stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/dropped/runtime-trace-merge.md

38 lines
2.0 KiB
Markdown
Raw Blame History

# Runtime trace merge (eBPF/ETW observed edges)
## Module
Signals
## Status
PARTIALLY_IMPLEMENTED
## Description
Runtime facts ingestion and provenance normalization exist, but full eBPF/ETW trace integration appears to be at the synthetic probe level rather than production-grade runtime tracing.
## What's Implemented
- **Modules**: `src/Signals/StellaOps.Signals/Services/`, `src/Signals/StellaOps.Signals.RuntimeAgent/`, `src/Signals/__Libraries/StellaOps.Signals.Ebpf/`
- **Key Classes**:
- `RuntimeFactsIngestService` (`src/Signals/StellaOps.Signals.RuntimeAgent/RuntimeFactsIngestService.cs`) - ingests runtime facts from agents
- `SyntheticRuntimeProbeBuilder` (`src/Signals/StellaOps.Signals/Services/SyntheticRuntimeProbeBuilder.cs`) - builds synthetic runtime probes for testing reachability
- `ProcSnapshotDocument` (`src/Signals/StellaOps.Signals/Models/ProcSnapshotDocument.cs`) - process snapshot model for runtime state capture
- `ReachabilityLattice` (`src/Signals/StellaOps.Signals/Lattice/ReachabilityLattice.cs`) - merge logic for combining static and runtime evidence
- `RuntimeSignalCollector` (`src/Signals/__Libraries/StellaOps.Signals.Ebpf/Services/RuntimeSignalCollector.cs`) - eBPF-based runtime signal collection (experimental)
- **Source**: Feature matrix scan
## What's Missing
- Production-grade eBPF trace merging with static callgraph edges
- ETW (Event Tracing for Windows) trace collection and merge
- Conflict resolution when runtime traces contradict static analysis
- Runtime trace deduplication across multiple collection windows
- Performance profiling of trace merge under high-volume runtime data
## Implementation Plan
- Implement runtime-to-static edge merge algorithm with conflict resolution strategies
- Add ETW trace collection agent for Windows container environments
- Implement trace deduplication with temporal windowing
- Benchmark merge performance and optimize for high-throughput runtime streams
- Add integration tests for eBPF and ETW trace merge scenarios
## Related Documentation
- Source: See feature catalog
Reference in New Issue View Git Blame Copy Permalink