@glassmkr/crucible 0.7.1 → 0.8.1

package/src/config.ts

@@ -1,65 +0,0 @@
-import { readFileSync } from "fs";
-import { parse } from "yaml";
-import { z } from "zod";
-
-const ConfigSchema = z.object({
-  server_name: z.string().default("unnamed-server"),
-  collection: z.object({
-    interval_seconds: z.number().min(60).max(3600).default(300),
-    ipmi: z.boolean().default(true),
-    smart: z.boolean().default(true),
-  }).default({}),
-  forge: z.object({
-    enabled: z.boolean().default(false),
-    url: z.string().default("https://forge.glassmkr.com"),
-    api_key: z.string().default(""),
-    tls_pin: z.string().default(""),
-  }).default({}),
-  thresholds: z.object({
-    ram_percent: z.number().default(90),
-    swap_alert: z.boolean().default(true),
-    disk_percent: z.number().default(85),
-    iowait_percent: z.number().default(20),
-    nvme_wear_percent: z.number().default(85),
-    disk_latency_nvme_ms: z.number().default(50),
-    disk_latency_hdd_ms: z.number().default(200),
-    cpu_temp_warning_c: z.number().default(80),
-    cpu_temp_critical_c: z.number().default(90),
-    interface_utilization_percent: z.number().default(90),
-  }).default({}),
-  channels: z.object({
-    telegram: z.object({
-      enabled: z.boolean().default(false),
-      bot_token: z.string().default(""),
-      chat_id: z.string().default(""),
-    }).default({}),
-    email: z.object({
-      enabled: z.boolean().default(false),
-      to: z.string().default(""),
-    }).default({}),
-    slack: z.object({
-      enabled: z.boolean().default(false),
-      webhook_url: z.string().default(""),
-    }).default({}),
-  }).default({}),
-  prometheus: z.object({
-    enabled: z.boolean().default(false),
-    port: z.number().default(9101),
-  }).default({}),
-});
-
-export type Config = z.infer<typeof ConfigSchema>;
-
-export function loadConfig(path: string): Config {
-  try {
-    const raw = readFileSync(path, "utf-8");
-    const parsed = parse(raw);
-    return ConfigSchema.parse(parsed);
-  } catch (err: any) {
-    if (err.code === "ENOENT") {
-      console.log(`[config] No config file at ${path}, using defaults`);
-      return ConfigSchema.parse({});
-    }
-    throw err;
-  }
-}

package/src/index.ts

@@ -1,221 +0,0 @@
-#!/usr/bin/env node
-
-import { parseCliArgs } from "./cli.js";
-import { CRUCIBLE_VERSION as PKG_VERSION } from "./lib/version.js";
-
-// Handle --version, --help, and planned-reboot subcommands before
-// importing collectors, loading config, or starting the Prometheus
-// server. Keeps the CLI responsive even on hosts missing the config
-// file or external tools.
-const { result: cliArgs, output: cliOutput } = parseCliArgs(process.argv.slice(2), PKG_VERSION);
-if (cliArgs.mode === "version" || cliArgs.mode === "help") {
-  console.log(cliOutput);
-  process.exit(0);
-}
-if (cliArgs.mode === "mark-reboot" || cliArgs.mode === "reboot") {
-  const { writeRebootMarker, parseDuration, DEFAULT_TTL_MS } = await import("./lib/reboot-marker.js");
-  const ttlMs = cliArgs.ttl ? parseDuration(cliArgs.ttl) : DEFAULT_TTL_MS;
-  if (ttlMs === null) {
-    console.error(`[mark-reboot] invalid --ttl value: ${cliArgs.ttl}. Use e.g. 10m, 2h, 600s.`);
-    process.exit(2);
-  }
-  try {
-    const { path, expires_at } = writeRebootMarker({
-      reason: cliArgs.reason, ttlMs,
-    });
-    console.log(`[${cliArgs.mode}] marker written: ${path} (expires ${expires_at}${cliArgs.reason ? `, reason: ${cliArgs.reason}` : ""})`);
-  } catch (err: any) {
-    console.error(`[${cliArgs.mode}] failed to write marker: ${err?.message || err}`);
-    console.error(`  Most likely cause: need root privileges to write under /var/lib/crucible/.`);
-    process.exit(1);
-  }
-  if (cliArgs.mode === "reboot") {
-    const { execFileSync } = await import("node:child_process");
-    console.log("[reboot] invoking systemctl reboot");
-    try {
-      execFileSync("systemctl", ["reboot"], { stdio: "inherit" });
-    } catch (err: any) {
-      console.error(`[reboot] systemctl reboot failed: ${err?.message || err}`);
-      process.exit(1);
-    }
-  }
-  process.exit(0);
-}
-
-import { loadConfig } from "./config.js";
-import { checkForUpdates } from "./lib/version-check.js";
-import { startMetricsServer, updateMetrics } from "./metrics-server.js";
-import { collectSystem } from "./collect/system.js";
-import { collectCpu } from "./collect/cpu.js";
-import { collectMemory } from "./collect/memory.js";
-import { collectDisks } from "./collect/disks.js";
-import { collectSmart } from "./collect/smart.js";
-import { collectNetwork } from "./collect/network.js";
-import { collectRaid } from "./collect/raid.js";
-import { collectIpmi } from "./collect/ipmi.js";
-import { collectOsAlerts } from "./collect/os-alerts.js";
-import { evaluateAlerts } from "./alerts/evaluator.js";
-import { updateAlertState } from "./alerts/state.js";
-import { sendTelegram } from "./notify/telegram.js";
-import { sendSlack } from "./notify/slack.js";
-import { sendEmail } from "./notify/email.js";
-import { pushToForge, initForgeAgent } from "./push/forge.js";
-import { collectSecurity, type SecurityData } from "./collect/security.js";
-import { collectZfs } from "./collect/zfs.js";
-import { collectIoErrors } from "./collect/io-errors.js";
-import { collectIoLatency } from "./collect/io-latency.js";
-import { collectConntrack } from "./collect/conntrack.js";
-import { collectSystemd } from "./collect/systemd.js";
-import { collectNtp } from "./collect/ntp.js";
-import { collectFileDescriptors } from "./collect/fd.js";
-import type { Snapshot, IpmiInfo } from "./lib/types.js";
-import { consumeRebootMarker, type PlannedReboot } from "./lib/reboot-marker.js";
-
-// Consume the planned-reboot marker once at startup. If the operator ran
-// `crucible-agent mark-reboot` / `reboot` before this boot, the marker
-// exists, we flag it on the first snapshot, and we delete the file (so
-// subsequent snapshots don't keep claiming the reboot was planned).
-const plannedRebootFlag: PlannedReboot | null = consumeRebootMarker();
-if (plannedRebootFlag) {
-  console.log(`[collector] Planned reboot acknowledged${plannedRebootFlag.reason ? `: ${plannedRebootFlag.reason}` : ""}`);
-}
-let plannedRebootConsumed = false;
-
-const config = loadConfig(cliArgs.configPath);
-
-console.log(`[collector] Starting. Server: ${config.server_name}. Interval: ${config.collection.interval_seconds}s`);
-console.log(`[collector] IPMI: ${config.collection.ipmi ? "enabled" : "disabled"}, SMART: ${config.collection.smart ? "enabled" : "disabled"}`);
-console.log(`[collector] Forge: ${config.forge.enabled ? config.forge.url : "disabled"}`);
-console.log(`[collector] Prometheus: ${config.prometheus.enabled ? `:${config.prometheus.port}/metrics` : "disabled"}`);
-
-// Start Prometheus metrics server if enabled
-if (config.prometheus.enabled) {
-  startMetricsServer(config.prometheus.port);
-}
-
-// Initialize TLS pinning for Forge if configured
-if (config.forge.tls_pin) {
-  initForgeAgent(config.forge.tls_pin);
-  console.log("[collector] TLS pinning enabled for Forge");
-}
-
-const emptyIpmi: IpmiInfo = { available: false, sensors: [], ecc_errors: { correctable: 0, uncorrectable: 0 }, sel_entries_count: 0, sel_events_recent: [], fans: [] };
-
-// Security checks run once per hour (every 12th cycle at 5-min intervals)
-let securityCycleCount = 0;
-let cachedSecurity: SecurityData | undefined;
-
-async function collect() {
-  const startTime = Date.now();
-  console.log(`[collector] Collecting...`);
-
-  const [system, cpu, memory, disks, smart, network, raid, ipmi, osAlerts] = await Promise.all([
-    collectSystem(),
-    collectCpu(),
-    collectMemory(),
-    collectDisks(),
-    config.collection.smart ? collectSmart() : Promise.resolve([]),
-    collectNetwork(),
-    collectRaid(),
-    config.collection.ipmi ? collectIpmi() : Promise.resolve(emptyIpmi),
-    collectOsAlerts(),
-  ]);
-
-  // Security checks: run once per hour, reuse cached data between runs
-  securityCycleCount++;
-  if (securityCycleCount >= 12 || !cachedSecurity) {
-    securityCycleCount = 0;
-    try { cachedSecurity = await collectSecurity(); } catch (err) { console.error("[security] Collection error:", err); }
-  }
-
-  const snapshot: Snapshot = {
-    collector_version: PKG_VERSION,
-    timestamp: new Date().toISOString(),
-    system, cpu, memory, disks, smart, network, raid, ipmi, os_alerts: osAlerts,
-    security: cachedSecurity,
-  };
-
-  // Single-shot: the very first snapshot after a marked reboot carries
-  // the flag, subsequent snapshots do not.
-  if (plannedRebootFlag && !plannedRebootConsumed) {
-    (snapshot as any).expected_reboot = true;
-    if (plannedRebootFlag.reason) (snapshot as any).expected_reboot_reason = plannedRebootFlag.reason;
-    plannedRebootConsumed = true;
-  }
-
-  // ZFS and I/O errors: collect every cycle (lightweight checks)
-  try { snapshot.zfs = await collectZfs() ?? undefined; } catch { /* skip if ZFS not available */ }
-  try { snapshot.io_errors = await collectIoErrors() ?? undefined; } catch { /* skip on error */ }
-  try { snapshot.io_latency = collectIoLatency(); } catch { /* skip on error */ }
-  try { snapshot.conntrack = collectConntrack(); } catch { /* skip on error */ }
-  try { snapshot.systemd = await collectSystemd(); } catch { /* skip on error */ }
-  try { snapshot.ntp = await collectNtp(); } catch { /* skip on error */ }
-  try { snapshot.file_descriptors = collectFileDescriptors(); } catch { /* skip on error */ }
-
-  // Update Prometheus metrics
-  updateMetrics(snapshot);
-
-  // Evaluate alerts
-  const alertResults = evaluateAlerts(snapshot, config.thresholds);
-  const { newAlerts, resolvedAlerts } = updateAlertState(alertResults);
-
-  const elapsed = Date.now() - startTime;
-  console.log(`[collector] Collected in ${elapsed}ms. Alerts: ${alertResults.length} active, ${newAlerts.length} new, ${resolvedAlerts.length} resolved`);
-
-  // Send notifications for new/resolved alerts
-  if (newAlerts.length > 0 || resolvedAlerts.length > 0) {
-    if (config.channels.telegram.enabled && config.channels.telegram.bot_token && config.channels.telegram.chat_id) {
-      await sendTelegram(config.channels.telegram.bot_token, config.channels.telegram.chat_id, newAlerts, resolvedAlerts, config.server_name);
-    }
-    if (config.channels.slack.enabled && config.channels.slack.webhook_url) {
-      await sendSlack(config.channels.slack.webhook_url, newAlerts, resolvedAlerts, config.server_name);
-    }
-    if (config.channels.email.enabled && config.channels.email.to) {
-      await sendEmail(config.channels.email, newAlerts, resolvedAlerts, config.server_name);
-    }
-  }
-
-  // Push to Forge (non-blocking)
-  if (config.forge.enabled && config.forge.api_key) {
-    pushToForge(config.forge.url, config.forge.api_key, snapshot);
-  }
-
-  // Check for updates (every 6 hours, non-blocking)
-  checkForUpdates(config.forge.enabled ? config.forge.url : undefined);
-
-  // Print summary on first run
-  if (firstRun) {
-    firstRun = false;
-    console.log("");
-    console.log("=== First collection complete ===");
-    console.log(`Server: ${system.hostname} (${system.os})`);
-    console.log(`CPU:    ${cpu.user_percent.toFixed(1)}% (load: ${cpu.load_1m})`);
-    const ramPct = memory.total_mb > 0 ? ((memory.used_mb / memory.total_mb) * 100).toFixed(1) : "0";
-    console.log(`RAM:    ${ramPct}% (${memory.used_mb} / ${memory.total_mb} MB)`);
-    if (disks.length > 0) console.log(`Disk:   ${disks[0].percent_used}% (${disks[0].mount})`);
-    console.log(`SMART:  ${smart.length > 0 ? `${smart.length} drive(s) checked` : "not available"}`);
-    console.log(`Network: ${network.map((n) => n.interface).join(", ") || "none detected"}`);
-    console.log(`IPMI:   ${ipmi.available ? "available" : "not available"}`);
-    console.log(`Active alerts: ${alertResults.length}`);
-    console.log(`Forge: ${config.forge.enabled ? "enabled" : "disabled"}`);
-    console.log("");
-  }
-}
-
-let firstRun = true;
-
-// Run immediately
-collect();
-
-// Then on interval
-setInterval(collect, config.collection.interval_seconds * 1000);
-
-process.on("SIGTERM", () => {
-  console.log("[collector] Received SIGTERM, shutting down");
-  process.exit(0);
-});
-
-process.on("SIGINT", () => {
-  console.log("[collector] Received SIGINT, shutting down");
-  process.exit(0);
-});

package/src/lib/__tests__/parse.test.ts

@@ -1,28 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { parseKeyValue, parseKb } from "../parse.js";
-
-describe("parseKeyValue", () => {
-  it("parses colon-delimited key/value lines", () => {
-    const out = parseKeyValue("Name: foo\nVersion: 1.2.3\n");
-    expect(out).toEqual({ Name: "foo", Version: "1.2.3" });
-  });
-  it("ignores lines with no colon", () => {
-    expect(parseKeyValue("no colon here\nA: 1\n")).toEqual({ A: "1" });
-  });
-  it("trims whitespace around keys and values", () => {
-    expect(parseKeyValue("   A   :    1   \n")).toEqual({ A: "1" });
-  });
-});
-
-describe("parseKb", () => {
-  it("parses a numeric kB value", () => {
-    expect(parseKb("16384 kB")).toBe(16384);
-  });
-  it("parses without unit", () => {
-    expect(parseKb("4096")).toBe(4096);
-  });
-  it("returns 0 for undefined/bad input", () => {
-    expect(parseKb(undefined)).toBe(0);
-    expect(parseKb("not a number")).toBe(0);
-  });
-});

package/src/lib/exec.ts

@@ -1,16 +0,0 @@
-import { execFile } from "child_process";
-import { promisify } from "util";
-
-const execFileAsync = promisify(execFile);
-
-export async function run(cmd: string, args: string[], timeoutMs = 10000): Promise<string | null> {
-  try {
-    const { stdout } = await execFileAsync(cmd, args, { timeout: timeoutMs });
-    return stdout;
-  } catch (err: any) {
-    if (err.code === "ENOENT") return null; // command not installed
-    if (err.killed) return null; // timeout
-    if (err.stdout) return err.stdout; // non-zero exit but has output
-    return null;
-  }
-}

package/src/lib/parse.ts

@@ -1,29 +0,0 @@
-import { readFileSync } from "fs";
-
-export function readProcFile(path: string): string | null {
-  try {
-    return readFileSync(path, "utf-8");
-  } catch {
-    return null;
-  }
-}
-
-export function parseKeyValue(raw: string): Record<string, string> {
-  const result: Record<string, string> = {};
-  for (const line of raw.split("\n")) {
-    const idx = line.indexOf(":");
-    if (idx === -1) continue;
-    result[line.slice(0, idx).trim()] = line.slice(idx + 1).trim();
-  }
-  return result;
-}
-
-export function parseKb(val: string | undefined): number {
-  if (!val) return 0;
-  const num = parseInt(val.replace(/\s*kB$/i, ""), 10);
-  return isNaN(num) ? 0 : num;
-}
-
-export function sleep(ms: number): Promise<void> {
-  return new Promise((r) => setTimeout(r, ms));
-}

package/src/lib/reboot-marker.ts

@@ -1,88 +0,0 @@
-// Planned-reboot marker handling.
-//
-// An operator signals "the next reboot is expected, don't page me"
-// by writing a short-lived JSON file to disk BEFORE rebooting. The
-// collector reads and deletes it on agent startup; the first
-// post-boot snapshot then carries `expected_reboot: true` so Forge's
-// unexpected_reboot rule stays quiet.
-//
-// Single-use (deleted on read regardless of validity) and TTL-guarded
-// (default 10 min) so a forgotten marker cannot silence a genuine
-// crash reboot weeks later.
-
-import { existsSync, readFileSync, unlinkSync, writeFileSync, mkdirSync, chmodSync } from "node:fs";
-import { dirname } from "node:path";
-
-export const DEFAULT_MARKER_PATH = "/var/lib/crucible/reboot-expected";
-export const DEFAULT_TTL_MS = 10 * 60 * 1000;
-
-export interface PlannedReboot {
-  expected: true;
-  reason?: string;
-}
-
-export interface RebootMarker {
-  expires_at: string; // ISO timestamp
-  reason?: string;
-}
-
-/**
- * Read and delete the marker at `path`. Returns the resolved reboot flag
- * if the file existed, was parseable JSON, and hasn't expired; otherwise
- * returns null. The file is unlinked in every branch where it existed,
- * so a malformed or stale marker is one-shot (can't linger).
- */
-export function consumeRebootMarker(
-  path: string = DEFAULT_MARKER_PATH,
-  now: Date = new Date(),
-): PlannedReboot | null {
-  if (!existsSync(path)) return null;
-  let raw: string;
-  try { raw = readFileSync(path, "utf-8"); } catch { try { unlinkSync(path); } catch {} return null; }
-  // Always delete after read, regardless of validity.
-  try { unlinkSync(path); } catch {}
-
-  let parsed: RebootMarker;
-  try { parsed = JSON.parse(raw); } catch { return null; }
-  if (!parsed || typeof parsed !== "object" || typeof parsed.expires_at !== "string") return null;
-  const expiresAt = new Date(parsed.expires_at);
-  if (isNaN(expiresAt.getTime())) return null;
-  if (expiresAt.getTime() <= now.getTime()) return null; // stale
-  return { expected: true, reason: parsed.reason };
-}
-
-/**
- * Write a planned-reboot marker. Used by the `mark-reboot` and `reboot`
- * CLI subcommands. `ttlMs` defaults to 10 minutes. Creates the parent
- * directory if needed. Chmod 600 so other users on the host can't read
- * or modify it.
- */
-export function writeRebootMarker(opts: {
-  reason?: string;
-  ttlMs?: number;
-  path?: string;
-  now?: Date;
-}): { path: string; expires_at: string } {
-  const path = opts.path ?? DEFAULT_MARKER_PATH;
-  const now = opts.now ?? new Date();
-  const ttlMs = opts.ttlMs ?? DEFAULT_TTL_MS;
-  const expiresAt = new Date(now.getTime() + ttlMs);
-  const body: RebootMarker = { expires_at: expiresAt.toISOString() };
-  if (opts.reason) body.reason = opts.reason;
-  try { mkdirSync(dirname(path), { recursive: true, mode: 0o700 }); } catch {}
-  writeFileSync(path, JSON.stringify(body), { mode: 0o600 });
-  try { chmodSync(path, 0o600); } catch {}
-  return { path, expires_at: body.expires_at };
-}
-
-/** Parse a duration like "10m", "2h", "600s" into milliseconds. Used by
- *  the CLI for the `--ttl` flag. */
-export function parseDuration(s: string): number | null {
-  const m = /^(\d+)\s*(ms|s|m|h)?$/.exec(s.trim());
-  if (!m) return null;
-  const n = parseInt(m[1], 10);
-  if (!Number.isFinite(n) || n < 0) return null;
-  const unit = m[2] ?? "s";
-  const mult = unit === "ms" ? 1 : unit === "s" ? 1000 : unit === "m" ? 60_000 : 3_600_000;
-  return n * mult;
-}

package/src/lib/types.ts

@@ -1,226 +0,0 @@
-export interface Snapshot {
-  collector_version: string;
-  timestamp: string;
-  system: SystemInfo;
-  cpu: CpuInfo;
-  memory: MemoryInfo;
-  disks: DiskInfo[];
-  smart: SmartInfo[];
-  network: NetworkInfo[];
-  raid: RaidInfo[];
-  ipmi: IpmiInfo;
-  os_alerts: OsAlerts;
-  security?: SecurityData;
-  zfs?: ZfsData;
-  io_errors?: { count: number; devices: string[] };
-  io_latency?: Array<{ device: string; avg_read_latency_ms: number | null; avg_write_latency_ms: number | null; read_iops: number; write_iops: number }>;
-  conntrack?: ConntrackData;
-  systemd?: SystemdData;
-  ntp?: NtpData;
-  file_descriptors?: FileDescriptorData;
-  // Planned-reboot flag: set only on the first snapshot after a reboot
-  // that was marked with `crucible-agent mark-reboot` / `reboot`. Forge
-  // reads this to suppress the `unexpected_reboot` rule. Single-use:
-  // subsequent snapshots don't carry it.
-  expected_reboot?: boolean;
-  expected_reboot_reason?: string;
-}
-
-export interface ConntrackData {
-  available: boolean;
-  count: number;
-  max: number;
-  percent: number;
-}
-
-export interface SystemdData {
-  failed_units: string[];
-  failed_count: number;
-}
-
-export interface NtpData {
-  synced: boolean;
-  offset_seconds: number;
-  source: string;
-  daemon_running: boolean;
-}
-
-export interface FileDescriptorData {
-  allocated: number;
-  free: number;
-  max: number;
-  percent: number;
-}
-
-export interface ZfsPool {
-  name: string;
-  state: string;
-  errors_text: string;
-  scrub_errors?: number;
-  scrub_repaired?: string;
-  last_scrub_date?: string;
-  scrub_never_run?: boolean;
-}
-
-export interface ZfsData {
-  pools: ZfsPool[];
-}
-
-export interface SecurityData {
-  ssh: { permitRootLogin: string; passwordAuthentication: string; rootPasswordExposed: boolean } | null;
-  firewall: { active: boolean; source: string; details: string };
-  pending_updates: { distro: string; pendingCount: number; available: boolean } | null;
-  kernel_vulns: Array<{ name: string; status: string; mitigated: boolean }>;
-  kernel_reboot: { running: string; installed: string; needsReboot: boolean } | null;
-  auto_updates: { configured: boolean; mechanism: string; details: string };
-}
-
-export interface SystemInfo {
-  hostname: string;
-  ip: string;
-  os: string;
-  /** `ID=` from /etc/os-release, lowercased. e.g. "ubuntu", "debian", "rocky", "arch", "alpine". */
-  os_id?: string;
-  /** `ID_LIKE=` from /etc/os-release, lowercased, space-separated. Used by Forge
-   *  to pick distro-family-specific fix command variants. e.g. on Rocky this
-   *  is "rhel centos fedora"; on Ubuntu it is "debian". */
-  os_id_like?: string;
-  kernel: string;
-  uptime_seconds: number;
-}
-
-export interface CpuCoreInfo {
-  core: number;
-  user_percent: number;
-  system_percent: number;
-  iowait_percent: number;
-  idle_percent: number;
-  irq_percent: number;
-  softirq_percent: number;
-}
-
-export interface CpuInfo {
-  user_percent: number;
-  system_percent: number;
-  iowait_percent: number;
-  idle_percent: number;
-  load_1m: number;
-  load_5m: number;
-  load_15m: number;
-  cores?: CpuCoreInfo[];
-}
-
-export interface MemoryInfo {
-  total_mb: number;
-  used_mb: number;
-  available_mb: number;
-  swap_total_mb: number;
-  swap_used_mb: number;
-}
-
-export interface DiskInfo {
-  device: string;
-  mount: string;
-  total_gb: number;
-  used_gb: number;
-  available_gb: number;
-  percent_used: number;
-  fstype?: string;
-  options?: string;
-  inodes_total?: number;
-  inodes_used?: number;
-  inodes_free?: number;
-  io_read_mb_s?: number;
-  io_write_mb_s?: number;
-  latency_p99_ms?: number;
-}
-
-export interface SmartInfo {
-  device: string;
-  model: string;
-  health: string;
-  temperature_c?: number;
-  percentage_used?: number;
-  reallocated_sectors?: number;
-  pending_sectors?: number;
-  power_on_hours?: number;
-}
-
-export interface NetworkInfo {
-  interface: string;
-  speed_mbps: number;
-  rx_bytes_sec: number;
-  tx_bytes_sec: number;
-  /** Delta over the collection interval (rx_errors + any subtype counter). */
-  rx_errors: number;
-  tx_errors: number;
-  rx_drops: number;
-  tx_drops: number;
-  /** Delta over the collection interval. Null if counter not available on this NIC. */
-  rx_packets?: number;
-  tx_packets?: number;
-  /** Fine-grained RX hardware-error subtypes (deltas). Null if unavailable. */
-  rx_crc_errors?: number;
-  rx_frame_errors?: number;
-  rx_length_errors?: number;
-  /** TX physical-layer fault counter (delta). Null if unavailable. */
-  tx_carrier_errors?: number;
-  operstate?: string; // "up", "down", "unknown", etc. from /sys/class/net/{iface}/operstate
-  bond_master?: string; // if this interface is a bond slave, the bond name
-  is_bond_master?: boolean; // true when this entry represents the bond aggregate
-}
-
-export interface RaidInfo {
-  device: string;
-  level: string;
-  status: string;
-  degraded: boolean;
-  disks: string[];
-  failed_disks: string[];
-}
-
-export interface SelEvent {
-  id: number;
-  timestamp: string;
-  sensor: string;
-  sensor_type: string;
-  event: string;
-  direction: string;
-  severity: string;
-}
-
-export interface FanStatus {
-  name: string;
-  rpm: number;
-  status: string;
-}
-
-export interface IpmiInfo {
-  available: boolean;
-  sensors: Array<{
-    name: string;
-    value: number | string;
-    unit: string;
-    status: string;
-    upper_critical?: number;
-  }>;
-  ecc_errors: { correctable: number; uncorrectable: number };
-  sel_entries_count: number;
-  sel_events_recent: SelEvent[];
-  fans: FanStatus[];
-}
-
-export interface OsAlerts {
-  oom_kills_recent: number;
-  zombie_processes: number;
-  time_drift_ms: number;
-}
-
-export interface AlertResult {
-  type: string;
-  severity: "critical" | "warning";
-  title: string;
-  message: string;
-  evidence: Record<string, unknown>;
-  recommendation: string;
-}