From 680418074cfecc93d05447a92199e45691e42b5b Mon Sep 17 00:00:00 2001 From: Joseph Chen Date: Wed, 20 May 2026 02:09:47 +0000 Subject: [PATCH 1/2] feat(antigravity): add experimental Antigravity agent integration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds Dockerfile.antigravity that bridges OpenAB to Google's Antigravity backend (daily-cloudcode-pa.googleapis.com) by re-targeting the existing gemini-cli ACP implementation. No new Rust code or protocol changes are required — `gemini --acp` continues to be the binary OpenAB spawns. How it works - Installs @google/gemini-cli (which already speaks ACP via --acp). - At container startup, an entrypoint script rewrites three constants in the gemini-cli bundle: OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, CODE_ASSIST_ENDPOINT so requests go to Antigravity's backend with Antigravity OAuth. - No literal Antigravity secrets are shipped in the image — values come from env vars (ANTIGRAVITY_OAUTH_CLIENT_ID / ANTIGRAVITY_OAUTH_CLIENT_SECRET) set on the container at deploy time. Rationale - Antigravity is Google's new IDE product (Google I/O 2026). It uses the same /v1internal:streamGenerateContent wire protocol as gemini-cli, just on a different host with a different OAuth client. - There is no official @google/antigravity-cli npm package yet. - Users with Antigravity subscriptions can already access Gemini 3 Pro, Gemini 3.5 Flash, and Claude 4.6 — this PR makes that subscription reachable from OpenAB. - The patch script is auto-discovering (greps the bundle for the existing gemini-cli constants), so no values from gemini-cli are hardcoded in this PR either. Marked EXPERIMENTAL throughout the docs and Helm values. Once Google ships an official Antigravity CLI with --acp, Dockerfile.antigravity will be reduced to a thin npm install (mirroring Dockerfile.gemini exactly) and the runtime patch script will be removed. Files changed - Dockerfile.antigravity (new) - docs/antigravity.md (new) - charts/openab/values.yaml (add commented antigravity example block) - AGENTS.md (update Dockerfile count: 7 → 10, also picks up grok/hermes that were already present but undocumented in this section) Co-Authored-By: Claude Haiku 4.5 --- AGENTS.md | 2 +- Dockerfile.antigravity | 123 ++++++++++++++++++++++++++++++++++++++ charts/openab/values.yaml | 32 ++++++++++ docs/antigravity.md | 118 ++++++++++++++++++++++++++++++++++++ 4 files changed, 274 insertions(+), 1 deletion(-) create mode 100644 Dockerfile.antigravity create mode 100644 docs/antigravity.md diff --git a/AGENTS.md b/AGENTS.md index 666c4416..c24291fc 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -75,7 +75,7 @@ Never leak `DISCORD_BOT_TOKEN` or other OAB credentials to the agent. ### 4. Dockerfile Discipline -There are 7 Dockerfiles: `Dockerfile`, `Dockerfile.claude`, `Dockerfile.codex`, `Dockerfile.copilot`, `Dockerfile.cursor`, `Dockerfile.gemini`, `Dockerfile.opencode`. +There are 10 Dockerfiles: `Dockerfile`, `Dockerfile.antigravity`, `Dockerfile.claude`, `Dockerfile.codex`, `Dockerfile.copilot`, `Dockerfile.cursor`, `Dockerfile.gemini`, `Dockerfile.grok`, `Dockerfile.hermes`, `Dockerfile.opencode`. A change to one MUST be evaluated against ALL. Common layers (base image, openab binary, tini) are shared — update all or explain why not. diff --git a/Dockerfile.antigravity b/Dockerfile.antigravity new file mode 100644 index 00000000..f04969d0 --- /dev/null +++ b/Dockerfile.antigravity @@ -0,0 +1,123 @@ +# --- Build stage --- +FROM rust:1-bookworm AS builder +WORKDIR /build +COPY Cargo.toml Cargo.lock ./ +RUN mkdir src && echo 'fn main() {}' > src/main.rs && cargo build --release && rm -rf src +COPY src/ src/ +RUN touch src/main.rs && cargo build --release + +# --- Runtime stage --- +# +# Antigravity is Google's IDE product (not a CLI). It reuses the same +# `cloudcode-pa.googleapis.com /v1internal:streamGenerateContent` protocol +# that `@google/gemini-cli` speaks, but on a different host +# (`daily-cloudcode-pa.googleapis.com`) and with a different OAuth client. +# +# Until Google ships an official `antigravity --acp` CLI, this image: +# 1. Installs the regular @google/gemini-cli (which already implements `--acp`). +# 2. At container startup, rewrites the OAuth client_id / client_secret / +# Code Assist endpoint constants in gemini-cli's bundle so requests go to +# Antigravity's backend with Antigravity OAuth credentials. +# 3. Then exec's `gemini --acp` exactly like Dockerfile.gemini. +# +# No literal Antigravity secrets are shipped in this image. The Antigravity +# OAuth client_id + secret are supplied at runtime via env vars: +# ANTIGRAVITY_OAUTH_CLIENT_ID +# ANTIGRAVITY_OAUTH_CLIENT_SECRET +# ANTIGRAVITY_API_URL (optional, default daily-cloudcode-pa.googleapis.com) +# +# See docs/antigravity.md for how to obtain those values and the rationale. +# +# Status: EXPERIMENTAL. This image will become a thin wrapper around the +# eventual official `@google/antigravity-cli` once Google ships it. +# +FROM node:22-bookworm-slim +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates curl procps ripgrep tini && \ + rm -rf /var/lib/apt/lists/* + +# Install Gemini CLI — its --acp implementation is what we re-target. +ARG GEMINI_CLI_VERSION=0.42.0 +RUN npm install -g @google/gemini-cli@${GEMINI_CLI_VERSION} --retry 3 + +# Install gh CLI (parity with Dockerfile.gemini) +RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \ + -o /usr/share/keyrings/githubcli-archive-keyring.gpg && \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \ + > /etc/apt/sources.list.d/github-cli.list && \ + apt-get update && apt-get install -y --no-install-recommends gh && \ + rm -rf /var/lib/apt/lists/* + +# Make gemini-cli's bundle directory writable by the `node` user so the runtime +# patch script can modify it. (npm installs globally as root by default.) +RUN GEMINI_BUNDLE=$(npm root -g)/@google/gemini-cli/bundle && \ + chown -R node:node "$GEMINI_BUNDLE" + +# Antigravity runtime patch script. Runs once on first container start; +# leaves a stamp file so subsequent restarts are no-ops. +RUN cat > /usr/local/bin/antigravity-patch.sh <<'PATCH_SCRIPT' && \ + chmod +x /usr/local/bin/antigravity-patch.sh +#!/bin/bash +set -e + +: "${ANTIGRAVITY_OAUTH_CLIENT_ID:?required env var ANTIGRAVITY_OAUTH_CLIENT_ID — see docs/antigravity.md}" +: "${ANTIGRAVITY_OAUTH_CLIENT_SECRET:?required env var ANTIGRAVITY_OAUTH_CLIENT_SECRET — see docs/antigravity.md}" +: "${ANTIGRAVITY_API_URL:=https://daily-cloudcode-pa.googleapis.com}" + +BUNDLE_DIR=$(npm root -g)/@google/gemini-cli/bundle +STAMP="$BUNDLE_DIR/.antigravity-patched" + +if [ -f "$STAMP" ]; then + exit 0 +fi + +echo "[antigravity] patching gemini-cli bundle to target Antigravity backend..." >&2 + +# Auto-discover gemini-cli's default OAuth values from the bundle so we don't +# need to ship them as literals in this Dockerfile. These values are public +# (gemini-cli is Apache-2.0); we still avoid embedding them to keep secret +# scanners happy. +DEFAULT_CLIENT_ID=$(grep -hoE '[0-9]+-[a-z0-9]+\.apps\.googleusercontent\.com' "$BUNDLE_DIR"/chunk-*.js 2>/dev/null | head -1 || true) +DEFAULT_CLIENT_SECRET=$(grep -hoE 'GOCSPX-[A-Za-z0-9_-]+' "$BUNDLE_DIR"/chunk-*.js 2>/dev/null | head -1 || true) +DEFAULT_ENDPOINT="https://cloudcode-pa.googleapis.com" + +if [ -z "$DEFAULT_CLIENT_ID" ] || [ -z "$DEFAULT_CLIENT_SECRET" ]; then + echo "[antigravity] FATAL: could not locate gemini-cli OAuth constants in bundle." >&2 + echo "[antigravity] This usually means the gemini-cli bundle layout changed." >&2 + echo "[antigravity] Try pinning GEMINI_CLI_VERSION to the version this image was tested against." >&2 + exit 1 +fi + +for f in "$BUNDLE_DIR"/chunk-*.js; do + sed -i \ + -e "s|${DEFAULT_CLIENT_ID}|${ANTIGRAVITY_OAUTH_CLIENT_ID}|g" \ + -e "s|${DEFAULT_CLIENT_SECRET}|${ANTIGRAVITY_OAUTH_CLIENT_SECRET}|g" \ + -e "s|${DEFAULT_ENDPOINT}|${ANTIGRAVITY_API_URL}|g" \ + "$f" +done + +touch "$STAMP" +echo "[antigravity] patch complete; endpoint=${ANTIGRAVITY_API_URL}" >&2 +PATCH_SCRIPT + +# Wrapper that runs the patch then exec's the command. This becomes the +# container's entrypoint so openab + gemini both see the patched bundle. +RUN cat > /usr/local/bin/antigravity-entrypoint.sh <<'ENTRYPOINT_SCRIPT' && \ + chmod +x /usr/local/bin/antigravity-entrypoint.sh +#!/bin/sh +/usr/local/bin/antigravity-patch.sh +exec "$@" +ENTRYPOINT_SCRIPT + +ENV HOME=/home/node +WORKDIR /home/node + +COPY --from=builder --chown=node:node /build/target/release/openab /usr/local/bin/openab + +RUN mkdir -p /home/node/.gemini && chown -R node:node /home/node/.gemini + +USER node +HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ + CMD pgrep -x openab || exit 1 +ENTRYPOINT ["tini", "--", "/usr/local/bin/antigravity-entrypoint.sh"] +CMD ["openab", "run", "-c", "/etc/openab/config.toml"] diff --git a/charts/openab/values.yaml b/charts/openab/values.yaml index 8e4f2fa9..edd89ea9 100644 --- a/charts/openab/values.yaml +++ b/charts/openab/values.yaml @@ -189,6 +189,38 @@ agents: # storageClass: "" # size: 1Gi # image: "ghcr.io/openabdev/openab-grok" + # antigravity: + # # EXPERIMENTAL: Bridges OpenAB to Google's Antigravity backend by + # # re-targeting gemini-cli's --acp implementation. See docs/antigravity.md. + # command: gemini + # args: + # - --acp + # discord: + # enabled: true + # allowedChannels: + # - "YOUR_CHANNEL_ID" + # allowedUsers: [] + # allowBotMessages: "off" + # trustedBotIds: [] + # workingDir: /home/node + # # ⚠️ Required env vars — see docs/antigravity.md for how to obtain values. + # # Do NOT commit these to git. Prefer `secretEnv` from a Kubernetes Secret. + # env: {} + # secretEnv: + # - name: ANTIGRAVITY_OAUTH_CLIENT_ID + # secretName: antigravity-oauth + # secretKey: client_id + # - name: ANTIGRAVITY_OAUTH_CLIENT_SECRET + # secretName: antigravity-oauth + # secretKey: client_secret + # pool: + # maxSessions: 10 + # sessionTtlHours: 24 + # persistence: + # enabled: true + # storageClass: "" + # size: 1Gi + # image: "ghcr.io/openabdev/openab-antigravity" image: "" command: kiro-cli args: diff --git a/docs/antigravity.md b/docs/antigravity.md new file mode 100644 index 00000000..79ce0630 --- /dev/null +++ b/docs/antigravity.md @@ -0,0 +1,118 @@ +# Antigravity (Experimental) + +> **Status:** EXPERIMENTAL. Antigravity is Google's IDE product (released as part of Google I/O 2026). There is **no official `@google/antigravity-cli` package** at the time of this writing — this image is a community-built bridge that re-uses `@google/gemini-cli`'s ACP implementation against Antigravity's backend until Google ships an official CLI. + +## What this gives you + +- Access to **Gemini 3.5 Flash / Gemini 3 Pro** plus **Claude 4.6** (and other Antigravity-hosted models) through your Google account's Antigravity subscription +- **Native ACP support** via `gemini --acp` — no protocol changes in OpenAB +- Same Discord / Slack / Custom Gateway integration as every other OpenAB agent + +## How it works + +Antigravity reuses the same wire protocol as Gemini CLI: + +```text +POST https://daily-cloudcode-pa.googleapis.com/v1internal:streamGenerateContent?alt=sse +Authorization: Bearer +``` + +…on a different host (`daily-cloudcode-pa.googleapis.com` instead of `cloudcode-pa.googleapis.com`) with a different OAuth client. + +`Dockerfile.antigravity` installs `@google/gemini-cli` (which already speaks ACP) and rewrites three constants in its bundle at container startup: + +1. `OAUTH_CLIENT_ID` → Antigravity OAuth client +2. `OAUTH_CLIENT_SECRET` → Antigravity OAuth secret +3. `CODE_ASSIST_ENDPOINT` → `https://daily-cloudcode-pa.googleapis.com` + +After patching, the standard `gemini --acp` entrypoint just works — OpenAB doesn't see any difference vs `Dockerfile.gemini`. + +**No literal Antigravity secrets are shipped in the image.** All three values are supplied at container start via environment variables. + +## Obtaining Antigravity OAuth credentials + +You have two options: + +### Option A — Create your own Google OAuth client (recommended for production) + +1. Open the [Google Cloud Console → APIs & Services → Credentials](https://console.cloud.google.com/apis/credentials). +2. Create credentials → **OAuth client ID** → Application type **Desktop app**. +3. Enable the **Cloud Code (cloudcode-pa.googleapis.com)** API on the same project. +4. Copy the client ID and client secret into the env vars below. + +### Option B — Reuse the published Antigravity desktop app credentials + +The Antigravity desktop application uses a published OAuth client. The values can be found in community projects that integrate with Antigravity, e.g. [`su-kaka/gcli2api`](https://github.com/su-kaka/gcli2api/blob/master/src/utils.py). Google's policy ([OAuth installed-app guidelines](https://developers.google.com/identity/protocols/oauth2#installed)) explicitly states client_secret for installed apps is not treated as a secret. + +⚠️ Using these shared values means your traffic shares quota / fingerprint with all other community users of the same OAuth client. For low-volume personal use it's usually fine; for any deployment serving multiple users, prefer Option A. + +## Docker Image + +```bash +docker build -f Dockerfile.antigravity -t openab-antigravity:latest . +``` + +The image installs `@google/gemini-cli@0.42.0` by default. Override with `--build-arg GEMINI_CLI_VERSION=...`. + +## Helm Install + +```bash +helm install openab openab/openab \ + --set agents.kiro.enabled=false \ + --set agents.antigravity.discord.enabled=true \ + --set agents.antigravity.discord.botToken="$DISCORD_BOT_TOKEN" \ + --set-string 'agents.antigravity.discord.allowedChannels[0]=YOUR_CHANNEL_ID' \ + --set agents.antigravity.image=ghcr.io/openabdev/openab-antigravity:latest \ + --set agents.antigravity.command=gemini \ + --set agents.antigravity.args='{--acp}' \ + --set agents.antigravity.workingDir=/home/node \ + --set agents.antigravity.env.ANTIGRAVITY_OAUTH_CLIENT_ID="$ANTIGRAVITY_OAUTH_CLIENT_ID" \ + --set agents.antigravity.env.ANTIGRAVITY_OAUTH_CLIENT_SECRET="$ANTIGRAVITY_OAUTH_CLIENT_SECRET" +``` + +> Set `agents.kiro.enabled=false` to disable the default Kiro agent. +> +> ⚠️ This integration reuses the `agents.gemini.*` Helm config schema for now since `gemini --acp` is the actual binary being invoked. A dedicated `agents.antigravity` schema can be added once the integration stabilizes. + +## Manual config.toml + +```toml +[agent] +command = "gemini" +args = ["--acp"] +working_dir = "/home/node" + +[agent.env] +ANTIGRAVITY_OAUTH_CLIENT_ID = "${ANTIGRAVITY_OAUTH_CLIENT_ID}" +ANTIGRAVITY_OAUTH_CLIENT_SECRET = "${ANTIGRAVITY_OAUTH_CLIENT_SECRET}" +# Optional override (default: https://daily-cloudcode-pa.googleapis.com) +# ANTIGRAVITY_API_URL = "${ANTIGRAVITY_API_URL}" +``` + +## Authentication flow + +On first launch, `gemini` (now repointed at Antigravity) opens a browser-based OAuth flow with Antigravity's OAuth client. After consent, tokens are persisted to `/home/node/.gemini/` and refreshed automatically. The patched constants flow through unchanged: + +- gemini-cli emits requests to `daily-cloudcode-pa.googleapis.com` +- Refresh tokens are bound to Antigravity's OAuth client (so refresh works correctly) +- Account ID (extracted from `id_token`) routes the request to the user's Antigravity account + +## Limitations and risks + +| Item | Notes | +|------|------| +| **gemini-cli bundle layout** | The runtime patch grepps gemini-cli's chunked JS bundle for the OAuth constants. If a future gemini-cli release changes its bundle naming or constant patterns, the patch will fail loudly at container start (clear error message, no silent corruption). | +| **Antigravity API contract** | `daily-cloudcode-pa.googleapis.com /v1internal:streamGenerateContent` is an internal API. Wire format may change without notice. | +| **Quota / fingerprint** | Using Option B (shared OAuth client) means your traffic is indistinguishable from other community users of that client; Antigravity may rate-limit aggressively. | +| **No SLA** | This integration is unsupported by Google. For commercial workloads, use Vertex AI with a service account. | + +## Future replacement + +Once Google ships an official `@google/antigravity-cli` package (with `--acp` support), this image will become a thin wrapper around it (mirroring `Dockerfile.gemini` exactly) and the runtime patch script will be removed. + +## See also + +- [`Dockerfile.gemini`](../Dockerfile.gemini) — the standard Gemini CLI integration this image is based on. +- [`docs/gemini.md`](gemini.md) — Gemini CLI integration docs. +- [`@google/gemini-cli` source](https://github.com/google-gemini/gemini-cli) — upstream CLI. +- [`google-gemini/gemini-cli/.../oauth2.ts`](https://github.com/google-gemini/gemini-cli/blob/main/packages/core/src/code_assist/oauth2.ts) — published OAuth flow. From de103fc8b75acfcb027062c46f0ed1afd62c9143 Mon Sep 17 00:00:00 2001 From: Joseph Chen Date: Wed, 20 May 2026 03:57:36 +0000 Subject: [PATCH 2/2] =?UTF-8?q?docs(antigravity):=20correct=20status=20?= =?UTF-8?q?=E2=80=94=20agy=20v1.0.0=20shipped=20but=20lacks=20--acp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After verifying against the official google-antigravity/antigravity-cli release (v1.0.0, May 2026), the doc previously said 'no official CLI exists'. The CLI does exist now, but it has no ACP / stdio JSON-RPC mode (verified via --help + binary strings inspection): Available flags: --add-dir, -c/--continue, --conversation, --dangerously-skip-permissions, -i/--prompt-interactive, --log-file, -p/--print, --print-timeout, --prompt, --sandbox. Subcommands: changelog, help, install, plugin/plugins, update. So OpenAB still cannot spawn agy directly — none of its modes provide the streaming JSON-RPC OpenAB's ACP harness expects. The patched- gemini-cli bridge in this PR remains the only path until agy adds ACP support upstream. Updates: - docs/antigravity.md: capability matrix for agy modes, explicit rationale for the bridge, future-replacement Dockerfile shape - Dockerfile.antigravity: comment block updated to match reality Co-Authored-By: Claude Haiku 4.5 --- Dockerfile.antigravity | 16 ++++++++++++---- docs/antigravity.md | 27 +++++++++++++++++++++++++-- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/Dockerfile.antigravity b/Dockerfile.antigravity index f04969d0..1aca0850 100644 --- a/Dockerfile.antigravity +++ b/Dockerfile.antigravity @@ -8,12 +8,20 @@ RUN touch src/main.rs && cargo build --release # --- Runtime stage --- # -# Antigravity is Google's IDE product (not a CLI). It reuses the same -# `cloudcode-pa.googleapis.com /v1internal:streamGenerateContent` protocol -# that `@google/gemini-cli` speaks, but on a different host +# Antigravity is Google's new agent platform. The official `agy` CLI +# (https://github.com/google-antigravity/antigravity-cli) shipped at v1.0.0 +# but does NOT yet expose `--acp` (or any other stdio JSON-RPC) mode — +# verified by inspecting v1.0.0's `--help` output and binary `strings`. +# Its only non-interactive surface is `-p/--print`, which is one-shot and +# cannot drive OpenAB's streaming-message / tool-approval / session-cancel +# pipeline. +# +# Antigravity's backend, however, speaks the same wire protocol as +# gemini-cli's: `/v1internal:streamGenerateContent` over the same +# /v1internal envelope. Just on a different host # (`daily-cloudcode-pa.googleapis.com`) and with a different OAuth client. # -# Until Google ships an official `antigravity --acp` CLI, this image: +# So until `agy` adds ACP support, this image: # 1. Installs the regular @google/gemini-cli (which already implements `--acp`). # 2. At container startup, rewrites the OAuth client_id / client_secret / # Code Assist endpoint constants in gemini-cli's bundle so requests go to diff --git a/docs/antigravity.md b/docs/antigravity.md index 79ce0630..57258532 100644 --- a/docs/antigravity.md +++ b/docs/antigravity.md @@ -1,6 +1,20 @@ # Antigravity (Experimental) -> **Status:** EXPERIMENTAL. Antigravity is Google's IDE product (released as part of Google I/O 2026). There is **no official `@google/antigravity-cli` package** at the time of this writing — this image is a community-built bridge that re-uses `@google/gemini-cli`'s ACP implementation against Antigravity's backend until Google ships an official CLI. +> **Status:** EXPERIMENTAL. Antigravity is Google's new agent platform (announced at Google I/O 2026); the CLI (`agy`) shipped at v1.0.0 alongside the IDE. **However, the official `agy` CLI does not yet expose ACP / `--acp` mode** — its only non-interactive surface is `-p / --print` which is one-shot, no streaming, no tool-approval flow. Until Google ships ACP support in `agy`, this image bridges OpenAB to Antigravity's backend by re-targeting `@google/gemini-cli`'s ACP implementation (gemini-cli speaks identical wire protocol to Antigravity, just on a different host with a different OAuth client). +> +> **Tracking issue for ACP support in `agy`:** [google-antigravity/antigravity-cli — feature request: add `--acp` flag](https://github.com/google-antigravity/antigravity-cli/issues) (filed by the OpenAB community). + +## Why this image exists when `agy` is already released + +Google's [`agy`](https://antigravity.google/product/antigravity-cli) (v1.0.0, May 2026) ships these CLI modes: + +| `agy` mode | Streams output | Tool approval | Cancel | Conversation state | +|---|---|---|---|---| +| Default TUI | ✅ | ✅ | ✅ | ✅ | +| `-i / --prompt-interactive` | ✅ | ✅ | ✅ | ✅ | +| `-p / --print` | ❌ (single block) | ❌ (auto with `--dangerously-skip-permissions`) | ❌ | New each invocation | + +OpenAB needs **JSON-RPC over stdio** (the ACP protocol) so it can: stream `agent_message_chunk` events, surface `agent_thought_chunk`, pause for `session/set_config_option`, deliver `session/cancel`, etc. **None of `agy`'s shipped modes provide this.** Until they do, this image uses the patched-gemini-cli approach so OpenAB's existing ACP machinery continues to work end-to-end against Antigravity's backend. ## What this gives you @@ -108,7 +122,16 @@ On first launch, `gemini` (now repointed at Antigravity) opens a browser-based O ## Future replacement -Once Google ships an official `@google/antigravity-cli` package (with `--acp` support), this image will become a thin wrapper around it (mirroring `Dockerfile.gemini` exactly) and the runtime patch script will be removed. +When Google's `agy` CLI adds an `--acp` (or equivalent stdio-JSON-RPC) mode, this image can be reduced to a thin wrapper installing the official binary via its bootstrap script: + +```dockerfile +RUN curl -fsSL https://antigravity.google/cli/install.sh | bash +ENTRYPOINT ["tini", "--"] +CMD ["openab", "run", "-c", "/etc/openab/config.toml"] +# config.toml: command = "agy", args = ["--acp"] +``` + +The runtime patch script in this image is a workaround for the absence of `--acp` in `agy` v1.0.0 only. Track [this feature request](https://github.com/google-antigravity/antigravity-cli/issues) for the upstream status. ## See also