feat: add support for antigravity as an alternative LLM provider in PV map generator

[rohitkumarbhagat]

No description provided.

[gemini-code-assist]

Code Review

This pull request adds support for the 'antigravity' LLM provider as an alternative to 'gemini' in the PV map generator, introducing new CLI flags, configuration options, validation, and command execution logic, along with corresponding unit tests. The review feedback identifies two key issues: a logic bug in the CLI availability check that always returns true due to default configuration values, and a potential command injection vulnerability in the shell command construction that should be resolved by safely escaping paths with shlex.quote.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The current implementation of _check_antigravity_cli_available immediately returns True if self._config.antigravity_cli is set. Since antigravity_cli defaults to 'agy' in the CLI flags, this check will always return True even if the agy executable is not present in the user's PATH, completely bypassing the validation and preventing the warning from being logged. Note that _check_gemini_cli_available has the same issue and should be updated similarly.

Suggested change

	def _check_antigravity_cli_available(self) -> bool:
	"""Check if Antigravity CLI is available in PATH or custom command is provided."""
	if self._config.antigravity_cli:
	return True
	return shutil.which('agy') is not None
	def _check_antigravity_cli_available(self) -> bool:
	"""Check if Antigravity CLI is available in PATH."""
	cmd = self._config.antigravity_cli or 'agy'
	return shutil.which(cmd) is not None

[gemini-code-assist]

Constructing shell commands using unescaped string interpolation can lead to syntax errors or command injection vulnerabilities if any of the paths (such as self._working_dir or prompt_path) contain special characters like single quotes or spaces. Since this command is executed via subprocess.Popen with shell=True, it is highly recommended to use shlex.quote to safely escape all path arguments.

Suggested change

	def _build_antigravity_command(self, prompt_file: Path,
	log_file: Path) -> str:
	"""Build the Antigravity CLI command with appropriate flags."""
	prompt_path = prompt_file.resolve()
	log_path = log_file.resolve()
	internal_log_path = (self._run_dir / 'agy_internal.log').resolve()
	antigravity_cmd = self._config.antigravity_cli or 'agy'
	sandbox_flag = "--sandbox" if self._config.enable_sandboxing else ""
	return (
	f"cat '{prompt_path}' | {antigravity_cmd} {sandbox_flag} "
	f"--dangerously-skip-permissions --add-dir '{self._working_dir}' "
	f"--log-file '{internal_log_path}' 2>&1 | tee '{log_path}'")
	def _build_antigravity_command(self, prompt_file: Path,
	log_file: Path) -> str:
	"""Build the Antigravity CLI command with appropriate flags."""
	import shlex
	prompt_path = prompt_file.resolve()
	log_path = log_file.resolve()
	internal_log_path = (self._run_dir / 'agy_internal.log').resolve()
	antigravity_cmd = self._config.antigravity_cli or 'agy'
	sandbox_flag = "--sandbox" if self._config.enable_sandboxing else ""
	return (
	f"cat {shlex.quote(str(prompt_path))} | {antigravity_cmd} {sandbox_flag} "
	f"--dangerously-skip-permissions --add-dir {shlex.quote(str(self._working_dir))} "
	f"--log-file {shlex.quote(str(internal_log_path))} 2>&1 | tee {shlex.quote(str(log_path))}")

References

1. Using subprocess.Popen with shell=True is permissible for manually executed commands in a secure environment, accepting the associated risks.