Project 7: Context-Aware Tasker Bridge

Convert Android context changes into versioned, least-authority Termux events that commit quickly, coalesce noise, and remain explainable after process death.

Quick Reference

Attribute Value
Difficulty Level 2-3 - Intermediate to Advanced
Time Estimate 12-20 hours
Language Python plus fixed shell entry points (alternatives: Go, Tasker-native actions)
Prerequisites Projects 1, 3, and 5; JSON contracts; durable state; Android permission basics
Key Topics Termux:Tasker, RUN_COMMAND, event envelopes, injection defense, debounce, idempotency, bounded results, audit

1. Learning Objectives

By completing this project, you will:

  1. Treat Tasker as an untrusted event producer at an explicit authority boundary.
  2. Expose only fixed reviewed entry points under the dedicated Termux:Tasker directory.
  3. Normalize Tasker variables into a small, versioned event envelope.
  4. Prevent event data, percent variables, quotes, separators, and newlines from becoming shell syntax.
  5. Distinguish duplicate delivery, debounce, and genuinely new context transitions.
  6. Commit long-running work before returning a bounded operation result to Tasker.
  7. Build an audit trail that answers what triggered, why it was accepted/coalesced/rejected, and what eventually happened.
  8. Explain classic-track add-on/signing requirements and why broad external-command settings increase authority.

2. Theoretical Foundation

2.1 Core Concepts

Tasker detects context; Termux owns work. Tasker can observe charging, battery, time, Wi-Fi, location-derived profiles, and many other Android conditions. Termux:Tasker is the bridge that lets a plugin host request a command in Termux. The safe architecture does not encode business logic in a long Tasker command string. Tasker chooses one reviewed entry point and passes a few bounded values. That entry point validates and persists an event, then the deterministic PocketOps core decides what work is appropriate.

RUN_COMMAND is authority. On the classic Termux track, the plugin host needs com.termux.permission.RUN_COMMAND. The official Termux:Tasker integration provides a dedicated ~/.termux/tasker/ directory so reviewed scripts can run without broadly enabling arbitrary external paths. Setting allow-external-apps=true expands what authorized apps may request and can amount to arbitrary command execution in the Termux context. This project keeps it disabled. Add-on APKs must also match the main Termux app’s supported source/signing family.

Event data is not shell text. Tasker variable expansion, plugin fields, quoting layers, and shell parsing can transform innocent text into syntax. A Wi-Fi name can contain spaces, quotes, percent signs, separators, newlines, or Unicode. The bridge passes values through explicit argument slots or a bounded data document, validates type/length/encoding, and calls internal functions without eval, sh -c, interpolation into source, or dynamic executable paths.

An event envelope describes occurrence and delivery. Useful fields include schema version, event type, producer, occurrence time, delivery ID, subject identity, normalized attributes, and privacy classification. The producer’s delivery ID helps detect a repeated delivery. A derived idempotency key protects one logical effect. A debounce key groups rapid nearby transitions that should trigger one operation. These keys solve different problems and must not be conflated.

Debounce is a time-window policy, not deduplication. Three wifi.entered signals in 500 ms may be one noisy transition, so they share a debounce group. A retried delivery of the first signal is a duplicate even outside a tiny UI bounce. A real re-entry ten minutes later is a new event and should not be discarded merely because its fields resemble the earlier one. Persist occurrence and decision evidence so the distinction remains explainable.

A plugin result is an acknowledgement, not the job. Android Intent/Binder channels and Termux result handling impose practical size limits; output may be truncated and long-running work may exceed Tasker timeouts or lose the originating process. The bridge commits an accepted event transactionally and returns a small result—status, operation ID, message, and perhaps retry hint. A worker performs long work later. Large payloads live in protected Termux-private state; only an opaque reference crosses the boundary.

Privacy follows data purpose. SSIDs, location context, notification text, and device state can reveal behavior. The audit trail stores only what is required to explain policy. A trusted-network comparison can use a keyed digest rather than logging the SSID. Precise location can be reduced to an approved context label before Termux receives it. Raw Tasker variables must not be dumped into ordinary logs.

Process death is normal. Tasker may time out after Termux committed the event; it can then retry. Termux may die after acknowledgement but before executing work. The queue and stable idempotency identity preserve correctness. Project 8 will supervise the worker, but Project 7 must already make event intake durable.

2.2 Why This Matters

Android context turns a Termux tool into an automation system: check services when trusted Wi-Fi appears, postpone synchronization when battery is low, or record a field-mode transition. Without explicit contracts, that power becomes brittle shell glue and a command-execution risk. The patterns here—thin producer, typed event, transactional inbox, idempotent consumer, bounded acknowledgement—also apply to webhooks, message queues, home automation, and enterprise integration.

2.3 Historical Context / Background

Tasker popularized user-programmable Android automation through profiles, contexts, tasks, and plugins. Termux:Tasker connects that event model to a Unix-style userspace. In distributed messaging, the same boundary is described through Event Message, Message Channel, Idempotent Receiver, and Correlation Identifier patterns. Android adds permission and Binder constraints; Termux adds an app-private Unix execution environment. The result is a small but genuine integration architecture.

2.4 Common Misconceptions

  • “Tasker variables are trusted because I created the profile.” Their values may originate from networks, notifications, files, or other apps.
  • “Quoting once prevents injection.” Multiple parsers and expansion stages require avoiding shell interpretation entirely.
  • “Debounce and idempotency are the same.” Debounce groups noisy distinct occurrences; idempotency handles repeated logical delivery/effect.
  • “Plugin success means the long job finished.” It may mean only that the event was durably accepted.
  • “A bigger result is more useful.” Large Binder/plugin results can time out or truncate; return an operation ID.
  • allow-external-apps is required for every integration.” Fixed scripts in the dedicated Tasker directory avoid broad external paths on the classic integration.
  • “Tasker guarantees Termux stays running.” It supplies a trigger, not lifecycle immunity.

3. Project Specification

3.1 What You Will Build

Create four Tasker profiles and one common Termux event intake contract:

  1. Charger Connected -> tasker.power.connected.v1
  2. Trusted Wi-Fi Entered -> tasker.wifi.entered.v1
  3. Battery Low -> tasker.battery.low.v1
  4. Field Context Entered -> tasker.context.field-entered.v1

Each profile calls a fixed entry point under ~/.termux/tasker/. The bridge normalizes inputs, checks a type-specific schema, calculates privacy-safe subject/debounce/idempotency identities, commits the event and queued operation, and returns one compact acknowledgement. A query command displays the full decision and eventual outcome from private state.

3.2 Functional Requirements

  1. Capability preflight: Detect classic-track Termux:Tasker, compatible installation lineage, RUN_COMMAND grant, and dedicated entry-point permissions.
  2. Minimum authority: Keep allow-external-apps disabled and expose only named reviewed scripts.
  3. Versioned envelopes: Every event has type, version, occurrence, delivery ID, producer, bounded attributes, and privacy class.
  4. Typed validation: Enumerations, timestamps, integers, identifiers, and references are validated before any action.
  5. No shell evaluation: Dynamic values never select an executable or become source text.
  6. Duplicate detection: A retried delivery returns the original acceptance/operation identity.
  7. Debounce policy: Rapid noisy transitions coalesce while later real transitions remain new events.
  8. Transactional intake: Event and queued operation commit before Tasker receives ENQUEUED.
  9. Bounded result: Return status, event/operation ID, short message, and stable error code only.
  10. Explainable audit: Record source profile, normalized nonsecret facts, decision, operation, and eventual result.
  11. Privacy controls: Store SSID as keyed digest and field context as label; exclude raw location and notification contents.

3.3 Non-Functional Requirements

  • Security: Fixed paths, default deny, no broad external app setting, no dynamic shell, and bounded input/output.
  • Reliability: An acknowledged event survives Termux process death and Tasker retry.
  • Responsiveness: Intake returns quickly; it never waits for network synchronization or another long operation.
  • Privacy: Audit explains decisions without reconstructing the user’s movement or message content.
  • Compatibility: The guide names the reference classic F-Droid/GitHub add-on track and reports unsupported tracks explicitly.

3.4 Example Usage / Output

$ pocketctl events show 01JZ9A7D2M
Event      tasker.wifi.entered.v1
Source     Tasker profile "Trusted Wi-Fi"
Received   2026-07-15T14:32:08Z
Decision   ENQUEUED operation=01JZ9A7F01
Duplicate  2 events coalesced within 30s
Outcome    COMPLETED action=sentinel-check
Sensitive  SSID stored as keyed digest

3.5 Real World Outcome

Enable the four profiles, then exercise one controlled sequence: connect to power, enter the trusted Wi-Fi context three times within 500 ms, simulate a Tasker retry of the first delivery after a timeout, trigger battery-low, and re-enter the Wi-Fi context ten minutes later. Tasker displays only compact acknowledgements. The PocketOps audit view shows one coalesced Wi-Fi operation, one duplicate delivery tied to the original operation, and one later distinct re-entry. Killing Termux immediately after ENQUEUED does not lose the accepted event. Hostile variable values remain inert data. This event timeline is the project’s single observable outcome.


4. Solution Architecture

4.1 High-Level Design

 Android contexts
 charger | Wi-Fi | battery | field profile
              |
           Tasker
              |
  RUN_COMMAND + one fixed ~/.termux/tasker entry point
              |
      bounded raw argument slots
              |
      +-------v----------------+
      | Event Intake Boundary  |
      | normalize -> validate  |
      | privacy -> identities  |
      +-----------+------------+
                  |
          one DB transaction
        +---------+----------+
        |                    |
        v                    v
   immutable event      queued operation
        |                    |
        +---------+----------+
                  |
          compact acknowledgement
          status + operation_id

 Later worker -> PocketOps action -> durable outcome -> audit query
 Android/Termux may die after acknowledgement; committed state remains.

4.2 Key Components

Component Responsibility Key Decisions
Tasker profiles Detect contexts and select fixed event type Minimal variables; no business logic
Dedicated entry points Define reviewed callable surface Fixed paths under ~/.termux/tasker
Input normalizer Convert plugin values to canonical types Reject ambiguity and oversize before action
Schema registry Validate each versioned event Unknown type/version fails closed
Identity policy Derive delivery, idempotency, and debounce keys Keep the three meanings separate
Privacy transformer Digest/reduce sensitive context Raw secrets never reach ordinary audit
Event store/inbox Commit immutable event and decision Transactional uniqueness constraints
Operation queue Hold long work Ack only after event and operation commit
Result renderer Return compact Tasker variables/result Strict size and stable codes
Audit query Explain trigger through final outcome Reads private durable state

4.3 Data Structures

EventEnvelope
  schema, event_id, event_type, producer
  occurred_at, received_at, delivery_id
  subject_ref, attributes, privacy_class

EventDecision
  event_id, decision     # ENQUEUED | DUPLICATE | COALESCED | REJECTED
  operation_id?, duplicate_of?, debounce_group?, reason_code?

Operation
  operation_id, action, idempotency_key
  state, created_at, attempt_count

TaskerAck
  schema, status, event_id?, operation_id?, code, short_message

AuditRecord
  correlation_id, profile_label, event_type
  normalized_safe_facts, decision, final_outcome?

4.4 Algorithm Overview

Key Algorithm: Durable Event Intake

  1. A fixed entry point selects one declared event type; dynamic input cannot select code.
  2. Read bounded argument slots and construct a candidate envelope.
  3. Normalize encoding, timestamp, number, and enumeration fields.
  4. Apply privacy transformation before persistence/logging.
  5. Validate the versioned schema.
  6. In one transaction, check delivery uniqueness, evaluate debounce policy, derive/reuse logical operation, and commit decision.
  7. Render a small acknowledgement from committed state.
  8. A later worker executes the operation with its idempotency key and records outcome.

Complexity Analysis

  • Time: O(n) in bounded input size plus indexed database lookups; intake does not wait for the downstream job.
  • Space: O(E) for retained events and audit records; each envelope/result has a strict size ceiling.

5. Implementation Guide

5.1 Development Environment Setup

Use the classic Termux track as the reference: Termux and Termux:Tasker installed from the same supported source/signing family, Termux initialized once, Tasker granted the RUN_COMMAND permission, and a private ~/.termux/tasker/ directory with restrictive permissions. Keep allow-external-apps disabled. Use Project 1 to report the product track and bridge capability instead of assuming it.

Create a disposable Tasker lab project containing only the four profiles. Begin with a fixed entry point that returns a constant bounded result, then add typed event data. Back up Tasker configuration without embedding secrets.

5.2 Project Structure

context-aware-tasker-bridge/
|-- entrypoints/
|   |-- power-connected      # thin conceptual adapters
|   |-- wifi-entered
|   |-- battery-low
|   `-- field-entered
|-- src/
|   |-- intake/
|   |-- schemas/
|   |-- identity/
|   |-- privacy/
|   |-- persistence/
|   `-- audit/
|-- tasker/
|   |-- profile-design.md
|   `-- variable-contracts.md
|-- tests/
|   |-- hostile-input/
|   |-- event-timelines/
|   `-- android-acceptance/
`-- README.md

The deploy step may place reviewed thin entry points into ~/.termux/tasker/; source remains in the private project tree.

5.3 The Core Question You Are Answering

“How can an external automation app request useful Termux work without turning event text into arbitrary shell authority or duplicate side effects?”

Your answer must cover both authority and delivery uncertainty. A safe argument parser with a non-durable event store is incomplete; a durable store reached through eval is also incomplete.

5.4 Concepts You Must Understand First

  1. RUN_COMMAND authority
    • Which app receives permission to request Termux execution?
    • Why is a dedicated directory narrower than arbitrary external paths?
    • Reference: Official Termux:Tasker setup and RUN_COMMAND documentation.
  2. Message envelopes
    • Which identifier names occurrence, delivery, correlation, and logical effect?
    • How will the schema evolve compatibly?
    • Book reference: “Enterprise Integration Patterns,” Message, Event Message, and Correlation Identifier patterns.
  3. Injection resistance
    • How many parsers touch a Tasker value before the core sees it?
    • Can the value ever select executable, option, or source text?
    • Reference: OWASP Command Injection Defense Cheat Sheet.
  4. Idempotency versus debounce
    • Is a retry the same occurrence or a nearby new occurrence?
    • When does a debounce window end?
    • Book reference: “Designing Data-Intensive Applications,” Chapter 11.

5.5 Questions to Guide Your Design

  1. What is the smallest fixed entry-point set?
  2. Which values are enums, integers, booleans, timestamps, labels, or opaque references?
  3. What maximum input and acknowledgement sizes are well below platform limits?
  4. When should Tasker receive COMPLETED versus ENQUEUED?
  5. How do you distinguish plugin timeout after commit from failure before commit?
  6. Which contexts are sensitive enough to hash, reduce, or exclude?
  7. What happens when permission is revoked, the add-on is absent, or the installation track is incompatible?

5.6 Thinking Exercise

Trace Delivery and Context Time

Draw this sequence:

  1. Three Wi-Fi-enter events arrive at 0 ms, 200 ms, and 500 ms.
  2. Tasker times out receiving the first acknowledgement and retries its delivery at 2 seconds.
  3. Termux dies after accepting the operation.
  4. The phone genuinely leaves and re-enters the context ten minutes later.

Assign event occurrence IDs, delivery IDs, debounce groups, operation IDs, and idempotency keys. Mark database commit points and what Tasker sees. Explain why the ten-minute re-entry remains distinct.

5.7 The Interview Questions They Will Ask

  1. “What is at-least-once event delivery?”
  2. “How do you prevent command injection from automation variables?”
  3. “What is the difference between debounce, deduplication, and idempotency?”
  4. “Why return an operation ID for long work?”
  5. “What authority does RUN_COMMAND grant?”
  6. “How would you evolve an event schema without breaking older producers?”

5.8 Hints in Layers

Hint 1: Return a constant first

Prove installation lineage, permission, fixed path, result variables, and timeout behavior before adding dynamic input.

Hint 2: Give each profile one adapter

The adapter chooses event type; Tasker data cannot choose an arbitrary executable or action.

Hint 3: Commit then acknowledge

For long work, make the operation durable and return its ID. The worker can be absent temporarily.

Hint 4: Test hostile values as ordinary data

Include spaces, quotes, percent signs, separators, substitutions, newlines, Unicode, empty values, and oversized values. The resulting event is rejected or stores the literal normalized value; nothing executes.

5.9 Books That Will Help

Topic Book Chapter
Message contracts “Enterprise Integration Patterns” Messaging Systems and Message Construction
Stream/event processing “Designing Data-Intensive Applications” Chapter 11
Idempotent architecture “Release It!,” 2nd ed. Stability and recovery patterns
Security boundaries “Security Engineering” Authentication and access-control chapters

5.10 Implementation Phases

Phase 1: Bridge and Authority Baseline (3-4 hours)

Goals: Prove the reference integration with minimum authority.

Tasks:

  1. Detect product track, add-on, signing-family compatibility, and permission state.
  2. Create the dedicated directory and one fixed constant-result entry point.
  3. Confirm broad external app execution remains disabled.

Checkpoint: Tasker receives a small constant result; direct unknown paths and missing permission fail visibly.

Phase 2: Typed Intake and Timeline Policy (5-8 hours)

Goals: Persist safe events and distinguish duplicate/debounce/new transitions.

Tasks:

  1. Define four schemas, normalizers, and privacy transformations.
  2. Implement transactional event/decision/operation persistence.
  3. Run hostile-input and event-timeline tests.

Checkpoint: Every timeline event has a deterministic decision and no input becomes code.

Phase 3: Tasker Profiles and Recovery Evidence (4-8 hours)

Goals: Complete real Android triggers, audit, and kill/retry tests.

Tasks:

  1. Configure the four profiles with minimal variable contracts.
  2. Add compact acknowledgements and an audit query.
  3. Kill after commit, retry delivery, restart, and prove one logical operation.

Checkpoint: The complete Real World Outcome timeline is visible and privacy-safe.

5.11 Key Implementation Decisions

Decision Options Recommendation Rationale
Callable surface Arbitrary paths; fixed dedicated scripts Fixed dedicated scripts Minimizes RUN_COMMAND authority
Data transport Shell text; bounded typed fields/reference Typed fields/reference Avoids parser ambiguity and size problems
Long work Tasker waits; durable enqueue Durable enqueue Survives timeout and process death
Duplicate control Timestamp only; delivery + idempotency identities Separate identities Models transport and logical effect correctly
Event noise Discard matching values forever; debounce window Type-specific debounce Preserves later real transitions
Sensitive Wi-Fi Raw SSID in audit; keyed digest Keyed digest Supports comparison without readable value
External setting Enable globally; keep disabled Keep disabled Dedicated scripts already meet the need

6. Testing Strategy

6.1 Test Categories

Category Purpose Examples
Capability Prove installation/permission truth Missing add-on, mismatched source, revoked RUN_COMMAND
Schema Protect event contracts Unknown version/type, missing field, invalid enum, oversize
Injection Keep data inert Quotes, separators, substitutions, newlines, percent variables
Timeline Prove duplicate/debounce semantics Rapid events, retry, later real re-entry
Transaction Prove acknowledgement durability Kill before commit, after commit, after ack
Privacy Prevent sensitive audit Raw SSID/location/message fixtures absent
Android acceptance Prove real profiles Charger, Wi-Fi, battery, field context triggers

6.2 Critical Test Cases

  1. Permission revoked: Produces a permission-specific error, not a missing-script diagnosis.
  2. Unknown entry point: Cannot run because external arbitrary path authority is not enabled.
  3. Hostile variable: Stored/rejected as data; never changes executable or arguments.
  4. Retry after timeout: Returns the original operation identity.
  5. Three rapid events: Coalesce by policy but remain auditable occurrences.
  6. Real later re-entry: Creates a new operation.
  7. Kill after acknowledgement: Accepted operation remains pending for the later worker.

6.3 Test Data

Event types: charger connected, trusted Wi-Fi entered, battery low, field entered
Values: normal, empty, maximum valid, overlong, quotes, %, ;, newline, Unicode
Timeline: 0ms original, 200ms related, 500ms related, 2s retry, 10m re-entry
Bridge states: ready, permission denied, add-on absent, incompatible track, timeout

7. Common Pitfalls & Debugging

7.1 Frequent Mistakes

Pitfall Symptom Solution
Broad external app setting Tasker can request arbitrary paths Use dedicated Tasker directory and fixed scripts
Logic in Tasker command string Quoting changes behavior Keep Tasker thin; normalize in Termux
eval or sh -c Variable becomes syntax Direct fixed dispatch with typed values
Long synchronous task Plugin times out; user retries Commit and return operation ID
Debounce as permanent dedupe Real re-entry never runs Use explicit type-specific time window
Ack before commit Tasker reports success but event is lost Build ack from committed decision
Raw context logging Audit reveals SSID/location Digest, label, redact, and test

7.2 Debugging Strategies

  • Debug in order: track/add-on lineage, permission, entry-point path/mode, constant result, argument slots, schema, transaction, downstream worker.
  • Inspect Tasker plugin error variables and Termux-side audit under the same correlation ID.
  • Reproduce an entry point directly with fixture values, but preserve the noninteractive environment in tests.
  • Keep acknowledgement content tiny so result-size issues cannot mask logic errors.

7.3 Performance Traps

High-frequency profiles, expensive geofencing, repeated network work, and verbose audit can drain battery or fill storage. Debounce before downstream work, retain bounded history, use Tasker context carefully, and let Project 8 schedule queued work economically.


8. Extensions & Challenges

8.1 Beginner Extensions

  • Add a widget showing the last five event decisions.
  • Add a dry-run profile that explains the proposed action without enqueueing it.

8.2 Intermediate Extensions

  • Add a schema migration from v1 to v2 while old Tasker profiles continue working.
  • Add an authenticated event export through Project 5’s outbox.
  • Add user confirmation for a high-authority context transition.

8.3 Advanced Extensions

  • Build a small conventional Android companion that uses the documented RUN_COMMAND Intent and compare authority/result limits with Termux:Tasker.
  • Add a policy simulator that replays historical events without performing actions.
  • Model event provenance across Tasker, Termux, worker, and remote receipt with one trace view.

9. Real-World Connections

9.1 Industry Applications

  • Home/phone automation: Context changes request bounded actions.
  • Webhook ingestion: Authenticated producers submit versioned events to a durable inbox.
  • Message processing: At-least-once delivery uses idempotent consumers and correlation IDs.
  • Edge policy engines: Sensitive raw context is reduced before durable processing.
  • Termux:Tasker: GitHub - Official classic-track plugin and setup/security guidance.
  • Termux app RUN_COMMAND Intent: GitHub wiki - Command/result contract and practical limits.
  • Tasker: tasker.joaoapps.com - Android automation host.
  • SQLite: sqlite.org - Transactional event inbox/outbox state.

9.3 Interview Relevance

This project prepares you to explain event contracts, at-least-once delivery, idempotency, debounce, transaction boundaries, untrusted input, least privilege, asynchronous acknowledgements, and privacy-aware audit.


10. Resources

10.1 Essential Reading

  • Official Termux:Tasker README - Permission, dedicated directory, and external-app security behavior.
  • Official RUN_COMMAND Intent wiki - Input/result fields, execution modes, and result-size constraints.
  • “Enterprise Integration Patterns” by Gregor Hohpe and Bobby Woolf - Message, Event Message, Correlation Identifier, Idempotent Receiver.
  • “Designing Data-Intensive Applications” by Martin Kleppmann, Chapter 11 - Stream and event processing.

10.2 Video Resources

  • Tasker developer tutorials on profiles, contexts, and plugin variables, validated against current documentation.
  • Android Developers talks on Intents, Binder, and background execution for lifecycle context.

10.3 Tools & Documentation

  • Project 3: Supplies normalized Android capability and permission errors.
  • Project 5: Supplies queued network work and idempotent synchronization.
  • Previous - Project 6: Supplies the same least-authority model for remote keys.
  • Next - Project 8: Runs the durable operation queue under supervision and recovery.

11. Self-Assessment Checklist

11.1 Understanding

  • I can explain the authority granted by RUN_COMMAND.
  • I can distinguish occurrence, delivery, correlation, debounce, and idempotency identities.
  • I can explain why Tasker variable text must never be evaluated.
  • I can explain why acceptance and completion are different statuses.
  • I can identify which context data is sensitive and how it is reduced.

11.2 Implementation

  • Fixed dedicated entry points are the only callable surface.
  • Broad external app execution remains disabled.
  • Every event validates against a versioned schema.
  • Hostile values cannot alter code or executable selection.
  • Event and operation commit before acknowledgement.
  • Timeline, kill, retry, and privacy tests pass.

11.3 Growth

  • I can explain one profile that was intentionally excluded because its authority or energy cost was too high.
  • I documented product-track compatibility and real-device behavior.
  • I can defend the event timeline and transaction boundaries in an interview.

12. Submission / Completion Criteria

Minimum Viable Completion

  • One fixed Tasker entry point accepts a bounded typed event with minimum authority.
  • Hostile inputs remain data, and acceptance commits before acknowledgement.
  • The audit query explains the event decision.

Full Completion

  • All four profiles, versioned schemas, privacy transformations, duplicate/debounce policy, durable operations, compact results, kill/retry tests, and the full Real World Outcome timeline.

Excellence (Going Above & Beyond)

  • Demonstrate compatible schema evolution and historical replay in dry-run mode.
  • Compare Termux:Tasker with a companion RUN_COMMAND Intent design using an explicit authority table.
  • Measure event-to-ack latency and energy/noise behavior across two Android/OEM configurations without claiming universal delivery guarantees.

This guide was generated from TERMUX_ANDROID_APPS_TOOLS_MASTERY.md. For the complete learning path, see the expanded project index.