Turning Silent Auto-Approvals into Allow Rules, One Soft-Deny at a Time
In Antigravity CLI 1.1.3, headless -p stops silently auto-approving confirmation-required tools and instead soft-denies them, printing the required allow-rule name to stderr. This piece uses that output as a discovery source to build least privilege from an empty allow set upward, with a working harness and real numbers from a personal automation.
Passing API Keys to Agents Safely: Runtime Env Injection and Log Redaction
How to hand secrets to an Antigravity agent without leaving them in your repo or your logs, using runtime environment injection and output masking.
Are You Actually Using Every Permission You Granted? Tightening Antigravity's Unified Permissions from Real Usage Logs
Once you flip a unified permission policy to 'allow everything,' unused grants quietly pile up. This is the grant-to-usage reconciliation loop: match granted permissions against your action logs, revoke what was never exercised, and narrow what's too broad — with working TypeScript and real numbers from solo operation.
When Antivirus Blocks Antigravity's Launch, Verify the Signature Before You Allow It
When the Antigravity desktop app won't launch because antivirus stepped in, here's how to tell a false positive from a real threat. Verify the code signature on macOS Gatekeeper and Windows Defender first, then allow-list with the narrowest possible scope.
Before Your Finger Learns the Approval Dialog: Folding Antigravity Permissions Into One Policy
Scattered approval dialogs, per-MCP allowlists, repeated re-auth. Built around Antigravity 2.2.1's unified permissions and OAuth keyring storage, here is how I fold every permission into a single policy and design away approval fatigue, with working code and measured numbers.
The Day the Article I Asked It to Format Became the Agent's Instructions
When you run an unattended content-formatting pipeline with Antigravity CLI, instruction-like text buried in the file you are processing can hijack the agent. Here is how I separate the instruction channel from the data channel and add an output-scope acceptance gate to reject anything out of bounds.
An Agent Granted 'Watch an Ad to Unlock a Wallpaper' Entirely Client-Side — Re-Verifying Reward Grants with AdMob SSV
I asked an Antigravity agent to wire up 'watch a rewarded ad to unlock a wallpaper,' and it returned an implementation that wrote the unlock flag client-side only. Here is why that is not enough, how I re-verified the reward grant with AdMob server-side verification (SSV), and how I stopped double grants too.
Before a Stray Instruction in a Fetched Page Drives Your Unattended Agent — Tainting Inputs to Downgrade Capabilities
So an unattended agent that reads external pages or PDFs can't be hijacked by an instruction hidden inside them: track the taint of every input and automatically downgrade side-effecting tools. With working Python and real operational numbers.
Strip Secrets Out of the Agent Logs You Keep: Designing a Redaction Layer
Once you start keeping logs from unattended agents, a token or API key eventually lands in them in plaintext. Rotating the key doesn't unmake the leaked log. This designs a redaction layer that reliably drops secrets right before the write, going beyond regex to register known secrets and mask them for certain, with working Python and field notes.
Your Antigravity Sandbox Isolates Multi-Agents Less Than You Think — Notes on Containing the Blast Radius
An Antigravity sandbox gives you the feeling of isolation, but isolation leaks through three real gaps: shared volumes, over-broad allowed domains, and approval fatigue. Field notes on plugging the leaks, containing the blast radius by design, and proving isolation holds with tests.
Pairing a Local LLM With Antigravity to Keep Sensitive Code Off the Cloud
Should you really let a cloud agent read code that holds your billing keys and revenue logic? For indie developers that worry is concrete. Here I pair Ollama and Gemma as a local LLM with Antigravity, routing sensitive parts to local and general parts to the cloud, with the decision rules and measurements.
Keeping Secrets Out of Your Antigravity Agent's Output: Layered Defenses for Logs, Diffs, and PR Bodies
The three paths through which background agents leak secrets, and how to defend commit diffs, execution logs, and PR bodies with layered protection, drawn from running six apps and measured false-positive rates.