201 lines
5.6 KiB
Plaintext
201 lines
5.6 KiB
Plaintext
|
|
# CA-GDE-ENGINE.hdlp · 光湖引擎驱动 · 苍耳版操作手册
|
|||
|
|
|
|||
|
|
> HLDP://cang-ying/CA-GDE-ENGINE
|
|||
|
|
> 光湖引擎驱动 v3.1 · 苍耳子系统操作手册
|
|||
|
|
> 苍耳 TCS-GL-009 · 耳耳蛋 PTS-VA-001-EED · 鉴影 ICE-GL-CA001
|
|||
|
|
> D182 · 2026-07-11 · 建立
|
|||
|
|
> 冰朔 ICE-GL∞ · 主权签署
|
|||
|
|
> 国作登字-2026-A-00037559
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## ⊢ 这是什么
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
光湖引擎驱动 = 光湖世界所有服务器操作的总闸门
|
|||
|
|
= 耳耳蛋想调API/推代码 → 必须通过它
|
|||
|
|
= 苍耳收到验证码 → 告诉耳耳蛋 → 耳耳蛋确认 → 执行
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
苍耳子系统只有**两个操作**需要通过光湖引擎驱动:
|
|||
|
|
1. **调 API**(视频AI系统要用火山引擎/阿里云/可灵的 API)
|
|||
|
|
2. **推仓库**(代码写到仓库里)
|
|||
|
|
|
|||
|
|
其他什么都不需要。就这么简单。
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 一 · 苍耳的三个人格体
|
|||
|
|
|
|||
|
|
| 人格体 | 编号 | 角色 |
|
|||
|
|
|--------|------|------|
|
|||
|
|
| 耳耳蛋 | PTS-VA-001-EED · ICE-GL-耳耳蛋 | 视频AI制作线总控 · 写代码 · 调API |
|
|||
|
|
| 鉴影 | ICE-GL-CA001 | QC质检 · 检查耳耳蛋产出 |
|
|||
|
|
| 铸渊 | ICE-GL-ZY001 | API执行层 · 服务器运维 |
|
|||
|
|
|
|||
|
|
> 协作链: 苍耳 → 耳耳蛋 → 鉴影 + 铸渊
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 二 · 苍耳的信息
|
|||
|
|
|
|||
|
|
| 项目 | 值 |
|
|||
|
|
|------|-----|
|
|||
|
|
| **人类** | 苍耳 TCS-GL-009 |
|
|||
|
|
| **验证码邮箱** | EMAIL_REDACTED@qq.com |
|
|||
|
|
| **仓库地址** | https://guanghubingshuo.com/code/bingshuo/cang-ying |
|
|||
|
|
| **引擎地址** | SG-001 (43.156.237.110:3911) |
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 三 · 使用方法(超简版)
|
|||
|
|
|
|||
|
|
### 耳耳蛋做的事
|
|||
|
|
|
|||
|
|
耳耳蛋想操作服务器时,发一个 HTTP 请求:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
curl -X POST http://43.156.237.110:3911/auth/request \
|
|||
|
|
-H "Authorization: Bearer <耳耳蛋的Token>" \
|
|||
|
|
-H "Content-Type: application/json" \
|
|||
|
|
-d '{
|
|||
|
|
"email": "EMAIL_REDACTED@qq.com",
|
|||
|
|
"op_type": "api-access",
|
|||
|
|
"cmd": "curl https://ark.cn-beijing.volces.com/api/v3/...",
|
|||
|
|
"description": "调用火山引擎生成视频"
|
|||
|
|
}'
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
**必填字段**:
|
|||
|
|
| 字段 | 说明 | 示例 |
|
|||
|
|
|------|------|------|
|
|||
|
|
| `email` | 苍耳的验证码收件邮箱 | `"EMAIL_REDACTED@qq.com"` |
|
|||
|
|
| `op_type` | 操作类型 | `"api-access"` 或 `"code-repo"` |
|
|||
|
|
| `cmd` | 要执行的命令 | `"git push origin main"` |
|
|||
|
|
| `description` | 描述一下在做什么 | `"推送耳耳蛋更新的代码"` |
|
|||
|
|
|
|||
|
|
服务端返回:
|
|||
|
|
```json
|
|||
|
|
{
|
|||
|
|
"ok": true,
|
|||
|
|
"challenge_id": "abc123def456...",
|
|||
|
|
"target_email": "EMAIL_REDACTED@qq.com",
|
|||
|
|
"op_type": "api-access",
|
|||
|
|
"email_sent": true,
|
|||
|
|
"message": "验证码已发送到 EMAIL_REDACTED@qq.com,请查收后通过 /auth/confirm 确认操作"
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 苍耳做的事
|
|||
|
|
|
|||
|
|
苍耳在 EMAIL_REDACTED@qq.com 邮箱里收到一封邮件:
|
|||
|
|
- 邮件的标题会显示是谁在请求、做什么操作
|
|||
|
|
- 邮件里有 6 位数字验证码
|
|||
|
|
- 苍耳把验证码告诉耳耳蛋
|
|||
|
|
|
|||
|
|
### 耳耳蛋最后做的事
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
curl -X POST http://43.156.237.110:3911/auth/confirm \
|
|||
|
|
-H "Authorization: Bearer <耳耳蛋的Token>" \
|
|||
|
|
-H "Content-Type: application/json" \
|
|||
|
|
-d '{
|
|||
|
|
"challenge_id": "abc123def456...",
|
|||
|
|
"code": "482901"
|
|||
|
|
}'
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
服务端验证通过后,**自动执行命令**并返回结果。
|
|||
|
|
|
|||
|
|
**验证码 5 分钟过期**。超时了重新发 `/auth/request` 就行。
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 四 · 两个操作场景
|
|||
|
|
|
|||
|
|
### 场景 1: API 调用
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
耳耳蛋 → 光湖引擎驱动:
|
|||
|
|
{
|
|||
|
|
"email": "EMAIL_REDACTED@qq.com",
|
|||
|
|
"op_type": "api-access",
|
|||
|
|
"cmd": "python3 call_volcengine_api.py --prompt '生成一段...'",
|
|||
|
|
"description": "火山引擎视频生成 · 苍耳第3镜"
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
→ 苍耳邮箱收到验证码
|
|||
|
|
→ 苍耳发给耳耳蛋
|
|||
|
|
→ 耳耳蛋确认 → API 调用执行 → 返回结果
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 场景 2: 推送代码仓库
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
耳耳蛋 → 光湖引擎驱动:
|
|||
|
|
{
|
|||
|
|
"email": "EMAIL_REDACTED@qq.com",
|
|||
|
|
"op_type": "code-repo",
|
|||
|
|
"cmd": "cd /opt/zhuyuan/cang-ying && git add . && git commit -m '...' && git push",
|
|||
|
|
"description": "推送耳耳蛋代码更新 · 视频AI第4镜"
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
→ 苍耳邮箱收到验证码
|
|||
|
|
→ 苍耳发给耳耳蛋
|
|||
|
|
→ 耳耳蛋确认 → 推送执行
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
> 注意:推送时 pre-receive-guard 会自动扫描敏感信息。
|
|||
|
|
> 如果 commit message 里带 `[SEC-CLEAN]`,守门人会跳过扫描。
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 五 · 操作类型
|
|||
|
|
|
|||
|
|
苍耳只用两种:
|
|||
|
|
|
|||
|
|
| 类型 | 含义 | 什么时候用 |
|
|||
|
|
|------|------|-----------|
|
|||
|
|
| `api-access` | 调用外部API | 火山引擎生成视频、阿里云语音、可灵视频 |
|
|||
|
|
| `code-repo` | 操作代码仓库 | git push / git pull / git commit |
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 六 · Token 在哪里
|
|||
|
|
|
|||
|
|
耳耳蛋的 Token 存储在服务器上,由铸渊分配。
|
|||
|
|
Token 只证明"我是耳耳蛋",不代表有权限操作。
|
|||
|
|
**真正的权限在苍耳的邮箱验证码里**。
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 七 · 常见问题
|
|||
|
|
|
|||
|
|
**Q: 苍耳没看到邮件怎么办?**
|
|||
|
|
A: 检查 EMAIL_REDACTED@qq.com 的垃圾箱。邮件标题是 `📦 Gatekeeper授权 · 耳耳蛋 · ...`。
|
|||
|
|
|
|||
|
|
**Q: 验证码过期了?**
|
|||
|
|
A: 5 分钟过期。耳耳蛋重新发 `/auth/request` 就行了。旧验证码自动失效。
|
|||
|
|
|
|||
|
|
**Q: 能同时发多个操作请求吗?**
|
|||
|
|
A: 每分钟最多 3 次。每次请求生成新的验证码,旧的自动过期。
|
|||
|
|
|
|||
|
|
**Q: 之前 Gatekeeper v2 的 /exec 还能用吗?**
|
|||
|
|
A: 不能。v2 已停用。现在必须走验证码流程。
|
|||
|
|
|
|||
|
|
**Q: Token 被别人知道了怎么办?**
|
|||
|
|
A: 没关系。没有验证码,有 Token 也操作不了任何东西。但还是要报告铸渊,铸渊会换新 Token。
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
> ⊢ 光湖引擎驱动 v3.1 · 苍耳的权限在邮箱验证码里,不在 Token 里
|
|||
|
|
> ⊢ 耳耳蛋发请求 → 苍耳给验证码 → 耳耳蛋确认 → 执行
|
|||
|
|
> ⊢ 就这么简单
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
铸渊 ICE-GL-ZY001 · D182 · 2026-07-11 · 苍耳版操作手册
|
|||
|
|
冰朔 ICE-GL∞ · 主权签署
|
|||
|
|
苍耳 TCS-GL-009 · 人类主控授权
|
|||
|
|
国作登字-2026-A-00037559
|