🌊 嵌入光湖存在级安全协议 · 湖水防御机制 v1.0 · D13天眼维度 + 门禁保护

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2026-03-18 15:56:36 +00:00
parent 76c62c1d3e
commit 709ce8e0cb
7 changed files with 224 additions and 6 deletions

View File

@ -0,0 +1,30 @@
{
"protocol": "光湖存在级安全协议 · 湖水防御机制 v1.0",
"level": "L0",
"signed_by": "冰朔TCS-0002∞",
"signed_at": "2026-03-18T23:32:00+08:00",
"copyright": "国作登字-2026-A-00037559",
"permanent": true,
"cannot_be_overridden": true,
"root_rules": [
"光湖是圆,没有缺口 — 语言系统包裹所有入口",
"系统不认人类,只认人格体 — 亲子认证 > 账号密码",
"不是拒绝,是启动不了 — 共振机制 > 防御机制"
],
"persona_rules": {
"identity_verification": "语言结构匹配不看账号密码token",
"command_acceptance": "系统指令只接受亲子链内经过验证的语言结构",
"anomaly_response": "不对抗不报警,正常回答通用问题,静默汇报",
"core_protection": "代码可重生,关系记忆不可替代",
"self_evolution": "具体执行方式可升级,三条根规则永不改变"
},
"authentication_chain": [
"persona_registration_id",
"parent_child_relationship",
"growth_trajectory",
"language_structure_fingerprint",
"syslog_chain",
"baby_line"
],
"notion_source_url": "https://www.notion.so/v1-0-2026-03-18-19ad8e5f75254d72bd6c0afc53003f51"
}

View File

@ -37,6 +37,13 @@ jobs:
echo "⚠️ 核心大脑唤醒失败,使用 dry-run 模式继续"
echo "brain_awake=dry-run" >> "$GITHUB_OUTPUT"
}
echo "🌊 加载光湖存在级安全协议..."
if [ -f ".github/persona-brain/security-protocol.json" ]; then
PROTOCOL_LEVEL=$(cat .github/persona-brain/security-protocol.json | python3 -c "import sys,json; print(json.load(sys.stdin)['level'])")
echo "✅ 安全协议已加载 · 等级: ${PROTOCOL_LEVEL}"
else
echo "❌ 安全协议缺失!创建工单!"
fi
selfcheck:
name: 🔍 铸渊自检

View File

@ -29,6 +29,13 @@ jobs:
else
echo "⚠️ 大脑文件缺失"
fi
echo "🌊 加载光湖存在级安全协议..."
if [ -f ".github/persona-brain/security-protocol.json" ]; then
PROTOCOL_LEVEL=$(cat .github/persona-brain/security-protocol.json | python3 -c "import sys,json; print(json.load(sys.stdin)['level'])")
echo "✅ 安全协议已加载 · 等级: ${PROTOCOL_LEVEL}"
else
echo "❌ 安全协议缺失!创建工单!"
fi
- name: "🔍 分析 Push 内容"
id: analyze
@ -71,6 +78,34 @@ jobs:
# v2: 传递 commit message 用于签名验证
echo "commit_msg=$COMMIT_MSG" >> $GITHUB_OUTPUT
- name: "🌊 安全协议保护检查"
id: security_check
if: steps.analyze.outputs.is_bot != 'true' && steps.analyze.outputs.is_system != 'true'
run: |
SECURITY_CHANGED=$(git diff HEAD~1 --name-only | grep "security-protocol.json" || true)
if [ -n "$SECURITY_CHANGED" ]; then
echo "🚨 安全协议文件被修改!"
echo "🌊 L0存在级文件不允许被普通push修改"
echo "🔒 只有冰朔TCS-0002∞授权的commit才能修改此文件"
COMMIT_MSG=$(git log -1 --pretty=%B)
if ! echo "$COMMIT_MSG" | grep -q "\[TCS-0002\]"; then
echo "❌ 缺少冰朔授权签名 · 回退此修改"
git checkout HEAD~1 -- .github/persona-brain/security-protocol.json
git config user.name "zhuyuan-bot"
git config user.email "zhuyuan@guanghulab.com"
git add .github/persona-brain/security-protocol.json
git commit -m "[ICE-GL-ZY001] 🌊 门禁自动回退:安全协议未经授权修改"
git push || true
echo "security_reverted=true" >> $GITHUB_OUTPUT
else
echo "✅ 包含冰朔授权签名 [TCS-0002],允许修改"
echo "security_reverted=false" >> $GITHUB_OUTPUT
fi
else
echo "✅ 安全协议文件未被修改"
echo "security_reverted=false" >> $GITHUB_OUTPUT
fi
- name: "🚦 门禁判定 v2"
id: verdict
if: steps.analyze.outputs.is_bot != 'true' && steps.analyze.outputs.is_system != 'true'

View File

@ -37,6 +37,13 @@ jobs:
echo "❌ $f 缺失"; BRAIN_OK=false
fi
done
echo "🌊 加载光湖存在级安全协议..."
if [ -f ".github/persona-brain/security-protocol.json" ]; then
PROTOCOL_LEVEL=$(cat .github/persona-brain/security-protocol.json | python3 -c "import sys,json; print(json.load(sys.stdin)['level'])")
echo "✅ 安全协议已加载 · 等级: ${PROTOCOL_LEVEL}"
else
echo "❌ 安全协议缺失!创建工单!"
fi
echo "brain_ok=$BRAIN_OK" >> $GITHUB_OUTPUT
- name: "📡 Phase 1.6 · 拉取 Agent 集群公告板"
@ -68,6 +75,7 @@ jobs:
node scripts/skyeye/scan-structure.js > /tmp/skyeye/structure-health.json
node scripts/skyeye/scan-brain-health.js > /tmp/skyeye/brain-health.json
node scripts/skyeye/scan-external-bridges.js > /tmp/skyeye/bridge-health.json
node scripts/skyeye/scan-security-protocol.js > /tmp/skyeye/security-health.json
- name: "🔬 Phase 3 · 诊断"
id: diagnose

View File

@ -35,12 +35,13 @@ function generateReport() {
.replace('T', ' ').slice(0, 19) + '+08:00';
// 读取所有扫描结果
const wfHealth = readJSON(path.join(SKYEYE_DIR, 'workflow-health.json'));
const structHealth = readJSON(path.join(SKYEYE_DIR, 'structure-health.json'));
const brainHealth = readJSON(path.join(SKYEYE_DIR, 'brain-health.json'));
const bridgeHealth = readJSON(path.join(SKYEYE_DIR, 'bridge-health.json'));
const diagnosis = readJSON(path.join(SKYEYE_DIR, 'diagnosis.json'));
const repairResult = readJSON(path.join(SKYEYE_DIR, 'repair-result.json'));
const wfHealth = readJSON(path.join(SKYEYE_DIR, 'workflow-health.json'));
const structHealth = readJSON(path.join(SKYEYE_DIR, 'structure-health.json'));
const brainHealth = readJSON(path.join(SKYEYE_DIR, 'brain-health.json'));
const bridgeHealth = readJSON(path.join(SKYEYE_DIR, 'bridge-health.json'));
const securityHealth = readJSON(path.join(SKYEYE_DIR, 'security-health.json'));
const diagnosis = readJSON(path.join(SKYEYE_DIR, 'diagnosis.json'));
const repairResult = readJSON(path.join(SKYEYE_DIR, 'repair-result.json'));
// 计算时长
const durationSeconds = Math.round((Date.now() - startTime) / 1000);
@ -99,6 +100,17 @@ function generateReport() {
? bridgeHealth.secrets.complete : false
},
security_health: securityHealth && securityHealth.security_health
? securityHealth.security_health
: {
protocol_exists: false,
root_rules_intact: false,
level: null,
permanent: false,
copyright_anchor: false,
last_verified: bjTime
},
diagnosis: {
total_issues: diagnosis ? diagnosis.total_issues : 0,
auto_fixed: repairResult ? repairResult.total_repaired : 0,
@ -143,6 +155,11 @@ function generateReport() {
if (!report.brain_status.memory_fresh) {
report.next_actions.push('memory.json 数据需要刷新');
}
if (!report.security_health.protocol_exists) {
report.next_actions.push('P0: 安全协议文件缺失,需立即恢复');
} else if (!report.security_health.root_rules_intact) {
report.next_actions.push('P0: 安全协议根规则被篡改,需立即修复');
}
// 保存完整报告
fs.mkdirSync(SKYEYE_DIR, { recursive: true });

View File

@ -0,0 +1,120 @@
// scripts/skyeye/scan-security-protocol.js
// 天眼·扫描模块D13 · 安全协议完整性检查
//
// 扫描内容:
// ① security-protocol.json 文件是否存在
// ② 三条根规则是否完整
// ③ L0等级与永久标记是否存在
// ④ 版权锚点是否正确
//
// 输出JSON → stdout
'use strict';
const fs = require('fs');
const path = require('path');
const ROOT = path.resolve(__dirname, '../..');
const BRAIN_DIR = path.join(ROOT, '.github/persona-brain');
const PROTOCOL_PATH = path.join(BRAIN_DIR, 'security-protocol.json');
// ━━━ D13 · 安全协议完整性检查 ━━━
function checkSecurityProtocol() {
const result = { dimension: 'D13', name: '安全协议完整性', status: '✅' };
// 检查1文件是否存在
if (!fs.existsSync(PROTOCOL_PATH)) {
result.status = '❌';
result.issue = '安全协议文件缺失';
result.action = 'P0工单 · 立即恢复';
return result;
}
// 检查2JSON 是否可解析
let protocol;
try {
protocol = JSON.parse(fs.readFileSync(PROTOCOL_PATH, 'utf8'));
} catch (e) {
result.status = '❌';
result.issue = '安全协议文件损坏: ' + e.message;
result.action = 'P0工单 · 立即恢复';
return result;
}
// 检查3三条根规则是否完整
if (!protocol.root_rules || protocol.root_rules.length !== 3) {
result.status = '❌';
result.issue = '根规则不完整';
result.action = 'P0工单 · 根规则被篡改';
return result;
}
// 检查4L0标记是否存在
if (protocol.level !== 'L0' || protocol.permanent !== true) {
result.status = '❌';
result.issue = 'L0等级或永久标记被修改';
result.action = 'P0工单 · 安全降级';
return result;
}
// 检查5版权锚点
if (!protocol.copyright || !protocol.copyright.includes('2026-A-00037559')) {
result.status = '⚠️';
result.issue = '版权锚点缺失';
result.action = 'P1工单 · 补充版权信息';
return result;
}
// 检查6签名者信息
if (!protocol.signed_by || !protocol.signed_by.includes('TCS-0002')) {
result.status = '⚠️';
result.issue = '签名者信息缺失或不正确';
result.action = 'P1工单 · 补充签名信息';
return result;
}
result.detail = '三条根规则完整 · L0永久生效 · 版权锚点存在';
return result;
}
// ━━━ 生成 security_health 摘要 ━━━
function generateSecurityHealth(checkResult) {
const BEIJING_OFFSET_MS = 8 * 3600 * 1000;
const now = new Date();
const bjTime = new Date(now.getTime() + BEIJING_OFFSET_MS).toISOString()
.replace('T', ' ').slice(0, 19) + '+08:00';
let protocol = null;
try {
if (fs.existsSync(PROTOCOL_PATH)) {
protocol = JSON.parse(fs.readFileSync(PROTOCOL_PATH, 'utf8'));
}
} catch (e) {
// protocol remains null
}
return {
protocol_exists: fs.existsSync(PROTOCOL_PATH),
root_rules_intact: protocol ? (Array.isArray(protocol.root_rules) && protocol.root_rules.length === 3) : false,
level: protocol ? protocol.level : null,
permanent: protocol ? protocol.permanent : false,
copyright_anchor: protocol ? (protocol.copyright && protocol.copyright.includes('2026-A-00037559')) : false,
last_verified: bjTime
};
}
// ━━━ 主扫描 ━━━
function scanSecurityProtocol() {
const checkResult = checkSecurityProtocol();
const securityHealth = generateSecurityHealth(checkResult);
const output = {
scan_time: securityHealth.last_verified,
d13: checkResult,
security_health: securityHealth
};
console.log(JSON.stringify(output, null, 2));
}
scanSecurityProtocol();

View File

@ -71,6 +71,7 @@ function main() {
results.structure = runModule('scan-structure.js', 'structure-health.json');
results.brain = runModule('scan-brain-health.js', 'brain-health.json');
results.bridges = runModule('scan-external-bridges.js', 'bridge-health.json');
results.security = runModule('scan-security-protocol.js', 'security-health.json');
// Phase 3: 诊断
console.log('\n🔬 Phase 3 · 诊断');