130 lines
4.2 KiB
Markdown
130 lines
4.2 KiB
Markdown
# Known Issues & Future Work
|
|
|
|
All fixable issues from the original report have been resolved. The remaining
|
|
items require either architectural changes, new features, or deep investigation
|
|
of the Go language server binary.
|
|
|
|
---
|
|
|
|
## 🔴 Blockers (Require Deep Investigation)
|
|
|
|
### 1. LS Go LLM Client Ignores System TLS Trust Store
|
|
|
|
**File:** `docs/mitm-interception-status.md`
|
|
|
|
The LS binary's Go HTTP client for LLM API calls uses a custom `tls.Config` that
|
|
does **not** trust system CAs or honor `SSL_CERT_FILE`. Our MITM proxy can route
|
|
traffic but not decrypt it.
|
|
|
|
**Investigation status:** All practical approaches have been tried and failed:
|
|
|
|
- iptables REDIRECT → redirect loop + broke all HTTPS traffic
|
|
- DNS redirect → same TLS trust failure
|
|
- LD_PRELOAD → Go doesn't use libc for syscalls
|
|
- SSLKEYLOGFILE → Go doesn't support it
|
|
|
|
**Remaining options (untried):**
|
|
|
|
- Binary patching Go TLS verification (fragile, breaks on updates)
|
|
- Full standalone LS control (see issue #2)
|
|
- eBPF/ptrace syscall interception (complex)
|
|
- Network namespace isolation (complex setup)
|
|
|
|
**Confidence: <30%** — all easy paths exhausted. Requires reverse engineering the Go binary's TLS setup.
|
|
|
|
**See:** `docs/mitm-interception-status.md` for full analysis
|
|
|
|
---
|
|
|
|
### 2. Standalone LS Cascades Silently Fail
|
|
|
|
**File:** `docs/standalone-ls-todo.md`
|
|
|
|
Standalone LS (outside Antigravity) accepts `StartCascade` RPCs without error
|
|
but cascade never progresses. No output.
|
|
|
|
**Suspected blockers:**
|
|
|
|
- Missing auth context (OAuth token propagation)
|
|
- Different Unleash feature flags between main and standalone instances
|
|
- Missing initialization steps (`LoadCodeAssist`, `OnboardUser`)
|
|
- Missing extension server callbacks (`WriteCascadeEdit`, `ExecuteCommand`)
|
|
|
|
**Confidence: <30%** — too many unknowns. Needs systematic debugging with the standalone LS.
|
|
|
|
**See:** `docs/standalone-ls-todo.md` for investigation plan
|
|
|
|
---
|
|
|
|
## Medium (Architecture / Future Work)
|
|
|
|
### 3. Cascade Correlation Is Heuristic
|
|
|
|
**File:** `src/mitm/intercept.rs` — `extract_cascade_hint()`
|
|
|
|
The MITM proxy matches intercepted API traffic to cascade IDs heuristically:
|
|
|
|
- HTTP/1.1 path: scans JSON body for `metadata.user_id` or `workspace_id`
|
|
- gRPC/H2 path: recursively searches proto fields for UUID strings
|
|
|
|
If neither method finds a match, usage is stored under `_latest` but never
|
|
consumed (since `take_usage()` requires exact cascade ID match).
|
|
|
|
**Confidence: <50%** — can't test without working MITM interception (blocked by issue #1). The heuristic is reasonable but unverified against real traffic.
|
|
|
|
---
|
|
|
|
### 4. Request Modification Not Implemented
|
|
|
|
**File:** `src/mitm/proxy.rs` — `modify_requests: bool`
|
|
|
|
The `MitmConfig.modify_requests` flag is plumbed through the entire call chain
|
|
but hardcoded to `false`. No modification logic exists. This is intentional
|
|
scaffolding for future use.
|
|
|
|
**Status:** Not a bug — reserved for potential request mutation features.
|
|
|
|
---
|
|
|
|
### 5. Polling-Based Cascade Updates vs Streaming RPC
|
|
|
|
**File:** `src/api/polling.rs`
|
|
|
|
We poll `GetCascadeTrajectorySteps` on a timer. The LS has a
|
|
`StreamCascadeReactiveUpdates` streaming gRPC method that pushes updates
|
|
in real-time. Polling works but adds latency.
|
|
|
|
**Status:** Functional but suboptimal. Switching to streaming requires
|
|
implementing a gRPC streaming client with reconnection handling. Not blocking.
|
|
|
|
---
|
|
|
|
### 6. No BYOK Model Routing
|
|
|
|
**File:** `src/api/models.rs`
|
|
|
|
The LS supports BYOK (Bring Your Own Key) models (e.g., `MODEL_CLAUDE_4_SONNET_BYOK`,
|
|
`MODEL_OPENAI_COMPATIBLE`). Our proxy only exposes the 5 built-in placeholder
|
|
models.
|
|
|
|
**Status:** Feature request. Would need a runtime model registration mechanism.
|
|
Proto enum numbers are documented in `docs/ls-binary-analysis.md`.
|
|
|
|
---
|
|
|
|
## 🟢 Low
|
|
|
|
### 7. No Integration Tests for MITM Module
|
|
|
|
Unit tests cover protobuf decoding and intercept parsing (17 tests pass), but
|
|
no integration tests for:
|
|
|
|
- TLS interception end-to-end with the generated CA
|
|
- Full HTTP/1.1 request/response cycle through the proxy
|
|
- gRPC (HTTP/2) request/response cycle through `h2_handler`
|
|
- Store recording and retrieval under concurrency
|
|
|
|
**Status:** The MITM can't intercept real traffic anyway (blocked by issue #1),
|
|
so integration tests would be somewhat hypothetical. Worth adding when the TLS
|
|
blocker is resolved.
|