diff --git a/GEMINI.md b/GEMINI.md index bbd5517..d225b1a 100644 --- a/GEMINI.md +++ b/GEMINI.md @@ -41,6 +41,12 @@ Default port: **8741** | `gemini-3-pro` | Gemini 3 Pro (Low) | | `gemini-3-flash` | Gemini 3 Flash | +## Development & Testing + +- **Dev/testing model**: `gemini-3-flash` — use this for all development, debugging, and iterative testing +- **Production model**: `opus-4.6` — use sparingly for real-world validation only (has quota limit) +- See `docs/ls-binary-analysis.md` for full reverse-engineered model catalog and proto enum mappings + ## Example: Responses API ### Sync diff --git a/KNOWN_ISSUES.md b/KNOWN_ISSUES.md index 4d0f1e6..de78198 100644 --- a/KNOWN_ISSUES.md +++ b/KNOWN_ISSUES.md @@ -107,3 +107,88 @@ Each model also includes **per-model quota info**: - `userTier` field shows subscription level: `{"id": "g1-ultra-tier", "name": "Google AI Ultra"}` **Potential use:** We could poll `GetUserStatus` periodically and expose `availablePromptCredits`, `availableFlowCredits`, and per-model `remainingFraction` via the `/v1/usage` endpoint — giving users real-time credit burn visibility without needing MITM token counting. + +--- + +## 🔴 Blockers + +### 8. LS Go LLM Client Ignores System TLS Trust Store + +**File:** `docs/mitm-interception-status.md` + +The LS binary is a Go program whose HTTP client for LLM API calls uses a custom `tls.Config` that does **not** trust system CAs or honor `SSL_CERT_FILE`. This means our MITM proxy's generated CA cert is rejected even when properly installed system-wide. + +The extension patch (`detectAndUseProxy=1`) only makes the LS honor `HTTPS_PROXY` for routing — it doesn't fix CA trust. Without this, the MITM proxy can route but not decrypt LLM traffic. + +**Potential fixes:** + +- Binary patching the Go TLS verification (hard, breaks on updates) +- Full standalone LS control (in progress, see issue #9) +- Network namespace + iptables redirect (eliminates HTTPS_PROXY need but doesn't fix TLS trust) +- eBPF/ptrace to inject certs at runtime (complex) + +**See:** `docs/mitm-interception-status.md` for full analysis + +--- + +### 9. Standalone LS Cascades Silently Fail + +**File:** `docs/standalone-ls-todo.md` + +When running a standalone LS instance (outside of Antigravity), cascades start but produce no output. The LS accepts `StartCascade` RPCs without error, but the cascade never progresses. + +**Suspected blockers:** + +- Missing auth context (OAuth token not properly propagated) +- Unleash feature flags differ between main and standalone instances (`GetUnleashData` returns different flags) +- `LoadCodeAssist` / `OnboardUser` initialization steps may be required +- Extension server callbacks (`WriteCascadeEdit`, `ExecuteCommand`, etc.) have no handler + +**See:** `docs/standalone-ls-todo.md` for investigation plan + +--- + +## Medium + +### 10. Extension Patch Fragility + +**File:** `scripts/mitm-wrapper.sh`, GEMINI.md + +The `sed` patch that sets `detectAndUseProxy=1` in `extension.js` must be **re-applied after every Antigravity update**. The search pattern (`detectAndUseProxy=pe.UNSPECIFIED`) is brittle — if the minified variable name changes from `pe` to something else, the patch silently fails. + +**Fix:** Use a regex-based patch (`detectAndUseProxy=[^;]*` → `detectAndUseProxy=1`) or patch via AST manipulation. Add a post-update hook or version check to warn when the patch is stale. + +--- + +### 11. Polling-Based Cascade Updates vs Streaming RPC + +**File:** `src/api/polling.rs` + +We poll `GetCascadeTrajectorySteps` on a timer to check for new cascade output. The LS has a `StreamCascadeReactiveUpdates` streaming gRPC method that pushes updates in real-time. Our polling approach works but adds latency and unnecessary requests. + +**Impact:** Functional but suboptimal. The streaming approach would give lower latency and less LS load, but requires maintaining a long-lived gRPC stream and handling reconnection. + +**See:** `docs/ls-binary-analysis.md` → gRPC Services → LanguageServerService + +--- + +### 12. No BYOK Model Routing + +**File:** `src/api/models.rs` + +The LS supports BYOK (Bring Your Own Key) variants for Claude and OpenAI models (e.g., `MODEL_CLAUDE_4_SONNET_BYOK`, `MODEL_OPENAI_COMPATIBLE`). Our proxy only exposes the 5 built-in placeholder models. Users with BYOK keys can't use them through the proxy. + +**Fix:** Add a mechanism to register BYOK models at runtime (e.g., via a config file or API endpoint). The BYOK model IDs and their proto enum numbers are documented in `docs/ls-binary-analysis.md`. + +--- + +### 13. `total_cost_usd` Could Use Pricing Table + +(Extends issue #4) + +Now that we have the full model catalog with proto enum numbers (`docs/ls-binary-analysis.md`), we could build a pricing table mapping model → cost per token. The MITM captures input/output token counts, so cost calculation is just a lookup + multiply. + +Known models that could have pricing: + +- Claude Opus 4.6 (M26/1026), Opus 4.5 (M12/1012) +- Gemini 3 Pro High (M8/1008), Pro Low (M7/1007), Flash (M18/1018)