Integrate as a framework
Code looks like an extraction of the app project and not a code for a framework. So, excuse me if it's already integrated as a framework.
For runtime security, it seems to be a minimum requirement to integrate the sensitive part of the code as an internal framework.
Like this, ACL can apply securely, by limiting the risk of security error.
Only public
or open
code will be visible inside the sandboxed environment at runtime.
And, for example, if a malware execute runtime in the app, this protection will ensure another level of security.