6.3 KiB
Known Issues & Future Work
Medium
1. Cascade Correlation Is Heuristic
File: src/mitm/intercept.rs — extract_cascade_hint()
The MITM proxy matches intercepted API traffic to cascade IDs by scanning for metadata.user_id or workspace_id in the request body. If neither is found, it stores under _latest. Since take_usage() no longer falls back to _latest, unidentified requests will have no MITM usage data at all.
Fix: Investigate the actual request body format the LS sends for better correlation keys. Alternatively, use timing-based correlation (match MITM capture timestamp to cascade polling window).
2. Domain Certificate Cache Is Unbounded ✅ FIXED
File: src/mitm/ca.rs — domain_cache
The domain_cache (HashMap<String, Arc<ServerConfig>>) grows without bound.
Fixed: Added a 64-entry cap with clear-on-overflow. In practice only ~5-10 domains are ever intercepted, so this is a safety valve. Full LRU would be overkill.
3. Request Modification Not Implemented
File: src/mitm/proxy.rs — modify_requests: false
The MitmConfig.modify_requests flag exists and is plumbed through, but no actual modification logic is implemented. The flag is hardcoded to false.
Fix: When needed, implement request body mutation in handle_http_over_tls() — parse JSON, modify, reserialize, update Content-Length.
4. total_cost_usd Is Dead ✅ FIXED
total_cost_usd Is DeadFile: src/mitm/store.rs
ApiUsage.total_cost_usd is Option<f64> but is always None.
Fixed: Removed the field entirely from ApiUsage and all 3 construction sites (proto.rs, intercept.rs ×2).
🟢 Low
5. Wrapper Script Fallback Paths May Be Stale ✅ FIXED
File: scripts/mitm-wrapper.sh — LS_FALLBACK_DIRS
Stale .cursor, .vscode, .antigravity glob patterns.
Fixed: Replaced with actual Antigravity install paths (/usr/share/antigravity/, /opt/Antigravity/, ~/.local/share/antigravity/). Primary /proc-based discovery is unaffected.
6. No Integration Tests for MITM Module
The MITM module has unit tests for protobuf decoding and intercept parsing, but no integration tests that verify:
- TLS interception end-to-end with the generated CA
- Full HTTP/1.1 request/response cycle through the proxy
- gRPC (HTTP/2) request/response cycle through
h2_handler - Store recording and retrieval under concurrency
- Wrapper script install/uninstall lifecycle
🔍 Investigation
7. LS Exposes Credit/Quota Data via GetUserStatus ✅ IMPLEMENTED
GetUserStatusFile: src/quota.rs
Investigation item.
Implemented: The QuotaStore polls GetUserStatus every 60s and exposes credit/quota data via GET /v1/quota. Shows plan info, prompt/flow credit balances, per-model remaining fraction, and reset timers.
🔴 Blockers
8. LS Go LLM Client Ignores System TLS Trust Store
File: docs/mitm-interception-status.md
The LS binary is a Go program whose HTTP client for LLM API calls uses a custom tls.Config that does not trust system CAs or honor SSL_CERT_FILE. This means our MITM proxy's generated CA cert is rejected even when properly installed system-wide.
The extension patch (detectAndUseProxy=1) only makes the LS honor HTTPS_PROXY for routing — it doesn't fix CA trust. Without this, the MITM proxy can route but not decrypt LLM traffic.
Potential fixes:
- Binary patching the Go TLS verification (hard, breaks on updates)
- Full standalone LS control (in progress, see issue #9)
- Network namespace + iptables redirect (eliminates HTTPS_PROXY need but doesn't fix TLS trust)
- eBPF/ptrace to inject certs at runtime (complex)
See: docs/mitm-interception-status.md for full analysis
9. Standalone LS Cascades Silently Fail
File: docs/standalone-ls-todo.md
When running a standalone LS instance (outside of Antigravity), cascades start but produce no output. The LS accepts StartCascade RPCs without error, but the cascade never progresses.
Suspected blockers:
- Missing auth context (OAuth token not properly propagated)
- Unleash feature flags differ between main and standalone instances (
GetUnleashDatareturns different flags) LoadCodeAssist/OnboardUserinitialization steps may be required- Extension server callbacks (
WriteCascadeEdit,ExecuteCommand, etc.) have no handler
See: docs/standalone-ls-todo.md for investigation plan
Medium
10. Extension Patch Fragility ✅ FIXED
File: GEMINI.md, docs/mitm-interception-status.md
The sed patch that sets detectAndUseProxy=1 in extension.js must be re-applied after every Antigravity update. The search pattern (detectAndUseProxy=pe.UNSPECIFIED) is brittle — if the minified variable name changes from pe to something else, the patch silently fails.
Fixed: Updated sed to use extended regex s/detectAndUseProxy=[^,;)]+/detectAndUseProxy=1/g which matches any value assignment regardless of minified variable names. Still requires re-applying after updates, but the pattern is now resilient to bundler name changes.
11. Polling-Based Cascade Updates vs Streaming RPC
File: src/api/polling.rs
We poll GetCascadeTrajectorySteps on a timer to check for new cascade output. The LS has a StreamCascadeReactiveUpdates streaming gRPC method that pushes updates in real-time. Our polling approach works but adds latency and unnecessary requests.
Impact: Functional but suboptimal. The streaming approach would give lower latency and less LS load, but requires maintaining a long-lived gRPC stream and handling reconnection.
See: docs/ls-binary-analysis.md → gRPC Services → LanguageServerService
12. No BYOK Model Routing
File: src/api/models.rs
The LS supports BYOK (Bring Your Own Key) variants for Claude and OpenAI models (e.g., MODEL_CLAUDE_4_SONNET_BYOK, MODEL_OPENAI_COMPATIBLE). Our proxy only exposes the 5 built-in placeholder models. Users with BYOK keys can't use them through the proxy.
Fix: Add a mechanism to register BYOK models at runtime (e.g., via a config file or API endpoint). The BYOK model IDs and their proto enum numbers are documented in docs/ls-binary-analysis.md.
13. total_cost_usd Could Use Pricing Table ✅ RESOLVED
total_cost_usd Could Use Pricing TableMoot — total_cost_usd field was removed in issue #4 fix.