From 9f3f30151dc6de5de91c067bd66979d95c9afada Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Mon, 18 Nov 2024 09:04:06 +0000
Subject: [PATCH 01/45] Add traceectl to tracee

---
 cmd/traceectl/cmd/event.go                    | 192 ++++++++++++++++++
 cmd/traceectl/cmd/event_test.go               |  75 +++++++
 cmd/traceectl/cmd/plugin.go                   |  59 ++++++
 cmd/traceectl/cmd/plugin_test.go              |  55 +++++
 cmd/traceectl/cmd/policy.go                   | 100 +++++++++
 cmd/traceectl/cmd/policy_test.go              |  55 +++++
 cmd/traceectl/cmd/root.go                     | 167 +++++++++++++++
 cmd/traceectl/cmd/root_test.go                |  66 ++++++
 cmd/traceectl/cmd/stream.go                   | 151 ++++++++++++++
 cmd/traceectl/cmd/stream_test.go              |  72 +++++++
 cmd/traceectl/go.mod                          |  27 +++
 cmd/traceectl/go.sum                          |  45 ++++
 cmd/traceectl/main.go                         |  10 +
 cmd/traceectl/pkg/client/client.go            |  98 +++++++++
 cmd/traceectl/pkg/client/diagnostic.go        |  47 +++++
 cmd/traceectl/pkg/client/service.go           |  61 ++++++
 .../pkg/cmd/formatter/JSONFormatter.go        |  21 ++
 .../pkg/cmd/formatter/TableFormatter.go       | 144 +++++++++++++
 cmd/traceectl/pkg/cmd/formatter/formatter.go  |  84 ++++++++
 cmd/traceectl/pkg/cmd/printer/printer.go      | 103 ++++++++++
 cmd/traceectl/pkg/cmd/printer/printer_test.go |  68 +++++++
 cmd/traceectl/pkg/cmd/test/test.go            |  59 ++++++
 cmd/traceectl/pkg/mock/diagnostic_server.go   |  17 ++
 cmd/traceectl/pkg/mock/event_server.go        |  28 +++
 cmd/traceectl/pkg/mock/root_server.go         |  12 ++
 cmd/traceectl/pkg/mock/server.go              |  79 +++++++
 cmd/traceectl/pkg/mock/stream_server.go       | 102 ++++++++++
 cmd/traceectl/pkg/models/models.go            |   8 +
 28 files changed, 2005 insertions(+)
 create mode 100644 cmd/traceectl/cmd/event.go
 create mode 100644 cmd/traceectl/cmd/event_test.go
 create mode 100644 cmd/traceectl/cmd/plugin.go
 create mode 100644 cmd/traceectl/cmd/plugin_test.go
 create mode 100644 cmd/traceectl/cmd/policy.go
 create mode 100644 cmd/traceectl/cmd/policy_test.go
 create mode 100644 cmd/traceectl/cmd/root.go
 create mode 100644 cmd/traceectl/cmd/root_test.go
 create mode 100644 cmd/traceectl/cmd/stream.go
 create mode 100644 cmd/traceectl/cmd/stream_test.go
 create mode 100644 cmd/traceectl/go.mod
 create mode 100644 cmd/traceectl/go.sum
 create mode 100644 cmd/traceectl/main.go
 create mode 100644 cmd/traceectl/pkg/client/client.go
 create mode 100644 cmd/traceectl/pkg/client/diagnostic.go
 create mode 100644 cmd/traceectl/pkg/client/service.go
 create mode 100644 cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
 create mode 100644 cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
 create mode 100644 cmd/traceectl/pkg/cmd/formatter/formatter.go
 create mode 100644 cmd/traceectl/pkg/cmd/printer/printer.go
 create mode 100644 cmd/traceectl/pkg/cmd/printer/printer_test.go
 create mode 100644 cmd/traceectl/pkg/cmd/test/test.go
 create mode 100644 cmd/traceectl/pkg/mock/diagnostic_server.go
 create mode 100644 cmd/traceectl/pkg/mock/event_server.go
 create mode 100644 cmd/traceectl/pkg/mock/root_server.go
 create mode 100644 cmd/traceectl/pkg/mock/server.go
 create mode 100644 cmd/traceectl/pkg/mock/stream_server.go
 create mode 100644 cmd/traceectl/pkg/models/models.go

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
new file mode 100644
index 000000000000..8e0301a239ba
--- /dev/null
+++ b/cmd/traceectl/cmd/event.go
@@ -0,0 +1,192 @@
+package cmd
+
+//TODO:
+import (
+	"context"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/printer"
+	"github.com/spf13/cobra"
+)
+
+var eventFormatFlag string
+var eventOutputFlag string
+
+// main command
+var eventCmd = &cobra.Command{
+	Use:   "event [command]",
+	Short: "event management for tracee",
+	Long: `Event Management for tracee 
+	let you enable and disable events in tracee.
+	get descriptions of events and run them.
+	`,
+	Args: cobra.MinimumNArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		// Check if args are provided
+		if len(args) == 0 {
+			cmd.PrintErrln("Error: no event names provided. Please specify at least one event to enable.")
+			return // Exit if no arguments
+		}
+	},
+}
+
+func init() {
+	eventCmd.AddCommand(listEventCmd)
+	eventCmd.AddCommand(describeEventCmd)
+	eventCmd.AddCommand(enableEventCmd)
+	eventCmd.AddCommand(disableEventCmd)
+	eventCmd.AddCommand(runEventCmd)
+
+	runEventCmd.PersistentFlags().StringVar(&runCmdArgs, "args", "", "Arguments for the event")
+
+	listEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
+	listEventCmd.Flags().StringVarP(&eventOutputFlag, "output", "o", "stdout", "Output destination ")
+
+	describeEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
+	describeEventCmd.Flags().StringVarP(&eventOutputFlag, "output", "o", "stdout", "Output destination ")
+}
+
+// Sub commands
+// list
+var listEventCmd = &cobra.Command{
+	Use:   "list",
+	Short: "list events",
+	Long:  `Lists all available event definitions (built-in and plugin-defined), providing a brief summary of each.`,
+	Args:  cobra.MaximumNArgs(0),
+	Run: func(cmd *cobra.Command, args []string) {
+		listEvents(cmd, args)
+	},
+}
+
+// describe
+var describeEventCmd = &cobra.Command{
+	Use:   "describe <event_name>",
+	Short: "describe event",
+	Long:  `Retrieves the detailed definition of a specific event, including its fields, types, and other metadata.`,
+	Args:  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		getEventDescriptions(cmd, args)
+	},
+}
+
+// enable
+var enableEventCmd = &cobra.Command{
+	Use:   "enable <event_name>",
+	Short: "enable event",
+	Long:  `Enables capturing of a specific event type.`,
+	Args:  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		enableEvents(cmd, args[0])
+	},
+}
+
+// disable
+var disableEventCmd = &cobra.Command{
+	Use:   "disable <event_name>",
+	Short: "disable event",
+	Long:  `Disables capturing of a specific event type.`,
+	Args:  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		disableEvents(cmd, args[0])
+	},
+}
+
+// run
+var runCmdArgs string
+var runEventCmd = &cobra.Command{
+	Use:   "run <event_name> [--args <arguments>]",
+	Short: "run event",
+	Long:  `Manually triggers a user-space event.`,
+	Args:  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		//runEvents(cmd, args)
+	},
+}
+
+func listEvents(cmd *cobra.Command, args []string) {
+	//create service client
+	var traceeClient client.ServiceClient
+	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+	response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
+
+	if err != nil {
+		cmd.PrintErrln("Error getting event definitions: ", err)
+		return
+
+	}
+	//display event definitions
+	//TODO:  add support for different outputs and formats
+	format, err := formatter.New(eventFormatFlag, eventOutputFlag, cmd)
+	if err != nil {
+		cmd.PrintErrln("Error creating formatter: ", err)
+		return
+	}
+	//show events
+	printer.ListEvents(format, args, response)
+}
+func getEventDescriptions(cmd *cobra.Command, args []string) {
+	//create service client
+	var traceeClient client.ServiceClient
+	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+	response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
+
+	if err != nil {
+		cmd.PrintErrln("Error getting event definitions: ", err)
+		return
+
+	}
+	//display event definitions
+	//TODO:  add support for different outputs and formats
+	format, err := formatter.New(eventFormatFlag, eventOutputFlag, cmd)
+	if err != nil {
+		cmd.PrintErrln("Error creating formatter: ", err)
+		return
+	}
+	//show events
+	printer.DescribeEvent(format, args, response)
+
+}
+func enableEvents(cmd *cobra.Command, eventName string) {
+	// Create Tracee gRPC client
+	var traceeClient client.ServiceClient // tracee client
+
+	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return // Exit on error
+	}
+
+	// Iterate over event names and enable each one
+
+	_, err := traceeClient.EnableEvent(context.Background(), &pb.EnableEventRequest{Name: eventName})
+	if err != nil {
+		cmd.PrintErrln("Error enabling event:", err)
+		return
+	}
+	cmd.Printf("Enabled event: %s\n", eventName)
+}
+
+func disableEvents(cmd *cobra.Command, eventName string) {
+	// Create Tracee gRPC client
+	var traceeClient client.ServiceClient
+	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return // Exit on error
+	}
+	_, err := traceeClient.DisableEvent(context.Background(), &pb.DisableEventRequest{Name: eventName})
+	if err != nil {
+		cmd.PrintErrln("Error disabling event:", err)
+		return
+	}
+	cmd.Printf("Disabled event: %s\n", eventName)
+
+}
diff --git a/cmd/traceectl/cmd/event_test.go b/cmd/traceectl/cmd/event_test.go
new file mode 100644
index 000000000000..ab33decd3002
--- /dev/null
+++ b/cmd/traceectl/cmd/event_test.go
@@ -0,0 +1,75 @@
+package cmd
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/test"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
+)
+
+func TestEvent(t *testing.T) {
+	eventTests := []models.TestCase{
+		{
+			TestName:        "event",
+			OutputSlice:     []string{"event"},
+			ExpectedPrinter: nil,
+			ExpectedError:   fmt.Errorf("requires at least 1 arg(s), only received 0"),
+		},
+
+		//event list
+		{
+			TestName:        "events list",
+			OutputSlice:     []string{"event", "list", "--format", "json"},
+			ExpectedPrinter: "",
+			ExpectedError:   nil,
+		},
+
+		//event describe
+		{
+			TestName:        "No events describe",
+			OutputSlice:     []string{"event", "describe", "--format", "json"},
+			ExpectedPrinter: nil,
+			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"),
+		},
+		{
+			TestName:        "describe <event_test1>",
+			OutputSlice:     []string{"event", "describe", "event_test1", "--format", "json"},
+			ExpectedPrinter: "event_test1",
+			ExpectedError:   nil,
+		},
+		//event enable
+		{
+			TestName:        "No events enable",
+			OutputSlice:     []string{"event", "enable"},
+			ExpectedPrinter: nil,
+			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"), // Update expected output
+
+		},
+		{
+			TestName:        "enable event",
+			OutputSlice:     []string{"event", "enable", "event"},
+			ExpectedPrinter: "Enabled event: event",
+			ExpectedError:   nil,
+		},
+		//event disable
+		{
+			TestName:        "No disable events",
+			OutputSlice:     []string{"event", "disable"},
+			ExpectedPrinter: nil,
+			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"), // Update expected output
+		},
+		{
+			TestName:        "disable event",
+			OutputSlice:     []string{"event", "disable", "event"},
+			ExpectedPrinter: "Disabled event: event",
+			ExpectedError:   nil,
+		},
+		//event run
+		//TODO: add test when support run is added
+	}
+
+	for _, testCase := range eventTests {
+		t.Run(testCase.TestName, func(t *testing.T) { test.TestCommand(t, testCase, rootCmd) })
+	}
+}
diff --git a/cmd/traceectl/cmd/plugin.go b/cmd/traceectl/cmd/plugin.go
new file mode 100644
index 000000000000..24ac6941cfd7
--- /dev/null
+++ b/cmd/traceectl/cmd/plugin.go
@@ -0,0 +1,59 @@
+/*
+Copyright © 2024 NAME HERE <EMAIL ADDRESS>
+*/
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+// pluginCmd represents the plugin command
+var pluginCmd = &cobra.Command{
+	Use:   "plugin",
+	Short: "plugin management for traceectl",
+	Long: `Plugin Management:
+  	- traceectl plugin install --name <plugin_name> --repo <repository_url>
+  	- traceectl plugin list
+  	- traceectl plugin uninstall <plugin_name>
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("plugin called")
+	},
+}
+
+func init() {
+	pluginCmd.AddCommand(pluginInstallCmd)
+	pluginCmd.AddCommand(pluginListCmd)
+	pluginCmd.AddCommand(pluginUninstallCmd)
+}
+
+var pluginInstallCmd = &cobra.Command{
+	Use:   "install",
+	Short: "install a plugin from a remote repository",
+	Long: `Install a plugin from a remote repository:	
+  	- traceectl plugin install --name <plugin_name> --repo <repository_url>
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("install called")
+	},
+}
+
+var pluginListCmd = &cobra.Command{
+	Use:   "list",
+	Short: "list installed plugins",
+	Long:  `List all installed plugins.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("list called")
+	},
+}
+
+var pluginUninstallCmd = &cobra.Command{
+	Use:   "uninstall <plugin_name>",
+	Short: "uninstall a plugin",
+	Long:  `Uninstalls a plugin by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("uninstall called")
+	},
+}
diff --git a/cmd/traceectl/cmd/plugin_test.go b/cmd/traceectl/cmd/plugin_test.go
new file mode 100644
index 000000000000..4a1da846845e
--- /dev/null
+++ b/cmd/traceectl/cmd/plugin_test.go
@@ -0,0 +1,55 @@
+package cmd
+
+// import (
+// 	"bytes"
+// 	"testing"
+// 	"time"
+
+// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
+// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
+// )
+
+// var pluginTests = []models.TestCase{
+// 	{
+// 		Name:           "No plugin subcommand",
+// 		Args:           []string{"plugin"},
+// 		ExpectedOutput: "Error: requires at least 1 arg(s), only received 0\n", // Update expected output
+// 	},
+// }
+
+// func TestPluginCmd(t *testing.T) {
+// 	// Start the mock server
+// 	mockServer, err := mock.StartMockServer()
+// 	if err != nil {
+// 		t.Fatalf("Failed to start mock server: %v", err)
+// 	}
+// 	defer mockServer.Stop() // Ensure the server is stopped after the test
+
+// 	// Wait for the server to start
+// 	time.Sleep(100 * time.Millisecond)
+
+// 	for _, test := range pluginTests {
+// 		t.Run(test.Name, func(t *testing.T) {
+// 			// Capture output
+// 			var buf bytes.Buffer
+// 			rootCmd := GetRootCmd()
+// 			rootCmd.SetOut(&buf)
+// 			rootCmd.SetErr(&buf)
+
+// 			// Set arguments for the test
+// 			rootCmd.SetArgs(test.Args)
+
+// 			// Execute the command
+// 			if err := rootCmd.Execute(); err != nil {
+// 				t.Error(t, err)
+// 			}
+
+// 			// Validate output and error (if any)
+// 			output := buf.String()
+
+// 			if output != test.ExpectedOutput {
+// 				t.Errorf("Expected output: %s, got: %s", test.ExpectedOutput, output)
+// 			}
+// 		})
+// 	}
+// }
diff --git a/cmd/traceectl/cmd/policy.go b/cmd/traceectl/cmd/policy.go
new file mode 100644
index 000000000000..0d07aad7fb1e
--- /dev/null
+++ b/cmd/traceectl/cmd/policy.go
@@ -0,0 +1,100 @@
+/*
+Copyright © 2024 NAME HERE <EMAIL ADDRESS>
+*/
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+// policyCmd represents the policy command
+var policyCmd = &cobra.Command{
+	Use:   "policy",
+	Short: "policy management for traceectl",
+	Long: `Policy Management:
+  	- traceectl policy create <policy_file>
+  	- traceectl policy describe <policy_name>
+  	- traceectl policy list
+  	- traceectl policy update <updated_policy_file>
+	- traceectl policy delete <policy_name>
+  	- traceectl policy enable <policy_name>
+  	- traceectl policy disable <policy_name>
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("policy called")
+	},
+}
+
+func init() {
+	policyCmd.AddCommand(createCmd)
+	policyCmd.AddCommand(describePolicyCmd)
+	policyCmd.AddCommand(listPolicyCmd)
+	policyCmd.AddCommand(updateCmd)
+	policyCmd.AddCommand(deleteCmd)
+	policyCmd.AddCommand(enableCmd)
+	policyCmd.AddCommand(disableCmd)
+}
+
+var createCmd = &cobra.Command{
+	Use:   "create <policy_file>",
+	Short: "create a policy",
+	Long:  `Creates a new policy from the YAML file specified by  < policy_file > .`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("create called")
+	},
+}
+var describePolicyCmd = &cobra.Command{
+	Use:   "describe <policy_name>",
+	Short: "describe a policy",
+	Long:  `Retrieves the details of a specific policy by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("describe called")
+	},
+}
+
+var listPolicyCmd = &cobra.Command{
+	Use:   "list",
+	Short: "list policies",
+	Long:  `Lists all available policies, providing a brief summary of each.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("list called")
+	},
+}
+
+var updateCmd = &cobra.Command{
+	Use:   "update <updated_policy_file>",
+	Short: "update a policy",
+	Long:  `Updates an existing policy from the YAML file specified by < updated_policy_file > .`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("update called")
+	},
+}
+
+var deleteCmd = &cobra.Command{
+	Use:   "delete <policy_name>",
+	Short: "delete a policy",
+	Long:  `Removes a policy by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("delete called")
+	},
+}
+
+var enableCmd = &cobra.Command{
+	Use:   "enable <policy_name>",
+	Short: "enable a policy",
+	Long:  `Enables a policy by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("enable called")
+	},
+}
+
+var disableCmd = &cobra.Command{
+	Use:   "disable <policy_name>",
+	Short: "disable a policy",
+	Long:  `Disables a policy by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("disable called")
+	},
+}
diff --git a/cmd/traceectl/cmd/policy_test.go b/cmd/traceectl/cmd/policy_test.go
new file mode 100644
index 000000000000..ac25b3344b70
--- /dev/null
+++ b/cmd/traceectl/cmd/policy_test.go
@@ -0,0 +1,55 @@
+package cmd
+
+// import (
+// 	"bytes"
+// 	"testing"
+// 	"time"
+
+// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
+// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
+// )
+
+// var policyTests = []models.TestCase{
+// 	{
+// 		Name:           "No policy subcommand",
+// 		Args:           []string{"policy"},
+// 		ExpectedOutput: "Error: requires at least 1 arg(s), only received 0\n", // Update expected output
+// 	},
+// }
+
+// func TestPolicyCmd(t *testing.T) {
+// 	// Start the mock server
+// 	mockServer, err := mock.StartMockServer()
+// 	if err != nil {
+// 		t.Fatalf("Failed to start mock server: %v", err)
+// 	}
+// 	defer mockServer.Stop() // Ensure the server is stopped after the test
+
+// 	// Wait for the server to start
+// 	time.Sleep(100 * time.Millisecond)
+
+// 	for _, test := range policyTests {
+// 		t.Run(test.Name, func(t *testing.T) {
+// 			// Capture output
+// 			var buf bytes.Buffer
+// 			rootCmd := GetRootCmd()
+// 			rootCmd.SetOut(&buf)
+// 			rootCmd.SetErr(&buf)
+
+// 			// Set arguments for the test
+// 			rootCmd.SetArgs(test.Args)
+
+// 			// Execute the command
+// 			if err := rootCmd.Execute(); err != nil {
+// 				t.Error(t, err)
+// 			}
+
+// 			// Validate output and error (if any)
+// 			output := buf.String()
+
+// 			if output != test.ExpectedOutput {
+// 				t.Errorf("Expected output: %s, got: %s", test.ExpectedOutput, output)
+// 			}
+// 		})
+// 	}
+// }
diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
new file mode 100644
index 000000000000..7993a047e2cd
--- /dev/null
+++ b/cmd/traceectl/cmd/root.go
@@ -0,0 +1,167 @@
+package cmd
+
+import (
+	"context"
+	"os"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
+
+	"github.com/spf13/cobra"
+)
+
+var formatFlag string
+var outputFlag string
+var serverFlag string
+var (
+	serverInfo client.ServerInfo = client.ServerInfo{
+		ConnectionType: client.PROTOCOL_UNIX,
+		ADDR:           client.SOCKET,
+	}
+
+	rootCmd = &cobra.Command{
+		Use:   "traceectl [flags] [command]",
+		Short: "TraceeCtl is a CLI tool for tracee",
+		Long:  "TraceeCtl is the client for the tracee API server.",
+		Run: func(cmd *cobra.Command, args []string) {
+			cmd.Help()
+		},
+	}
+)
+
+func init() {
+
+	// commands
+	rootCmd.AddCommand(streamCmd)
+	rootCmd.AddCommand(eventCmd)
+	rootCmd.AddCommand(pluginCmd)
+	rootCmd.AddCommand(policyCmd)
+
+	//other commends
+	rootCmd.AddCommand(connectCmd)
+	rootCmd.AddCommand(metricsCmd)
+	rootCmd.AddCommand(diagnoseCmd)
+	rootCmd.AddCommand(logsCmd)
+	rootCmd.AddCommand(statusCmd)
+	rootCmd.AddCommand(configCmd)
+	rootCmd.AddCommand(versionCmd)
+
+	//one global flag for server connection(connection Type: tcp or unix socket)
+	//no default for tcp, only for unix socket
+	//for tcp <IP:Port>
+	//for unix socket <socket_path>
+	rootCmd.PersistentFlags().StringVar(&serverInfo.ADDR, "server", client.SOCKET, `Server connection path or address.
+	for unix socket <socket_path> (default: /tmp/tracee.sock)
+	for tcp <IP:Port>`)
+
+}
+
+var connectCmd = &cobra.Command{
+	Use:   "connect [<stream_name>]",
+	Short: "Connect to the server",
+	Long:  "Connects to a stream and displays events in real time.",
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+var metricsCmd = &cobra.Command{
+	Use:   "metrics [--output <format>]",
+	Short: "Display Tracee metrics",
+	Long:  "Retrieves metrics about Tracee's performance and resource usage.",
+	Run: func(cmd *cobra.Command, args []string) {
+		displayMetrics(cmd, args)
+	},
+}
+var diagnoseCmd = &cobra.Command{
+	Use:   "diagnose [--component <component_name>]",
+	Short: "Collect diagnostic information to help troubleshoot issues",
+	Long:  "Collects diagnostic information to help troubleshoot issues.",
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var logsCmd = &cobra.Command{
+	Use:   "logs [--filter <filter>]",
+	Short: "Display log messages from Tracee",
+	Long:  "Displays log messages from Tracee, optionally filtered.",
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+var statusCmd = &cobra.Command{
+	Use:   "status",
+	Short: "Shows the status of the Tracee Daemon and its components",
+	Long:  "Shows the status of the Tracee Daemon and its components.",
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var configCmd = &cobra.Command{
+	Use:   "config [set|get|update] [<option>=<value>] [--file <config_file>]",
+	Short: "View or modify the Tracee Daemon configuration at runtime.",
+	Long:  `View or modify the Tracee Daemon configuration at runtime.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var versionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "display the version of tracee",
+	Long:  "this is the version of tracee application you connected to",
+	Run: func(cmd *cobra.Command, args []string) {
+		displayVersion(cmd, args)
+	},
+}
+
+// run root command
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+// displayMetrics fetches and prints Tracee metrics
+func displayMetrics(cmd *cobra.Command, _ []string) {
+	var traceeClient client.DiagnosticClient
+	//create service client
+	if err := traceeClient.NewDiagnosticClient(serverInfo); err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+	//get metrics
+	response, err := traceeClient.GetMetrics(context.Background(), &pb.GetMetricsRequest{})
+	if err != nil {
+		cmd.PrintErrln("Error getting metrics: ", err)
+		return
+	}
+
+	// Display the metrics
+	cmd.Println("EventCount:", response.EventCount)
+	cmd.Println("EventsFiltered:", response.EventsFiltered)
+	cmd.Println("NetCapCount:", response.NetCapCount)
+	cmd.Println("BPFLogsCount:", response.BPFLogsCount)
+	cmd.Println("ErrorCount:", response.ErrorCount)
+	cmd.Println("LostEvCount:", response.LostEvCount)
+	cmd.Println("LostWrCount:", response.LostWrCount)
+	cmd.Println("LostNtCapCount:", response.LostNtCapCount)
+	cmd.Println("LostBPFLogsCount:", response.LostBPFLogsCount)
+}
+
+func displayVersion(cmd *cobra.Command, _ []string) {
+	//create service client
+	var traceeClient client.ServiceClient
+	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+	//get version
+	response, err := traceeClient.GetVersion(context.Background(), &pb.GetVersionRequest{})
+
+	if err != nil {
+		cmd.PrintErrln("Error getting version: ", err)
+		return
+	} else {
+		//display version
+		cmd.Println("Version: ", response.Version)
+	}
+}
diff --git a/cmd/traceectl/cmd/root_test.go b/cmd/traceectl/cmd/root_test.go
new file mode 100644
index 000000000000..2fd8c052aa3e
--- /dev/null
+++ b/cmd/traceectl/cmd/root_test.go
@@ -0,0 +1,66 @@
+package cmd
+
+// import (
+// 	"bytes"
+// 	"strings"
+// 	"testing"
+// 	"time"
+
+// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
+// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
+// )
+
+// var rootTests = []models.TestCase{
+// 	{
+// 		Name:           "version",
+// 		Args:           []string{"version"},
+// 		ExpectedOutput: mock.ExpectedVersion,
+// 	},
+// 	{
+// 		Name: "metrics",
+// 		Args: []string{"metrics"},
+// 		ExpectedOutput: (func() string {
+// 			str := mock.ExpectedMetrics.String()      // convert to string
+// 			str = strings.ReplaceAll(str, "  ", "\n") // add newlines
+// 			str = strings.ReplaceAll(str, ":", ": ")  // add spaces
+// 			return str
+// 		})(),
+// 	},
+// }
+
+// func TestRootCmd(t *testing.T) {
+// 	// Start the mock server
+// 	mockServer, err := mock.StartMockServer()
+// 	if err != nil {
+// 		t.Fatalf("Failed to start mock server: %v", err)
+// 	}
+// 	defer mockServer.Stop() // Ensure the server is stopped after the test
+
+// 	// Wait for the server to start
+// 	time.Sleep(100 * time.Millisecond)
+
+// 	for _, test := range rootTests {
+// 		t.Run(test.Name, func(t *testing.T) {
+// 			// Capture output
+// 			var buf bytes.Buffer
+// 			rootCmd := GetRootCmd()
+// 			rootCmd.SetOut(&buf)
+// 			rootCmd.SetErr(&buf)
+
+// 			// Set arguments for the test
+// 			rootCmd.SetArgs(test.Args)
+
+// 			// Execute the command
+// 			if err := rootCmd.Execute(); err != nil {
+// 				t.Error(t, err)
+// 			}
+
+// 			// Validate output and error (if any)
+// 			output := buf.String()
+
+// 			if !strings.Contains(output, test.ExpectedOutput.(string)) {
+// 				t.Errorf("Expected output:\n%s\ngot:\n%s", test.ExpectedOutput, output)
+// 			}
+// 		})
+// 	}
+// }
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
new file mode 100644
index 000000000000..62f6f32555e3
--- /dev/null
+++ b/cmd/traceectl/cmd/stream.go
@@ -0,0 +1,151 @@
+package cmd
+
+import (
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/printer"
+
+	"github.com/spf13/cobra"
+)
+
+var streamFormatFlag string
+var streamOutputFlag string
+var streamCmd = &cobra.Command{
+	Use:   "stream [policies...]",
+	Short: "Stream events from tracee",
+	Long: `Stream Management:
+	- traceectl stream [POLICIES...] -  stream event directly from tracee
+  	- traceectl stream create --name <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]
+  	- traceectl stream describe <stream_name>
+  	- traceectl stream list
+  	- traceectl stream update <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]
+  	- traceectl stream delete <stream_name>
+  	- traceectl stream connect <stream_name>
+  	- traceectl stream set-default <stream_name>
+  	- traceectl stream pause <stream_name>
+  	- traceectl stream resume <stream_name>
+	`,
+	Run: func(cmd *cobra.Command, args []string) {
+		stream(cmd, args)
+	},
+}
+
+func init() {
+	//subcommands
+	streamCmd.AddCommand(createStreamCmd)
+	streamCmd.AddCommand(describeStreamCmd)
+	streamCmd.AddCommand(listStreamCmd)
+	streamCmd.AddCommand(updateStreamCmd)
+	streamCmd.AddCommand(deleteStreamCmd)
+	streamCmd.AddCommand(connectStreamCmd)
+	streamCmd.AddCommand(setDefaultStreamCmd)
+	streamCmd.AddCommand(pauseStreamCmd)
+	streamCmd.AddCommand(resumeStreamCmd)
+	//stream events flags
+	streamCmd.Flags().StringVarP(&streamFormatFlag, "format", "f", formatter.FormatJSON, "Output format (json|table|template)")
+	// only support stdout for now
+	streamCmd.Flags().StringVarP(&streamOutputFlag, "output", "o", "stdout", "Output destination ")
+}
+
+var createStreamCmd = &cobra.Command{
+	Use:   "create --name <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]",
+	Short: "Create a new stream",
+	Long:  `Creates a new event stream with a specified name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var describeStreamCmd = &cobra.Command{
+	Use:   "describe <stream_name>",
+	Short: "describe a stream",
+	Long:  `Retrieves the details of a specific stream by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var listStreamCmd = &cobra.Command{
+	Use:   "list",
+	Short: "list streams",
+	Long:  `Lists all available streams, providing a brief summary of each.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var updateStreamCmd = &cobra.Command{
+	Use:   "update <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]",
+	Short: "update a stream",
+	Long:  `Updates a stream by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var deleteStreamCmd = &cobra.Command{
+	Use:   "delete <stream_name>",
+	Short: "delete a stream",
+	Long:  `Deletes a stream by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var connectStreamCmd = &cobra.Command{
+	Use:   "connect <stream_name>",
+	Short: "connect a stream",
+	Long:  `Connects a stream by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var setDefaultStreamCmd = &cobra.Command{
+	Use:   "set-default <stream_name>",
+	Short: "set default stream",
+	Long:  `Sets a stream as the default stream.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var pauseStreamCmd = &cobra.Command{
+	Use:   "pause <stream_name>",
+	Short: "pause a stream",
+	Long:  `Pauses a stream by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+var resumeStreamCmd = &cobra.Command{
+	Use:   "resume <stream_name>",
+	Short: "resume a stream",
+	Long:  `Resumes a stream by its name.`,
+	Run: func(cmd *cobra.Command, args []string) {
+	},
+}
+
+// stream events directly from tracee
+func stream(cmd *cobra.Command, args []string) {
+	// Create service client
+	var traceeClient client.ServiceClient
+	err := traceeClient.NewServiceClient(serverInfo)
+	if err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+
+	// create stream from client
+	req := &pb.StreamEventsRequest{Policies: args}
+	stream, err := traceeClient.StreamEvents(cmd.Context(), req)
+	if err != nil {
+		cmd.PrintErrln("Error calling Stream: ", err)
+		return
+	}
+
+	//create formatter for output
+	format, err := formatter.New(streamFormatFlag, streamOutputFlag, cmd)
+	if err != nil {
+		cmd.PrintErrln("Error creating formatter: ", err)
+		return
+	}
+	//show events
+	printer.StreamEvents(format, args, stream)
+
+}
diff --git a/cmd/traceectl/cmd/stream_test.go b/cmd/traceectl/cmd/stream_test.go
new file mode 100644
index 000000000000..28c970147ee0
--- /dev/null
+++ b/cmd/traceectl/cmd/stream_test.go
@@ -0,0 +1,72 @@
+package cmd
+
+// import (
+// 	"bytes"
+// 	"strings"
+// 	"testing"
+// 	"time"
+
+// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
+// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
+// 	pb "github.com/aquasecurity/tracee/api/v1beta1"
+// )
+
+// // test run the mock server and start the stream command
+// // currently stream can connect to the server and print the output of events to the stream
+// var streamTests = []models.TestCase{
+// 	{
+// 		Name:           "No subcommand",
+// 		Args:           []string{"stream"},
+// 		ExpectedOutput: mock.CreateEventsFromPolicies([]string{""}),
+// 	},
+// 	//TODO: add tests for subcommands
+// }
+
+// func TestStreamEvent(t *testing.T) {
+// 	for _, test := range streamTests {
+// 		t.Run(test.Name, func(t *testing.T) {
+// 			// Start the mock server
+// 			mockServer, err := mock.StartMockServer()
+// 			if err != nil {
+// 				t.Fatalf("Failed to start mock server: %v", err)
+// 			}
+// 			defer mockServer.Stop() // Ensure the server is stopped after the test
+
+// 			// Wait for the server to start
+// 			time.Sleep(100 * time.Millisecond)
+
+// 			// Capture output
+// 			var buf bytes.Buffer
+// 			rootCmd.SetOut(&buf)
+// 			rootCmd.SetErr(&buf)
+
+// 			// Set arguments for the test
+// 			rootCmd.SetArgs(test.Args)
+
+// 			// Execute the command
+// 			if err := rootCmd.Execute(); err != nil {
+// 				t.Fatalf("Execute() failed: %v", err)
+// 			}
+
+// 			// Get the expected output
+// 			if expectedEvents, ok := test.ExpectedOutput.([]*pb.StreamEventsResponse); ok {
+// 				// Split the actual output by newlines
+// 				actualEvents := strings.Split(strings.TrimSpace(buf.String()), "\n")
+// 				// Check if the number of events match
+// 				if len(actualEvents) != len(expectedEvents) {
+// 					t.Errorf("Expected %d events, got %d", len(expectedEvents), len(actualEvents))
+// 					return
+// 				}
+
+// 				// Compare each event
+// 				for i, expected := range expectedEvents {
+// 					if actualEvents[i] != expected.Event.String() {
+// 						t.Errorf("Expected event %d: %q\nGot: %q", i, expected.Event.String(), actualEvents[i])
+// 					}
+// 				}
+// 			} else {
+// 				t.Errorf("Type assertion failed, expected output is not []*pb.StreamEventsResponse: %v", test.ExpectedOutput)
+// 			}
+// 		})
+// 	}
+// }
diff --git a/cmd/traceectl/go.mod b/cmd/traceectl/go.mod
new file mode 100644
index 000000000000..24867a950fe0
--- /dev/null
+++ b/cmd/traceectl/go.mod
@@ -0,0 +1,27 @@
+module github.com/aquasecurity/tracee/cmd/traceectl
+
+go 1.23.1
+
+require (
+	github.com/aquasecurity/table v1.8.0
+	github.com/aquasecurity/tracee/api v0.0.0-20240918153521-1b3f9e8657e0
+	github.com/spf13/cobra v1.8.1
+	github.com/stretchr/testify v1.7.1
+	google.golang.org/grpc v1.67.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/term v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/cmd/traceectl/go.sum b/cmd/traceectl/go.sum
new file mode 100644
index 000000000000..cd1ccff60556
--- /dev/null
+++ b/cmd/traceectl/go.sum
@@ -0,0 +1,45 @@
+github.com/aquasecurity/table v1.8.0 h1:9ntpSwrUfjrM6/YviArlx/ZBGd6ix8W+MtojQcM7tv0=
+github.com/aquasecurity/table v1.8.0/go.mod h1:eqOmvjjB7AhXFgFqpJUEE/ietg7RrMSJZXyTN8E/wZw=
+github.com/aquasecurity/tracee/api v0.0.0-20240918153521-1b3f9e8657e0 h1:3pt2Ceg6urRTUdOaX++LheYObFE4DbS63chktnQu24I=
+github.com/aquasecurity/tracee/api v0.0.0-20240918153521-1b3f9e8657e0/go.mod h1:Gn6xVkaBkVe1pOQ0++uuHl+lMMClv0TPY8mCQ6j88aA=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw=
+google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/cmd/traceectl/main.go b/cmd/traceectl/main.go
new file mode 100644
index 000000000000..9e890e896810
--- /dev/null
+++ b/cmd/traceectl/main.go
@@ -0,0 +1,10 @@
+/*
+Copyright © 2024 Shoham Yosef Bitton <shohambit@gmail.com>
+*/
+package main
+
+import "github.com/aquasecurity/tracee/cmd/traceectl/cmd"
+
+func main() {
+	cmd.Execute()
+}
diff --git a/cmd/traceectl/pkg/client/client.go b/cmd/traceectl/pkg/client/client.go
new file mode 100644
index 000000000000..c61c14dcefd4
--- /dev/null
+++ b/cmd/traceectl/pkg/client/client.go
@@ -0,0 +1,98 @@
+package client
+
+import (
+	"fmt"
+	"log"
+	"net"
+	"strings"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+)
+
+// github.com/aquasecurity/tracee/cmd/traceectl holds the gRPC connection and service client.
+const (
+	// unix socket
+	PROTOCOL_UNIX = "unix"
+	PROTOCOL_TCP  = "tcp"
+	SOCKET        = "/tmp/tracee.sock"
+)
+
+type ServerInfo struct {
+	ConnectionType string // Field to specify connection type (e.g., "unix" or "tcp")
+	ADDR           string // Address for the connection // Path for the Unix socket, if using Unix connection or IP and port for tcp
+}
+
+// this function use grpc to connect the server
+// it can connect to the server with tcp stream or unix socket
+func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
+	var opts []grpc.DialOption
+	opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
+
+	// Use switch case to determine connection type
+	var conn *grpc.ClientConn
+	var err error
+	err = determineConnectionType(serverInfo)
+	if err != nil {
+		return nil, err
+	}
+	switch serverInfo.ConnectionType {
+	case PROTOCOL_UNIX:
+		// Dial a Unix socket
+		address := fmt.Sprintf("unix://%s", serverInfo.ADDR)
+		conn, err = grpc.NewClient(address, opts...)
+
+		if err != nil {
+			log.Fatalf("failed to connect to server: %v", err)
+			return nil, err
+		}
+	case PROTOCOL_TCP:
+		// Dial a TCP address
+		address := fmt.Sprintf(serverInfo.ADDR)
+		conn, err = grpc.NewClient(address, opts...)
+
+		if err != nil {
+			log.Fatalf("failed to connect to server: %v", err)
+			return nil, err
+		}
+	default:
+		return nil, fmt.Errorf("unsupported connection type: %s", serverInfo.ConnectionType)
+	}
+
+	if err != nil {
+		log.Fatalf("failed to connect to server: %v", err)
+		return nil, err
+	}
+	return conn, nil
+}
+
+func determineConnectionType(serverInfo ServerInfo) error {
+	if strings.Contains(serverInfo.ADDR, ":") && isValidTCPAddress(serverInfo.ADDR) {
+		// It's a TCP address
+		serverInfo.ConnectionType = PROTOCOL_TCP
+		return nil
+	}
+	if strings.HasPrefix(serverInfo.ADDR, "/") {
+		// It's a Unix socket path
+		serverInfo.ConnectionType = PROTOCOL_UNIX
+		return nil
+	}
+
+	return fmt.Errorf("unsupported connection type: %s", serverInfo.ADDR)
+
+}
+
+// isValidTCPAddress checks if the address is a valid IP:PORT format
+func isValidTCPAddress(addr string) bool {
+	host, port, err := net.SplitHostPort(addr)
+	if err != nil || host == "" || port == "" {
+		return false
+	}
+
+	// Validate port number
+	if _, err := net.LookupPort("tcp", port); err != nil {
+		return false
+	}
+
+	return true
+}
diff --git a/cmd/traceectl/pkg/client/diagnostic.go b/cmd/traceectl/pkg/client/diagnostic.go
new file mode 100644
index 000000000000..3d7fdaa53540
--- /dev/null
+++ b/cmd/traceectl/pkg/client/diagnostic.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"context"
+	"log"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"google.golang.org/grpc"
+)
+
+// github.com/aquasecurity/tracee/cmd/traceectl holds the gRPC connection and diagnostic client.
+type DiagnosticClient struct {
+	conn   *grpc.ClientConn
+	client pb.DiagnosticServiceClient
+}
+
+// Newgithub.com/aquasecurity/tracee/cmd/traceectl initializes a new gRPC client connection.
+func (tc *DiagnosticClient) NewDiagnosticClient(serverInfo ServerInfo) error {
+	// Connect to the server and handle errors properly
+	conn, err := connectToServer(serverInfo)
+	if err != nil {
+		return err
+	}
+
+	// Store the connection and create the service client
+	tc.conn = conn
+	tc.client = pb.NewDiagnosticServiceClient(conn)
+
+	return nil
+}
+
+// Close the gRPC connection.
+func (tc *DiagnosticClient) CloseConnection() {
+	if err := tc.conn.Close(); err != nil {
+		log.Printf("Failed to close connection: %v", err)
+		return
+	}
+}
+
+/*
+if you want to add new options to the client, under this section is where you should add them
+*/
+
+// sends a GetMetrics request to the server.
+func (tc *DiagnosticClient) GetMetrics(ctx context.Context, req *pb.GetMetricsRequest) (*pb.GetMetricsResponse, error) {
+	return tc.client.GetMetrics(ctx, req)
+}
diff --git a/cmd/traceectl/pkg/client/service.go b/cmd/traceectl/pkg/client/service.go
new file mode 100644
index 000000000000..f8410c428452
--- /dev/null
+++ b/cmd/traceectl/pkg/client/service.go
@@ -0,0 +1,61 @@
+package client
+
+import (
+	"context"
+	"log"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"google.golang.org/grpc"
+)
+
+type ServiceClient struct {
+	conn   *grpc.ClientConn
+	client pb.TraceeServiceClient
+}
+
+// New github.com/aquasecurity/tracee/cmd/traceectl initializes a new gRPC client connection.
+func (tc *ServiceClient) NewServiceClient(serverInfo ServerInfo) error {
+	// Connect to the server and handle errors properly
+	conn, err := connectToServer(serverInfo)
+	if err != nil {
+		return err
+	}
+
+	// Store the connection and create the service client
+	tc.conn = conn
+	tc.client = pb.NewTraceeServiceClient(conn)
+
+	return nil
+}
+
+// Close the gRPC connection.
+func (tc *ServiceClient) CloseConnection() {
+	if err := tc.conn.Close(); err != nil {
+		log.Printf("Failed to close connection: %v", err)
+		return
+	}
+}
+
+/*
+if you want to add new options to the client, under this section is where you should add them
+*/
+
+// sends a GetVersion request to the server.
+func (tc *ServiceClient) GetVersion(ctx context.Context, req *pb.GetVersionRequest) (*pb.GetVersionResponse, error) {
+	return tc.client.GetVersion(ctx, req)
+}
+
+func (tc *ServiceClient) EnableEvent(ctx context.Context, req *pb.EnableEventRequest) (*pb.EnableEventResponse, error) {
+	return tc.client.EnableEvent(ctx, req)
+}
+
+func (tc *ServiceClient) DisableEvent(ctx context.Context, req *pb.DisableEventRequest) (*pb.DisableEventResponse, error) {
+	return tc.client.DisableEvent(ctx, req)
+}
+
+func (tc *ServiceClient) StreamEvents(ctx context.Context, req *pb.StreamEventsRequest) (pb.TraceeService_StreamEventsClient, error) {
+	return tc.client.StreamEvents(ctx, req)
+}
+func (tc *ServiceClient) GetEventDefinitions(ctx context.Context, req *pb.GetEventDefinitionsRequest) (*pb.GetEventDefinitionsResponse, error) {
+	return tc.client.GetEventDefinitions(ctx, req)
+}
diff --git a/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go b/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
new file mode 100644
index 000000000000..aa85827dffd4
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
@@ -0,0 +1,21 @@
+package formatter
+
+import (
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+)
+
+// PrintJSON prints an event in JSON format
+func (f *Formatter) PrintStreamJSON(event *pb.Event) {
+	//TODO: add more output formats
+	f.CMD.Printf("%s", event.String())
+}
+
+func (f *Formatter) PrintEventListJSON(list *pb.GetEventDefinitionsResponse) {
+	//TODO: add more output formats
+	f.CMD.Printf("%s", list.String())
+}
+
+func (f *Formatter) PrintEventDescriptionJSON(description *pb.GetEventDefinitionsResponse) {
+	//TODO: add more output formats
+	f.CMD.Printf("%s", description.String())
+}
diff --git a/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go b/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
new file mode 100644
index 000000000000..c2f176de7c49
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
@@ -0,0 +1,144 @@
+package formatter
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/aquasecurity/table"
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"github.com/spf13/cobra"
+)
+
+func (f *Formatter) PrintSteamTableHeaders() {
+	f.CMD.Printf("%-15s %-25s %-15s %-15s %s\n",
+		"TIME",
+		"EVENT NAME",
+		"POLICIES",
+		"PID",
+		"DATA",
+	)
+}
+func (f *Formatter) PrintStreamTableRow(event *pb.Event) {
+	timestamp := event.Timestamp.AsTime().Format("15:04:05.000")
+
+	f.CMD.Printf("%-15s %-25s %-15s %-15s %s\n",
+		timestamp,
+		event.Name,
+		strings.Join(event.Policies.Matched, ","),
+		fmt.Sprintf("%d", event.Context.Process.Pid.Value),
+		getEventData(event.Data),
+	)
+
+}
+
+// generate event data
+func getEventData(data []*pb.EventValue) string {
+	var result []string
+	for _, ev := range data {
+		result = append(result, getEventName(ev)+getEventValue(ev))
+	}
+	return strings.Join(result, ", ")
+}
+func getEventName(ev *pb.EventValue) string {
+	return strings.ToUpper(ev.Name[0:1]) + ev.Name[1:] + ": "
+}
+
+// generate event value
+func getEventValue(ev *pb.EventValue) string {
+	switch v := ev.Value.(type) {
+	case *pb.EventValue_Int32:
+		return fmt.Sprintf("%d", v.Int32)
+	case *pb.EventValue_Int64:
+		return fmt.Sprintf("%d", v.Int64)
+	case *pb.EventValue_UInt32:
+		return fmt.Sprintf("%d", v.UInt32)
+	case *pb.EventValue_UInt64:
+		return fmt.Sprintf("%d", v.UInt64)
+	case *pb.EventValue_Str:
+		return v.Str
+	case *pb.EventValue_Bytes:
+		return fmt.Sprintf("%x", v.Bytes)
+	case *pb.EventValue_Bool:
+		return fmt.Sprintf("%t", v.Bool)
+	case *pb.EventValue_StrArray:
+		return strings.Join(v.StrArray.Value, ", ")
+	case *pb.EventValue_Int32Array:
+		return fmt.Sprintf("%v", v.Int32Array.Value)
+	case *pb.EventValue_UInt64Array:
+		return fmt.Sprintf("%v", v.UInt64Array.Value)
+		//TODO: add more types
+	default:
+		// if data type not supported yet
+		return "unknown"
+	}
+}
+
+func (f *Formatter) PrintEventListTable(response *pb.GetEventDefinitionsResponse) *table.Table {
+	tbl := createTable(f)
+	tbl.SetHeaders("ID", "Name", "Version", "Tags")
+	for _, event := range response.Definitions {
+		// Check if the optional field Threat is set (non-nil)
+
+		tbl.AddRow(
+			fmt.Sprintf("%d", event.Id),
+			event.Name,
+			fmt.Sprintf("%d.%d.%d", event.Version.Major, event.Version.Minor, event.Version.Patch),
+			strings.Join(event.Tags, ", "),
+		)
+
+	}
+	return tbl
+}
+
+func (f *Formatter) PrintEventDescriptionTable(response *pb.GetEventDefinitionsResponse) *table.Table {
+	tbl := createTable(f)
+	tbl.SetHeaders("ID", "Name", "Version", "Tags", "Description")
+	for _, event := range response.Definitions {
+		// Check if the optional field Threat is set (non-nil)
+
+		tbl.AddRow(
+			fmt.Sprintf("%d", event.Id),
+			event.Name,
+			fmt.Sprintf("%d.%d.%d", event.Version.Major, event.Version.Minor, event.Version.Patch),
+			strings.Join(event.Tags, ", "),
+			event.Description,
+		)
+
+	}
+	return tbl
+}
+
+func createTable(f *Formatter) *table.Table {
+	if (f.Output != "") && (f.Output != "stdout") {
+		/// Validate the file path
+		if f.Output == "" || strings.TrimSpace(f.Output) == "" {
+			fmt.Errorf("Output file path is empty or invalid")
+			return nil
+		}
+
+		// Ensure parent directories exist
+		dir := filepath.Dir(f.Output)
+		if err := os.MkdirAll(dir, 0755); err != nil {
+			fmt.Errorf("failed to create directories for output file: %v", err)
+			return nil
+		}
+
+		// Create or open the file
+		file, err := os.Create(f.Output)
+		if err != nil {
+			fmt.Errorf("failed to open output file: %v", err)
+			return nil
+		}
+		tbl := table.New(file)
+		// Make sure to close the file after execution
+		f.CMD.PersistentPostRun = func(cmd *cobra.Command, args []string) {
+			file.Close()
+		}
+		return tbl
+	} else {
+		return table.New(os.Stdout)
+	}
+
+}
diff --git a/cmd/traceectl/pkg/cmd/formatter/formatter.go b/cmd/traceectl/pkg/cmd/formatter/formatter.go
new file mode 100644
index 000000000000..26d61c501f7f
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/formatter/formatter.go
@@ -0,0 +1,84 @@
+package formatter
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+const (
+	FormatJSON  = "json"
+	FormatTable = "table"
+	FormatGoTpl = "gotemplate"
+
+	// DefaultOutput is the default output format
+)
+
+// SupportedFormats is a slice of all supported format types
+var SupportedFormats = []string{FormatJSON, FormatTable, FormatGoTpl}
+
+type Formatter struct {
+	Format string
+	Output string
+	CMD    *cobra.Command
+}
+
+func New(format string, output string, cmd *cobra.Command) (*Formatter, error) {
+	if !containsFormat(format) {
+		return nil, fmt.Errorf("format %s is not supported", format)
+	}
+	if err := initOutput(cmd, output); err != nil {
+		return nil, err
+	}
+	return &Formatter{
+		Format: format,
+		Output: output,
+		CMD:    cmd,
+	}, nil
+}
+
+// containsFormat checks if a format is in the SupportedFormats slice
+func containsFormat(format string) bool {
+	for _, f := range SupportedFormats {
+		if f == format {
+			return true
+		}
+	}
+	return false
+}
+func initOutput(cmd *cobra.Command, output string) error {
+	if (output != "") && (output != "stdout") {
+		/// Validate the file path
+		if output == "" || strings.TrimSpace(output) == "" {
+			return fmt.Errorf("output file path is empty or invalid")
+		}
+
+		// Ensure parent directories exist
+		dir := filepath.Dir(output)
+		if err := os.MkdirAll(dir, 0755); err != nil {
+			return fmt.Errorf("failed to create directories for output file: %v", err)
+		}
+
+		// Create or open the file
+		file, err := os.Create(output)
+		if err != nil {
+			return fmt.Errorf("failed to open output file: %v", err)
+		}
+
+		cmd.SetOut(file)
+		cmd.SetErr(file)
+		// Make sure to close the file after execution
+		cmd.PersistentPostRun = func(cmd *cobra.Command, args []string) {
+			file.Close()
+		}
+	} else {
+		// If no file is specified, use stdout
+		//NOTE: those commands brakes test do nothing
+		//cmd.SetOut(os.Stdout)
+		//cmd.SetErr(os.Stderr)
+	}
+	return nil
+}
diff --git a/cmd/traceectl/pkg/cmd/printer/printer.go b/cmd/traceectl/pkg/cmd/printer/printer.go
new file mode 100644
index 000000000000..f5b025a36a72
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/printer/printer.go
@@ -0,0 +1,103 @@
+package printer
+
+import (
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
+)
+
+func StreamEvents(format *formatter.Formatter, args []string, stream pb.TraceeService_StreamEventsClient) {
+
+	//add check for the output flag
+	//TODO:support only table and json format for now
+	switch format.Format {
+	case formatter.FormatJSON:
+		jsonStreamEvents(args, stream, format)
+	case formatter.FormatTable:
+		tableStreamEvents(args, stream, format)
+	case formatter.FormatGoTpl: // gotemplate
+		fallthrough
+	default:
+		format.CMD.PrintErrln("Error: output format not supported")
+		return
+	}
+}
+
+// tableStreamEvents prints events in a table format
+func tableStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, tbl *formatter.Formatter) {
+	// Init table header before streaming starts
+	tbl.PrintSteamTableHeaders()
+	// Receive and process streamed responses
+	for {
+		res, err := stream.Recv()
+		if err != nil {
+			// Handle the error that occurs when the server closes the stream
+			if err.Error() == "EOF" {
+				break
+			}
+			tbl.CMD.PrintErrln("Error receiving streamed event: ", err)
+		}
+		tbl.PrintStreamTableRow(res.Event)
+
+	}
+}
+
+// jsonStreamEvents prints events in json format
+func jsonStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, tbl *formatter.Formatter) { // Receive and process streamed responses
+	for {
+		res, err := stream.Recv()
+		if err != nil {
+			// Handle the error that occurs when the server closes the stream
+			if err.Error() == "EOF" {
+				break
+			}
+			tbl.CMD.PrintErrln("Error receiving streamed event: ", err)
+		}
+		// Print each event as a row in json format
+		tbl.PrintStreamJSON(res.Event)
+	}
+}
+
+func ListEvents(format *formatter.Formatter, args []string, response *pb.GetEventDefinitionsResponse) {
+	//this can add support for other output formats
+	switch format.Format {
+	case formatter.FormatJSON:
+		jsonListEvent(format, args, response)
+	case formatter.FormatTable:
+		tableListEvent(format, args, response)
+	case formatter.FormatGoTpl: // gotemplate
+		fallthrough
+	default:
+		format.CMD.PrintErrln("Error: output format not supported")
+		return
+	}
+
+}
+func tableListEvent(format *formatter.Formatter, _ []string, response *pb.GetEventDefinitionsResponse) {
+	tbl := format.PrintEventListTable(response)
+	tbl.Render()
+}
+func jsonListEvent(format *formatter.Formatter, _ []string, response *pb.GetEventDefinitionsResponse) {
+	format.PrintEventListJSON(response)
+}
+func DescribeEvent(format *formatter.Formatter, args []string, response *pb.GetEventDefinitionsResponse) {
+	//this can add support for other output formats
+	switch format.Format {
+	case formatter.FormatJSON:
+		jsonDescribeEvent(format, args, response)
+	case formatter.FormatTable:
+		tableDescribeEvent(format, args, response)
+	case formatter.FormatGoTpl: // gotemplate
+		fallthrough
+	default:
+		format.CMD.PrintErrln("Error: output format not supported")
+		return
+	}
+
+}
+func jsonDescribeEvent(format *formatter.Formatter, _ []string, response *pb.GetEventDefinitionsResponse) {
+	format.PrintEventDescriptionJSON(response)
+}
+func tableDescribeEvent(format *formatter.Formatter, _ []string, response *pb.GetEventDefinitionsResponse) {
+	tbl := format.PrintEventDescriptionTable(response)
+	tbl.Render()
+}
diff --git a/cmd/traceectl/pkg/cmd/printer/printer_test.go b/cmd/traceectl/pkg/cmd/printer/printer_test.go
new file mode 100644
index 000000000000..e3140d672a27
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/printer/printer_test.go
@@ -0,0 +1,68 @@
+package printer_test
+
+// import (
+// 	"fmt"
+// 	"os"
+// 	"testing"
+
+// 	"github.com/stretchr/testify/assert"
+
+// 	"github.com/aquasecurity/tracee/pkg/cmd/flags"
+// 	"github.com/aquasecurity/tracee/pkg/config"
+// )
+
+// func TestTraceeEbpfPrepareOutputPrinterConfig(t *testing.T) {
+// 	t.Parallel()
+
+// 	testCases := []struct {
+// 		testName        string
+// 		outputSlice     []string
+// 		expectedPrinter config.PrinterConfig
+// 		expectedError   error
+// 	}{
+// 		{
+// 			testName:        "invalid format",
+// 			outputSlice:     []string{"notaformat"},
+// 			expectedPrinter: config.PrinterConfig{},
+// 			expectedError:   fmt.Errorf("unrecognized output format: %s. Valid format values: 'table', 'table-verbose', 'json', or 'gotemplate='. Use '--output help' for more info", "notaformat"),
+// 		},
+// 		{
+// 			testName:        "invalid format with format prefix",
+// 			outputSlice:     []string{"format:notaformat2"},
+// 			expectedPrinter: config.PrinterConfig{},
+// 			expectedError:   fmt.Errorf("unrecognized output format: %s. Valid format values: 'table', 'table-verbose', 'json', or 'gotemplate='. Use '--output help' for more info", "notaformat2"),
+// 		},
+// 		{
+// 			testName:    "default",
+// 			outputSlice: []string{},
+// 			expectedPrinter: config.PrinterConfig{
+// 				Kind:    "table",
+// 				OutFile: os.Stdout,
+// 			},
+// 			expectedError: nil,
+// 		},
+// 		{
+// 			testName:    "format: json",
+// 			outputSlice: []string{"format:json"},
+// 			expectedPrinter: config.PrinterConfig{
+// 				Kind:    "json",
+// 				OutFile: os.Stdout,
+// 			},
+// 			expectedError: nil,
+// 		},
+// 	}
+// 	for _, testcase := range testCases {
+// 		testcase := testcase
+
+// 		t.Run(testcase.testName, func(t *testing.T) {
+// 			t.Parallel()
+
+// 			outputConfig, err := flags.TraceeEbpfPrepareOutput(testcase.outputSlice, false)
+// 			if err != nil {
+// 				assert.ErrorContains(t, err, testcase.expectedError.Error())
+// 			} else {
+// 				assert.Equal(t, testcase.expectedPrinter, outputConfig.PrinterConfigs[0])
+// 			}
+// 		})
+// 	}
+// }
diff --git a/cmd/traceectl/pkg/cmd/test/test.go b/cmd/traceectl/pkg/cmd/test/test.go
new file mode 100644
index 000000000000..2efd765ffbdf
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/test/test.go
@@ -0,0 +1,59 @@
+package test
+
+import (
+	"bytes"
+	"testing"
+	"time"
+
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/grpc"
+)
+
+func runMockServer(t *testing.T) *grpc.Server {
+	// Start the mock server
+	mockServer, err := mock.StartMockServer()
+	if err != nil {
+		t.Fatalf("Failed to start mock server: %v", err)
+	}
+
+	// Wait for the server to start
+	time.Sleep(100 * time.Millisecond)
+	return mockServer
+}
+func TestCommand(t *testing.T, testCase models.TestCase, rootCmd *cobra.Command) {
+	server := runMockServer(t)
+	defer server.Stop() // Ensure the server is stopped after the test
+
+	// Capture output
+	var buf bytes.Buffer
+	rootCmd.SetOut(&buf)
+	rootCmd.SetErr(&buf)
+
+	// Set arguments for the test
+	rootCmd.SetArgs(testCase.OutputSlice)
+
+	// Execute the command
+	err := rootCmd.Execute()
+	output := buf.String()
+	if err != nil && testCase.ExpectedError == nil {
+		t.Errorf("Unexpected error for test %s: %v", testCase.TestName, err)
+		return
+	}
+
+	// Check if an error was expected but none occurred
+	if err == nil && testCase.ExpectedError != nil {
+		t.Errorf("Expected error for test %s but got none", testCase.TestName)
+		return
+	}
+	// Check error content, if any
+	if testCase.ExpectedError != nil {
+		assert.ErrorContains(t, err, testCase.ExpectedError.Error())
+	} else {
+		assert.Contains(t, output, testCase.ExpectedPrinter)
+
+	}
+
+}
diff --git a/cmd/traceectl/pkg/mock/diagnostic_server.go b/cmd/traceectl/pkg/mock/diagnostic_server.go
new file mode 100644
index 000000000000..1d4fcff36e58
--- /dev/null
+++ b/cmd/traceectl/pkg/mock/diagnostic_server.go
@@ -0,0 +1,17 @@
+package mock
+
+import (
+	"context"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+)
+
+var (
+	ExpectedMetrics pb.GetMetricsResponse = pb.GetMetricsResponse{EventCount: 1, EventsFiltered: 2, NetCapCount: 3,
+		BPFLogsCount: 4, ErrorCount: 5, LostEvCount: 6,
+		LostWrCount: 7, LostNtCapCount: 8, LostBPFLogsCount: 9}
+)
+
+func (s *MockDiagnosticServer) GetMetrics(ctx context.Context, req *pb.GetMetricsRequest) (*pb.GetMetricsResponse, error) {
+	return &ExpectedMetrics, nil
+}
diff --git a/cmd/traceectl/pkg/mock/event_server.go b/cmd/traceectl/pkg/mock/event_server.go
new file mode 100644
index 000000000000..689c98d8554c
--- /dev/null
+++ b/cmd/traceectl/pkg/mock/event_server.go
@@ -0,0 +1,28 @@
+package mock
+
+import (
+	"context"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+)
+
+func (s *MockServiceServer) GetEventDefinitions(ctx context.Context, req *pb.GetEventDefinitionsRequest) (*pb.GetEventDefinitionsResponse, error) {
+	var eventDefinition []*pb.EventDefinition
+	for i := 0; i < len(req.EventNames); i++ {
+		eventDefinition = append(eventDefinition, &pb.EventDefinition{Name: req.EventNames[i], Id: (int32(i))})
+	}
+	return &pb.GetEventDefinitionsResponse{Definitions: eventDefinition}, nil
+}
+func (s *MockServiceServer) DescribeEvent(ctx context.Context, req *pb.GetEventDefinitionsRequest) (*pb.GetEventDefinitionsResponse, error) {
+	return s.GetEventDefinitions(ctx, req)
+}
+func (s *MockServiceServer) ListEvent(ctx context.Context, req *pb.GetEventDefinitionsRequest) (*pb.GetEventDefinitionsResponse, error) {
+	return s.GetEventDefinitions(ctx, req)
+}
+
+func (s *MockServiceServer) EnableEvent(ctx context.Context, req *pb.EnableEventRequest) (*pb.EnableEventResponse, error) {
+	return &pb.EnableEventResponse{}, nil
+}
+func (s *MockServiceServer) DisableEvent(ctx context.Context, req *pb.DisableEventRequest) (*pb.DisableEventResponse, error) {
+	return &pb.DisableEventResponse{}, nil
+}
diff --git a/cmd/traceectl/pkg/mock/root_server.go b/cmd/traceectl/pkg/mock/root_server.go
new file mode 100644
index 000000000000..11e599482c62
--- /dev/null
+++ b/cmd/traceectl/pkg/mock/root_server.go
@@ -0,0 +1,12 @@
+package mock
+
+import (
+	"context"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+)
+
+func (s *MockServiceServer) GetVersion(ctx context.Context, req *pb.GetVersionRequest) (*pb.GetVersionResponse, error) {
+	// Return a mock version response
+	return &pb.GetVersionResponse{Version: ExpectedVersion}, nil
+}
diff --git a/cmd/traceectl/pkg/mock/server.go b/cmd/traceectl/pkg/mock/server.go
new file mode 100644
index 000000000000..b43e0be3efb2
--- /dev/null
+++ b/cmd/traceectl/pkg/mock/server.go
@@ -0,0 +1,79 @@
+package mock
+
+import (
+	"fmt"
+	"net"
+	"os"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
+
+	"google.golang.org/grpc"
+)
+
+var (
+	ExpectedVersion string            = "v0.22.0-15-gd09d7fca0d" // Match the output format
+	serverInfo      client.ServerInfo = client.ServerInfo{
+		ADDR: client.SOCKET,
+	}
+)
+
+// MockServiceServer implements the gRPC server interface for testing
+type MockServiceServer struct {
+	pb.UnimplementedTraceeServiceServer // Embed the unimplemented server
+}
+
+// MockDiagnosticServer implements the gRPC server interface for testing
+type MockDiagnosticServer struct {
+	pb.UnimplementedDiagnosticServiceServer // Embed the unimplemented server
+}
+
+// CreateMockServer initializes the gRPC server and binds it to a Unix socket listener
+func CreateMockServer() (*grpc.Server, net.Listener, error) {
+	// Check for existing Unix socket and remove it if necessary
+	if _, err := os.Stat(serverInfo.ADDR); err == nil {
+		if err := os.Remove(serverInfo.ADDR); err != nil {
+			return nil, nil, fmt.Errorf("failed to cleanup gRPC listening address (%s): %v", serverInfo.ADDR, err)
+		}
+	}
+
+	// Create the Unix socket listener
+	listener, err := net.Listen("unix", serverInfo.ADDR)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to create Unix socket listener: %v", err)
+	}
+
+	// Create a new gRPC server
+	server := grpc.NewServer()
+
+	// Register both TraceeService and DiagnosticService with the server
+	pb.RegisterTraceeServiceServer(server, &MockServiceServer{})
+	pb.RegisterDiagnosticServiceServer(server, &MockDiagnosticServer{})
+
+	return server, listener, nil
+}
+
+// StartMockServer starts the gRPC server with both services registered
+func StartMockServer() (*grpc.Server, error) {
+	mockServer, listener, err := CreateMockServer()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create mock server: %v", err)
+	}
+
+	// Start serving in a goroutine
+	go func() {
+		if err := mockServer.Serve(listener); err != nil {
+			fmt.Printf("gRPC server failed: %v\n", err)
+		}
+	}()
+
+	return mockServer, nil
+}
+
+// StopMockServer stops the server and removes the Unix socket
+func StopMockServer(server *grpc.Server) {
+	server.GracefulStop()
+	if err := os.Remove(serverInfo.ADDR); err != nil {
+		fmt.Printf("failed to remove Unix socket: %v\n", err)
+	}
+}
diff --git a/cmd/traceectl/pkg/mock/stream_server.go b/cmd/traceectl/pkg/mock/stream_server.go
new file mode 100644
index 000000000000..485a19481f86
--- /dev/null
+++ b/cmd/traceectl/pkg/mock/stream_server.go
@@ -0,0 +1,102 @@
+package mock
+
+import (
+	"sort"
+	"strings"
+	"time"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+)
+
+/*
+\stream events
+*/
+
+// StreamEvents simulates the server-side streaming RPC
+// and the server will return a stream of events based on the request
+func (s *MockServiceServer) StreamEvents(req *pb.StreamEventsRequest, stream pb.TraceeService_StreamEventsServer) error {
+	// Define mock events to send
+	mockEvents := CreateEventsFromPolicies(req.Policies)
+
+	// Simulate streaming of events with delays
+	for _, event := range mockEvents {
+		if err := stream.Send(event); err != nil {
+			return err
+		}
+
+	}
+	time.Sleep(100 * time.Millisecond) // Simulate delay between events
+	return nil
+}
+
+// generateEvent creates a new event with the given policies.
+func generateEvent(policy []string) *pb.Event {
+	return &pb.Event{
+		Policies: &pb.Policies{Matched: policy},
+	}
+}
+
+// CreateEventsFromPolicies generates events based on the provided policies.
+// It returns all unique combinations of the policies.
+func CreateEventsFromPolicies(policies []string) []*pb.StreamEventsResponse {
+	if len(policies) == 0 {
+		// If no policies are provided, return an event with an empty policy.
+		return []*pb.StreamEventsResponse{
+			{Event: generateEvent([]string{""})},
+		}
+	}
+
+	// Sort policies to ensure lexicographical order.
+	// can make a comment if you want
+	sort.Strings(policies)
+
+	// Generate all unique combinations of the policies.
+	var results []*pb.StreamEventsResponse
+	combinations := generateCombinations(policies)
+
+	// Sort combinations by length first, and then lexicographically.
+	sort.SliceStable(combinations, func(i, j int) bool {
+		// Sort by length of the combination first
+		if len(combinations[i]) != len(combinations[j]) {
+			return len(combinations[i]) < len(combinations[j])
+		}
+		// If lengths are the same, sort lexicographically
+		return strings.Join(combinations[i], ",") < strings.Join(combinations[j], ",")
+	})
+
+	// For each combination, create a unique event.
+	for _, combo := range combinations {
+		results = append(results, &pb.StreamEventsResponse{
+			Event: generateEvent(combo),
+		})
+	}
+
+	return results
+}
+
+// generateCombinations returns all unique combinations of the input policies.
+func generateCombinations(policies []string) [][]string {
+	var result [][]string
+	n := len(policies)
+
+	// Use a recursive helper function to generate combinations.
+	var helper func(start int, combo []string)
+	helper = func(start int, combo []string) {
+		// Add the current combination to the result.
+		if len(combo) > 0 {
+			// Make a copy of the combo to avoid mutations.
+			combinationCopy := append([]string{}, combo...)
+			result = append(result, combinationCopy)
+		}
+
+		// Iterate over the remaining elements to form combinations.
+		for i := start; i < n; i++ {
+			helper(i+1, append(combo, policies[i]))
+		}
+	}
+
+	// Start with an empty combination.
+	helper(0, []string{})
+
+	return result
+}
diff --git a/cmd/traceectl/pkg/models/models.go b/cmd/traceectl/pkg/models/models.go
new file mode 100644
index 000000000000..a1c7cf5e3422
--- /dev/null
+++ b/cmd/traceectl/pkg/models/models.go
@@ -0,0 +1,8 @@
+package models
+
+type TestCase struct {
+	TestName        string
+	OutputSlice     []string
+	ExpectedPrinter interface{}
+	ExpectedError   error
+}

From dc746209d3e7ec28caf43cd152f13dbf77796d0c Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Sun, 24 Nov 2024 11:33:56 +0000
Subject: [PATCH 02/45] change design for traceectl

---
 cmd/traceectl/cmd/event.go                    | 43 ++---------
 cmd/traceectl/cmd/event_test.go               | 14 +---
 cmd/traceectl/cmd/plugin.go                   | 12 ++--
 cmd/traceectl/cmd/plugin_test.go              | 55 --------------
 cmd/traceectl/cmd/policy.go                   | 18 ++---
 cmd/traceectl/cmd/policy_test.go              | 55 --------------
 cmd/traceectl/cmd/root.go                     | 20 +-----
 cmd/traceectl/cmd/root_test.go                | 66 -----------------
 cmd/traceectl/cmd/stream.go                   | 27 +++----
 cmd/traceectl/cmd/stream_test.go              | 72 -------------------
 cmd/traceectl/pkg/client/client.go            | 18 +----
 cmd/traceectl/pkg/client/diagnostic.go        | 13 ----
 cmd/traceectl/pkg/client/service.go           | 12 ----
 .../pkg/cmd/formatter/JSONFormatter.go        |  4 --
 .../pkg/cmd/formatter/TableFormatter.go       | 16 -----
 cmd/traceectl/pkg/cmd/formatter/formatter.go  | 16 -----
 cmd/traceectl/pkg/cmd/printer/printer.go      | 19 ++---
 cmd/traceectl/pkg/cmd/test/test.go            | 15 +---
 cmd/traceectl/pkg/mock/root_server.go         |  1 -
 cmd/traceectl/pkg/mock/server.go              | 23 +-----
 cmd/traceectl/pkg/mock/stream_server.go       | 40 +----------
 21 files changed, 42 insertions(+), 517 deletions(-)
 delete mode 100644 cmd/traceectl/cmd/plugin_test.go
 delete mode 100644 cmd/traceectl/cmd/policy_test.go
 delete mode 100644 cmd/traceectl/cmd/root_test.go
 delete mode 100644 cmd/traceectl/cmd/stream_test.go

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 8e0301a239ba..838c97720b80 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -14,20 +14,18 @@ import (
 var eventFormatFlag string
 var eventOutputFlag string
 
-// main command
 var eventCmd = &cobra.Command{
 	Use:   "event [command]",
-	Short: "event management for tracee",
+	Short: "Event management for tracee",
 	Long: `Event Management for tracee 
-	let you enable and disable events in tracee.
-	get descriptions of events and run them.
+	Let you enable and disable events in tracee.
+	Get descriptions of events and run them.
 	`,
 	Args: cobra.MinimumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
-		// Check if args are provided
 		if len(args) == 0 {
 			cmd.PrintErrln("Error: no event names provided. Please specify at least one event to enable.")
-			return // Exit if no arguments
+			return
 		}
 	},
 }
@@ -48,8 +46,6 @@ func init() {
 	describeEventCmd.Flags().StringVarP(&eventOutputFlag, "output", "o", "stdout", "Output destination ")
 }
 
-// Sub commands
-// list
 var listEventCmd = &cobra.Command{
 	Use:   "list",
 	Short: "list events",
@@ -59,8 +55,6 @@ var listEventCmd = &cobra.Command{
 		listEvents(cmd, args)
 	},
 }
-
-// describe
 var describeEventCmd = &cobra.Command{
 	Use:   "describe <event_name>",
 	Short: "describe event",
@@ -70,8 +64,6 @@ var describeEventCmd = &cobra.Command{
 		getEventDescriptions(cmd, args)
 	},
 }
-
-// enable
 var enableEventCmd = &cobra.Command{
 	Use:   "enable <event_name>",
 	Short: "enable event",
@@ -81,8 +73,6 @@ var enableEventCmd = &cobra.Command{
 		enableEvents(cmd, args[0])
 	},
 }
-
-// disable
 var disableEventCmd = &cobra.Command{
 	Use:   "disable <event_name>",
 	Short: "disable event",
@@ -92,8 +82,6 @@ var disableEventCmd = &cobra.Command{
 		disableEvents(cmd, args[0])
 	},
 }
-
-// run
 var runCmdArgs string
 var runEventCmd = &cobra.Command{
 	Use:   "run <event_name> [--args <arguments>]",
@@ -106,7 +94,6 @@ var runEventCmd = &cobra.Command{
 }
 
 func listEvents(cmd *cobra.Command, args []string) {
-	//create service client
 	var traceeClient client.ServiceClient
 	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
@@ -114,24 +101,19 @@ func listEvents(cmd *cobra.Command, args []string) {
 	}
 	defer traceeClient.CloseConnection()
 	response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
-
 	if err != nil {
 		cmd.PrintErrln("Error getting event definitions: ", err)
 		return
 
 	}
-	//display event definitions
-	//TODO:  add support for different outputs and formats
 	format, err := formatter.New(eventFormatFlag, eventOutputFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return
 	}
-	//show events
 	printer.ListEvents(format, args, response)
 }
 func getEventDescriptions(cmd *cobra.Command, args []string) {
-	//create service client
 	var traceeClient client.ServiceClient
 	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
@@ -139,34 +121,24 @@ func getEventDescriptions(cmd *cobra.Command, args []string) {
 	}
 	defer traceeClient.CloseConnection()
 	response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
-
 	if err != nil {
 		cmd.PrintErrln("Error getting event definitions: ", err)
 		return
 
 	}
-	//display event definitions
-	//TODO:  add support for different outputs and formats
 	format, err := formatter.New(eventFormatFlag, eventOutputFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return
 	}
-	//show events
 	printer.DescribeEvent(format, args, response)
-
 }
 func enableEvents(cmd *cobra.Command, eventName string) {
-	// Create Tracee gRPC client
-	var traceeClient client.ServiceClient // tracee client
-
+	var traceeClient client.ServiceClient
 	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
-		return // Exit on error
+		return
 	}
-
-	// Iterate over event names and enable each one
-
 	_, err := traceeClient.EnableEvent(context.Background(), &pb.EnableEventRequest{Name: eventName})
 	if err != nil {
 		cmd.PrintErrln("Error enabling event:", err)
@@ -176,11 +148,10 @@ func enableEvents(cmd *cobra.Command, eventName string) {
 }
 
 func disableEvents(cmd *cobra.Command, eventName string) {
-	// Create Tracee gRPC client
 	var traceeClient client.ServiceClient
 	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
-		return // Exit on error
+		return
 	}
 	_, err := traceeClient.DisableEvent(context.Background(), &pb.DisableEventRequest{Name: eventName})
 	if err != nil {
diff --git a/cmd/traceectl/cmd/event_test.go b/cmd/traceectl/cmd/event_test.go
index ab33decd3002..7ef0d273b532 100644
--- a/cmd/traceectl/cmd/event_test.go
+++ b/cmd/traceectl/cmd/event_test.go
@@ -16,16 +16,12 @@ func TestEvent(t *testing.T) {
 			ExpectedPrinter: nil,
 			ExpectedError:   fmt.Errorf("requires at least 1 arg(s), only received 0"),
 		},
-
-		//event list
 		{
 			TestName:        "events list",
 			OutputSlice:     []string{"event", "list", "--format", "json"},
 			ExpectedPrinter: "",
 			ExpectedError:   nil,
 		},
-
-		//event describe
 		{
 			TestName:        "No events describe",
 			OutputSlice:     []string{"event", "describe", "--format", "json"},
@@ -38,13 +34,11 @@ func TestEvent(t *testing.T) {
 			ExpectedPrinter: "event_test1",
 			ExpectedError:   nil,
 		},
-		//event enable
 		{
 			TestName:        "No events enable",
 			OutputSlice:     []string{"event", "enable"},
 			ExpectedPrinter: nil,
-			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"), // Update expected output
-
+			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"),
 		},
 		{
 			TestName:        "enable event",
@@ -52,12 +46,11 @@ func TestEvent(t *testing.T) {
 			ExpectedPrinter: "Enabled event: event",
 			ExpectedError:   nil,
 		},
-		//event disable
 		{
 			TestName:        "No disable events",
 			OutputSlice:     []string{"event", "disable"},
 			ExpectedPrinter: nil,
-			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"), // Update expected output
+			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"),
 		},
 		{
 			TestName:        "disable event",
@@ -65,10 +58,7 @@ func TestEvent(t *testing.T) {
 			ExpectedPrinter: "Disabled event: event",
 			ExpectedError:   nil,
 		},
-		//event run
-		//TODO: add test when support run is added
 	}
-
 	for _, testCase := range eventTests {
 		t.Run(testCase.TestName, func(t *testing.T) { test.TestCommand(t, testCase, rootCmd) })
 	}
diff --git a/cmd/traceectl/cmd/plugin.go b/cmd/traceectl/cmd/plugin.go
index 24ac6941cfd7..7b9e5b12d5b6 100644
--- a/cmd/traceectl/cmd/plugin.go
+++ b/cmd/traceectl/cmd/plugin.go
@@ -1,6 +1,3 @@
-/*
-Copyright © 2024 NAME HERE <EMAIL ADDRESS>
-*/
 package cmd
 
 import (
@@ -9,10 +6,9 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// pluginCmd represents the plugin command
 var pluginCmd = &cobra.Command{
 	Use:   "plugin",
-	Short: "plugin management for traceectl",
+	Short: "Plugin management for traceectl",
 	Long: `Plugin Management:
   	- traceectl plugin install --name <plugin_name> --repo <repository_url>
   	- traceectl plugin list
@@ -31,7 +27,7 @@ func init() {
 
 var pluginInstallCmd = &cobra.Command{
 	Use:   "install",
-	Short: "install a plugin from a remote repository",
+	Short: "Install a plugin from a remote repository",
 	Long: `Install a plugin from a remote repository:	
   	- traceectl plugin install --name <plugin_name> --repo <repository_url>
 `,
@@ -42,7 +38,7 @@ var pluginInstallCmd = &cobra.Command{
 
 var pluginListCmd = &cobra.Command{
 	Use:   "list",
-	Short: "list installed plugins",
+	Short: "List installed plugins",
 	Long:  `List all installed plugins.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("list called")
@@ -51,7 +47,7 @@ var pluginListCmd = &cobra.Command{
 
 var pluginUninstallCmd = &cobra.Command{
 	Use:   "uninstall <plugin_name>",
-	Short: "uninstall a plugin",
+	Short: "Uninstall a plugin",
 	Long:  `Uninstalls a plugin by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("uninstall called")
diff --git a/cmd/traceectl/cmd/plugin_test.go b/cmd/traceectl/cmd/plugin_test.go
deleted file mode 100644
index 4a1da846845e..000000000000
--- a/cmd/traceectl/cmd/plugin_test.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package cmd
-
-// import (
-// 	"bytes"
-// 	"testing"
-// 	"time"
-
-// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
-// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
-// )
-
-// var pluginTests = []models.TestCase{
-// 	{
-// 		Name:           "No plugin subcommand",
-// 		Args:           []string{"plugin"},
-// 		ExpectedOutput: "Error: requires at least 1 arg(s), only received 0\n", // Update expected output
-// 	},
-// }
-
-// func TestPluginCmd(t *testing.T) {
-// 	// Start the mock server
-// 	mockServer, err := mock.StartMockServer()
-// 	if err != nil {
-// 		t.Fatalf("Failed to start mock server: %v", err)
-// 	}
-// 	defer mockServer.Stop() // Ensure the server is stopped after the test
-
-// 	// Wait for the server to start
-// 	time.Sleep(100 * time.Millisecond)
-
-// 	for _, test := range pluginTests {
-// 		t.Run(test.Name, func(t *testing.T) {
-// 			// Capture output
-// 			var buf bytes.Buffer
-// 			rootCmd := GetRootCmd()
-// 			rootCmd.SetOut(&buf)
-// 			rootCmd.SetErr(&buf)
-
-// 			// Set arguments for the test
-// 			rootCmd.SetArgs(test.Args)
-
-// 			// Execute the command
-// 			if err := rootCmd.Execute(); err != nil {
-// 				t.Error(t, err)
-// 			}
-
-// 			// Validate output and error (if any)
-// 			output := buf.String()
-
-// 			if output != test.ExpectedOutput {
-// 				t.Errorf("Expected output: %s, got: %s", test.ExpectedOutput, output)
-// 			}
-// 		})
-// 	}
-// }
diff --git a/cmd/traceectl/cmd/policy.go b/cmd/traceectl/cmd/policy.go
index 0d07aad7fb1e..356f8d75b269 100644
--- a/cmd/traceectl/cmd/policy.go
+++ b/cmd/traceectl/cmd/policy.go
@@ -1,6 +1,3 @@
-/*
-Copyright © 2024 NAME HERE <EMAIL ADDRESS>
-*/
 package cmd
 
 import (
@@ -9,10 +6,9 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// policyCmd represents the policy command
 var policyCmd = &cobra.Command{
 	Use:   "policy",
-	Short: "policy management for traceectl",
+	Short: "Policy management for traceectl",
 	Long: `Policy Management:
   	- traceectl policy create <policy_file>
   	- traceectl policy describe <policy_name>
@@ -39,7 +35,7 @@ func init() {
 
 var createCmd = &cobra.Command{
 	Use:   "create <policy_file>",
-	Short: "create a policy",
+	Short: "Create a policy",
 	Long:  `Creates a new policy from the YAML file specified by  < policy_file > .`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("create called")
@@ -47,7 +43,7 @@ var createCmd = &cobra.Command{
 }
 var describePolicyCmd = &cobra.Command{
 	Use:   "describe <policy_name>",
-	Short: "describe a policy",
+	Short: "Describe a policy",
 	Long:  `Retrieves the details of a specific policy by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("describe called")
@@ -56,7 +52,7 @@ var describePolicyCmd = &cobra.Command{
 
 var listPolicyCmd = &cobra.Command{
 	Use:   "list",
-	Short: "list policies",
+	Short: "List policies",
 	Long:  `Lists all available policies, providing a brief summary of each.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("list called")
@@ -74,7 +70,7 @@ var updateCmd = &cobra.Command{
 
 var deleteCmd = &cobra.Command{
 	Use:   "delete <policy_name>",
-	Short: "delete a policy",
+	Short: "Delete a policy",
 	Long:  `Removes a policy by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("delete called")
@@ -83,7 +79,7 @@ var deleteCmd = &cobra.Command{
 
 var enableCmd = &cobra.Command{
 	Use:   "enable <policy_name>",
-	Short: "enable a policy",
+	Short: "Enable a policy",
 	Long:  `Enables a policy by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("enable called")
@@ -92,7 +88,7 @@ var enableCmd = &cobra.Command{
 
 var disableCmd = &cobra.Command{
 	Use:   "disable <policy_name>",
-	Short: "disable a policy",
+	Short: "Disable a policy",
 	Long:  `Disables a policy by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("disable called")
diff --git a/cmd/traceectl/cmd/policy_test.go b/cmd/traceectl/cmd/policy_test.go
deleted file mode 100644
index ac25b3344b70..000000000000
--- a/cmd/traceectl/cmd/policy_test.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package cmd
-
-// import (
-// 	"bytes"
-// 	"testing"
-// 	"time"
-
-// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
-// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
-// )
-
-// var policyTests = []models.TestCase{
-// 	{
-// 		Name:           "No policy subcommand",
-// 		Args:           []string{"policy"},
-// 		ExpectedOutput: "Error: requires at least 1 arg(s), only received 0\n", // Update expected output
-// 	},
-// }
-
-// func TestPolicyCmd(t *testing.T) {
-// 	// Start the mock server
-// 	mockServer, err := mock.StartMockServer()
-// 	if err != nil {
-// 		t.Fatalf("Failed to start mock server: %v", err)
-// 	}
-// 	defer mockServer.Stop() // Ensure the server is stopped after the test
-
-// 	// Wait for the server to start
-// 	time.Sleep(100 * time.Millisecond)
-
-// 	for _, test := range policyTests {
-// 		t.Run(test.Name, func(t *testing.T) {
-// 			// Capture output
-// 			var buf bytes.Buffer
-// 			rootCmd := GetRootCmd()
-// 			rootCmd.SetOut(&buf)
-// 			rootCmd.SetErr(&buf)
-
-// 			// Set arguments for the test
-// 			rootCmd.SetArgs(test.Args)
-
-// 			// Execute the command
-// 			if err := rootCmd.Execute(); err != nil {
-// 				t.Error(t, err)
-// 			}
-
-// 			// Validate output and error (if any)
-// 			output := buf.String()
-
-// 			if output != test.ExpectedOutput {
-// 				t.Errorf("Expected output: %s, got: %s", test.ExpectedOutput, output)
-// 			}
-// 		})
-// 	}
-// }
diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index 7993a047e2cd..13f71c5f3f75 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -30,14 +30,11 @@ var (
 )
 
 func init() {
-
-	// commands
 	rootCmd.AddCommand(streamCmd)
 	rootCmd.AddCommand(eventCmd)
 	rootCmd.AddCommand(pluginCmd)
 	rootCmd.AddCommand(policyCmd)
 
-	//other commends
 	rootCmd.AddCommand(connectCmd)
 	rootCmd.AddCommand(metricsCmd)
 	rootCmd.AddCommand(diagnoseCmd)
@@ -46,10 +43,6 @@ func init() {
 	rootCmd.AddCommand(configCmd)
 	rootCmd.AddCommand(versionCmd)
 
-	//one global flag for server connection(connection Type: tcp or unix socket)
-	//no default for tcp, only for unix socket
-	//for tcp <IP:Port>
-	//for unix socket <socket_path>
 	rootCmd.PersistentFlags().StringVar(&serverInfo.ADDR, "server", client.SOCKET, `Server connection path or address.
 	for unix socket <socket_path> (default: /tmp/tracee.sock)
 	for tcp <IP:Port>`)
@@ -104,37 +97,31 @@ var configCmd = &cobra.Command{
 
 var versionCmd = &cobra.Command{
 	Use:   "version",
-	Short: "display the version of tracee",
-	Long:  "this is the version of tracee application you connected to",
+	Short: "Display the version of tracee",
+	Long:  "This is the version of tracee application you connected to",
 	Run: func(cmd *cobra.Command, args []string) {
 		displayVersion(cmd, args)
 	},
 }
 
-// run root command
 func Execute() {
 	if err := rootCmd.Execute(); err != nil {
 		os.Exit(1)
 	}
 }
 
-// displayMetrics fetches and prints Tracee metrics
 func displayMetrics(cmd *cobra.Command, _ []string) {
 	var traceeClient client.DiagnosticClient
-	//create service client
 	if err := traceeClient.NewDiagnosticClient(serverInfo); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
 	defer traceeClient.CloseConnection()
-	//get metrics
 	response, err := traceeClient.GetMetrics(context.Background(), &pb.GetMetricsRequest{})
 	if err != nil {
 		cmd.PrintErrln("Error getting metrics: ", err)
 		return
 	}
-
-	// Display the metrics
 	cmd.Println("EventCount:", response.EventCount)
 	cmd.Println("EventsFiltered:", response.EventsFiltered)
 	cmd.Println("NetCapCount:", response.NetCapCount)
@@ -147,21 +134,18 @@ func displayMetrics(cmd *cobra.Command, _ []string) {
 }
 
 func displayVersion(cmd *cobra.Command, _ []string) {
-	//create service client
 	var traceeClient client.ServiceClient
 	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
 	defer traceeClient.CloseConnection()
-	//get version
 	response, err := traceeClient.GetVersion(context.Background(), &pb.GetVersionRequest{})
 
 	if err != nil {
 		cmd.PrintErrln("Error getting version: ", err)
 		return
 	} else {
-		//display version
 		cmd.Println("Version: ", response.Version)
 	}
 }
diff --git a/cmd/traceectl/cmd/root_test.go b/cmd/traceectl/cmd/root_test.go
deleted file mode 100644
index 2fd8c052aa3e..000000000000
--- a/cmd/traceectl/cmd/root_test.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package cmd
-
-// import (
-// 	"bytes"
-// 	"strings"
-// 	"testing"
-// 	"time"
-
-// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
-// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
-// )
-
-// var rootTests = []models.TestCase{
-// 	{
-// 		Name:           "version",
-// 		Args:           []string{"version"},
-// 		ExpectedOutput: mock.ExpectedVersion,
-// 	},
-// 	{
-// 		Name: "metrics",
-// 		Args: []string{"metrics"},
-// 		ExpectedOutput: (func() string {
-// 			str := mock.ExpectedMetrics.String()      // convert to string
-// 			str = strings.ReplaceAll(str, "  ", "\n") // add newlines
-// 			str = strings.ReplaceAll(str, ":", ": ")  // add spaces
-// 			return str
-// 		})(),
-// 	},
-// }
-
-// func TestRootCmd(t *testing.T) {
-// 	// Start the mock server
-// 	mockServer, err := mock.StartMockServer()
-// 	if err != nil {
-// 		t.Fatalf("Failed to start mock server: %v", err)
-// 	}
-// 	defer mockServer.Stop() // Ensure the server is stopped after the test
-
-// 	// Wait for the server to start
-// 	time.Sleep(100 * time.Millisecond)
-
-// 	for _, test := range rootTests {
-// 		t.Run(test.Name, func(t *testing.T) {
-// 			// Capture output
-// 			var buf bytes.Buffer
-// 			rootCmd := GetRootCmd()
-// 			rootCmd.SetOut(&buf)
-// 			rootCmd.SetErr(&buf)
-
-// 			// Set arguments for the test
-// 			rootCmd.SetArgs(test.Args)
-
-// 			// Execute the command
-// 			if err := rootCmd.Execute(); err != nil {
-// 				t.Error(t, err)
-// 			}
-
-// 			// Validate output and error (if any)
-// 			output := buf.String()
-
-// 			if !strings.Contains(output, test.ExpectedOutput.(string)) {
-// 				t.Errorf("Expected output:\n%s\ngot:\n%s", test.ExpectedOutput, output)
-// 			}
-// 		})
-// 	}
-// }
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index 62f6f32555e3..5c3fbfc98955 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -32,7 +32,6 @@ var streamCmd = &cobra.Command{
 }
 
 func init() {
-	//subcommands
 	streamCmd.AddCommand(createStreamCmd)
 	streamCmd.AddCommand(describeStreamCmd)
 	streamCmd.AddCommand(listStreamCmd)
@@ -42,9 +41,7 @@ func init() {
 	streamCmd.AddCommand(setDefaultStreamCmd)
 	streamCmd.AddCommand(pauseStreamCmd)
 	streamCmd.AddCommand(resumeStreamCmd)
-	//stream events flags
 	streamCmd.Flags().StringVarP(&streamFormatFlag, "format", "f", formatter.FormatJSON, "Output format (json|table|template)")
-	// only support stdout for now
 	streamCmd.Flags().StringVarP(&streamOutputFlag, "output", "o", "stdout", "Output destination ")
 }
 
@@ -58,7 +55,7 @@ var createStreamCmd = &cobra.Command{
 
 var describeStreamCmd = &cobra.Command{
 	Use:   "describe <stream_name>",
-	Short: "describe a stream",
+	Short: "Describe a stream",
 	Long:  `Retrieves the details of a specific stream by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
@@ -66,7 +63,7 @@ var describeStreamCmd = &cobra.Command{
 
 var listStreamCmd = &cobra.Command{
 	Use:   "list",
-	Short: "list streams",
+	Short: "List streams",
 	Long:  `Lists all available streams, providing a brief summary of each.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
@@ -74,7 +71,7 @@ var listStreamCmd = &cobra.Command{
 
 var updateStreamCmd = &cobra.Command{
 	Use:   "update <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]",
-	Short: "update a stream",
+	Short: "Update a stream",
 	Long:  `Updates a stream by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
@@ -82,7 +79,7 @@ var updateStreamCmd = &cobra.Command{
 
 var deleteStreamCmd = &cobra.Command{
 	Use:   "delete <stream_name>",
-	Short: "delete a stream",
+	Short: "Delete a stream",
 	Long:  `Deletes a stream by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
@@ -90,7 +87,7 @@ var deleteStreamCmd = &cobra.Command{
 
 var connectStreamCmd = &cobra.Command{
 	Use:   "connect <stream_name>",
-	Short: "connect a stream",
+	Short: "Connect a stream",
 	Long:  `Connects a stream by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
@@ -98,7 +95,7 @@ var connectStreamCmd = &cobra.Command{
 
 var setDefaultStreamCmd = &cobra.Command{
 	Use:   "set-default <stream_name>",
-	Short: "set default stream",
+	Short: "Set default stream",
 	Long:  `Sets a stream as the default stream.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
@@ -106,7 +103,7 @@ var setDefaultStreamCmd = &cobra.Command{
 
 var pauseStreamCmd = &cobra.Command{
 	Use:   "pause <stream_name>",
-	Short: "pause a stream",
+	Short: "Pause a stream",
 	Long:  `Pauses a stream by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
@@ -114,15 +111,14 @@ var pauseStreamCmd = &cobra.Command{
 
 var resumeStreamCmd = &cobra.Command{
 	Use:   "resume <stream_name>",
-	Short: "resume a stream",
+	Short: "Resume a stream",
 	Long:  `Resumes a stream by its name.`,
 	Run: func(cmd *cobra.Command, args []string) {
 	},
 }
 
-// stream events directly from tracee
 func stream(cmd *cobra.Command, args []string) {
-	// Create service client
+
 	var traceeClient client.ServiceClient
 	err := traceeClient.NewServiceClient(serverInfo)
 	if err != nil {
@@ -130,22 +126,17 @@ func stream(cmd *cobra.Command, args []string) {
 		return
 	}
 	defer traceeClient.CloseConnection()
-
-	// create stream from client
 	req := &pb.StreamEventsRequest{Policies: args}
 	stream, err := traceeClient.StreamEvents(cmd.Context(), req)
 	if err != nil {
 		cmd.PrintErrln("Error calling Stream: ", err)
 		return
 	}
-
-	//create formatter for output
 	format, err := formatter.New(streamFormatFlag, streamOutputFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return
 	}
-	//show events
 	printer.StreamEvents(format, args, stream)
 
 }
diff --git a/cmd/traceectl/cmd/stream_test.go b/cmd/traceectl/cmd/stream_test.go
deleted file mode 100644
index 28c970147ee0..000000000000
--- a/cmd/traceectl/cmd/stream_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package cmd
-
-// import (
-// 	"bytes"
-// 	"strings"
-// 	"testing"
-// 	"time"
-
-// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
-// 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
-// 	pb "github.com/aquasecurity/tracee/api/v1beta1"
-// )
-
-// // test run the mock server and start the stream command
-// // currently stream can connect to the server and print the output of events to the stream
-// var streamTests = []models.TestCase{
-// 	{
-// 		Name:           "No subcommand",
-// 		Args:           []string{"stream"},
-// 		ExpectedOutput: mock.CreateEventsFromPolicies([]string{""}),
-// 	},
-// 	//TODO: add tests for subcommands
-// }
-
-// func TestStreamEvent(t *testing.T) {
-// 	for _, test := range streamTests {
-// 		t.Run(test.Name, func(t *testing.T) {
-// 			// Start the mock server
-// 			mockServer, err := mock.StartMockServer()
-// 			if err != nil {
-// 				t.Fatalf("Failed to start mock server: %v", err)
-// 			}
-// 			defer mockServer.Stop() // Ensure the server is stopped after the test
-
-// 			// Wait for the server to start
-// 			time.Sleep(100 * time.Millisecond)
-
-// 			// Capture output
-// 			var buf bytes.Buffer
-// 			rootCmd.SetOut(&buf)
-// 			rootCmd.SetErr(&buf)
-
-// 			// Set arguments for the test
-// 			rootCmd.SetArgs(test.Args)
-
-// 			// Execute the command
-// 			if err := rootCmd.Execute(); err != nil {
-// 				t.Fatalf("Execute() failed: %v", err)
-// 			}
-
-// 			// Get the expected output
-// 			if expectedEvents, ok := test.ExpectedOutput.([]*pb.StreamEventsResponse); ok {
-// 				// Split the actual output by newlines
-// 				actualEvents := strings.Split(strings.TrimSpace(buf.String()), "\n")
-// 				// Check if the number of events match
-// 				if len(actualEvents) != len(expectedEvents) {
-// 					t.Errorf("Expected %d events, got %d", len(expectedEvents), len(actualEvents))
-// 					return
-// 				}
-
-// 				// Compare each event
-// 				for i, expected := range expectedEvents {
-// 					if actualEvents[i] != expected.Event.String() {
-// 						t.Errorf("Expected event %d: %q\nGot: %q", i, expected.Event.String(), actualEvents[i])
-// 					}
-// 				}
-// 			} else {
-// 				t.Errorf("Type assertion failed, expected output is not []*pb.StreamEventsResponse: %v", test.ExpectedOutput)
-// 			}
-// 		})
-// 	}
-// }
diff --git a/cmd/traceectl/pkg/client/client.go b/cmd/traceectl/pkg/client/client.go
index c61c14dcefd4..27d7b328584c 100644
--- a/cmd/traceectl/pkg/client/client.go
+++ b/cmd/traceectl/pkg/client/client.go
@@ -10,26 +10,20 @@ import (
 	"google.golang.org/grpc/credentials/insecure"
 )
 
-// github.com/aquasecurity/tracee/cmd/traceectl holds the gRPC connection and service client.
 const (
-	// unix socket
 	PROTOCOL_UNIX = "unix"
 	PROTOCOL_TCP  = "tcp"
 	SOCKET        = "/tmp/tracee.sock"
 )
 
 type ServerInfo struct {
-	ConnectionType string // Field to specify connection type (e.g., "unix" or "tcp")
-	ADDR           string // Address for the connection // Path for the Unix socket, if using Unix connection or IP and port for tcp
+	ConnectionType string
+	ADDR           string
 }
 
-// this function use grpc to connect the server
-// it can connect to the server with tcp stream or unix socket
 func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
 	var opts []grpc.DialOption
 	opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
-
-	// Use switch case to determine connection type
 	var conn *grpc.ClientConn
 	var err error
 	err = determineConnectionType(serverInfo)
@@ -38,7 +32,6 @@ func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
 	}
 	switch serverInfo.ConnectionType {
 	case PROTOCOL_UNIX:
-		// Dial a Unix socket
 		address := fmt.Sprintf("unix://%s", serverInfo.ADDR)
 		conn, err = grpc.NewClient(address, opts...)
 
@@ -47,7 +40,6 @@ func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
 			return nil, err
 		}
 	case PROTOCOL_TCP:
-		// Dial a TCP address
 		address := fmt.Sprintf(serverInfo.ADDR)
 		conn, err = grpc.NewClient(address, opts...)
 
@@ -68,12 +60,10 @@ func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
 
 func determineConnectionType(serverInfo ServerInfo) error {
 	if strings.Contains(serverInfo.ADDR, ":") && isValidTCPAddress(serverInfo.ADDR) {
-		// It's a TCP address
 		serverInfo.ConnectionType = PROTOCOL_TCP
 		return nil
 	}
 	if strings.HasPrefix(serverInfo.ADDR, "/") {
-		// It's a Unix socket path
 		serverInfo.ConnectionType = PROTOCOL_UNIX
 		return nil
 	}
@@ -81,15 +71,11 @@ func determineConnectionType(serverInfo ServerInfo) error {
 	return fmt.Errorf("unsupported connection type: %s", serverInfo.ADDR)
 
 }
-
-// isValidTCPAddress checks if the address is a valid IP:PORT format
 func isValidTCPAddress(addr string) bool {
 	host, port, err := net.SplitHostPort(addr)
 	if err != nil || host == "" || port == "" {
 		return false
 	}
-
-	// Validate port number
 	if _, err := net.LookupPort("tcp", port); err != nil {
 		return false
 	}
diff --git a/cmd/traceectl/pkg/client/diagnostic.go b/cmd/traceectl/pkg/client/diagnostic.go
index 3d7fdaa53540..915523e61663 100644
--- a/cmd/traceectl/pkg/client/diagnostic.go
+++ b/cmd/traceectl/pkg/client/diagnostic.go
@@ -8,40 +8,27 @@ import (
 	"google.golang.org/grpc"
 )
 
-// github.com/aquasecurity/tracee/cmd/traceectl holds the gRPC connection and diagnostic client.
 type DiagnosticClient struct {
 	conn   *grpc.ClientConn
 	client pb.DiagnosticServiceClient
 }
 
-// Newgithub.com/aquasecurity/tracee/cmd/traceectl initializes a new gRPC client connection.
 func (tc *DiagnosticClient) NewDiagnosticClient(serverInfo ServerInfo) error {
-	// Connect to the server and handle errors properly
 	conn, err := connectToServer(serverInfo)
 	if err != nil {
 		return err
 	}
-
-	// Store the connection and create the service client
 	tc.conn = conn
 	tc.client = pb.NewDiagnosticServiceClient(conn)
 
 	return nil
 }
-
-// Close the gRPC connection.
 func (tc *DiagnosticClient) CloseConnection() {
 	if err := tc.conn.Close(); err != nil {
 		log.Printf("Failed to close connection: %v", err)
 		return
 	}
 }
-
-/*
-if you want to add new options to the client, under this section is where you should add them
-*/
-
-// sends a GetMetrics request to the server.
 func (tc *DiagnosticClient) GetMetrics(ctx context.Context, req *pb.GetMetricsRequest) (*pb.GetMetricsResponse, error) {
 	return tc.client.GetMetrics(ctx, req)
 }
diff --git a/cmd/traceectl/pkg/client/service.go b/cmd/traceectl/pkg/client/service.go
index f8410c428452..7800b795206e 100644
--- a/cmd/traceectl/pkg/client/service.go
+++ b/cmd/traceectl/pkg/client/service.go
@@ -13,34 +13,22 @@ type ServiceClient struct {
 	client pb.TraceeServiceClient
 }
 
-// New github.com/aquasecurity/tracee/cmd/traceectl initializes a new gRPC client connection.
 func (tc *ServiceClient) NewServiceClient(serverInfo ServerInfo) error {
-	// Connect to the server and handle errors properly
 	conn, err := connectToServer(serverInfo)
 	if err != nil {
 		return err
 	}
-
-	// Store the connection and create the service client
 	tc.conn = conn
 	tc.client = pb.NewTraceeServiceClient(conn)
 
 	return nil
 }
-
-// Close the gRPC connection.
 func (tc *ServiceClient) CloseConnection() {
 	if err := tc.conn.Close(); err != nil {
 		log.Printf("Failed to close connection: %v", err)
 		return
 	}
 }
-
-/*
-if you want to add new options to the client, under this section is where you should add them
-*/
-
-// sends a GetVersion request to the server.
 func (tc *ServiceClient) GetVersion(ctx context.Context, req *pb.GetVersionRequest) (*pb.GetVersionResponse, error) {
 	return tc.client.GetVersion(ctx, req)
 }
diff --git a/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go b/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
index aa85827dffd4..da04a61068bb 100644
--- a/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
+++ b/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
@@ -4,18 +4,14 @@ import (
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
 )
 
-// PrintJSON prints an event in JSON format
 func (f *Formatter) PrintStreamJSON(event *pb.Event) {
-	//TODO: add more output formats
 	f.CMD.Printf("%s", event.String())
 }
 
 func (f *Formatter) PrintEventListJSON(list *pb.GetEventDefinitionsResponse) {
-	//TODO: add more output formats
 	f.CMD.Printf("%s", list.String())
 }
 
 func (f *Formatter) PrintEventDescriptionJSON(description *pb.GetEventDefinitionsResponse) {
-	//TODO: add more output formats
 	f.CMD.Printf("%s", description.String())
 }
diff --git a/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go b/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
index c2f176de7c49..53b787b34580 100644
--- a/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
+++ b/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
@@ -32,8 +32,6 @@ func (f *Formatter) PrintStreamTableRow(event *pb.Event) {
 	)
 
 }
-
-// generate event data
 func getEventData(data []*pb.EventValue) string {
 	var result []string
 	for _, ev := range data {
@@ -44,8 +42,6 @@ func getEventData(data []*pb.EventValue) string {
 func getEventName(ev *pb.EventValue) string {
 	return strings.ToUpper(ev.Name[0:1]) + ev.Name[1:] + ": "
 }
-
-// generate event value
 func getEventValue(ev *pb.EventValue) string {
 	switch v := ev.Value.(type) {
 	case *pb.EventValue_Int32:
@@ -68,9 +64,7 @@ func getEventValue(ev *pb.EventValue) string {
 		return fmt.Sprintf("%v", v.Int32Array.Value)
 	case *pb.EventValue_UInt64Array:
 		return fmt.Sprintf("%v", v.UInt64Array.Value)
-		//TODO: add more types
 	default:
-		// if data type not supported yet
 		return "unknown"
 	}
 }
@@ -79,8 +73,6 @@ func (f *Formatter) PrintEventListTable(response *pb.GetEventDefinitionsResponse
 	tbl := createTable(f)
 	tbl.SetHeaders("ID", "Name", "Version", "Tags")
 	for _, event := range response.Definitions {
-		// Check if the optional field Threat is set (non-nil)
-
 		tbl.AddRow(
 			fmt.Sprintf("%d", event.Id),
 			event.Name,
@@ -96,8 +88,6 @@ func (f *Formatter) PrintEventDescriptionTable(response *pb.GetEventDefinitionsR
 	tbl := createTable(f)
 	tbl.SetHeaders("ID", "Name", "Version", "Tags", "Description")
 	for _, event := range response.Definitions {
-		// Check if the optional field Threat is set (non-nil)
-
 		tbl.AddRow(
 			fmt.Sprintf("%d", event.Id),
 			event.Name,
@@ -112,27 +102,21 @@ func (f *Formatter) PrintEventDescriptionTable(response *pb.GetEventDefinitionsR
 
 func createTable(f *Formatter) *table.Table {
 	if (f.Output != "") && (f.Output != "stdout") {
-		/// Validate the file path
 		if f.Output == "" || strings.TrimSpace(f.Output) == "" {
 			fmt.Errorf("Output file path is empty or invalid")
 			return nil
 		}
-
-		// Ensure parent directories exist
 		dir := filepath.Dir(f.Output)
 		if err := os.MkdirAll(dir, 0755); err != nil {
 			fmt.Errorf("failed to create directories for output file: %v", err)
 			return nil
 		}
-
-		// Create or open the file
 		file, err := os.Create(f.Output)
 		if err != nil {
 			fmt.Errorf("failed to open output file: %v", err)
 			return nil
 		}
 		tbl := table.New(file)
-		// Make sure to close the file after execution
 		f.CMD.PersistentPostRun = func(cmd *cobra.Command, args []string) {
 			file.Close()
 		}
diff --git a/cmd/traceectl/pkg/cmd/formatter/formatter.go b/cmd/traceectl/pkg/cmd/formatter/formatter.go
index 26d61c501f7f..72b41d51ba61 100644
--- a/cmd/traceectl/pkg/cmd/formatter/formatter.go
+++ b/cmd/traceectl/pkg/cmd/formatter/formatter.go
@@ -13,11 +13,8 @@ const (
 	FormatJSON  = "json"
 	FormatTable = "table"
 	FormatGoTpl = "gotemplate"
-
-	// DefaultOutput is the default output format
 )
 
-// SupportedFormats is a slice of all supported format types
 var SupportedFormats = []string{FormatJSON, FormatTable, FormatGoTpl}
 
 type Formatter struct {
@@ -39,8 +36,6 @@ func New(format string, output string, cmd *cobra.Command) (*Formatter, error) {
 		CMD:    cmd,
 	}, nil
 }
-
-// containsFormat checks if a format is in the SupportedFormats slice
 func containsFormat(format string) bool {
 	for _, f := range SupportedFormats {
 		if f == format {
@@ -51,18 +46,13 @@ func containsFormat(format string) bool {
 }
 func initOutput(cmd *cobra.Command, output string) error {
 	if (output != "") && (output != "stdout") {
-		/// Validate the file path
 		if output == "" || strings.TrimSpace(output) == "" {
 			return fmt.Errorf("output file path is empty or invalid")
 		}
-
-		// Ensure parent directories exist
 		dir := filepath.Dir(output)
 		if err := os.MkdirAll(dir, 0755); err != nil {
 			return fmt.Errorf("failed to create directories for output file: %v", err)
 		}
-
-		// Create or open the file
 		file, err := os.Create(output)
 		if err != nil {
 			return fmt.Errorf("failed to open output file: %v", err)
@@ -70,15 +60,9 @@ func initOutput(cmd *cobra.Command, output string) error {
 
 		cmd.SetOut(file)
 		cmd.SetErr(file)
-		// Make sure to close the file after execution
 		cmd.PersistentPostRun = func(cmd *cobra.Command, args []string) {
 			file.Close()
 		}
-	} else {
-		// If no file is specified, use stdout
-		//NOTE: those commands brakes test do nothing
-		//cmd.SetOut(os.Stdout)
-		//cmd.SetErr(os.Stderr)
 	}
 	return nil
 }
diff --git a/cmd/traceectl/pkg/cmd/printer/printer.go b/cmd/traceectl/pkg/cmd/printer/printer.go
index f5b025a36a72..59d5174eaa22 100644
--- a/cmd/traceectl/pkg/cmd/printer/printer.go
+++ b/cmd/traceectl/pkg/cmd/printer/printer.go
@@ -6,31 +6,24 @@ import (
 )
 
 func StreamEvents(format *formatter.Formatter, args []string, stream pb.TraceeService_StreamEventsClient) {
-
-	//add check for the output flag
 	//TODO:support only table and json format for now
 	switch format.Format {
 	case formatter.FormatJSON:
 		jsonStreamEvents(args, stream, format)
 	case formatter.FormatTable:
 		tableStreamEvents(args, stream, format)
-	case formatter.FormatGoTpl: // gotemplate
+	case formatter.FormatGoTpl:
 		fallthrough
 	default:
 		format.CMD.PrintErrln("Error: output format not supported")
 		return
 	}
 }
-
-// tableStreamEvents prints events in a table format
 func tableStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, tbl *formatter.Formatter) {
-	// Init table header before streaming starts
 	tbl.PrintSteamTableHeaders()
-	// Receive and process streamed responses
 	for {
 		res, err := stream.Recv()
 		if err != nil {
-			// Handle the error that occurs when the server closes the stream
 			if err.Error() == "EOF" {
 				break
 			}
@@ -40,9 +33,7 @@ func tableStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, t
 
 	}
 }
-
-// jsonStreamEvents prints events in json format
-func jsonStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, tbl *formatter.Formatter) { // Receive and process streamed responses
+func jsonStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, tbl *formatter.Formatter) {
 	for {
 		res, err := stream.Recv()
 		if err != nil {
@@ -58,13 +49,12 @@ func jsonStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, tb
 }
 
 func ListEvents(format *formatter.Formatter, args []string, response *pb.GetEventDefinitionsResponse) {
-	//this can add support for other output formats
 	switch format.Format {
 	case formatter.FormatJSON:
 		jsonListEvent(format, args, response)
 	case formatter.FormatTable:
 		tableListEvent(format, args, response)
-	case formatter.FormatGoTpl: // gotemplate
+	case formatter.FormatGoTpl:
 		fallthrough
 	default:
 		format.CMD.PrintErrln("Error: output format not supported")
@@ -80,13 +70,12 @@ func jsonListEvent(format *formatter.Formatter, _ []string, response *pb.GetEven
 	format.PrintEventListJSON(response)
 }
 func DescribeEvent(format *formatter.Formatter, args []string, response *pb.GetEventDefinitionsResponse) {
-	//this can add support for other output formats
 	switch format.Format {
 	case formatter.FormatJSON:
 		jsonDescribeEvent(format, args, response)
 	case formatter.FormatTable:
 		tableDescribeEvent(format, args, response)
-	case formatter.FormatGoTpl: // gotemplate
+	case formatter.FormatGoTpl:
 		fallthrough
 	default:
 		format.CMD.PrintErrln("Error: output format not supported")
diff --git a/cmd/traceectl/pkg/cmd/test/test.go b/cmd/traceectl/pkg/cmd/test/test.go
index 2efd765ffbdf..bd63eaa95669 100644
--- a/cmd/traceectl/pkg/cmd/test/test.go
+++ b/cmd/traceectl/pkg/cmd/test/test.go
@@ -13,47 +13,34 @@ import (
 )
 
 func runMockServer(t *testing.T) *grpc.Server {
-	// Start the mock server
 	mockServer, err := mock.StartMockServer()
 	if err != nil {
 		t.Fatalf("Failed to start mock server: %v", err)
 	}
-
-	// Wait for the server to start
 	time.Sleep(100 * time.Millisecond)
 	return mockServer
 }
 func TestCommand(t *testing.T, testCase models.TestCase, rootCmd *cobra.Command) {
 	server := runMockServer(t)
-	defer server.Stop() // Ensure the server is stopped after the test
-
-	// Capture output
+	defer server.Stop()
 	var buf bytes.Buffer
 	rootCmd.SetOut(&buf)
 	rootCmd.SetErr(&buf)
-
-	// Set arguments for the test
 	rootCmd.SetArgs(testCase.OutputSlice)
-
-	// Execute the command
 	err := rootCmd.Execute()
 	output := buf.String()
 	if err != nil && testCase.ExpectedError == nil {
 		t.Errorf("Unexpected error for test %s: %v", testCase.TestName, err)
 		return
 	}
-
-	// Check if an error was expected but none occurred
 	if err == nil && testCase.ExpectedError != nil {
 		t.Errorf("Expected error for test %s but got none", testCase.TestName)
 		return
 	}
-	// Check error content, if any
 	if testCase.ExpectedError != nil {
 		assert.ErrorContains(t, err, testCase.ExpectedError.Error())
 	} else {
 		assert.Contains(t, output, testCase.ExpectedPrinter)
 
 	}
-
 }
diff --git a/cmd/traceectl/pkg/mock/root_server.go b/cmd/traceectl/pkg/mock/root_server.go
index 11e599482c62..2d9ba32021aa 100644
--- a/cmd/traceectl/pkg/mock/root_server.go
+++ b/cmd/traceectl/pkg/mock/root_server.go
@@ -7,6 +7,5 @@ import (
 )
 
 func (s *MockServiceServer) GetVersion(ctx context.Context, req *pb.GetVersionRequest) (*pb.GetVersionResponse, error) {
-	// Return a mock version response
 	return &pb.GetVersionResponse{Version: ExpectedVersion}, nil
 }
diff --git a/cmd/traceectl/pkg/mock/server.go b/cmd/traceectl/pkg/mock/server.go
index b43e0be3efb2..3321722fc616 100644
--- a/cmd/traceectl/pkg/mock/server.go
+++ b/cmd/traceectl/pkg/mock/server.go
@@ -12,55 +12,40 @@ import (
 )
 
 var (
-	ExpectedVersion string            = "v0.22.0-15-gd09d7fca0d" // Match the output format
+	ExpectedVersion string            = "v0.22.0-15-gd09d7fca0d"
 	serverInfo      client.ServerInfo = client.ServerInfo{
 		ADDR: client.SOCKET,
 	}
 )
 
-// MockServiceServer implements the gRPC server interface for testing
 type MockServiceServer struct {
-	pb.UnimplementedTraceeServiceServer // Embed the unimplemented server
+	pb.UnimplementedTraceeServiceServer
 }
-
-// MockDiagnosticServer implements the gRPC server interface for testing
 type MockDiagnosticServer struct {
-	pb.UnimplementedDiagnosticServiceServer // Embed the unimplemented server
+	pb.UnimplementedDiagnosticServiceServer
 }
 
-// CreateMockServer initializes the gRPC server and binds it to a Unix socket listener
 func CreateMockServer() (*grpc.Server, net.Listener, error) {
-	// Check for existing Unix socket and remove it if necessary
 	if _, err := os.Stat(serverInfo.ADDR); err == nil {
 		if err := os.Remove(serverInfo.ADDR); err != nil {
 			return nil, nil, fmt.Errorf("failed to cleanup gRPC listening address (%s): %v", serverInfo.ADDR, err)
 		}
 	}
-
-	// Create the Unix socket listener
 	listener, err := net.Listen("unix", serverInfo.ADDR)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to create Unix socket listener: %v", err)
 	}
-
-	// Create a new gRPC server
 	server := grpc.NewServer()
-
-	// Register both TraceeService and DiagnosticService with the server
 	pb.RegisterTraceeServiceServer(server, &MockServiceServer{})
 	pb.RegisterDiagnosticServiceServer(server, &MockDiagnosticServer{})
 
 	return server, listener, nil
 }
-
-// StartMockServer starts the gRPC server with both services registered
 func StartMockServer() (*grpc.Server, error) {
 	mockServer, listener, err := CreateMockServer()
 	if err != nil {
 		return nil, fmt.Errorf("failed to create mock server: %v", err)
 	}
-
-	// Start serving in a goroutine
 	go func() {
 		if err := mockServer.Serve(listener); err != nil {
 			fmt.Printf("gRPC server failed: %v\n", err)
@@ -69,8 +54,6 @@ func StartMockServer() (*grpc.Server, error) {
 
 	return mockServer, nil
 }
-
-// StopMockServer stops the server and removes the Unix socket
 func StopMockServer(server *grpc.Server) {
 	server.GracefulStop()
 	if err := os.Remove(serverInfo.ADDR); err != nil {
diff --git a/cmd/traceectl/pkg/mock/stream_server.go b/cmd/traceectl/pkg/mock/stream_server.go
index 485a19481f86..e69db107da21 100644
--- a/cmd/traceectl/pkg/mock/stream_server.go
+++ b/cmd/traceectl/pkg/mock/stream_server.go
@@ -8,63 +8,36 @@ import (
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
 )
 
-/*
-\stream events
-*/
-
-// StreamEvents simulates the server-side streaming RPC
-// and the server will return a stream of events based on the request
 func (s *MockServiceServer) StreamEvents(req *pb.StreamEventsRequest, stream pb.TraceeService_StreamEventsServer) error {
-	// Define mock events to send
 	mockEvents := CreateEventsFromPolicies(req.Policies)
-
-	// Simulate streaming of events with delays
 	for _, event := range mockEvents {
 		if err := stream.Send(event); err != nil {
 			return err
 		}
-
 	}
-	time.Sleep(100 * time.Millisecond) // Simulate delay between events
+	time.Sleep(100 * time.Millisecond)
 	return nil
 }
-
-// generateEvent creates a new event with the given policies.
 func generateEvent(policy []string) *pb.Event {
 	return &pb.Event{
 		Policies: &pb.Policies{Matched: policy},
 	}
 }
-
-// CreateEventsFromPolicies generates events based on the provided policies.
-// It returns all unique combinations of the policies.
 func CreateEventsFromPolicies(policies []string) []*pb.StreamEventsResponse {
 	if len(policies) == 0 {
-		// If no policies are provided, return an event with an empty policy.
 		return []*pb.StreamEventsResponse{
 			{Event: generateEvent([]string{""})},
 		}
 	}
-
-	// Sort policies to ensure lexicographical order.
-	// can make a comment if you want
 	sort.Strings(policies)
-
-	// Generate all unique combinations of the policies.
 	var results []*pb.StreamEventsResponse
 	combinations := generateCombinations(policies)
-
-	// Sort combinations by length first, and then lexicographically.
 	sort.SliceStable(combinations, func(i, j int) bool {
-		// Sort by length of the combination first
 		if len(combinations[i]) != len(combinations[j]) {
 			return len(combinations[i]) < len(combinations[j])
 		}
-		// If lengths are the same, sort lexicographically
 		return strings.Join(combinations[i], ",") < strings.Join(combinations[j], ",")
 	})
-
-	// For each combination, create a unique event.
 	for _, combo := range combinations {
 		results = append(results, &pb.StreamEventsResponse{
 			Event: generateEvent(combo),
@@ -73,30 +46,19 @@ func CreateEventsFromPolicies(policies []string) []*pb.StreamEventsResponse {
 
 	return results
 }
-
-// generateCombinations returns all unique combinations of the input policies.
 func generateCombinations(policies []string) [][]string {
 	var result [][]string
 	n := len(policies)
-
-	// Use a recursive helper function to generate combinations.
 	var helper func(start int, combo []string)
 	helper = func(start int, combo []string) {
-		// Add the current combination to the result.
 		if len(combo) > 0 {
-			// Make a copy of the combo to avoid mutations.
 			combinationCopy := append([]string{}, combo...)
 			result = append(result, combinationCopy)
 		}
-
-		// Iterate over the remaining elements to form combinations.
 		for i := start; i < n; i++ {
 			helper(i+1, append(combo, policies[i]))
 		}
 	}
-
-	// Start with an empty combination.
 	helper(0, []string{})
-
 	return result
 }

From d1c4c2b0b05eb834fe02da0cd4e14e06147ad323 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Tue, 26 Nov 2024 17:08:40 +0000
Subject: [PATCH 03/45] remove not support code by tracee

---
 cmd/traceectl/cmd/event.go         | 13 ----
 cmd/traceectl/cmd/event_test.go    |  3 +-
 cmd/traceectl/cmd/plugin.go        | 55 -----------------
 cmd/traceectl/cmd/policy.go        | 96 ------------------------------
 cmd/traceectl/cmd/root.go          | 45 --------------
 cmd/traceectl/cmd/stream.go        | 93 +----------------------------
 cmd/traceectl/pkg/cmd/test/test.go | 10 +++-
 cmd/traceectl/pkg/models/models.go |  8 ---
 8 files changed, 11 insertions(+), 312 deletions(-)
 delete mode 100644 cmd/traceectl/cmd/plugin.go
 delete mode 100644 cmd/traceectl/cmd/policy.go
 delete mode 100644 cmd/traceectl/pkg/models/models.go

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 838c97720b80..24495f5b8b7c 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -35,9 +35,6 @@ func init() {
 	eventCmd.AddCommand(describeEventCmd)
 	eventCmd.AddCommand(enableEventCmd)
 	eventCmd.AddCommand(disableEventCmd)
-	eventCmd.AddCommand(runEventCmd)
-
-	runEventCmd.PersistentFlags().StringVar(&runCmdArgs, "args", "", "Arguments for the event")
 
 	listEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
 	listEventCmd.Flags().StringVarP(&eventOutputFlag, "output", "o", "stdout", "Output destination ")
@@ -82,16 +79,6 @@ var disableEventCmd = &cobra.Command{
 		disableEvents(cmd, args[0])
 	},
 }
-var runCmdArgs string
-var runEventCmd = &cobra.Command{
-	Use:   "run <event_name> [--args <arguments>]",
-	Short: "run event",
-	Long:  `Manually triggers a user-space event.`,
-	Args:  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		//runEvents(cmd, args)
-	},
-}
 
 func listEvents(cmd *cobra.Command, args []string) {
 	var traceeClient client.ServiceClient
diff --git a/cmd/traceectl/cmd/event_test.go b/cmd/traceectl/cmd/event_test.go
index 7ef0d273b532..ffc8dfde2d6b 100644
--- a/cmd/traceectl/cmd/event_test.go
+++ b/cmd/traceectl/cmd/event_test.go
@@ -5,11 +5,10 @@ import (
 	"testing"
 
 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/test"
-	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
 )
 
 func TestEvent(t *testing.T) {
-	eventTests := []models.TestCase{
+	eventTests := []test.TestCase{
 		{
 			TestName:        "event",
 			OutputSlice:     []string{"event"},
diff --git a/cmd/traceectl/cmd/plugin.go b/cmd/traceectl/cmd/plugin.go
deleted file mode 100644
index 7b9e5b12d5b6..000000000000
--- a/cmd/traceectl/cmd/plugin.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-)
-
-var pluginCmd = &cobra.Command{
-	Use:   "plugin",
-	Short: "Plugin management for traceectl",
-	Long: `Plugin Management:
-  	- traceectl plugin install --name <plugin_name> --repo <repository_url>
-  	- traceectl plugin list
-  	- traceectl plugin uninstall <plugin_name>
-`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("plugin called")
-	},
-}
-
-func init() {
-	pluginCmd.AddCommand(pluginInstallCmd)
-	pluginCmd.AddCommand(pluginListCmd)
-	pluginCmd.AddCommand(pluginUninstallCmd)
-}
-
-var pluginInstallCmd = &cobra.Command{
-	Use:   "install",
-	Short: "Install a plugin from a remote repository",
-	Long: `Install a plugin from a remote repository:	
-  	- traceectl plugin install --name <plugin_name> --repo <repository_url>
-`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("install called")
-	},
-}
-
-var pluginListCmd = &cobra.Command{
-	Use:   "list",
-	Short: "List installed plugins",
-	Long:  `List all installed plugins.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("list called")
-	},
-}
-
-var pluginUninstallCmd = &cobra.Command{
-	Use:   "uninstall <plugin_name>",
-	Short: "Uninstall a plugin",
-	Long:  `Uninstalls a plugin by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("uninstall called")
-	},
-}
diff --git a/cmd/traceectl/cmd/policy.go b/cmd/traceectl/cmd/policy.go
deleted file mode 100644
index 356f8d75b269..000000000000
--- a/cmd/traceectl/cmd/policy.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-)
-
-var policyCmd = &cobra.Command{
-	Use:   "policy",
-	Short: "Policy management for traceectl",
-	Long: `Policy Management:
-  	- traceectl policy create <policy_file>
-  	- traceectl policy describe <policy_name>
-  	- traceectl policy list
-  	- traceectl policy update <updated_policy_file>
-	- traceectl policy delete <policy_name>
-  	- traceectl policy enable <policy_name>
-  	- traceectl policy disable <policy_name>
-`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("policy called")
-	},
-}
-
-func init() {
-	policyCmd.AddCommand(createCmd)
-	policyCmd.AddCommand(describePolicyCmd)
-	policyCmd.AddCommand(listPolicyCmd)
-	policyCmd.AddCommand(updateCmd)
-	policyCmd.AddCommand(deleteCmd)
-	policyCmd.AddCommand(enableCmd)
-	policyCmd.AddCommand(disableCmd)
-}
-
-var createCmd = &cobra.Command{
-	Use:   "create <policy_file>",
-	Short: "Create a policy",
-	Long:  `Creates a new policy from the YAML file specified by  < policy_file > .`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("create called")
-	},
-}
-var describePolicyCmd = &cobra.Command{
-	Use:   "describe <policy_name>",
-	Short: "Describe a policy",
-	Long:  `Retrieves the details of a specific policy by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("describe called")
-	},
-}
-
-var listPolicyCmd = &cobra.Command{
-	Use:   "list",
-	Short: "List policies",
-	Long:  `Lists all available policies, providing a brief summary of each.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("list called")
-	},
-}
-
-var updateCmd = &cobra.Command{
-	Use:   "update <updated_policy_file>",
-	Short: "update a policy",
-	Long:  `Updates an existing policy from the YAML file specified by < updated_policy_file > .`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("update called")
-	},
-}
-
-var deleteCmd = &cobra.Command{
-	Use:   "delete <policy_name>",
-	Short: "Delete a policy",
-	Long:  `Removes a policy by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("delete called")
-	},
-}
-
-var enableCmd = &cobra.Command{
-	Use:   "enable <policy_name>",
-	Short: "Enable a policy",
-	Long:  `Enables a policy by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("enable called")
-	},
-}
-
-var disableCmd = &cobra.Command{
-	Use:   "disable <policy_name>",
-	Short: "Disable a policy",
-	Long:  `Disables a policy by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("disable called")
-	},
-}
diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index 13f71c5f3f75..70a1fc082596 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -32,15 +32,7 @@ var (
 func init() {
 	rootCmd.AddCommand(streamCmd)
 	rootCmd.AddCommand(eventCmd)
-	rootCmd.AddCommand(pluginCmd)
-	rootCmd.AddCommand(policyCmd)
-
-	rootCmd.AddCommand(connectCmd)
 	rootCmd.AddCommand(metricsCmd)
-	rootCmd.AddCommand(diagnoseCmd)
-	rootCmd.AddCommand(logsCmd)
-	rootCmd.AddCommand(statusCmd)
-	rootCmd.AddCommand(configCmd)
 	rootCmd.AddCommand(versionCmd)
 
 	rootCmd.PersistentFlags().StringVar(&serverInfo.ADDR, "server", client.SOCKET, `Server connection path or address.
@@ -49,13 +41,6 @@ func init() {
 
 }
 
-var connectCmd = &cobra.Command{
-	Use:   "connect [<stream_name>]",
-	Short: "Connect to the server",
-	Long:  "Connects to a stream and displays events in real time.",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
 var metricsCmd = &cobra.Command{
 	Use:   "metrics [--output <format>]",
 	Short: "Display Tracee metrics",
@@ -64,36 +49,6 @@ var metricsCmd = &cobra.Command{
 		displayMetrics(cmd, args)
 	},
 }
-var diagnoseCmd = &cobra.Command{
-	Use:   "diagnose [--component <component_name>]",
-	Short: "Collect diagnostic information to help troubleshoot issues",
-	Long:  "Collects diagnostic information to help troubleshoot issues.",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var logsCmd = &cobra.Command{
-	Use:   "logs [--filter <filter>]",
-	Short: "Display log messages from Tracee",
-	Long:  "Displays log messages from Tracee, optionally filtered.",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-var statusCmd = &cobra.Command{
-	Use:   "status",
-	Short: "Shows the status of the Tracee Daemon and its components",
-	Long:  "Shows the status of the Tracee Daemon and its components.",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var configCmd = &cobra.Command{
-	Use:   "config [set|get|update] [<option>=<value>] [--file <config_file>]",
-	Short: "View or modify the Tracee Daemon configuration at runtime.",
-	Long:  `View or modify the Tracee Daemon configuration at runtime.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
 
 var versionCmd = &cobra.Command{
 	Use:   "version",
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index 5c3fbfc98955..53f48a4dfc98 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -15,16 +15,7 @@ var streamCmd = &cobra.Command{
 	Use:   "stream [policies...]",
 	Short: "Stream events from tracee",
 	Long: `Stream Management:
-	- traceectl stream [POLICIES...] -  stream event directly from tracee
-  	- traceectl stream create --name <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]
-  	- traceectl stream describe <stream_name>
-  	- traceectl stream list
-  	- traceectl stream update <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]
-  	- traceectl stream delete <stream_name>
-  	- traceectl stream connect <stream_name>
-  	- traceectl stream set-default <stream_name>
-  	- traceectl stream pause <stream_name>
-  	- traceectl stream resume <stream_name>
+	
 	`,
 	Run: func(cmd *cobra.Command, args []string) {
 		stream(cmd, args)
@@ -32,91 +23,11 @@ var streamCmd = &cobra.Command{
 }
 
 func init() {
-	streamCmd.AddCommand(createStreamCmd)
-	streamCmd.AddCommand(describeStreamCmd)
-	streamCmd.AddCommand(listStreamCmd)
-	streamCmd.AddCommand(updateStreamCmd)
-	streamCmd.AddCommand(deleteStreamCmd)
-	streamCmd.AddCommand(connectStreamCmd)
-	streamCmd.AddCommand(setDefaultStreamCmd)
-	streamCmd.AddCommand(pauseStreamCmd)
-	streamCmd.AddCommand(resumeStreamCmd)
+
 	streamCmd.Flags().StringVarP(&streamFormatFlag, "format", "f", formatter.FormatJSON, "Output format (json|table|template)")
 	streamCmd.Flags().StringVarP(&streamOutputFlag, "output", "o", "stdout", "Output destination ")
 }
 
-var createStreamCmd = &cobra.Command{
-	Use:   "create --name <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]",
-	Short: "Create a new stream",
-	Long:  `Creates a new event stream with a specified name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var describeStreamCmd = &cobra.Command{
-	Use:   "describe <stream_name>",
-	Short: "Describe a stream",
-	Long:  `Retrieves the details of a specific stream by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var listStreamCmd = &cobra.Command{
-	Use:   "list",
-	Short: "List streams",
-	Long:  `Lists all available streams, providing a brief summary of each.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var updateStreamCmd = &cobra.Command{
-	Use:   "update <stream_name> [--destination <destination>] [--format <format>] [--fields <fields>] [--parse-data] [--filter <filter>]",
-	Short: "Update a stream",
-	Long:  `Updates a stream by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var deleteStreamCmd = &cobra.Command{
-	Use:   "delete <stream_name>",
-	Short: "Delete a stream",
-	Long:  `Deletes a stream by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var connectStreamCmd = &cobra.Command{
-	Use:   "connect <stream_name>",
-	Short: "Connect a stream",
-	Long:  `Connects a stream by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var setDefaultStreamCmd = &cobra.Command{
-	Use:   "set-default <stream_name>",
-	Short: "Set default stream",
-	Long:  `Sets a stream as the default stream.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var pauseStreamCmd = &cobra.Command{
-	Use:   "pause <stream_name>",
-	Short: "Pause a stream",
-	Long:  `Pauses a stream by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var resumeStreamCmd = &cobra.Command{
-	Use:   "resume <stream_name>",
-	Short: "Resume a stream",
-	Long:  `Resumes a stream by its name.`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
 func stream(cmd *cobra.Command, args []string) {
 
 	var traceeClient client.ServiceClient
diff --git a/cmd/traceectl/pkg/cmd/test/test.go b/cmd/traceectl/pkg/cmd/test/test.go
index bd63eaa95669..2de066b69ce5 100644
--- a/cmd/traceectl/pkg/cmd/test/test.go
+++ b/cmd/traceectl/pkg/cmd/test/test.go
@@ -6,12 +6,18 @@ import (
 	"time"
 
 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/mock"
-	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/models"
 	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/grpc"
 )
 
+type TestCase struct {
+	TestName        string
+	OutputSlice     []string
+	ExpectedPrinter interface{}
+	ExpectedError   error
+}
+
 func runMockServer(t *testing.T) *grpc.Server {
 	mockServer, err := mock.StartMockServer()
 	if err != nil {
@@ -20,7 +26,7 @@ func runMockServer(t *testing.T) *grpc.Server {
 	time.Sleep(100 * time.Millisecond)
 	return mockServer
 }
-func TestCommand(t *testing.T, testCase models.TestCase, rootCmd *cobra.Command) {
+func TestCommand(t *testing.T, testCase TestCase, rootCmd *cobra.Command) {
 	server := runMockServer(t)
 	defer server.Stop()
 	var buf bytes.Buffer
diff --git a/cmd/traceectl/pkg/models/models.go b/cmd/traceectl/pkg/models/models.go
deleted file mode 100644
index a1c7cf5e3422..000000000000
--- a/cmd/traceectl/pkg/models/models.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package models
-
-type TestCase struct {
-	TestName        string
-	OutputSlice     []string
-	ExpectedPrinter interface{}
-	ExpectedError   error
-}

From 276a26d33ea915dee94a48052497d3217eecb5f6 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 08:10:51 +0000
Subject: [PATCH 04/45] fix client code

---
 cmd/traceectl/pkg/client/client.go | 49 ++++++++++++------------------
 1 file changed, 19 insertions(+), 30 deletions(-)

diff --git a/cmd/traceectl/pkg/client/client.go b/cmd/traceectl/pkg/client/client.go
index 27d7b328584c..35f6a82c4a5e 100644
--- a/cmd/traceectl/pkg/client/client.go
+++ b/cmd/traceectl/pkg/client/client.go
@@ -11,46 +11,35 @@ import (
 )
 
 const (
-	PROTOCOL_UNIX = "unix"
-	PROTOCOL_TCP  = "tcp"
-	SOCKET        = "/tmp/tracee.sock"
+	Protocol_UNIX = "unix"
+	Protocol_TCP  = "tcp"
+	Socket        = "/tmp/tracee.sock"
 )
 
 type ServerInfo struct {
-	ConnectionType string
-	ADDR           string
+	connectionType string
+	addr           string
 }
 
 func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
 	var opts []grpc.DialOption
-	opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	var conn *grpc.ClientConn
 	var err error
+	var address string
+	opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	err = determineConnectionType(serverInfo)
 	if err != nil {
 		return nil, err
 	}
-	switch serverInfo.ConnectionType {
-	case PROTOCOL_UNIX:
-		address := fmt.Sprintf("unix://%s", serverInfo.ADDR)
-		conn, err = grpc.NewClient(address, opts...)
-
-		if err != nil {
-			log.Fatalf("failed to connect to server: %v", err)
-			return nil, err
-		}
-	case PROTOCOL_TCP:
-		address := fmt.Sprintf(serverInfo.ADDR)
-		conn, err = grpc.NewClient(address, opts...)
-
-		if err != nil {
-			log.Fatalf("failed to connect to server: %v", err)
-			return nil, err
-		}
+	switch serverInfo.connectionType {
+	case Protocol_UNIX:
+		address = fmt.Sprintf("unix://%s", serverInfo.addr)
+	case Protocol_TCP:
+		address = fmt.Sprintf(serverInfo.addr)
 	default:
-		return nil, fmt.Errorf("unsupported connection type: %s", serverInfo.ConnectionType)
+		return nil, fmt.Errorf("unsupported connection type: %s", serverInfo.connectionType)
 	}
-
+	conn, err = grpc.NewClient(address, opts...)
 	if err != nil {
 		log.Fatalf("failed to connect to server: %v", err)
 		return nil, err
@@ -59,16 +48,16 @@ func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
 }
 
 func determineConnectionType(serverInfo ServerInfo) error {
-	if strings.Contains(serverInfo.ADDR, ":") && isValidTCPAddress(serverInfo.ADDR) {
-		serverInfo.ConnectionType = PROTOCOL_TCP
+	if strings.Contains(serverInfo.addr, ":") && isValidTCPAddress(serverInfo.addr) {
+		serverInfo.connectionType = Protocol_TCP
 		return nil
 	}
-	if strings.HasPrefix(serverInfo.ADDR, "/") {
-		serverInfo.ConnectionType = PROTOCOL_UNIX
+	if strings.HasPrefix(serverInfo.addr, "/") {
+		serverInfo.connectionType = Protocol_UNIX
 		return nil
 	}
 
-	return fmt.Errorf("unsupported connection type: %s", serverInfo.ADDR)
+	return fmt.Errorf("unsupported connection type: %s", serverInfo.addr)
 
 }
 func isValidTCPAddress(addr string) bool {

From 963f3042203d183bc8321e10b0fb41f48fad8812 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 08:46:10 +0000
Subject: [PATCH 05/45] fix formatter

---
 .../pkg/cmd/formatter/JSONFormatter.go        |  17 ---
 .../pkg/cmd/formatter/TableFormatter.go       | 128 ------------------
 cmd/traceectl/pkg/cmd/formatter/formatter.go  |  72 ++++------
 .../pkg/cmd/formatter/tableFormat.go          |  47 +++++++
 4 files changed, 70 insertions(+), 194 deletions(-)
 delete mode 100644 cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
 delete mode 100644 cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
 create mode 100644 cmd/traceectl/pkg/cmd/formatter/tableFormat.go

diff --git a/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go b/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
deleted file mode 100644
index da04a61068bb..000000000000
--- a/cmd/traceectl/pkg/cmd/formatter/JSONFormatter.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package formatter
-
-import (
-	pb "github.com/aquasecurity/tracee/api/v1beta1"
-)
-
-func (f *Formatter) PrintStreamJSON(event *pb.Event) {
-	f.CMD.Printf("%s", event.String())
-}
-
-func (f *Formatter) PrintEventListJSON(list *pb.GetEventDefinitionsResponse) {
-	f.CMD.Printf("%s", list.String())
-}
-
-func (f *Formatter) PrintEventDescriptionJSON(description *pb.GetEventDefinitionsResponse) {
-	f.CMD.Printf("%s", description.String())
-}
diff --git a/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go b/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
deleted file mode 100644
index 53b787b34580..000000000000
--- a/cmd/traceectl/pkg/cmd/formatter/TableFormatter.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package formatter
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/aquasecurity/table"
-	pb "github.com/aquasecurity/tracee/api/v1beta1"
-	"github.com/spf13/cobra"
-)
-
-func (f *Formatter) PrintSteamTableHeaders() {
-	f.CMD.Printf("%-15s %-25s %-15s %-15s %s\n",
-		"TIME",
-		"EVENT NAME",
-		"POLICIES",
-		"PID",
-		"DATA",
-	)
-}
-func (f *Formatter) PrintStreamTableRow(event *pb.Event) {
-	timestamp := event.Timestamp.AsTime().Format("15:04:05.000")
-
-	f.CMD.Printf("%-15s %-25s %-15s %-15s %s\n",
-		timestamp,
-		event.Name,
-		strings.Join(event.Policies.Matched, ","),
-		fmt.Sprintf("%d", event.Context.Process.Pid.Value),
-		getEventData(event.Data),
-	)
-
-}
-func getEventData(data []*pb.EventValue) string {
-	var result []string
-	for _, ev := range data {
-		result = append(result, getEventName(ev)+getEventValue(ev))
-	}
-	return strings.Join(result, ", ")
-}
-func getEventName(ev *pb.EventValue) string {
-	return strings.ToUpper(ev.Name[0:1]) + ev.Name[1:] + ": "
-}
-func getEventValue(ev *pb.EventValue) string {
-	switch v := ev.Value.(type) {
-	case *pb.EventValue_Int32:
-		return fmt.Sprintf("%d", v.Int32)
-	case *pb.EventValue_Int64:
-		return fmt.Sprintf("%d", v.Int64)
-	case *pb.EventValue_UInt32:
-		return fmt.Sprintf("%d", v.UInt32)
-	case *pb.EventValue_UInt64:
-		return fmt.Sprintf("%d", v.UInt64)
-	case *pb.EventValue_Str:
-		return v.Str
-	case *pb.EventValue_Bytes:
-		return fmt.Sprintf("%x", v.Bytes)
-	case *pb.EventValue_Bool:
-		return fmt.Sprintf("%t", v.Bool)
-	case *pb.EventValue_StrArray:
-		return strings.Join(v.StrArray.Value, ", ")
-	case *pb.EventValue_Int32Array:
-		return fmt.Sprintf("%v", v.Int32Array.Value)
-	case *pb.EventValue_UInt64Array:
-		return fmt.Sprintf("%v", v.UInt64Array.Value)
-	default:
-		return "unknown"
-	}
-}
-
-func (f *Formatter) PrintEventListTable(response *pb.GetEventDefinitionsResponse) *table.Table {
-	tbl := createTable(f)
-	tbl.SetHeaders("ID", "Name", "Version", "Tags")
-	for _, event := range response.Definitions {
-		tbl.AddRow(
-			fmt.Sprintf("%d", event.Id),
-			event.Name,
-			fmt.Sprintf("%d.%d.%d", event.Version.Major, event.Version.Minor, event.Version.Patch),
-			strings.Join(event.Tags, ", "),
-		)
-
-	}
-	return tbl
-}
-
-func (f *Formatter) PrintEventDescriptionTable(response *pb.GetEventDefinitionsResponse) *table.Table {
-	tbl := createTable(f)
-	tbl.SetHeaders("ID", "Name", "Version", "Tags", "Description")
-	for _, event := range response.Definitions {
-		tbl.AddRow(
-			fmt.Sprintf("%d", event.Id),
-			event.Name,
-			fmt.Sprintf("%d.%d.%d", event.Version.Major, event.Version.Minor, event.Version.Patch),
-			strings.Join(event.Tags, ", "),
-			event.Description,
-		)
-
-	}
-	return tbl
-}
-
-func createTable(f *Formatter) *table.Table {
-	if (f.Output != "") && (f.Output != "stdout") {
-		if f.Output == "" || strings.TrimSpace(f.Output) == "" {
-			fmt.Errorf("Output file path is empty or invalid")
-			return nil
-		}
-		dir := filepath.Dir(f.Output)
-		if err := os.MkdirAll(dir, 0755); err != nil {
-			fmt.Errorf("failed to create directories for output file: %v", err)
-			return nil
-		}
-		file, err := os.Create(f.Output)
-		if err != nil {
-			fmt.Errorf("failed to open output file: %v", err)
-			return nil
-		}
-		tbl := table.New(file)
-		f.CMD.PersistentPostRun = func(cmd *cobra.Command, args []string) {
-			file.Close()
-		}
-		return tbl
-	} else {
-		return table.New(os.Stdout)
-	}
-
-}
diff --git a/cmd/traceectl/pkg/cmd/formatter/formatter.go b/cmd/traceectl/pkg/cmd/formatter/formatter.go
index 72b41d51ba61..ef09c3c72614 100644
--- a/cmd/traceectl/pkg/cmd/formatter/formatter.go
+++ b/cmd/traceectl/pkg/cmd/formatter/formatter.go
@@ -2,67 +2,41 @@ package formatter
 
 import (
 	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
 
 	"github.com/spf13/cobra"
 )
 
 const (
-	FormatJSON  = "json"
+	FormatJson  = "json"
 	FormatTable = "table"
-	FormatGoTpl = "gotemplate"
 )
 
-var SupportedFormats = []string{FormatJSON, FormatTable, FormatGoTpl}
+var SupportedFormats = []string{FormatJson, FormatTable}
 
 type Formatter struct {
-	Format string
-	Output string
-	CMD    *cobra.Command
+	format   string
+	cmd      *cobra.Command
+	paddings map[int][]int
 }
 
-func New(format string, output string, cmd *cobra.Command) (*Formatter, error) {
-	if !containsFormat(format) {
+func NewFormatter(format string, cmd *cobra.Command) (*Formatter, error) {
+	switch format {
+	case FormatJson:
+		return &Formatter{
+			format: format,
+			cmd:    cmd,
+		}, nil
+	case FormatTable:
+		//add padding for table
+		return &Formatter{
+			format: format,
+			cmd:    cmd,
+			paddings: map[int][]int{
+				4: {20, 15, 15, 20},     // Padding for 4 columns
+				5: {15, 10, 20, 15, 10}, // Padding for 5 columns
+			},
+		}, nil
+	default:
 		return nil, fmt.Errorf("format %s is not supported", format)
 	}
-	if err := initOutput(cmd, output); err != nil {
-		return nil, err
-	}
-	return &Formatter{
-		Format: format,
-		Output: output,
-		CMD:    cmd,
-	}, nil
-}
-func containsFormat(format string) bool {
-	for _, f := range SupportedFormats {
-		if f == format {
-			return true
-		}
-	}
-	return false
-}
-func initOutput(cmd *cobra.Command, output string) error {
-	if (output != "") && (output != "stdout") {
-		if output == "" || strings.TrimSpace(output) == "" {
-			return fmt.Errorf("output file path is empty or invalid")
-		}
-		dir := filepath.Dir(output)
-		if err := os.MkdirAll(dir, 0755); err != nil {
-			return fmt.Errorf("failed to create directories for output file: %v", err)
-		}
-		file, err := os.Create(output)
-		if err != nil {
-			return fmt.Errorf("failed to open output file: %v", err)
-		}
-
-		cmd.SetOut(file)
-		cmd.SetErr(file)
-		cmd.PersistentPostRun = func(cmd *cobra.Command, args []string) {
-			file.Close()
-		}
-	}
-	return nil
 }
diff --git a/cmd/traceectl/pkg/cmd/formatter/tableFormat.go b/cmd/traceectl/pkg/cmd/formatter/tableFormat.go
new file mode 100644
index 000000000000..ef04c88efc1f
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/formatter/tableFormat.go
@@ -0,0 +1,47 @@
+package formatter
+
+// PrintTableHeaders prints table headers with padding based on their length.
+func (f *Formatter) PrintTableHeaders(headers []string) {
+	switch len(headers) {
+	case 4:
+		f.cmd.Printf("%-20s %-15s %-15s %-20s\n",
+			headers[0],
+			headers[1],
+			headers[2],
+			headers[3],
+		)
+	case 5:
+		f.cmd.Printf("%-15s %-10s %-20s %-15s %-10s\n",
+			headers[0],
+			headers[1],
+			headers[2],
+			headers[3],
+			headers[4],
+		)
+	default:
+		f.cmd.Println("Error: Unsupported number of headers.")
+	}
+}
+
+// PrintTableRow prints a single row with padding matching the header format.
+func (f *Formatter) PrintTableRow(row []string) {
+	switch len(row) {
+	case 4:
+		f.cmd.Printf("%-20s %-15s %-15s %-20s\n",
+			row[0],
+			row[1],
+			row[2],
+			row[3],
+		)
+	case 5:
+		f.cmd.Printf("%-15s %-10s %-20s %-15s %-10s\n",
+			row[0],
+			row[1],
+			row[2],
+			row[3],
+			row[4],
+		)
+	default:
+		f.cmd.Println("Error: Unsupported number of columns in row.")
+	}
+}

From f6a7e737c82852b14eeb5c67beee5607157df37f Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 09:07:58 +0000
Subject: [PATCH 06/45] fix mock server and client

---
 cmd/traceectl/pkg/client/client.go | 22 +++++++++++-----------
 cmd/traceectl/pkg/mock/server.go   | 17 +++++++++--------
 2 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/cmd/traceectl/pkg/client/client.go b/cmd/traceectl/pkg/client/client.go
index 35f6a82c4a5e..ca30aef9596e 100644
--- a/cmd/traceectl/pkg/client/client.go
+++ b/cmd/traceectl/pkg/client/client.go
@@ -17,8 +17,8 @@ const (
 )
 
 type ServerInfo struct {
-	connectionType string
-	addr           string
+	ConnectionType string
+	Addr           string
 }
 
 func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
@@ -31,13 +31,13 @@ func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
 	if err != nil {
 		return nil, err
 	}
-	switch serverInfo.connectionType {
+	switch serverInfo.ConnectionType {
 	case Protocol_UNIX:
-		address = fmt.Sprintf("unix://%s", serverInfo.addr)
+		address = fmt.Sprintf("unix://%s", serverInfo.Addr)
 	case Protocol_TCP:
-		address = fmt.Sprintf(serverInfo.addr)
+		address = fmt.Sprintf(serverInfo.Addr)
 	default:
-		return nil, fmt.Errorf("unsupported connection type: %s", serverInfo.connectionType)
+		return nil, fmt.Errorf("unsupported connection type: %s", serverInfo.ConnectionType)
 	}
 	conn, err = grpc.NewClient(address, opts...)
 	if err != nil {
@@ -48,16 +48,16 @@ func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
 }
 
 func determineConnectionType(serverInfo ServerInfo) error {
-	if strings.Contains(serverInfo.addr, ":") && isValidTCPAddress(serverInfo.addr) {
-		serverInfo.connectionType = Protocol_TCP
+	if strings.Contains(serverInfo.Addr, ":") && isValidTCPAddress(serverInfo.Addr) {
+		serverInfo.ConnectionType = Protocol_TCP
 		return nil
 	}
-	if strings.HasPrefix(serverInfo.addr, "/") {
-		serverInfo.connectionType = Protocol_UNIX
+	if strings.HasPrefix(serverInfo.Addr, "/") {
+		serverInfo.ConnectionType = Protocol_UNIX
 		return nil
 	}
 
-	return fmt.Errorf("unsupported connection type: %s", serverInfo.addr)
+	return fmt.Errorf("unsupported connection type: %s", serverInfo.Addr)
 
 }
 func isValidTCPAddress(addr string) bool {
diff --git a/cmd/traceectl/pkg/mock/server.go b/cmd/traceectl/pkg/mock/server.go
index 3321722fc616..1353f22e6010 100644
--- a/cmd/traceectl/pkg/mock/server.go
+++ b/cmd/traceectl/pkg/mock/server.go
@@ -12,9 +12,10 @@ import (
 )
 
 var (
-	ExpectedVersion string            = "v0.22.0-15-gd09d7fca0d"
-	serverInfo      client.ServerInfo = client.ServerInfo{
-		ADDR: client.SOCKET,
+	ExpectedVersion string             = "v0.22.0-15-gd09d7fca0d"
+	serverInfo      *client.ServerInfo = &client.ServerInfo{
+		Addr:           client.Socket,
+		ConnectionType: client.Protocol_UNIX,
 	}
 )
 
@@ -26,12 +27,12 @@ type MockDiagnosticServer struct {
 }
 
 func CreateMockServer() (*grpc.Server, net.Listener, error) {
-	if _, err := os.Stat(serverInfo.ADDR); err == nil {
-		if err := os.Remove(serverInfo.ADDR); err != nil {
-			return nil, nil, fmt.Errorf("failed to cleanup gRPC listening address (%s): %v", serverInfo.ADDR, err)
+	if _, err := os.Stat(serverInfo.Addr); err == nil {
+		if err := os.Remove(serverInfo.Addr); err != nil {
+			return nil, nil, fmt.Errorf("failed to cleanup gRPC listening address (%s): %v", serverInfo.Addr, err)
 		}
 	}
-	listener, err := net.Listen("unix", serverInfo.ADDR)
+	listener, err := net.Listen("unix", serverInfo.Addr)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to create Unix socket listener: %v", err)
 	}
@@ -56,7 +57,7 @@ func StartMockServer() (*grpc.Server, error) {
 }
 func StopMockServer(server *grpc.Server) {
 	server.GracefulStop()
-	if err := os.Remove(serverInfo.ADDR); err != nil {
+	if err := os.Remove(serverInfo.Addr); err != nil {
 		fmt.Printf("failed to remove Unix socket: %v\n", err)
 	}
 }

From 76e458f16b1b6e411d15427d7455d2f94fdcc8dc Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 09:38:05 +0000
Subject: [PATCH 07/45] fix client and root

---
 cmd/traceectl/cmd/root.go                    | 6 +++---
 cmd/traceectl/pkg/cmd/formatter/formatter.go | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index 70a1fc082596..3d3420ce4dad 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -15,8 +15,8 @@ var outputFlag string
 var serverFlag string
 var (
 	serverInfo client.ServerInfo = client.ServerInfo{
-		ConnectionType: client.PROTOCOL_UNIX,
-		ADDR:           client.SOCKET,
+		ConnectionType: client.Protocol_UNIX,
+		Addr:           client.Socket,
 	}
 
 	rootCmd = &cobra.Command{
@@ -35,7 +35,7 @@ func init() {
 	rootCmd.AddCommand(metricsCmd)
 	rootCmd.AddCommand(versionCmd)
 
-	rootCmd.PersistentFlags().StringVar(&serverInfo.ADDR, "server", client.SOCKET, `Server connection path or address.
+	rootCmd.PersistentFlags().StringVar(&serverInfo.Addr, "server", client.Socket, `Server connection path or address.
 	for unix socket <socket_path> (default: /tmp/tracee.sock)
 	for tcp <IP:Port>`)
 
diff --git a/cmd/traceectl/pkg/cmd/formatter/formatter.go b/cmd/traceectl/pkg/cmd/formatter/formatter.go
index ef09c3c72614..55222f13e3a8 100644
--- a/cmd/traceectl/pkg/cmd/formatter/formatter.go
+++ b/cmd/traceectl/pkg/cmd/formatter/formatter.go
@@ -40,3 +40,6 @@ func NewFormatter(format string, cmd *cobra.Command) (*Formatter, error) {
 		return nil, fmt.Errorf("format %s is not supported", format)
 	}
 }
+func (f *Formatter) GetFormat() string {
+	return f.format
+}

From 02e7469e4dc206e364125ef4f2e5e98fab6ea5c5 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 09:38:59 +0000
Subject: [PATCH 08/45] moved printer stream code to stream

---
 cmd/traceectl/cmd/stream.go | 86 ++++++++++++++++++++++++++++++++-----
 1 file changed, 76 insertions(+), 10 deletions(-)

diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index 53f48a4dfc98..e4422daa27da 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -1,16 +1,16 @@
 package cmd
 
 import (
+	"fmt"
+	"strings"
+
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
-	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/printer"
-
 	"github.com/spf13/cobra"
 )
 
 var streamFormatFlag string
-var streamOutputFlag string
 var streamCmd = &cobra.Command{
 	Use:   "stream [policies...]",
 	Short: "Stream events from tracee",
@@ -18,18 +18,17 @@ var streamCmd = &cobra.Command{
 	
 	`,
 	Run: func(cmd *cobra.Command, args []string) {
-		stream(cmd, args)
+		streamEvents(cmd, args)
 	},
 }
 
 func init() {
+	streamCmd.Flags().StringVarP(&streamFormatFlag, "format", "f", formatter.FormatJson, "Output format (json|table)")
 
-	streamCmd.Flags().StringVarP(&streamFormatFlag, "format", "f", formatter.FormatJSON, "Output format (json|table|template)")
-	streamCmd.Flags().StringVarP(&streamOutputFlag, "output", "o", "stdout", "Output destination ")
 }
 
-func stream(cmd *cobra.Command, args []string) {
-
+func streamEvents(cmd *cobra.Command, args []string) {
+	//connect to tracee
 	var traceeClient client.ServiceClient
 	err := traceeClient.NewServiceClient(serverInfo)
 	if err != nil {
@@ -37,17 +36,84 @@ func stream(cmd *cobra.Command, args []string) {
 		return
 	}
 	defer traceeClient.CloseConnection()
+	//request to stream events
 	req := &pb.StreamEventsRequest{Policies: args}
 	stream, err := traceeClient.StreamEvents(cmd.Context(), req)
 	if err != nil {
 		cmd.PrintErrln("Error calling Stream: ", err)
 		return
 	}
-	format, err := formatter.New(streamFormatFlag, streamOutputFlag, cmd)
+	//create formatter
+	format, err := formatter.NewFormatter(streamFormatFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return
 	}
-	printer.StreamEvents(format, args, stream)
+	switch format.GetFormat() {
+	case formatter.FormatJson:
+		//jsonStreamEvents(args, stream, format)
+	case formatter.FormatTable:
+		format.PrintTableHeaders([]string{"TIME", "EVENT NAME", "POLICIES", "PID", "DATA"})
+		for {
+			res, err := stream.Recv()
+			if err != nil {
+				//End of stream\close connection
+				if err.Error() == "EOF" {
+					break
+				}
+				//Error receiving streamed event
+			}
 
+			format.PrintTableRow(prepareEvent(res.Event))
+		}
+	default:
+		//Error: output format not supported
+		return
+	}
+}
+func prepareEvent(event *pb.Event) []string {
+	return []string{
+		event.Timestamp.AsTime().Format("15:04:05.000"),
+		event.Name,
+		strings.Join(event.Policies.Matched, ","),
+		fmt.Sprintf("%d", event.Context.Process.Pid.Value),
+		getEventData(event.Data),
+	}
+
+}
+func getEventData(data []*pb.EventValue) string {
+	var result []string
+	for _, ev := range data {
+		result = append(result, getEventName(ev)+getEventValue(ev))
+	}
+	return strings.Join(result, ", ")
+}
+func getEventName(ev *pb.EventValue) string {
+	return strings.ToUpper(ev.Name[0:1]) + ev.Name[1:] + ": "
+}
+func getEventValue(ev *pb.EventValue) string {
+	switch v := ev.Value.(type) {
+	case *pb.EventValue_Int32:
+		return fmt.Sprintf("%d", v.Int32)
+	case *pb.EventValue_Int64:
+		return fmt.Sprintf("%d", v.Int64)
+	case *pb.EventValue_UInt32:
+		return fmt.Sprintf("%d", v.UInt32)
+	case *pb.EventValue_UInt64:
+		return fmt.Sprintf("%d", v.UInt64)
+	case *pb.EventValue_Str:
+		return v.Str
+	case *pb.EventValue_Bytes:
+		return fmt.Sprintf("%x", v.Bytes)
+	case *pb.EventValue_Bool:
+		return fmt.Sprintf("%t", v.Bool)
+	case *pb.EventValue_StrArray:
+		return strings.Join(v.StrArray.Value, ", ")
+	case *pb.EventValue_Int32Array:
+		return fmt.Sprintf("%v", v.Int32Array.Value)
+	case *pb.EventValue_UInt64Array:
+		return fmt.Sprintf("%v", v.UInt64Array.Value)
+	default:
+		return "unknown"
+	}
 }

From 4eb3d36a858b001faa03de3d693c84a5bcb674c5 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 09:47:46 +0000
Subject: [PATCH 09/45] add support to json

---
 cmd/traceectl/cmd/stream.go                   | 12 +++++++++++-
 cmd/traceectl/pkg/cmd/formatter/jsonFormat.go |  5 +++++
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 cmd/traceectl/pkg/cmd/formatter/jsonFormat.go

diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index e4422daa27da..9d6ec5da1f02 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -51,7 +51,17 @@ func streamEvents(cmd *cobra.Command, args []string) {
 	}
 	switch format.GetFormat() {
 	case formatter.FormatJson:
-		//jsonStreamEvents(args, stream, format)
+		for {
+			res, err := stream.Recv()
+			if err != nil {
+				//End of stream\close connection
+				if err.Error() == "EOF" {
+					break
+				}
+				//Error receiving streamed event
+			}
+			format.PrintJson(res.Event.String())
+		}
 	case formatter.FormatTable:
 		format.PrintTableHeaders([]string{"TIME", "EVENT NAME", "POLICIES", "PID", "DATA"})
 		for {
diff --git a/cmd/traceectl/pkg/cmd/formatter/jsonFormat.go b/cmd/traceectl/pkg/cmd/formatter/jsonFormat.go
new file mode 100644
index 000000000000..9ed64845ed9e
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/formatter/jsonFormat.go
@@ -0,0 +1,5 @@
+package formatter
+
+func (f *Formatter) PrintJson(response string) {
+	f.cmd.Printf(response)
+}

From 996ba0b145a4c611c7497e53b7d672d3e730605b Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 10:13:03 +0000
Subject: [PATCH 10/45] fix event and remove printer pkg

---
 cmd/traceectl/cmd/event.go                    | 54 ++++++++---
 cmd/traceectl/pkg/cmd/printer/printer.go      | 92 -------------------
 cmd/traceectl/pkg/cmd/printer/printer_test.go | 68 --------------
 3 files changed, 42 insertions(+), 172 deletions(-)
 delete mode 100644 cmd/traceectl/pkg/cmd/printer/printer.go
 delete mode 100644 cmd/traceectl/pkg/cmd/printer/printer_test.go

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 24495f5b8b7c..54ed64b6ba81 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -3,23 +3,23 @@ package cmd
 //TODO:
 import (
 	"context"
+	"fmt"
+	"strings"
 
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
-	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/printer"
 	"github.com/spf13/cobra"
 )
 
 var eventFormatFlag string
-var eventOutputFlag string
 
 var eventCmd = &cobra.Command{
 	Use:   "event [command]",
 	Short: "Event management for tracee",
 	Long: `Event Management for tracee 
 	Let you enable and disable events in tracee.
-	Get descriptions of events and run them.
+	Get descriptions of events.
 	`,
 	Args: cobra.MinimumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
@@ -37,10 +37,7 @@ func init() {
 	eventCmd.AddCommand(disableEventCmd)
 
 	listEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
-	listEventCmd.Flags().StringVarP(&eventOutputFlag, "output", "o", "stdout", "Output destination ")
-
 	describeEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
-	describeEventCmd.Flags().StringVarP(&eventOutputFlag, "output", "o", "stdout", "Output destination ")
 }
 
 var listEventCmd = &cobra.Command{
@@ -93,13 +90,26 @@ func listEvents(cmd *cobra.Command, args []string) {
 		return
 
 	}
-	format, err := formatter.New(eventFormatFlag, eventOutputFlag, cmd)
+	format, err := formatter.NewFormatter(eventFormatFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return
 	}
-	printer.ListEvents(format, args, response)
+	switch format.GetFormat() {
+	case formatter.FormatJson:
+		format.PrintJson(response.String())
+	case formatter.FormatTable:
+		format.PrintTableHeaders([]string{"ID", "Name", "Version", "Tags"})
+		for _, event := range response.Definitions {
+			//remove descriptions
+			format.PrintTableRow(prepareDescription(event)[:4])
+		}
+	default:
+		//Error: output format not supported
+		return
+	}
 }
+
 func getEventDescriptions(cmd *cobra.Command, args []string) {
 	var traceeClient client.ServiceClient
 	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
@@ -113,12 +123,34 @@ func getEventDescriptions(cmd *cobra.Command, args []string) {
 		return
 
 	}
-	format, err := formatter.New(eventFormatFlag, eventOutputFlag, cmd)
+	format, err := formatter.NewFormatter(eventFormatFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return
 	}
-	printer.DescribeEvent(format, args, response)
+	switch format.GetFormat() {
+	case formatter.FormatJson:
+		format.PrintJson(response.String())
+	case formatter.FormatTable:
+		format.PrintTableHeaders([]string{"ID", "Name", "Version", "Tags", "Description"})
+		for _, event := range response.Definitions {
+			format.PrintTableRow(prepareDescription(event))
+		}
+	default:
+		//Error: output format not supported
+		return
+
+	}
+}
+func prepareDescription(event *pb.EventDefinition) []string {
+	return []string{
+		fmt.Sprintf("%d", event.Id),
+		event.Name,
+		fmt.Sprintf("%d.%d.%d", event.Version.Major, event.Version.Minor, event.Version.Patch),
+		strings.Join(event.Tags, ", "),
+		event.Description,
+	}
+
 }
 func enableEvents(cmd *cobra.Command, eventName string) {
 	var traceeClient client.ServiceClient
@@ -133,7 +165,6 @@ func enableEvents(cmd *cobra.Command, eventName string) {
 	}
 	cmd.Printf("Enabled event: %s\n", eventName)
 }
-
 func disableEvents(cmd *cobra.Command, eventName string) {
 	var traceeClient client.ServiceClient
 	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
@@ -146,5 +177,4 @@ func disableEvents(cmd *cobra.Command, eventName string) {
 		return
 	}
 	cmd.Printf("Disabled event: %s\n", eventName)
-
 }
diff --git a/cmd/traceectl/pkg/cmd/printer/printer.go b/cmd/traceectl/pkg/cmd/printer/printer.go
deleted file mode 100644
index 59d5174eaa22..000000000000
--- a/cmd/traceectl/pkg/cmd/printer/printer.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package printer
-
-import (
-	pb "github.com/aquasecurity/tracee/api/v1beta1"
-	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
-)
-
-func StreamEvents(format *formatter.Formatter, args []string, stream pb.TraceeService_StreamEventsClient) {
-	//TODO:support only table and json format for now
-	switch format.Format {
-	case formatter.FormatJSON:
-		jsonStreamEvents(args, stream, format)
-	case formatter.FormatTable:
-		tableStreamEvents(args, stream, format)
-	case formatter.FormatGoTpl:
-		fallthrough
-	default:
-		format.CMD.PrintErrln("Error: output format not supported")
-		return
-	}
-}
-func tableStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, tbl *formatter.Formatter) {
-	tbl.PrintSteamTableHeaders()
-	for {
-		res, err := stream.Recv()
-		if err != nil {
-			if err.Error() == "EOF" {
-				break
-			}
-			tbl.CMD.PrintErrln("Error receiving streamed event: ", err)
-		}
-		tbl.PrintStreamTableRow(res.Event)
-
-	}
-}
-func jsonStreamEvents(_ []string, stream pb.TraceeService_StreamEventsClient, tbl *formatter.Formatter) {
-	for {
-		res, err := stream.Recv()
-		if err != nil {
-			// Handle the error that occurs when the server closes the stream
-			if err.Error() == "EOF" {
-				break
-			}
-			tbl.CMD.PrintErrln("Error receiving streamed event: ", err)
-		}
-		// Print each event as a row in json format
-		tbl.PrintStreamJSON(res.Event)
-	}
-}
-
-func ListEvents(format *formatter.Formatter, args []string, response *pb.GetEventDefinitionsResponse) {
-	switch format.Format {
-	case formatter.FormatJSON:
-		jsonListEvent(format, args, response)
-	case formatter.FormatTable:
-		tableListEvent(format, args, response)
-	case formatter.FormatGoTpl:
-		fallthrough
-	default:
-		format.CMD.PrintErrln("Error: output format not supported")
-		return
-	}
-
-}
-func tableListEvent(format *formatter.Formatter, _ []string, response *pb.GetEventDefinitionsResponse) {
-	tbl := format.PrintEventListTable(response)
-	tbl.Render()
-}
-func jsonListEvent(format *formatter.Formatter, _ []string, response *pb.GetEventDefinitionsResponse) {
-	format.PrintEventListJSON(response)
-}
-func DescribeEvent(format *formatter.Formatter, args []string, response *pb.GetEventDefinitionsResponse) {
-	switch format.Format {
-	case formatter.FormatJSON:
-		jsonDescribeEvent(format, args, response)
-	case formatter.FormatTable:
-		tableDescribeEvent(format, args, response)
-	case formatter.FormatGoTpl:
-		fallthrough
-	default:
-		format.CMD.PrintErrln("Error: output format not supported")
-		return
-	}
-
-}
-func jsonDescribeEvent(format *formatter.Formatter, _ []string, response *pb.GetEventDefinitionsResponse) {
-	format.PrintEventDescriptionJSON(response)
-}
-func tableDescribeEvent(format *formatter.Formatter, _ []string, response *pb.GetEventDefinitionsResponse) {
-	tbl := format.PrintEventDescriptionTable(response)
-	tbl.Render()
-}
diff --git a/cmd/traceectl/pkg/cmd/printer/printer_test.go b/cmd/traceectl/pkg/cmd/printer/printer_test.go
deleted file mode 100644
index e3140d672a27..000000000000
--- a/cmd/traceectl/pkg/cmd/printer/printer_test.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package printer_test
-
-// import (
-// 	"fmt"
-// 	"os"
-// 	"testing"
-
-// 	"github.com/stretchr/testify/assert"
-
-// 	"github.com/aquasecurity/tracee/pkg/cmd/flags"
-// 	"github.com/aquasecurity/tracee/pkg/config"
-// )
-
-// func TestTraceeEbpfPrepareOutputPrinterConfig(t *testing.T) {
-// 	t.Parallel()
-
-// 	testCases := []struct {
-// 		testName        string
-// 		outputSlice     []string
-// 		expectedPrinter config.PrinterConfig
-// 		expectedError   error
-// 	}{
-// 		{
-// 			testName:        "invalid format",
-// 			outputSlice:     []string{"notaformat"},
-// 			expectedPrinter: config.PrinterConfig{},
-// 			expectedError:   fmt.Errorf("unrecognized output format: %s. Valid format values: 'table', 'table-verbose', 'json', or 'gotemplate='. Use '--output help' for more info", "notaformat"),
-// 		},
-// 		{
-// 			testName:        "invalid format with format prefix",
-// 			outputSlice:     []string{"format:notaformat2"},
-// 			expectedPrinter: config.PrinterConfig{},
-// 			expectedError:   fmt.Errorf("unrecognized output format: %s. Valid format values: 'table', 'table-verbose', 'json', or 'gotemplate='. Use '--output help' for more info", "notaformat2"),
-// 		},
-// 		{
-// 			testName:    "default",
-// 			outputSlice: []string{},
-// 			expectedPrinter: config.PrinterConfig{
-// 				Kind:    "table",
-// 				OutFile: os.Stdout,
-// 			},
-// 			expectedError: nil,
-// 		},
-// 		{
-// 			testName:    "format: json",
-// 			outputSlice: []string{"format:json"},
-// 			expectedPrinter: config.PrinterConfig{
-// 				Kind:    "json",
-// 				OutFile: os.Stdout,
-// 			},
-// 			expectedError: nil,
-// 		},
-// 	}
-// 	for _, testcase := range testCases {
-// 		testcase := testcase
-
-// 		t.Run(testcase.testName, func(t *testing.T) {
-// 			t.Parallel()
-
-// 			outputConfig, err := flags.TraceeEbpfPrepareOutput(testcase.outputSlice, false)
-// 			if err != nil {
-// 				assert.ErrorContains(t, err, testcase.expectedError.Error())
-// 			} else {
-// 				assert.Equal(t, testcase.expectedPrinter, outputConfig.PrinterConfigs[0])
-// 			}
-// 		})
-// 	}
-// }

From 49f032b394d47d96f0596002ed6e3468586293c0 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 10:49:32 +0000
Subject: [PATCH 11/45] support output

---
 cmd/traceectl/cmd/root.go             | 11 +++++---
 cmd/traceectl/go.mod                  |  4 ---
 cmd/traceectl/go.sum                  |  8 ------
 cmd/traceectl/pkg/cmd/flags/output.go | 39 +++++++++++++++++++++++++++
 4 files changed, 47 insertions(+), 15 deletions(-)
 create mode 100644 cmd/traceectl/pkg/cmd/flags/output.go

diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index 3d3420ce4dad..dc52d9cd1fbd 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -6,13 +6,12 @@ import (
 
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
 	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/flags"
 
 	"github.com/spf13/cobra"
 )
 
-var formatFlag string
 var outputFlag string
-var serverFlag string
 var (
 	serverInfo client.ServerInfo = client.ServerInfo{
 		ConnectionType: client.Protocol_UNIX,
@@ -23,6 +22,12 @@ var (
 		Use:   "traceectl [flags] [command]",
 		Short: "TraceeCtl is a CLI tool for tracee",
 		Long:  "TraceeCtl is the client for the tracee API server.",
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			if err := flags.PrepareOutput(cmd, outputFlag); err != nil {
+				return err
+			}
+			return nil
+		},
 		Run: func(cmd *cobra.Command, args []string) {
 			cmd.Help()
 		},
@@ -38,7 +43,7 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(&serverInfo.Addr, "server", client.Socket, `Server connection path or address.
 	for unix socket <socket_path> (default: /tmp/tracee.sock)
 	for tcp <IP:Port>`)
-
+	rootCmd.PersistentFlags().StringVarP(&outputFlag, "output", "o", "", "Specify the output format")
 }
 
 var metricsCmd = &cobra.Command{
diff --git a/cmd/traceectl/go.mod b/cmd/traceectl/go.mod
index 24867a950fe0..94d1d8ba2f95 100644
--- a/cmd/traceectl/go.mod
+++ b/cmd/traceectl/go.mod
@@ -3,7 +3,6 @@ module github.com/aquasecurity/tracee/cmd/traceectl
 go 1.23.1
 
 require (
-	github.com/aquasecurity/table v1.8.0
 	github.com/aquasecurity/tracee/api v0.0.0-20240918153521-1b3f9e8657e0
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.7.1
@@ -13,13 +12,10 @@ require (
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/term v0.23.0 // indirect
 	golang.org/x/text v0.17.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
diff --git a/cmd/traceectl/go.sum b/cmd/traceectl/go.sum
index cd1ccff60556..44de7a6fd20b 100644
--- a/cmd/traceectl/go.sum
+++ b/cmd/traceectl/go.sum
@@ -1,5 +1,3 @@
-github.com/aquasecurity/table v1.8.0 h1:9ntpSwrUfjrM6/YviArlx/ZBGd6ix8W+MtojQcM7tv0=
-github.com/aquasecurity/table v1.8.0/go.mod h1:eqOmvjjB7AhXFgFqpJUEE/ietg7RrMSJZXyTN8E/wZw=
 github.com/aquasecurity/tracee/api v0.0.0-20240918153521-1b3f9e8657e0 h1:3pt2Ceg6urRTUdOaX++LheYObFE4DbS63chktnQu24I=
 github.com/aquasecurity/tracee/api v0.0.0-20240918153521-1b3f9e8657e0/go.mod h1:Gn6xVkaBkVe1pOQ0++uuHl+lMMClv0TPY8mCQ6j88aA=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -10,12 +8,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
-github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
 github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
@@ -28,8 +22,6 @@ golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
diff --git a/cmd/traceectl/pkg/cmd/flags/output.go b/cmd/traceectl/pkg/cmd/flags/output.go
new file mode 100644
index 000000000000..47abc4e451a7
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/flags/output.go
@@ -0,0 +1,39 @@
+package flags
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+func PrepareOutput(cmd *cobra.Command, output string) error {
+	if (output != "") && (output != "stdout") {
+		/// Validate the file path
+		if output == "" || strings.TrimSpace(output) == "" {
+			return fmt.Errorf("output file path is empty or invalid")
+		}
+
+		// Ensure parent directories exist
+		dir := filepath.Dir(output)
+		if err := os.MkdirAll(dir, 0755); err != nil {
+			return fmt.Errorf("failed to create directories for output file: %v", err)
+		}
+
+		// Create or open the file
+		file, err := os.Create(output)
+		if err != nil {
+			return fmt.Errorf("failed to open output file: %v", err)
+		}
+
+		cmd.SetOut(file)
+		cmd.SetErr(file)
+		// Make sure to close the file after execution
+		cmd.PersistentPostRun = func(cmd *cobra.Command, args []string) {
+			file.Close()
+		}
+	}
+	return nil
+}

From 0db47c27177f8b43726a1b7259c00b6b774b36b3 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 14:11:00 +0000
Subject: [PATCH 12/45] added basic documantion for traceectl

---
 docs/docs/traceectl/index.md | 15 ++++++++
 docs/docs/traceectl/usage.md | 71 ++++++++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+)
 create mode 100644 docs/docs/traceectl/index.md
 create mode 100644 docs/docs/traceectl/usage.md

diff --git a/docs/docs/traceectl/index.md b/docs/docs/traceectl/index.md
new file mode 100644
index 000000000000..bbbf44febde1
--- /dev/null
+++ b/docs/docs/traceectl/index.md
@@ -0,0 +1,15 @@
+# TraceeCtl - Client Service for Tracee
+
+**TraceeCtl** is a command-line interface (CLI) tool designed as a client service for [Tracee](https://github.com/aquasecurity/tracee), Aqua Security's open-source runtime security solution. Tracee provides real-time, powerful observability for Linux environments by monitoring system calls, events, and more. TraceeCtl is built to simplify interactions with Tracee, making it easier for users to manage, monitor, and gather security insights.
+
+## Overview
+
+TraceeCtl acts as a controller for Tracee, allowing users to:
+
+- **Stream Events**: Continuously stream security events from Tracee, with options to format the output as JSON, tables, or custom templates.
+- **List Available Events**: Display the available events that Tracee can capture, providing essential insights into runtime activities.
+- **Query Metrics**: Access various metrics related to Tracee, including event counts, errors, and more.
+
+## Installation and Usage
+
+To get started with TraceeCtl, go over the [Installation and Usage page](./usage.md)
diff --git a/docs/docs/traceectl/usage.md b/docs/docs/traceectl/usage.md
new file mode 100644
index 000000000000..04aab7d0f9fa
--- /dev/null
+++ b/docs/docs/traceectl/usage.md
@@ -0,0 +1,71 @@
+# TraceeCtl Installation and Usage Guide
+
+## Installation
+
+To use **TraceeCtl**, you first need to compile and install the tool. Follow these steps to get started:
+
+1. **Clone the Repository**
+
+   Begin by cloning the Tracee repository to your local machine and navigating to traceectl:
+
+   ``` bash
+   git clone [URL-to-your-repo](https://github.com/aquasecurity/tracee.git)
+   cd cmd/traceectl
+   ```
+
+2. **Build and Install**
+
+   Compile and install TraceeCtl using the following commands:
+
+   ``` bash
+   make build
+   make install
+   ```
+
+## Configuring Tracee for TraceeCtl
+
+To use TraceeCtl effectively, you need to configure Tracee so that it can communicate with TraceeCtl over a Unix socket. This can be done by running Tracee with the correct gRPC settings:
+
+1. **Run Tracee with gRPC Unix Socket**
+
+   Use the following command to start Tracee with gRPC support over a Unix socket:
+
+   ``` bash
+   tracee --grpc-listen-addr unix:/var/run/tracee.sock
+   ```
+
+   This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`). Ensure that this socket path is accessible and not blocked by permissions or other constraints.
+
+## Usage
+
+Once TraceeCtl is installed and Tracee is running, you can use various commands to interact with Tracee. Below are the main commands provided by TraceeCtl:
+
+- Stream Events: traceectl stream
+
+- Events management: traceectl event
+
+- Retrieve Metrics: traceectl metrics
+
+- Check Version: traceectl version
+
+For more inf about the TraceeCtl command please refer to the appoint command documentation
+
+## Flags
+  
+- server: Specifies the connection type, either unix or tcp.
+
+  ``` bash
+  traceectl --server unix:/unix/socket/path.sock
+  ```
+
+- output: Defines the output destination, such as stdout or a file.
+
+  ``` bash
+  traceectl stream --output file:/path/to/output.txt
+  ```
+
+## Summary
+
+- **Install TraceeCtl** by cloning the repository, building, and installing it with `make`.
+- **Configure Tracee** by running it with the appropriate gRPC Unix socket settings.
+- **Use TraceeCtl** to interact with Tracee via commands like `stream`, `event`, `metrics`, and `version`.

From aab269e88530d41669ab80c83195d74085627b2d Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 14:50:40 +0000
Subject: [PATCH 13/45]  add white space to make the server connection a
 separate block.

---
 cmd/traceectl/cmd/event.go  | 3 ++-
 cmd/traceectl/cmd/root.go   | 2 ++
 cmd/traceectl/cmd/stream.go | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 54ed64b6ba81..b008a31aaf90 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -84,11 +84,11 @@ func listEvents(cmd *cobra.Command, args []string) {
 		return
 	}
 	defer traceeClient.CloseConnection()
+
 	response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
 	if err != nil {
 		cmd.PrintErrln("Error getting event definitions: ", err)
 		return
-
 	}
 	format, err := formatter.NewFormatter(eventFormatFlag, cmd)
 	if err != nil {
@@ -117,6 +117,7 @@ func getEventDescriptions(cmd *cobra.Command, args []string) {
 		return
 	}
 	defer traceeClient.CloseConnection()
+
 	response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
 	if err != nil {
 		cmd.PrintErrln("Error getting event definitions: ", err)
diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index dc52d9cd1fbd..d799a93cb6cf 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -77,6 +77,7 @@ func displayMetrics(cmd *cobra.Command, _ []string) {
 		return
 	}
 	defer traceeClient.CloseConnection()
+
 	response, err := traceeClient.GetMetrics(context.Background(), &pb.GetMetricsRequest{})
 	if err != nil {
 		cmd.PrintErrln("Error getting metrics: ", err)
@@ -100,6 +101,7 @@ func displayVersion(cmd *cobra.Command, _ []string) {
 		return
 	}
 	defer traceeClient.CloseConnection()
+
 	response, err := traceeClient.GetVersion(context.Background(), &pb.GetVersionRequest{})
 
 	if err != nil {
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index 9d6ec5da1f02..60952d7b25e8 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -36,6 +36,7 @@ func streamEvents(cmd *cobra.Command, args []string) {
 		return
 	}
 	defer traceeClient.CloseConnection()
+
 	//request to stream events
 	req := &pb.StreamEventsRequest{Policies: args}
 	stream, err := traceeClient.StreamEvents(cmd.Context(), req)

From bc1b6b774c1ee3a14eb690bed9d116c238735582 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 15:08:54 +0000
Subject: [PATCH 14/45] added version command doc

---
 docs/docs/traceectl/commands/version.md | 28 +++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 docs/docs/traceectl/commands/version.md

diff --git a/docs/docs/traceectl/commands/version.md b/docs/docs/traceectl/commands/version.md
new file mode 100644
index 000000000000..bd869af84279
--- /dev/null
+++ b/docs/docs/traceectl/commands/version.md
@@ -0,0 +1,28 @@
+# Version Command
+
+The `version` command in **TraceeCtl** provides detailed information about the current version of the tool. This includes the version number, build date, and other relevant metadata.
+
+## Usage
+
+To display the version information, use the following command:
+
+``` bash
+traceectl version
+```
+
+This command will output details such as:
+
+- **Version Number**: The current version of TraceeCtl.
+- **Commit Hash**: The Git commit hash associated with the current build (if applicable).
+
+### Example Output
+
+``` bash
+v0.22.0-96-gaab269e885
+```
+
+### Summary
+
+- **`traceectl version`**: Displays detailed version information.
+
+Use this command to verify your version or to gather information for troubleshooting purposes.

From ae1af2bbc1537cfde4f518f655aa6ef504176898 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 15:20:25 +0000
Subject: [PATCH 15/45] added doc for event

---
 cmd/traceectl/cmd/event.go            |  4 +-
 docs/docs/traceectl/commands/event.md | 83 +++++++++++++++++++++++++++
 2 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 docs/docs/traceectl/commands/event.md

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index b008a31aaf90..df610facb7ee 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -36,8 +36,8 @@ func init() {
 	eventCmd.AddCommand(enableEventCmd)
 	eventCmd.AddCommand(disableEventCmd)
 
-	listEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
-	describeEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table|template) ")
+	listEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table) ")
+	describeEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table) ")
 }
 
 var listEventCmd = &cobra.Command{
diff --git a/docs/docs/traceectl/commands/event.md b/docs/docs/traceectl/commands/event.md
new file mode 100644
index 000000000000..247b3643edfa
--- /dev/null
+++ b/docs/docs/traceectl/commands/event.md
@@ -0,0 +1,83 @@
+# Event Command Usage
+
+The `event` command in **TraceeCtl** is used for managing events within Tracee. It allows you to list, describe, enable, and disable various event types that Tracee can capture. Below is the usage guide for the `event` command and its subcommands.
+
+## Usage
+
+The `event` command is structured as follows:
+
+```sh
+traceectl event [subcommand] [flags]
+```
+
+## Subcommands
+
+- **list**: Lists all available event definitions (built-in and plugin-defined), providing a brief summary of each.
+  
+  ```sh
+  traceectl event list --format [json|table|template]
+  ```
+
+  - **`--format`** (`-f`): Specifies the output format (default is `table`). Supported formats are `json`, `table`, and `template`.
+
+- **describe**: Retrieves detailed information about a specific event, including its fields, types, and other metadata.
+  
+  ```sh
+  traceectl event describe <event_name> --format [json|table|template]
+  ```
+
+  - **`<event_name>`**: The name of the event to describe.
+  - **`--format`** (`-f`): Specifies the output format (default is `table`).
+
+- **enable**: Enables capturing of a specific event type in Tracee.
+  
+  ```sh
+  traceectl event enable <event_name>
+  ```
+
+  - **`<event_name>`**: The name of the event to enable.
+
+- **disable**: Disables capturing of a specific event type in Tracee.
+  
+  ```sh
+  traceectl event disable <event_name>
+  ```
+
+  - **`<event_name>`**: The name of the event to disable.
+
+## Flags
+
+- **`--format`** (`-f`): Available with the `list` and `describe` subcommands. It specifies the format for the output. Supported values are:
+  - `json`: Outputs event details in JSON format.
+  - `table`: Outputs event details in a tabular view.
+  - `template`: Uses a custom template for formatting the output.
+
+## Examples
+
+- **List All Events in JSON Format**
+  
+  ```sh
+  traceectl event list --format json
+  ```
+
+- **Describe an Event**
+  
+  ```sh
+  traceectl event describe execve --format table
+  ```
+
+- **Enable an Event**
+  
+  ```sh
+  traceectl event enable execve
+  ```
+
+- **Disable an Event**
+  
+  ```sh
+  traceectl event disable execve
+  ```
+
+## Summary
+
+The `event` command in TraceeCtl is a powerful tool for managing Tracee's event capabilities. Use the `list`, `describe`, `enable`, and `disable` subcommands to gain detailed insight and control over the events Tracee monitors.

From c8dd56fa8671c51c5f37da2ec6ad8ee79f38d2ec Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 15:24:16 +0000
Subject: [PATCH 16/45] added stream doc

---
 docs/docs/traceectl/commands/stream.md | 35 ++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 docs/docs/traceectl/commands/stream.md

diff --git a/docs/docs/traceectl/commands/stream.md b/docs/docs/traceectl/commands/stream.md
new file mode 100644
index 000000000000..6ac7c1c946cf
--- /dev/null
+++ b/docs/docs/traceectl/commands/stream.md
@@ -0,0 +1,35 @@
+# Stream Command Usage
+
+The `stream` command in **TraceeCtl** allows users to stream events directly from Tracee in real time. This command provides flexible output formats for better integration and readability.
+
+## Usage
+
+The `stream` command is structured as follows:
+
+```sh
+traceectl stream [policies...] [flags]
+```
+
+## Flags
+
+- **`--format`** (`-f`): Specifies the format for the output. Supported values are:
+  - `json`: Outputs event details in JSON format.
+  - `table`: Outputs event details in a tabular view.
+
+## Examples
+
+- **Stream Events in JSON Format**
+  
+  ```sh
+  traceectl stream --format json
+  ```
+
+- **Stream Events in Table Format**
+  
+  ```sh
+  traceectl stream --format table
+  ```
+
+## Summary
+
+The `stream` command in TraceeCtl is a useful tool for monitoring Tracee events in real time, with options for JSON or table output. Use this command to keep track of activities and ensure comprehensive observability for your system.

From bd861122cc342bac818974040339fd669d06e4bb Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 15:29:54 +0000
Subject: [PATCH 17/45] added metrics docs

---
 docs/docs/traceectl/commands/metrics.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 docs/docs/traceectl/commands/metrics.md

diff --git a/docs/docs/traceectl/commands/metrics.md b/docs/docs/traceectl/commands/metrics.md
new file mode 100644
index 000000000000..e95e5d974bc9
--- /dev/null
+++ b/docs/docs/traceectl/commands/metrics.md
@@ -0,0 +1,23 @@
+# Metrics Command Usage
+
+The `metrics` command in **TraceeCtl** provides information about Tracee's performance and resource usage metrics. This command is helpful for monitoring how Tracee is functioning in real-time.
+
+## Usage
+
+The `metrics` command is structured as follows:
+
+```sh
+traceectl metrics 
+```
+
+## Examples
+
+- **Display Metrics in Table Format**
+  
+  ```sh
+  traceectl metrics 
+  ```
+
+## Summary
+
+The `metrics` command in TraceeCtl allows users to obtain insights into Tracee's operational metrics, including event counts and resource usage. The command supports a table output format to suit different reporting needs.

From 70e1142b5c1462c64cfe8f621da705b65600b802 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 15:41:25 +0000
Subject: [PATCH 18/45]  make formt flag global

---
 cmd/traceectl/cmd/event.go  | 10 ++++------
 cmd/traceectl/cmd/root.go   |  1 +
 cmd/traceectl/cmd/stream.go |  6 ++----
 3 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index df610facb7ee..be5c3e173420 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -12,8 +12,6 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var eventFormatFlag string
-
 var eventCmd = &cobra.Command{
 	Use:   "event [command]",
 	Short: "Event management for tracee",
@@ -36,8 +34,8 @@ func init() {
 	eventCmd.AddCommand(enableEventCmd)
 	eventCmd.AddCommand(disableEventCmd)
 
-	listEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table) ")
-	describeEventCmd.Flags().StringVarP(&eventFormatFlag, "format", "f", formatter.FormatTable, "Output format (json|table) ")
+	listEventCmd.Flags().StringVarP(&formatFlag, "format", "f", formatter.FormatTable, "Output format (json|table)")
+	describeEventCmd.Flags().StringVarP(&formatFlag, "format", "f", formatter.FormatTable, "Output format (json|table)")
 }
 
 var listEventCmd = &cobra.Command{
@@ -90,7 +88,7 @@ func listEvents(cmd *cobra.Command, args []string) {
 		cmd.PrintErrln("Error getting event definitions: ", err)
 		return
 	}
-	format, err := formatter.NewFormatter(eventFormatFlag, cmd)
+	format, err := formatter.NewFormatter(formatFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return
@@ -124,7 +122,7 @@ func getEventDescriptions(cmd *cobra.Command, args []string) {
 		return
 
 	}
-	format, err := formatter.NewFormatter(eventFormatFlag, cmd)
+	format, err := formatter.NewFormatter(formatFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return
diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index d799a93cb6cf..f58e5dc874d4 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -11,6 +11,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
+var formatFlag string
 var outputFlag string
 var (
 	serverInfo client.ServerInfo = client.ServerInfo{
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index 60952d7b25e8..0dbd8416ba1a 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -10,7 +10,6 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var streamFormatFlag string
 var streamCmd = &cobra.Command{
 	Use:   "stream [policies...]",
 	Short: "Stream events from tracee",
@@ -23,8 +22,7 @@ var streamCmd = &cobra.Command{
 }
 
 func init() {
-	streamCmd.Flags().StringVarP(&streamFormatFlag, "format", "f", formatter.FormatJson, "Output format (json|table)")
-
+	streamCmd.Flags().StringVarP(&formatFlag, "format", "f", formatter.FormatTable, "Output format (json|table)")
 }
 
 func streamEvents(cmd *cobra.Command, args []string) {
@@ -45,7 +43,7 @@ func streamEvents(cmd *cobra.Command, args []string) {
 		return
 	}
 	//create formatter
-	format, err := formatter.NewFormatter(streamFormatFlag, cmd)
+	format, err := formatter.NewFormatter(formatFlag, cmd)
 	if err != nil {
 		cmd.PrintErrln("Error creating formatter: ", err)
 		return

From 951073fdb9f9c4f7dfa3fcd3b2a8772e620b3ad2 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 28 Nov 2024 15:44:05 +0000
Subject: [PATCH 19/45] added docs to traceectl flags

---
 docs/docs/traceectl/flags/format.md | 29 +++++++++++++++++++++
 docs/docs/traceectl/flags/output.md | 23 +++++++++++++++++
 docs/docs/traceectl/flags/server.md | 23 +++++++++++++++++
 docs/docs/traceectl/usage.md        | 40 +++++++++++++++++++++--------
 4 files changed, 105 insertions(+), 10 deletions(-)
 create mode 100644 docs/docs/traceectl/flags/format.md
 create mode 100644 docs/docs/traceectl/flags/output.md
 create mode 100644 docs/docs/traceectl/flags/server.md

diff --git a/docs/docs/traceectl/flags/format.md b/docs/docs/traceectl/flags/format.md
new file mode 100644
index 000000000000..c8ff35b13b7e
--- /dev/null
+++ b/docs/docs/traceectl/flags/format.md
@@ -0,0 +1,29 @@
+# `format` Flag
+
+The `--format` flag in **TraceeCtl** is used to specify the output format for certain commands. Currently, this flag supports the following values for the `stream`, `event list`, and `event describe` commands:
+
+- **`json`**: Outputs the data in JSON format, which is useful for automated processing or integration with other tools that consume JSON.
+  
+  Example:
+
+  ```sh
+  traceectl event list --format json
+  ```
+
+  In this example, the command lists all available events and outputs them in JSON format.
+
+- **`table`**: Outputs the data in a tabular format, which is easier to read for users viewing the output directly in the terminal.
+  
+  Example:
+  
+  ```sh
+  traceectl stream --format table
+  ```
+
+  In this example, the command streams events from Tracee and displays them in a table format, making it more human-readable.
+
+The `--format` flag is helpful for customizing the output to meet different requirements, whether for readability or integration with other tools.
+
+## Default Format
+
+The default format for the `--format` flag is **table**. If no format is specified, the output will be displayed in a tabular format, which is more human-readable for most users.
diff --git a/docs/docs/traceectl/flags/output.md b/docs/docs/traceectl/flags/output.md
new file mode 100644
index 000000000000..59125ffab997
--- /dev/null
+++ b/docs/docs/traceectl/flags/output.md
@@ -0,0 +1,23 @@
+# `output` Flag
+
+The `--output` flag is used to specify the destination for the command's output. This flag can be set to **stdout** or a file location.
+
+- **stdout**: This is the default output destination, which means that the command's output will be displayed on the terminal. This is convenient for users who want to see immediate results directly in their console.
+  
+  Example:
+
+  ```sh
+  traceectl stream --output stdout
+  ```
+
+  In this example, the command outputs the streamed events to the terminal.
+
+- **File Output**: You can use the `--output` flag to direct the output to a specific file. This is useful if you want to save the output for later analysis or for documentation purposes.
+  
+  Example:
+
+  ```sh
+  traceectl stream --output file:/path/to/output.txt
+  ```
+
+  In this example, the command saves the streamed events to the file located at `/path/to/output.txt`. This is especially helpful for logging purposes or when working with large amounts of data that need to be stored for further processing.
diff --git a/docs/docs/traceectl/flags/server.md b/docs/docs/traceectl/flags/server.md
new file mode 100644
index 000000000000..416dfd36a997
--- /dev/null
+++ b/docs/docs/traceectl/flags/server.md
@@ -0,0 +1,23 @@
+# `server` Flag
+
+The `--server` flag in **TraceeCtl** is used to specify the connection type that TraceeCtl should use to communicate with the Tracee server. This connection type can be either **Unix socket** or **TCP**.
+
+- **Unix Socket**: This type of connection is generally used for local inter-process communication. It provides a secure and efficient means to connect to Tracee when both client and server are on the same machine.
+  
+  Example:
+
+  ```sh
+  traceectl --server unix:/unix/socket/path.sock
+  ```
+
+  In this example, `unix:/unix/socket/path.sock` is the Unix socket path where the Tracee server is listening. Using Unix sockets is beneficial for security and performance since it avoids the overhead associated with network communication.
+
+- **TCP**: This type of connection allows TraceeCtl to communicate with the Tracee server over a network. It is useful when TraceeCtl and Tracee are running on different machines or when you need to connect to a remote Tracee instance.
+  
+  Example:
+
+  ```sh
+  traceectl --server tcp:4466
+  ```
+
+  In this example, `tcp:4466` is the address and port of the Tracee server. This is a typical setup for remote monitoring or when the server and client need to be distributed across different hosts.
diff --git a/docs/docs/traceectl/usage.md b/docs/docs/traceectl/usage.md
index 04aab7d0f9fa..3e3d96b32415 100644
--- a/docs/docs/traceectl/usage.md
+++ b/docs/docs/traceectl/usage.md
@@ -4,16 +4,16 @@
 
 To use **TraceeCtl**, you first need to compile and install the tool. Follow these steps to get started:
 
-1. **Clone the Repository**
+### 1. **Clone the Repository**
 
    Begin by cloning the Tracee repository to your local machine and navigating to traceectl:
 
    ``` bash
-   git clone [URL-to-your-repo](https://github.com/aquasecurity/tracee.git)
+   git clone https://github.com/aquasecurity/tracee.git
    cd cmd/traceectl
    ```
 
-2. **Build and Install**
+### 2. **Build and Install**
 
    Compile and install TraceeCtl using the following commands:
 
@@ -26,15 +26,33 @@ To use **TraceeCtl**, you first need to compile and install the tool. Follow the
 
 To use TraceeCtl effectively, you need to configure Tracee so that it can communicate with TraceeCtl over a Unix socket. This can be done by running Tracee with the correct gRPC settings:
 
-1. **Run Tracee with gRPC Unix Socket**
+### 1. **Run Tracee with gRPC Unix Socket**
 
-   Use the following command to start Tracee with gRPC support over a Unix socket:
+Use the following command to start Tracee with gRPC support over a Unix socket:
 
-   ``` bash
-   tracee --grpc-listen-addr unix:/var/run/tracee.sock
-   ```
+``` bash
+tracee --grpc-listen-addr unix:/var/run/tracee.sock
+```
+
+This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`). Ensure that this socket path is accessible and not blocked by permissions or other constraints.
+
+### 2. **Output Flag Configuration**
+
+The `--output` flag in Tracee allows you to configure how data from Tracee is presented. Among the available options, you can specify `none` for minimal output, which can be useful for scenarios where bandwidth or latency considerations are critical. For example:
 
-   This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`). Ensure that this socket path is accessible and not blocked by permissions or other constraints.
+``` bash
+tracee --output none
+```
+
+#### Why Use `--output none`?
+
+- **Reduced Bandwidth Usage:** By suppressing output, you can minimize the data transferred over the Unix socket, which is especially helpful in environments with limited resources.
+- **Lower Latency:** With no data formatting or transmission overhead, the interaction between TraceeCtl and Tracee becomes faster.
+
+Use this mode for performance testing, silent monitoring, or when integrating TraceeCtl with other systems that handle data processing separately.
+
+This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`).
+Ensure that this socket path is accessible and not blocked by permissions or other constraints.
 
 ## Usage
 
@@ -48,7 +66,7 @@ Once TraceeCtl is installed and Tracee is running, you can use various commands
 
 - Check Version: traceectl version
 
-For more inf about the TraceeCtl command please refer to the appoint command documentation
+For more info about the TraceeCtl command please refer to the appoint command documentation
 
 ## Flags
   
@@ -64,6 +82,8 @@ For more inf about the TraceeCtl command please refer to the appoint command doc
   traceectl stream --output file:/path/to/output.txt
   ```
 
+For more info about the TraceeCtl flags please refer to the appoint flag documentation
+
 ## Summary
 
 - **Install TraceeCtl** by cloning the repository, building, and installing it with `make`.

From 0d4a4918bf82ff709143345ed8da47e9982ee50e Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Tue, 3 Dec 2024 14:18:28 +0000
Subject: [PATCH 20/45] added error msg for not supported output format

---
 cmd/traceectl/cmd/event.go  | 5 ++---
 cmd/traceectl/cmd/stream.go | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index be5c3e173420..32df7b931dc1 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -1,6 +1,5 @@
 package cmd
 
-//TODO:
 import (
 	"context"
 	"fmt"
@@ -103,7 +102,7 @@ func listEvents(cmd *cobra.Command, args []string) {
 			format.PrintTableRow(prepareDescription(event)[:4])
 		}
 	default:
-		//Error: output format not supported
+		cmd.PrintErrln("output format not supported")
 		return
 	}
 }
@@ -136,7 +135,7 @@ func getEventDescriptions(cmd *cobra.Command, args []string) {
 			format.PrintTableRow(prepareDescription(event))
 		}
 	default:
-		//Error: output format not supported
+		cmd.PrintErrln("output format not supported")
 		return
 
 	}
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index 0dbd8416ba1a..d7b72551e46a 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -76,7 +76,7 @@ func streamEvents(cmd *cobra.Command, args []string) {
 			format.PrintTableRow(prepareEvent(res.Event))
 		}
 	default:
-		//Error: output format not supported
+		cmd.PrintErrln("output format not supported")
 		return
 	}
 }

From 866bca3603cde10bdd707a3491eecb397471524f Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Wed, 4 Dec 2024 09:44:28 +0000
Subject: [PATCH 21/45] added server flag code

---
 cmd/traceectl/pkg/cmd/flags/server.go | 54 +++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 cmd/traceectl/pkg/cmd/flags/server.go

diff --git a/cmd/traceectl/pkg/cmd/flags/server.go b/cmd/traceectl/pkg/cmd/flags/server.go
new file mode 100644
index 000000000000..5191eddde1bb
--- /dev/null
+++ b/cmd/traceectl/pkg/cmd/flags/server.go
@@ -0,0 +1,54 @@
+package flags
+
+import (
+	"fmt"
+	"net"
+	"strings"
+
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
+	"github.com/spf13/cobra"
+)
+
+func PrepareServer(cmd *cobra.Command, server client.ServerInfo) (client.ServerInfo, error) {
+	var err error
+	var address string
+	err = determineConnectionType(server)
+	if err != nil {
+		return server, err
+	}
+	switch server.ConnectionType {
+	case client.Protocol_UNIX:
+		address = fmt.Sprintf("unix://%s", server.Addr)
+	case client.Protocol_TCP:
+		address = fmt.Sprintf(server.Addr)
+	default:
+		return server, fmt.Errorf("unsupported connection type: %s", server.ConnectionType)
+	}
+	server.Addr = address
+	return server, nil
+}
+
+func determineConnectionType(server client.ServerInfo) error {
+	if strings.Contains(server.Addr, ":") && isValidTCPAddress(server.Addr) {
+		server.ConnectionType = client.Protocol_TCP
+		return nil
+	}
+	if strings.HasPrefix(server.Addr, "/") {
+		server.ConnectionType = client.Protocol_UNIX
+		return nil
+	}
+
+	return fmt.Errorf("unsupported connection type: %s", server.Addr)
+
+}
+func isValidTCPAddress(addr string) bool {
+	host, port, err := net.SplitHostPort(addr)
+	if err != nil || host == "" || port == "" {
+		return false
+	}
+	if _, err := net.LookupPort("tcp", port); err != nil {
+		return false
+	}
+
+	return true
+}

From 21986f08d8c900f745a271b566e460109558bdd6 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Wed, 4 Dec 2024 09:45:32 +0000
Subject: [PATCH 22/45] modified code to align with new status flag code, fix
 minor issues

---
 cmd/traceectl/cmd/event.go         | 14 ++++-----
 cmd/traceectl/cmd/root.go          | 24 ++++++++++------
 cmd/traceectl/cmd/stream.go        | 11 ++++---
 cmd/traceectl/pkg/client/client.go | 46 ++----------------------------
 4 files changed, 30 insertions(+), 65 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 32df7b931dc1..ca454442fa5b 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -15,9 +15,9 @@ var eventCmd = &cobra.Command{
 	Use:   "event [command]",
 	Short: "Event management for tracee",
 	Long: `Event Management for tracee 
-	Let you enable and disable events in tracee.
-	Get descriptions of events.
-	`,
+Let you enable and disable events in tracee.
+Get descriptions of events.
+`,
 	Args: cobra.MinimumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		if len(args) == 0 {
@@ -76,7 +76,7 @@ var disableEventCmd = &cobra.Command{
 
 func listEvents(cmd *cobra.Command, args []string) {
 	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+	if err := traceeClient.NewServiceClient(server); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -109,7 +109,7 @@ func listEvents(cmd *cobra.Command, args []string) {
 
 func getEventDescriptions(cmd *cobra.Command, args []string) {
 	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+	if err := traceeClient.NewServiceClient(server); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -152,7 +152,7 @@ func prepareDescription(event *pb.EventDefinition) []string {
 }
 func enableEvents(cmd *cobra.Command, eventName string) {
 	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+	if err := traceeClient.NewServiceClient(server); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -165,7 +165,7 @@ func enableEvents(cmd *cobra.Command, eventName string) {
 }
 func disableEvents(cmd *cobra.Command, eventName string) {
 	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+	if err := traceeClient.NewServiceClient(server); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index f58e5dc874d4..f248166e7f93 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -11,20 +11,28 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var formatFlag string
-var outputFlag string
 var (
-	serverInfo client.ServerInfo = client.ServerInfo{
+	formatFlag string
+	outputFlag string
+	server     client.ServerInfo = client.ServerInfo{
 		ConnectionType: client.Protocol_UNIX,
 		Addr:           client.Socket,
 	}
+)
 
+var (
 	rootCmd = &cobra.Command{
 		Use:   "traceectl [flags] [command]",
 		Short: "TraceeCtl is a CLI tool for tracee",
-		Long:  "TraceeCtl is the client for the tracee API server.",
+		Long: `TraceeCtl is a CLI toll for tracee:
+This tool allows you to mange event, stream events directly from tracee, and get info about tracee.
+`,
 		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
-			if err := flags.PrepareOutput(cmd, outputFlag); err != nil {
+			var err error
+			if err = flags.PrepareOutput(cmd, outputFlag); err != nil {
+				return err
+			}
+			if server, err = flags.PrepareServer(cmd, server); err != nil {
 				return err
 			}
 			return nil
@@ -41,7 +49,7 @@ func init() {
 	rootCmd.AddCommand(metricsCmd)
 	rootCmd.AddCommand(versionCmd)
 
-	rootCmd.PersistentFlags().StringVar(&serverInfo.Addr, "server", client.Socket, `Server connection path or address.
+	rootCmd.PersistentFlags().StringVar(&server.Addr, "server", client.Socket, `Server connection path or address.
 	for unix socket <socket_path> (default: /tmp/tracee.sock)
 	for tcp <IP:Port>`)
 	rootCmd.PersistentFlags().StringVarP(&outputFlag, "output", "o", "", "Specify the output format")
@@ -73,7 +81,7 @@ func Execute() {
 
 func displayMetrics(cmd *cobra.Command, _ []string) {
 	var traceeClient client.DiagnosticClient
-	if err := traceeClient.NewDiagnosticClient(serverInfo); err != nil {
+	if err := traceeClient.NewDiagnosticClient(server); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -97,7 +105,7 @@ func displayMetrics(cmd *cobra.Command, _ []string) {
 
 func displayVersion(cmd *cobra.Command, _ []string) {
 	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(serverInfo); err != nil {
+	if err := traceeClient.NewServiceClient(server); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index d7b72551e46a..b13df5c352c0 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -14,8 +14,8 @@ var streamCmd = &cobra.Command{
 	Use:   "stream [policies...]",
 	Short: "Stream events from tracee",
 	Long: `Stream Management:
-	
-	`,
+stream event directly from tracee to the output preferred
+`,
 	Run: func(cmd *cobra.Command, args []string) {
 		streamEvents(cmd, args)
 	},
@@ -28,7 +28,7 @@ func init() {
 func streamEvents(cmd *cobra.Command, args []string) {
 	//connect to tracee
 	var traceeClient client.ServiceClient
-	err := traceeClient.NewServiceClient(serverInfo)
+	err := traceeClient.NewServiceClient(server)
 	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
@@ -57,7 +57,7 @@ func streamEvents(cmd *cobra.Command, args []string) {
 				if err.Error() == "EOF" {
 					break
 				}
-				//Error receiving streamed event
+				cmd.PrintErrln("Error receiving streamed event")
 			}
 			format.PrintJson(res.Event.String())
 		}
@@ -70,9 +70,8 @@ func streamEvents(cmd *cobra.Command, args []string) {
 				if err.Error() == "EOF" {
 					break
 				}
-				//Error receiving streamed event
+				cmd.PrintErrln("Error receiving streamed event")
 			}
-
 			format.PrintTableRow(prepareEvent(res.Event))
 		}
 	default:
diff --git a/cmd/traceectl/pkg/client/client.go b/cmd/traceectl/pkg/client/client.go
index ca30aef9596e..45f8ac6aa627 100644
--- a/cmd/traceectl/pkg/client/client.go
+++ b/cmd/traceectl/pkg/client/client.go
@@ -1,10 +1,7 @@
 package client
 
 import (
-	"fmt"
 	"log"
-	"net"
-	"strings"
 
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
@@ -21,53 +18,14 @@ type ServerInfo struct {
 	Addr           string
 }
 
-func connectToServer(serverInfo ServerInfo) (*grpc.ClientConn, error) {
+func connectToServer(server ServerInfo) (*grpc.ClientConn, error) {
 	var opts []grpc.DialOption
 	var conn *grpc.ClientConn
-	var err error
-	var address string
 	opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
-	err = determineConnectionType(serverInfo)
-	if err != nil {
-		return nil, err
-	}
-	switch serverInfo.ConnectionType {
-	case Protocol_UNIX:
-		address = fmt.Sprintf("unix://%s", serverInfo.Addr)
-	case Protocol_TCP:
-		address = fmt.Sprintf(serverInfo.Addr)
-	default:
-		return nil, fmt.Errorf("unsupported connection type: %s", serverInfo.ConnectionType)
-	}
-	conn, err = grpc.NewClient(address, opts...)
+	conn, err := grpc.NewClient(server.Addr, opts...)
 	if err != nil {
 		log.Fatalf("failed to connect to server: %v", err)
 		return nil, err
 	}
 	return conn, nil
 }
-
-func determineConnectionType(serverInfo ServerInfo) error {
-	if strings.Contains(serverInfo.Addr, ":") && isValidTCPAddress(serverInfo.Addr) {
-		serverInfo.ConnectionType = Protocol_TCP
-		return nil
-	}
-	if strings.HasPrefix(serverInfo.Addr, "/") {
-		serverInfo.ConnectionType = Protocol_UNIX
-		return nil
-	}
-
-	return fmt.Errorf("unsupported connection type: %s", serverInfo.Addr)
-
-}
-func isValidTCPAddress(addr string) bool {
-	host, port, err := net.SplitHostPort(addr)
-	if err != nil || host == "" || port == "" {
-		return false
-	}
-	if _, err := net.LookupPort("tcp", port); err != nil {
-		return false
-	}
-
-	return true
-}

From 2e6736d27fed85fa2695a929e495e7ffae198a6f Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Wed, 4 Dec 2024 10:36:44 +0000
Subject: [PATCH 23/45] change make bulid to go build, remove install

---
 docs/docs/traceectl/usage.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/docs/traceectl/usage.md b/docs/docs/traceectl/usage.md
index 3e3d96b32415..010abca64a84 100644
--- a/docs/docs/traceectl/usage.md
+++ b/docs/docs/traceectl/usage.md
@@ -18,8 +18,7 @@ To use **TraceeCtl**, you first need to compile and install the tool. Follow the
    Compile and install TraceeCtl using the following commands:
 
    ``` bash
-   make build
-   make install
+   go build
    ```
 
 ## Configuring Tracee for TraceeCtl

From 22a9ce48d91ae5eff331b6acf7571d921046105e Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Wed, 4 Dec 2024 10:38:31 +0000
Subject: [PATCH 24/45] change default socket to /var/run/tracee.sock

---
 cmd/traceectl/pkg/client/client.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/traceectl/pkg/client/client.go b/cmd/traceectl/pkg/client/client.go
index 45f8ac6aa627..7222a7434706 100644
--- a/cmd/traceectl/pkg/client/client.go
+++ b/cmd/traceectl/pkg/client/client.go
@@ -10,7 +10,7 @@ import (
 const (
 	Protocol_UNIX = "unix"
 	Protocol_TCP  = "tcp"
-	Socket        = "/tmp/tracee.sock"
+	Socket        = "/var/run/tracee.sock"
 )
 
 type ServerInfo struct {

From 66cbb461612fefa16c40d64a79ee38dfa21f9288 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Wed, 4 Dec 2024 11:05:02 +0000
Subject: [PATCH 25/45] added docs to mkdocs file

---
 mkdocs.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/mkdocs.yml b/mkdocs.yml
index d3d2e1692123..1a8290d05efa 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -576,6 +576,18 @@ nav:
                 - Output Formats: docs/outputs/output-formats.md
                 - Output Options: docs/outputs/output-options.md
                 - Logging: docs/outputs/logging.md
+          - TraceeCTL: 
+                - Overview: docs/traceectl/index.md
+                - Installation: docs/traceectl/usage.md
+                - Commands:
+                      - event:  docs/traceectl/commands/event.md
+                      - metrics: docs/traceectl/commands/metrics.md
+                      - stream: docs/traceectl/commands/stream.md
+                      - verion: docs/traceectl/commands/verion.md
+                - Flags:
+                      - output: docs/traceectl/flags/output.md
+                      - format: docs/traceectl/flags/format.md
+                      - server: docs/traceectl/flags/server.md
           - Advanced:
                 - Caching Events: docs/advanced/caching-events.md
                 - Ordering Events: docs/advanced/ordering-events.md

From 040aa477c26e83409b38e6c5d679b7692d9f0fd5 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:33:12 +0200
Subject: [PATCH 26/45] Update cmd/traceectl/cmd/event.go

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 cmd/traceectl/cmd/event.go | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index ca454442fa5b..6a97ef6df20e 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -12,12 +12,21 @@ import (
 )
 
 var eventCmd = &cobra.Command{
-	Use:   "event [command]",
-	Short: "Event management for tracee",
-	Long: `Event Management for tracee 
-Let you enable and disable events in tracee.
-Get descriptions of events.
-`,
+	Use:   "event [enable | disable | describe | list]",
+	Short: "Manage tracee events",
+	Long: `Manage events in tracee.
+
+	Subcommands:
+	  enable    Enable specific events.
+	  disable   Disable specific events.
+	  describe  Get descriptions of available events.
+	  list      List available events. 
+
+	Examples:
+	  tracee event enable security_file_open
+	  tracee event describe magic_write
+	  tracee event list
+	`,
 	Args: cobra.MinimumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		if len(args) == 0 {

From b25453a91c7f41ba7a44f3baa7072df6977d91f6 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:35:03 +0200
Subject: [PATCH 27/45] Update cmd/traceectl/cmd/event.go

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 cmd/traceectl/cmd/event.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 6a97ef6df20e..1d353223d585 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -57,7 +57,7 @@ var listEventCmd = &cobra.Command{
 }
 var describeEventCmd = &cobra.Command{
 	Use:   "describe <event_name>",
-	Short: "describe event",
+	Short: "Describe an event",
 	Long:  `Retrieves the detailed definition of a specific event, including its fields, types, and other metadata.`,
 	Args:  cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {

From 38eee76b57f074b019e10215a38e92af07ba4a14 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:35:19 +0200
Subject: [PATCH 28/45] Update cmd/traceectl/cmd/event.go

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 cmd/traceectl/cmd/event.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 1d353223d585..85b88ba3e5d6 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -75,7 +75,7 @@ var enableEventCmd = &cobra.Command{
 }
 var disableEventCmd = &cobra.Command{
 	Use:   "disable <event_name>",
-	Short: "disable event",
+	Short: "Disable an event",
 	Long:  `Disables capturing of a specific event type.`,
 	Args:  cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {

From 80ac03fdd9c64061245c3a0ac2f6f9bd0c3614e9 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:35:34 +0200
Subject: [PATCH 29/45] Update cmd/traceectl/cmd/event.go

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 cmd/traceectl/cmd/event.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 85b88ba3e5d6..cf400f744e2f 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -66,7 +66,7 @@ var describeEventCmd = &cobra.Command{
 }
 var enableEventCmd = &cobra.Command{
 	Use:   "enable <event_name>",
-	Short: "enable event",
+	Short: "Enable an event",
 	Long:  `Enables capturing of a specific event type.`,
 	Args:  cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {

From 9d709f88bb947d2e7756b4dc2bc5bf18fabd756d Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:35:51 +0200
Subject: [PATCH 30/45] Update docs/docs/traceectl/commands/version.md

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 docs/docs/traceectl/commands/version.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/traceectl/commands/version.md b/docs/docs/traceectl/commands/version.md
index bd869af84279..e6d058534c1d 100644
--- a/docs/docs/traceectl/commands/version.md
+++ b/docs/docs/traceectl/commands/version.md
@@ -1,6 +1,6 @@
 # Version Command
 
-The `version` command in **TraceeCtl** provides detailed information about the current version of the tool. This includes the version number, build date, and other relevant metadata.
+The `version` command in **traceectl** provides detailed information about the current version of the tool. This includes the version number, build date, and other relevant metadata.
 
 ## Usage
 

From 685dc3a0df5dc5d8fc696aea33315d3690333904 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:36:10 +0200
Subject: [PATCH 31/45] Update docs/docs/traceectl/flags/format.md

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 docs/docs/traceectl/flags/format.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/traceectl/flags/format.md b/docs/docs/traceectl/flags/format.md
index c8ff35b13b7e..df05065d7b0a 100644
--- a/docs/docs/traceectl/flags/format.md
+++ b/docs/docs/traceectl/flags/format.md
@@ -1,6 +1,6 @@
 # `format` Flag
 
-The `--format` flag in **TraceeCtl** is used to specify the output format for certain commands. Currently, this flag supports the following values for the `stream`, `event list`, and `event describe` commands:
+The `--format` flag in **traceectl** is used to specify the output format for certain commands. Currently, this flag supports the following values for the `stream`, `event list`, and `event describe` commands:
 
 - **`json`**: Outputs the data in JSON format, which is useful for automated processing or integration with other tools that consume JSON.
   

From 19885699f88ef63cf94124437bf9e2f8e84192c3 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:36:36 +0200
Subject: [PATCH 32/45] Update cmd/traceectl/cmd/event.go

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 cmd/traceectl/cmd/event.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index cf400f744e2f..e76f7945c24a 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -48,11 +48,11 @@ func init() {
 
 var listEventCmd = &cobra.Command{
 	Use:   "list",
-	Short: "list events",
+	Short: "List available events",
 	Long:  `Lists all available event definitions (built-in and plugin-defined), providing a brief summary of each.`,
-	Args:  cobra.MaximumNArgs(0),
+	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
-		listEvents(cmd, args)
+		listEvents(cmd)
 	},
 }
 var describeEventCmd = &cobra.Command{

From a0aab98c6bffdf6a5b0d6753312f3c1cff5e9d09 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:37:09 +0200
Subject: [PATCH 33/45] Update docs/docs/traceectl/flags/server.md

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 docs/docs/traceectl/flags/server.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/traceectl/flags/server.md b/docs/docs/traceectl/flags/server.md
index 416dfd36a997..896d538019d5 100644
--- a/docs/docs/traceectl/flags/server.md
+++ b/docs/docs/traceectl/flags/server.md
@@ -1,6 +1,6 @@
 # `server` Flag
 
-The `--server` flag in **TraceeCtl** is used to specify the connection type that TraceeCtl should use to communicate with the Tracee server. This connection type can be either **Unix socket** or **TCP**.
+The `--server` flag in **traceectl** is used to specify the connection type that TraceeCtl should use to communicate with the Tracee server. This connection type can be either **Unix socket** or **TCP**.
 
 - **Unix Socket**: This type of connection is generally used for local inter-process communication. It provides a secure and efficient means to connect to Tracee when both client and server are on the same machine.
   

From ec9ad90c5d6bcd9006c143cffd45fcf54778369d Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:37:21 +0200
Subject: [PATCH 34/45] Update docs/docs/traceectl/index.md

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 docs/docs/traceectl/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/traceectl/index.md b/docs/docs/traceectl/index.md
index bbbf44febde1..5c9ab217e2ee 100644
--- a/docs/docs/traceectl/index.md
+++ b/docs/docs/traceectl/index.md
@@ -1,6 +1,6 @@
 # TraceeCtl - Client Service for Tracee
 
-**TraceeCtl** is a command-line interface (CLI) tool designed as a client service for [Tracee](https://github.com/aquasecurity/tracee), Aqua Security's open-source runtime security solution. Tracee provides real-time, powerful observability for Linux environments by monitoring system calls, events, and more. TraceeCtl is built to simplify interactions with Tracee, making it easier for users to manage, monitor, and gather security insights.
+**traceectl** is a command-line interface (CLI) tool designed as a client service for [Tracee](https://github.com/aquasecurity/tracee), Aqua Security's open-source runtime security solution. Tracee provides real-time, powerful observability for Linux environments by monitoring system calls, events, and more. TraceeCtl is built to simplify interactions with Tracee, making it easier for users to manage, monitor, and gather security insights.
 
 ## Overview
 

From e29a2c2456b06a6da53af923ea772326b2b79ae1 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:37:35 +0200
Subject: [PATCH 35/45] Update docs/docs/traceectl/index.md

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 docs/docs/traceectl/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs/traceectl/index.md b/docs/docs/traceectl/index.md
index 5c9ab217e2ee..750dcd90f627 100644
--- a/docs/docs/traceectl/index.md
+++ b/docs/docs/traceectl/index.md
@@ -4,7 +4,7 @@
 
 ## Overview
 
-TraceeCtl acts as a controller for Tracee, allowing users to:
+traceectl acts as a controller for Tracee, allowing users to:
 
 - **Stream Events**: Continuously stream security events from Tracee, with options to format the output as JSON, tables, or custom templates.
 - **List Available Events**: Display the available events that Tracee can capture, providing essential insights into runtime activities.

From a6ba7cedf6a30844d1936c9ae5c08ea524750480 Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:40:09 +0200
Subject: [PATCH 36/45] Update cmd/traceectl/cmd/event.go

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 cmd/traceectl/cmd/event.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index e76f7945c24a..70942d79a328 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -84,8 +84,8 @@ var disableEventCmd = &cobra.Command{
 }
 
 func listEvents(cmd *cobra.Command, args []string) {
-	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(server); err != nil {
+	traceeClient, err := client.NewServiceClient(server) 
+	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}

From 4cc6c428a38127c16ca0509165658a322eb329cc Mon Sep 17 00:00:00 2001
From: Shoham Yosef Bitton <141840572+ShohamBit@users.noreply.github.com>
Date: Thu, 5 Dec 2024 13:47:43 +0200
Subject: [PATCH 37/45] Update cmd/traceectl/cmd/event.go

Co-authored-by: Yaniv Agman <yanivagman@gmail.com>
---
 cmd/traceectl/cmd/event.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 70942d79a328..f8ca2369c597 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -117,8 +117,8 @@ func listEvents(cmd *cobra.Command, args []string) {
 }
 
 func getEventDescriptions(cmd *cobra.Command, args []string) {
-	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(server); err != nil {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}

From cc6f0fbff497487bffe173a08fcf45686cb6c93a Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 5 Dec 2024 12:03:19 +0000
Subject: [PATCH 38/45] fix client pkg

---
 cmd/traceectl/pkg/client/client.go     | 3 ---
 cmd/traceectl/pkg/client/diagnostic.go | 2 --
 cmd/traceectl/pkg/client/service.go    | 2 --
 3 files changed, 7 deletions(-)

diff --git a/cmd/traceectl/pkg/client/client.go b/cmd/traceectl/pkg/client/client.go
index 7222a7434706..26b9c030fbcc 100644
--- a/cmd/traceectl/pkg/client/client.go
+++ b/cmd/traceectl/pkg/client/client.go
@@ -1,8 +1,6 @@
 package client
 
 import (
-	"log"
-
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 )
@@ -24,7 +22,6 @@ func connectToServer(server ServerInfo) (*grpc.ClientConn, error) {
 	opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	conn, err := grpc.NewClient(server.Addr, opts...)
 	if err != nil {
-		log.Fatalf("failed to connect to server: %v", err)
 		return nil, err
 	}
 	return conn, nil
diff --git a/cmd/traceectl/pkg/client/diagnostic.go b/cmd/traceectl/pkg/client/diagnostic.go
index 915523e61663..c6dee2f400c9 100644
--- a/cmd/traceectl/pkg/client/diagnostic.go
+++ b/cmd/traceectl/pkg/client/diagnostic.go
@@ -2,7 +2,6 @@ package client
 
 import (
 	"context"
-	"log"
 
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
 	"google.golang.org/grpc"
@@ -25,7 +24,6 @@ func (tc *DiagnosticClient) NewDiagnosticClient(serverInfo ServerInfo) error {
 }
 func (tc *DiagnosticClient) CloseConnection() {
 	if err := tc.conn.Close(); err != nil {
-		log.Printf("Failed to close connection: %v", err)
 		return
 	}
 }
diff --git a/cmd/traceectl/pkg/client/service.go b/cmd/traceectl/pkg/client/service.go
index 7800b795206e..900f23ce5918 100644
--- a/cmd/traceectl/pkg/client/service.go
+++ b/cmd/traceectl/pkg/client/service.go
@@ -2,7 +2,6 @@ package client
 
 import (
 	"context"
-	"log"
 
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
 	"google.golang.org/grpc"
@@ -25,7 +24,6 @@ func (tc *ServiceClient) NewServiceClient(serverInfo ServerInfo) error {
 }
 func (tc *ServiceClient) CloseConnection() {
 	if err := tc.conn.Close(); err != nil {
-		log.Printf("Failed to close connection: %v", err)
 		return
 	}
 }

From 1d8be550fca9439550fd56a667104a9a4ee89e63 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 5 Dec 2024 12:05:30 +0000
Subject: [PATCH 39/45] fix flag pkg

---
 cmd/traceectl/pkg/cmd/flags/output.go | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/cmd/traceectl/pkg/cmd/flags/output.go b/cmd/traceectl/pkg/cmd/flags/output.go
index 47abc4e451a7..193fec0fb787 100644
--- a/cmd/traceectl/pkg/cmd/flags/output.go
+++ b/cmd/traceectl/pkg/cmd/flags/output.go
@@ -10,27 +10,24 @@ import (
 )
 
 func PrepareOutput(cmd *cobra.Command, output string) error {
-	if (output != "") && (output != "stdout") {
-		/// Validate the file path
-		if output == "" || strings.TrimSpace(output) == "" {
+	if output != "" && output != "stdout" {
+		if strings.TrimSpace(output) == "" {
 			return fmt.Errorf("output file path is empty or invalid")
 		}
 
-		// Ensure parent directories exist
 		dir := filepath.Dir(output)
 		if err := os.MkdirAll(dir, 0755); err != nil {
 			return fmt.Errorf("failed to create directories for output file: %v", err)
 		}
 
-		// Create or open the file
-		file, err := os.Create(output)
+		file, err := os.OpenFile(output, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
 		if err != nil {
 			return fmt.Errorf("failed to open output file: %v", err)
 		}
 
 		cmd.SetOut(file)
 		cmd.SetErr(file)
-		// Make sure to close the file after execution
+		// Close the file after execution
 		cmd.PersistentPostRun = func(cmd *cobra.Command, args []string) {
 			file.Close()
 		}

From 57347ac2c6dc14bb678490aa35abf6466cab5c0a Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 5 Dec 2024 12:07:20 +0000
Subject: [PATCH 40/45] tidy formmatter pkg

---
 cmd/traceectl/pkg/cmd/formatter/formatter.go  | 50 +++++++++++++++++++
 cmd/traceectl/pkg/cmd/formatter/jsonFormat.go |  5 --
 .../pkg/cmd/formatter/tableFormat.go          | 47 -----------------
 3 files changed, 50 insertions(+), 52 deletions(-)
 delete mode 100644 cmd/traceectl/pkg/cmd/formatter/jsonFormat.go
 delete mode 100644 cmd/traceectl/pkg/cmd/formatter/tableFormat.go

diff --git a/cmd/traceectl/pkg/cmd/formatter/formatter.go b/cmd/traceectl/pkg/cmd/formatter/formatter.go
index 55222f13e3a8..77e7ad8137e7 100644
--- a/cmd/traceectl/pkg/cmd/formatter/formatter.go
+++ b/cmd/traceectl/pkg/cmd/formatter/formatter.go
@@ -43,3 +43,53 @@ func NewFormatter(format string, cmd *cobra.Command) (*Formatter, error) {
 func (f *Formatter) GetFormat() string {
 	return f.format
 }
+
+// PrintTableHeaders prints table headers with padding based on their length.
+func (f *Formatter) PrintTableHeaders(headers []string) {
+	switch len(headers) {
+	case 4:
+		f.cmd.Printf("%-20s %-15s %-15s %-20s\n",
+			headers[0],
+			headers[1],
+			headers[2],
+			headers[3],
+		)
+	case 5:
+		f.cmd.Printf("%-15s %-10s %-20s %-15s %-10s\n",
+			headers[0],
+			headers[1],
+			headers[2],
+			headers[3],
+			headers[4],
+		)
+	default:
+		f.cmd.Println("Error: Unsupported number of headers.")
+	}
+}
+
+// PrintTableRow prints a single row with padding matching the header format.
+func (f *Formatter) PrintTableRow(row []string) {
+	switch len(row) {
+	case 4:
+		f.cmd.Printf("%-20s %-15s %-15s %-20s\n",
+			row[0],
+			row[1],
+			row[2],
+			row[3],
+		)
+	case 5:
+		f.cmd.Printf("%-15s %-10s %-20s %-15s %-10s\n",
+			row[0],
+			row[1],
+			row[2],
+			row[3],
+			row[4],
+		)
+	default:
+		f.cmd.Println("Error: Unsupported number of columns in row.")
+	}
+}
+
+func (f *Formatter) PrintJson(data interface{}) {
+	f.cmd.Println(data)
+}
diff --git a/cmd/traceectl/pkg/cmd/formatter/jsonFormat.go b/cmd/traceectl/pkg/cmd/formatter/jsonFormat.go
deleted file mode 100644
index 9ed64845ed9e..000000000000
--- a/cmd/traceectl/pkg/cmd/formatter/jsonFormat.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package formatter
-
-func (f *Formatter) PrintJson(response string) {
-	f.cmd.Printf(response)
-}
diff --git a/cmd/traceectl/pkg/cmd/formatter/tableFormat.go b/cmd/traceectl/pkg/cmd/formatter/tableFormat.go
deleted file mode 100644
index ef04c88efc1f..000000000000
--- a/cmd/traceectl/pkg/cmd/formatter/tableFormat.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package formatter
-
-// PrintTableHeaders prints table headers with padding based on their length.
-func (f *Formatter) PrintTableHeaders(headers []string) {
-	switch len(headers) {
-	case 4:
-		f.cmd.Printf("%-20s %-15s %-15s %-20s\n",
-			headers[0],
-			headers[1],
-			headers[2],
-			headers[3],
-		)
-	case 5:
-		f.cmd.Printf("%-15s %-10s %-20s %-15s %-10s\n",
-			headers[0],
-			headers[1],
-			headers[2],
-			headers[3],
-			headers[4],
-		)
-	default:
-		f.cmd.Println("Error: Unsupported number of headers.")
-	}
-}
-
-// PrintTableRow prints a single row with padding matching the header format.
-func (f *Formatter) PrintTableRow(row []string) {
-	switch len(row) {
-	case 4:
-		f.cmd.Printf("%-20s %-15s %-15s %-20s\n",
-			row[0],
-			row[1],
-			row[2],
-			row[3],
-		)
-	case 5:
-		f.cmd.Printf("%-15s %-10s %-20s %-15s %-10s\n",
-			row[0],
-			row[1],
-			row[2],
-			row[3],
-			row[4],
-		)
-	default:
-		f.cmd.Println("Error: Unsupported number of columns in row.")
-	}
-}

From 3adbf181442903686cea6527c3ccc7151566ba78 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 5 Dec 2024 12:12:35 +0000
Subject: [PATCH 41/45] fix event command code

---
 cmd/traceectl/cmd/event.go | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index f8ca2369c597..126fd56c90d9 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -3,6 +3,7 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"strings"
 
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
@@ -52,7 +53,7 @@ var listEventCmd = &cobra.Command{
 	Long:  `Lists all available event definitions (built-in and plugin-defined), providing a brief summary of each.`,
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
-		listEvents(cmd)
+		listEvents(cmd, args)
 	},
 }
 var describeEventCmd = &cobra.Command{
@@ -84,8 +85,8 @@ var disableEventCmd = &cobra.Command{
 }
 
 func listEvents(cmd *cobra.Command, args []string) {
-	traceeClient, err := client.NewServiceClient(server) 
-	if err != nil {
+	var traceeClient client.ServiceClient
+	if err := traceeClient.NewServiceClient(server); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -103,7 +104,7 @@ func listEvents(cmd *cobra.Command, args []string) {
 	}
 	switch format.GetFormat() {
 	case formatter.FormatJson:
-		format.PrintJson(response.String())
+		format.PrintJson(response)
 	case formatter.FormatTable:
 		format.PrintTableHeaders([]string{"ID", "Name", "Version", "Tags"})
 		for _, event := range response.Definitions {
@@ -117,8 +118,8 @@ func listEvents(cmd *cobra.Command, args []string) {
 }
 
 func getEventDescriptions(cmd *cobra.Command, args []string) {
-	traceeClient, err := client.NewServiceClient(server)
-	if err != nil {
+	var traceeClient client.ServiceClient
+	if err := traceeClient.NewServiceClient(server); err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -137,7 +138,7 @@ func getEventDescriptions(cmd *cobra.Command, args []string) {
 	}
 	switch format.GetFormat() {
 	case formatter.FormatJson:
-		format.PrintJson(response.String())
+		format.PrintJson(response)
 	case formatter.FormatTable:
 		format.PrintTableHeaders([]string{"ID", "Name", "Version", "Tags", "Description"})
 		for _, event := range response.Definitions {
@@ -151,7 +152,7 @@ func getEventDescriptions(cmd *cobra.Command, args []string) {
 }
 func prepareDescription(event *pb.EventDefinition) []string {
 	return []string{
-		fmt.Sprintf("%d", event.Id),
+		strconv.Itoa(int(event.Id)),
 		event.Name,
 		fmt.Sprintf("%d.%d.%d", event.Version.Major, event.Version.Minor, event.Version.Patch),
 		strings.Join(event.Tags, ", "),
@@ -165,6 +166,8 @@ func enableEvents(cmd *cobra.Command, eventName string) {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
+	defer traceeClient.CloseConnection()
+
 	_, err := traceeClient.EnableEvent(context.Background(), &pb.EnableEventRequest{Name: eventName})
 	if err != nil {
 		cmd.PrintErrln("Error enabling event:", err)
@@ -178,6 +181,7 @@ func disableEvents(cmd *cobra.Command, eventName string) {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
+	defer traceeClient.CloseConnection()
 	_, err := traceeClient.DisableEvent(context.Background(), &pb.DisableEventRequest{Name: eventName})
 	if err != nil {
 		cmd.PrintErrln("Error disabling event:", err)

From b7a2978053afd6703b13f4b45402d3c3ae5a210c Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 5 Dec 2024 12:24:34 +0000
Subject: [PATCH 42/45] fix root command

---
 cmd/traceectl/cmd/root.go | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index f248166e7f93..07edf0de9d26 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"context"
+	"fmt"
 	"os"
 
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
@@ -23,9 +24,9 @@ var (
 var (
 	rootCmd = &cobra.Command{
 		Use:   "traceectl [flags] [command]",
-		Short: "TraceeCtl is a CLI tool for tracee",
-		Long: `TraceeCtl is a CLI toll for tracee:
-This tool allows you to mange event, stream events directly from tracee, and get info about tracee.
+		Short: "traceectl is a CLI tool for tracee",
+		Long: `traceectl is a CLI tool for tracee:
+This tool allows you to manage events, stream events directly from tracee, and get info about tracee.
 `,
 		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
 			var err error
@@ -67,7 +68,7 @@ var metricsCmd = &cobra.Command{
 var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Display the version of tracee",
-	Long:  "This is the version of tracee application you connected to",
+	Long:  "This is the version of the tracee application you connected to",
 	Run: func(cmd *cobra.Command, args []string) {
 		displayVersion(cmd, args)
 	},
@@ -92,15 +93,17 @@ func displayMetrics(cmd *cobra.Command, _ []string) {
 		cmd.PrintErrln("Error getting metrics: ", err)
 		return
 	}
-	cmd.Println("EventCount:", response.EventCount)
-	cmd.Println("EventsFiltered:", response.EventsFiltered)
-	cmd.Println("NetCapCount:", response.NetCapCount)
-	cmd.Println("BPFLogsCount:", response.BPFLogsCount)
-	cmd.Println("ErrorCount:", response.ErrorCount)
-	cmd.Println("LostEvCount:", response.LostEvCount)
-	cmd.Println("LostWrCount:", response.LostWrCount)
-	cmd.Println("LostNtCapCount:", response.LostNtCapCount)
-	cmd.Println("LostBPFLogsCount:", response.LostBPFLogsCount)
+
+	fmt.Fprintf(cmd.OutOrStdout(), "EventCount: %d\n", response.EventCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "EventsFiltered: %d\n", response.EventsFiltered)
+	fmt.Fprintf(cmd.OutOrStdout(), "NetCapCount: %d\n", response.NetCapCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "BPFLogsCount: %d\n", response.BPFLogsCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "ErrorCount: %d\n", response.ErrorCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "LostEvCount: %d\n", response.LostEvCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "LostWrCount: %d\n", response.LostWrCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "LostNtCapCount: %d\n", response.LostNtCapCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "LostBPFLogsCount: %d\n", response.LostBPFLogsCount)
+
 }
 
 func displayVersion(cmd *cobra.Command, _ []string) {
@@ -116,7 +119,6 @@ func displayVersion(cmd *cobra.Command, _ []string) {
 	if err != nil {
 		cmd.PrintErrln("Error getting version: ", err)
 		return
-	} else {
-		cmd.Println("Version: ", response.Version)
 	}
+	fmt.Fprintf(cmd.OutOrStdout(), "Version: %s\n", response.Version)
 }

From 30317edc2685db0d8b79f78234c285784a43829e Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Thu, 5 Dec 2024 12:29:20 +0000
Subject: [PATCH 43/45] fix stream code

---
 cmd/traceectl/cmd/stream.go | 33 +++++++++++++++++++++++----------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index b13df5c352c0..7a0d25383361 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -1,7 +1,10 @@
 package cmd
 
 import (
+	"errors"
 	"fmt"
+	"io"
+	"strconv"
 	"strings"
 
 	pb "github.com/aquasecurity/tracee/api/v1beta1"
@@ -14,7 +17,7 @@ var streamCmd = &cobra.Command{
 	Use:   "stream [policies...]",
 	Short: "Stream events from tracee",
 	Long: `Stream Management:
-stream event directly from tracee to the output preferred
+Stream events directly from tracee to the preferred output format.
 `,
 	Run: func(cmd *cobra.Command, args []string) {
 		streamEvents(cmd, args)
@@ -22,11 +25,10 @@ stream event directly from tracee to the output preferred
 }
 
 func init() {
-	streamCmd.Flags().StringVarP(&formatFlag, "format", "f", formatter.FormatTable, "Output format (json|table)")
+	streamCmd.Flags().StringVarP(&formatFlag, "format", "f", formatter.FormatTable, "Specify the output format for streamed events (json|table). Defaults to table.")
 }
 
 func streamEvents(cmd *cobra.Command, args []string) {
-	//connect to tracee
 	var traceeClient client.ServiceClient
 	err := traceeClient.NewServiceClient(server)
 	if err != nil {
@@ -54,12 +56,12 @@ func streamEvents(cmd *cobra.Command, args []string) {
 			res, err := stream.Recv()
 			if err != nil {
 				//End of stream\close connection
-				if err.Error() == "EOF" {
+				if errors.Is(err, io.EOF) {
 					break
 				}
 				cmd.PrintErrln("Error receiving streamed event")
 			}
-			format.PrintJson(res.Event.String())
+			format.PrintJson(res.Event)
 		}
 	case formatter.FormatTable:
 		format.PrintTableHeaders([]string{"TIME", "EVENT NAME", "POLICIES", "PID", "DATA"})
@@ -67,7 +69,7 @@ func streamEvents(cmd *cobra.Command, args []string) {
 			res, err := stream.Recv()
 			if err != nil {
 				//End of stream\close connection
-				if err.Error() == "EOF" {
+				if errors.Is(err, io.EOF) {
 					break
 				}
 				cmd.PrintErrln("Error receiving streamed event")
@@ -84,7 +86,7 @@ func prepareEvent(event *pb.Event) []string {
 		event.Timestamp.AsTime().Format("15:04:05.000"),
 		event.Name,
 		strings.Join(event.Policies.Matched, ","),
-		fmt.Sprintf("%d", event.Context.Process.Pid.Value),
+		strconv.Itoa(int(event.Context.Process.Pid.Value)),
 		getEventData(event.Data),
 	}
 
@@ -114,13 +116,24 @@ func getEventValue(ev *pb.EventValue) string {
 	case *pb.EventValue_Bytes:
 		return fmt.Sprintf("%x", v.Bytes)
 	case *pb.EventValue_Bool:
-		return fmt.Sprintf("%t", v.Bool)
+		if v.Bool {
+			return "true"
+		}
+		return "false"
 	case *pb.EventValue_StrArray:
 		return strings.Join(v.StrArray.Value, ", ")
 	case *pb.EventValue_Int32Array:
-		return fmt.Sprintf("%v", v.Int32Array.Value)
+		var result []string
+		for _, val := range v.Int32Array.Value {
+			result = append(result, strconv.Itoa(int(val)))
+		}
+		return strings.Join(result, ", ")
 	case *pb.EventValue_UInt64Array:
-		return fmt.Sprintf("%v", v.UInt64Array.Value)
+		var result []string
+		for _, val := range v.UInt64Array.Value {
+			result = append(result, strconv.Itoa(int(val)))
+		}
+		return strings.Join(result, ", ")
 	default:
 		return "unknown"
 	}

From 2159616bb9967d25bf9cd5765b4fd99a2b70fcc1 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Sun, 8 Dec 2024 11:42:25 +0000
Subject: [PATCH 44/45] resolve client creation code

---
 cmd/traceectl/cmd/event.go             | 20 ++++++++++----------
 cmd/traceectl/cmd/root.go              |  8 ++++----
 cmd/traceectl/cmd/stream.go            |  3 +--
 cmd/traceectl/pkg/client/diagnostic.go | 12 ++++++------
 cmd/traceectl/pkg/client/service.go    | 12 ++++++------
 5 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
index 126fd56c90d9..c4abe945d913 100644
--- a/cmd/traceectl/cmd/event.go
+++ b/cmd/traceectl/cmd/event.go
@@ -85,8 +85,8 @@ var disableEventCmd = &cobra.Command{
 }
 
 func listEvents(cmd *cobra.Command, args []string) {
-	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(server); err != nil {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -118,8 +118,8 @@ func listEvents(cmd *cobra.Command, args []string) {
 }
 
 func getEventDescriptions(cmd *cobra.Command, args []string) {
-	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(server); err != nil {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -161,14 +161,14 @@ func prepareDescription(event *pb.EventDefinition) []string {
 
 }
 func enableEvents(cmd *cobra.Command, eventName string) {
-	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(server); err != nil {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
 	defer traceeClient.CloseConnection()
 
-	_, err := traceeClient.EnableEvent(context.Background(), &pb.EnableEventRequest{Name: eventName})
+	_, err = traceeClient.EnableEvent(context.Background(), &pb.EnableEventRequest{Name: eventName})
 	if err != nil {
 		cmd.PrintErrln("Error enabling event:", err)
 		return
@@ -176,13 +176,13 @@ func enableEvents(cmd *cobra.Command, eventName string) {
 	cmd.Printf("Enabled event: %s\n", eventName)
 }
 func disableEvents(cmd *cobra.Command, eventName string) {
-	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(server); err != nil {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
 	defer traceeClient.CloseConnection()
-	_, err := traceeClient.DisableEvent(context.Background(), &pb.DisableEventRequest{Name: eventName})
+	_, err = traceeClient.DisableEvent(context.Background(), &pb.DisableEventRequest{Name: eventName})
 	if err != nil {
 		cmd.PrintErrln("Error disabling event:", err)
 		return
diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
index 07edf0de9d26..072f70583acd 100644
--- a/cmd/traceectl/cmd/root.go
+++ b/cmd/traceectl/cmd/root.go
@@ -81,8 +81,8 @@ func Execute() {
 }
 
 func displayMetrics(cmd *cobra.Command, _ []string) {
-	var traceeClient client.DiagnosticClient
-	if err := traceeClient.NewDiagnosticClient(server); err != nil {
+	traceeClient, err := client.NewDiagnosticClient(server)
+	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
@@ -107,8 +107,8 @@ func displayMetrics(cmd *cobra.Command, _ []string) {
 }
 
 func displayVersion(cmd *cobra.Command, _ []string) {
-	var traceeClient client.ServiceClient
-	if err := traceeClient.NewServiceClient(server); err != nil {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
 	}
diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go
index 7a0d25383361..0b9f8b3fd42d 100644
--- a/cmd/traceectl/cmd/stream.go
+++ b/cmd/traceectl/cmd/stream.go
@@ -29,8 +29,7 @@ func init() {
 }
 
 func streamEvents(cmd *cobra.Command, args []string) {
-	var traceeClient client.ServiceClient
-	err := traceeClient.NewServiceClient(server)
+	traceeClient, err := client.NewServiceClient(server)
 	if err != nil {
 		cmd.PrintErrln("Error creating client: ", err)
 		return
diff --git a/cmd/traceectl/pkg/client/diagnostic.go b/cmd/traceectl/pkg/client/diagnostic.go
index c6dee2f400c9..c62d80778fb7 100644
--- a/cmd/traceectl/pkg/client/diagnostic.go
+++ b/cmd/traceectl/pkg/client/diagnostic.go
@@ -12,15 +12,15 @@ type DiagnosticClient struct {
 	client pb.DiagnosticServiceClient
 }
 
-func (tc *DiagnosticClient) NewDiagnosticClient(serverInfo ServerInfo) error {
+func NewDiagnosticClient(serverInfo ServerInfo) (*DiagnosticClient, error) {
 	conn, err := connectToServer(serverInfo)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	tc.conn = conn
-	tc.client = pb.NewDiagnosticServiceClient(conn)
-
-	return nil
+	return &DiagnosticClient{
+		conn:   conn,
+		client: pb.NewDiagnosticServiceClient(conn),
+	}, nil
 }
 func (tc *DiagnosticClient) CloseConnection() {
 	if err := tc.conn.Close(); err != nil {
diff --git a/cmd/traceectl/pkg/client/service.go b/cmd/traceectl/pkg/client/service.go
index 900f23ce5918..0e6c46a184d6 100644
--- a/cmd/traceectl/pkg/client/service.go
+++ b/cmd/traceectl/pkg/client/service.go
@@ -12,15 +12,15 @@ type ServiceClient struct {
 	client pb.TraceeServiceClient
 }
 
-func (tc *ServiceClient) NewServiceClient(serverInfo ServerInfo) error {
+func NewServiceClient(serverInfo ServerInfo) (*ServiceClient, error) {
 	conn, err := connectToServer(serverInfo)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	tc.conn = conn
-	tc.client = pb.NewTraceeServiceClient(conn)
-
-	return nil
+	return &ServiceClient{
+		conn:   conn,
+		client: pb.NewTraceeServiceClient(conn),
+	}, nil
 }
 func (tc *ServiceClient) CloseConnection() {
 	if err := tc.conn.Close(); err != nil {

From b97a6ab1a08e66be9bf631196eb4334988dc6e19 Mon Sep 17 00:00:00 2001
From: ShohamBit <shohambit@gmail.com>
Date: Sun, 8 Dec 2024 11:50:11 +0000
Subject: [PATCH 45/45] made changes to the docs of traceectl

---
 docs/docs/traceectl/commands/event.md   |  4 ++--
 docs/docs/traceectl/commands/metrics.md |  4 ++--
 docs/docs/traceectl/commands/stream.md  |  4 ++--
 docs/docs/traceectl/commands/version.md |  2 +-
 docs/docs/traceectl/flags/server.md     |  4 ++--
 docs/docs/traceectl/index.md            |  6 +++---
 docs/docs/traceectl/usage.md            | 28 ++++++++++++-------------
 7 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/docs/docs/traceectl/commands/event.md b/docs/docs/traceectl/commands/event.md
index 247b3643edfa..a566728ff2bf 100644
--- a/docs/docs/traceectl/commands/event.md
+++ b/docs/docs/traceectl/commands/event.md
@@ -1,6 +1,6 @@
 # Event Command Usage
 
-The `event` command in **TraceeCtl** is used for managing events within Tracee. It allows you to list, describe, enable, and disable various event types that Tracee can capture. Below is the usage guide for the `event` command and its subcommands.
+The `event` command in **traceectl** is used for managing events within Tracee. It allows you to list, describe, enable, and disable various event types that Tracee can capture. Below is the usage guide for the `event` command and its subcommands.
 
 ## Usage
 
@@ -80,4 +80,4 @@ traceectl event [subcommand] [flags]
 
 ## Summary
 
-The `event` command in TraceeCtl is a powerful tool for managing Tracee's event capabilities. Use the `list`, `describe`, `enable`, and `disable` subcommands to gain detailed insight and control over the events Tracee monitors.
+The `event` command in traceectl is a powerful tool for managing Tracee's event capabilities. Use the `list`, `describe`, `enable`, and `disable` subcommands to gain detailed insight and control over the events Tracee monitors.
diff --git a/docs/docs/traceectl/commands/metrics.md b/docs/docs/traceectl/commands/metrics.md
index e95e5d974bc9..cd46206bb65e 100644
--- a/docs/docs/traceectl/commands/metrics.md
+++ b/docs/docs/traceectl/commands/metrics.md
@@ -1,6 +1,6 @@
 # Metrics Command Usage
 
-The `metrics` command in **TraceeCtl** provides information about Tracee's performance and resource usage metrics. This command is helpful for monitoring how Tracee is functioning in real-time.
+The `metrics` command in **traceectl** provides information about Tracee's performance and resource usage metrics. This command is helpful for monitoring how Tracee is functioning in real-time.
 
 ## Usage
 
@@ -20,4 +20,4 @@ traceectl metrics
 
 ## Summary
 
-The `metrics` command in TraceeCtl allows users to obtain insights into Tracee's operational metrics, including event counts and resource usage. The command supports a table output format to suit different reporting needs.
+The `metrics` command displays tracee's performance and resource usage metrics. Use this command to monitor Tracee's operational status.
diff --git a/docs/docs/traceectl/commands/stream.md b/docs/docs/traceectl/commands/stream.md
index 6ac7c1c946cf..9f00ecf31357 100644
--- a/docs/docs/traceectl/commands/stream.md
+++ b/docs/docs/traceectl/commands/stream.md
@@ -1,6 +1,6 @@
 # Stream Command Usage
 
-The `stream` command in **TraceeCtl** allows users to stream events directly from Tracee in real time. This command provides flexible output formats for better integration and readability.
+The `stream` command in **traceectl** allows users to stream events directly from Tracee in real time. This command provides flexible output formats for better integration and readability.
 
 ## Usage
 
@@ -32,4 +32,4 @@ traceectl stream [policies...] [flags]
 
 ## Summary
 
-The `stream` command in TraceeCtl is a useful tool for monitoring Tracee events in real time, with options for JSON or table output. Use this command to keep track of activities and ensure comprehensive observability for your system.
+The `stream` command provides a real-time feed of Tracee events, allowing you to monitor system activity as it happens.
diff --git a/docs/docs/traceectl/commands/version.md b/docs/docs/traceectl/commands/version.md
index e6d058534c1d..c360948f8a74 100644
--- a/docs/docs/traceectl/commands/version.md
+++ b/docs/docs/traceectl/commands/version.md
@@ -12,7 +12,7 @@ traceectl version
 
 This command will output details such as:
 
-- **Version Number**: The current version of TraceeCtl.
+- **Version Number**: The current version of traceectl.
 - **Commit Hash**: The Git commit hash associated with the current build (if applicable).
 
 ### Example Output
diff --git a/docs/docs/traceectl/flags/server.md b/docs/docs/traceectl/flags/server.md
index 896d538019d5..d11c6a72153f 100644
--- a/docs/docs/traceectl/flags/server.md
+++ b/docs/docs/traceectl/flags/server.md
@@ -1,6 +1,6 @@
 # `server` Flag
 
-The `--server` flag in **traceectl** is used to specify the connection type that TraceeCtl should use to communicate with the Tracee server. This connection type can be either **Unix socket** or **TCP**.
+The `--server` flag in **traceectl** is used to specify the connection type that traceectl should use to communicate with the Tracee server. This connection type can be either **Unix socket** or **TCP**.
 
 - **Unix Socket**: This type of connection is generally used for local inter-process communication. It provides a secure and efficient means to connect to Tracee when both client and server are on the same machine.
   
@@ -12,7 +12,7 @@ The `--server` flag in **traceectl** is used to specify the connection type that
 
   In this example, `unix:/unix/socket/path.sock` is the Unix socket path where the Tracee server is listening. Using Unix sockets is beneficial for security and performance since it avoids the overhead associated with network communication.
 
-- **TCP**: This type of connection allows TraceeCtl to communicate with the Tracee server over a network. It is useful when TraceeCtl and Tracee are running on different machines or when you need to connect to a remote Tracee instance.
+- **TCP**: This type of connection allows traceectl to communicate with the Tracee server over a network. It is useful when traceectl and Tracee are running on different machines or when you need to connect to a remote Tracee instance.
   
   Example:
 
diff --git a/docs/docs/traceectl/index.md b/docs/docs/traceectl/index.md
index 750dcd90f627..02a830ca86be 100644
--- a/docs/docs/traceectl/index.md
+++ b/docs/docs/traceectl/index.md
@@ -1,6 +1,6 @@
-# TraceeCtl - Client Service for Tracee
+# traceectl - Client Service for Tracee
 
-**traceectl** is a command-line interface (CLI) tool designed as a client service for [Tracee](https://github.com/aquasecurity/tracee), Aqua Security's open-source runtime security solution. Tracee provides real-time, powerful observability for Linux environments by monitoring system calls, events, and more. TraceeCtl is built to simplify interactions with Tracee, making it easier for users to manage, monitor, and gather security insights.
+**traceectl** is a command-line interface (CLI) tool designed as a client service for [Tracee](https://github.com/aquasecurity/tracee), Aqua Security's open-source runtime security solution. Tracee provides real-time, powerful observability for Linux environments by monitoring system calls, events, and more. traceectl is built to simplify interactions with Tracee, making it easier for users to manage, monitor, and gather security insights.
 
 ## Overview
 
@@ -12,4 +12,4 @@ traceectl acts as a controller for Tracee, allowing users to:
 
 ## Installation and Usage
 
-To get started with TraceeCtl, go over the [Installation and Usage page](./usage.md)
+To get started with traceectl, go over the [Installation and Usage page](./usage.md)
diff --git a/docs/docs/traceectl/usage.md b/docs/docs/traceectl/usage.md
index 010abca64a84..006838f41ea8 100644
--- a/docs/docs/traceectl/usage.md
+++ b/docs/docs/traceectl/usage.md
@@ -1,8 +1,8 @@
-# TraceeCtl Installation and Usage Guide
+# traceectl Installation and Usage Guide
 
 ## Installation
 
-To use **TraceeCtl**, you first need to compile and install the tool. Follow these steps to get started:
+To use **traceectl**, you first need to compile and install the tool. Follow these steps to get started:
 
 ### 1. **Clone the Repository**
 
@@ -15,15 +15,15 @@ To use **TraceeCtl**, you first need to compile and install the tool. Follow the
 
 ### 2. **Build and Install**
 
-   Compile and install TraceeCtl using the following commands:
+   Compile and install traceectl using the following commands:
 
    ``` bash
    go build
    ```
 
-## Configuring Tracee for TraceeCtl
+## Configuring Tracee for traceectl
 
-To use TraceeCtl effectively, you need to configure Tracee so that it can communicate with TraceeCtl over a Unix socket. This can be done by running Tracee with the correct gRPC settings:
+To use traceectl effectively, you need to configure Tracee so that it can communicate with traceectl over a Unix socket. This can be done by running Tracee with the correct gRPC settings:
 
 ### 1. **Run Tracee with gRPC Unix Socket**
 
@@ -33,7 +33,7 @@ Use the following command to start Tracee with gRPC support over a Unix socket:
 tracee --grpc-listen-addr unix:/var/run/tracee.sock
 ```
 
-This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`). Ensure that this socket path is accessible and not blocked by permissions or other constraints.
+This command sets up Tracee to listen for incoming connections from traceectl at the specified Unix socket path (`/var/run/tracee.sock`). Ensure that this socket path is accessible and not blocked by permissions or other constraints.
 
 ### 2. **Output Flag Configuration**
 
@@ -46,16 +46,16 @@ tracee --output none
 #### Why Use `--output none`?
 
 - **Reduced Bandwidth Usage:** By suppressing output, you can minimize the data transferred over the Unix socket, which is especially helpful in environments with limited resources.
-- **Lower Latency:** With no data formatting or transmission overhead, the interaction between TraceeCtl and Tracee becomes faster.
+- **Lower Latency:** With no data formatting or transmission overhead, the interaction between traceectl and Tracee becomes faster.
 
-Use this mode for performance testing, silent monitoring, or when integrating TraceeCtl with other systems that handle data processing separately.
+Use this mode for performance testing, silent monitoring, or when integrating traceectl with other systems that handle data processing separately.
 
-This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`).
+This command sets up Tracee to listen for incoming connections from traceectl at the specified Unix socket path (`/var/run/tracee.sock`).
 Ensure that this socket path is accessible and not blocked by permissions or other constraints.
 
 ## Usage
 
-Once TraceeCtl is installed and Tracee is running, you can use various commands to interact with Tracee. Below are the main commands provided by TraceeCtl:
+Once traceectl is installed and Tracee is running, you can use various commands to interact with Tracee. Below are the main commands provided by traceectl:
 
 - Stream Events: traceectl stream
 
@@ -65,7 +65,7 @@ Once TraceeCtl is installed and Tracee is running, you can use various commands
 
 - Check Version: traceectl version
 
-For more info about the TraceeCtl command please refer to the appoint command documentation
+For more info about the traceectl command please refer to the appoint command documentation
 
 ## Flags
   
@@ -81,10 +81,10 @@ For more info about the TraceeCtl command please refer to the appoint command do
   traceectl stream --output file:/path/to/output.txt
   ```
 
-For more info about the TraceeCtl flags please refer to the appoint flag documentation
+For more info about the traceectl flags please refer to the appoint flag documentation
 
 ## Summary
 
-- **Install TraceeCtl** by cloning the repository, building, and installing it with `make`.
+- **Install traceectl** by cloning the repository, building, and installing it with `make`.
 - **Configure Tracee** by running it with the appropriate gRPC Unix socket settings.
-- **Use TraceeCtl** to interact with Tracee via commands like `stream`, `event`, `metrics`, and `version`.
+- **Use traceectl** to interact with Tracee via commands like `stream`, `event`, `metrics`, and `version`.