rahulbose10/procwatch — reverse-engineered prompt

Build me a small Linux process watcher for learning how kernel modules work. I want it to run on Ubuntu and show process activity in real time, like when a process starts, runs a new program, or exits.

The core should be a C kernel module that watches fork, exec, and exit events, stores recent events in a fixed size ring buffer, and exposes them through a device like /dev/procwatch so I can simply run cat on it. Each event should include the event type, pid, parent pid, uid, process name, timestamp, and exit code when relevant.

Also make a simple user space C daemon that reads from the device and prints a nice live terminal view, with options for JSON output, stats only, clearing the buffer, and disabling color. Add a proc stats file so I can see counts without consuming events.

Please include Makefiles, a basic install script, and clear usage docs. Keep it practical and focused, not over engineered. Look up current kernel docs online if needed.