Copyright (c) 2025 Omer Zak Licensed under the MIT License. See LICENSE file in the project root for full license information.

Note: Google Antigravity is a Google product with its own terms of service.

Google Antigravity in Docker

Run Google Antigravity IDE in a Docker container with persistent skills/agents across projects.

⚠️ Security Disclosure - Read Before Use

This configuration requires elevated privileges that reduce container isolation. These are unavoidable for running a GUI IDE with browser integration.

Privilege	Risk	Why Required
network_mode: host	Container sees all host network traffic	Google OAuth requires predictable localhost ports
ipc: host	Shared memory access with host	Chrome requires IPC for rendering
seccomp: unconfined	No syscall filtering	Chrome sandbox uses blocked syscalls
SYS_ADMIN capability	Near-root privilege	Chrome DevTools Protocol for browser automation
X11 socket mount	Can interact with host windows	Required to display the GUI

Recommendation

Only run this on:

• A dedicated development machine
• A virtual machine
• A system without sensitive data

Do NOT run on:

• Production systems
• Systems with sensitive credentials
• Shared multi-user systems

Risk Acceptance

By using this configuration, you accept that:

1. The container has significant access to your host system
2. A compromised Antigravity agent could potentially access host resources
3. These risks are inherent to running GUI/browser apps in containers

---

Features

• ✅ Isolated workspace - Only specified project directory is mounted
• ✅ Persistent configuration - Skills, agents, workflows survive container restarts
• ✅ Persistent OAuth - Sign in once, stay signed in
• ✅ Dynamic project switching - Work on different projects without rebuilding
• ✅ X11 forwarding - Full GUI support on Linux
• ✅ Cleanup on exit - X11 permissions revoked automatically
• ✅ Window decorations - Openbox WM with distinct teal theme

Prerequisites

• Docker & Docker Compose
• X11 display server (standard on most Linux desktops)
• User with UID=1000 and GID=1000 (default on most Linux systems)
• For Wayland: XWayland compatibility

Quick Start

# 1. Launch container (builds automatically on first run)
./antigravity.sh ~/projects/my-app

# 2. Inside the container, start Antigravity:
antigravity

Usage

Basic Usage

# Open current directory
./antigravity.sh

# Open specific project
./antigravity.sh /path/to/project
./antigravity.sh ~/code/my-api
./antigravity.sh ../another-project

# Once inside the container, run:
antigravity

How It Works

The script starts a container and drops you into a bash shell. From there, you manually run antigravity to launch the IDE. This allows you to see any error messages if something goes wrong.

The setup uses named Docker volumes to persist your Antigravity configuration:

Volume	Purpose
antigravity-config	Skills, agents, workflows, settings
antigravity-extensions	Installed extensions
antigravity-cache	Cache data for faster startup
antigravity-chrome	Browser profile (OAuth sessions)
antigravity-keyring	Secure credential storage

When you switch projects, only the /workspace mount changes—your skills and agents remain available.

First-Time Setup

1. Run ./antigravity.sh for any project
2. Inside the container, run antigravity
3. Complete Google OAuth sign-in when prompted
4. Your credentials are saved in the persistent Chrome profile
5. Future launches skip authentication

Configuration

Environment Variables

Variable	Description	Default
PROJECT_DIR	Project directory to mount	Current directory
DISPLAY	X11 display	:0
XAUTHORITY	X11 auth file	$HOME/.Xauthority

Troubleshooting

"This script requires UID=1000 and GID=1000"

The container uses Ubuntu's built-in user (1000:1000). If your user has different IDs, you'll need to modify the Dockerfile to create a user matching your UID/GID.

"Cannot open display" error

# The script handles this automatically, but if needed:
xhost +local:docker

OAuth sign-in fails

Ensure network_mode: host is set (default). The container needs direct network access for OAuth callbacks.

Browser crashes

Increase shared memory. Edit docker-compose.yml:

shm_size: '2gb'

Reset configuration

# Remove all persistent data and start fresh
docker volume rm antigravity-config antigravity-extensions antigravity-cache antigravity-chrome antigravity-keyring

File Structure

antigravity-docker/
├── Dockerfile              # Container definition
├── docker-compose.yml      # Service configuration (with security docs)
├── docker-entrypoint.sh    # Entrypoint (fixes permissions, drops to user)
├── antigravity.sh          # Launch helper script
├── .env.example            # Example configuration
└── README.md               # This file

Notes

• Git is not installed: To prevent accidental modifications to repositories, git is not included. If you need git, add it to the Dockerfile.
• Automatic rebuild: The script always runs docker compose build. Docker's layer caching makes this fast when nothing has changed.

Alternatives with Better Isolation

If the security trade-offs are unacceptable, consider:

1. Run in a VM - Full isolation, but more resource overhead
2. Use Xpra/VNC - Avoids X11 socket sharing, adds latency
3. Run natively - No container isolation, but no elevated Docker privileges

License

See LICENSE file.