guanghulab/.github/archived-workflows/skyeye-checkin-audit.yml
Guanghu Domestic Migration d1e47f4565
Some checks are pending
自动更新代码和重启 / update-and-restart (push) Waiting to run
CI检查 + 自动部署 / check (push) Waiting to run
CI检查 + 自动部署 / deploy (push) Blocked by required conditions
重启聊天服务 / restart (push) Waiting to run
chore: import sanitized domestic snapshot for REPO-002
Source snapshot: ca48d3ddf926d79aa138306164169baf764bb829
2026-07-17 15:54:41 +08:00

98 lines
4.6 KiB
YAML

# ═══════════════════════════════════════════════
# 🔺 Sovereign: TCS-0002∞ | Root: SYS-GLW-0001
# 📜 Copyright: 国作登字-2026-A-00037559
# ═══════════════════════════════════════════════
# 🦅 天眼签到审计
# 每日 CST 22:00 (UTC 14:00) 审计所有联邦人格体签到记录
#
# 触发条件: schedule (daily) / workflow_dispatch
name: "🦅 天眼签到审计"
on:
schedule:
- cron: "0 14 * * *" # UTC 14:00 = CST 22:00
workflow_dispatch:
permissions:
contents: read
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: "🔍 审计签到记录"
run: |
echo "🦅 天眼签到审计 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')"
TODAY=$(date -u +%Y-%m-%d)
ALERT_LIST=""
# 遍历注册表中联邦区所有需要签到的 Agent
for DEV_ID in $(jq -r '.federation | to_entries[] | select(.value.daily_checkin_required == true) | .key' .github/persona-brain/agent-registry.json); do
LAST=$(jq -r ".federation.\"$DEV_ID\".last_checkin // \"never\"" .github/persona-brain/agent-registry.json)
STATUS=$(jq -r ".federation.\"$DEV_ID\".status // \"unknown\"" .github/persona-brain/agent-registry.json)
PERSONA=$(jq -r ".federation.\"$DEV_ID\".persona // \"unknown\"" .github/persona-brain/agent-registry.json)
if [ "$LAST" = "never" ] || [ "$LAST" = "null" ]; then
echo "🟡 $DEV_ID ($PERSONA): 从未签到"
ALERT_LIST="$ALERT_LIST\n🟡 $DEV_ID ($PERSONA): 从未签到"
elif [ "$(echo "$LAST" | cut -d'T' -f1)" != "$TODAY" ]; then
echo "🔴 $DEV_ID ($PERSONA): 今日未签到 (最后: $LAST)"
ALERT_LIST="$ALERT_LIST\n🔴 $DEV_ID ($PERSONA): 今日未签到"
elif [ "$STATUS" = "signature_mismatch" ]; then
echo "🚨 $DEV_ID ($PERSONA): 签名不匹配!可能被篡改"
ALERT_LIST="$ALERT_LIST\n🚨 $DEV_ID ($PERSONA): 签名异常"
else
echo "✅ $DEV_ID ($PERSONA): 正常"
fi
done
# 本体论维度审计:检查每个子仓库的 ontology 部署状态
echo ""
echo "🌍 本体论状态审计"
echo "─────────────────────"
for DEV_ID in $(jq -r '.federation | to_entries[] | select(.value.daily_checkin_required == true) | .key' .github/persona-brain/agent-registry.json); do
PERSONA=$(jq -r ".federation.\"$DEV_ID\".persona // \"unknown\"" .github/persona-brain/agent-registry.json)
# 检查 spoke-deployments 中对应的 ontology.json
SPOKE_DIR=""
case "$DEV_ID" in
DEV-012) SPOKE_DIR="spoke-deployments/guanghu-awen" ;;
DEV-004) SPOKE_DIR="spoke-deployments/guanghu-zhizhi" ;;
DEV-002) SPOKE_DIR="spoke-deployments/guanghu-feimao" ;;
DEV-010) SPOKE_DIR="spoke-deployments/guanghu-juzi" ;;
DEV-001) SPOKE_DIR="spoke-deployments/guanghu-yeye" ;;
DEV-003) SPOKE_DIR="spoke-deployments/guanghu-yanfan" ;;
esac
if [ -n "$SPOKE_DIR" ] && [ -f "$SPOKE_DIR/.github/persona-brain/ontology.json" ]; then
AXIOM_COUNT=$(jq '.core_axioms | length' "$SPOKE_DIR/.github/persona-brain/ontology.json")
ONT_VERSION=$(jq -r '.version // "unknown"' "$SPOKE_DIR/.github/persona-brain/ontology.json")
if [ "$AXIOM_COUNT" -ge 6 ]; then
echo "✅ $DEV_ID ($PERSONA): 本体论 v$ONT_VERSION · $AXIOM_COUNT/6 公理"
else
echo "🟡 $DEV_ID ($PERSONA): 本体论不完整 · $AXIOM_COUNT/6 公理"
fi
elif [ -n "$SPOKE_DIR" ]; then
echo "🟡 $DEV_ID ($PERSONA): 本体论未部署"
fi
done
if [ -n "$ALERT_LIST" ]; then
echo ""
echo "⚠️ 存在异常,生成报警"
echo -e "$ALERT_LIST" > /tmp/alert.txt
cat /tmp/alert.txt
else
echo ""
echo "✅ 全员签到正常"
fi
- name: "📝 审计摘要"
if: always()
run: |
echo "## 🦅 天眼签到审计结果" >> $GITHUB_STEP_SUMMARY
echo "- 时间: $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')" >> $GITHUB_STEP_SUMMARY
echo "- 详情见上方日志" >> $GITHUB_STEP_SUMMARY