@glassmkr/crucible 0.7.1 → 0.8.1

package/src/collect/ntp.ts

@@ -1,114 +0,0 @@
-import { run } from "../lib/exec.js";
-
-export interface NtpData {
-  synced: boolean;
-  offset_seconds: number;
-  source: string;
-  daemon_running: boolean;
-  daemon_name: string;
-}
-
-// Check whether a systemd unit is active. Returns false for missing units, not-found, etc.
-async function isUnitActive(unit: string): Promise<boolean> {
-  const out = await run("systemctl", ["is-active", unit], 3000);
-  return out?.trim() === "active";
-}
-
-// Detect which time-sync daemon unit is currently active on the host, if any.
-// Returns "" when none are. We check the common names in order of preference.
-async function detectActiveDaemon(): Promise<string> {
-  const candidates = ["chrony", "chronyd", "systemd-timesyncd", "ntp", "ntpsec", "ntpd"];
-  for (const unit of candidates) {
-    if (await isUnitActive(unit)) return unit;
-  }
-  return "";
-}
-
-export async function collectNtp(): Promise<NtpData> {
-  // The authoritative "is the daemon running" check is systemctl is-active,
-  // not any derived flag from timedatectl. This catches daemon crashes and
-  // manual stops where the kernel clock is still synced.
-  const daemonName = await detectActiveDaemon();
-  const daemonRunning = daemonName !== "";
-
-  // Try timedatectl first (works for systemd-timesyncd and records the kernel
-  // NTPSynchronized flag regardless of which daemon set it).
-  const tdctl = await run("timedatectl", ["show", "--property=NTPSynchronized", "--value"]);
-  if (tdctl !== null && (tdctl.trim() === "yes" || tdctl.trim() === "no")) {
-    const synced = tdctl.trim() === "yes";
-
-    let offset = 0;
-    try {
-      const tsStatus = await run("timedatectl", ["timesync-status"]);
-      if (tsStatus) {
-        const match = tsStatus.match(/Offset:\s*([+-]?\d+\.?\d*)(us|ms|s)/);
-        if (match) {
-          const val = parseFloat(match[1]);
-          const unit = match[2];
-          if (unit === "us") offset = val / 1_000_000;
-          else if (unit === "ms") offset = val / 1000;
-          else offset = val;
-        }
-      }
-    } catch { /* offset stays 0 */ }
-
-    // Prefer an explicitly detected daemon name; fall back to systemd-timesyncd
-    // since timedatectl is most commonly the timesyncd frontend.
-    const source = daemonName || "systemd-timesyncd";
-    return { synced, offset_seconds: offset, source, daemon_running: daemonRunning, daemon_name: daemonName };
-  }
-
-  // Chrony tracking. Validate Leap status so we do not misread error text.
-  const chronyOut = await run("chronyc", ["tracking"]);
-  if (chronyOut) {
-    const leapMatch = chronyOut.match(/Leap status\s*:\s*(.+)/);
-    if (leapMatch) {
-      const synced = leapMatch[1].trim() === "Normal";
-      let offset = 0;
-      const offsetMatch = chronyOut.match(/Last offset\s*:\s*([+-]?\d+\.?\d*)\s*seconds/);
-      if (offsetMatch) offset = parseFloat(offsetMatch[1]);
-      return {
-        synced,
-        offset_seconds: Math.abs(offset),
-        source: daemonName || "chrony",
-        daemon_running: daemonRunning,
-        daemon_name: daemonName,
-      };
-    }
-  }
-
-  // ntpq peer table. Header check avoids false positives on error messages.
-  const ntpqOut = await run("ntpq", ["-pn"]);
-  if (ntpqOut) {
-    const hasHeader = ntpqOut.split("\n").some((line) => line.includes("remote"));
-    if (hasHeader) {
-      const synced = ntpqOut.split("\n").some((line) => line.startsWith("*"));
-      let offset = 0;
-      const selectedLine = ntpqOut.split("\n").find((line) => line.startsWith("*"));
-      if (selectedLine) {
-        const fields = selectedLine.trim().split(/\s+/);
-        if (fields.length >= 9) {
-          const rawOffset = parseFloat(fields[8]);
-          if (!isNaN(rawOffset)) offset = Math.abs(rawOffset) / 1000;
-        }
-      }
-      return {
-        synced,
-        offset_seconds: offset,
-        source: daemonName || "ntpd",
-        daemon_running: daemonRunning,
-        daemon_name: daemonName,
-      };
-    }
-  }
-
-  // No usable probe output. If systemd still reports a daemon as active, trust that;
-  // otherwise report fully down.
-  return {
-    synced: false,
-    offset_seconds: 0,
-    source: daemonName || "none",
-    daemon_running: daemonRunning,
-    daemon_name: daemonName,
-  };
-}

package/src/collect/os-alerts.ts

@@ -1,43 +0,0 @@
-import { run } from "../lib/exec.js";
-import { readProcFile } from "../lib/parse.js";
-import { readdirSync, readFileSync } from "fs";
-import type { OsAlerts } from "../lib/types.js";
-
-export async function collectOsAlerts(): Promise<OsAlerts> {
-  // OOM kills
-  let oomKills = 0;
-  const dmesg = await run("dmesg", ["--level=err,crit", "--since", "5 min ago"]);
-  if (dmesg) {
-    oomKills = (dmesg.match(/Out of memory/gi) || []).length;
-  }
-
-  // Zombie processes
-  let zombies = 0;
-  try {
-    const pids = readdirSync("/proc").filter((f) => /^\d+$/.test(f));
-    for (const pid of pids) {
-      try {
-        const stat = readFileSync(`/proc/${pid}/stat`, "utf-8");
-        // Field 3 is the state character
-        const state = stat.split(" ")[2];
-        if (state === "Z") zombies++;
-      } catch { /* process disappeared */ }
-    }
-  } catch { /* /proc not readable */ }
-
-  // Time drift (simple: check if chrony/ntp reports drift)
-  let timeDriftMs = 0;
-  const chrony = await run("chronyc", ["tracking"]);
-  if (chrony) {
-    const match = chrony.match(/System time\s*:\s*([\d.]+)\s*seconds\s*(slow|fast)/);
-    if (match) {
-      timeDriftMs = parseFloat(match[1]) * 1000;
-    }
-  }
-
-  return {
-    oom_kills_recent: oomKills,
-    zombie_processes: zombies,
-    time_drift_ms: Math.round(timeDriftMs * 100) / 100,
-  };
-}

package/src/collect/raid.ts

@@ -1,40 +0,0 @@
-import { readProcFile } from "../lib/parse.js";
-import type { RaidInfo } from "../lib/types.js";
-
-export async function collectRaid(): Promise<RaidInfo[]> {
-  const raw = readProcFile("/proc/mdstat");
-  if (!raw) return [];
-
-  const results: RaidInfo[] = [];
-  const lines = raw.split("\n");
-
-  for (let i = 0; i < lines.length; i++) {
-    const match = lines[i].match(/^(md\d+)\s*:\s*(\w+)\s+(\w+)\s+(.*)/);
-    if (!match) continue;
-
-    const device = match[1];
-    const status = match[2]; // "active" or "inactive"
-    const level = match[3]; // "raid1", "raid5", etc.
-    const disksPart = match[4];
-
-    // Parse component disks (e.g., "sda1[0] sdb1[1]")
-    const disks = (disksPart.match(/\w+\[\d+\]/g) || []).map((d) => d.replace(/\[\d+\]/, ""));
-
-    // Check next line for degraded status (e.g., "[UU_]" means one drive missing)
-    const statusLine = lines[i + 1] || "";
-    const bracketMatch = statusLine.match(/\[([U_]+)\]/);
-    const degraded = bracketMatch ? bracketMatch[1].includes("_") : false;
-
-    const failedDisks: string[] = [];
-    if (degraded && bracketMatch) {
-      const pattern = bracketMatch[1];
-      pattern.split("").forEach((c, idx) => {
-        if (c === "_" && disks[idx]) failedDisks.push(disks[idx]);
-      });
-    }
-
-    results.push({ device, level, status, degraded, disks, failed_disks: failedDisks });
-  }
-
-  return results;
-}

package/src/collect/security.ts

@@ -1,268 +0,0 @@
-import { run } from "../lib/exec.js";
-import { readFileSync, existsSync, readdirSync } from "fs";
-
-export interface SshSecurityStatus {
-  permitRootLogin: string;
-  passwordAuthentication: string;
-  rootPasswordExposed: boolean;
-}
-
-export interface FirewallStatus {
-  active: boolean;
-  source: string;
-  details: string;
-}
-
-export interface SecurityUpdateStatus {
-  distro: string;
-  pendingCount: number;
-  available: boolean;
-}
-
-export interface VulnerabilityStatus {
-  name: string;
-  status: string;
-  mitigated: boolean;
-}
-
-export interface KernelRebootStatus {
-  running: string;
-  installed: string;
-  needsReboot: boolean;
-}
-
-export interface AutoUpdateStatus {
-  configured: boolean;
-  mechanism: string;
-  details: string;
-}
-
-export interface SecurityData {
-  ssh: SshSecurityStatus | null;
-  firewall: FirewallStatus;
-  pending_updates: SecurityUpdateStatus | null;
-  kernel_vulns: VulnerabilityStatus[];
-  kernel_reboot: KernelRebootStatus | null;
-  auto_updates: AutoUpdateStatus;
-}
-
-export async function collectSecurity(): Promise<SecurityData> {
-  const [ssh, firewall, pendingUpdates, kernelVulns, kernelReboot, autoUpdates] = await Promise.all([
-    checkSshConfig(),
-    checkFirewall(),
-    checkSecurityUpdates(),
-    checkKernelVulnerabilities(),
-    checkKernelReboot(),
-    checkAutoUpdates(),
-  ]);
-
-  return { ssh, firewall, pending_updates: pendingUpdates, kernel_vulns: kernelVulns, kernel_reboot: kernelReboot, auto_updates: autoUpdates };
-}
-
-// === SSH ===
-
-async function checkSshConfig(): Promise<SshSecurityStatus | null> {
-  // Prefer sshd -T (resolves includes and match blocks)
-  const output = await run("sshd", ["-T"], 5000);
-  if (output) {
-    const getVal = (key: string): string => {
-      const line = output.split("\n").find((l) => l.startsWith(key + " "));
-      return line ? line.split(" ")[1].trim() : "";
-    };
-    const permitRootLogin = getVal("permitrootlogin");
-    const passwordAuth = getVal("passwordauthentication");
-    const rootPasswordExposed = permitRootLogin === "yes" && passwordAuth !== "no";
-    return { permitRootLogin, passwordAuthentication: passwordAuth, rootPasswordExposed };
-  }
-
-  // Fallback: parse sshd_config directly
-  try {
-    const config = readFileSync("/etc/ssh/sshd_config", "utf-8");
-    const lines = config.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
-    const find = (key: string): string | null => {
-      const line = lines.find((l) => l.toLowerCase().startsWith(key.toLowerCase()));
-      return line ? line.split(/\s+/)[1] : null;
-    };
-    const permitRootLogin = find("PermitRootLogin") || "prohibit-password";
-    const passwordAuth = find("PasswordAuthentication") || "yes";
-    const rootPasswordExposed = permitRootLogin.toLowerCase() === "yes" && passwordAuth.toLowerCase() !== "no";
-    return { permitRootLogin, passwordAuthentication: passwordAuth, rootPasswordExposed };
-  } catch {
-    return null;
-  }
-}
-
-// === Firewall ===
-
-async function checkFirewall(): Promise<FirewallStatus> {
-  // UFW: if installed, its status is authoritative (ignores Docker iptables chains)
-  const ufw = await run("ufw", ["status"], 5000);
-  if (ufw && ufw.includes("Status:")) {
-    const active = ufw.includes("Status: active");
-    return { active, source: "ufw", details: active ? "UFW is active" : "UFW is inactive" };
-  }
-
-  // firewalld: if installed, its status is authoritative
-  const fwd = await run("firewall-cmd", ["--state"], 5000);
-  if (fwd) {
-    if (fwd.trim() === "running") {
-      return { active: true, source: "firewalld", details: "firewalld is running" };
-    }
-    if (fwd.includes("not running") || fwd.includes("dead")) {
-      return { active: false, source: "firewalld", details: "firewalld is not running" };
-    }
-  }
-
-  // nftables (only if no managed firewall found)
-  const nft = await run("nft", ["list", "ruleset"], 5000);
-  if (nft) {
-    const ruleLines = nft.split("\n").filter((l) => l.trim().match(/^\s*(meta|ip |ip6 |tcp |udp |ct |drop|reject|accept)/));
-    if (ruleLines.length > 0) {
-      return { active: true, source: "nftables", details: `${ruleLines.length} nftables rules` };
-    }
-  }
-
-  // iptables fallback: filter out Docker/container chains to avoid false positives
-  const ipt = await run("iptables", ["-L", "-n"], 5000);
-  if (ipt) {
-    const lines = ipt.split("\n").filter((l) =>
-      l.trim() &&
-      !l.startsWith("Chain ") &&
-      !l.startsWith("target ") &&
-      !l.includes("DOCKER") &&
-      !l.includes("docker") &&
-      !l.includes("br-") &&
-      !l.includes("f2b-")
-    );
-    if (lines.length > 0) return { active: true, source: "iptables", details: `${lines.length} user iptables rules` };
-    if (ipt.includes("policy DROP") || ipt.includes("policy REJECT")) {
-      return { active: true, source: "iptables", details: "Default policy is DROP/REJECT" };
-    }
-  }
-
-  return { active: false, source: "none", details: "No firewall detected (checked ufw, firewalld, nftables, iptables)" };
-}
-
-// === Pending Security Updates ===
-
-async function checkSecurityUpdates(): Promise<SecurityUpdateStatus | null> {
-  let osRelease = "";
-  try { osRelease = readFileSync("/etc/os-release", "utf-8").toLowerCase(); } catch { return null; }
-
-  if (osRelease.includes("debian") || osRelease.includes("ubuntu") || osRelease.includes("mint")) {
-    const output = await run("bash", ["-c", 'apt list --upgradable 2>/dev/null | grep -i "security" | wc -l'], 30000);
-    if (output) {
-      const count = parseInt(output.trim()) || 0;
-      return { distro: osRelease.includes("ubuntu") ? "ubuntu" : "debian", pendingCount: count, available: true };
-    }
-    return { distro: "debian", pendingCount: 0, available: false };
-  }
-
-  if (osRelease.includes("rhel") || osRelease.includes("rocky") || osRelease.includes("alma") || osRelease.includes("fedora") || osRelease.includes("centos")) {
-    const cmd = existsSync("/usr/bin/dnf") ? "dnf" : "yum";
-    const output = await run("bash", ["-c", `${cmd} updateinfo list security --available 2>/dev/null | grep -c "/"`], 60000);
-    if (output) {
-      const count = parseInt(output.trim()) || 0;
-      const distro = osRelease.includes("rocky") ? "rocky" : osRelease.includes("alma") ? "alma" : osRelease.includes("fedora") ? "fedora" : "rhel";
-      return { distro, pendingCount: count, available: true };
-    }
-    return { distro: "rhel", pendingCount: 0, available: false };
-  }
-
-  return null;
-}
-
-// === Kernel Vulnerabilities ===
-
-function checkKernelVulnerabilities(): VulnerabilityStatus[] {
-  const vulnDir = "/sys/devices/system/cpu/vulnerabilities";
-  if (!existsSync(vulnDir)) return [];
-
-  try {
-    const files = readdirSync(vulnDir);
-    return files.map((file) => {
-      try {
-        const status = readFileSync(`${vulnDir}/${file}`, "utf-8").trim();
-        const mitigated = status.includes("Not affected") || status.includes("Mitigation:");
-        return { name: file, status, mitigated };
-      } catch {
-        return { name: file, status: "unknown", mitigated: true };
-      }
-    });
-  } catch {
-    return [];
-  }
-}
-
-// === Kernel Reboot ===
-
-async function checkKernelReboot(): Promise<KernelRebootStatus | null> {
-  const running = (await run("uname", ["-r"]))?.trim();
-  if (!running) return null;
-
-  // Method 1: reboot-required flag (Debian/Ubuntu)
-  if (existsSync("/var/run/reboot-required")) {
-    // Filter to versioned images only (e.g. linux-image-6.8.0-107-generic),
-    // excluding metapackages like linux-image-generic, linux-image-virtual.
-    const installed = (await run("bash", ["-c", 'dpkg -l "linux-image-*" 2>/dev/null | grep "^ii" | awk \'{print $2}\' | grep "linux-image-[0-9]" | sed "s/linux-image-//" | sort -V | tail -1']))?.trim() || "unknown";
-    return { running, installed, needsReboot: true };
-  }
-
-  // Method 2: Compare packages (Debian/Ubuntu)
-  // Same filter: only versioned images, no metapackages.
-  const debPkg = (await run("bash", ["-c", 'dpkg -l "linux-image-*" 2>/dev/null | grep "^ii" | awk \'{print $2}\' | grep "linux-image-[0-9]" | sed "s/linux-image-//" | sort -V | tail -1']))?.trim();
-  if (debPkg) {
-    return { running, installed: debPkg, needsReboot: debPkg !== running };
-  }
-
-  // Method 3: RPM-based
-  const rpmPkg = (await run("bash", ["-c", 'rpm -q kernel --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\\n" 2>/dev/null | sort -V | tail -1']))?.trim();
-  if (rpmPkg) {
-    return { running, installed: rpmPkg, needsReboot: rpmPkg !== running };
-  }
-
-  return null;
-}
-
-// === Auto Updates ===
-
-async function checkAutoUpdates(): Promise<AutoUpdateStatus> {
-  // Debian/Ubuntu: unattended-upgrades
-  const uuInstalled = await run("bash", ["-c", 'dpkg -l unattended-upgrades 2>/dev/null | grep "^ii"'], 5000);
-  if (uuInstalled) {
-    // Check config file
-    const autoConf = "/etc/apt/apt.conf.d/20auto-upgrades";
-    let configEnabled = false;
-    if (existsSync(autoConf)) {
-      const content = readFileSync(autoConf, "utf-8");
-      configEnabled = content.includes('Update-Package-Lists "1"') && content.includes('Unattended-Upgrade "1"');
-    }
-
-    // Check systemd service state
-    const serviceEnabled = (await run("bash", ["-c", "systemctl is-enabled unattended-upgrades 2>/dev/null"], 5000))?.trim() === "enabled";
-    const serviceActive = (await run("bash", ["-c", "systemctl is-active unattended-upgrades 2>/dev/null"], 5000))?.trim() === "active";
-
-    if (configEnabled && serviceEnabled) {
-      return { configured: true, mechanism: "unattended-upgrades", details: serviceActive ? "Installed, enabled, and running" : "Installed and enabled (service not active)" };
-    }
-    if (!configEnabled && !serviceEnabled) {
-      return { configured: false, mechanism: "unattended-upgrades", details: "Installed but not configured and service disabled" };
-    }
-    if (!serviceEnabled) {
-      return { configured: false, mechanism: "unattended-upgrades", details: "Installed and configured but service disabled" };
-    }
-    return { configured: false, mechanism: "unattended-upgrades", details: "Installed but not enabled in 20auto-upgrades" };
-  }
-
-  // RHEL/Rocky/Alma: dnf-automatic
-  const dnfAuto = await run("bash", ["-c", "rpm -q dnf-automatic 2>/dev/null"], 5000);
-  if (dnfAuto && !dnfAuto.includes("not installed")) {
-    const timerActive = await run("bash", ["-c", "systemctl is-enabled dnf-automatic-install.timer 2>/dev/null || systemctl is-enabled dnf-automatic.timer 2>/dev/null"], 5000);
-    if (timerActive && timerActive.includes("enabled")) {
-      return { configured: true, mechanism: "dnf-automatic", details: "Installed and timer enabled" };
-    }
-    return { configured: false, mechanism: "dnf-automatic", details: "Installed but timer not enabled" };
-  }
-
-  return { configured: false, mechanism: "none", details: "No automatic security update mechanism detected" };
-}

package/src/collect/smart.ts

@@ -1,72 +0,0 @@
-import { run } from "../lib/exec.js";
-import { readdirSync } from "fs";
-import type { SmartInfo } from "../lib/types.js";
-
-export async function collectSmart(): Promise<SmartInfo[]> {
-  // Find block devices
-  const devices: string[] = [];
-  try {
-    const entries = readdirSync("/sys/block");
-    for (const entry of entries) {
-      if (entry.startsWith("sd") || entry.startsWith("nvme") || entry.startsWith("hd")) {
-        devices.push(`/dev/${entry}`);
-      }
-    }
-  } catch {
-    return [];
-  }
-
-  const results: SmartInfo[] = [];
-  for (const device of devices) {
-    const output = await run("smartctl", ["--json", "--all", device]);
-    if (!output) continue;
-
-    try {
-      const info = parseSmartctlJson(JSON.parse(output), device);
-      results.push(info);
-    } catch {
-      // Failed to parse, skip this device
-    }
-  }
-
-  return results;
-}
-
-export function parseSmartctlJson(data: Record<string, unknown> & {
-  model_name?: string;
-  model_family?: string;
-  smart_status?: { passed?: boolean };
-  temperature?: { current?: number };
-  power_on_time?: { hours?: number };
-  nvme_smart_health_information_log?: { percentage_used?: number; temperature?: number };
-  ata_smart_attributes?: { table?: Array<{ id?: number; name?: string; raw?: { value?: number } }> };
-}, device: string): SmartInfo {
-  const info: SmartInfo = {
-    device,
-    model: data.model_name || data.model_family || "unknown",
-    health: data.smart_status?.passed ? "PASSED" : "FAILED",
-    temperature_c: data.temperature?.current,
-    power_on_hours: data.power_on_time?.hours,
-  };
-
-  // NVMe specific
-  if (data.nvme_smart_health_information_log) {
-    const nvme = data.nvme_smart_health_information_log;
-    info.percentage_used = nvme.percentage_used;
-    info.temperature_c = nvme.temperature;
-  }
-
-  // SATA specific
-  if (data.ata_smart_attributes?.table) {
-    for (const attr of data.ata_smart_attributes.table) {
-      if (attr.id === 5 || attr.name === "Reallocated_Sector_Ct") {
-        info.reallocated_sectors = attr.raw?.value || 0;
-      }
-      if (attr.id === 197 || attr.name === "Current_Pending_Sector") {
-        info.pending_sectors = attr.raw?.value || 0;
-      }
-    }
-  }
-
-  return info;
-}

package/src/collect/system.ts

@@ -1,32 +0,0 @@
-import { hostname } from "os";
-import { readProcFile } from "../lib/parse.js";
-import { run } from "../lib/exec.js";
-import type { SystemInfo } from "../lib/types.js";
-
-// Matches KEY=value with optional surrounding double quotes. Handles both
-// `ID=ubuntu` and `ID="rocky"` styles found in the wild.
-export function readOsReleaseField(osRelease: string, key: string): string | undefined {
-  const m = osRelease.match(new RegExp(`^${key}=("?)(.+?)\\1$`, "m"));
-  return m ? m[2].toLowerCase() : undefined;
-}
-
-export async function collectSystem(): Promise<SystemInfo> {
-  const osRelease = readProcFile("/etc/os-release") || "";
-  const osName = osRelease.match(/PRETTY_NAME="(.+?)"/)?.[1] || "Unknown";
-  const os_id = readOsReleaseField(osRelease, "ID");
-  const os_id_like = readOsReleaseField(osRelease, "ID_LIKE");
-  const kernel = (await run("uname", ["-r"]))?.trim() || "unknown";
-  const uptimeRaw = readProcFile("/proc/uptime") || "0";
-  const uptimeSeconds = Math.floor(parseFloat(uptimeRaw.split(" ")[0]));
-  const ip = (await run("hostname", ["-I"]))?.trim().split(" ")[0] || "unknown";
-
-  return {
-    hostname: hostname(),
-    ip,
-    os: osName,
-    ...(os_id ? { os_id } : {}),
-    ...(os_id_like ? { os_id_like } : {}),
-    kernel,
-    uptime_seconds: uptimeSeconds,
-  };
-}

package/src/collect/systemd.ts

@@ -1,33 +0,0 @@
-import { run } from "../lib/exec.js";
-
-export interface SystemdData {
-  failed_units: string[];
-  failed_count: number;
-}
-
-// Units commonly in failed state by design or misconfiguration
-const DEFAULT_EXCLUDES = [
-  "systemd-networkd-wait-online.service",
-];
-
-export async function collectSystemd(extraExcludes: string[] = []): Promise<SystemdData> {
-  const output = await run("systemctl", [
-    "list-units", "--type=service", "--state=failed", "--no-legend", "--plain",
-  ]);
-
-  if (!output || output.trim() === "") {
-    return { failed_units: [], failed_count: 0 };
-  }
-
-  const excludes = new Set([...DEFAULT_EXCLUDES, ...extraExcludes]);
-  const units: string[] = [];
-
-  for (const line of output.trim().split("\n")) {
-    const unit = line.trim().split(/\s+/)[0];
-    if (unit && unit.endsWith(".service") && !excludes.has(unit)) {
-      units.push(unit);
-    }
-  }
-
-  return { failed_units: units, failed_count: units.length };
-}

package/src/collect/zfs.ts

@@ -1,66 +0,0 @@
-import { run } from "../lib/exec.js";
-import type { ZfsData, ZfsPool } from "../lib/types.js";
-
-export async function collectZfs(): Promise<ZfsData | null> {
-  // Check if zpool is installed
-  const zpoolPath = await run("which", ["zpool"], 3000);
-  if (!zpoolPath || !zpoolPath.trim()) return null;
-
-  const zpoolStatus = await run("zpool", ["status"], 10000);
-  if (!zpoolStatus || !zpoolStatus.trim()) return null;
-
-  const pools = parseZpoolStatus(zpoolStatus);
-  if (pools.length === 0) return null;
-  return { pools };
-}
-
-export function parseZpoolStatus(zpoolStatus: string): ZfsPool[] {
-  const pools: ZfsPool[] = [];
-  let current: ZfsPool | null = null;
-
-  for (const line of zpoolStatus.split("\n")) {
-    const poolMatch = line.match(/^\s*pool:\s*(.+)/);
-    if (poolMatch) {
-      current = {
-        name: poolMatch[1].trim(),
-        state: "UNKNOWN",
-        errors_text: "",
-      };
-      pools.push(current);
-      continue;
-    }
-
-    if (!current) continue;
-
-    const stateMatch = line.match(/^\s*state:\s*(.+)/);
-    if (stateMatch) {
-      current.state = stateMatch[1].trim();
-      continue;
-    }
-
-    const errorsMatch = line.match(/^\s*errors:\s*(.+)/);
-    if (errorsMatch) {
-      current.errors_text = errorsMatch[1].trim();
-      continue;
-    }
-
-    // Parse scrub info
-    if (line.includes("scan:")) {
-      if (line.includes("none requested")) {
-        current.scrub_never_run = true;
-      } else {
-        const repairMatch = line.match(/scrub repaired (\S+) in .* with (\d+) errors/);
-        if (repairMatch) {
-          current.scrub_repaired = repairMatch[1];
-          current.scrub_errors = parseInt(repairMatch[2]) || 0;
-        }
-        const dateMatch = line.match(/on (.+)$/);
-        if (dateMatch) {
-          current.last_scrub_date = dateMatch[1].trim();
-        }
-      }
-    }
-  }
-
-  return pools;
-}