sysprobe

Native Linux runtime inspector — launch a program and watch what it actually does. Process tree, file descriptors, network sockets, threads, memory map, syscalls, capabilities, cgroups, pressure stalls, crash details — all in one CLI tool with an optional Qt 6 desktop shell.

---

What it does

Surface	Source	Notes
Process tree, descriptors, peaks	/proc/<pid>/{stat,status,fd}	Sampled live during the run
CPU%, faults, ctxt switches, IO	/proc/<pid>/{stat,status,io}	Per-process
Threads	/proc/<pid>/task/*	Name, state, ticks
Memory map	/proc/<pid>/maps	Classified file/anon/heap/stack/vdso
Network connections	/proc/net/{tcp,tcp6,udp,udp6,unix}	Resolved by socket inode
Syscalls	strace -ttt -f wrapper	Live-streaming, optional
Decoded connect() targets	strace argument parsing	INET / INET6 / UNIX
Capabilities, seccomp, LSM	/proc/<pid>/{status,attr/current}	Decoded CAP_* names
cgroups + limits + PSI	/sys/fs/cgroup/<path>/{*.max,*.current,*.pressure}	Live
Crash detection	/proc/sys/kernel/core_pattern + signal	coredumpctl / apport hints
Journal correlation	journalctl --output=json	By observed PID
DBus ownership	busctl --user list	Names owned by observed PIDs
Desktop integration	.desktop files, XDG, Flatpak	Launchability checks
Run history + diff + replay	$XDG_STATE_HOME/sysprobe/runs/	Save / list / show / diff / replay

Build

Requires a C++20 compiler, CMake 3.24+, and Ninja. The Qt 6.4+ desktop UI is optional.

# CLI only
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release -DSYSPROBE_BUILD_UI=OFF
cmake --build build
ctest --test-dir build --output-on-failure   # 18 tests

# With the Qt desktop shell (Ubuntu 24.04)
sudo apt-get install qt6-base-dev qt6-declarative-dev qml6-module-qtquick \
    qml6-module-qtquick-controls qml6-module-qtquick-layouts \
    qml6-module-qtquick-window qml6-module-qtquick-templates \
    qml6-module-qtqml-workerscript
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release -DSYSPROBE_BUILD_UI=ON
cmake --build build

Install

User-local, no sudo:

cmake -S . -B build-release -G Ninja -DCMAKE_BUILD_TYPE=Release \
      -DCMAKE_INSTALL_PREFIX="$HOME/.local"
cmake --build build-release && cmake --install build-release

Installs sysprobe (CLI) and sysprobe-desktop (when Qt is found) under ~/.local/bin/, plus the .desktop and icon files for the launcher.

CLI cheat sheet

# Just run something
sysprobe -- /bin/sh -c 'echo hello; sleep 0.2'

# Reports
sysprobe --report json --output report.json -- /usr/bin/curl https://example.com
sysprobe --report markdown --output report.md -- /usr/bin/python3 script.py

# Deep tracing (strace under the hood)
sysprobe --trace -- /usr/bin/curl https://example.com
sysprobe --trace openat,connect -- /usr/bin/python3 script.py

# Launch shaping
sysprobe --env DEBUG=1 --nice 10 --cpu-affinity 0,1 --cwd /tmp \
         --memory 256M --cpu 50 --pids 32 \
         -- /usr/bin/python3 script.py

# Signal a running process from another terminal
sysprobe --signal TERM 12345
sysprobe --signal STOP 12345 && sysprobe --signal CONT 12345

# Run history
sysprobe --save baseline -- /usr/bin/python3 script.py
sysprobe --save with-fix -- /usr/bin/python3 script.py
sysprobe --diff baseline with-fix
sysprobe --replay baseline                # re-run with the same env/limits
sysprobe --history
sysprobe --show baseline | jq '.peaks'

# Desktop integration
sysprobe --list-apps
sysprobe --check-desktop /usr/share/applications/org.gnome.Calculator.desktop

Run sysprobe --help for the full surface.

Desktop UI

sysprobe-desktop ships a Qt Quick frontend with the same data model:

• Sidebar nav across Processes / Report / Output / Descriptors / Network / Threads / Memory / Trace / Security / Integration / History.
• Live status pill in the header, plus Pause / Resume / Terminate / Kill / gdb buttons while a run is active.
• Launch options panel (env, nice, CPU affinity, cwd, OOM score, memory cap, CPU quota, PIDs cap) right above the command field.
• Crash banner with backend-specific follow-up hints.
• History tab with Save / Replay / Diff / Delete.

Repo layout

src/cli/                 command-line entry point and argument parsing
src/app/                 Qt Quick desktop shell + theme + components
src/app/icons/           SVG icon set used by the GUI
src/app/qml/             Theme.qml, Sidebar, themed Sp* controls, Main.qml
src/sysprobe/linux/      /proc, XDG, desktop entry, Flatpak, DBus, journal,
                         strace, network, security, cgroups, crash adapters
src/sysprobe/            runtime probe engine, report export, run history
data/                    desktop entry and app icon
tests/                   18 small executable tests wired through CTest
docs/                    phase-by-phase implementation notes (1–19)

Tests

18 tests cover the parsers (procfs, journal, busctl, strace, cgroup metrics, network, memory maps, security, crash) plus a runtime smoke test, the arguments parser, the report formatter, and the run history roundtrip.

ctest --test-dir build --output-on-failure

Implementation notes

The project was built phase-by-phase with one logical commit per piece. Each phase doc under docs/phase-N.md covers the scope, design choices, and caveats for that increment:

#	Theme
1–2	CLI runtime probe + Qt 6 desktop shell
3–4	Desktop integration + report exports
5	Journal + DBus correlation
6	Deep tracing (strace backend)
7	Control surface (signals, launch options)
8	Live deep inspection (network, threads, memory map, streaming trace)
9	Sandboxing/security view (caps, seccomp, namespaces)
10	Resource limits (cgroup + rlimit)
11	Pressure stall info
12–13	Run history + diff + GUI history panel
14	Replay saved runs
15	Performance counters
16	Socket address decoding
17	Crash capture
18–19	Visual polish (Theme, components, sidebar nav, icons, structure)

License

Source code is provided as-is under no specific license. Add one before publishing further.