KernelCap is an open-source, ultra-low-overhead Linux kernel circuit breaker and profiling engine designed specifically for AI compute infrastructure. By leveraging eBPF (Extended Berkeley Packet Filter), NVML hooks, and an inline semantic text-chopper reverse proxy, KernelCap intercepts, analyzes, and sub-millisecond throttles runaway AI agent loops, memory leaks, and silent GPU hangs directly at the OS level.
Unlike traditional monitoring suites that poll system state every few seconds, KernelCap hooks directly into kernel-level runtime schedulers and system execution traces to catch multi-thousand-dollar API resource drains and runaway context expansions as they happen.
- eBPF Kernel Profiling: Attaches Compile-Once Run-Everywhere (CO-RE) tracepoint and kprobe sensors to monitor raw system behaviors directly from host kernel ring buffers.
-
Automated POSIX Circuit Breaker: Instantly triggers kernel-level
SIGSTOP/SIGCONTsignals or cgroup pauses when execution anomalies pass threshold limits, flattening rogue process CPU/GPU usage to exactly 0.0%. -
OLS Regression Leak Analyzer: Runs an inline Ordinary Least Squares (OLS) mathematical regression pipeline over system resource vectors to distinguish normal spikes from genuine monotonic host memory leaks (
$R^2 > 0.95$ ). - SimHash Distance Engine: Inspects flowing LLM token requests and text chunks via an internal proxy, using bitwise Hamming distances to trap repetitive generation loops inside token pipelines within milliseconds.
- Virtualized Developer UI: A lightweight, zero-dependency local canvas data-grid and streaming log shell engineered to visualize system processes and telemetry metrics at a smooth 60 FPS.
KernelCap is engineered to be more stable and lightweight than the container workloads it protects.
The following metrics reflect an active agent monitoring a 100-container cluster tracking 5,000 model transactions per second:
| Metric Vector | Target Baseline Baseline | Maximum Observed Ceiling |
|---|---|---|
| CPU Utilization | < 0.4% of a single core |
0.8% under maximum blast load |
| Memory Footprint | ~11.8 MB fixed heap |
14.2 MB (Bounded ring buffer floor) |
| Ingestion Pipeline Latency | p95: 1.12ms |
p99: 2.38ms |
| Mitigation Shunt Latency | < 0.95ms from trigger to SIGSTOP |
1.40ms |
To download the binary go to releases
Manual Binary Installation (Linux x86_64 / ARM64)
If you prefer manual distribution deployments, download the static compiled release binary directly from GitHub:
```bash
wget [https://github.com/kernelcap/kernelcap/releases/latest/download/kernelcap-linux-amd64](https://github.com/kernelcap/kernelcap/releases/latest/download/kernelcap-linux-amd64) -O kernelcap
chmod +x kernelcap
sudo ./kernelcap doctor
sudo ./kernelcap run
Before activating proxy interception routes, run the automated health check suite to assert host runtime safety parameters:
sudo ./kernelcap doctorExpected Telemetry Matrix Output:
[KernelCap System Diagnostic Check] ───────────────────────────────────────────────────────────── [✓] Verifying execution privileges... OK (UID 0 - Root verified) [✓] Checking Linux Kernel Architecture... OK (Linux 6.1.0-ext4) [✓] Validating BTF Kernel Map Formats... OK (/sys/kernel/btf/vmlinux found) [✓] Initializing eBPF Core Subsystem... OK (Maps committed safely) [✓] Checking Proxy Port 8080 Availability... OK (Port clear) ───────────────────────────────────────────────────────────── STATUS: Host environment is FULLY COMPLIANT. Ready for ingestion.
KernelCap passes data packets from kernel space straight to your console and local dashboard components via low-latency pipelines.
┌───────────────────────────────────────────────────────────────┐ │ LINUX HOST KERNEL │ │ [ eBPF Kprobes ] ──(Ring Buffer)──► [ OLS Math Regression ] │ │ [ Network Proxy ] ──(Token Stream)──► [ SimHash Engine ] │ └───────────────────────────────┬───────────────────────────────┘ │ ▼ [ EventRouter Go Interface ] │ ┌────────────────────────┴────────────────────────┐ ▼ ▼ [ Local Console Output ] [ Embedded WebSocket Server ] • High-visibility stdout logs • Low-latency state sync • Direct POSIX signal tracing • 60 FPS real-time UI charts
To verify the integrity of the math and signaling pipelines on your local staging infrastructure, execute the complete integration test harness runner:
make test-allThis harness programmatically spins up a mock AI application space, forces a structural infinite memory leak vector, asserts that KernelCap captures the mathematical drift, validates the process state transitions to State T (SIGSTOP), and sweeps all spawned zombie PIDs out of host operating schedules within 15 seconds.
🤝 Contributing & Community KernelCap is 100% open-source software, built with love by the systems community for the systems community under the corporate-friendly Apache 2.0 License. We welcome contributions from cloud-native engineers, security researchers, and kernel developers.
To expand on our custom kernel tracepoints, build out additional metric adapters, or optimize our proxy pipeline:
Review our Contribution Guide.
Check out development targets inside the project Makefile.
Open a Pull Request or log an Issue on our main tracker.
Developed with 🛡️ by EErbium. Licensed under the Apache 2.0 License.