b3nw/zerogravity
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34b9553484722b1f95b3bcaeca795e364b20ac16
zerogravity/KNOWN_ISSUES.md
Nikketryhard d4de436856 feat: MITM interception for standalone LS with UID isolation 
- Spawn standalone LS as dedicated 'antigravity-ls' user via sudo
- UID-scoped iptables redirect (port 443 → MITM proxy) via mitm-redirect.sh
- Combined CA bundle (system CAs + MITM CA) for Go TLS trust
- Transparent TLS interception with chunked response detection
- Google SSE parser for streamGenerateContent usage extraction
- Timeouts on all MITM operations (TLS handshake, upstream, idle)
- Forward response data immediately (no buffering)
- Per-model token usage capture (input, output, thinking)
- Update docs and known issues to reflect resolved TLS blocker
2026-02-14 17:50:12 -06:00

90 lines
3.2 KiB
Markdown
Raw Blame History

# Known Issues & Future Work
All critical blockers have been resolved. MITM interception is fully working
in standalone mode with UID-scoped iptables redirection.
---
## ✅ Resolved
### ~~LS Go LLM Client Ignores System TLS Trust Store~~
**Status: SOLVED (2026-02-14)**
Previously the #1 blocker. The standalone LS (`--standalone` flag) now routes
all LLM API traffic through the MITM proxy with full decryption.
**Solution:**
1. **UID-scoped iptables**`scripts/mitm-redirect.sh` creates an `antigravity-ls`
system user. iptables redirects only that UID's port-443 traffic → MITM port.
2. **Combined CA bundle** — The Go client honors `SSL_CERT_FILE` when set on
the standalone process. A combined bundle (system CAs + MITM CA) is written
to `/tmp/antigravity-mitm-combined-ca.pem`.
3. **`sudo -u` spawning** — The proxy spawns the LS as the `antigravity-ls` user,
so only the standalone LS traffic is intercepted. No impact on other software.
4. **Google SSE parsing** — MITM parses `streamGenerateContent?alt=sse` responses
and extracts `promptTokenCount`, `candidatesTokenCount`, `thoughtsTokenCount`.
**Verified:** `/v1/usage` returns per-model token usage from intercepted traffic.
---
## 🟡 Medium (Architecture / Future Work)
### 1. Cascade Correlation Is Heuristic
**File:** `src/mitm/intercept.rs``extract_cascade_hint()`
The MITM proxy matches intercepted API traffic to cascade IDs heuristically.
Currently all intercepted usage is stored under `_latest` because the Google
SSE request body is empty (`content_length=0` — the LS sends the request body
via chunked encoding that isn't captured in the hint extractor).
**Impact:** Usage shows up in `/v1/usage` aggregate stats but isn't correlated
to specific cascades. Not blocking — aggregate usage is the primary use case.
---
### 2. Request Modification Not Implemented
**File:** `src/mitm/proxy.rs``modify_requests: bool`
The `MitmConfig.modify_requests` flag is plumbed through but hardcoded to `false`.
Reserved for future request mutation features (e.g., injecting custom system
prompts, modifying model selection).
---
### 3. Polling-Based Cascade Updates vs Streaming RPC
**File:** `src/api/polling.rs`
We poll `GetCascadeTrajectorySteps` on a timer. The LS has a
`StreamCascadeReactiveUpdates` streaming gRPC method that pushes updates
in real-time. Polling works but adds latency.
**Status:** Functional but suboptimal.
---
## 🟢 Low
### 4. MITM Integration Tests
Unit tests cover protobuf decoding and intercept parsing (18 tests pass).
Integration tests for the full MITM pipeline (TLS interception, response
parsing, usage recording) would be valuable now that interception works.
### 5. MITM for Main Antigravity Session
The current MITM only works for the standalone LS (`--standalone` mode).
Intercepting the main Antigravity session's LS is harder because:
- The main LS is managed by the Antigravity app, not by us
- UID-scoped iptables can't target it without affecting all user traffic
- The `mitm-wrapper.sh` approach sets env vars but the LLM client ignores
`HTTPS_PROXY` unless `detect_and_use_proxy` is ENABLED via init metadata
**Workaround:** Use `--standalone` mode for all proxy traffic.
Reference in New Issue View Git Blame Copy Permalink