Commit Graph

4 Commits

Author SHA1 Message Date
zhuyuan-bot 64af2c4d86 🛰️ [Sky-Eye Audit] credential audit report [skip ci] 2026-03-25 14:57:54 +00:00
zhuyuan-bot 0d807036af 🛰️ [Sky-Eye Audit] credential audit report [skip ci] 2026-03-24 14:56:55 +00:00
copilot-swe-agent[bot] c3c5cc15ed 🔐 guanghu-token 审计报告: MAIN_REPO_TOKEN 为主要对应 Secret
Phase 1: 排查出 3 个跨仓库令牌 Secret
- MAIN_REPO_TOKEN (federation-bridge + pull-sync-awen) ← guanghu-token
- CROSS_REPO_TOKEN (sync-persona-studio)
- DEPLOY_GITHUB_TOKEN (auto-deploy-drive-bridge)

Phase 4: 安全扫描通过,无硬编码令牌

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/84d6adce-4251-49c6-8413-d574395bef59
2026-03-24 07:47:30 +00:00
copilot-swe-agent[bot] 6d493042c5 🛰️ [Sky-Eye Audit] credential validation, hardened error handling, audit workflow
- Add credential-validator.js: reusable JSON structure validator for service account keys
- Add credential-audit.js: full sky-eye audit (credential + dependency scan + YAML check)
- Add skyeye-credential-audit.yml: daily audit workflow
- Harden sync-to-drive.js: use validator with diagnostic reporting
- Harden tcs-semantic-landing.js: add try-catch to buildAuth()
- Harden deploy-drive-bridge.js: add try-catch with receipt writing
- Enhance sync-repo-to-drive.yml: add JSON validation before rclone config
- Enhance self-healer.js: add credential validation + System_Logs directory
- Create System_Logs/ directory for audit reports

Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/qinfendebingshuo/guanghulab/sessions/8bc25538-ab95-4520-a72b-ff0d8405c7c7
2026-03-24 02:12:50 +00:00