Project 5: Offline-Aware Network Sentinel
Build a battery-aware mobile network diagnostician that identifies the failing protocol stage, stores bounded evidence, and synchronizes observations exactly once after connectivity returns.
Quick Reference
| Attribute | Value |
|---|---|
| Difficulty | Level 2 - Intermediate |
| Time Estimate | 14-22 hours |
| Language | Python (alternatives: Go, Rust) |
| Prerequisites | Projects 1-3; CLI contracts; private durable state; basic DNS, TCP, TLS, and HTTP |
| Key Topics | Total deadlines, failure taxonomy, IPv4/IPv6, captive portals, offline queues, idempotency, battery-aware retry |
1. Learning Objectives
By completing this project, you will:
- Model network reachability as a sequence of DNS, connection, TLS, and application stages rather than one Boolean.
- Carry one total deadline across every stage so a check cannot block longer than promised.
- Distinguish transient, permanent, policy-dependent, and user-actionable failures.
- Commit local observations independently from remote synchronization.
- Design a durable outbox that tolerates process death and duplicate delivery.
- Budget retries, concurrency, evidence, and response sizes for a battery-powered Android device.
- Explain why interface state, a successful ping, or Wi-Fi association does not prove service health.
2. Theoretical Foundation
2.1 Core Concepts
A network check is a staged experiment. Resolving a host name, opening a socket, negotiating TLS, and interpreting an HTTP response answer different questions. DNS can fail while a literal IP remains reachable. TCP can connect while TLS rejects an expired or mismatched certificate. TLS can succeed while an application returns 503 Service Unavailable. A useful sentinel preserves the deepest completed stage, elapsed time, selected address family, and safe cause category. It never compresses these facts into the word “offline.”
A deadline is an end time, not a fresh timeout per call. If a five-second operation gives DNS five seconds, each address five seconds, TLS five seconds, and HTTP five seconds, its real contract may be twenty seconds or more. The orchestrator calculates one monotonic deadline and gives each stage only the remaining budget. A monotonic clock is required for durations because wall-clock time can change after network synchronization, timezone changes, or user action.
Mobile connectivity is volatile. A phone can switch between Wi-Fi and cellular, keep a Wi-Fi association without upstream Internet, move between IPv4 and IPv6, enter a captive portal, lose DNS, or have traffic deferred while the app is backgrounded. Interface information is a scheduling hint, not proof. Android and an OEM power manager can also stop the Termux process between any two steps. Durable evidence must therefore be valid even if the process disappears before synchronization.
Offline-first synchronization is an outbox problem. The local check and its evidence are the primary transaction. After that transaction commits, an outbox record refers to the immutable observation. A synchronizer claims the record, sends an idempotency identity, and marks it delivered only after an accepted response is durable. If the process dies after the server accepts the event but before local acknowledgement, the retry uses the same identity and the receiver returns the original result instead of creating a duplicate.
Retries are policy. A temporary resolver timeout, connection timeout, rate limit, and 503 may be retryable. NXDOMAIN, a certificate name mismatch, invalid credentials, and malformed target configuration normally require intervention. Backoff is capped, jitter prevents synchronized retry storms, and low-battery policy may pause nonessential synchronization while allowing local checks. Infinite fast retry is both a reliability bug and an energy bug.
Evidence must be useful and bounded. Store target identifiers, stage timings, selected address family, certificate metadata needed for diagnosis, response status, bounded header allowlists, and a digest of any sampled body. Do not store bearer tokens, cookies, complete bodies, DNS search history, or full certificate chains by default. Every network read needs a byte limit in addition to a time limit.
2.2 Why This Matters
Monitoring code often works well on stable development Wi-Fi and fails precisely when a mobile operator needs it. A layered failure taxonomy tells the user whether to retry, fix configuration, renew a certificate, authenticate, or wait for a service. The same design supports field diagnostics, offline data collection, webhook delivery, edge agents, and the later PocketOps capstone. It also creates an honest boundary: the sentinel diagnoses reachable layers; it does not claim that Android will keep it running continuously.
2.3 Historical Context / Background
The Internet protocol stack deliberately separates name resolution, transport, security, and application semantics. Unix socket APIs expose transport operations, TLS adds authenticated encryption above them, and HTTP defines request/response meaning above TLS or cleartext transport. “Happy Eyeballs” algorithms emerged because sequentially preferring a broken IPv6 path can create long user-visible delays even when IPv4 works. Captive-portal standards likewise exist because link association and Internet access are different states. Mobile systems intensify these old distributed-systems problems through interface churn, radio energy cost, and background restrictions.
2.4 Common Misconceptions
- “Wi-Fi connected means online.” Association says only that the phone joined a local network.
- “Ping proves the API works.” ICMP reachability says nothing about the target TCP port, TLS identity, or HTTP behavior.
- “One socket timeout bounds the operation.” Resolution, multiple addresses, handshake, and reads can each consume separate time.
- “All TLS failures should retry.” An expired certificate or hostname mismatch usually needs intervention.
- “Exactly once is a transport feature.” The practical guarantee is at-least-once delivery plus stable idempotency at the logical side effect.
- “A wake lock guarantees network access.” It does not override all Doze, App Standby, OEM, or process-lifecycle restrictions.
3. Project Specification
3.1 What You Will Build
Build pocketctl sentinel, a command family with four conceptual operations:
- check: Run one bounded staged check for one or more configured targets.
- history: Query immutable local observations and their evidence IDs.
- sync: Deliver pending observation envelopes to a configured collector.
- status: Report target configuration, queue depth/age, last success, and current power/network policy.
A target declares a name, endpoint, stages to attempt, expected application result, total deadline, evidence policy, and retry class overrides. Configuration contains no credentials inline; secret references resolve through private storage at execution time.
3.2 Functional Requirements
- Layered probing: Record DNS, TCP, TLS, and HTTP/application stages separately.
- One total deadline: Every stage consumes the remaining monotonic deadline.
- Address-family evidence: Record attempted IPv4/IPv6 addresses without exposing unrelated interface data.
- Typed outcomes: Include
NETWORK_UNAVAILABLE,DNS_NXDOMAIN,DNS_TIMEOUT,CONNECT_REFUSED,CONNECT_TIMEOUT,TLS_CERT_INVALID,TLS_TIMEOUT,HTTP_UNEXPECTED,SERVICE_UNAVAILABLE, andREADY. - Bounded reads: Enforce maximum headers, body sample, redirects, and decompressed size.
- TLS verification: Verify trust chain and hostname; no insecure fallback is allowed.
- Durable observation: Commit the observation before enqueueing or reporting sync eligibility.
- Durable outbox: Recover claimed records after process death and preserve one logical delivery identity.
- Battery-aware scheduling: Bound concurrency and pause optional retries under configured low-power policy.
- Privacy-safe evidence: Redact credentials, query secrets, cookies, and full response bodies.
3.3 Non-Functional Requirements
- Performance: A check ends within its documented total deadline plus a small local persistence allowance.
- Reliability: A committed observation survives Termux process death, interface changes, and restart.
- Energy: Concurrency, retries, DNS work, and synchronization are capped and measurable.
- Security: TLS and hostname verification remain enabled; target URLs and logs do not leak secrets.
- Usability: Human output identifies the failed stage and gives a recovery hint; JSON follows a versioned schema.
- Portability: Core classification tests run with fake adapters off-device; real network acceptance runs on Android.
3.4 Example Usage / Output
$ pocketctl sentinel check
TARGET DNS TCP TLS HTTP TOTAL RESULT
router ok ok - 200 18ms READY
api ok ok ok 503 624ms SERVICE_UNAVAILABLE
expired-tls ok ok fail - 391ms TLS_CERT_INVALID
bad-name fail - - - 62ms DNS_NXDOMAIN
Queue: 2 unsynchronized records; retryable=1; intervention=2
3.5 Real World Outcome
Configure four controlled targets: a healthy local endpoint, an endpoint returning 503, a test endpoint with an invalid certificate, and a nonexistent hostname. Run the sentinel on Wi-Fi, then enable airplane mode, restore connectivity, and run synchronization. On the phone, the learner sees the table above and can open each evidence ID to inspect stage timings and recovery policy. Airplane mode produces NETWORK_UNAVAILABLE without rapid retries. Restored connectivity causes queued observations to move from pending to delivered. Re-running synchronization shows the same remote receipt identities and zero duplicate logical records. This single demonstration is the acceptance outcome for the project.
4. Solution Architecture
4.1 High-Level Design
pocketctl sentinel
|
validate TargetSpec
|
one monotonic total deadline
|
+---------+---------+---------+-----------+
v v v v
DNS TCP attempts TLS application
| | | |
+---------+---------+---------+-----------+
|
typed Observation v1
|
atomic local transaction
+---------+---------+
| |
v v
evidence/history outbox record
|
battery/retry policy
|
bounded synchronizer
|
idempotent collector
Android may terminate any process arrow; committed state remains authoritative.
4.2 Key Components
| Component | Responsibility | Key Decisions |
|---|---|---|
| Target loader | Parse and validate target policy | Reject secret-bearing URLs and impossible budgets |
| Deadline budget | Provide remaining monotonic time | Never reset the full timeout per stage |
| Resolver adapter | Return bounded address candidates and cause | Preserve family and resolution error separately |
| Connector | Attempt candidates within shared budget | Bound concurrency; document address strategy |
| TLS probe | Negotiate and verify identity | No verify=false recovery path |
| Application probe | Send bounded HTTP request and validate meaning | Limit redirects, headers, body, and decompression |
| Classifier | Map safe facts to stable result/retry classes | Policy is data, not broad exception text |
| Evidence store | Commit immutable observations | Private SQLite or append-only journal |
| Outbox synchronizer | Lease, deliver, and acknowledge observations | Stable idempotency key and capped retry |
| Power policy | Decide concurrency and optional work | Degrade visibly; never claim continuous service |
4.3 Data Structures
Conceptual shapes, not implementation code:
TargetSpec
target_id, endpoint, enabled_stages, expected_statuses
total_deadline_ms, max_response_bytes, retry_policy_id
Observation
observation_id, schema_version, target_id, started_at_utc
monotonic_duration_ms, interface_hint, stage_results[]
final_result_code, retry_class, evidence_digest
StageResult
stage, status, elapsed_ms, address_family?, safe_cause?
OutboxRecord
observation_id, delivery_id, state
attempt_count, next_attempt_at, lease_owner?, lease_expires_at?
Sensitive headers, credentials, raw bodies, and precise network identifiers are intentionally absent.
4.4 Algorithm Overview
Key Algorithm: Staged Probe Under One Deadline
- Validate the target without network side effects.
- Set
deadline = monotonic_now + total_budget. - Ask the resolver for candidates using only remaining time.
- Order/budget IPv6 and IPv4 attempts according to the documented policy.
- Connect using remaining time and record per-attempt safe facts.
- If enabled, perform TLS with chain and hostname verification.
- If enabled, send one bounded application request and validate its semantic result.
- Classify the deepest completed stage and retry policy.
- Commit the immutable observation and outbox row atomically.
- Render the committed result.
Complexity Analysis
- Time: Bounded by the configured total deadline; address attempts cannot multiply it.
- Space:
O(T x E)for retained observations acrossTtargets and bounded evidenceE; one response cannot exceed configured limits.
5. Implementation Guide
5.1 Development Environment Setup
Install a current Python runtime, TLS-capable HTTP/network dependencies selected by the learner, SQLite support, JSON tooling, and Termux:API only if battery/notification integration is enabled. Use Project 1 to record architecture, versions, add-on availability, and permission state. Create all executable code and databases under Termux-private storage. Use a second machine or controlled local containers to provide healthy, closed-port, invalid-TLS, slow, redirect-loop, and 503 fixtures.
Verification commands may inspect versions and resolve controlled hosts, but setup must not disable certificate verification, change global DNS, or expose a listener publicly.
5.2 Project Structure
offline-network-sentinel/
|-- src/
| |-- cli/
| |-- domain/ # target, observation, result, retry classes
| |-- probes/ # resolver, connector, tls, application adapters
| |-- persistence/ # evidence and outbox
| `-- policy/ # deadline, privacy, battery, retry
|-- config/
| `-- targets.example # shape only; no secrets
|-- tests/
| |-- unit/
| |-- integration/
| `-- android-acceptance/
|-- docs/
| |-- failure-taxonomy.md
| `-- evidence-policy.md
`-- README.md
5.3 The Core Question You Are Answering
“What exactly failed between this phone and a service, and what should the tool do next without wasting battery or lying to the user?”
Before implementation, be able to point to the stage that owns each guarantee. The sentinel is not complete if it can reach a URL; it is complete when it can explain controlled failure, persist that explanation, and make an economical next decision.
5.4 Concepts You Must Understand First
Stop and research these before coding:
- Layered protocol guarantees
- What does a DNS answer prove?
- What does a successful TCP handshake omit?
- What identity does TLS verify?
- Why is
503different from a connection failure? - Book reference: Michael Kerrisk, “The Linux Programming Interface,” Chapters 56-61.
- Deadline propagation
- Why use a monotonic clock for elapsed time?
- How does cancellation reach in-flight work?
- What happens when two address families share one budget?
- Book reference: Michael Nygard, “Release It!,” stability-pattern chapters.
- Offline outbox and idempotency
- Which transaction makes an observation accepted?
- What happens after remote accept but before local acknowledgement?
- Book reference: Martin Kleppmann, “Designing Data-Intensive Applications,” Chapter 8.
- Mobile energy policy
- Which work is user-requested, essential background, or optional sync?
- How many attempts occur during a one-hour outage?
- Reference: Android Doze and App Standby documentation.
5.5 Questions to Guide Your Design
- Which exact result codes permit automatic retry?
- Is the endpoint identifier safe to log, or can its path/query contain secrets?
- How will you prove a five-second deadline stays five seconds with many addresses?
- What is the smallest useful evidence for certificate failure?
- How do redirects and decompression affect response bounds?
- Which local observation is authoritative when synchronization state is ambiguous?
- How does low battery affect new checks versus pending synchronization?
5.6 Thinking Exercise
Budget a Five-Second Check
On paper, draw a timeline containing DNS, two IPv6 candidates, two IPv4 candidates, TLS, and HTTP. Allocate remaining-time rules rather than fixed independent timeouts. Then introduce these events:
- DNS consumes 900 ms.
- The first IPv6 connection stalls.
- IPv4 connects.
- TLS completes with 1.2 seconds remaining.
- The server begins a slow body.
Decide what is cancelled, what evidence is committed, and which result is returned at the deadline. Repeat with a TLS hostname mismatch that occurs early; explain why further automatic retries do not improve it.
5.7 The Interview Questions They Will Ask
- “Why does Wi-Fi connected not mean Internet reachable?”
- “How do connect, read, and total deadlines differ?”
- “What does TLS hostname verification protect?”
- “How would you avoid IPv6 failure delaying a working IPv4 path?”
- “Why add jitter to exponential backoff?”
- “How do you make offline synchronization idempotent?”
5.8 Hints in Layers
Hint 1: One stage, one fact
Begin with a resolver adapter and a fake resolver. Do not begin by catching one monolithic HTTP exception.
Hint 2: Pass a deadline object
Every adapter asks for remaining time. A stage cannot create a fresh full timeout.
Hint 3: Make classification data-driven
Map (stage, safe cause, response class) to a stable result and retry policy. Keep raw exception strings diagnostic-only.
Hint 4: Separate observation from delivery
Persist the local diagnosis first. Synchronization works from immutable IDs and may run much later.
5.9 Books That Will Help
| Topic | Book | Chapter |
|---|---|---|
| Socket and Internet APIs | “The Linux Programming Interface” | Chapters 56-61 |
| TCP/IP behavior | “TCP/IP Illustrated, Volume 1,” 2nd ed. | Addressing, TCP, DNS, and TLS-related protocol chapters |
| Failure containment | “Release It!,” 2nd ed. | Stability patterns and cascading failures |
| Distributed uncertainty | “Designing Data-Intensive Applications” | Chapter 8 |
5.10 Implementation Phases
Phase 1: Taxonomy and Deterministic Probes (4-6 hours)
Goals: Define schemas, deadline behavior, and controlled stage probes.
Tasks:
- Write target, stage, observation, and result contracts.
- Create fake adapters for every planned success/failure.
- Implement staged orchestration against fakes before real sockets.
Checkpoint: Contract tests prove each failure maps to one stable result and the deadline never resets.
Phase 2: Real Mobile Checks and Evidence (5-8 hours)
Goals: Run bounded real probes and persist privacy-safe evidence.
Tasks:
- Integrate resolver, connection, TLS, and application adapters.
- Add immutable local persistence and history queries.
- Validate airplane mode, interface switching, IPv4/IPv6, and captive behavior on the phone.
Checkpoint: Controlled fixtures produce expected rows and no check exceeds its total budget.
Phase 3: Outbox, Power Policy, and Acceptance (5-8 hours)
Goals: Synchronize safely and demonstrate economic recovery.
Tasks:
- Add leased outbox delivery with idempotency identities.
- Add capped backoff, jitter, concurrency, and low-power policy.
- Kill during delivery, restore connectivity, and verify exact logical receipts.
Checkpoint: The Real World Outcome completes with zero duplicate logical records.
5.11 Key Implementation Decisions
| Decision | Options | Recommendation | Rationale |
|---|---|---|---|
| Probe abstraction | One HTTP call; explicit stages | Explicit stages | Preserves diagnosis and budgets |
| Time model | Wall clock; monotonic deadline | Monotonic deadline | Immune to wall-clock changes |
| Address strategy | Sequential fixed family; bounded racing | Bounded racing with documented policy | Avoids one broken family monopolizing latency |
| Evidence body | Full body; bounded digest/sample; none | Allowlists plus bounded digest/sample | Useful without storing sensitive payloads |
| Local store | Loose files; SQLite journal | SQLite with explicit transactions | Atomic observation and outbox state |
| Retry | Fixed interval; capped exponential with jitter | Capped exponential with jitter | Limits energy and synchronized storms |
| TLS error recovery | Disable verification; intervene | Intervene | Security failure is not connectivity recovery |
6. Testing Strategy
6.1 Test Categories
| Category | Purpose | Examples |
|---|---|---|
| Unit | Prove policy without a network | Classification, deadline arithmetic, redaction, retry schedule |
| Contract | Protect public schemas | JSON version, exit status, stable result codes |
| Integration | Exercise controlled protocol failures | NXDOMAIN, refused port, slow handshake, bad certificate, redirect loop, oversized body |
| Persistence | Prove interruption safety | Kill before/after commit, expired lease, duplicate delivery receipt |
| Android acceptance | Prove mobile behavior | Airplane mode, Wi-Fi/cellular change, background restriction, low battery |
6.2 Critical Test Cases
- Shared deadline: Four addresses still finish within one total budget.
- Certificate identity failure: Produces intervention, never insecure retry.
- Bounded response: Oversized/chunked/compressed content stops at policy limit.
- Airplane mode: Local result commits; rapid retry does not begin.
- Ambiguous delivery: Kill after remote accept, then retry with the same identity.
- Privacy: Credentials, cookies, query secrets, and response bodies do not appear in logs.
6.3 Test Data
Fixture A: resolvable host + healthy endpoint -> READY
Fixture B: reserved nonexistent name -> DNS_NXDOMAIN
Fixture C: reachable host + closed test port -> CONNECT_REFUSED
Fixture D: controlled invalid certificate -> TLS_CERT_INVALID
Fixture E: valid TLS + HTTP 503 -> SERVICE_UNAVAILABLE
Fixture F: valid endpoint + oversized slow response -> RESPONSE_LIMIT or DEADLINE_EXCEEDED
7. Common Pitfalls & Debugging
7.1 Frequent Mistakes
| Pitfall | Symptom | Solution |
|---|---|---|
| Broad exception mapping | Every row says offline | Preserve stage and safe cause before classification |
| Per-stage full timeout | Five-second check lasts much longer | Pass one monotonic deadline |
| Unlimited concurrency | Outage creates many sockets/processes | Bound workers and cancellation |
| Blind TLS retry | Battery drains on certificate errors | Mark identity/configuration failures intervention-only |
| Ack before remote acceptance | Observations vanish | Mark delivered only after durable receipt |
| New ID on retry | Remote duplicates appear | Persist one delivery identity with the observation |
| Full response logging | Secrets and storage growth | Allowlist metadata; cap and digest samples |
7.2 Debugging Strategies
- Reproduce one protocol stage with a controlled fixture before inspecting the whole stack.
- Compare monotonic timestamps at entry/exit of every stage.
- Query the observation and outbox transaction separately from rendered output.
- Inspect interface changes as hints; do not rewrite a precise TLS error as “network changed.”
- Calculate future retry times and total attempt count instead of waiting through an outage.
7.3 Performance Traps
DNS fan-out, sequential address attempts, redirect chains, decompression bombs, large certificate evidence, and synchronized retries can multiply work. Measure radio/network attempts, bytes read, total duration, queue age, and attempts per outage. Optimization is successful only if diagnosis remains accurate.
8. Extensions & Challenges
8.1 Beginner Extensions
- Add a human history view grouped by failure stage.
- Add a notification only when a target changes state, not on every check.
8.2 Intermediate Extensions
- Add captive-portal suspicion using a controlled endpoint and explicit uncertainty.
- Export redacted observations through the Project 2 vault boundary.
- Compare sequential and bounded-racing address strategies with real measurements.
8.3 Advanced Extensions
- Add an authenticated collector with replay-safe delivery receipts.
- Add a Tasker trigger that queues a check after meaningful connectivity change.
- Model fleet-wide retry budgets so many phones do not synchronize simultaneously.
9. Real-World Connections
9.1 Industry Applications
- Synthetic monitoring: Probes protocol stages and application behavior from an edge location.
- Offline field collection: Commits evidence locally and synchronizes when affordable connectivity returns.
- Edge-agent telemetry: Uses durable outboxes and stable event identities.
- Certificate operations: Distinguishes identity/configuration faults from reachability faults.
9.2 Related Open Source Projects
- curl: curl.se - Rich transfer diagnostics and strict TLS behavior.
- OpenSSL: openssl.org - Certificate and TLS inspection reference.
- Prometheus Blackbox Exporter: GitHub - Multi-protocol probing concepts; its server deployment model must be adapted for mobile lifecycle.
- Termux packages: GitHub - Android-compatible network tools and runtimes.
9.3 Interview Relevance
This project prepares you to discuss timeout propagation, partial failure, address-family strategy, TLS identity, backoff, idempotency, offline-first design, and why monitoring evidence must be both bounded and privacy-aware.
10. Resources
10.1 Essential Reading
- RFC 9110, HTTP Semantics - Meaning of responses and status codes.
- RFC 8446, TLS 1.3 - Modern TLS protocol and authenticated channel model.
- RFC 8305, Happy Eyeballs Version 2 - Avoiding avoidable delay across IPv6/IPv4 paths.
- RFC 8910, Captive-Portal Identification - Standard context for captive-network detection.
- “The Linux Programming Interface” by Michael Kerrisk, Chapters 56-61 - Sockets and Internet APIs.
10.2 Video Resources
- Android Developers talks on Doze, App Standby, and background work - use current official recordings paired with current documentation.
- IETF educational material on DNS, TLS, and Happy Eyeballs - use protocol traces rather than copy-paste implementations.
10.3 Tools & Documentation
- Android Doze and App Standby: developer.android.com/training/monitoring-device-state/doze-standby
- Python socket documentation: docs.python.org/3/library/socket.html
- Python SSL documentation: docs.python.org/3/library/ssl.html
- Termux execution environment: Termux packages wiki
10.4 Related Projects in This Series
- Previous - Project 4: Supplies thin UI surfaces that can display sentinel state.
- Next - Project 6: Applies explicit network exposure, peer identity, and per-key authority.
- Later - Project 8: Supervises synchronization while preserving the same durable queue.
11. Self-Assessment Checklist
11.1 Understanding
- I can explain what DNS, TCP, TLS, and HTTP each prove.
- I can distinguish a total deadline from per-call timeouts.
- I can classify which failures may retry automatically and why.
- I can explain at-least-once delivery plus idempotency.
- I understand why a mobile interface state is a hint rather than proof.
11.2 Implementation
- Every required stage has controlled success and failure tests.
- The output and error schemas are versioned.
- Observations and outbox entries commit atomically.
- No response, redirect, retry, or concurrency path is unbounded.
- Logs and evidence pass the sensitive-data fixture tests.
- Real-device airplane-mode and interface-change tests pass.
11.3 Growth
- I can explain one design I changed after measuring a real phone.
- I documented limitations caused by Android lifecycle or OEM behavior.
- I can defend the retry and evidence policies in an interview.
12. Submission / Completion Criteria
Minimum Viable Completion
- Layered checks classify controlled DNS, TCP, TLS, HTTP, and no-network conditions.
- One total deadline and response bound are enforced.
- Immutable local observations survive process restart.
Full Completion
- All minimum criteria plus a durable outbox, idempotent receipt handling, bounded jittered retries, power policy, redaction tests, and the complete Real World Outcome transcript.
Excellence (Going Above & Beyond)
- Demonstrate IPv4/IPv6 strategy with packet/timing evidence.
- Publish a failure-taxonomy rationale and an energy-budget calculation for a one-hour outage.
- Run the acceptance scenario across two Android/OEM versions and document lifecycle differences without claiming universal reliability.
This guide was generated from TERMUX_ANDROID_APPS_TOOLS_MASTERY.md. For the complete learning path, see the expanded project index.