feat: initial commit — antigravity proxy with MITM, standalone LS, and snapshot tooling

2026-02-14 02:24:35 -06:00
commit d5e7f09225
30 changed files with 9980 additions and 0 deletions
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -0,0 +1,155 @@
+# Antigravity Rust Proxy
+
+OpenAI-compatible proxy that intercepts and relays requests to Google's Antigravity language server, impersonating the real Electron webview.
+
+## Quick Start
+
+```bash
+# Build
+cargo build --release
+
+# Run (language server must be running)
+RUST_LOG=info ./target/release/antigravity-proxy
+
+# Custom port
+RUST_LOG=info ./target/release/antigravity-proxy --port 9000
+```
+
+Default port: **8741**
+
+## Endpoints
+
+| Method   | Path                   | Description                                                 |
+| -------- | ---------------------- | ----------------------------------------------------------- |
+| `POST`   | `/v1/responses`        | **Responses API** (primary) — supports `stream: true/false` |
+| `POST`   | `/v1/chat/completions` | Chat Completions API (OpenAI compat shim)                   |
+| `GET`    | `/v1/models`           | List available models                                       |
+| `GET`    | `/v1/sessions`         | List active sessions                                        |
+| `DELETE` | `/v1/sessions/:id`     | Delete a session                                            |
+| `POST`   | `/v1/token`            | Set OAuth token at runtime                                  |
+| `GET`    | `/v1/usage`            | MITM-intercepted token usage stats                          |
+| `GET`    | `/v1/quota`            | LS quota — credits, per-model rate limits, reset timers     |
+| `GET`    | `/health`              | Health check                                                |
+
+## Available Models
+
+| Name                | Label                                    |
+| ------------------- | ---------------------------------------- |
+| `opus-4.6`          | Claude Opus 4.6 (Thinking) — **default** |
+| `opus-4.5`          | Claude Opus 4.5 (Thinking)               |
+| `gemini-3-pro-high` | Gemini 3 Pro (High)                      |
+| `gemini-3-pro`      | Gemini 3 Pro (Low)                       |
+| `gemini-3-flash`    | Gemini 3 Flash                           |
+
+## Example: Responses API
+
+### Sync
+
+```bash
+curl -s http://localhost:8741/v1/responses \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gemini-3-flash",
+    "input": "Say hello in exactly 3 words",
+    "stream": false,
+    "timeout": 60
+  }' | jq .
+```
+
+### Streaming
+
+```bash
+curl -N http://localhost:8741/v1/responses \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gemini-3-flash",
+    "input": "Say hello in exactly 3 words",
+    "stream": true,
+    "timeout": 60
+  }'
+```
+
+### Multi-turn (session reuse)
+
+```bash
+curl -s http://localhost:8741/v1/responses \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gemini-3-flash",
+    "input": "What is 2+2?",
+    "conversation": "my-session-1",
+    "stream": false
+  }' | jq .
+
+# Follow-up in same cascade:
+curl -s http://localhost:8741/v1/responses \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "gemini-3-flash",
+    "input": "Now multiply that by 10",
+    "conversation": "my-session-1",
+    "stream": false
+  }' | jq .
+```
+
+## Authentication
+
+The proxy needs an OAuth token. Three ways to provide it:
+
+1. **Environment variable**: `export ANTIGRAVITY_OAUTH_TOKEN=ya29.xxx`
+2. **Token file**: `echo 'ya29.xxx' > ~/.config/antigravity-proxy-token`
+3. **Runtime API**: `curl -X POST http://localhost:8741/v1/token -d '{"token":"ya29.xxx"}'`
+
+## Version Detection
+
+Version strings (Antigravity, Chrome, Electron, Client) are **auto-detected** at startup from the installed Antigravity app:
+
+- `product.json` → app version + client/IDE version
+- Binary → Chrome + Electron versions via `strings`
+
+Falls back to hardcoded values if the app isn't installed. No manual updates needed when Antigravity updates.
+
+## Stealth Features
+
+- **TLS fingerprint**: BoringSSL with Chrome 142 JA3/JA4 + H2 fingerprint via `wreq`
+- **Protobuf**: Hand-rolled encoder producing byte-exact match to real webview traffic
+- **Warmup**: Mimics real webview startup RPC calls
+- **Heartbeat**: Periodic keep-alive matching real webview lifecycle
+- **Jitter**: Randomized polling intervals to avoid automation fingerprint
+- **Session reuse**: Cascades are reused for multi-turn, matching real webview behavior
+- **MITM proxy**: TLS-intercepting proxy for real token usage capture (opt-in)
+
+## MITM Proxy
+
+Built-in MITM proxy intercepts LS ↔ Google/Anthropic traffic to capture **real** token usage (input, output, cache read, cache creation). Disabled with `--no-mitm`.
+
+### Setup
+
+```bash
+# 1. Start proxy (generates CA cert automatically)
+RUST_LOG=info ./target/release/antigravity-proxy
+
+# 2. Install wrapper (patches LS binary to route through MITM)
+./scripts/mitm-wrapper.sh install
+
+# 3. Restart Antigravity — done!
+
+# Check status
+./scripts/mitm-wrapper.sh status
+
+# Uninstall
+./scripts/mitm-wrapper.sh uninstall
+```
+
+### Usage Stats
+
+```bash
+curl -s http://localhost:8741/v1/usage | jq .
+```
+
+Returns aggregate token counts from all intercepted API calls.
+
+### CLI Flags
+
+- `--no-mitm`: Disable MITM proxy entirely
+- `--mitm-port <PORT>`: Override MITM proxy port (default: auto-assign)