TL;DR
Witr is a read-only Linux utility that traces why a process, service, or port is active by building a causal chain from PID to its source. It aims to reduce time-to-understanding during debugging with zero configuration and a single static binary distribution.
What happened
A new command-line utility called witr (why-is-this-running) surfaces the causal chain behind running things on Linux systems. Instead of just listing processes, sockets or containers, witr maps targets (process name, PID or port) to a PID and produces a narrative-style, deterministic explanation of how that PID came to exist — for example showing systemd → supervisor → process ancestry. The tool is intentionally read-only and non-destructive, prioritizes clarity over completeness, and is provided as a single static Linux binary with an install script and manual install instructions for amd64 and arm64. Output includes sections for the target, process metadata, a "Why It Exists" ancestry, a primary source (systemd, docker, pm2, cron, shell, etc.), context like working directory or git repo (best effort), and non-blocking warnings. Some details require elevated permissions and sudo may be necessary to see full ancestry and environment data.
Why it matters
- Makes causality explicit so engineers can answer "why is this running?" faster during incidents
- Consolidates information that normally requires correlating multiple tools (ps, ss, systemctl, docker)
- Designed for zero-configuration use and to be safe and non-destructive in production environments
- Provides human-readable narratives and deterministic ordering to reduce ambiguity under stress
Key facts
- Primary question: explains why a process exists, not just that it exists
- Supports queries by process/service name, specific PID (–pid), or port (–port)
- Outputs a narrative with sections: Target, Process, Why It Exists, Source, Context, and Warnings
- Selects a single primary source that started or supervises the process (best effort)
- Flags include –short, –tree, –json, –warnings, –env, and –no-color
- Distributed as a single static Linux binary with an install script and manual install steps for amd64 and arm64
- Intended goals: reduce time-to-understanding, work with zero config, be safe and read-only
- Non-goals: not a monitoring tool, not a profiler, not a remediation or auto-fix tool
- Some process details require elevated permissions; run with sudo if expected information is missing
- Output may include context like working directory, git repo, docker container name/image, and network bind info (best effort)
What to watch next
- Plans for broader platform support beyond Linux — not confirmed in the source
- Integration or interoperability with existing orchestration and monitoring tooling (e.g., direct hooks) — not confirmed in the source
- Long-term maintenance, release cadence, and community adoption trends — not confirmed in the source
Quick glossary
- PID: Process ID, a numeric identifier assigned by the operating system to each running process.
- systemd: A Linux init system and service manager that starts, stops and supervises system services.
- PM2: A process manager commonly used to run and supervise Node.js applications (example supervisory source in outputs).
- Read-only: Operation mode where a tool inspects system state without making changes or performing destructive actions.
- Container: An isolated runtime environment that packages an application and its dependencies, typically managed by tooling like Docker.
Reader FAQ
What does witr do?
It builds a causal, human-readable explanation of why a process, service, or port is running by mapping targets to PIDs and tracing ancestry and supervisors.
Which platforms does witr support?
Linux.
Does witr change system state or fix issues?
No. The project is explicitly read-only and non-destructive; it is not a remediation or auto-fix tool.
How do I install witr?
Installation is supported via a provided install script or manual download of the appropriate static binary for amd64 or arm64; the source includes step-by-step commands.
Do I need sudo?
witr may require elevated permissions to show full process ancestry, user, working directory or environment details; run with sudo if information is missing.
witr (why-is-this-running) 1. Purpose witr exists to answer a single question: Why is this running? When something is running on a system—whether it is a process, a service, or something…
Sources
- Show HN: Witr – Explain why a process is running on your Linux system
- Witr – Explain why a process is running on your Linux system
- Linux: Tool to monitor every process, execute-command …
- linux – how to investigate what a process is doing?
Related posts
- How uv got so fast: design choices behind a speedy Python installer
- NullSplats: Three Ways to Produce 3D Gaussian Splatting from Casual Captures
- FFmpeg claims a DMCA takedown on GitHub over alleged copied code