Witr Process Inspector
Trace why a process, service, or port is listening by following supervisor, container, and shell causality with the witr CLI or TUI.
Overview
witr Process Inspector is an agent skill most often used in Operate (also Build, Ship) that guides use of the witr CLI/TUI to trace why processes, services, and ports are running.
Install
npx skills add https://github.com/aradotso/trending-skills --skill witr-process-inspectorWhat is this skill?
- Answers why is this running for processes, services, and ports
- Traces causality across systemd, Docker, shells, and supervisors
- CLI and TUI modes including dashboard-style inspection
- Trigger phrases for port listeners and mystery background services
- Install paths: curl install script, Homebrew, winget, scoop, conda, and AUR
Adoption & trust: 1.2k installs on skills.sh; 31 GitHub stars; 0/3 security scanners passed (skills.sh audits).
What problem does it solve?
Something is listening on a port or a service keeps respawning and you cannot see which supervisor, container, or shell started the chain.
Who is it for?
Developers debugging local dev servers, Docker sidecars, or mystery background jobs on macOS, Linux, or Windows who want one tool instead of five separate commands.
Skip if: Teams that need full APM traces, log aggregation, or deep kernel debugging without installing a third-party CLI.
When should I use this skill?
When the user asks why a process or service is running, what started it, what is listening on a port, or to inspect causality with witr CLI/TUI.
What do I get? / Deliverables
You install or invoke witr and get an explicit causality chain from the running target back through containers, systemd, and parent shells so you can stop or fix the right layer.
- Causality chain explanation for target PID or port
- Guided witr CLI/TUI commands
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Explaining live runtime causality is canonical Operate work when production or local dev services behave unexpectedly. The skill centers on inspecting what is running and what started it—core monitoring and diagnostics on running systems.
Where it fits
Port 8080 is taken in production-like Docker compose and you need the parent unit that keeps restarting the listener.
Your agent spawned a dev server twice and you want witr to show which shell job owns the stray PID.
CI failed with address already in use and you trace the orphaned process chain before re-running tests.
How it compares
Operational causality tracer for processes and ports—not a substitute for application error tracking or CI test runners.
Common Questions / FAQ
Who is witr-process-inspector for?
Solo builders and small teams who debug running services with AI agents and want standardized witr commands for process and port causality.
When should I use witr-process-inspector?
In Operate/monitoring when ports conflict or services respawn; in Build/agent-tooling when local stacks leave orphans; in Ship/testing when integration runs fail because something is already bound.
Is witr-process-inspector safe to install?
The skill documents curl-based installers and package managers—verify sources and review the Security Audits panel on this Prism page before running install scripts with elevated shell access.
SKILL.md
READMESKILL.md - Witr Process Inspector
# witr — Why Is This Running? > Skill by [ara.so](https://ara.so) — Daily 2026 Skills collection. **witr** is a Go CLI/TUI tool that answers "why is this running?" for any process, service, or port. Instead of leaving you to correlate `ps`, `lsof`, `ss`, `systemctl`, and `docker ps` manually, witr makes the causality chain explicit — showing where a running thing came from, how it was started, and what chain of supervisors/containers/shells is responsible. --- ## Installation ### Quickest (Unix) ```bash curl -fsSL https://raw.githubusercontent.com/pranshuparmar/witr/main/install.sh | bash ``` ### Quickest (Windows PowerShell) ```powershell irm https://raw.githubusercontent.com/pranshuparmar/witr/main/install.ps1 | iex ``` ### Package Managers ```bash # Homebrew (macOS/Linux) brew install witr # Conda conda install -c conda-forge witr # Arch Linux (AUR) yay -S witr-bin # Windows winget winget install -e --id PranshuParmar.witr # Windows Scoop scoop install main/witr # Alpine / apk sudo apk add --allow-untrusted ./witr-*.apk # Go source install go install github.com/pranshuparmar/witr/cmd/witr@latest ``` --- ## Key Commands & Flags ### Basic Usage ```bash # Inspect a process by PID witr <pid> # Inspect by process name (substring match) witr <name> # Inspect what's bound to a port witr --port <port> witr -p <port> # Launch interactive TUI dashboard witr --interactive witr -i # Show all running processes with causality info witr --all witr -a # Output as JSON (for scripting) witr --json <pid> # Follow/watch mode — refresh automatically witr --watch <pid> witr -w <pid> # Verbose output — show full environment and metadata witr --verbose <pid> witr -v <pid> # Filter processes by user witr --user <username> # Show version witr --version ``` ### Common Flag Reference | Flag | Short | Description | |------|-------|-------------| | `--port` | `-p` | Inspect by port number | | `--interactive` | `-i` | Launch TUI dashboard | | `--all` | `-a` | Show all processes | | `--json` | | Output as JSON | | `--watch` | `-w` | Auto-refresh/follow | | `--verbose` | `-v` | Full metadata output | | `--user` | | Filter by OS user | | `--version` | | Print version | --- ## Interactive TUI Mode Launch the full dashboard: ```bash witr -i # or witr --interactive ``` **TUI Keybindings:** | Key | Action | |-----|--------| | `↑` / `↓` | Navigate process list | | `Enter` | Expand process detail / causality chain | | `f` | Filter/search processes | | `s` | Sort by column | | `r` | Refresh | | `j` | Toggle JSON view | | `q` / `Ctrl+C` | Quit | --- ## Example Outputs ### Inspect a PID ```bash witr 1234 ``` ``` PID: 1234 Name: node Binary: /usr/local/bin/node Started: 2026-03-18 09:12:44 User: ubuntu Why is this running? └─ Started by: npm (PID 1200) └─ Started by: bash (PID 1180) └─ Started by: sshd (PID 980) └─ Started by: systemd (PID 1) [service: sshd.service] ``` ### Inspect by Port ```bash witr --port 8080 ``` ``` Port: 8080 (TCP, LISTEN) Process: python3 (PID 4512) Binary: /usr/bin/python3 User: deploy Why is this running? └─ Started by: gunicorn (PID 4490) └─ Started by: systemd (PID 1) [service: myapp.service] Unit file: /etc/systemd/system/myapp.service ExecStart: /usr/bin/gunicorn app:app --bind 0.0.0.0:8080 ``` ### JSON Output (for scripting) ```bash witr --json 4512 ``` ```json { "pid": 4512, "name": "python3", "binary": "/usr/bin/python3", "user": "depl