eBPF capture is currently scaffold for live enforcement (privileged daemon Executed=false; real C + correlator + smoke tests; cross-compiles for linux but cannot attach on macOS).
Action: implement the live Linux daemon path and emit a measured observability-gap metric (fraction of effects below the tool-call boundary).
BRIDGE: this is also the instrument for the lead research paper — cross-link ardur-vault paper-track/P2.
Acceptance: daemon attaches on Linux CI and emits the metric on a real workload.
Size: L
From the Ardur dual-track Master Plan (Track A). Verified locally 2026-06-23.
eBPF capture is currently scaffold for live enforcement (privileged daemon Executed=false; real C + correlator + smoke tests; cross-compiles for linux but cannot attach on macOS).
Action: implement the live Linux daemon path and emit a measured observability-gap metric (fraction of effects below the tool-call boundary).
BRIDGE: this is also the instrument for the lead research paper — cross-link ardur-vault paper-track/P2.
Acceptance: daemon attaches on Linux CI and emits the metric on a real workload.
Size: L
From the Ardur dual-track Master Plan (Track A). Verified locally 2026-06-23.