peek-core 1.0.0

Core process intelligence library for the Peek tool on Linux
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306

//! Core library for peek: process snapshot types, collection orchestration, and extended data.
//!
//! Provides `ProcessInfo`, `CollectOptions`, `collect()`, and `collect_extended()`; delegates to
//! peek-proc-reader, kernel-explainer, resource-sampler, network-inspector, and signal-engine.

pub mod config;
pub mod proc;
pub mod ringbuf;

use serde::{Deserialize, Serialize};

// ─── Core process snapshot ────────────────────────────────────────────────────

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct ProcessInfo {
    pub pid: i32,
    pub name: String,
    pub cmdline: String,
    /// Resolved executable path from `/proc/<pid>/exe`, when available.
    pub exe: Option<String>,
    pub state: String,
    pub ppid: i32,
    pub uid: u32,
    pub gid: u32,
    pub started_at: Option<chrono::DateTime<chrono::Local>>,
    pub threads: i32,
    pub vm_size_kb: u64,
    pub rss_kb: u64,
    /// Proportional set size (KB), from smaps_rollup. Linux, extended only.
    pub pss_kb: Option<u64>,
    /// Swap used (KB), from status VmSwap. Linux, extended only.
    pub swap_kb: Option<u64>,
    // Extended resource fields
    pub cpu_percent: Option<f64>,
    pub io_read_bytes: Option<u64>,
    pub io_write_bytes: Option<u64>,
    pub fd_count: Option<usize>,
    // Optional rich sections
    pub kernel: Option<KernelInfo>,
    pub network: Option<NetworkInfo>,
    pub open_files: Option<Vec<OpenFile>>,
    pub env_vars: Option<Vec<EnvVar>>,
    pub process_tree: Option<ProcessNode>,
    pub gpu: Option<Vec<GpuInfo>>,
}

// ─── Kernel context ──────────────────────────────────────────────────────────

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct KernelInfo {
    pub sched_policy: String,
    pub nice: i32,
    pub priority: i32,
    pub oom_score: i32,
    pub oom_score_adj: i32,
    pub cgroup: String,
    pub namespaces: Vec<NamespaceEntry>,
    pub cap_permitted: String,
    pub cap_effective: String,
    pub seccomp: u32,
    pub voluntary_ctxt_switches: Option<u64>,
    pub nonvoluntary_ctxt_switches: Option<u64>,
    /// Optional LSM security label (e.g. AppArmor/SELinux).
    pub security_label: Option<String>,
}

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct NamespaceEntry {
    pub ns_type: String,
    pub inode: String,
}

// ─── Network ─────────────────────────────────────────────────────────────────

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct NetworkInfo {
    pub listening_tcp: Vec<SocketEntry>,
    pub listening_udp: Vec<SocketEntry>,
    pub connections: Vec<ConnectionEntry>,
    /// Unix socket paths for this process (from /proc/net/unix + fd inodes).
    pub unix_sockets: Option<Vec<UnixSocketEntry>>,
    /// RX bytes/sec in process network namespace (from /proc/<pid>/net/dev delta).
    /// Sampling window is controlled by `PEEK_NET_SAMPLE_MS` (default 1000ms; 0 disables sampling).
    pub traffic_rx_bytes_per_sec: Option<u64>,
    /// TX bytes/sec in process network namespace.
    pub traffic_tx_bytes_per_sec: Option<u64>,
}

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct UnixSocketEntry {
    pub path: String,
}

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct SocketEntry {
    pub protocol: String,
    pub local_addr: String,
    pub local_port: u16,
}

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct ConnectionEntry {
    pub protocol: String,
    pub local_addr: String,
    pub local_port: u16,
    pub remote_addr: String,
    pub remote_port: u16,
    pub state: String,
}

// ─── Files ───────────────────────────────────────────────────────────────────

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct OpenFile {
    pub fd: u32,
    pub fd_type: String,
    pub description: String,
}

// ─── Environment ─────────────────────────────────────────────────────────────

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct EnvVar {
    pub key: String,
    pub value: String,
    pub redacted: bool,
}

// ─── Process tree ─────────────────────────────────────────────────────────────

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct ProcessNode {
    pub pid: i32,
    pub name: String,
    pub uid: u32,
    pub rss_kb: u64,
    pub children: Vec<ProcessNode>,
}

// ─── GPU ─────────────────────────────────────────────────────────────────────

pub use resource_sampler::gpu::GpuInfo;

// ─── Signal impact pre-flight ─────────────────────────────────────────────────
pub use signal_engine::impact::SignalImpact;

// ─── FD leak detection ───────────────────────────────────────────────────────

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct FdLeakWarning {
    /// FD count at the start of the observation window.
    pub start_count: usize,
    /// FD count at the end.
    pub end_count: usize,
    /// How many consecutive samples showed an increase.
    pub consecutive_increases: usize,
}

// ─── Errors ──────────────────────────────────────────────────────────────────

#[derive(Debug, thiserror::Error)]
pub enum PeekError {
    #[error("process {0} not found")]
    NotFound(i32),

    #[error("failed to read /proc for pid {pid}: {source}")]
    ProcIo {
        pid: i32,
        #[source]
        source: std::io::Error,
    },

    #[error("failed to parse /proc for pid {pid}: {msg}")]
    ProcParse { pid: i32, msg: String },
}

impl From<peek_proc_reader::ProcReaderError> for PeekError {
    fn from(e: peek_proc_reader::ProcReaderError) -> Self {
        let pid = e.pid().unwrap_or(-1);
        match e {
            peek_proc_reader::ProcReaderError::NotFound(pid) => PeekError::NotFound(pid),
            peek_proc_reader::ProcReaderError::Io { source, .. } => {
                PeekError::ProcIo { pid, source }
            }
            peek_proc_reader::ProcReaderError::Parse { msg, .. } => {
                PeekError::ProcParse { pid, msg }
            }
        }
    }
}

pub type Result<T> = std::result::Result<T, PeekError>;

// ─── Collect options ─────────────────────────────────────────────────────────

#[derive(Debug, Default, Clone)]
pub struct CollectOptions {
    pub resources: bool,
    pub kernel: bool,
    pub network: bool,
    pub files: bool,
    pub env: bool,
    pub tree: bool,
    pub gpu: bool,
}

// ─── Public API ──────────────────────────────────────────────────────────────

/// Fast baseline snapshot (no CPU sampling, no extended sections).
pub fn collect(pid: i32) -> Result<ProcessInfo> {
    proc::collect_process(pid, false)
}

/// Full snapshot gated by `opts`. On Linux includes kernel, network, files, env, tree, GPU; elsewhere baseline only.
pub fn collect_extended(pid: i32, opts: &CollectOptions) -> Result<ProcessInfo> {
    let mut info = proc::collect_process(pid, opts.resources)?;

    #[cfg(target_os = "linux")]
    {
        if opts.resources {
            info.io_read_bytes = proc::resources::read_io(pid).map(|io| io.0).ok();
            info.io_write_bytes = proc::resources::read_io(pid).map(|io| io.1).ok();
            info.fd_count = proc::files::count_fds(pid).ok();
            if let Some((_rss, pss, swap)) = resource_sampler::memory::sample_memory(pid) {
                info.pss_kb = Some(pss);
                info.swap_kb = Some(swap);
            }
        }
        if opts.kernel {
            info.kernel = proc::kernel::collect_kernel(pid).ok();
        }
        if opts.network {
            info.network = proc::network::collect_network(pid).ok();
        }
        if opts.files {
            info.open_files = proc::files::collect_files(pid).ok();
        }
        if opts.env {
            info.env_vars = proc::env::collect_env(pid).ok();
        }
        if opts.tree {
            info.process_tree = proc::tree::build_tree(pid).ok();
        }
        if opts.gpu {
            info.gpu = Some(proc::gpu::collect_gpu(pid));
        }
    }

    Ok(info)
}

/// Pre-flight signal impact analysis. Linux only.
pub fn signal_impact(_pid: i32) -> anyhow::Result<SignalImpact> {
    #[cfg(target_os = "linux")]
    {
        signal_engine::impact::analyze_impact(_pid)
    }
    #[cfg(not(target_os = "linux"))]
    {
        anyhow::bail!("Signal impact analysis is only available on Linux")
    }
}

/// Optional human-readable description for well-known process names.
pub fn binary_description(name: &str) -> Option<String> {
    kernel_explainer::well_known::binary_description(name).map(|s| s.to_string())
}

/// Human-readable OOM kill likelihood band (low / moderate / high / critical).
pub fn oom_description(score: i32) -> &'static str {
    kernel_explainer::oom::oom_description(score)
}

/// Soft "Max open files" limit from `/proc/<pid>/limits`, if available.
#[cfg(target_os = "linux")]
pub fn fd_soft_limit(pid: i32) -> Option<u64> {
    use peek_proc_reader::limits::read_limits;

    let limits = read_limits(pid).ok()?;
    limits.max_open_files_soft
}

#[cfg(not(target_os = "linux"))]
pub fn fd_soft_limit(_pid: i32) -> Option<u64> {
    None
}

/// Current syscall name and description from `/proc/<pid>/syscall` (x86_64).
/// Returns `None` if unreadable or syscall number unknown.
#[cfg(all(target_os = "linux", target_arch = "x86_64"))]
pub fn current_syscall(pid: i32) -> Option<(String, String)> {
    let (num, _) = peek_proc_reader::current::read_syscall(pid)?;
    let name = kernel_explainer::syscalls::syscall_name_x86_64(num)?;
    let desc = kernel_explainer::syscalls::syscall_description(name);
    Some((name.to_string(), desc.to_string()))
}

#[cfg(not(all(target_os = "linux", target_arch = "x86_64")))]
pub fn current_syscall(_pid: i32) -> Option<(String, String)> {
    None
}

/// Best-effort reverse DNS for an address (e.g. "192.168.1.1:443"). Time-bounded; for CLI/TUI only.
pub fn resolve_remote(addr: &str) -> Option<String> {
    network_inspector::resolver::resolve(addr)
}