omar/MosisService
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move docs to docs/ folder, merge architecture files, update references

Browse Source
This commit is contained in:
omigamedev
2026-01-19 09:02:11 +01:00
parent 1b34b0e974
commit 010e11cf6b
68 changed files with 1741 additions and 1350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

986
docs/SANDBOX_MILESTONES.md Normal file
View File

@@ -0,0 +1,986 @@
# Sandbox Implementation Milestones
Based on SANDBOX.md design document. Implementation order optimized for dependencies.
---
## Milestone 1: Core Sandbox Foundation ✅
**Status**: Complete
**Goal**: Create isolated Lua environments with resource limits.
**Estimated Files**: 3 new files
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| LuaSandbox class | `src/main/cpp/sandbox/lua_sandbox.h` | Main sandbox container |
| Custom allocator | `src/main/cpp/sandbox/lua_sandbox.cpp` | Per-app memory tracking/limits |
| Instruction hook | `src/main/cpp/sandbox/lua_sandbox.cpp` | CPU limit enforcement |
| Globals removal | `src/main/cpp/sandbox/lua_sandbox.cpp` | Remove os, io, debug, etc. |
| Bytecode prevention | `src/main/cpp/sandbox/lua_sandbox.cpp` | Text-only loading mode |
| Metatable protection | `src/main/cpp/sandbox/lua_sandbox.cpp` | Freeze _G and string metatable |
### Implementation Tasks
1. Create `LuaSandbox` class with:
- `lua_State* m_L` - isolated state
- `SandboxLimits m_limits` - memory/CPU/stack limits
- `SandboxContext m_context` - app_id, permissions, etc.
- Custom allocator that tracks `m_memory_used`
2. Implement `RemoveDangerousGlobals()`:
- Remove: `os`, `io`, `debug`, `package`, `require`, `ffi`, `jit`
- Remove: `dofile`, `loadfile`, `load`, `loadstring`
- Remove: `rawget`, `rawset`, `rawequal`, `rawlen`
- Remove: `collectgarbage`, `newproxy`
- Remove: `string.dump`
3. Implement instruction hook:
- `lua_sethook(L, InstructionHook, LUA_MASKCOUNT, 1000)`
- Throw error when limit exceeded
4. Implement `ProtectBuiltinTables()`:
- Set `__metatable` on string metatable
- Freeze `_G` with `__newindex` error
### Dependencies
- Lua library already linked (via RmlUi)
### Test Criteria
```cpp
TEST(LuaSandbox, DangerousGlobalsRemoved);
TEST(LuaSandbox, BytecodeRejected);
TEST(LuaSandbox, MemoryLimitEnforced);
TEST(LuaSandbox, CPULimitEnforced);
TEST(LuaSandbox, MetatableProtected);
```
---
## Milestone 2: Permission System ✅
**Status**: Complete
**Goal**: Gate API access based on app permissions.
**Estimated Files**: 2 new files
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| PermissionGate | `src/main/cpp/sandbox/permission_gate.h` | Permission checking |
| User gesture tracking | `src/main/cpp/sandbox/permission_gate.cpp` | Recent tap/click detection |
| Permission categories | `src/main/cpp/sandbox/permission_gate.cpp` | Normal/Dangerous/Signature |
### Implementation Tasks
1. Define permission categories:
```cpp
enum class PermissionCategory { Normal, Dangerous, Signature };
```
2. Create `PermissionGate` class:
- `bool Check(lua_State* L, const std::string& permission)`
- `int RequirePermission(lua_State* L, const char* perm)` - throws Lua error
3. Implement user gesture tracking:
- `void RecordUserGesture()` - called on touch down
- `bool HasRecentUserGesture(int ms)` - check within time window
4. Define permission manifest parsing:
- Read `manifest.json` from app package
- Extract `permissions` array
### Dependencies
- Milestone 1 (LuaSandbox)
### Test Criteria
```cpp
TEST(PermissionGate, NormalPermissionAutoGranted);
TEST(PermissionGate, DangerousPermissionRequiresGrant);
TEST(PermissionGate, SignaturePermissionSystemOnly);
TEST(PermissionGate, UserGestureRequired);
```
---
## Milestone 3: Audit Logging & Rate Limiting ✅
**Status**: Complete
**Goal**: Track security events and prevent API abuse.
**Estimated Files**: 2 new files
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| AuditLog | `src/main/cpp/sandbox/audit_log.h/cpp` | Security event logging |
| RateLimiter | `src/main/cpp/sandbox/rate_limiter.h/cpp` | Token bucket rate limiting |
### Implementation Tasks
1. Create `AuditLog` class:
```cpp
enum class AuditEvent {
AppStart, AppStop, PermissionCheck, PermissionDenied,
NetworkRequest, FileAccess, SandboxViolation, ResourceLimitHit
};
```
2. Implement thread-safe logging:
- Ring buffer with max entries
- Log critical events to Android logcat
3. Create `RateLimiter` class:
- Token bucket algorithm
- Per-operation limits: `network.request`, `storage.write`, etc.
- `bool Check(const std::string& app_id, const std::string& operation)`
### Dependencies
- Milestone 1 (LuaSandbox)
### Test Criteria
```cpp
TEST(AuditLog, LogsSecurityEvents);
TEST(AuditLog, ThreadSafe);
TEST(RateLimiter, EnforcesLimits);
TEST(RateLimiter, RefillsOverTime);
```
---
## Milestone 4: Safe Path & Require ✅
**Status**: Complete
**Goal**: Secure file access within app sandbox.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| Path validation | `src/main/cpp/sandbox/path_sandbox.h/cpp` | Canonical path checking |
| Safe require | `src/main/cpp/sandbox/path_sandbox.cpp` | Module loader from app/scripts/ |
### Implementation Tasks
1. Implement `ValidatePath()`:
- Reject `..` traversal
- Reject absolute paths
- Canonicalize and verify prefix match
2. Implement `SafeRequire()`:
- Validate module name (alphanumeric + underscore)
- Load from `app_path/scripts/name.lua`
- Cache in registry `__loaded`
- Text-only mode (`"t"`)
3. Register as global `require`:
```cpp
lua_pushcfunction(L, SafeRequire);
lua_setglobal(L, "require");
```
### Dependencies
- Milestone 1 (LuaSandbox)
### Test Criteria
```cpp
TEST(PathSandbox, RejectsTraversal);
TEST(PathSandbox, RejectsAbsolutePaths);
TEST(SafeRequire, LoadsFromScriptsDir);
TEST(SafeRequire, CachesModules);
```
---
## Milestone 5: Timer & Callback System ✅
**Status**: Complete
**Goal**: Safe timer APIs managed by kernel.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| TimerManager | `src/main/cpp/sandbox/timer_manager.h/cpp` | setTimeout/setInterval |
### Implementation Tasks
1. Create `TimerManager` class:
- Priority queue of pending timers
- Per-app timer limits (max 100)
- Minimum 10ms granularity
2. Implement Lua APIs:
```lua
setTimeout(callback, ms) -> id
clearTimeout(id)
setInterval(callback, ms) -> id
clearInterval(id)
```
3. Integrate with kernel main loop:
- Check and fire timers each frame
- Reset instruction count before callback
4. Implement cleanup:
- `ClearAppTimers(app_id)` on app stop
### Dependencies
- Milestone 1 (LuaSandbox)
- Milestone 3 (RateLimiter)
### Test Criteria
```cpp
TEST(TimerManager, FiresTimeout);
TEST(TimerManager, FiresInterval);
TEST(TimerManager, LimitsPerApp);
TEST(TimerManager, CleansUpOnStop);
```
---
## Milestone 6: JSON & Crypto APIs ✅
**Status**: Complete
**Goal**: Safe data parsing and cryptographic primitives.
**Estimated Files**: 2 new files
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| JSON API | `src/main/cpp/sandbox/json_api.cpp` | Safe encode/decode |
| Crypto API | `src/main/cpp/sandbox/crypto_api.cpp` | Hash, random, HMAC |
### Implementation Tasks
1. Implement `json.decode()`:
- Depth limit (32)
- String length limit (1 MB)
- Array/object size limits
2. Implement `json.encode()`:
- Cycle detection
- Output size limit
3. Implement crypto APIs:
- `crypto.randomBytes(n)` - CSPRNG
- `crypto.hash("sha256", data)`
- `crypto.hmac("sha256", key, data)`
- Remove `math.randomseed`, replace `math.random` with per-app RNG
### Dependencies
- Milestone 1 (LuaSandbox)
- nlohmann-json (already in vcpkg)
### Test Criteria
```cpp
TEST(JsonApi, DecodesValid);
TEST(JsonApi, RejectsDeepNesting);
TEST(JsonApi, RejectsTooLarge);
TEST(CryptoApi, RandomBytesSecure);
TEST(CryptoApi, HashCorrect);
```
---
## Milestone 7: Virtual Filesystem ✅
**Status**: Complete
**Goal**: Per-app isolated storage with quotas.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| VirtualFS | `src/main/cpp/sandbox/virtual_fs.h/cpp` | App storage API |
### Implementation Tasks
1. Define virtual path mapping:
```
/data/ → /data/data/com.omixlab.mosis/apps/<app_id>/data/
/cache/ → /data/data/com.omixlab.mosis/apps/<app_id>/cache/
/temp/ → (session-only, cleared on stop)
/shared/ → requires storage.shared permission
```
2. Implement Lua file API:
```lua
fs.read(path) -> string
fs.write(path, data) -> bool
fs.append(path, data) -> bool
fs.delete(path) -> bool
fs.exists(path) -> bool
fs.list(dir) -> table
fs.mkdir(path) -> bool
fs.stat(path) -> {size, modified, isDir}
```
3. Enforce limits:
- Per-app quota (50 MB default)
- Max file size (10 MB)
- Max path depth (10)
4. Cleanup `/temp/` on app stop.
### Dependencies
- Milestone 1 (LuaSandbox)
- Milestone 2 (PermissionGate)
- Milestone 4 (Path validation)
### Test Criteria
```cpp
TEST(VirtualFS, ReadsWritesInAppDir);
TEST(VirtualFS, BlocksTraversal);
TEST(VirtualFS, EnforcesQuota);
TEST(VirtualFS, CleansUpTemp);
```
---
## Milestone 8: SQLite Database ✅
**Status**: Complete
**Goal**: Per-app SQLite with injection prevention.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| DatabaseManager | `src/main/cpp/sandbox/database_manager.h/cpp` | SQLite sandbox |
### Implementation Tasks
1. Create per-app database:
- Location: `/data/data/com.omixlab.mosis/apps/<app_id>/db/app.db`
- Max database size: 50 MB
2. Implement SQLite authorizer:
```cpp
sqlite3_set_authorizer(db, Authorizer, sandbox);
// Block: ATTACH, DETACH, dangerous PRAGMAs, load_extension
```
3. Implement Lua API:
```lua
local db = database.open("mydata")
db:execute("CREATE TABLE IF NOT EXISTS items (id INTEGER PRIMARY KEY, name TEXT)")
db:execute("INSERT INTO items (name) VALUES (?)", {"Item 1"})
local rows = db:query("SELECT * FROM items WHERE id > ?", {0})
db:close()
```
4. Enforce prepared statements only (no raw SQL interpolation).
### Dependencies
- Milestone 1 (LuaSandbox)
- Milestone 2 (PermissionGate)
- SQLite3 (add to vcpkg)
### Test Criteria
```cpp
TEST(Database, CreatesTables);
TEST(Database, PreparedStatements);
TEST(Database, BlocksAttach);
TEST(Database, BlocksDangerousPragma);
```
---
## Milestone 9: Network - HTTP ✅
**Status**: Complete
**Goal**: Secure HTTP requests with domain filtering.
**Estimated Files**: 2 new files
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| HttpRequestValidator | `src/main/cpp/sandbox/http_validator.h/cpp` | URL/domain validation |
| NetworkManager | `src/main/cpp/sandbox/network_manager.h/cpp` | HTTP client wrapper |
### Implementation Tasks
1. Implement URL parsing and validation:
- Require HTTPS
- Block private IPs, localhost, metadata IPs
- Domain whitelist from manifest
2. Implement Lua HTTP API:
```lua
local response = network.request({
url = "https://api.example.com/data",
method = "POST",
headers = {...},
body = "...",
timeout = 30000
})
```
3. Integrate with Android HttpURLConnection or libcurl.
4. Enforce limits:
- Request body: 10 MB
- Response body: 50 MB
- Timeout: 60s
- Concurrent requests: 6
### Dependencies
- Milestone 1 (LuaSandbox)
- Milestone 2 (PermissionGate)
- Milestone 3 (RateLimiter, AuditLog)
### Test Criteria
```cpp
TEST(HttpValidator, BlocksPrivateIP);
TEST(HttpValidator, BlocksLocalhost);
TEST(HttpValidator, RequiresHttps);
TEST(HttpValidator, EnforcesDomainWhitelist);
TEST(NetworkManager, MakesRequest);
```
---
## Milestone 10: Network - WebSocket ✅
**Status**: Complete
**Goal**: Secure WebSocket connections.
**Estimated Files**: 1 new file (extends NetworkManager)
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| WebSocketManager | `src/main/cpp/sandbox/websocket_manager.h/cpp` | WS connections |
### Implementation Tasks
1. Implement connection management:
- Max 5 connections per app
- Idle timeout: 5 minutes
- Message size limit: 1 MB
2. Implement Lua WebSocket API:
```lua
local ws = network.websocket("wss://api.example.com/ws")
ws:on("open", function() ... end)
ws:on("message", function(data) ... end)
ws:on("close", function(code, reason) ... end)
ws:send(data)
ws:close()
```
3. Use same URL validation as HTTP.
4. Cleanup connections on app stop.
### Dependencies
- Milestone 9 (HttpRequestValidator)
### Test Criteria
```cpp
TEST(WebSocketManager, Connects);
TEST(WebSocketManager, LimitsPerApp);
TEST(WebSocketManager, CleansUpOnStop);
```
---
## Milestone 11: Virtual Hardware - Camera ✅
**Status**: Complete
**Goal**: Camera access with mandatory indicators.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| CameraInterface | `src/main/cpp/sandbox/camera_interface.h/cpp` | Camera API |
### Implementation Tasks
1. Implement session management:
- `startSession(options)` - requires permission + user gesture
- `capturePhoto()` - returns frame data
- `stopSession()`
2. Mandatory recording indicator:
- Show in system UI (cannot be hidden by app)
3. Implement Lua API:
```lua
local session = camera.start({facing = "back", resolution = "720p"})
session:on("frame", function(data) ... end)
local photo = session:capture()
session:stop()
```
4. Rate limit: 1 session at a time, max 30 fps.
### Dependencies
- Milestone 2 (PermissionGate + user gesture)
- Milestone 3 (AuditLog)
- Game engine camera bridge (future)
### Test Criteria
```cpp
TEST(CameraInterface, RequiresPermission);
TEST(CameraInterface, RequiresUserGesture);
TEST(CameraInterface, ShowsIndicator);
TEST(CameraInterface, StopsOnAppStop);
```
---
## Milestone 12: Virtual Hardware - Microphone ✅
**Status**: Complete
**Goal**: Audio recording with mandatory indicators.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| MicrophoneInterface | `src/main/cpp/sandbox/microphone_interface.h/cpp` | Mic API |
### Implementation Tasks
1. Implement recording session:
- `startRecording(options)` - requires permission + user gesture
- `stopRecording()` - returns audio data
2. Mandatory recording indicator (same as camera).
3. Implement Lua API:
```lua
local recording = microphone.start({sampleRate = 44100, channels = 1})
recording:on("data", function(samples) ... end)
local audio = recording:stop()
```
4. Rate limit: 1 recording at a time.
### Dependencies
- Milestone 2 (PermissionGate + user gesture)
- Milestone 3 (AuditLog)
### Test Criteria
```cpp
TEST(MicrophoneInterface, RequiresPermission);
TEST(MicrophoneInterface, RequiresUserGesture);
TEST(MicrophoneInterface, ShowsIndicator);
```
---
## Milestone 13: Virtual Hardware - Audio Output ✅
**Status**: Complete
**Goal**: Safe audio playback.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| AudioOutputInterface | `src/main/cpp/sandbox/audio_output.h/cpp` | Speaker API |
### Implementation Tasks
1. Implement playback:
- `play(audioData, options)`
- `stop()`
- `setVolume(0.0-1.0)`
2. System volume limit (app cannot exceed system volume).
3. Implement Lua API:
```lua
local player = audio.play(soundData, {loop = false, volume = 0.8})
player:on("ended", function() ... end)
player:stop()
```
4. Concurrent sound limit: 10 per app.
### Dependencies
- Milestone 1 (LuaSandbox)
### Test Criteria
```cpp
TEST(AudioOutput, PlaysSound);
TEST(AudioOutput, RespectsVolumeLimit);
TEST(AudioOutput, LimitsConcurrent);
```
---
## Milestone 14: Virtual Hardware - Location ✅
**Status**: Complete
**Goal**: Location with privacy controls.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| LocationInterface | `src/main/cpp/sandbox/location_interface.h/cpp` | GPS API |
### Implementation Tasks
1. Two permission levels:
- `location.coarse` - city-level (1km accuracy)
- `location.fine` - precise GPS
2. Implement Lua API:
```lua
location.getCurrentPosition(function(pos)
print(pos.latitude, pos.longitude, pos.accuracy)
end)
local watch = location.watchPosition(function(pos) ... end, {
enableHighAccuracy = true,
timeout = 30000
})
watch:stop()
```
3. Rate limit: 1 request per second.
4. Reduce precision for coarse permission.
### Dependencies
- Milestone 2 (PermissionGate)
- Milestone 3 (RateLimiter)
### Test Criteria
```cpp
TEST(LocationInterface, RequiresPermission);
TEST(LocationInterface, CoarseReducesPrecision);
TEST(LocationInterface, RateLimits);
```
---
## Milestone 15: Virtual Hardware - Sensors ✅
**Status**: Complete
**Goal**: Motion sensors with fingerprinting prevention.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| SensorInterface | `src/main/cpp/sandbox/sensor_interface.h/cpp` | Accelerometer, gyro, etc. |
### Implementation Tasks
1. Supported sensors:
- Accelerometer (requires `sensors.motion`)
- Gyroscope (requires `sensors.motion`)
- Magnetometer (requires `sensors.motion`)
- Proximity (auto-granted)
- Ambient light (auto-granted)
2. Implement Lua API:
```lua
local sub = sensors.subscribe("accelerometer", function(data)
print(data.x, data.y, data.z, data.timestamp)
end, {frequency = 60})
sub:stop()
```
3. Reduce precision to prevent fingerprinting:
- Round values to 2 decimal places
- Limit update frequency to 60 Hz
### Dependencies
- Milestone 2 (PermissionGate)
### Test Criteria
```cpp
TEST(SensorInterface, RequiresPermission);
TEST(SensorInterface, ReducesPrecision);
TEST(SensorInterface, LimitsFrequency);
```
---
## Milestone 16: Virtual Hardware - Bluetooth ✅
**Status**: Complete
**Goal**: Bluetooth discovery and pairing.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| BluetoothInterface | `src/main/cpp/sandbox/bluetooth_interface.h/cpp` | BT API |
### Implementation Tasks
1. Discovery with user consent:
- `startDiscovery()` requires user confirmation
- Return device name/address only (no full UUID list)
2. Implement Lua API:
```lua
bluetooth.startDiscovery(function(devices)
for _, device in ipairs(devices) do
print(device.name, device.address)
end
end, {timeout = 30})
bluetooth.connect(address, function(connection)
connection:send(data)
end)
```
3. Limit: 5 connections per app.
### Dependencies
- Milestone 2 (PermissionGate + user gesture)
### Test Criteria
```cpp
TEST(BluetoothInterface, RequiresPermission);
TEST(BluetoothInterface, RequiresUserConsent);
```
---
## Milestone 17: Virtual Hardware - Contacts ✅
**Status**: Complete
**Goal**: Contact access with granular permissions.
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| ContactsInterface | `src/main/cpp/sandbox/contacts_interface.h/cpp` | Contacts API |
### Implementation Tasks
1. Separate read/write permissions:
- `contacts.read` - query contacts
- `contacts.write` - add/modify contacts
2. Implement Lua API:
```lua
local contacts = contacts.query({search = "John"})
for _, c in ipairs(contacts) do
print(c.name, c.phone, c.email)
end
contacts.add({name = "New Contact", phone = "555-1234"})
```
3. Limit fields returned (no raw account data).
### Dependencies
- Milestone 2 (PermissionGate)
### Test Criteria
```cpp
TEST(ContactsInterface, RequiresReadPermission);
TEST(ContactsInterface, RequiresWritePermission);
```
---
## ✅ Milestone 18: Inter-App Communication
**Goal**: Kernel-mediated message passing.
**Status**: Complete
**Estimated Files**: 1 new file
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| MessageBus | `src/main/cpp/sandbox/message_bus.h/cpp` | App-to-app messaging |
### Implementation Tasks
1. Implement intent system:
- Manifest declares received intents
- Sender must have required permissions
2. Implement Lua API:
```lua
-- Sending
intents.send({
action = "share",
type = "text/plain",
data = "Hello world"
})
-- Receiving (in manifest + handler)
intents.on("share", function(intent)
print(intent.from, intent.data)
end)
```
3. Validate sender/receiver at runtime.
### Dependencies
- Milestone 2 (PermissionGate)
- Milestone 3 (AuditLog)
### Test Criteria
```cpp
TEST(MessageBus, SendsToRegisteredReceiver);
TEST(MessageBus, BlocksUnregisteredAction);
```
---
## ✅ Milestone 19: Security Testing Suite
**Goal**: Comprehensive test coverage.
**Status**: Complete
**Estimated Files**: 3 new files
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| Unit tests | `tests/test_sandbox_security.cpp` | Core sandbox tests |
| Integration tests | `tests/test_sandbox_integration.cpp` | Full system tests |
| Fuzzer | `tests/fuzz_sandbox.cpp` | Random input testing |
### Implementation Tasks
1. Write unit tests for all milestones (see individual test criteria).
2. Write integration tests:
- Full app lifecycle
- Permission flow
- Resource cleanup
3. Implement fuzzer:
- Generate random Lua code
- Verify no crashes
- Verify sandbox integrity after each run
4. Security audit checklist (from SANDBOX.md).
### Dependencies
- All previous milestones
---
## Milestone 20: Kernel Integration ✅
**Status**: Complete
**Goal**: Multi-app sandbox orchestrator for kernel integration.
### Deliverables
| Component | File | Description |
|-----------|------|-------------|
| LuaSandboxManager | `src/main/cpp/sandbox/sandbox_manager.h` | Multi-app orchestrator |
| Implementation | `src/main/cpp/sandbox/sandbox_manager.cpp` | App lifecycle management |
| AppSandbox struct | `src/main/cpp/sandbox/sandbox_manager.h` | Per-app component container |
### Implementation Tasks
1. ✅ Create `LuaSandboxManager` class:
- Multi-app management with Start/Stop lifecycle
- Shared components (AuditLog, RateLimiter, MessageBus, TimerManager)
- Thread-safe app map access
2. ✅ Create `AppSandbox` struct:
- Per-app isolated Lua state and permissions
- Per-app VirtualFS, DatabaseManager, NetworkManager
- Per-app hardware interfaces (camera, mic, audio, location, sensors, bluetooth, contacts)
3. ✅ Wire up resource cleanup on app stop:
- Clear timers, close websockets, shutdown hardware
- Clean temp files, close databases, unregister from message bus
### Dependencies
- Milestones 1-19
---
## Summary
| Phase | Milestones | Description |
|-------|------------|-------------|
| **Foundation** | 1-4 | Core sandbox, permissions, logging, paths |
| **Core APIs** | 5-8 | Timers, JSON, crypto, filesystem, database |
| **Network** | 9-10 | HTTP and WebSocket |
| **Hardware** | 11-17 | Camera, mic, audio, location, sensors, BT, contacts |
| **System** | 18-20 | IPC, testing, integration |
### Recommended Order
1. **Milestone 1** - Must be first (foundation)
2. **Milestone 2** - Permissions (needed by everything)
3. **Milestone 3** - Audit/rate limiting (needed by APIs)
4. **Milestone 4** - Path security (needed by fs/require)
5. **Milestone 5-6** - Timers, JSON (high value)
6. **Milestone 7-8** - Storage, database (app data)
7. **Milestone 9-10** - Network (app connectivity)
8. **Milestones 11-17** - Hardware (as needed)
9. **Milestone 18** - IPC (multi-app)
10. **Milestone 19-20** - Testing & integration
### Quick Start
Begin with **Milestone 1** to establish the core sandbox. This is the foundation everything else builds on.