🦅 [ZY-SKYEYE-FED] Address code review feedback: token validation, signature logging, remove /tmp write

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/6db75c5d-dcc2-4ab2-90f4-3908bb070e7d
This commit is contained in:
copilot-swe-agent[bot] 2026-03-23 12:29:22 +00:00
parent 0e591734ae
commit 54dc2fbf86
3 changed files with 11 additions and 3 deletions

View File

@ -38,8 +38,13 @@ jobs:
# 读取注册表中的联邦条目
REGISTERED_HASH=$(jq -r ".federation.\"$DEV_ID\".signature_hash" .github/persona-brain/agent-registry.json)
if [ "$REGISTERED_HASH" = "null" ]; then
echo "⚠️ 首次签到 · 注册表中签名为空,接受并记录初始签名"
elif [ "$REGISTERED_HASH" = "$SIG_HASH" ]; then
echo "✅ 身份校验通过(签名匹配)"
fi
if [ "$REGISTERED_HASH" = "null" ] || [ "$REGISTERED_HASH" = "$SIG_HASH" ]; then
echo "✅ 身份校验通过(首次签到或签名匹配)"
# 更新签到记录
jq ".federation.\"$DEV_ID\".last_checkin = \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\" | .federation.\"$DEV_ID\".signature_hash = \"$SIG_HASH\" | .federation.\"$DEV_ID\".status = \"active\"" \
.github/persona-brain/agent-registry.json > /tmp/registry.json

View File

@ -5,6 +5,10 @@ const https = require('https');
const fs = require('fs');
const TOKEN = process.env.MAIN_REPO_TOKEN;
if (!TOKEN) {
console.error('❌ MAIN_REPO_TOKEN 未配置');
process.exit(1);
}
const MAIN_REPO = 'qinfendebingshuo/guanghulab';
// 读取扫描报告

View File

@ -66,5 +66,4 @@ fs.writeFileSync(outputPath, JSON.stringify(report, null, 2));
console.log('🦅 天眼扫描完成');
console.log(JSON.stringify(report, null, 2));
// 导出签名哈希供签到使用
fs.writeFileSync('/tmp/signature_hash.txt', report.signature_hash);
// 签名哈希已包含在 skyeye-report.json 中,签到脚本直接从报告读取