Add Antigravity agy CLI fallback

[enieuwy]

Summary

• add an Antigravity agy CLI HTTPS fallback when the desktop app is closed
• harden warm-session ownership so live CodexBar owners keep their persisted CLI records
• add focused coverage for CLI session lifecycle, fetch strategy fallback, and menu metric selection
• make Antigravity usage source mode authoritative even when Google OAuth accounts are configured
• leave CHANGELOG.md untouched for the release flow

Rationale

Antigravity desktop exposes a local GetUserStatus API while the desktop app is running. agy exposes the same local HTTPS status API without launching the full desktop app, so CodexBar can use it as the closed-desktop local fallback.

In observed live Antigravity OAuth responses, CodexBar received Gemini-oriented account/quota data and did not receive the Claude model quota lanes returned by the local Antigravity/agy GetUserStatus endpoint. The remote OAuth parser can still parse Claude quotas if Google returns them, so this PR does not assume OAuth can never provide Claude models. The practical reason for the fallback is that the agy local path returned the full tested quota shape: Claude + Gemini per-model lanes, used percentages, and reset timestamps while the desktop app was closed.

Verification

• swift test --filter AntigravityCLISessionTests
• swift test --filter AntigravityCLIHTTPSFetchStrategyTests
• make check
• swift test
• bundled local app was updated/relaunched; bundled CodexBarCLI usage --provider antigravity --source auto now returns source: "cli" with the normal Google account config present

Runtime proof: closed-desktop agy fallback

Local bundle built and launched from this branch with ./Scripts/compile_and_run.sh.

Desktop Antigravity/language server was not running:

$ pgrep -fl "/Applications/Antigravity|Google Antigravity|language_server"
# no output

Auto mode with a normal config that includes an Antigravity Google OAuth account now still follows the source-mode pipeline and falls through to agy before OAuth:

$ ./CodexBar.app/Contents/Helpers/CodexBarCLI usage --provider antigravity --source auto --format json --pretty --log-level debug
2026-06-05T23:38:55+0800 debug ... [CodexBarCore] Antigravity CLI session started binary=agy pid=<redacted>
2026-06-05T23:38:58+0800 debug ... [CodexBarCore] Antigravity CLI session stopping pid=<redacted> reason=one-shot CLI fetch
[
  {
    "account" : "<redacted>",
    "provider" : "antigravity",
    "source" : "cli",
    "usage" : {
      "accountEmail" : "<redacted>",
      "identity" : {
        "accountEmail" : "<redacted>",
        "loginMethod" : "Google AI Pro",
        "providerID" : "antigravity"
      },
      "primary" : { "usedPercent" : 100, "resetsAt" : "<redacted>" },
      "secondary" : { "usedPercent" : 100, "resetsAt" : "<redacted>" },
      "tertiary" : { "usedPercent" : 100, "resetsAt" : "<redacted>" },
      "extraRateWindows" : [
        { "title" : "Claude Opus 4.6 (Thinking)", "window" : { "usedPercent" : 100, "resetsAt" : "<redacted>" } },
        { "title" : "Claude Sonnet 4.6 (Thinking)", "window" : { "usedPercent" : 100, "resetsAt" : "<redacted>" } },
        { "title" : "Gemini 3.1 Pro (High)", "window" : { "usedPercent" : 100, "resetsAt" : "<redacted>" } }
      ],
      "updatedAt" : "<redacted>"
    }
  }
]

This reproduces the intended user-visible fix: OAuth had reported source: "oauth", primary: null, and Gemini lanes at 100% left for the same account/config; the agy local path reports the depleted Claude and Gemini quota lanes.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 10, 2026, 8:15 AM ET / 12:15 UTC.

Summary
Review failed before ClawSweeper could summarize the requested change.

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Review metrics: none identified.

Merge readiness
Overall: 🌊 off-meta tidepool
Proof: 🌊 off-meta tidepool
Patch quality: 🌊 off-meta tidepool
Result: rating does not apply to this item.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Risk before merge

• [P1] No close action taken because the review did not complete.

Maintainer options:

1. Decide the mitigation before merge
   Retry the Codex review after fixing the execution failure.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P1] Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Codex review notes: reasoning high; reviewed against 1246ec6fc3f7.

Label changes

Label changes:

• add rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.
• remove P2: Current review triage priority is none.
• remove merge-risk: 🚨 compatibility: Current PR review selected no merge-risk labels.
• remove proof: sufficient: Current real behavior proof status is not_applicable, not sufficient.
• remove status: ⏳ waiting on author: Current PR status no longer selects a status label.
• remove merge-risk: 🚨 auth-provider: Current PR review selected no merge-risk labels.
• remove rating: 🦐 gold shrimp: Current PR rating is rating: 🌊 off-meta tidepool, so this older rating label is no longer current.
• remove merge-risk: 🚨 availability: Current PR review selected no merge-risk labels.

Label justifications:

• rating: 🌊 off-meta tidepool: Overall readiness is 🌊 off-meta tidepool; proof is 🌊 off-meta tidepool and patch quality is 🌊 off-meta tidepool.

Evidence reviewed

What I checked:

• failure reason: codex execution failed.
• codex failure detail: Codex review failed for this PR with exit 1.
• codex stdout: Per-item Codex failure; continuing with the rest of the shard.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[enieuwy]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26998517256
• Updated: 2026-06-05T06:11:30.025Z

[enieuwy]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27024564794
• Updated: 2026-06-05T15:45:38.819Z

[enieuwy]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27025543447
• Updated: 2026-06-05T16:06:40.752Z

[enieuwy]

Rebased onto latest origin/main and resolved the merge conflict in Tests/CodexBarTests/MenuBarMetricWindowResolverTests.swift by keeping both the upstream MiniMax metric test and this PR's Antigravity available-lane metric test.

Verification after rebase:

• swift test --filter AntigravityCLIHTTPSFetchStrategyTests
• swift test --filter AntigravityCLISessionTests
• make check

PR is no longer in a dirty/conflicted state (mergeStateStatus: UNSTABLE, pending checks/review).

[enieuwy]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27047473730
• Updated: 2026-06-06T00:45:23.744Z

[enieuwy]

Pushed e33706d implementing Option B for the selected-account routing concern.

In auto mode the ambient local desktop and agy CLI probes still run first, but their snapshots are now validated against the selected token account's identity (AntigravitySelectedAccountGuard) — on mismatch the pipeline falls through to the account-scoped OAuth fetch. Explicit cli/oauth source modes stay authoritative. Added focused guard/email-resolution tests; swift test --filter Antigravity (130 tests) and make check are green.

@clawsweeper re-review

[enieuwy]

Rebased cleanly onto latest origin/main, carrying forward the AntigravitySelectedAccountGuard and CLI usage source patches perfectly. Tests pass locally.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27144971138
• Updated: 2026-06-08T14:43:03.225Z

[enieuwy]

Closing in favor of a replacement PR. This PR introduced three flakiness bugs that cause Antigravity bar items to flicker:

1. Local probe steals agy processes — AntigravityStatusFetchStrategy scans all running processes and matches agy, but AntigravityCLIHTTPSFetchStrategy also manages agy with its own readiness loop. The local probe hits a half-warm agy, burns the 8s timeout, and returns an error — while the CLI strategy can't find the process it owns.

2. Serve kills agy every refresh — shouldResetSessionAfterFetch returns true for any .cli runtime, including codexbar serve. Every 60s the serve tears down a warm agy, and the next poll has to cold-start a new one (~10s). If that doesn't finish before the request timeout, the bar item disappears.

3. Transient errors blank the bar — shouldCacheServeResponse returns false for error responses. A single timeout or 502 replaces the last good Antigravity payload with a fresh error, so SketchyBar/Zellij hides the item until the next successful poll.

The replacement PR takes a different approach: scope the local probe to IDE-only processes, add a GetCommandModelConfigs fallback in the probe itself (no external process manager needed), keep warm agy sessions alive in persistent runtimes via persistsCLISessions, and mask transient serve errors with a last-good cache. Same user-visible behavior (Antigravity data when the desktop app is closed), ~220 lines added vs ~2,800 lines here, and no new process lifecycle to maintain.

Thanks for the thorough review — the account-mismatch concern was valid and the replacement PR preserves selected-account OAuth routing by keeping CLI out of the strategy pipeline.

[enieuwy]

Reopening — closing this was a mistake on my part.

The three issues I cited in the close comment are real, but they are fixable in-place, not reasons to abandon the agy CLI fallback feature. Closing also discarded the whole closed-desktop agy-source capability (the entire point of this PR), which I'm actively running and relying on.

This PR's last ClawSweeper verdict was needs-human / 🐚 platinum hermit / proof: sufficient — i.e. it was waiting on a maintainer policy decision about the auto-mode source order, not blocked by a defect. I'll push the flakiness fixes (IDE-only desktop-probe scope so the local strategy doesn't contend with the managed agy session, warm-session persistence for long-lived runtimes, and a serve last-good cache for transient errors) on top of this branch and re-request review.

[enieuwy]

Correction to my reopen comment above: I referenced "warm agy session persistence via persistsCLISessions" — that phrasing was from a discarded alternate approach and does not match what landed. This branch keeps the existing warm-session lifecycle in AntigravityCLISession / AntigravityCLIHTTPSFetchStrategy unchanged; no persistsCLISessions flag was added.

Pushed 8f8da7b3 (rebased cleanly onto latest origin/main first). It adds two narrowly-scoped flakiness fixes on top of the existing agy CLI fallback:

1. Desktop-local probe scoped to IDE-only. AntigravityStatusFetchStrategy previously probed all Antigravity processes including agy, which AntigravityCLIHTTPSFetchStrategy already owns. A stale/initializing agy accepts the connection but fails GetUserStatus, burning the probe timeout before the CLI strategy's readiness loop runs. New AntigravityStatusProbe.ProcessScope; the local strategy uses .ideOnly and otherwise fails over to the CLI strategy. isRunning() keeps .ideAndCLI for status reporting.
2. codexbar serve serves last-good on transient failures. shouldCacheServeResponse refused to cache error payloads, so a single timeout/502 returned a fresh error to polling clients. CLIServeResponseCache now records the last good response per key and serves it for failed refreshes, bounded by serveStaleTTL (10× refresh interval, 5-minute floor; disabled when --refresh-interval 0).

Verification:

• swift test --filter 'AntigravityStatusProbeTests|CLIServeRouterTests|AntigravityCLIHTTPSFetchStrategyTests' — 94 tests pass (incl. 4 new: probe .ideOnly scope ×2, serve last-good fallback + TTL bounds ×2).
• make check — 0 violations, format clean.

CHANGELOG left untouched per the release-flow convention.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Failed
• Detail: The targeted re-review did not finish cleanly. Check the workflow run for details.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27275449773
• Updated: 2026-06-10T12:16:35.771Z

[enieuwy]

Force-pushed 34064ab6 (amends the prior fix commit). Live testing on a real bundle surfaced a third flakiness source that I have now fixed; full detail so the record is accurate:

Third fix: codexbar serve reset the warm agy session every refresh

shouldResetSessionAfterFetch keyed only on runtime == .cli, which codexbar serve shares with one-shot codexbar usage. So every 60s refresh tore down the warm agy and the next poll cold-started a new one, racing its readiness deadline and timing out (and leaking agy processes). Added ProviderFetchContext.persistsCLISessions (set true by serve via UsageCommandContext.persistCLISessions); shouldResetSessionAfterFetch now keeps the warm session for long-lived hosts (app, serve) and resets only for one-shot CLI. The session's existing 180s idle window covers the 60s refresh interval, and idle sessions still reap cleanly.

Full change set on top of the agy CLI fallback

1. Desktop-local probe scoped to .ideOnly (AntigravityStatusProbe.ProcessScope) so it never contends with the agy process owned by AntigravityCLIHTTPSFetchStrategy; isRunning() keeps .ideAndCLI.
2. persistsCLISessions so serve keeps the warm agy session across refreshes.
3. CLIServeResponseCache serves the last good payload on transient failures, bounded by serveStaleTTL (10x refresh, 5-min floor; off at --refresh-interval 0).

Live verification (real bundle, desktop app closed, codexbar serve --refresh-interval 60)

• Before: repeated polls returned Antigravity quota request timed out; agy processes accumulated from per-refresh cold starts.
• After: one initial cold-start miss, then every poll and every cross-TTL refresh (62s apart) returns source: "cli" real data in ~2.2s from a persistent warm session; idle sessions reap instead of piling up.

Tests (121 pass across the 4 Antigravity/serve suites): probe .ideOnly scope, serve last-good fallback + TTL bounds, and shouldResetSessionAfterFetch honoring persistsCLISessions. make check clean. CHANGELOG left untouched per the release-flow convention.

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.