#16683: chore(onboarding): add explicit account-risk warning for Antigravity OAuth and docs

## Summary Describe the problem and fix in 2–5 bullets: - Problem: Users could start Google Antigravity OAuth without a clear in-flow warning about reported account restrictions/suspensions. - Why it matters: Users may unknowingly expose important Google accounts to enforcement risk when using an unofficial third-party OAuth flow. - What changed: Added an explicit caution note + confirmation gate in onboarding before Antigravity OAuth; updated auth option hint text; added matching caution text in model provider docs and plugin README. - What did NOT change (scope boundary): No OAuth protocol, token format, credential storage, or model routing behavior changed. ## Change Type (select all) - [x] Bug fix - [ ] Feature - [ ] Refactor - [x] Docs - [x] Security hardening - [ ] Chore/infra ## Scope (select all touched areas) - [ ] Gateway / orchestration - [ ] Skills / tool execution - [x] Auth / tokens - [ ] Memory / storage - [x] Integrations - [ ] API / contracts - [x] UI / DX - [ ] CI/CD / infra ## Linked Issue/PR - Closes # - Related #14203 ## User-visible / Behavior Changes List user-visible changes (including defaults/config). If none, write `None`. - Selecting `google-antigravity` during onboarding now shows a caution message and requires explicit confirmation. - Antigravity option hint now signals risk earlier. - Docs/README now include explicit caution wording. ## Security Impact (required) - New permissions/capabilities? (`Yes/No`) No - Secrets/tokens handling changed? (`Yes/No`) No - New/changed network calls? (`Yes/No`) No - Command/tool execution surface changed? (`Yes/No`) No - Data access scope changed? (`Yes/No`) No - If any `Yes`, explain risk + mitigation: ## Repro + Verification ### Environment - OS: macOS - Runtime/container: Node 22 + pnpm workspace - Model/provider: google-antigravity (onboarding path) - Integration/channel (if any): CLI onboarding + docs - Relevant config (redacted): N/A ### Steps 1. Run onboarding/auth choice flow and select `google-antigravity`. 2. Observe warning text and confirmation prompt. 3. Decline once, then rerun and accept. ### Expected - Warning is shown before OAuth starts. - Decline path exits setup for this auth choice without starting OAuth. - Accept path proceeds into existing OAuth flow unchanged. ### Actual - Matches expected in updated flow. ## Evidence Attach at least one: - [ ] Failing test/log before + passing after - [x] Trace/log snippets - [ ] Screenshot/recording - [ ] Perf numbers (if relevant) Scoped checks executed during commit helper: - `oxlint --type-aware --fix docs/concepts/model-providers.md extensions/google-antigravity-auth/README.md src/commands/auth-choice-options.ts src/commands/auth-choice.apply.google-antigravity.ts` - `oxfmt --write --no-error-on-unmatched-pattern ...` ## Human Verification (required) What you personally verified (not just CI), and how: - Verified scenarios: Reviewed updated onboarding branch logic and resulting prompt/decline behavior paths in code; verified doc text updates. - Edge cases checked: Non-Antigravity auth choices bypass new gate; cancel/decline path returns without mutating auth credentials. - What you did **not** verify: Full end-to-end live OAuth run against Google services. ## Compatibility / Migration - Backward compatible? (`Yes/No`) Yes - Config/env changes? (`Yes/No`) No - Migration needed? (`Yes/No`) No - If yes, exact upgrade steps: ## Failure Recovery (if this breaks) - How to disable/revert this change quickly: Revert commit `e169e6269`. - Files/config to restore: `src/commands/auth-choice.apply.google-antigravity.ts`, `src/commands/auth-choice-options.ts`, `docs/concepts/model-providers.md`, `extensions/google-antigravity-auth/README.md`. - Known bad symptoms reviewers should watch for: Antigravity auth choice unexpectedly skipping OAuth despite confirmation; duplicated/missing warning prompts. ## Risks and Mitigations List only real risks for this PR. Add/remove entries as needed. If none, write `None`. - Risk: Warning text could be interpreted as too strong/too weak. - Mitigation: Kept language factual, non-instructional, and limited to caution + user confirmation. ## AI Assistance - [x] AI-assisted - [x] Lightly tested Agent-Signoff: LobsterGuard <!-- greptile_comment --> <h3>Greptile Summary</h3> Adds explicit account-risk warnings and confirmation gate for Google Antigravity OAuth during onboarding. The PR modifies the auth flow to display a caution message and require user confirmation before proceeding with the unofficial OAuth integration. Documentation and UI hints updated to signal risk earlier in the user journey. <h3>Confidence Score: 5/5</h3> - Safe to merge with no risk - Changes are well-scoped and defensive in nature, adding user protection without modifying OAuth protocol, token handling, or credential storage. The implementation follows existing patterns (consistent with `applyAuthChoiceGoogleGeminiCli`), only adds warning/confirmation UI, and maintains backward compatibility with default-false confirmation. - No files require special attention _{Last reviewed commit: 8c664ef} <!-- greptile_other_comments_section --> <!-- /greptile_comment -->