Skip to content

feat: parse decrypted Antigravity CLI trajectory sidecars#552

Open
mjacobs wants to merge 9 commits into
kenn-io:mainfrom
mjacobs:feat/antigravity-cli-trajectories
Open

feat: parse decrypted Antigravity CLI trajectory sidecars#552
mjacobs wants to merge 9 commits into
kenn-io:mainfrom
mjacobs:feat/antigravity-cli-trajectories

Conversation

@mjacobs
Copy link
Copy Markdown
Contributor

@mjacobs mjacobs commented May 27, 2026

Adds support for <uuid>.trajectory.json sidecars next to the existing AES-encrypted <uuid>.pb files under ~/.gemini/antigravity-cli/{conversations,implicit}/. The sidecars are produced out-of-process by agy-reader, which holds the decryption path and writes the resulting transcript as plain JSON; agentsview's parser now detects the sidecar and uses it as the source of truth for messages, tool calls, and tool results, falling back to the existing history.jsonl + brain artifact path when no sidecar is present. The sync engine treats the sidecar as part of the session for change detection (combined mtime/size via AntigravityCLIFileInfo) and forces message replacement on AgentAntigravityCLI sessions so trajectory updates land cleanly. Per the trust-boundary table in SECURITY.md, sidecars are treated as untrusted structured input under the "Imports and new readers" row: the parser is defensive against unknown step types, volatile fields are decoded through json.RawMessage accessors, and reads are size-capped at 64 MB. No new outbound channel is introduced; agy-reader is local-only. The legacy in-process ANTIGRAVITY_KEY decrypt path is preserved as a fallback for users without agy-reader installed; consolidating on the sidecar path is left for a follow-up.

mjacobs and others added 7 commits May 27, 2026 15:07
@mjacobs
feat: parse decrypted trajectory sidecar files for detailed session data
2f67131
@mjacobs
docs: add explanatory comments for parser design, stability, and sync…
1c9edde 
… engine contract
@mjacobs
test: modify setupTestEnv to support AgentAntigravityCLI
c6627e6
@mjacobs
test: add path classification tests for AgentAntigravityCLI
abea9c2
@mjacobs
feat: force message replacement for AgentAntigravityCLI sessions in t…
f618d49 
…he sync engine
@mjacobs
test: add engine integration tests for AgentAntigravityCLI sidecars
1ba7ec9
@mjacobs @claude
feat: cap trajectory sidecar reads and document trust boundary
8a63e5c 
Treat <uuid>.trajectory.json sidecars as untrusted structured input,
consistent with the "Imports and new readers" row of SECURITY.md's
trust-boundary table. Adds a 64 MB read cap on the sidecar (real
transcripts are well under 1 MB) so a buggy or hostile sidecar
writer cannot OOM agentsview by dropping a multi-GB file in the
session directory, and adds a parser-level comment cross-referencing
SECURITY.md so reviewers and future contributors see the posture.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 27, 2026

roborev: Combined Review (8a63e5c)

High severity issue found: incremental Antigravity CLI sync can miss sidecar-only updates.

High

  • internal/sync/engine.go:2180
    • discoveredFileMtime still uses the main .pb file mtime for parser.AgentAntigravityCLI sessions. If only the .trajectory.json sidecar changes, SyncAllSince can filter the session out before processFile uses AntigravityCLIFileInfo, so polling/incremental sync misses transcript updates until a full sync or direct file event.
    • Fix: add an AgentAntigravityCLI branch that returns parser.AntigravityCLIFileInfo(file.Path).ModTime().UnixNano(), plus a regression test for sidecar-only updates.

Medium

  • internal/parser/antigravity_cli.go
    • In flushPendingResults inside parseAntigravityCLITrajectory, pendingResultsTime is not reset after flushing. Later tool result messages can inherit the previous result timestamp, causing incorrect ordering or timestamps in the UI.
    • Fix: reset pendingResultsTime = time.Time{} after appending the flushed message and clearing pendingResults.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@mjacobs mjacobs mentioned this pull request May 27, 2026
Open
mjacobs and others added 2 commits May 27, 2026 15:32
@mjacobs @claude
docs: explain Antigravity CLI summary mode and the agy-reader path
0d9af2a 
Adds a README section that names the two ingestion modes for
Antigravity CLI sessions:

- summary mode (default, no extra setup): prompts from history.jsonl
  plus plain-text artifacts under brain/.
- high-resolution mode: run agy-reader alongside agentsview to write
  <uuid>.trajectory.json sidecars; agentsview detects them
  automatically and parses full transcripts in their place.

Replaces the cryptic "(summary mode)" annotation in the supported-
agents table with a pointer to the new section, and references
SECURITY.md for the trust model so the privacy posture of the
sidecar handoff is explicit.

Refs kenn-io#529.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@mjacobs @claude
docs: reflect agy-reader daemon URL auto-discovery
3a4fe48 
agy-reader as of d760722 auto-discovers the Antigravity daemon URL by
parsing ~/.gemini/antigravity-cli/cli.log, so the happy path no longer
requires the user to export ANTIGRAVITY_DAEMON_URL manually. Drops the
manual-export step from the example block and adds a short note about
the fallback behavior when discovery fails.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@roborev-ci
Copy link
Copy Markdown

roborev-ci Bot commented May 27, 2026

roborev: Combined Review (3a4fe48)

Medium issue found; no Critical or High findings.

Medium

  • internal/parser/antigravity_cli.go:148
    A syntactically valid but unusable sidecar, such as {} or one containing only unknown step types after schema drift, sets hasTrajectory = true and suppresses the history/decryption fallback. Because Antigravity CLI sessions are now force-replaced during sync, this can replace existing summary-mode messages with an empty session.

    Suggested fix: Treat a trajectory as present only after decoding at least one supported/displayable message, or make zero supported steps return an error so the existing fallback path runs. Add a regression test for {} or unknown-step sidecars.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

mariusvniekerk
mariusvniekerk approved these changes May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@mariusvniekerk mariusvniekerk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This helps maintain feature compatibility with the older gemini cli, thanks a lot for this one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mariusvniekerk mariusvniekerk mariusvniekerk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mjacobs @mariusvniekerk