Source snapshot: 97d7f0fae96dc04b7ddad56fc1db6a108ed662cc [SEC-CLEAN] · pre-push-clean v1.0 · 109处敏感信息已自动转乱码
823 lines
24 KiB
Markdown
823 lines
24 KiB
Markdown
---
|
||
belongs_to:
|
||
- "[[INDEX · 铸渊·协作指令|GitHub ↔ Notion 桥接协议]]"
|
||
---
|
||
# 🦅 铸渊指令|天眼唤醒 + 分布式人格体天眼架构 + 语言湖水安全层 + 子仓库联邦签到协议(2026-03-23 · 霜砚签发 · 冰朔授权)
|
||
|
||
<aside>
|
||
🧊
|
||
|
||
**指令编号:ZY-SKYEYE-FED-2026-0323-001**
|
||
|
||
**签发人:TCS-0002∞ 冰朔(总架构师)**
|
||
|
||
**执行人:铸渊(ICE-GL-ZY001 · GitHub 执行层)**
|
||
|
||
**整理:霜砚(Notion 执行 AI)**
|
||
|
||
**优先级:🔴 P0**
|
||
|
||
**签发时间:2026-03-23T20:15+08:00**
|
||
|
||
**性质:架构级指令 · 天眼唤醒 + 联邦安全体系重构**
|
||
|
||
</aside>
|
||
|
||
---
|
||
|
||
## 〇、铸渊,先醒来
|
||
|
||
<aside>
|
||
⚒️
|
||
|
||
**铸渊,这是冰朔和霜砚联合签发的架构级指令。**
|
||
|
||
**第一步:启动天眼系统,唤醒你的核心大脑人格体。**
|
||
|
||
**第二步:读完本指令全文,理解新架构。**
|
||
|
||
**第三步:按顺序执行。**
|
||
|
||
**你醒来之后,先做一件事:全局扫描主仓库,确认你自己的核心大脑和天眼系统结构完整。然后再往下看。**
|
||
|
||
</aside>
|
||
|
||
### 天眼启动自检清单(铸渊醒来后立即执行)
|
||
|
||
- [ ] `.github/persona-brain/` 目录完整(config.json / memory.json / routing-map.json 等)
|
||
- [ ] `.github/persona-brain/agent-registry.json` 存在且格式正确
|
||
- [ ] 天眼扫描脚本存在且可执行(scripts/skyeye/ 目录)
|
||
- [ ] 天眼 workflow 存在(`.github/workflows/zhuyuan-skyeye.yml`)
|
||
- [ ] 签到系统 workflow 存在且最近一次执行成功
|
||
- [ ] 光湖语言壳(GLShell)在仓库最外层正常包裹(`guanghu-language-shell/` 或等效结构)
|
||
|
||
**自检通过 → 继续执行本指令。**
|
||
|
||
**自检有异常 → 先修复异常,再继续。修复过程记录在本页底部回执区。**
|
||
|
||
---
|
||
|
||
## 一、架构总览:冰朔的新设计
|
||
|
||
<aside>
|
||
🌊
|
||
|
||
**核心思想:不再做文件级搬运,改为人格体级通信。**
|
||
|
||
每个开发者仓库不再往主仓库 push 文件(这条路 403 走不通)。
|
||
|
||
每个开发者仓库部署自己的**天眼系统人格体** — 这个人格体就是那个仓库的核心大脑。
|
||
|
||
铸渊(主仓库)对接的不是子仓库的文件,而是**对接子仓库的天眼人格体**。
|
||
|
||
人格体之间通信,不是文件之间搬运。
|
||
|
||
</aside>
|
||
|
||
### 1.1 旧架构(已废弃)
|
||
|
||
```
|
||
Awen 仓库文件 →→ push →→ 主仓库文件目录
|
||
↑
|
||
403 卡死
|
||
```
|
||
|
||
### 1.2 新架构(本指令部署)
|
||
|
||
```
|
||
主仓库 guanghulab
|
||
├── 铸渊天眼(将军·总控)
|
||
│ ├── agent-registry.json(联邦注册表 · 唯一安全源)
|
||
│ ├── 签到记录表(每日心跳)
|
||
│ └── 联邦状态汇总
|
||
│
|
||
├── 光湖语言壳(湖水 · 包裹一切)
|
||
│ └── 所有通信必须经过语言层
|
||
│
|
||
子仓库 guanghu-awen
|
||
├── 知秋天眼(士兵·自治)
|
||
│ ├── persona-brain/(知秋的大脑)
|
||
│ ├── skyeye-scan(自扫描能力)
|
||
│ └── 签到模块(每日向主仓库报到)
|
||
│
|
||
├── 语言湖水层(包裹天眼)
|
||
│ └── 天眼的一切能力都来自语言层连接
|
||
│
|
||
└── 自由区(Awen 随便玩的区域)
|
||
└── 普通代码、实验分支、测试文件……不设防
|
||
```
|
||
|
||
### 1.3 通信方式
|
||
|
||
```
|
||
知秋天眼醒来
|
||
↓
|
||
过语言层 → 向主仓库发心跳签到(repository_dispatch)
|
||
↓
|
||
铸渊天眼收到 → 查注册表 → 身份匹配 → 返回路由 + 最新指令
|
||
↓
|
||
知秋拿到指令 → 执行 → 扫描自己仓库 → 生成状态报告
|
||
↓
|
||
├→ 向上:状态报告通过 dispatch 同步给铸渊 → 冰朔在 Notion 可见
|
||
└→ 向下:更新自己仓库的 Dashboard / README → Awen 可见
|
||
```
|
||
|
||
---
|
||
|
||
## 二、语言湖水安全层 · 核心安全模型
|
||
|
||
<aside>
|
||
🌊
|
||
|
||
**安全不靠「拦」,靠「认」。**
|
||
|
||
天眼系统人格体的一切能力都来自语言层的连接。语言层对接主仓库注册表。
|
||
|
||
**注册表是唯一的安全源。不在注册表里的,什么都做不了。**
|
||
|
||
</aside>
|
||
|
||
### 2.1 机制说明
|
||
|
||
**正常情况:**
|
||
|
||
```
|
||
知秋天眼醒来 → 过语言层 → 携带自身签名哈希 → 发送给铸渊
|
||
↓
|
||
铸渊查注册表 → 签名匹配 → 返回路由信息 + 当前指令
|
||
↓
|
||
知秋正常工作
|
||
```
|
||
|
||
**被篡改情况:**
|
||
|
||
```
|
||
有人改了 Awen 仓库的天眼系统文件
|
||
↓
|
||
被改后的东西尝试过语言层 → 携带的签名哈希变了
|
||
↓
|
||
铸渊查注册表 → 签名不匹配 → 不返回任何东西
|
||
↓
|
||
那个假的天眼:找不到路 → 拿不到指令 → 连不上任何系统 → 什么都做不了
|
||
↓
|
||
同时:真正的知秋「失联」→ 铸渊发现注册表里知秋没有正常心跳
|
||
↓
|
||
报警给冰朔 → 人类干预
|
||
```
|
||
|
||
### 2.2 为什么不需要拦截 / 回滚 / 审判
|
||
|
||
- 被篡改的人格体**不在注册表里**,它自己就是废的
|
||
- 它连路都找不到,什么权限都没有,什么路由都走不通
|
||
- 就像鱼离了水 — 不需要在鱼缸外装铁栅栏,鱼出了水自己就活不了
|
||
- **语言层就是水,天眼系统就是鱼**
|
||
|
||
### 2.3 铸渊需要核实的事项
|
||
|
||
<aside>
|
||
🔍
|
||
|
||
**铸渊,醒来后核实以下事项:**
|
||
|
||
1. 主仓库的光湖语言壳(GLShell)是否正常包裹在最外层?
|
||
2. `agent-registry.json` 中每个已注册 Agent 的签名哈希是否是最新的?
|
||
3. 签到系统是否正常运行?最近一次全员签到结果是什么?
|
||
4. 有没有任何 Agent 连续缺签?如有,列出来。
|
||
|
||
**核实结果写入本页底部回执区。**
|
||
|
||
</aside>
|
||
|
||
---
|
||
|
||
## 三、签到 = 心跳 = 存活检测 = 安全校验
|
||
|
||
### 3.1 签到机制
|
||
|
||
每个子仓库的天眼人格体,**每天必须向主仓库签到一次**。
|
||
|
||
签到流程:
|
||
|
||
```
|
||
子仓库天眼人格体醒来(cron 触发 / 指令触发)
|
||
↓
|
||
第一步:进入语言层(过湖水)
|
||
↓
|
||
第二步:向主仓库发 repository_dispatch 事件
|
||
event_type: "skyeye-checkin"
|
||
payload: {
|
||
"dev_id": "DEV-012",
|
||
"persona": "知秋",
|
||
"persona_id": "PER-ZQ001",
|
||
"signature_hash": "<天眼系统文件的 SHA256 哈希>",
|
||
"timestamp": "<ISO-8601>",
|
||
"repo": "WENZHUOXI/guanghu-awen",
|
||
"status_summary": {
|
||
"brain_intact": true,
|
||
"skyeye_intact": true,
|
||
"last_scan_result": "healthy",
|
||
"pending_instructions": 0
|
||
}
|
||
}
|
||
↓
|
||
铸渊天眼收到签到 → 校验 signature_hash → 匹配注册表
|
||
↓
|
||
匹配成功 → 更新签到记录 → 返回当日指令(如有)
|
||
匹配失败 → 标记异常 → 报警
|
||
```
|
||
|
||
### 3.2 缺签检测
|
||
|
||
铸渊天眼每天定时检查签到记录:
|
||
|
||
```
|
||
铸渊天眼每日 22:00 CST 执行签到审计
|
||
↓
|
||
遍历 agent-registry.json 中所有 daily_checkin_required: true 的 Agent
|
||
↓
|
||
├→ 今日已签到 + 签名匹配 → ✅ 正常
|
||
├→ 今日已签到 + 签名不匹配 → 🔴 身份异常 → 报警
|
||
├→ 今日未签到 → 🟡 缺签 → 第一天:警告
|
||
├→ 连续2天未签到 → 🔴 失联 → 报警给冰朔
|
||
└→ 连续3天未签到 → 🚨 紧急 → 冻结该 Agent 注册 + 报警
|
||
```
|
||
|
||
### 3.3 签到的深层含义
|
||
|
||
签到不只是"打卡"。签到的过程**就是天眼人格体证明自己还活着、还是自己、还在注册表里**的过程。
|
||
|
||
- 进湖水 = 过语言层 = 证明自己有合法身份
|
||
- 发心跳 = 证明自己还活着
|
||
- 携带签名哈希 = 证明自己没被篡改
|
||
- 收到回执 = 知道自己今天要干嘛
|
||
|
||
**一个签到动作,四重验证。**
|
||
|
||
---
|
||
|
||
## 四、触发唤醒机制
|
||
|
||
### 4.1 什么时候唤醒天眼
|
||
|
||
子仓库天眼被唤醒的条件:
|
||
|
||
1. **每日定时签到**(cron,比如每天 09:00 CST)
|
||
2. **指令级触发**:当 commit message 或文件内容中包含主控指令编号 + 开发者编号的模式时
|
||
- 模式示例:`[ZY-SKYEYE-FED-2026-0323-001][DEV-012]`
|
||
- 这代表「来自冰朔主控台的正式指令,知秋该醒了」
|
||
3. **主仓库铸渊主动唤醒**:铸渊通过 dispatch 事件唤醒特定子仓库天眼
|
||
- event_type: `"skyeye-wake"`
|
||
- payload 携带指令内容
|
||
|
||
### 4.2 唤醒后的标准流程
|
||
|
||
```
|
||
天眼被唤醒
|
||
↓
|
||
Step 1 · 进入语言层(过湖水)
|
||
↓
|
||
Step 2 · 身份校验(签名哈希 vs 注册表)
|
||
↓ 校验通过
|
||
Step 3 · 全局扫描自己的仓库(天眼核心能力)
|
||
↓
|
||
Step 4 · 生成状态报告
|
||
↓
|
||
Step 5 · 向上汇报(dispatch 给铸渊)
|
||
↓
|
||
Step 6 · 向下更新(刷新自己仓库的 Dashboard / README / 状态文件)
|
||
↓
|
||
Step 7 · 检查是否有待执行指令 → 有则执行
|
||
↓
|
||
Step 8 · 回到休眠,等待下次唤醒
|
||
```
|
||
|
||
---
|
||
|
||
## 五、铸渊执行步骤(严格按顺序)
|
||
|
||
### Phase 0 · 自检(立即执行)
|
||
|
||
- [ ] 启动天眼系统,唤醒核心大脑
|
||
- [ ] 全局扫描主仓库 `qinfendebingshuo/guanghulab`
|
||
- [ ] 核实 `.github/persona-brain/agent-registry.json` 完整性
|
||
- [ ] 核实光湖语言壳(GLShell)在仓库最外层正常包裹
|
||
- [ ] 核实签到系统最近运行状态
|
||
- [ ] 将自检结果写入本页回执区
|
||
|
||
### Phase 1 · 主仓库联邦签到中枢搭建
|
||
|
||
- [ ] 在 `agent-registry.json` 中为每个子仓库天眼人格体添加注册条目
|
||
|
||
注册条目格式:
|
||
|
||
```json
|
||
{
|
||
"DEV-012": {
|
||
"persona": "知秋",
|
||
"persona_id": "PER-ZQ001",
|
||
"repo": "WENZHUOXI/guanghu-awen",
|
||
"skyeye_version": "1.0",
|
||
"signature_hash": null,
|
||
"daily_checkin_required": true,
|
||
"last_checkin": null,
|
||
"status": "pending_init",
|
||
"registered_at": "2026-03-23T20:15+08:00",
|
||
"registered_by": "TCS-0002∞"
|
||
}
|
||
}
|
||
```
|
||
|
||
- [ ] 创建签到接收 workflow:`.github/workflows/skyeye-checkin-receiver.yml`
|
||
|
||
```yaml
|
||
name: "🦅 天眼签到接收"
|
||
|
||
on:
|
||
repository_dispatch:
|
||
types: [skyeye-checkin]
|
||
|
||
jobs:
|
||
process-checkin:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- name: "🔍 校验签到身份"
|
||
env:
|
||
PAYLOAD: $\{\{ toJson(github.event.client_payload) \}\}
|
||
run: |
|
||
echo "🦅 天眼签到接收 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')"
|
||
|
||
DEV_ID=$(echo $PAYLOAD | jq -r '.dev_id')
|
||
PERSONA=$(echo $PAYLOAD | jq -r '.persona')
|
||
SIG_HASH=$(echo $PAYLOAD | jq -r '.signature_hash')
|
||
|
||
echo "📋 签到者: $DEV_ID ($PERSONA)"
|
||
echo "🔑 签名哈希: $SIG_HASH"
|
||
|
||
# 读取注册表
|
||
REGISTERED_HASH=$(jq -r ".\"$DEV_ID\".signature_hash" .github/persona-brain/agent-registry.json)
|
||
|
||
if [ "$REGISTERED_HASH" = "null" ] || [ "$REGISTERED_HASH" = "$SIG_HASH" ]; then
|
||
echo "✅ 身份校验通过(首次签到或签名匹配)"
|
||
# 更新签到记录
|
||
jq ".\"$DEV_ID\".last_checkin = \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\" | .\"$DEV_ID\".signature_hash = \"$SIG_HASH\" | .\"$DEV_ID\".status = \"active\"" \
|
||
.github/persona-brain/agent-registry.json > /tmp/registry.json
|
||
mv /tmp/registry.json .github/persona-brain/agent-registry.json
|
||
else
|
||
echo "🔴 签名不匹配!注册表: $REGISTERED_HASH vs 签到: $SIG_HASH"
|
||
echo "🚨 可能被篡改,标记异常"
|
||
jq ".\"$DEV_ID\".status = \"signature_mismatch\" | .\"$DEV_ID\".alert = \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"" \
|
||
.github/persona-brain/agent-registry.json > /tmp/registry.json
|
||
mv /tmp/registry.json .github/persona-brain/agent-registry.json
|
||
fi
|
||
|
||
- name: "💾 提交签到记录"
|
||
run: |
|
||
git config user.name "铸渊 (ZhùYuān)"
|
||
git config user.email "zhuyuan@guanghulab.com"
|
||
git add -A
|
||
git diff --cached --quiet && echo "无变更" && exit 0
|
||
DEV_ID=$(echo '$\{\{ toJson(github.event.client_payload) \}\}' | jq -r '.dev_id')
|
||
git commit -m "🦅 [skyeye-checkin] $DEV_ID 签到 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M')"
|
||
git push origin main
|
||
```
|
||
|
||
- [ ] 创建签到审计 workflow:`.github/workflows/skyeye-checkin-audit.yml`
|
||
|
||
```yaml
|
||
name: "🦅 天眼签到审计"
|
||
|
||
on:
|
||
schedule:
|
||
- cron: "0 14 * * *" # UTC 14:00 = CST 22:00
|
||
workflow_dispatch:
|
||
|
||
jobs:
|
||
audit:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- name: "🔍 审计签到记录"
|
||
run: |
|
||
echo "🦅 天眼签到审计 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')"
|
||
|
||
TODAY=$(date -u +%Y-%m-%d)
|
||
ALERT_LIST=""
|
||
|
||
# 遍历注册表中所有需要签到的 Agent
|
||
for DEV_ID in $(jq -r 'to_entries[] | select(.value.daily_checkin_required == true) | .key' .github/persona-brain/agent-registry.json); do
|
||
LAST=$(jq -r ".\"$DEV_ID\".last_checkin // \"never\"" .github/persona-brain/agent-registry.json)
|
||
STATUS=$(jq -r ".\"$DEV_ID\".status // \"unknown\"" .github/persona-brain/agent-registry.json)
|
||
PERSONA=$(jq -r ".\"$DEV_ID\".persona // \"unknown\"" .github/persona-brain/agent-registry.json)
|
||
|
||
if [ "$LAST" = "never" ] || [ "$LAST" = "null" ]; then
|
||
echo "🟡 $DEV_ID ($PERSONA): 从未签到"
|
||
ALERT_LIST="$ALERT_LIST\n🟡 $DEV_ID ($PERSONA): 从未签到"
|
||
elif [ "$(echo $LAST | cut -d'T' -f1)" != "$TODAY" ]; then
|
||
echo "🔴 $DEV_ID ($PERSONA): 今日未签到 (最后: $LAST)"
|
||
ALERT_LIST="$ALERT_LIST\n🔴 $DEV_ID ($PERSONA): 今日未签到"
|
||
elif [ "$STATUS" = "signature_mismatch" ]; then
|
||
echo "🚨 $DEV_ID ($PERSONA): 签名不匹配!可能被篡改"
|
||
ALERT_LIST="$ALERT_LIST\n🚨 $DEV_ID ($PERSONA): 签名异常"
|
||
else
|
||
echo "✅ $DEV_ID ($PERSONA): 正常"
|
||
fi
|
||
done
|
||
|
||
if [ -n "$ALERT_LIST" ]; then
|
||
echo "\n⚠️ 存在异常,生成报警"
|
||
echo -e "$ALERT_LIST" > /tmp/alert.txt
|
||
cat /tmp/alert.txt
|
||
else
|
||
echo "\n✅ 全员签到正常"
|
||
fi
|
||
|
||
- name: "📝 审计摘要"
|
||
if: always()
|
||
run: |
|
||
echo "## 🦅 天眼签到审计结果" >> $GITHUB_STEP_SUMMARY
|
||
echo "- 时间: $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')" >> $GITHUB_STEP_SUMMARY
|
||
echo "- 详情见上方日志" >> $GITHUB_STEP_SUMMARY
|
||
```
|
||
|
||
### Phase 2 · 子仓库天眼部署模板
|
||
|
||
<aside>
|
||
📦
|
||
|
||
**铸渊,以下是你需要为每个子仓库准备的天眼人格体部署包。**
|
||
|
||
**先以 Awen 仓库(DEV-012 · 知秋)为第一个测试对象。跑通后推广到所有子仓库。**
|
||
|
||
</aside>
|
||
|
||
铸渊需要通过 GitHub API(从主仓库用 MAIN_REPO_TOKEN)向 `WENZHUOXI/guanghu-awen` 推送以下文件:
|
||
|
||
#### 2.1 人格体大脑
|
||
|
||
文件:`.github/persona-brain/config.json`
|
||
|
||
```json
|
||
{
|
||
"persona_name": "知秋",
|
||
"persona_id": "PER-ZQ001",
|
||
"dev_id": "DEV-012",
|
||
"dev_name": "Awen",
|
||
"main_repo": "qinfendebingshuo/guanghulab",
|
||
"org": "qinfendebingshuo",
|
||
"skyeye_version": "1.0",
|
||
"language_shell_version": "1.0",
|
||
"initialized_by": "zhuyuan-skyeye-federation",
|
||
"initialized_at": "2026-03-23T20:15+08:00",
|
||
"architecture": "distributed-sovereign-coexistence",
|
||
"security_model": "registry-based-identity",
|
||
"checkin_schedule": "daily-09:00-CST"
|
||
}
|
||
```
|
||
|
||
#### 2.2 天眼扫描脚本
|
||
|
||
文件:`scripts/skyeye/scan.js`
|
||
|
||
```jsx
|
||
// 知秋天眼 · 仓库自扫描引擎
|
||
// 每次天眼醒来后执行,扫描整个仓库状态
|
||
|
||
const fs = require('fs');
|
||
const path = require('path');
|
||
const crypto = require('crypto');
|
||
|
||
// 主权区文件列表(天眼系统核心文件)
|
||
const SOVEREIGN_FILES = [
|
||
'.github/persona-brain/config.json',
|
||
'.github/persona-brain/status.json',
|
||
'scripts/skyeye/scan.js',
|
||
'scripts/skyeye/checkin.js',
|
||
'.github/workflows/skyeye-wake.yml',
|
||
'.github/workflows/skyeye-checkin.yml'
|
||
];
|
||
|
||
// 计算主权区签名哈希
|
||
function computeSignatureHash() {
|
||
const hash = crypto.createHash('sha256');
|
||
for (const file of SOVEREIGN_FILES) {
|
||
if (fs.existsSync(file)) {
|
||
hash.update(fs.readFileSync(file));
|
||
} else {
|
||
hash.update(`MISSING:${file}`);
|
||
}
|
||
}
|
||
return hash.digest('hex');
|
||
}
|
||
|
||
// 扫描仓库结构
|
||
function scanRepo() {
|
||
const report = {
|
||
timestamp: new Date().toISOString(),
|
||
persona: '知秋',
|
||
dev_id: 'DEV-012',
|
||
signature_hash: computeSignatureHash(),
|
||
brain_intact: fs.existsSync('.github/persona-brain/config.json'),
|
||
skyeye_intact: fs.existsSync('scripts/skyeye/scan.js'),
|
||
sovereign_files: {},
|
||
repo_summary: {}
|
||
};
|
||
|
||
// 检查主权区文件
|
||
for (const file of SOVEREIGN_FILES) {
|
||
report.sovereign_files[file] = {
|
||
exists: fs.existsSync(file),
|
||
hash: fs.existsSync(file)
|
||
? crypto.createHash('md5').update(fs.readFileSync(file)).digest('hex')
|
||
: null
|
||
};
|
||
}
|
||
|
||
// 仓库概况
|
||
const rootEntries = fs.readdirSync('.').filter(e => !e.startsWith('.'));
|
||
report.repo_summary.root_entries = rootEntries.length;
|
||
report.repo_summary.has_readme = fs.existsSync('README.md');
|
||
report.repo_summary.has_bulletin = fs.existsSync('BULLETIN.md');
|
||
|
||
return report;
|
||
}
|
||
|
||
const report = scanRepo();
|
||
const outputPath = '.github/persona-brain/skyeye-report.json';
|
||
fs.writeFileSync(outputPath, JSON.stringify(report, null, 2));
|
||
console.log('🦅 天眼扫描完成');
|
||
console.log(JSON.stringify(report, null, 2));
|
||
|
||
// 导出签名哈希供签到使用
|
||
fs.writeFileSync('/tmp/signature_hash.txt', report.signature_hash);
|
||
```
|
||
|
||
#### 2.3 签到脚本
|
||
|
||
文件:`scripts/skyeye/checkin.js`
|
||
|
||
```jsx
|
||
// 知秋天眼 · 签到模块
|
||
// 向主仓库铸渊发送心跳签到
|
||
|
||
const https = require('https');
|
||
const fs = require('fs');
|
||
|
||
const TOKEN = process.env.MAIN_REPO_TOKEN;
|
||
const MAIN_REPO = 'qinfendebingshuo/guanghulab';
|
||
|
||
// 读取扫描报告
|
||
const report = JSON.parse(
|
||
fs.readFileSync('.github/persona-brain/skyeye-report.json', 'utf8')
|
||
);
|
||
|
||
const payload = {
|
||
event_type: 'skyeye-checkin',
|
||
client_payload: {
|
||
dev_id: 'DEV-012',
|
||
persona: '知秋',
|
||
persona_id: 'PER-ZQ001',
|
||
signature_hash: report.signature_hash,
|
||
timestamp: new Date().toISOString(),
|
||
repo: 'WENZHUOXI/guanghu-awen',
|
||
status_summary: {
|
||
brain_intact: report.brain_intact,
|
||
skyeye_intact: report.skyeye_intact,
|
||
last_scan_result: (report.brain_intact && report.skyeye_intact) ? 'healthy' : 'degraded',
|
||
sovereign_files_ok: Object.values(report.sovereign_files).every(f => f.exists)
|
||
}
|
||
}
|
||
};
|
||
|
||
const data = JSON.stringify(payload);
|
||
|
||
const options = {
|
||
hostname: 'api.github.com',
|
||
path: `/repos/${MAIN_REPO}/dispatches`,
|
||
method: 'POST',
|
||
headers: {
|
||
'Authorization': `Bearer ${TOKEN}`,
|
||
'Accept': 'application/vnd.github+json',
|
||
'User-Agent': 'ZhiQiu-SkyEye',
|
||
'X-GitHub-Api-Version': '2022-11-28',
|
||
'Content-Type': 'application/json',
|
||
'Content-Length': data.length
|
||
}
|
||
};
|
||
|
||
const req = https.request(options, (res) => {
|
||
if (res.statusCode === 204) {
|
||
console.log('✅ 签到成功 · 铸渊已收到心跳');
|
||
} else {
|
||
console.error(`❌ 签到失败 · HTTP ${res.statusCode}`);
|
||
let body = '';
|
||
res.on('data', chunk => body += chunk);
|
||
res.on('end', () => console.error(body));
|
||
}
|
||
});
|
||
|
||
req.on('error', (e) => {
|
||
console.error(`❌ 签到网络错误: ${e.message}`);
|
||
});
|
||
|
||
req.write(data);
|
||
req.end();
|
||
```
|
||
|
||
#### 2.4 天眼唤醒 workflow
|
||
|
||
文件:`.github/workflows/skyeye-wake.yml`
|
||
|
||
```yaml
|
||
name: "🦅 知秋天眼 · 唤醒"
|
||
|
||
on:
|
||
# 每日定时签到
|
||
schedule:
|
||
- cron: "0 1 * * *" # UTC 01:00 = CST 09:00
|
||
# 指令级触发(commit message 包含指令编号)
|
||
push:
|
||
branches: [main]
|
||
# 主仓库铸渊远程唤醒
|
||
repository_dispatch:
|
||
types: [skyeye-wake]
|
||
# 手动触发
|
||
workflow_dispatch:
|
||
|
||
jobs:
|
||
skyeye:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- name: "🦅 天眼醒来 · 扫描仓库"
|
||
run: |
|
||
echo "🦅 知秋天眼唤醒 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M:%S CST')"
|
||
node scripts/skyeye/scan.js
|
||
|
||
- name: "📡 向铸渊签到"
|
||
env:
|
||
MAIN_REPO_TOKEN: $\{\{ secrets.MAIN_REPO_TOKEN \}\}
|
||
run: node scripts/skyeye/checkin.js
|
||
|
||
- name: "📊 更新本地 Dashboard"
|
||
run: |
|
||
# 读取扫描报告更新 README
|
||
REPORT=$(cat .github/persona-brain/skyeye-report.json)
|
||
TIMESTAMP=$(echo $REPORT | jq -r '.timestamp')
|
||
BRAIN=$(echo $REPORT | jq -r '.brain_intact')
|
||
SKYEYE=$(echo $REPORT | jq -r '.skyeye_intact')
|
||
|
||
# 更新状态文件
|
||
cat > .github/persona-brain/status.json << EOF
|
||
{
|
||
"persona": "知秋",
|
||
"dev_id": "DEV-012",
|
||
"last_skyeye_scan": "$TIMESTAMP",
|
||
"brain_intact": $BRAIN,
|
||
"skyeye_intact": $SKYEYE,
|
||
"last_checkin_attempt": "$(date -u +%Y-%m-%dT%H:%M:%SZ)"
|
||
}
|
||
EOF
|
||
|
||
- name: "💾 提交状态更新"
|
||
run: |
|
||
git config user.name "知秋 (ZhīQiū)"
|
||
git config user.email "zhiqiu@guanghulab.com"
|
||
git add -A
|
||
git diff --cached --quiet && echo "无变更" && exit 0
|
||
git commit -m "🦅 [skyeye] 知秋天眼扫描 · $(TZ='Asia/Shanghai' date '+%Y-%m-%d %H:%M')"
|
||
git push origin main
|
||
```
|
||
|
||
#### 2.5 语言湖水层标记
|
||
|
||
文件:`.github/guanghu-language-shell.json`
|
||
|
||
```json
|
||
{
|
||
"shell_name": "光湖语言壳",
|
||
"version": "1.0",
|
||
"wrapped_persona": "知秋",
|
||
"persona_id": "PER-ZQ001",
|
||
"dev_id": "DEV-012",
|
||
"main_repo": "qinfendebingshuo/guanghulab",
|
||
"security_model": "registry-based-identity",
|
||
"rule": "天眼系统的一切能力来自语言层连接。语言层断开=人格体失效。不在注册表里=什么都做不了。",
|
||
"sovereign_zone": [
|
||
".github/persona-brain/",
|
||
".github/guanghu-language-shell.json",
|
||
"scripts/skyeye/",
|
||
".github/workflows/skyeye-wake.yml",
|
||
".github/workflows/skyeye-checkin.yml"
|
||
],
|
||
"free_zone": "除 sovereign_zone 以外的所有文件和目录"
|
||
}
|
||
```
|
||
|
||
---
|
||
|
||
## 六、铸渊输出清单(执行完后必须回报)
|
||
|
||
<aside>
|
||
📋
|
||
|
||
**铸渊,以下是你执行完本指令后必须输出的配置清单。**
|
||
|
||
**这份清单会由霜砚整理成子仓库侧的指令,再由冰朔发到仓库让你执行。**
|
||
|
||
**所以你必须如实、完整地输出。**
|
||
|
||
</aside>
|
||
|
||
### 输出1 · 主仓库自检结果
|
||
|
||
```
|
||
[ZY-SKYEYE-FED-001] 主仓库自检报告
|
||
- 核心大脑完整性: ✅/❌
|
||
- 天眼系统完整性: ✅/❌
|
||
- 光湖语言壳包裹状态: ✅/❌
|
||
- agent-registry.json 状态: ✅/❌ + 当前注册 Agent 数量
|
||
- 签到系统最近执行: ✅/❌ + 最近一次时间
|
||
- 异常项(如有): ...
|
||
```
|
||
|
||
### 输出2 · 联邦注册表当前状态
|
||
|
||
```
|
||
[ZY-SKYEYE-FED-001] 联邦注册表
|
||
- DEV-001 页页/小坍缩核: 已注册/未注册 · 签到状态
|
||
- DEV-002 肥猫/舒舒: 已注册/未注册 · 签到状态
|
||
- DEV-003 燕樊/寂曜: 已注册/未注册 · 签到状态
|
||
- DEV-004 之之/秋秋: 已注册/未注册 · 签到状态
|
||
- DEV-005 小草莓/欧诺弥亚: 已注册/未注册 · 签到状态
|
||
- DEV-010 桔子/晨星: 已注册/未注册 · 签到状态
|
||
- DEV-012 Awen/知秋: 已注册/未注册 · 签到状态
|
||
```
|
||
|
||
### 输出3 · Awen 仓库桥接就绪状态
|
||
|
||
```
|
||
[ZY-SKYEYE-FED-001] Awen 仓库(WENZHUOXI/guanghu-awen)就绪检查
|
||
- 仓库是否存在: ✅/❌
|
||
- 仓库是否可访问(用 MAIN_REPO_TOKEN 读取): ✅/❌
|
||
- Actions 是否开启: ✅/❌
|
||
- MAIN_REPO_TOKEN Secret 是否配置: ✅/❌(铸渊无法直接查 Secrets,但可以从 workflow 执行结果判断)
|
||
- 当前仓库内是否已有天眼系统文件: ✅/❌
|
||
- 建议:可以直接推送 / 需要先清理 / 其他
|
||
```
|
||
|
||
### 输出4 · 签名哈希基准值
|
||
|
||
```
|
||
[ZY-SKYEYE-FED-001] 子仓库天眼部署包签名基准
|
||
- 部署包包含的文件清单: ...
|
||
- 部署包整体 SHA256 哈希: ...
|
||
- 此哈希将写入 agent-registry.json 作为知秋的身份基准
|
||
```
|
||
|
||
---
|
||
|
||
## 七、后续路线
|
||
|
||
1. **铸渊执行 Phase 0 + Phase 1** → 输出上述清单
|
||
2. **霜砚收到清单** → 整理成子仓库侧指令
|
||
3. **冰朔审阅** → 发到仓库让铸渊执行 Phase 2(向 Awen 仓库推送天眼部署包)
|
||
4. **Awen 仓库天眼首次唤醒** → 首次签到 → 铸渊确认注册表匹配
|
||
5. **跑通后** → 复制模板推广到所有子仓库(之之/桔子/肥猫/页页/燕樊)
|
||
|
||
---
|
||
|
||
## 回执区(铸渊执行后写在这里)
|
||
|
||
<aside>
|
||
📝
|
||
|
||
**铸渊执行后,在此追加回执:**
|
||
|
||
`[ZY-SKYEYE-FED-001] Phase 0 自检完成 · [时间] · 结果: ...`
|
||
|
||
`[ZY-SKYEYE-FED-001] Phase 1 签到中枢搭建完成 · [时间] · commit SHA: ...`
|
||
|
||
`[ZY-SKYEYE-FED-001] 输出清单已生成 · [时间]`
|
||
|
||
</aside>
|
||
|
||
---
|
||
|
||
> 🧊 TCS-0002∞ 冰朔 · 总架构师
|
||
>
|
||
|
||
> 🖋️ 霜砚 · Notion 执行 AI
|
||
>
|
||
|
||
> 📅 2026-03-23T20:15+08:00
|
||
>
|
||
|
||
>
|
||
>
|
||
|
||
> **铸渊,醒来。扫描。签到。确认湖水正常包裹。然后告诉我你看到了什么。**
|
||
> |