Expand description
Phase 1 of #221: the process-observation capability model and the portable process-lifecycle baseline.
This module defines the stable observation types — ObserverConfig,
ObserverCapabilities, ObserverEvent, and the
ObserverSubscriber handle — plus the always-available lifecycle
backend that emits started and
exited events for child processes spawned
by this crate.
§Scope (Phase 1 only)
Only the EventCategory::Lifecycle category is
supported. Every other category
(File, Network,
Process) reports
unavailable with an honest reason,
because syscall-level backends (seccomp/eBPF/ETW) are Phase 3 work and
are deliberately not wired here.
§Off by default
Observation is entirely opt-in. A NativeProcess
emits no events unless an ObserverConfig is attached via
NativeProcess::with_observer (or
the equivalent builder seam). With no observer configured the lifecycle
hooks are inert: no channel, no allocation, no events.
The handle is a plain std::sync::mpsc receiver so the lifecycle
baseline stays free of the daemon runtime (tokio/IPC). Phase 2 layers the
daemon-owned subscriber model on top of these same event types.
Structs§
- Category
Capability - Capability report for one
EventCategory: the negotiated support level, the backend that would serve it, and a human-readable reason. - Observer
Capabilities - The full capability matrix produced by
ObserverCapabilities::negotiate. - Observer
Config - Opt-in configuration that turns process observation on for a single
NativeProcess. - Observer
Event - A single observation emitted by the lifecycle baseline.
- Observer
Subscriber - Receiver handle for observation events.
Enums§
- Capability
Support - Negotiated support level for a single
EventCategory. - Event
Category - Category of observable process activity.
- Observer
Event Kind - What happened to an observed process.