- Create GitHub Actions workflow for KinD integration tests
- Fix path normalization for relative paths with .. components
- Fix cgroup selection to skip snoop container itself
- Add unique namespaces per test with async cleanup
- Allow IMAGE_TAG environment variable override in test script
Both alpine-basic and busybox-controlled tests now pass with proper
file capture and path normalization.
Signed-off-by: Jason Hall <jason@chainguard.dev>
Implements configurable memory limits for the file deduplication cache
to prevent unbounded memory growth in long-running production deployments.
- Add LRU cache implementation with configurable max size
- Add -max-unique-files flag (default: 0 = unbounded)
- Add snoop_events_evicted_total metric for monitoring
- Track and log cache evictions with delta warnings
- Add comprehensive tests for bounded and unbounded behavior
When max-unique-files is set, the cache evicts least-recently-used
entries to stay within the limit. Evicted files may be re-recorded
if accessed again, making this suitable for workloads with temporal
locality in file access patterns.
Closes milestone 3 task: Memory-bounded deduplication
Signed-off-by: Jason Hall <jason@chainguard.dev>
Implement context-aware structured logging throughout the codebase using
chainguard-dev/clog. This provides better observability with configurable
log levels and structured output.
- Add -log-level flag to control verbosity (debug, info, warn, error)
- Replace all log.Println/Printf calls with structured clog logging
- Thread context through NewProbe, NewProcessor, and NewFileReporter
- Add detailed debug logging for eBPF tracepoint attachment
- Add debug logging for file operations in reporter
- Change "new file" messages to debug level to reduce noise
- Update all tests to pass context.Background()
Default log level is "info" which provides operational visibility without
excessive verbosity. Debug level shows detailed event processing.
Signed-off-by: Jason Hall <jason@chainguard.dev>