diff --git a/.gitignore b/.gitignore
index 89781e7..0fbb8ee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,7 +26,6 @@ go.work.sum
 .vscode
 
 # go generate
-security-context-v1-protocol.*
 /cmd/hakurei/LICENSE
 
 # release
diff --git a/sandbox/wl/security-context-v1-protocol.c b/sandbox/wl/security-context-v1-protocol.c
new file mode 100644
index 0000000..5b15b1b
--- /dev/null
+++ b/sandbox/wl/security-context-v1-protocol.c
@@ -0,0 +1,74 @@
+/* Generated by wayland-scanner 1.23.1 */
+
+/*
+ * Copyright © 2021 Simon Ser
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#include <stdbool.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include "wayland-util.h"
+
+#ifndef __has_attribute
+# define __has_attribute(x) 0  /* Compatibility with non-clang compilers. */
+#endif
+
+#if (__has_attribute(visibility) || defined(__GNUC__) && __GNUC__ >= 4)
+#define WL_PRIVATE __attribute__ ((visibility("hidden")))
+#else
+#define WL_PRIVATE
+#endif
+
+extern const struct wl_interface wp_security_context_v1_interface;
+
+static const struct wl_interface *security_context_v1_types[] = {
+	NULL,
+	&wp_security_context_v1_interface,
+	NULL,
+	NULL,
+};
+
+static const struct wl_message wp_security_context_manager_v1_requests[] = {
+	{ "destroy", "", security_context_v1_types + 0 },
+	{ "create_listener", "nhh", security_context_v1_types + 1 },
+};
+
+WL_PRIVATE const struct wl_interface wp_security_context_manager_v1_interface = {
+	"wp_security_context_manager_v1", 1,
+	2, wp_security_context_manager_v1_requests,
+	0, NULL,
+};
+
+static const struct wl_message wp_security_context_v1_requests[] = {
+	{ "destroy", "", security_context_v1_types + 0 },
+	{ "set_sandbox_engine", "s", security_context_v1_types + 0 },
+	{ "set_app_id", "s", security_context_v1_types + 0 },
+	{ "set_instance_id", "s", security_context_v1_types + 0 },
+	{ "commit", "", security_context_v1_types + 0 },
+};
+
+WL_PRIVATE const struct wl_interface wp_security_context_v1_interface = {
+	"wp_security_context_v1", 1,
+	5, wp_security_context_v1_requests,
+	0, NULL,
+};
+
diff --git a/sandbox/wl/security-context-v1-protocol.h b/sandbox/wl/security-context-v1-protocol.h
new file mode 100644
index 0000000..f973619
--- /dev/null
+++ b/sandbox/wl/security-context-v1-protocol.h
@@ -0,0 +1,392 @@
+/* Generated by wayland-scanner 1.23.1 */
+
+#ifndef SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
+#define SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
+
+#include <stdint.h>
+#include <stddef.h>
+#include "wayland-client.h"
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @page page_security_context_v1 The security_context_v1 protocol
+ * @section page_ifaces_security_context_v1 Interfaces
+ * - @subpage page_iface_wp_security_context_manager_v1 - client security context manager
+ * - @subpage page_iface_wp_security_context_v1 - client security context
+ * @section page_copyright_security_context_v1 Copyright
+ * <pre>
+ *
+ * Copyright © 2021 Simon Ser
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ * </pre>
+ */
+struct wp_security_context_manager_v1;
+struct wp_security_context_v1;
+
+#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
+#define WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
+/**
+ * @page page_iface_wp_security_context_manager_v1 wp_security_context_manager_v1
+ * @section page_iface_wp_security_context_manager_v1_desc Description
+ *
+ * This interface allows a client to register a new Wayland connection to
+ * the compositor and attach a security context to it.
+ *
+ * This is intended to be used by sandboxes. Sandbox engines attach a
+ * security context to all connections coming from inside the sandbox. The
+ * compositor can then restrict the features that the sandboxed connections
+ * can use.
+ *
+ * Compositors should forbid nesting multiple security contexts by not
+ * exposing wp_security_context_manager_v1 global to clients with a security
+ * context attached, or by sending the nested protocol error. Nested
+ * security contexts are dangerous because they can potentially allow
+ * privilege escalation of a sandboxed client.
+ *
+ * Warning! The protocol described in this file is currently in the testing
+ * phase. Backward compatible changes may be added together with the
+ * corresponding interface version bump. Backward incompatible changes can
+ * only be done by creating a new major version of the extension.
+ * @section page_iface_wp_security_context_manager_v1_api API
+ * See @ref iface_wp_security_context_manager_v1.
+ */
+/**
+ * @defgroup iface_wp_security_context_manager_v1 The wp_security_context_manager_v1 interface
+ *
+ * This interface allows a client to register a new Wayland connection to
+ * the compositor and attach a security context to it.
+ *
+ * This is intended to be used by sandboxes. Sandbox engines attach a
+ * security context to all connections coming from inside the sandbox. The
+ * compositor can then restrict the features that the sandboxed connections
+ * can use.
+ *
+ * Compositors should forbid nesting multiple security contexts by not
+ * exposing wp_security_context_manager_v1 global to clients with a security
+ * context attached, or by sending the nested protocol error. Nested
+ * security contexts are dangerous because they can potentially allow
+ * privilege escalation of a sandboxed client.
+ *
+ * Warning! The protocol described in this file is currently in the testing
+ * phase. Backward compatible changes may be added together with the
+ * corresponding interface version bump. Backward incompatible changes can
+ * only be done by creating a new major version of the extension.
+ */
+extern const struct wl_interface wp_security_context_manager_v1_interface;
+#endif
+#ifndef WP_SECURITY_CONTEXT_V1_INTERFACE
+#define WP_SECURITY_CONTEXT_V1_INTERFACE
+/**
+ * @page page_iface_wp_security_context_v1 wp_security_context_v1
+ * @section page_iface_wp_security_context_v1_desc Description
+ *
+ * The security context allows a client to register a new client and attach
+ * security context metadata to the connections.
+ *
+ * When both are set, the combination of the application ID and the sandbox
+ * engine must uniquely identify an application. The same application ID
+ * will be used across instances (e.g. if the application is restarted, or
+ * if the application is started multiple times).
+ *
+ * When both are set, the combination of the instance ID and the sandbox
+ * engine must uniquely identify a running instance of an application.
+ * @section page_iface_wp_security_context_v1_api API
+ * See @ref iface_wp_security_context_v1.
+ */
+/**
+ * @defgroup iface_wp_security_context_v1 The wp_security_context_v1 interface
+ *
+ * The security context allows a client to register a new client and attach
+ * security context metadata to the connections.
+ *
+ * When both are set, the combination of the application ID and the sandbox
+ * engine must uniquely identify an application. The same application ID
+ * will be used across instances (e.g. if the application is restarted, or
+ * if the application is started multiple times).
+ *
+ * When both are set, the combination of the instance ID and the sandbox
+ * engine must uniquely identify a running instance of an application.
+ */
+extern const struct wl_interface wp_security_context_v1_interface;
+#endif
+
+#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
+#define WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
+enum wp_security_context_manager_v1_error {
+	/**
+	 * listening socket FD is invalid
+	 */
+	WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_INVALID_LISTEN_FD = 1,
+	/**
+	 * nested security contexts are forbidden
+	 */
+	WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_NESTED = 2,
+};
+#endif /* WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM */
+
+#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY 0
+#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER 1
+
+
+/**
+ * @ingroup iface_wp_security_context_manager_v1
+ */
+#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_manager_v1
+ */
+#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER_SINCE_VERSION 1
+
+/** @ingroup iface_wp_security_context_manager_v1 */
+static inline void
+wp_security_context_manager_v1_set_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, void *user_data)
+{
+	wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_manager_v1, user_data);
+}
+
+/** @ingroup iface_wp_security_context_manager_v1 */
+static inline void *
+wp_security_context_manager_v1_get_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
+{
+	return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_manager_v1);
+}
+
+static inline uint32_t
+wp_security_context_manager_v1_get_version(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
+{
+	return wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1);
+}
+
+/**
+ * @ingroup iface_wp_security_context_manager_v1
+ *
+ * Destroy the manager. This doesn't destroy objects created with the
+ * manager.
+ */
+static inline void
+wp_security_context_manager_v1_destroy(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
+			 WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), WL_MARSHAL_FLAG_DESTROY);
+}
+
+/**
+ * @ingroup iface_wp_security_context_manager_v1
+ *
+ * Creates a new security context with a socket listening FD.
+ *
+ * The compositor will accept new client connections on listen_fd.
+ * listen_fd must be ready to accept new connections when this request is
+ * sent by the client. In other words, the client must call bind(2) and
+ * listen(2) before sending the FD.
+ *
+ * close_fd is a FD that will signal hangup when the compositor should stop
+ * accepting new connections on listen_fd.
+ *
+ * The compositor must continue to accept connections on listen_fd when
+ * the Wayland client which created the security context disconnects.
+ *
+ * After sending this request, closing listen_fd and close_fd remains the
+ * only valid operation on them.
+ */
+static inline struct wp_security_context_v1 *
+wp_security_context_manager_v1_create_listener(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, int32_t listen_fd, int32_t close_fd)
+{
+	struct wl_proxy *id;
+
+	id = wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
+			 WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER, &wp_security_context_v1_interface, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), 0, NULL, listen_fd, close_fd);
+
+	return (struct wp_security_context_v1 *) id;
+}
+
+#ifndef WP_SECURITY_CONTEXT_V1_ERROR_ENUM
+#define WP_SECURITY_CONTEXT_V1_ERROR_ENUM
+enum wp_security_context_v1_error {
+	/**
+	 * security context has already been committed
+	 */
+	WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_USED = 1,
+	/**
+	 * metadata has already been set
+	 */
+	WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_SET = 2,
+	/**
+	 * metadata is invalid
+	 */
+	WP_SECURITY_CONTEXT_V1_ERROR_INVALID_METADATA = 3,
+};
+#endif /* WP_SECURITY_CONTEXT_V1_ERROR_ENUM */
+
+#define WP_SECURITY_CONTEXT_V1_DESTROY 0
+#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE 1
+#define WP_SECURITY_CONTEXT_V1_SET_APP_ID 2
+#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID 3
+#define WP_SECURITY_CONTEXT_V1_COMMIT 4
+
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_DESTROY_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_SET_APP_ID_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_COMMIT_SINCE_VERSION 1
+
+/** @ingroup iface_wp_security_context_v1 */
+static inline void
+wp_security_context_v1_set_user_data(struct wp_security_context_v1 *wp_security_context_v1, void *user_data)
+{
+	wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_v1, user_data);
+}
+
+/** @ingroup iface_wp_security_context_v1 */
+static inline void *
+wp_security_context_v1_get_user_data(struct wp_security_context_v1 *wp_security_context_v1)
+{
+	return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_v1);
+}
+
+static inline uint32_t
+wp_security_context_v1_get_version(struct wp_security_context_v1 *wp_security_context_v1)
+{
+	return wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Destroy the security context object.
+ */
+static inline void
+wp_security_context_v1_destroy(struct wp_security_context_v1 *wp_security_context_v1)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), WL_MARSHAL_FLAG_DESTROY);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Attach a unique sandbox engine name to the security context. The name
+ * should follow the reverse-DNS style (e.g. "org.flatpak").
+ *
+ * A list of well-known engines is maintained at:
+ * https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
+ *
+ * It is a protocol error to call this request twice. The already_set
+ * error is sent in this case.
+ */
+static inline void
+wp_security_context_v1_set_sandbox_engine(struct wp_security_context_v1 *wp_security_context_v1, const char *name)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, name);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Attach an application ID to the security context.
+ *
+ * The application ID is an opaque, sandbox-specific identifier for an
+ * application. See the well-known engines document for more details:
+ * https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
+ *
+ * The compositor may use the application ID to group clients belonging to
+ * the same security context application.
+ *
+ * Whether this request is optional or not depends on the sandbox engine used.
+ *
+ * It is a protocol error to call this request twice. The already_set
+ * error is sent in this case.
+ */
+static inline void
+wp_security_context_v1_set_app_id(struct wp_security_context_v1 *wp_security_context_v1, const char *app_id)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_SET_APP_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, app_id);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Attach an instance ID to the security context.
+ *
+ * The instance ID is an opaque, sandbox-specific identifier for a running
+ * instance of an application. See the well-known engines document for
+ * more details:
+ * https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
+ *
+ * Whether this request is optional or not depends on the sandbox engine used.
+ *
+ * It is a protocol error to call this request twice. The already_set
+ * error is sent in this case.
+ */
+static inline void
+wp_security_context_v1_set_instance_id(struct wp_security_context_v1 *wp_security_context_v1, const char *instance_id)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, instance_id);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Atomically register the new client and attach the security context
+ * metadata.
+ *
+ * If the provided metadata is inconsistent or does not match with out of
+ * band metadata (see
+ * https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md),
+ * the invalid_metadata error may be sent eventually.
+ *
+ * It's a protocol error to send any request other than "destroy" after
+ * this request. In this case, the already_used error is sent.
+ */
+static inline void
+wp_security_context_v1_commit(struct wp_security_context_v1 *wp_security_context_v1)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_COMMIT, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0);
+}
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif