Nikketryhard
e678ec655b
fix: standalone MITM — remove HTTPS_PROXY with iptables, fix is_agent detection
...
- Only set HTTPS_PROXY/HTTP_PROXY when iptables UID isolation is NOT
available. With iptables, double-proxying caused profile picture
fetches to fail with 'lookup http' DNS errors.
- Fix is_agent detection: handle JSON with spaces after colons
("requestType": "agent" vs "requestType":"agent")
- Suppress wrapper-not-installed warning in standalone mode
- Show 'iptables (standalone)' in banner instead of 'not installed'
2026-02-14 18:47:38 -06:00
Nikketryhard
f0c2574c88
feat: MITM request modification — strip bloat from LLM API requests
...
Intercepts streamGenerateContent requests and trims:
- System instruction: strips web_application_development, knowledge_discovery,
persistent_context, skills sections (~18KB saved)
- Content messages: strips empty user_rules, workflows boilerplate,
conversation summaries (~4.5KB saved)
- Tools: keeps 12 essential coding tools, strips 8 non-essential
(browser_subagent, generate_image, search_web, etc. ~6KB saved)
Total: ~55% reduction in request size while keeping identity, user info,
and all coding-relevant tools intact. Only modifies 'agent' type requests,
checkpoint requests pass through unmodified.
Also:
- Standalone mode is now the default (use --no-standalone to attach to
existing LS)
- Enable request modification by default
- Add mold linker, sccache, nextest config (8 thread cap)
- Add .cargo/config.toml and .config/nextest.toml
2026-02-14 18:35:07 -06:00
Nikketryhard
061b08fc8f
fix: cascade correlation — fallback to _latest MITM usage
...
When the MITM can't extract a cascade ID from the intercepted request
(Content-Length: 0 / chunked encoding), usage is stored under '_latest'.
Now usage_from_poll and completions try the exact cascade_id first,
then fall back to '_latest' so MITM-captured tokens are actually used.
2026-02-14 18:10:04 -06:00
Nikketryhard
ca36ab0631
chore: clean up MITM logs and add Google SSE tests
...
- Demote non-LLM request logs to debug (only streamGenerateContent at info)
- Demote non-streaming response headers to debug
- Add 5 Google SSE parser tests (single event, multi-event accumulation,
chunked framing, completion detection, no-thinking-tokens)
- Fix unused variable warning in proxy.rs
2026-02-14 17:55:17 -06:00
Nikketryhard
d4de436856
feat: MITM interception for standalone LS with UID isolation
...
- Spawn standalone LS as dedicated 'antigravity-ls' user via sudo
- UID-scoped iptables redirect (port 443 → MITM proxy) via mitm-redirect.sh
- Combined CA bundle (system CAs + MITM CA) for Go TLS trust
- Transparent TLS interception with chunked response detection
- Google SSE parser for streamGenerateContent usage extraction
- Timeouts on all MITM operations (TLS handshake, upstream, idle)
- Forward response data immediately (no buffering)
- Per-model token usage capture (input, output, thinking)
- Update docs and known issues to reflect resolved TLS blocker
2026-02-14 17:50:12 -06:00
Nikketryhard
6842bfeaa5
chore: clean up code — remove dead code, stale allows, eprintln→tracing, remove volatile data from docs
2026-02-14 16:11:34 -06:00
Nikketryhard
2e2d90bdb9
chore: remove BYOK issue — out of scope
2026-02-14 16:07:00 -06:00
Nikketryhard
f3fd203a53
chore: rewrite KNOWN_ISSUES with investigation verdicts and confidence levels
2026-02-14 16:02:01 -06:00
Nikketryhard
05ae6b8652
chore: clean up KNOWN_ISSUES — remove fixed items, renumber
2026-02-14 15:58:52 -06:00
Nikketryhard
2f53485821
fix(#4,#5,#7): remove dead cost field, fix stale fallback paths, mark quota as implemented
2026-02-14 15:55:11 -06:00
Nikketryhard
2ccc4b46f8
fix( #4 ): remove dead total_cost_usd field; map model enums to readable names
2026-02-14 15:54:03 -06:00
Nikketryhard
dd7b12a97d
fix( #2 ): cap domain cert cache at 64 entries
2026-02-14 15:49:39 -06:00
Nikketryhard
b89d26cc68
fix( #10 ): use robust regex for extension detectAndUseProxy patch
2026-02-14 15:49:05 -06:00
Nikketryhard
9f5d6e15cc
docs: add 6 new known issues from binary analysis session
2026-02-14 15:46:10 -06:00
Nikketryhard
95cb65f1ae
docs: complete tool catalog, trajectory types, and browser automation details
2026-02-14 04:22:13 -06:00
Nikketryhard
7f5a0f51d3
docs: enrich module docs with binary analysis cross-references
2026-02-14 04:20:57 -06:00
Nikketryhard
932214fd95
docs: comprehensive LS binary reverse engineering with model enum mapping
2026-02-14 04:19:48 -06:00
Nikketryhard
edad784bcd
refactor: extract GrpcUsage::into_api_usage to DRY up h2_handler
2026-02-14 04:13:46 -06:00
Nikketryhard
686f5820d6
refactor: extract ResponseData struct to eliminate 18-arg build_response_object
2026-02-14 04:09:41 -06:00
Nikketryhard
901cd3d2e3
fix: resolve clippy warnings (matches!, map_or, redundant guard, unnecessary allocations)
2026-02-14 04:06:18 -06:00
Nikketryhard
725bdb4e9a
chore: add snapshot CLI binary and lib re-export
2026-02-14 04:04:47 -06:00
Nikketryhard
ee6fce12a7
fix: suppress unused direction field warning in snapshot
2026-02-14 04:04:35 -06:00
Nikketryhard
de9be0d564
docs: update README with MITM setup and extension patch instructions
2026-02-14 04:03:25 -06:00
Nikketryhard
9cf7bb75d2
docs: add MITM interception research and redirect scripts
2026-02-14 04:03:22 -06:00
Nikketryhard
4fa8775b61
feat: transparent proxy mode with SNI extraction and DNS bypass for upstream
2026-02-14 04:03:19 -06:00
Nikketryhard
df7dcc96db
fix: prefer .real binary PID and fallback to ss for port discovery
2026-02-14 04:03:15 -06:00
Nikketryhard
07e705084e
fix: install rustls CryptoProvider at startup to prevent panic under load
2026-02-14 04:03:11 -06:00
Nikketryhard
c57eab4995
chore: remove volatile project structure from README
2026-02-14 02:25:05 -06:00
Nikketryhard
d5e7f09225
feat: initial commit — antigravity proxy with MITM, standalone LS, and snapshot tooling
2026-02-14 02:24:35 -06:00
