Module windows 

Windows ProcessTreeTracker implementation backed by Job Objects.

Flow:

1. JobObjectTracker::new(block_id) creates an anonymous job and sets KILL_ON_JOB_CLOSE, so anything in the job dies automatically if AgentMux itself crashes without calling kill_tree.
2. The caller gets the tracker handle and, when spawning the agent CLI, calls assign_process(child_pid) immediately after spawn. Every CreateProcess descendant of that PID inherits the job automatically — no per-process tagging.
3. list_members queries the job for its current PID set and enriches each with command line + RSS via PROCESS_QUERY_LIMITED_INFORMATION
   • GetModuleFileNameEx / GetProcessMemoryInfo.
4. kill_tree → TerminateJobObject. One call nukes everything.

The only non-trivial thing: there’s a ~1ms race window between CreateProcess and our AssignProcessToJobObject. A child the CLI creates in that window escapes the job. In practice the CLI doesn’t spawn anything before it reads stdin, so this is a theoretical concern — but worth a future move to CREATE_SUSPENDED + assign + ResumeThread if we see escapes.

Structs

Inner 🔒

JobObjectTracker

Functions

query_command_line 🔒

Read a process’s command line via GetCommandLineW is not an option for foreign processes — that’s the calling process’s cmdline. Instead we use QueryFullProcessImageNameW for the executable path and treat cmdline as “unavailable” for v1. WMI can fill this in later if the user asks for full cmdline.

query_rss 🔒