Childflow

childflow 0.6.0

This release adds the first structured observability layer to childflow.

childflow can now write structured JSON Lines flow events for the target command tree, making it easier to understand what DNS, connection, and policy activity occurred during a run without going straight to packet capture.

Highlights

• Added structured flow logging:
  • --flow-log <path>
• Added first-class flow events for:
  • DNS queries and answers
  • outbound TCP connect attempts and results
  • policy violations
  • flow completion
• Added flow-log-aware summary output:
  • --summary now shows aggregate flow-log event counts when a flow log is present
• Added a documented flow log schema for downstream tooling and future compatibility work

Added

• --flow-log <path> for structured JSON Lines output
• dns_query events
• dns_answer events
• connect_attempt events
• connect_result events
• policy_violation events
• flow_end events
• schema_version: 1 on every flow log event
• A dedicated schema reference:
  • docs/flow-log-schema.md

Changed

• policy_violation events now include structured fields such as:
  • action
  • reason_code
  • control
  • matched_cidr
  • remote_ip
  • remote_port
• connect_attempt, connect_result, and flow_end now include stable remote_ip / remote_port fields
• dns_query and dns_answer now include stable server_ip / server_port fields
• connect_result.status is now constrained to:
  • ok
  • error
• dns_answer.mode is now constrained to:
  • relayed
  • synthetic_empty
• --summary now reports aggregate flow-log event counts when --flow-log is enabled
• README and technical docs were updated to document the flow log behavior and schema

Notes

• --flow-log is currently supported only by the default rootless-internal backend
• Flow logs complement --capture rather than replacing it:
  • use --flow-log for structured execution tracing
  • use --capture for packet-level inspection
• The current flow log schema version is 1

Install

cargo install childflow

Full Usage

childflow --help