ok && name != "" { + return name + } + + return inferToolNameFromCallID(toolCallID) +} + +func inferToolNameFromCallID(toolCallID string) string { + if !strings.HasPrefix(toolCallID, "call_") { + return toolCallID + } + + rest := strings.TrimPrefix(toolCallID, "call_") + if idx := strings.LastIndex(rest, "_"); idx > 0 { + candidate := rest[:idx] + if candidate != "" { + return candidate + } + } + + return toolCallID +} + +// --- Response parsing --- + +type antigravityJSONResponse struct { + Candidates []struct { + Content struct { + Parts []struct { + Text string `json:"text,omitempty"` + ThoughtSignature string `json:"thoughtSignature,omitempty"` + ThoughtSignatureSnake string `json:"thought_signature,omitempty"` + FunctionCall *antigravityFunctionCall `json:"functionCall,omitempty"` + } `json:"parts"` + Role string `json:"role"` + } `json:"content"` + FinishReason string `json:"finishReason"` + } `json:"candidates"` + UsageMetadata struct { + PromptTokenCount int `json:"promptTokenCount"` + CandidatesTokenCount int `json:"candidatesTokenCount"` + TotalTokenCount int `json:"totalTokenCount"` + } `json:"usageMetadata"` +} + +func (p *AntigravityProvider) parseJSONResponse(body []byte) (*LLMResponse, error) { + var resp antigravityJSONResponse + if err := json.Unmarshal(body, &resp); err != nil { + return nil, fmt.Errorf("parsing antigravity response: %w", err) + } + + if len(resp.Candidates) == 0 { + return nil, fmt.Errorf("antigravity: no candidates in response") + } + + candidate := resp.Candidates[0] + var contentParts []string + var toolCalls []ToolCall + + for _, part := range candidate.Content.Parts { + if part.Text != "" { + contentParts = append(contentParts, part.Text) + } + if part.FunctionCall != nil { + argumentsJSON, _ := json.Marshal(part.FunctionCall.Args) + toolCalls = append(toolCalls, ToolCall{ + ID: fmt.Sprintf("call_%s_%d", part.FunctionCall.Name, time.Now().UnixNano()), + Name: part.FunctionCall.Name, + Arguments: part.FunctionCall.Args, + Function: &FunctionCall{ + Name: part.FunctionCall.Name, + Arguments: string(argumentsJSON), + ThoughtSignature: extractPartThoughtSignature(part.ThoughtSignature, part.ThoughtSignatureSnake), + }, + }) + } + } + + finishReason := "stop" + if len(toolCalls) > 0 { + finishReason = "tool_calls" + } + if candidate.FinishReason == "MAX_TOKENS" { + finishReason = "length" + } + + var usage *UsageInfo + if resp.UsageMetadata.TotalTokenCount > 0 { + usage = &UsageInfo{ + PromptTokens: resp.UsageMetadata.PromptTokenCount, + CompletionTokens: resp.UsageMetadata.CandidatesTokenCount, + TotalTokens: resp.UsageMetadata.TotalTokenCount, + } + } + + return &LLMResponse{ + Content: strings.Join(contentParts, ""), + ToolCalls: toolCalls, + FinishReason: finishReason, + Usage: usage, + }, nil +} + +func (p *AntigravityProvider) parseSSEResponse(body string) (*LLMResponse, error) { + var contentParts []string + var toolCalls []ToolCall + var usage *UsageInfo + var finishReason string + + scanner := bufio.NewScanner(strings.NewReader(body)) + for scanner.Scan() { + line := scanner.Text() + if !strings.HasPrefix(line, "data: ") { + continue + } + data := strings.TrimPrefix(line, "data: ") + if data == "[DONE]" { + break + } + + // v1internal SSE wraps the Gemini response in a "response" field + var sseChunk struct { + Response antigravityJSONResponse `json:"response"` + } + if err := json.Unmarshal([]byte(data), &sseChunk); err != nil { + continue + } + resp := sseChunk.Response + + for _, candidate := range resp.Candidates { + for _, part := range candidate.Content.Parts { + if part.Text != "" { + contentParts = append(contentParts, part.Text) + } + if part.FunctionCall != nil { + argumentsJSON, _ := json.Marshal(part.FunctionCall.Args) + toolCalls = append(toolCalls, ToolCall{ + ID: fmt.Sprintf("call_%s_%d", part.FunctionCall.Name, time.Now().UnixNano()), + Name: part.FunctionCall.Name, + Arguments: part.FunctionCall.Args, + Function: &FunctionCall{ + Name: part.FunctionCall.Name, + Arguments: string(argumentsJSON), + ThoughtSignature: extractPartThoughtSignature(part.ThoughtSignature, part.ThoughtSignatureSnake), + }, + }) + } + } + if candidate.FinishReason != "" { + finishReason = candidate.FinishReason + } + } + + if resp.UsageMetadata.TotalTokenCount > 0 { + usage = &UsageInfo{ + PromptTokens: resp.UsageMetadata.PromptTokenCount, + CompletionTokens: resp.UsageMetadata.CandidatesTokenCount, + TotalTokens: resp.UsageMetadata.TotalTokenCount, + } + } + } + + mappedFinish := "stop" + if len(toolCalls) > 0 { + mappedFinish = "tool_calls" + } + if finishReason == "MAX_TOKENS" { + mappedFinish = "length" + } + + return &LLMResponse{ + Content: strings.Join(contentParts, ""), + ToolCalls: toolCalls, + FinishReason: mappedFinish, + Usage: usage, + }, nil +} + +func extractPartThoughtSignature(thoughtSignature string, thoughtSignatureSnake string) string { + if thoughtSignature != "" { + return thoughtSignature + } + if thoughtSignatureSnake != "" { + return thoughtSignatureSnake + } + return "" +} + +// --- Schema sanitization --- + +// Google/Gemini doesn't support many JSON Schema keywords that other providers accept. +var geminiUnsupportedKeywords = map[string]bool{ + "patternProperties": true, + "additionalProperties": true, + "$schema": true, + "$id": true, + "$ref": true, + "$defs": true, + "definitions": true, + "examples": true, + "minLength": true, + "maxLength": true, + "minimum": true, + "maximum": true, + "multipleOf": true, + "pattern": true, + "format": true, + "minItems": true, + "maxItems": true, + "uniqueItems": true, + "minProperties": true, + "maxProperties": true, +} + +func sanitizeSchemaForGemini(schema map[string]interface{}) map[string]interface{} { + if schema == nil { + return nil + } + + result := make(map[string]interface{}) + for k, v := range schema { + if geminiUnsupportedKeywords[k] { + continue + } + // Recursively sanitize nested objects + switch val := v.(type) { + case map[string]interface{}: + result[k] = sanitizeSchemaForGemini(val) + case []interface{}: + sanitized := make([]interface{}, len(val)) + for i, item := range val { + if m, ok := item.(map[string]interface{}); ok { + sanitized[i] = sanitizeSchemaForGemini(m) + } else { + sanitized[i] = item + } + } + result[k] = sanitized + default: + result[k] = v + } + } + + // Ensure top-level has type: "object" if properties are present + if _, hasProps := result["properties"]; hasProps { + if _, hasType := result["type"]; !hasType { + result["type"] = "object" + } + } + + return result +} + +// --- Token source --- + +func createAntigravityTokenSource() func() (string, string, error) { + return func() (string, string, error) { + cred, err := auth.GetCredential("google-antigravity") + if err != nil { + return "", "", fmt.Errorf("loading auth credentials: %w", err) + } + if cred == nil { + return "", "", fmt.Errorf("no credentials for google-antigravity. Run: picoclaw auth login --provider google-antigravity") + } + + // Refresh if needed + if cred.NeedsRefresh() && cred.RefreshToken != "" { + oauthCfg := auth.GoogleAntigravityOAuthConfig() + refreshed, err := auth.RefreshAccessToken(cred, oauthCfg) + if err != nil { + return "", "", fmt.Errorf("refreshing token: %w", err) + } + refreshed.Email = cred.Email + if refreshed.ProjectID == "" { + refreshed.ProjectID = cred.ProjectID + } + if err := auth.SetCredential("google-antigravity", refreshed); err != nil { + return "", "", fmt.Errorf("saving refreshed token: %w", err) + } + cred = refreshed + } + + if cred.IsExpired() { + return "", "", fmt.Errorf("antigravity credentials expired. Run: picoclaw auth login --provider google-antigravity") + } + + projectID := cred.ProjectID + if projectID == "" { + // Try to fetch project ID from API + fetchedID, err := FetchAntigravityProjectID(cred.AccessToken) + if err != nil { + logger.WarnCF("provider.antigravity", "Could not fetch project ID, using fallback", map[string]interface{}{ + "error": err.Error(), + }) + projectID = "rising-fact-p41fc" // Default fallback (same as OpenCode) + } else { + projectID = fetchedID + cred.ProjectID = projectID + _ = auth.SetCredential("google-antigravity", cred) + } + } + + return cred.AccessToken, projectID, nil + } +} + +// FetchAntigravityProjectID retrieves the Google Cloud project ID from the loadCodeAssist endpoint. +func FetchAntigravityProjectID(accessToken string) (string, error) { + reqBody, _ := json.Marshal(map[string]interface{}{ + "metadata": map[string]interface{}{ + "ideType": "IDE_UNSPECIFIED", + "platform": "PLATFORM_UNSPECIFIED", + "pluginType": "GEMINI", + }, + }) + + req, err := http.NewRequest("POST", antigravityBaseURL+"/v1internal:loadCodeAssist", bytes.NewReader(reqBody)) + if err != nil { + return "", err + } + req.Header.Set("Authorization", "Bearer "+accessToken) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("User-Agent", antigravityUserAgent) + req.Header.Set("X-Goog-Api-Client", antigravityXGoogClient) + + client := &http.Client{Timeout: 15 * time.Second} + resp, err := client.Do(req) + if err != nil { + return "", err + } + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + if resp.StatusCode != http.StatusOK { + return "", fmt.Errorf("loadCodeAssist failed: %s", string(body)) + } + + var result struct { + CloudAICompanionProject string `json:"cloudaicompanionProject"` + } + if err := json.Unmarshal(body, &result); err != nil { + return "", err + } + + if result.CloudAICompanionProject == "" { + return "", fmt.Errorf("no project ID in loadCodeAssist response") + } + + return result.CloudAICompanionProject, nil +} + +// FetchAntigravityModels fetches available models from the Cloud Code Assist API. +func FetchAntigravityModels(accessToken, projectID string) ([]AntigravityModelInfo, error) { + reqBody, _ := json.Marshal(map[string]interface{}{ + "project": projectID, + }) + + req, err := http.NewRequest("POST", antigravityBaseURL+"/v1internal:fetchAvailableModels", bytes.NewReader(reqBody)) + if err != nil { + return nil, err + } + req.Header.Set("Authorization", "Bearer "+accessToken) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("User-Agent", antigravityUserAgent) + req.Header.Set("X-Goog-Api-Client", antigravityXGoogClient) + + client := &http.Client{Timeout: 15 * time.Second} + resp, err := client.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + body, _ := io.ReadAll(resp.Body) + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("fetchAvailableModels failed (HTTP %d): %s", resp.StatusCode, truncateString(string(body), 200)) + } + + var result struct { + Models map[string]struct { + DisplayName string `json:"displayName"` + QuotaInfo struct { + RemainingFraction interface{} `json:"remainingFraction"` + ResetTime string `json:"resetTime"` + IsExhausted bool `json:"isExhausted"` + } `json:"quotaInfo"` + } `json:"models"` + } + if err := json.Unmarshal(body, &result); err != nil { + return nil, fmt.Errorf("parsing models response: %w", err) + } + + var models []AntigravityModelInfo + for id, info := range result.Models { + models = append(models, AntigravityModelInfo{ + ID: id, + DisplayName: info.DisplayName, + IsExhausted: info.QuotaInfo.IsExhausted, + }) + } + + // Ensure gemini-3-flash-preview and gemini-3-flash are in the list if they aren't already + hasFlashPreview := false + hasFlash := false + for _, m := range models { + if m.ID == "gemini-3-flash-preview" { + hasFlashPreview = true + } + if m.ID == "gemini-3-flash" { + hasFlash = true + } + } + if !hasFlashPreview { + models = append(models, AntigravityModelInfo{ + ID: "gemini-3-flash-preview", + DisplayName: "Gemini 3 Flash (Preview)", + }) + } + if !hasFlash { + models = append(models, AntigravityModelInfo{ + ID: "gemini-3-flash", + DisplayName: "Gemini 3 Flash", + }) + } + + return models, nil +} + +type AntigravityModelInfo struct { + ID string `json:"id"` + DisplayName string `json:"display_name"` + IsExhausted bool `json:"is_exhausted"` +} + +// --- Helpers --- + +func truncateString(s string, maxLen int) string { + if len(s) <= maxLen { + return s + } + return s[:maxLen] + "..." +} + +func randomString(n int) string { + const letters = "abcdefghijklmnopqrstuvwxyz0123456789" + b := make([]byte, n) + for i := range b { + b[i] = letters[rand.Intn(len(letters))] + } + return string(b) +} + +func (p *AntigravityProvider) parseAntigravityError(statusCode int, body []byte) error { + var errResp struct { + Error struct { + Code int `json:"code"` + Message string `json:"message"` + Status string `json:"status"` + Details []map[string]interface{} `json:"details"` + } `json:"error"` + } + + if err := json.Unmarshal(body, &errResp); err != nil { + return fmt.Errorf("antigravity API error (HTTP %d): %s", statusCode, truncateString(string(body), 500)) + } + + msg := errResp.Error.Message + if statusCode == 429 { + // Try to extract quota reset info + for _, detail := range errResp.Error.Details { + if typeVal, ok := detail["@type"].(string); ok && strings.HasSuffix(typeVal, "ErrorInfo") { + if metadata, ok := detail["metadata"].(map[string]interface{}); ok { + if delay, ok := metadata["quotaResetDelay"].(string); ok { + return fmt.Errorf("antigravity rate limit exceeded: %s (reset in %s)", msg, delay) + } + } + } + } + return fmt.Errorf("antigravity rate limit exceeded: %s", msg) + } + + return fmt.Errorf("antigravity API error (%s): %s", errResp.Error.Status, msg) +} diff --git a/pkg/providers/antigravity_provider_test.go b/pkg/providers/antigravity_provider_test.go new file mode 100644 index 0000000000..2387653219 --- /dev/null +++ b/pkg/providers/antigravity_provider_test.go @@ -0,0 +1,56 @@ +package providers + +import "testing" + +func TestBuildRequestUsesFunctionFieldsWhenToolCallNameMissing(t *testing.T) { + p := &AntigravityProvider{} + + messages := []Message{ + { + Role: "assistant", + ToolCalls: []ToolCall{{ + ID: "call_read_file_123", + Function: &FunctionCall{ + Name: "read_file", + Arguments: `{"path":"README.md"}`, + }, + }}, + }, + { + Role: "tool", + ToolCallID: "call_read_file_123", + Content: "ok", + }, + } + + req := p.buildRequest(messages, nil, "", nil) + if len(req.Contents) != 2 { + t.Fatalf("expected 2 contents, got %d", len(req.Contents)) + } + + modelPart := req.Contents[0].Parts[0] + if modelPart.FunctionCall == nil { + t.Fatal("expected functionCall in assistant message") + } + if modelPart.FunctionCall.Name != "read_file" { + t.Fatalf("expected functionCall name read_file, got %q", modelPart.FunctionCall.Name) + } + if got := modelPart.FunctionCall.Args["path"]; got != "README.md" { + t.Fatalf("expected functionCall args[path] to be README.md, got %v", got) + } + + toolPart := req.Contents[1].Parts[0] + if toolPart.FunctionResponse == nil { + t.Fatal("expected functionResponse in tool message") + } + if toolPart.FunctionResponse.Name != "read_file" { + t.Fatalf("expected functionResponse name read_file, got %q", toolPart.FunctionResponse.Name) + } +} + +func TestResolveToolResponseNameInfersNameFromGeneratedCallID(t *testing.T) { + got := resolveToolResponseName("call_search_docs_999", map[string]string{}) + if got != "search_docs" { + t.Fatalf("expected inferred tool name search_docs, got %q", got) + } +} diff --git a/pkg/providers/http_provider.go b/pkg/providers/http_provider.go index 4cf2c6db25..416606a7c1 100644 --- a/pkg/providers/http_provider.go +++ b/pkg/providers/http_provider.go @@ -132,8 +132,9 @@ func (p *HTTPProvider) parseResponse(body []byte) (*LLMResponse, error) { ID string `json:"id"` Type string `json:"type"` Function *struct { - Name string `json:"name"` - Arguments string `json:"arguments"` + Name string `json:"name"` + Arguments string `json:"arguments"` + ThoughtSignature string `json:"thought_signature"` } `json:"function"` } `json:"tool_calls"` } `json:"message"` @@ -159,18 +160,11 @@ func (p *HTTPProvider) parseResponse(body []byte) (*LLMResponse, error) { for _, tc := range choice.Message.ToolCalls { arguments := make(map[string]interface{}) name := "" + thoughtSignature := "" - // Handle OpenAI format with nested function object - if tc.Type == "function" && tc.Function != nil { - name = tc.Function.Name - if tc.Function.Arguments != "" { - if err := json.Unmarshal([]byte(tc.Function.Arguments), &arguments); err != nil { - arguments["raw"] = tc.Function.Arguments - } - } - } else if tc.Function != nil { - // Legacy format without type field + if tc.Function != nil { name = tc.Function.Name + thoughtSignature = tc.Function.ThoughtSignature if tc.Function.Arguments != "" { if err := json.Unmarshal([]byte(tc.Function.Arguments), &arguments); err != nil { arguments["raw"] = tc.Function.Arguments @@ -179,7 +173,13 @@ func (p *HTTPProvider) parseResponse(body []byte) (*LLMResponse, error) { } toolCalls = append(toolCalls, ToolCall{ - ID: tc.ID, + ID: tc.ID, + Type: tc.Type, + Function: &FunctionCall{ + Name: name, + Arguments: tc.Function.Arguments, + ThoughtSignature: thoughtSignature, + }, Name: name, Arguments: arguments, }) @@ -331,6 +331,8 @@ func CreateProvider(cfg *config.Config) (LLMProvider, error) { apiBase = "localhost:4321" } return NewGitHubCopilotProvider(apiBase, cfg.Providers.GitHubCopilot.ConnectMode, model) + case "antigravity", "google-antigravity": + return NewAntigravityProvider(), nil } diff --git a/pkg/providers/types.go b/pkg/providers/types.go index 88b62e9758..107331d9e1 100644 --- a/pkg/providers/types.go +++ b/pkg/providers/types.go @@ -11,8 +11,9 @@ type ToolCall struct { } type FunctionCall struct { - Name string `json:"name"` - Arguments string `json:"arguments"` + Name string `json:"name"` + Arguments string `json:"arguments"` + ThoughtSignature string `json:"thought_signature,omitempty"` } type LLMResponse struct { diff --git a/pkg/tools/toolloop.go b/pkg/tools/toolloop.go index 1302079b4c..a957108163 100644 --- a/pkg/tools/toolloop.go +++ b/pkg/tools/toolloop.go @@ -83,15 +83,20 @@ func RunToolLoop(ctx context.Context, config ToolLoopConfig, messages []provider break } - // 5. Log tool calls - toolNames := make([]string, 0, len(response.ToolCalls)) + normalizedToolCalls := make([]providers.ToolCall, 0, len(response.ToolCalls)) for _, tc := range response.ToolCalls { + normalizedToolCalls = append(normalizedToolCalls, normalizeProviderToolCall(tc)) + } + + // 5. Log tool calls + toolNames := make([]string, 0, len(normalizedToolCalls)) + for _, tc := range normalizedToolCalls { toolNames = append(toolNames, tc.Name) } logger.InfoCF("toolloop", "LLM requested tool calls", map[string]any{ "tools": toolNames, - "count": len(response.ToolCalls), + "count": len(normalizedToolCalls), "iteration": iteration, }) @@ -100,11 +105,13 @@ func RunToolLoop(ctx context.Context, config ToolLoopConfig, messages []provider Role: "assistant", Content: response.Content, } - for _, tc := range response.ToolCalls { + for _, tc := range normalizedToolCalls { argumentsJSON, _ := json.Marshal(tc.Arguments) assistantMsg.ToolCalls = append(assistantMsg.ToolCalls, providers.ToolCall{ - ID: tc.ID, - Type: "function", + ID: tc.ID, + Type: "function", + Name: tc.Name, + Arguments: tc.Arguments, Function: &providers.FunctionCall{ Name: tc.Name, Arguments: string(argumentsJSON), @@ -114,7 +121,7 @@ func RunToolLoop(ctx context.Context, config ToolLoopConfig, messages []provider messages = append(messages, assistantMsg) // 7. Execute tool calls - for _, tc := range response.ToolCalls { + for _, tc := range normalizedToolCalls { argsJSON, _ := json.Marshal(tc.Arguments) argsPreview := utils.Truncate(string(argsJSON), 200) logger.InfoCF("toolloop", fmt.Sprintf("Tool call: %s(%s)", tc.Name, argsPreview), @@ -152,3 +159,42 @@ func RunToolLoop(ctx context.Context, config ToolLoopConfig, messages []provider Iterations: iteration, }, nil } + +func normalizeProviderToolCall(tc providers.ToolCall) providers.ToolCall { + normalized := tc + + if normalized.Name == "" && normalized.Function != nil { + normalized.Name = normalized.Function.Name + } + + if normalized.Arguments == nil { + normalized.Arguments = map[string]interface{}{} + } + + if len(normalized.Arguments) == 0 && normalized.Function != nil && normalized.Function.Arguments != "" { + var parsed map[string]interface{} + if err := json.Unmarshal([]byte(normalized.Function.Arguments), &parsed); err == nil && parsed != nil { + normalized.Arguments = parsed + } + } + + argsJSON, _ := json.Marshal(normalized.Arguments) + if normalized.Function == nil { + normalized.Function = &providers.FunctionCall{ + Name: normalized.Name, + Arguments: string(argsJSON), + } + } else { + if normalized.Function.Name == "" { + normalized.Function.Name = normalized.Name + } + if normalized.Name == "" { + normalized.Name = normalized.Function.Name + } + if normalized.Function.Arguments == "" { + normalized.Function.Arguments = string(argsJSON) + } + } + + return normalized +}