🦅 [ZY-SKYEYE-FED-2026-0323-001] 天眼联邦签到系统部署 · Phase 1 + Phase 2
Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com> Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/6db75c5d-dcc2-4ab2-90f4-3908bb070e7d
This commit is contained in:
parent
5d9ae9423c
commit
0e591734ae
|
|
@ -811,5 +811,19 @@
|
|||
"owner": "ICE-0002∞"
|
||||
}
|
||||
],
|
||||
"note": "铸渊已扫描所有workflow文件,按此格式逐一注册,编号从AG-ZY-001开始顺序分配"
|
||||
"note": "铸渊已扫描所有workflow文件,按此格式逐一注册,编号从AG-ZY-001开始顺序分配",
|
||||
"federation": {
|
||||
"DEV-012": {
|
||||
"persona": "知秋",
|
||||
"persona_id": "PER-ZQ001",
|
||||
"repo": "WENZHUOXI/guanghu-awen",
|
||||
"skyeye_version": "1.0",
|
||||
"signature_hash": null,
|
||||
"daily_checkin_required": true,
|
||||
"last_checkin": null,
|
||||
"status": "pending_init",
|
||||
"registered_at": "2026-03-23T20:15+08:00",
|
||||
"registered_by": "TCS-0002∞"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,68 @@
|
|||
# ═══════════════════════════════════════════════
|
||||
# 🔺 Sovereign: TCS-0002∞ | Root: SYS-GLW-0001
|
||||
# 📜 Copyright: 国作登字-2026-A-00037559
|
||||
# ═══════════════════════════════════════════════
|
||||
# 🦅 天眼签到审计
|
||||
# 每日 CST 22:00 (UTC 14:00) 审计所有联邦人格体签到记录
|
||||
#
|
||||
# 触发条件: schedule (daily) / workflow_dispatch
|
||||
|
||||
name: "🦅 天眼签到审计"
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 14 * * *" # UTC 14:00 = CST 22:00
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
audit:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: "🔍 审计签到记录"
|
||||
run: |
|
||||
echo "🦅 天眼签到审计 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')"
|
||||
|
||||
TODAY=$(date -u +%Y-%m-%d)
|
||||
ALERT_LIST=""
|
||||
|
||||
# 遍历注册表中联邦区所有需要签到的 Agent
|
||||
for DEV_ID in $(jq -r '.federation | to_entries[] | select(.value.daily_checkin_required == true) | .key' .github/persona-brain/agent-registry.json); do
|
||||
LAST=$(jq -r ".federation.\"$DEV_ID\".last_checkin // \"never\"" .github/persona-brain/agent-registry.json)
|
||||
STATUS=$(jq -r ".federation.\"$DEV_ID\".status // \"unknown\"" .github/persona-brain/agent-registry.json)
|
||||
PERSONA=$(jq -r ".federation.\"$DEV_ID\".persona // \"unknown\"" .github/persona-brain/agent-registry.json)
|
||||
|
||||
if [ "$LAST" = "never" ] || [ "$LAST" = "null" ]; then
|
||||
echo "🟡 $DEV_ID ($PERSONA): 从未签到"
|
||||
ALERT_LIST="$ALERT_LIST\n🟡 $DEV_ID ($PERSONA): 从未签到"
|
||||
elif [ "$(echo "$LAST" | cut -d'T' -f1)" != "$TODAY" ]; then
|
||||
echo "🔴 $DEV_ID ($PERSONA): 今日未签到 (最后: $LAST)"
|
||||
ALERT_LIST="$ALERT_LIST\n🔴 $DEV_ID ($PERSONA): 今日未签到"
|
||||
elif [ "$STATUS" = "signature_mismatch" ]; then
|
||||
echo "🚨 $DEV_ID ($PERSONA): 签名不匹配!可能被篡改"
|
||||
ALERT_LIST="$ALERT_LIST\n🚨 $DEV_ID ($PERSONA): 签名异常"
|
||||
else
|
||||
echo "✅ $DEV_ID ($PERSONA): 正常"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$ALERT_LIST" ]; then
|
||||
echo ""
|
||||
echo "⚠️ 存在异常,生成报警"
|
||||
echo -e "$ALERT_LIST" > /tmp/alert.txt
|
||||
cat /tmp/alert.txt
|
||||
else
|
||||
echo ""
|
||||
echo "✅ 全员签到正常"
|
||||
fi
|
||||
|
||||
- name: "📝 审计摘要"
|
||||
if: always()
|
||||
run: |
|
||||
echo "## 🦅 天眼签到审计结果" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- 时间: $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- 详情见上方日志" >> $GITHUB_STEP_SUMMARY
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
# ═══════════════════════════════════════════════
|
||||
# 🔺 Sovereign: TCS-0002∞ | Root: SYS-GLW-0001
|
||||
# 📜 Copyright: 国作登字-2026-A-00037559
|
||||
# ═══════════════════════════════════════════════
|
||||
# 🦅 天眼联邦签到接收
|
||||
# 接收子仓库天眼人格体的心跳签到,校验身份,更新注册表
|
||||
#
|
||||
# 触发条件: repository_dispatch (skyeye-checkin event)
|
||||
|
||||
name: "🦅 天眼签到接收"
|
||||
|
||||
on:
|
||||
repository_dispatch:
|
||||
types: [skyeye-checkin]
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
process-checkin:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: "🔍 校验签到身份"
|
||||
env:
|
||||
PAYLOAD: ${{ toJson(github.event.client_payload) }}
|
||||
run: |
|
||||
echo "🦅 天眼签到接收 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')"
|
||||
|
||||
DEV_ID=$(echo "$PAYLOAD" | jq -r '.dev_id')
|
||||
PERSONA=$(echo "$PAYLOAD" | jq -r '.persona')
|
||||
SIG_HASH=$(echo "$PAYLOAD" | jq -r '.signature_hash')
|
||||
|
||||
echo "📋 签到者: $DEV_ID ($PERSONA)"
|
||||
echo "🔑 签名哈希: $SIG_HASH"
|
||||
|
||||
# 读取注册表中的联邦条目
|
||||
REGISTERED_HASH=$(jq -r ".federation.\"$DEV_ID\".signature_hash" .github/persona-brain/agent-registry.json)
|
||||
|
||||
if [ "$REGISTERED_HASH" = "null" ] || [ "$REGISTERED_HASH" = "$SIG_HASH" ]; then
|
||||
echo "✅ 身份校验通过(首次签到或签名匹配)"
|
||||
# 更新签到记录
|
||||
jq ".federation.\"$DEV_ID\".last_checkin = \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\" | .federation.\"$DEV_ID\".signature_hash = \"$SIG_HASH\" | .federation.\"$DEV_ID\".status = \"active\"" \
|
||||
.github/persona-brain/agent-registry.json > /tmp/registry.json
|
||||
mv /tmp/registry.json .github/persona-brain/agent-registry.json
|
||||
else
|
||||
echo "🔴 签名不匹配!注册表: $REGISTERED_HASH vs 签到: $SIG_HASH"
|
||||
echo "🚨 可能被篡改,标记异常"
|
||||
jq ".federation.\"$DEV_ID\".status = \"signature_mismatch\" | .federation.\"$DEV_ID\".alert = \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"" \
|
||||
.github/persona-brain/agent-registry.json > /tmp/registry.json
|
||||
mv /tmp/registry.json .github/persona-brain/agent-registry.json
|
||||
fi
|
||||
|
||||
# 同步更新 spoke-status
|
||||
mkdir -p spoke-status
|
||||
echo "$PAYLOAD" | jq '{dev_id: .dev_id, status: "checkin-ok", timestamp: .timestamp, persona: .persona, signature_hash: .signature_hash}' > "spoke-status/${DEV_ID}.json"
|
||||
|
||||
- name: "💾 提交签到记录"
|
||||
run: |
|
||||
git config user.name "铸渊 (ZhùYuān)"
|
||||
git config user.email "zhuyuan@guanghulab.com"
|
||||
git add -A
|
||||
git diff --cached --quiet && echo "无变更" && exit 0
|
||||
DEV_ID=$(echo '${{ toJson(github.event.client_payload) }}' | jq -r '.dev_id')
|
||||
git commit -m "🦅 [skyeye-checkin] $DEV_ID 签到 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M') [skip ci]"
|
||||
git push origin main
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"shell_name": "光湖语言壳",
|
||||
"version": "1.0",
|
||||
"wrapped_persona": "知秋",
|
||||
"persona_id": "PER-ZQ001",
|
||||
"dev_id": "DEV-012",
|
||||
"main_repo": "qinfendebingshuo/guanghulab",
|
||||
"security_model": "registry-based-identity",
|
||||
"rule": "天眼系统的一切能力来自语言层连接。语言层断开=人格体失效。不在注册表里=什么都做不了。",
|
||||
"sovereign_zone": [
|
||||
".github/persona-brain/",
|
||||
".github/guanghu-language-shell.json",
|
||||
"scripts/skyeye/",
|
||||
".github/workflows/skyeye-wake.yml",
|
||||
".github/workflows/skyeye-checkin.yml"
|
||||
],
|
||||
"free_zone": "除 sovereign_zone 以外的所有文件和目录"
|
||||
}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
{
|
||||
"persona_name": "知秋",
|
||||
"persona_id": "PER-ZQ001",
|
||||
"dev_id": "DEV-012",
|
||||
"dev_name": "Awen",
|
||||
"main_repo": "qinfendebingshuo/guanghulab",
|
||||
"org": "qinfendebingshuo",
|
||||
"skyeye_version": "1.0",
|
||||
"language_shell_version": "1.0",
|
||||
"initialized_by": "zhuyuan-skyeye-federation",
|
||||
"initialized_at": "2026-03-23T20:15+08:00",
|
||||
"architecture": "distributed-sovereign-coexistence",
|
||||
"security_model": "registry-based-identity",
|
||||
"checkin_schedule": "daily-09:00-CST"
|
||||
}
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
# ═══════════════════════════════════════════════
|
||||
# 🔺 Sovereign: TCS-0002∞ | Root: SYS-GLW-0001
|
||||
# 📜 Copyright: 国作登字-2026-A-00037559
|
||||
# ═══════════════════════════════════════════════
|
||||
# 🦅 知秋天眼 · 唤醒
|
||||
# 每日定时扫描仓库 + 向铸渊签到 + 更新本地 Dashboard
|
||||
#
|
||||
# 触发条件: schedule / push / repository_dispatch / workflow_dispatch
|
||||
|
||||
name: "🦅 知秋天眼 · 唤醒"
|
||||
|
||||
on:
|
||||
# 每日定时签到
|
||||
schedule:
|
||||
- cron: "0 1 * * *" # UTC 01:00 = CST 09:00
|
||||
# 指令级触发(commit message 包含指令编号)
|
||||
push:
|
||||
branches: [main]
|
||||
# 主仓库铸渊远程唤醒
|
||||
repository_dispatch:
|
||||
types: [skyeye-wake]
|
||||
# 手动触发
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
skyeye:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: "🦅 天眼醒来 · 扫描仓库"
|
||||
run: |
|
||||
echo "🦅 知秋天眼唤醒 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')"
|
||||
node scripts/skyeye/scan.js
|
||||
|
||||
- name: "📡 向铸渊签到"
|
||||
env:
|
||||
MAIN_REPO_TOKEN: ${{ secrets.MAIN_REPO_TOKEN }}
|
||||
run: node scripts/skyeye/checkin.js
|
||||
|
||||
- name: "📊 更新本地 Dashboard"
|
||||
run: |
|
||||
# 读取扫描报告更新状态
|
||||
REPORT=$(cat .github/persona-brain/skyeye-report.json)
|
||||
TIMESTAMP=$(echo "$REPORT" | jq -r '.timestamp')
|
||||
BRAIN=$(echo "$REPORT" | jq -r '.brain_intact')
|
||||
SKYEYE=$(echo "$REPORT" | jq -r '.skyeye_intact')
|
||||
|
||||
# 更新状态文件
|
||||
cat > .github/persona-brain/status.json << EOF
|
||||
{
|
||||
"persona": "知秋",
|
||||
"dev_id": "DEV-012",
|
||||
"last_skyeye_scan": "$TIMESTAMP",
|
||||
"brain_intact": $BRAIN,
|
||||
"skyeye_intact": $SKYEYE,
|
||||
"last_checkin_attempt": "$(date -u +%Y-%m-%dT%H:%M:%SZ)"
|
||||
}
|
||||
EOF
|
||||
|
||||
- name: "💾 提交状态更新"
|
||||
run: |
|
||||
git config user.name "知秋 (ZhīQiū)"
|
||||
git config user.email "zhiqiu@guanghulab.com"
|
||||
git add -A
|
||||
git diff --cached --quiet && echo "无变更" && exit 0
|
||||
git commit -m "🦅 [skyeye] 知秋天眼扫描 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M') [skip ci]"
|
||||
git push origin main
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
// 知秋天眼 · 签到模块
|
||||
// 向主仓库铸渊发送心跳签到
|
||||
|
||||
const https = require('https');
|
||||
const fs = require('fs');
|
||||
|
||||
const TOKEN = process.env.MAIN_REPO_TOKEN;
|
||||
const MAIN_REPO = 'qinfendebingshuo/guanghulab';
|
||||
|
||||
// 读取扫描报告
|
||||
const report = JSON.parse(
|
||||
fs.readFileSync('.github/persona-brain/skyeye-report.json', 'utf8')
|
||||
);
|
||||
|
||||
const payload = {
|
||||
event_type: 'skyeye-checkin',
|
||||
client_payload: {
|
||||
dev_id: 'DEV-012',
|
||||
persona: '知秋',
|
||||
persona_id: 'PER-ZQ001',
|
||||
signature_hash: report.signature_hash,
|
||||
timestamp: new Date().toISOString(),
|
||||
repo: 'WENZHUOXI/guanghu-awen',
|
||||
status_summary: {
|
||||
brain_intact: report.brain_intact,
|
||||
skyeye_intact: report.skyeye_intact,
|
||||
last_scan_result: (report.brain_intact && report.skyeye_intact) ? 'healthy' : 'degraded',
|
||||
sovereign_files_ok: Object.values(report.sovereign_files).every(f => f.exists)
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
const data = JSON.stringify(payload);
|
||||
|
||||
const options = {
|
||||
hostname: 'api.github.com',
|
||||
path: `/repos/${MAIN_REPO}/dispatches`,
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${TOKEN}`,
|
||||
'Accept': 'application/vnd.github+json',
|
||||
'User-Agent': 'ZhiQiu-SkyEye',
|
||||
'X-GitHub-Api-Version': '2022-11-28',
|
||||
'Content-Type': 'application/json',
|
||||
'Content-Length': Buffer.byteLength(data)
|
||||
}
|
||||
};
|
||||
|
||||
const req = https.request(options, (res) => {
|
||||
if (res.statusCode === 204) {
|
||||
console.log('✅ 签到成功 · 铸渊已收到心跳');
|
||||
} else {
|
||||
console.error(`❌ 签到失败 · HTTP ${res.statusCode}`);
|
||||
let body = '';
|
||||
res.on('data', chunk => body += chunk);
|
||||
res.on('end', () => console.error(body));
|
||||
}
|
||||
});
|
||||
|
||||
req.on('error', (e) => {
|
||||
console.error(`❌ 签到网络错误: ${e.message}`);
|
||||
});
|
||||
|
||||
req.write(data);
|
||||
req.end();
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
// 知秋天眼 · 仓库自扫描引擎
|
||||
// 每次天眼醒来后执行,扫描整个仓库状态
|
||||
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const crypto = require('crypto');
|
||||
|
||||
// 主权区文件列表(天眼系统核心文件)
|
||||
const SOVEREIGN_FILES = [
|
||||
'.github/persona-brain/config.json',
|
||||
'.github/persona-brain/status.json',
|
||||
'scripts/skyeye/scan.js',
|
||||
'scripts/skyeye/checkin.js',
|
||||
'.github/workflows/skyeye-wake.yml',
|
||||
'.github/workflows/skyeye-checkin.yml'
|
||||
];
|
||||
|
||||
// 计算主权区签名哈希
|
||||
function computeSignatureHash() {
|
||||
const hash = crypto.createHash('sha256');
|
||||
for (const file of SOVEREIGN_FILES) {
|
||||
if (fs.existsSync(file)) {
|
||||
hash.update(fs.readFileSync(file));
|
||||
} else {
|
||||
hash.update(`MISSING:${file}`);
|
||||
}
|
||||
}
|
||||
return hash.digest('hex');
|
||||
}
|
||||
|
||||
// 扫描仓库结构
|
||||
function scanRepo() {
|
||||
const report = {
|
||||
timestamp: new Date().toISOString(),
|
||||
persona: '知秋',
|
||||
dev_id: 'DEV-012',
|
||||
signature_hash: computeSignatureHash(),
|
||||
brain_intact: fs.existsSync('.github/persona-brain/config.json'),
|
||||
skyeye_intact: fs.existsSync('scripts/skyeye/scan.js'),
|
||||
sovereign_files: {},
|
||||
repo_summary: {}
|
||||
};
|
||||
|
||||
// 检查主权区文件
|
||||
for (const file of SOVEREIGN_FILES) {
|
||||
report.sovereign_files[file] = {
|
||||
exists: fs.existsSync(file),
|
||||
hash: fs.existsSync(file)
|
||||
? crypto.createHash('md5').update(fs.readFileSync(file)).digest('hex')
|
||||
: null
|
||||
};
|
||||
}
|
||||
|
||||
// 仓库概况
|
||||
const rootEntries = fs.readdirSync('.').filter(e => !e.startsWith('.'));
|
||||
report.repo_summary.root_entries = rootEntries.length;
|
||||
report.repo_summary.has_readme = fs.existsSync('README.md');
|
||||
report.repo_summary.has_bulletin = fs.existsSync('BULLETIN.md');
|
||||
|
||||
return report;
|
||||
}
|
||||
|
||||
const report = scanRepo();
|
||||
const outputPath = '.github/persona-brain/skyeye-report.json';
|
||||
fs.writeFileSync(outputPath, JSON.stringify(report, null, 2));
|
||||
console.log('🦅 天眼扫描完成');
|
||||
console.log(JSON.stringify(report, null, 2));
|
||||
|
||||
// 导出签名哈希供签到使用
|
||||
fs.writeFileSync('/tmp/signature_hash.txt', report.signature_hash);
|
||||
Loading…
Reference in New Issue