docs: add 6 new known issues from binary analysis session
This commit is contained in:
Nikketryhard
@@ -41,6 +41,12 @@ Default port: **8741**
|
||||
| `gemini-3-pro` | Gemini 3 Pro (Low) |
|
||||
| `gemini-3-flash` | Gemini 3 Flash |
|
||||
|
||||
## Development & Testing
|
||||
|
||||
- **Dev/testing model**: `gemini-3-flash` — use this for all development, debugging, and iterative testing
|
||||
- **Production model**: `opus-4.6` — use sparingly for real-world validation only (has quota limit)
|
||||
- See `docs/ls-binary-analysis.md` for full reverse-engineered model catalog and proto enum mappings
|
||||
|
||||
## Example: Responses API
|
||||
|
||||
### Sync
|
||||
|
||||
@@ -107,3 +107,88 @@ Each model also includes **per-model quota info**:
|
||||
- `userTier` field shows subscription level: `{"id": "g1-ultra-tier", "name": "Google AI Ultra"}`
|
||||
|
||||
**Potential use:** We could poll `GetUserStatus` periodically and expose `availablePromptCredits`, `availableFlowCredits`, and per-model `remainingFraction` via the `/v1/usage` endpoint — giving users real-time credit burn visibility without needing MITM token counting.
|
||||
|
||||
---
|
||||
|
||||
## 🔴 Blockers
|
||||
|
||||
### 8. LS Go LLM Client Ignores System TLS Trust Store
|
||||
|
||||
**File:** `docs/mitm-interception-status.md`
|
||||
|
||||
The LS binary is a Go program whose HTTP client for LLM API calls uses a custom `tls.Config` that does **not** trust system CAs or honor `SSL_CERT_FILE`. This means our MITM proxy's generated CA cert is rejected even when properly installed system-wide.
|
||||
|
||||
The extension patch (`detectAndUseProxy=1`) only makes the LS honor `HTTPS_PROXY` for routing — it doesn't fix CA trust. Without this, the MITM proxy can route but not decrypt LLM traffic.
|
||||
|
||||
**Potential fixes:**
|
||||
|
||||
- Binary patching the Go TLS verification (hard, breaks on updates)
|
||||
- Full standalone LS control (in progress, see issue #9)
|
||||
- Network namespace + iptables redirect (eliminates HTTPS_PROXY need but doesn't fix TLS trust)
|
||||
- eBPF/ptrace to inject certs at runtime (complex)
|
||||
|
||||
**See:** `docs/mitm-interception-status.md` for full analysis
|
||||
|
||||
---
|
||||
|
||||
### 9. Standalone LS Cascades Silently Fail
|
||||
|
||||
**File:** `docs/standalone-ls-todo.md`
|
||||
|
||||
When running a standalone LS instance (outside of Antigravity), cascades start but produce no output. The LS accepts `StartCascade` RPCs without error, but the cascade never progresses.
|
||||
|
||||
**Suspected blockers:**
|
||||
|
||||
- Missing auth context (OAuth token not properly propagated)
|
||||
- Unleash feature flags differ between main and standalone instances (`GetUnleashData` returns different flags)
|
||||
- `LoadCodeAssist` / `OnboardUser` initialization steps may be required
|
||||
- Extension server callbacks (`WriteCascadeEdit`, `ExecuteCommand`, etc.) have no handler
|
||||
|
||||
**See:** `docs/standalone-ls-todo.md` for investigation plan
|
||||
|
||||
---
|
||||
|
||||
## Medium
|
||||
|
||||
### 10. Extension Patch Fragility
|
||||
|
||||
**File:** `scripts/mitm-wrapper.sh`, GEMINI.md
|
||||
|
||||
The `sed` patch that sets `detectAndUseProxy=1` in `extension.js` must be **re-applied after every Antigravity update**. The search pattern (`detectAndUseProxy=pe.UNSPECIFIED`) is brittle — if the minified variable name changes from `pe` to something else, the patch silently fails.
|
||||
|
||||
**Fix:** Use a regex-based patch (`detectAndUseProxy=[^;]*` → `detectAndUseProxy=1`) or patch via AST manipulation. Add a post-update hook or version check to warn when the patch is stale.
|
||||
|
||||
---
|
||||
|
||||
### 11. Polling-Based Cascade Updates vs Streaming RPC
|
||||
|
||||
**File:** `src/api/polling.rs`
|
||||
|
||||
We poll `GetCascadeTrajectorySteps` on a timer to check for new cascade output. The LS has a `StreamCascadeReactiveUpdates` streaming gRPC method that pushes updates in real-time. Our polling approach works but adds latency and unnecessary requests.
|
||||
|
||||
**Impact:** Functional but suboptimal. The streaming approach would give lower latency and less LS load, but requires maintaining a long-lived gRPC stream and handling reconnection.
|
||||
|
||||
**See:** `docs/ls-binary-analysis.md` → gRPC Services → LanguageServerService
|
||||
|
||||
---
|
||||
|
||||
### 12. No BYOK Model Routing
|
||||
|
||||
**File:** `src/api/models.rs`
|
||||
|
||||
The LS supports BYOK (Bring Your Own Key) variants for Claude and OpenAI models (e.g., `MODEL_CLAUDE_4_SONNET_BYOK`, `MODEL_OPENAI_COMPATIBLE`). Our proxy only exposes the 5 built-in placeholder models. Users with BYOK keys can't use them through the proxy.
|
||||
|
||||
**Fix:** Add a mechanism to register BYOK models at runtime (e.g., via a config file or API endpoint). The BYOK model IDs and their proto enum numbers are documented in `docs/ls-binary-analysis.md`.
|
||||
|
||||
---
|
||||
|
||||
### 13. `total_cost_usd` Could Use Pricing Table
|
||||
|
||||
(Extends issue #4)
|
||||
|
||||
Now that we have the full model catalog with proto enum numbers (`docs/ls-binary-analysis.md`), we could build a pricing table mapping model → cost per token. The MITM captures input/output token counts, so cost calculation is just a lookup + multiply.
|
||||
|
||||
Known models that could have pricing:
|
||||
|
||||
- Claude Opus 4.6 (M26/1026), Opus 4.5 (M12/1012)
|
||||
- Gemini 3 Pro High (M8/1008), Pro Low (M7/1007), Flash (M18/1018)
|
||||
|
||||
Reference in New Issue
Block a user