Graveyard

AI-Powered Process Monitor & Security Scanner

Comment

💡 Inspiration (Inspiration)

The core inspiration behind Graveyard was to address the limitations inherent in traditional terminal process monitoring tools like top or htop. The project originated from a need to create a single, cross-platform utility that embeds intelligence for both monitoring and security auditing tasks.

Key inspiration points:

  • Bridging Monitoring and Security: Integrating real-time process monitoring with actionable security analysis capabilities, allowing for instant malware verification directly within the terminal interface.
  • Cross-Platform and Advanced GPU Needs: Building a monitoring solution that offers a consistent experience across Windows, Linux, and macOS, while providing crucial advanced GPU metrics (utilization and memory) that are typically inaccessible by standard CLI tools.
  • Contextualized Intelligence: Solving the problem of data overload for sysadmins and developers by utilizing Google Gemini AI to interpret ambiguous technical data, such as unknown system processes or complex VirusTotal scan results.

🎯 What it does (What it does)

Graveyard functions as a powerful, real-time CLI process monitoring tool that serves as a command center for system health, performance, and security.

Its core functionalities include:

  • Comprehensive Real-Time Monitoring: Provides a process list sorted by resource consumption, coupled with CPU/Memory metrics, and visual gauges for GPU usage.
  • AI-Powered Process Analysis: By pressing i, Gemini AI delivers a purpose explanation, safety assessment, and termination guidance for the selected process.
  • Integrated Security Auditing Workflow: Allows users to press t to compute the SHA256 hash of the process executable and query the VirusTotal database.
  • Risk-Based Analysis by AI: Following the VirusTotal scan, the AI analyzes the results from 70+ antivirus engines to provide a risk classification (HIGH/MEDIUM/SAFE) and recommended actions.
  • Process Management: Facilitates the safe termination of processes (k) complete with a confirmation dialog and intelligent permission error handling.

🏗️ How we built it (How we built it)

Graveyard was built using Go (Golang 1.21+) to achieve high performance, efficient concurrency, and minimal resource usage (~1–2% CPU, 20–30MB memory footprint).

Key methodologies and technologies:

  • Modular Architecture: Utilizes a Layered Design separating the UI Layer (tview), Service Layer (business logic and API integration), Model Layer (data structures), and Application Layer (thread-safe state management).
  • Go Concurrency Model: Employs goroutines for asynchronous tasks (e.g., system data fetching) and Channels for thread-safe communication between the workers and the UI update loop. Crucially, AI and VirusTotal requests are launched in separate goroutines to ensure a non-blocking UI.
  • Cross-Platform Monitoring: Leverages gopsutil for core process/system data. For advanced GPU monitoring, the project avoids CGO/external libraries by relying on system command execution (nvidia-smi for NVIDIA; PowerShell/WMIC and Windows Performance Counters for all vendors on Windows).
  • API Integrations: Built using the Gemini 1.5 Flash SDK and VirusTotal API v3.

💥 Challenges we ran into (Challenges we ran into)

The development of Graveyard involved specific technical hurdles related to metric accuracy, concurrency, and cross-platform compatibility:

  • CGO-Free Cross-Platform GPU Monitoring: The major challenge was accurately retrieving advanced GPU metrics for non-NVIDIA cards on Windows (Intel, AMD) without CGO, which required complex, custom PowerShell scripting and Performance Counter logic.
  • Cross-Platform CPU Accuracy: Ensuring consistent and accurate CPU percentage readings across different operating systems by carefully managing caching of process data between monitoring cycles in a thread-safe manner.
  • Concurrent State Management: Overcoming race conditions by utilizing sync.RWMutex and buffered channels within the AppState to ensure data displayed in the UI remains consistent and up-to-date from the concurrent monitoring goroutine.
  • API Rate Limiting: Implementing non-blocking and rate-limit aware API requests (VirusTotal) within dedicated goroutines to prevent the UI from freezing or failing due to external rate limit constraints.

🏆 Accomplishments that we're proud of (Accomplishments that we're proud of)

Several technical and functional achievements stand out:

  • Unique AI + Security Integration: Successfully implemented a dual-panel workflow where raw VirusTotal data (center) is instantly interpreted by Gemini AI (left), delivering actionable risk assessment and recommendations.
  • Efficient Three-Panel Terminal UI: Designed a highly effective tview interface that segregates data into three logical panels (Metrics & AI, VirusTotal, Process List) for simultaneous data display.
  • Zero-Dependency GPU Monitoring: Achieved a robust GPU monitoring solution for all vendors on Windows without complex external Go libraries, prioritizing compatibility and binary size.
  • Resource Efficiency: Built a fast and lightweight Go binary that maintains high performance with minimal system overhead during monitoring.

🧠 What we learned (What we learned)

The development of Graveyard provided deep insights into system programming and data context:

  • The Power of Go Concurrency Design: Learned that Channels are the most robust and idiomatic mechanism in Go for state management and synchronization, ensuring data safely flows from the worker to the UI consumer.
  • The Complexity of Cross-OS Low-Level Data: Confirmed that achieving low-level accuracy (like GPU metrics) across various operating systems often requires leveraging and parsing detailed system command output rather than relying on inconsistent third-party bindings.
  • CLI Local Security Best Practices: Understood the security trade-offs of local API key storage. Concluded that storing keys in plaintext in .env with strict 0600 file permissions is the most appropriate and honest practice for a local CLI tool, correctly shifting the security responsibility to the user's OS.
  • The Value of AI Contextualization: Recognized that AI excels at converting raw data (such as hash lists or antivirus detections) into actionable context (risk and recommendations), making it an essential feature for a modern monitoring tool.

⏭️ What's next for Graveyard (What's next for Graveyard)

The future development roadmap focuses on enhancing security analysis capabilities and improving the user experience:

  • Extended GPU Support: Implementing monitoring support for AMD and Intel GPUs on Linux/macOS, potentially by parsing data from /sys/class/drm.
  • Per-Process GPU Analysis: Adding the complex feature to show which specific processes are utilizing the GPU.
  • Advanced Filtering and Sorting: Implementing the ability to filter processes by name and sort the list by all available columns (PID, Name, CPU, Memory).
  • Export and Alerting Features: Adding functionality to export process lists to CSV, save AI analysis reports, and set custom alerts when resource thresholds are exceeded.
  • Batch VirusTotal Scanning: Allowing the scanning of multiple processes simultaneously.
Share this project:

Updates