sane-profile: init

hosts/common/programs/sane-scripts.nix

@@ -16,6 +16,7 @@ in
     "sane-scripts.dev" = declPackageSet [
       "sane-scripts.clone"
       "sane-scripts.dev-cargo-loop"
+      "sane-scripts.profile"
     ];
     "sane-scripts.cli" = declPackageSet [
       "sane-scripts.find-dotfiles"
@@ -76,7 +77,7 @@ in
     "sane-scripts.dev-cargo-loop".sandbox = {
       net = "clearnet";
       whitelistPwd = true;
-      extraPaths = [
+      extraHomePaths = [
         # a build script can do a lot... but a well-written one will be confined
         # to XDG dirs and the local dir, and maybe the internet for fetching dependencies.
         ".cache"
@@ -85,6 +86,14 @@ in
       ];
     };
 
+    "sane-scripts.profile".sandbox = {
+      # should maybe be unconfined instead, since it runs a user program?
+      autodetectCliPaths = "existing";
+      extraPaths = [
+        "/tmp"
+      ];
+    };
+
     "sane-scripts.find-dotfiles".sandbox = {
       method = "bunpen";
       extraHomePaths = [

pkgs/by-name/sane-scripts/package.nix

@@ -122,6 +122,11 @@ let
       srcRoot = ./src;
       pkgs = [ "openssh" "sane-scripts.secrets-dump" ];
     };
+    profile = static-nix-shell.mkYsh {
+      pname = "sane-profile";
+      srcRoot = ./src;
+      pkgs = [ "flamegraph" "linuxPackages.perf" ];
+    };
     rcp = static-nix-shell.mkBash {
       pname = "sane-rcp";
       srcRoot = ./src;

pkgs/by-name/sane-scripts/src/sane-profile

@@ -0,0 +1,13 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i ysh -p flamegraph -p linuxPackages.perf -p oils-for-unix
+
+# use like `sane-profile some-command --which-takes-a flag`.
+# will render a .html file showing the hot-path functions inside the command.
+
+var cmd = ARGV
+var tmpdir = "/tmp"
+perf record -F 9000 -e cycles:u -g -o "$tmpdir/perf.data" -- @cmd
+perf script --input "$tmpdir/perf.data" > "$tmpdir/perf.script"
+stackcollapse-perf.pl "$tmpdir/perf.script" | flamegraph.pl --width 2000 > "$tmpdir/flamegraph.html"
+
+echo "flame graph available at $tmpdir/flamegraph.html"