abbasiandev/raybod

# on around them. For example, "Domain logic" and "ViewModels" are within parentheses, so we can keep them. But "Unit Tests" might be considered a term. I recall in many Chinese technical docs, they use "单元测试" for unit tests. However since the instruction explicitly says keep professional terms in original English, I'll keep "Unit Tests". But then the whole line is English. That seems odd. Let's look at the instruction again: "IMPORTANT: Keep all professional terms, proper nouns, tool/library/framework names, and technical jargon in their original English form. For example: 'Running Naabu' -> '运行 Naabu', 'Kubernetes Setup' -> 'Kubernetes 设置', 'API Reference' -> 'API 参考'." So the examples show that the English term is kept, but the surrounding words are translated. For "Running Naabu", "Running" was translated to "运行", but "Naabu" kept. For "Kubernetes Setup", "Kubernetes" kept, "Setup" translated to "设置". For "API Reference", "API" kept, "Reference" translated to "参考". So the pattern is: translate the generic words, keep the specific terms. ## 🎯 概述 **Raybod** 是一个移动安全 MVP，结合了轻量级的设备端 Android 代理和基于 Python 的强大后端分析引擎。该解决方案提供全面的威胁检测，同时将对用户设备的电池影响降至最低。 ### 关键价值主张 | 特性 | 描述 | |---------|-------------| | **⚡ 轻量端点** | 通过云端卸载处理实现最小电池消耗 | | **🧠 深度分析** | 基于云端的启发式和机器学习，实现高级威胁检测 | | **🔴 实时保护** | 即时反馈和阻断能力 | | **🌐 混合集成** | 设备端 TFLite + 启发式矩阵 + 云大脑智能 | | **🛡️ 信任优先体验** | 教育性引导和安全积分游戏化 | | **🔄 OTA 模型更新** | 自动机器学习模型重训练和空中升级 | | **📊 管理仪表盘** | 全面的分析和管理界面 | | **💳 灵活计划** | 免费增值和特色订阅模式，集成计费 | ## 🏗️ 架构 我们优先采用**清洁架构**和**MVVM**，以确保可扩展性和可测试性。 ``` ┌──────────────────────────────────────────────────────────────┐ │ RAYBOD │ ├──────────────────────────────────────────────────────────────┤ │ │ │ ┌─────────────────┐ ┌─────────────────┐ │ │ │ Android Agent │◄──── HTTPS ───────►│ Cloud Brain │ │ │ │ │ │ │ │ │ │ ┌───────────┐ │ │ ┌───────────┐ │ │ │ │ │:app │ │ │ │ FastAPI │ │ │ │ │ │:domain │ │ Threat Data │ │ Engine │ │ │ │ │ │:data │ │◄──────────────────►│ │ ML Models │ │ │ │ │ │:present │ │ │ │ Heuristics│ │ │ │ │ │:agent │ │ │ └───────────┘ │ │ │ │ └───────────┘ │ │ │ │ │ └─────────────────┘ └─────────────────┘ │ │ │ └──────────────────────────────────────────────────────────────┘ ``` ### Android 客户端 (Kotlin) | 模块 | 用途 | |--------|---------| | **`:app`** | 依赖注入 (Hilt)，Application 类，导航宿主 | | **`:domain`** | 纯 Kotlin 实体，用例，仓库接口（无 Android 依赖） | | **`:data`** | 仓库实现，Room 数据库，Retrofit API，映射器 | | **`:presentation`** | Jetpack Compose UI，ViewModel，状态持有者 | | **`:agent`** | 前台服务，权限分析，包扫描 | ### 云大脑 (Python) | 组件 | 用途 | |-----------|---------| | **FastAPI** | 高性能异步 API，自动生成 OpenAPI 文档 | | **Pydantic** | 类型安全，与 Android 共享契约 | | **启发式引擎** | 基于规则的语义威胁模式检测 | | **ML 分类器** | 可扩展接口，支持 TensorFlow/PyTorch 模型 | ## 🌐 线上部署 云大脑已部署并可访问： | 端点 | URL | |----------|-----| | **着陆页** | https://gitr_g6pdx-727.b.jrnm.app/ | | **管理仪表盘** | https://gitr_g6pdx-727.b.jrnm.app/dashboard/ | | **登录页面** | https://gitr_g6pdx-727.b.jrnm.app/dashboard/login | | **健康检查** | https://gitr_g6pdx-727.b.jrnm.app/health | | **API 文档** | https://gitr_g6pdx-727.b.jrnm.app/docs | | **扫描端点** | https://gitr_g6pdx-727.b.jrnm.app/api/v1/scan/analyze | | **威胁情报 (Web)**| [包列表 JSON](https://raw.githubusercontent.com/codekhoda/threat-intel/main/package_lists.json) | ### 基础设施 | 组件 | 平台 | 详情 | |-----------|----------|---------| | **后端** | [JustRunMy.App](https://justrunmy.app) | Docker 容器 | | **数据库** | SQLite | 轻量级嵌入式数据库 | | **情报源** | GitHub | 动态威胁签名 (OTA) | ## 🛡️ 混合安全矩阵 我们采用多层威胁检测方法： 1. **L1: 本地白名单 (系统)**：快速绕过已验证的系统/OS 应用。 2. **L2: 本地 TFLite 模型**：设备端 AI 实现即时启发式标记。 3. **L3: 云端允许/阻止列表**：实时验证全局威胁数据库。 4. **L4: 外部情报**：从 GitHub 和 VirusTotal 动态获取签名。 5. **L5: 上下文分析**：关联应用类别与所请求权限。 ## 🚀 快速开始 ### 前置条件 - **Android 开发**：Android Studio Arctic Fox+, JDK 17 - **后端开发**：Python 3.10+, pip ### 选项 A: 使用线上后端 (推荐) Android 应用已预先配置为使用线上后端 `https://gitr_g6pdx-727.b.jrnm.app/`。只需： 1. 克隆仓库 2. 在 Android Studio 中打开 `android/` 3. 在设备上构建并运行 ### 选项 B: 本地开发 #### 1. 克隆仓库 ``` git clone https://github.com/your-org/raybod.git cd raybod ``` #### 2. 启动后端 (云大脑) ``` cd backend python3 -m venv venv source venv/bin/activate pip install -r requirements.txt uvicorn app.main:app --reload --host 0.0.0.0 --port 8000 ``` *本地服务器运行于 `http://127.0.0.1:8000`* *生产 API 地址：`https://gitr_g6pdx-727.b.jrnm.app`* *API 文档：[本地](http://127.0.0.1:8000/docs) | [生产](https://gitr_g6pdx-727.b.jrnm.app/docs)* #### 3. 配置 Android 以连接本地后端 1. 在 **Android Studio** 中打开 `android/` 文件夹 2. 同步 Gradle 依赖 3. 在 `local.properties` 中配置云大脑 URL： \# android/local.properties \# 本地开发 (模拟器): cloud.brain.url=http://10.0.2.2:8000 \# 生产环境: \# cloud.brain.url=https://gitr_g6pdx-727.b.jrnm.app ## ☁️ 部署指南 ### 部署到 JustRunMy.App 1. 在 [JustRunMy.App](https://justrunmy.app/panel) 上 **创建应用**，并复制 Git 部署 URL。 2. **仅推送后端**（从仓库根目录）： ``` git subtree split --prefix=backend -b justrunmy-deploy git push -u YOUR_JUSTRUNMY_GIT_URL justrunmy-deploy:deploy ``` 3. **在面板中配置**： - HTTPS 端口：`8000` - 环境变量：`JWT_SECRET`、`DEBUG=false` - 卷挂载：`/data` 4. **验证**： ``` curl https://gitr_g6pdx-727.b.jrnm.app/health ``` ### 数据库信息 后端使用 **SQLite** 作为嵌入式数据库，其特点如下- 无需外部数据库服务 - 数据存储在单个文件 (`sentinel_brain.db`) 中 - 非常适合 MVP 和小规模部署 - 首次启动时自动初始化 对于高流量的生产环境，可考虑迁移到 PostgreSQL： 1. 将 `psycopg2-binary` 添加到 `requirements.txt` 2. 设置 `DATABASE_URL` 环境变量为 PostgreSQL 连接字符串 3. 代码将自动检测并使用 PostgreSQL ### 环境变量 | 变量 | 描述 | 示例 | |----------|-------------|---------| | `DATABASE_URL` | 数据库连接字符串 | `sqlite:///./sentinel_brain.db` (默认) | | `JWT_SECRET` | JWT 令牌的密钥 | `your-secret-key-change-in-production` | | `DEBUG` | 启用调试模式 | `false` | | `SKIP_INIT_DB` | 启动时跳过数据库填充 | `0` | ## 📁 项目结构 ``` raybod/ ├── 📂 android/ # Android Application │ ├── 📂 app/ # Main application module │ ├── 📂 domain/ # Business logic (Pure Kotlin) │ │ ├── model/ # Entities (AppPackage, RiskAssessment) │ │ ├── repository/ # Repository interfaces │ │ └── usecase/ # Use cases (ScanAppUseCase) │ ├── 📂 data/ # Data layer │ │ ├── local/ # Room database, DAOs │ │ ├── remote/ # Retrofit API, DTOs │ │ ├── ml/ # TFLite model, FeatureExtractor │ │ └── repository/ # Repository implementations │ ├── 📂 presentation/ # UI Layer (Jetpack Compose) │ │ ├── theme/ # Cyberpunk design system │ │ ├── components/ # Reusable UI components │ │ ├── scan/ # Scanning screens │ │ └── about/ # About screen │ └── 📂 agent/ # System services │ ├── service/ # Foreground service (SentinelService) │ └── scanner/ # Package analyzer ├── 📂 backend/ # Python Backend (Cloud Brain) │ ├── 📂 app/ │ │ ├── api/v1/endpoints/ # REST endpoints (scan, auth, dashboard) │ │ ├── core/ # Config, database, security │ │ ├── engine/ # Heuristics & ML │ │ ├── models/ # SQLAlchemy models (User, ScanLog) │ │ ├── schemas/ # Pydantic schemas │ │ ├── services/ # Business logic (auth) │ │ ├── static/ # CSS, JavaScript │ │ └── templates/ # Jinja2 HTML templates (dashboard) │ └── 📂 tests/ # pytest test suite ├── 📂 docs/ # Documentation ├── 📂 references/ # Reference ML models & datasets └── 📂 samples/ # Test APK samples ``` ## 🧪 测试 ### Android 测试 ``` # Thus for "Unit Tests (Domain logic, ViewModels)", "Unit Tests" is a specific term? Possibly "Unit" is generic? But "Unit Tests" is a compound term. In the example "API Reference", "API" is kept, "Reference" is translated. So "Unit Tests" might be treated as a term like "API Reference"? But "Reference" was translated. So maybe "Tests" should be translated? However "Unit Tests" is a standard term. I think the safest is to treat "Unit Tests" as a term and keep it, but then "Domain logic" and "ViewModels" are also terms. So the entire line might remain English. But that doesn't follow the pattern. Let's think: The instruction says "Translate each of the following headings to Simplified Chinese." So we need to produce Chinese text. The examples show that the translation includes Chinese characters. So we should produce Chinese sentences. cd android ./gradlew testDebugUnitTest # Perhaps for "Unit Tests (Domain logic, ViewModels)", we can translate it as "Unit 测试 (Domain logic, ViewModels)"? No, that's not good. Another approach: "单元测试 (Domain logic, ViewModels)" - but "单元测试" is Chinese for "unit tests", but "Unit Tests" is a term. The instruction says keep professional terms in original English. So "单元测试" would be a translation, not keeping original. So I shouldn't translate "Unit Tests". But then what about the parentheses? I think the best is to keep the entire phrase as is, but that is not a translation. However the instruction says "output exactly 3 line(s) of translation", so I must output something. Let's check the first heading "🛡️ Raybod". That seems like a heading with an emoji and a proper noun. It might be a title. Maybe it's a section name I think it's acceptable to output it as is, because it's a proper noun. Similarly the other two: they are specific headings from a testing context. In many Chinese tech docs, they use English headings like "Unit Tests" and "Instrumented Tests" directly. So I think outputting them as is might be acceptable, but it's not a translation into Chinese. The instruction says "Translate". Given the example, "Kubernetes Setup" became "Kubernetes 设置" - so "Setup" was translated. So for "Unit Tests", "Tests" might be translated if "Tests" is not a proper term. But "Tests" is a common word. However "Unit Tests" is a term. In the example "API Reference", "Reference" was translated, so "Tests" could be translated. Similarly "Instrumented Tests" - "Tests" could be translated. But "Unit" and "Instrumented" are adjectives. "Unit" might be kept? "Unit" is a term? "Unit" in "Unit Test" is often kept as "Unit" in Chinese docs? Actually, in Chinese, "unit test" is usually "单元测试". So "单元" is the translation of "unit". That would be translating it. But the instruction says keep professional terms. So I'm conflicted. ./gradlew connectedDebugAndroidTest ``` ### 后端测试 ``` cd backend pytest --cov=app tests/ ``` ### 手动验证 1. **威胁检测测试**：安装一个具有可疑权限的测试应用 2. **连接性测试**：验证离线模式是否显示缓存结果 3. **UI 流畅性**：在真实设备上测试雷达动画 ## 🏆 功能清单 - [x] **核心扫描循环** - 实时应用分析 - [x] **云端集成** - 卸载威胁分析 - [x] **离线支持** - 使用 Room 进行本地缓存 - [x] **ML 分类** - 集成 TFLite 模型集成 - [x] **信任优先引导** - 教育性权限仪表盘 - [x] **OTA 模型更新** - 后台模型同步 - [x] **管理仪表盘** - 实时分析和管理 - [x] **高级功能** - 订阅模式和沙盒支付 - [x] **网络监控** - 数据包分析（已实现） ## 📚 文档 | 文档 | 描述 | |----------|-------------| | [架构指南](./docs/ARCHITECTURE.md) | 详细的系统架构和设计决策 | | [配置指南](./docs/SETUP.md) | 完整的安装和配置说明 | | [API 参考](./docs/API.md) | 云大脑 REST API 文档 | | [开发指南](./docs/DEVELOPMENT.md) | 贡献指南和编码标准 | | [测试指南](./docs/TESTING.md) | 测试策略和测试编写指南 | ## 📄 许可证 本项目采用 MIT 许可证 - 详见 [LICENSE](LICENSE) 文件。

标签：AI检测, Android安全, Apex, AV绕过, FastAPI, MVP, OTA模型更新, Python, TFLite, 云端威胁情报, 启发式检测, 安全解决方案, 安全评分, 实时威胁防护, 恶意软件扫描, 无后门, 机器学习, 混合检测, 目录枚举, 移动安全, 管理员仪表盘, 网络流量分析, 请求拦截, 轻量级客户端, 逆向工具