Files
wehub-resource-sync 36b3af2e3d
PR Check / Tests: Unit (macos-latest) (push) Waiting to run
PR Check / Tests: Unit (ubuntu-24.04) (push) Waiting to run
PR Check / Tests: Unit (ubuntu-24.04-arm) (push) Waiting to run
PR Check / Tests: Unit (windows-latest) (push) Waiting to run
PR Check / Code Quality: Format (push) Failing after 1s
PR Check / Code Quality: Lint (darwin) (push) Failing after 0s
PR Check / Code Quality: Lint (freebsd) (push) Failing after 1s
PR Check / Code Quality: Lint (windows) (push) Failing after 1s
PR Check / Code Quality: Lint (linux) (push) Failing after 1s
PR Check / Security: Vulnerability Scan (push) Failing after 0s
Update Documentation / update-docs (push) Failing after 2s
PR Check / Code Quality: Vendor (push) Failing after 1s
PR Check / Code Quality: Coverage (push) Failing after 0s
chore: import upstream snapshot with attribution
2026-07-13 12:22:06 +08:00

127 lines
2.3 KiB
Groff

.nh
.TH "WITR" "1" "Jul 2026" "" ""
.SH NAME
witr - Why is this running?
.SH SYNOPSIS
\fBwitr [process name...] [flags]\fP
.SH DESCRIPTION
witr explains why a process or port is running by tracing its ancestry.
.SH OPTIONS
\fB-c\fP, \fB--container\fP=[]
container(s) to look up (repeatable)
.PP
\fB--env\fP[=false]
show environment variables for the process
.PP
\fB-x\fP, \fB--exact\fP[=false]
use exact name matching (no substring search)
.PP
\fB-f\fP, \fB--file\fP=[]
file(s) held open by a process (repeatable)
.PP
\fB-h\fP, \fB--help\fP[=false]
help for witr
.PP
\fB-i\fP, \fB--interactive\fP[=false]
interactive mode (TUI)
.PP
\fB--json\fP[=false]
show result as JSON
.PP
\fB--no-color\fP[=false]
disable colorized output
.PP
\fB-p\fP, \fB--pid\fP=[]
pid(s) to look up (repeatable)
.PP
\fB-o\fP, \fB--port\fP=[]
port(s) to look up (repeatable)
.PP
\fB-s\fP, \fB--short\fP[=false]
show only ancestry
.PP
\fB-t\fP, \fB--tree\fP[=false]
show only ancestry as a tree
.PP
\fB--verbose\fP[=false]
show extended process information
.PP
\fB--warnings\fP[=false]
show only warnings
.SH EXAMPLE
.EX
# Inspect a running process by name
witr nginx
# Look up a process by PID
witr --pid 1234
# Find the process listening on a specific port
witr --port 5432
# Find the process holding a file open
witr --file /var/lib/dpkg/lock
# Inspect a container by name
witr --container redis
# Inspect a process by name with exact matching (no fuzzy search)
witr bun --exact
# Show the full process ancestry (who started whom)
witr postgres --tree
# Show only warnings (suspicious env, arguments, parents)
witr docker --warnings
# Display only environment variables of the process
witr node --env
# Short, single-line output (useful for scripts)
witr sshd --short
# Disable colorized output (CI or piping)
witr redis --no-color
# Output machine-readable JSON
witr chrome --json
# Show extended process information (memory, I/O, file descriptors)
witr mysql --verbose
# Combine flags: inspect port, show environment variables, output JSON
witr --port 8080 --env --json
# Multiple inputs
witr nginx node
witr --port 8080 --port 3000
witr --pid 1234 --pid 5678
# Mixed inputs
witr nginx --pid 1234 --port 8080
.EE