"The smartphone is too weak to fight alone. We brought the brain to the cloud."
A next-generation mobile security solution that offloads complex threat analysis to a centralized "Cloud Brain"
π Documentation β’ ποΈ Architecture β’ π Setup Guide β’ π§ͺ Testing
Hybrid Cloud Sentinel (HCS) is a mobile security MVP that combines a lightweight on-device Android agent with a powerful Python-based backend analysis engine. The solution provides comprehensive threat detection while maintaining minimal battery impact on the user's device.
| Feature | Description |
|---|---|
| β‘ Lightweight Endpoint | Minimal battery drain through cloud-offloaded processing |
| π§ Deep Analysis | Cloud-based heuristics & ML for advanced threat detection |
| π΄ Real-time Protection | Instantaneous feedback and blocking capabilities |
| π Hybrid Ensemble | On-device TFLite + Heuristic Matrix + Cloud Brain Intelligence |
| π‘οΈ Trust-First UX | Educational onboarding and security score gamification |
| π OTA Model Updates | Automated ML model retraining and over-the-air updates |
| π Admin Dashboard | Comprehensive analytics and threat management interface |
| π³ Flexible Plans | Freemium and Featured subscription models with integrated billing |
We prioritize Clean Architecture with MVVM to ensure scalability and testability.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HYBRID CLOUD SENTINEL β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββββββ βββββββββββββββββββ β
β β Android Agent ββββββ HTTPS ββββββββΊβ Cloud Brain β β
β β β β β β
β β βββββββββββββ β β βββββββββββββ β β
β β β:app β β β β FastAPI β β β
β β β:domain β β Threat Data β β Engine β β β
β β β:data β βββββββββββββββββββββΊβ β ML Models β β β
β β β:present β β β β Heuristicsβ β β
β β β:agent β β β βββββββββββββ β β
β β βββββββββββββ β β β β
β βββββββββββββββββββ βββββββββββββββββββ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Module | Purpose |
|---|---|
:app |
Dependency Injection (Hilt), Application class, Navigation host |
:domain |
Pure Kotlin entities, Use Cases, Repository interfaces (NO Android deps) |
:data |
Repository implementations, Room Database, Retrofit API, Mappers |
:presentation |
Jetpack Compose UI, ViewModels, State holders |
:agent |
Foreground Services, Permission Analysis, Package Scanning |
| Component | Purpose |
|---|---|
| FastAPI | High-performance async API with automatic OpenAPI docs |
| Pydantic | Type safety and shared contracts with Android |
| Heuristic Engine | Rule-based detection of semantic threat patterns |
| ML Classifier | Extensible interface for TensorFlow/PyTorch models |
The Cloud Brain is deployed and accessible at:
| Endpoint | URL |
|---|---|
| Landing Page | https://codekhoda-sentinel.liara.run/ |
| Admin Dashboard | https://codekhoda-sentinel.liara.run/dashboard/ |
| Login Page | https://codekhoda-sentinel.liara.run/dashboard/login |
| Health Check | https://codekhoda-sentinel.liara.run/health |
| API Documentation | https://codekhoda-sentinel.liara.run/docs |
| Scan Endpoint | https://codekhoda-sentinel.liara.run/api/v1/scan/analyze |
| Threat Intel (Web) | Package Lists JSON |
| Component | Platform | Details |
|---|---|---|
| Backend | Liara | Docker container on free tier |
| Database | SQLite | Lightweight embedded database |
| Intel Source | GitHub | Dynamic threat signatures (OTA) |
We utilize a multi-layered approach to threat detection:
- L1: Local Whitelist (System): Fast bypass for verified system/OS apps.
- L2: Local TFLite Model: On-device AI for instant heuristic flagging.
- L3: Cloud Allow/Blocklist: Real-time verification against global threat databases.
- L4: External Intelligence: Dynamic fetching of signatures from GitHub and VirusTotal.
- L5: Contextual Analysis: Correlating app categories with requested permissions.
- Android Development: Android Studio Arctic Fox+, JDK 17
- Backend Development: Python 3.10+, pip
The Android app is pre-configured to use the live Liara backend at https://codekhoda-sentinel.liara.run. Simply:
- Clone the repository
- Open
android/in Android Studio - Build & Run on your device
git clone https://github.com/your-org/hybrid-cloud-sentinel.git
cd hybrid-cloud-sentinelcd backend
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
uvicorn app.main:app --reload --host 0.0.0.0 --port 8000Local Server runs at http://127.0.0.1:8000
Production API available at https://codekhoda-sentinel.liara.run
API Documentation: Local | Production
- Open the
android/folder in Android Studio - Sync Gradle dependencies
- Configure the Cloud Brain URL in your
local.properties:# android/local.properties # For local development (Emulator): cloud.brain.url=http://10.0.2.2:8000 # For production (Liara): # cloud.brain.url=https://codekhoda-sentinel.liara.run
-
Install Liara CLI:
npm install -g @liara/cli
-
Deploy Backend:
cd backend liara deploy --app codekhoda-sentinel --platform docker --port 8000The deployment uses the Docker platform and will automatically build the image from the Dockerfile.
-
Configure Environment Variables (Optional):
liara env set --app codekhoda-sentinel JWT_SECRET=your-secure-secret-key-here liara env set --app codekhoda-sentinel DEBUG=false
-
Using GitHub Actions for CI/CD:
- Add
LIARA_API_TOKENto your GitHub repository secrets - Generate the token from Liara Console -> Account -> API Tokens
- The workflow will automatically deploy on push to
mainbranch
- Add
The backend uses SQLite as an embedded database, which:
- Requires no external database service
- Stores data in a single file (
sentinel_brain.db) - Is perfect for MVP and small-scale deployments
- Automatically initializes on first startup
For production with high traffic, consider migrating to PostgreSQL by:
- Adding
psycopg2-binarytorequirements.txt - Setting
DATABASE_URLenvironment variable to PostgreSQL connection string - The code will automatically detect and use PostgreSQL
| Variable | Description | Example |
|---|---|---|
DATABASE_URL |
Database connection string | sqlite:///./sentinel_brain.db (default) |
JWT_SECRET |
Secret key for JWT tokens | your-secret-key-change-in-production |
DEBUG |
Enable debug mode | false |
SKIP_INIT_DB |
Skip database seeding on startup | 0 |
hybrid-cloud-sentinel/
βββ π android/ # Android Application
β βββ π app/ # Main application module
β βββ π domain/ # Business logic (Pure Kotlin)
β β βββ model/ # Entities (AppPackage, RiskAssessment)
β β βββ repository/ # Repository interfaces
β β βββ usecase/ # Use cases (ScanAppUseCase)
β βββ π data/ # Data layer
β β βββ local/ # Room database, DAOs
β β βββ remote/ # Retrofit API, DTOs
β β βββ ml/ # TFLite model, FeatureExtractor
β β βββ repository/ # Repository implementations
β βββ π presentation/ # UI Layer (Jetpack Compose)
β β βββ theme/ # Cyberpunk design system
β β βββ components/ # Reusable UI components
β β βββ scan/ # Scanning screens
β β βββ about/ # About screen
β βββ π agent/ # System services
β βββ service/ # Foreground service (SentinelService)
β βββ scanner/ # Package analyzer
βββ π backend/ # Python Backend (Cloud Brain)
β βββ π app/
β β βββ api/v1/endpoints/ # REST endpoints (scan, auth, dashboard)
β β βββ core/ # Config, database, security
β β βββ engine/ # Heuristics & ML
β β βββ models/ # SQLAlchemy models (User, ScanLog)
β β βββ schemas/ # Pydantic schemas
β β βββ services/ # Business logic (auth)
β β βββ static/ # CSS, JavaScript
β β βββ templates/ # Jinja2 HTML templates (dashboard)
β βββ π tests/ # pytest test suite
βββ π docs/ # Documentation
βββ π references/ # Reference ML models & datasets
βββ π samples/ # Test APK samples
# Unit Tests (Domain logic, ViewModels)
cd android
./gradlew testDebugUnitTest
# Instrumented Tests (Room DB, UI flows)
./gradlew connectedDebugAndroidTestcd backend
pytest --cov=app tests/- Threat Detection Test: Install a test app with suspicious permissions
- Connectivity Test: Verify offline mode shows cached results
- UI Fluidity: Test radar animations on real device
- Core Scanning Loop - Real-time app analysis
- Cloud Integration - Offloaded threat analysis
- Offline Support - Local caching with Room
- ML Classification - Ensemble TFLite model integration
- Trust-First Onboarding - Educational permission dashboard
- OTA Model Updates - Background model synchronization
- Admin Dashboard - Real-time analytics and management
- Premium Features - Subscription model and sandbox payments
- Network Monitoring - Packet analysis (implemented)
| Document | Description |
|---|---|
| Architecture Guide | Detailed system architecture and design decisions |
| Setup Guide | Complete installation and configuration instructions |
| API Reference | Cloud Brain REST API documentation |
| Development Guide | Contributing guidelines and coding standards |
| Testing Guide | Testing strategy and test writing guide |
We welcome contributions! Please see our Development Guide for:
- Coding standards and conventions
- Branch naming and commit messages
- Pull request process
- Code review guidelines
This project is licensed under the MIT License - see the LICENSE file for details.
Built with β€οΈ by AI + Human Collaboration
Protecting your digital life, one scan at a time.