docs: move gRPC/deploy/E2E sections to jni-proxy README

xaionaro@dx.center · xaionaro@dx.center · commit 68ff6de708d9 · 2026-03-16T00:10:48.000Z
The jni README now focuses on core JNI bindings, Android API packages,
and code generation. gRPC remote access, deployment instructions, and
E2E verification details moved to the jni-proxy repository.
diff --git a/README.md b/README.md
@@ -5,7 +5,9 @@
 [![License: CC0-1.0](https://img.shields.io/badge/License-CC0_1.0-lightgrey.svg)](LICENSE)
 [![Go Version](https://img.shields.io/github/go-mod/go-version/AndroidGoLab/jni)](go.mod)
 
-Idiomatic Go bindings for the Java Native Interface and 53 Android Java API packages, auto-generated from YAML specs to ensure full coverage and easy maintenance. Includes a gRPC layer for remote Android API access.
+Idiomatic Go bindings for the Java Native Interface and 53 Android Java API packages, auto-generated from YAML specs to ensure full coverage and easy maintenance.
+
+For remote Android API access over gRPC, see [jni-proxy](https://github.com/AndroidGoLab/jni-proxy).
 
 ## Android Interfaces for Go
 
@@ -276,60 +278,7 @@ flowchart TD
 
 3. **Android API Layer** (53 packages) — High-level wrappers for Android system services. Each package provides a `Manager` type obtained via `NewManager(ctx)`, with methods that call through JNI. Generated by `javagen`.
 
-4. **gRPC Layer** (`grpc/`) — Remote proxy for Android APIs over gRPC. A companion app runs the gRPC server on-device; clients call Android APIs from any machine. Generated by `grpcgen`.
-
-### gRPC Remote Access
-
-The gRPC layer turns any Android phone into a remotely accessible API server. A companion service (`jniservice`) runs on the device — either as an APK (non-rooted) or a Magisk module (rooted, auto-starts on boot). Clients on any machine connect over the network using `jnicli`.
-
-```mermaid
-sequenceDiagram
-    participant Client as jnicli (host)
-    participant Server as jniservice (phone)
-    participant Android as Android APIs
-
-    Client->>Server: auth register (CSR)
-    Server-->>Client: signed client cert + CA cert
-
-    Client->>Server: auth request-permission
-    Server->>Android: launch approval dialog
-    Note over Android: User taps "Approve"
-    Server-->>Client: status: approved
-
-    Client->>Server: location get (mTLS)
-    Server->>Android: LocationManager.getLastKnownLocation()
-    Android-->>Server: Location object
-    Server-->>Client: {lat, lon, alt, accuracy}
-```
-
-Each client registers with a unique certificate (mTLS). Method access is controlled by per-service ACLs — the device owner approves which services each client can use through an on-screen dialog:
-
-```mermaid
-flowchart LR
-    subgraph Client
-        CLI["jnicli"]
-    end
-
-    subgraph "jniservice (on device)"
-        TLS["mTLS gateway"]
-        ACL["Per-service ACL"]
-        SVC["31 Android API\nservices"]
-        RAW["Raw JNI surface"]
-        PROXY["Callback proxy\n(Camera2, etc.)"]
-    end
-
-    CLI -->|client cert| TLS
-    TLS --> ACL
-    ACL -->|"camera.*"| SVC
-    ACL -->|"admin only"| RAW
-    SVC --> Android["Android\nFramework"]
-    RAW --> Android
-    PROXY --> Android
-```
-
-**Available services** include camera, location, bluetooth, WiFi, telephony, battery, power, alarm, vibrator, audio, NFC, notifications, and more (31 services total, ~2000 RPCs). Callback-based APIs (like Camera2) work through a bidirectional streaming proxy with build-time generated adapter classes.
-
-> **Security disclaimer:** This is a hobby/research project. The mTLS + ACL system provides basic access control, but it has not been audited and should not be relied upon for security-critical deployments. The self-signed CA, handle-based object references, and raw JNI surface all have inherent attack surface. Use it on trusted networks for development, testing, and experimentation.
+4. **gRPC Layer** — See [jni-proxy](https://github.com/AndroidGoLab/jni-proxy) for the gRPC remote access layer.
 
 ## Project Layout
 
@@ -338,7 +287,6 @@ flowchart LR
 ├── *.go                          # Core JNI types (VM, Env, Class, Object, ...)
 ├── capi/                         # Raw CGo bindings to JNI C API
 ├── internal/                     # Internal: exception handling, test JVM
-├── handlestore/                  # Object handle mapping for gRPC
 │
 ├── app/                          # Android API wrappers (Java SDK hierarchy)
 │   ├── alarm/, download/, ...
@@ -353,11 +301,6 @@ flowchart LR
 │   ├── power/, battery/, ...
 ├── ...                           # (53 packages total)
 │
-├── grpc/                         # gRPC client/server for remote access
-│   ├── client/
-│   └── server/
-├── proto/                        # Protocol buffer definitions
-│
 ├── tools/                        # Code generators
 │   ├── jnigen/                   #   Core JNI + capi generation
 │   ├── javagen/                  #   Android API package generation
@@ -372,8 +315,7 @@ flowchart LR
 │   └── java/
 │
 ├── ref/android/                  # Reference .class files
-├── examples/                     # Per-package usage examples
-└── e2e/                          # End-to-end tests (Android device)
+└── examples/                     # Per-package usage examples
 ```
 
 ## Make Targets
@@ -386,77 +328,17 @@ flowchart LR
 | `make proto` | Generate .proto files | -- |
 | `make protoc` | Compile .proto to Go stubs | protoc + protoc-gen-go |
 | `make grpc` | Generate gRPC server/client | protoc |
+| `make cli` | Generate jnicli cobra commands | protoc |
 | `make test` | Run all tests | JDK |
 | `make test-tools` | Run generator tests only | -- |
 | `make build` | Cross-compile for android/arm64 | Android NDK |
 | `make lint` | Run golangci-lint | golangci-lint |
 | `make clean` | Remove all generated files | -- |
 
-## Running jniservice on Android
-
-jniservice is a gRPC server that exposes the JNI surface and Android APIs over the network.
-
-### Development (via adb)
-
-```bash
-make deploy                    # build, push, start, forward port
-make deploy HOST_PORT=50052    # use different host port
-make stop-server               # stop the server
-```
-
-### Rooted devices (Magisk module)
-
-Auto-starts on boot. Self-contained — no `make deploy` needed after install.
-
-```bash
-make magisk DIST_GOARCH=arm64                          # build module
-adb push build/jniservice-magisk-arm64-v8a.zip /sdcard/
-adb shell su -c "magisk --install-module /sdcard/jniservice-magisk-arm64-v8a.zip"
-adb reboot                                             # starts on next boot
-```
-
-Configuration: create `/data/local/tmp/jniservice.env` on the device:
-```bash
-JNISERVICE_PORT=50051
-JNISERVICE_TOKEN=my-secret-token
-```
-
-### Non-rooted devices (APK)
-
-Auto-starts on boot via foreground service.
-
-```bash
-make apk DIST_GOARCH=arm64          # build APK
-adb install build/jniservice-arm64-v8a.apk
-```
-
-Open "jniservice" from the launcher once to start the service and register the boot receiver.
-
-### Connecting
-
-```bash
-adb forward tcp:50051 tcp:50051
-jnicli --addr localhost:50051 --insecure jni get-version
-```
-
-## E2E Test Verification
-
-Run `make test-emulator` to test against a connected device or emulator. Tests skip when `JNICTL_E2E_ADDR` is not set.
-
-<details>
-<summary>Verified platforms (click to expand)</summary>
-
-| Type | Device | Android | API | ABI | Build | Date | Passed | Total |
-|------|--------|---------|-----|-----|-------|------|--------|-------|
-| Phone | Pixel 8a | 16 | 36 | arm64-v8a | BP4A.260205.001 | 2026-03-14 | 21 | 21 |
-| Emulator | sdk_gphone64_x86_64 | 15 | 35 | x86_64 | | 2026-03-14 | 21 | 21 |
-
-</details>
-
 ## Adding a New Android API Package
 
 1. Create `spec/java/{package}.yaml` with the Java class, methods, and `go_import` path.
 2. Optionally create `spec/overlays/java/{package}.yaml` for customizations (extra methods, type overrides, name overrides).
 3. Run `make java` to generate the Go package.
-4. Run `make proto protoc grpc` if gRPC support is needed.
+4. For gRPC support, see [jni-proxy](https://github.com/AndroidGoLab/jni-proxy).
 
