sandbox_engine to use. Flatpak uses org.flatpak, maybe use org.firejail?

com.wordpress.firejail

app_id to use. Flatpak uses the flatpak application ID (e.g. org.signal.Signal for the Signal messenger app), maybe use the name of the profile in use?

Sounds good. But consider default.profile and --noprofile. There's also --name and the name of the binary.

For what is the name used? Does a random name make sense, problems?

instance_id to use. Has to be unique to the currently running sandbox and should never be reused. Just use a (secure) random identifier from /dev/urandom or similar?

Since pids can get reused, a random id (maybe /proc/sys/kernel/random/uuid) soudns good to me.

We do not have anything like a unique instance identifier (usually pids are used) in firejail yet, so it can not be used for anything else.

profiles: check which programs can run natively under wayland. Start by looking for programs whitelisting the wayland socket and go from there.

Adding a new feature (--wayland in that case) in a first PR and adding it to supported profiles is a code practise to keep PRs reviewable (also the reviewer might differ).

sandbox_engine to use. Flatpak uses org.flatpak, maybe use org.firejail?

com.wordpress.firejail

makes sense

app_id to use. Flatpak uses the flatpak application ID (e.g. org.signal.Signal for the Signal messenger app), maybe use the name of the profile in use?

Sounds good. But consider default.profile and --noprofile. There's also --name and the name of the binary.

For what is the name used? Does a random name make sense, problems?

From the wayland protocol:

The application ID is an opaque, sandbox-specific identifier for an
application. See the well-known engines document for more details:
https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md

The compositor may use the application ID to group clients belonging to
the same security context application.

So it should not be random, and it should be the same for every instance of the running program, so it should probably not be the sandbox name either.

On second thought the profile name may not be suited for this as it does not identify the actually running program since you can just use --profile= to use a different one. Using the full path to the binary would work better, but it might change across OSes, and I'm not sure if some compositors have a maximum length for this that is lower than the maximum path lenght on common filesystems.

instance_id to use. Has to be unique to the currently running sandbox and should never be reused. Just use a (secure) random identifier from /dev/urandom or similar?

Since pids can get reused, a random id (maybe /proc/sys/kernel/random/uuid) soudns good to me.

We do not have anything like a unique instance identifier (usually pids are used) in firejail yet, so it can not be used for anything else.

It's mostly just a way for compositors to identify a running instance in a race free way, I would just use a secure random source that's easy to call.

profiles: check which programs can run natively under wayland. Start by looking for programs whitelisting the wayland socket and go from there.

Adding a new feature (--wayland in that case) in a first PR and adding it to supported profiles is a code practise to keep PRs reviewable (also the reviewer might differ).

Sounds reasonable. I'll keep it here as a reminder, for the time being and open a new PR if this one has been merged.