PanicMode

Built from a failure pattern I kept watching at small dev shops: one VPS, a junior pushes a regression, the box gets DDoS'd or memory-leaks itself out, someone SSHes in at 6am and restarts everything — and the restart wipes every clue about what actually broke.

PanicMode is the opposite move. When a process misbehaves it gets a SIGSTOP, not a kill. The rest of the box keeps serving traffic, and the broken process stays frozen in memory with all its file descriptors, log buffers and state intact. An engineer logs in to a server that is still up, with the failure preserved like a crime scene — instead of to a restarted box that already lost its evidence.

Around that core sit two more layers. SSH brute-force and DDoS sources are banned at the iptables level with a persistent SQLite blacklist, so the same attacker cannot wait out a fail2ban window and try again. A Telegram bot the daemon owns directly — no SaaS, no third-party uptime monitor, no recurring cost — pages the developer the moment a threshold trips.

Single ~9 MB Rust binary, one YAML config, no daemon-of-daemons stack. MIT/Apache-2.0, Linux-only for now (journald + iptables), production-deployed and in test/harden before public launch.