940786c57f
- Add panel-stream-investigation.md documenting dead end - Update KNOWN_ISSUES: move polling and panel stream to resolved - Update GEMINI.md with standalone LS section and new MITM setup - Fix standalone-ls-todo to reflect default mode
3.9 KiB
Known Issues & Future Work
All critical blockers have been resolved. Standalone LS with MITM interception is fully working. Reactive streaming is implemented with polling fallback.
✅ Resolved
LS Go LLM Client Ignores System TLS Trust Store
Status: SOLVED (2026-02-14)
Previously the #1 blocker. The standalone LS (--standalone flag, now default)
routes all LLM API traffic through the MITM proxy with full decryption.
Solution:
- UID-scoped iptables —
scripts/mitm-redirect.shcreates anantigravity-lssystem user. iptables redirects only that UID's port-443 traffic → MITM port. - Combined CA bundle — The Go client honors
SSL_CERT_FILEwhen set on the standalone process. A combined bundle (system CAs + MITM CA) is written to/tmp/antigravity-mitm-combined-ca.pem. sudo -uspawning — The proxy spawns the LS as theantigravity-lsuser, so only the standalone LS traffic is intercepted. No impact on other software.- Google SSE parsing — MITM parses
streamGenerateContent?alt=sseresponses and extractspromptTokenCount,candidatesTokenCount,thoughtsTokenCount.
Verified: /v1/usage returns per-model token usage from intercepted traffic.
Polling-Based Cascade Updates
Status: SOLVED (2026-02-14)
StreamCascadeReactiveUpdates is now used for real-time cascade state
notifications. Falls back to timer-based polling if the streaming RPC is
unavailable. Reactive diffs also carry progressive response text and thinking
content (see docs/panel-stream-investigation.md).
StreamCascadePanelReactiveUpdates — Dead End
Status: INVESTIGATED & CLOSED (2026-02-14)
CascadePanelState only contains plan_status and user_settings — not
thinking text. The panel reactive component uses a workspace-scoped ID, not
cascade IDs. See docs/panel-stream-investigation.md.
🟡 Medium (Architecture / Future Work)
1. Cascade Correlation Is Heuristic
File: src/mitm/intercept.rs — extract_cascade_hint()
The MITM proxy matches intercepted API traffic to cascade IDs heuristically.
Currently all intercepted usage is stored under _latest because the Google
SSE request body is empty (content_length=0 — the LS sends the request body
via chunked encoding that isn't captured in the hint extractor).
Impact: Usage shows up in /v1/usage aggregate stats but isn't correlated
to specific cascades. Not blocking — aggregate usage is the primary use case.
2. Request Modification Not Implemented
File: src/mitm/proxy.rs — modify_requests: bool
The MitmConfig.modify_requests flag is plumbed through but hardcoded to false.
Reserved for future request mutation features (e.g., injecting custom system
prompts, modifying model selection).
🟢 Low
3. MITM Integration Tests
Unit tests cover protobuf decoding and intercept parsing (18 tests pass). Integration tests for the full MITM pipeline (TLS interception, response parsing, usage recording) would be valuable now that interception works.
4. MITM for Main Antigravity Session
The current MITM only works for the standalone LS (default mode). Intercepting the main Antigravity session's LS is harder because:
- The main LS is managed by the Antigravity app, not by us
- UID-scoped iptables can't target it without affecting all user traffic
- The
mitm-wrapper.shapproach sets env vars but the LLM client ignoresHTTPS_PROXYunlessdetect_and_use_proxyis ENABLED via init metadata
Workaround: Use standalone mode (default) for all proxy traffic.
5. Progressive Thinking Streaming
For extended-thinking models (Opus), thinking text may arrive progressively
across multiple reactive diffs. Currently thinking is captured atomically via
polling. Progressive streaming would require parsing reactive diff field numbers
to extract incremental thinking deltas. See docs/panel-stream-investigation.md.