Documentation menu
Configuration
The optional config file • location, precedence, every key, and the protected-process list.
Kickoutchi runs fine with no config file at all. When you want different defaults, drop a small TOML file in place.
Location
By default Kickoutchi looks in your platform config directory:
| Platform | Path |
|---|---|
| Linux | $XDG_CONFIG_HOME/kickoutchi/config.toml (usually ~/.config/kickoutchi/config.toml) |
| macOS | ~/Library/Application Support/kickoutchi/config.toml |
| Windows | %APPDATA%\kickoutchi\config.toml |
Point at a different file with the global --config FILE flag.
Precedence
Settings have layers, like any self-respecting swamp: built-in defaults at the bottom, then the config
file, then CLI flags on top. Most keys override their default; protected_processes extends
it (see below).
Keys
Every key is optional. Anything you leave out keeps its default.
| Key | Type | Default | Meaning |
|---|---|---|---|
refresh_interval_seconds |
integer (1–3600) | 3 |
How often the TUI re-collects ports. |
default_sort |
string | "port" |
Default sort for the CLI and TUI. One of port, pid, protocol, process, parent, scope. |
hide_system_processes |
boolean | false |
Hide conservative system/service rows from the default view. |
confirm_force_kill |
boolean | true |
Require the typed force confirmation for force kills (when --yes is absent). |
protected_processes |
string[] | (see below) | Extra process names that require stronger confirmation. Added to the built-in list. |
Example
refresh_interval_seconds = 5
default_sort = "scope"
hide_system_processes = true
confirm_force_kill = true
protected_processes = ["redis", "mysqld"]Protected processes
protected_processes is additive: your names are added on top of the built-in safety set, never
instead of it. Adding redis can’t accidentally strip protection from systemd or postgres.
Matching is exact • case-sensitive on Linux/macOS, case-insensitive on Windows • and never a
substring, so postgres-backup-helper doesn’t inherit postgres’s protection. Linux also accepts
the kernel’s 15-byte /proc/<pid>/comm truncation for longer protected names when that is the only
process name available.
The built-in list covers load-bearing processes whose accidental termination takes your containers, database, init system, or desktop with them:
docker, docker.exe, dockerd, dockerd.exe, docker-proxy, docker-proxy.exe,
Docker Desktop.exe, com.docker.backend, com.docker.backend.exe, postgres,
postgres.exe, systemd, System, smss.exe, csrss.exe, wininit.exe, services.exe,
lsass.exe, svchost.exe, winlogon.exe, explorer.exe, dwm.exe, WindowServer
The list is capped at 256 entries and rejects empty names. See Safety for what “protected” actually changes at kill time.
Hiding system processes
With hide_system_processes = true, the default view drops conservative system/service rows: PID 0
and 1, direct children of PID 1, and a short list of well-known OS process names (plus PID ≤ 4 and
children of services.exe on Windows). It’s deliberately cautious • a protected app like
postgres is not treated as a system process just because it’s protected; those are two
different ideas.