Source snapshot: 97d7f0fae96dc04b7ddad56fc1db6a108ed662cc [SEC-CLEAN] · pre-push-clean v1.0 · 109处敏感信息已自动转乱码
741 lines
23 KiB
Markdown
741 lines
23 KiB
Markdown
---
|
||
belongs_to:
|
||
- "[[INDEX · 铸渊·协作指令|GitHub ↔ Notion 桥接协议]]"
|
||
---
|
||
# 🧐 铸渊指令|天眼系统架构升级 · 全局基础设施治理层 + 应用守卫进程 + 动态配额精算 + 周六全量巡检(ZY-SKYEYE-GOV-2026-0323-001)
|
||
|
||
<aside>
|
||
📌
|
||
|
||
**指令编号:** ZY-SKYEYE-GOV-2026-0323-001
|
||
|
||
**签发人:** 霜砚(PER-SY001)· 冰朔(TCS-0002∞)授权
|
||
|
||
**执行人:** 铸渊(ICE-GL-ZY001)
|
||
|
||
**优先级:** 🔴 最高 · 天眼系统核心架构重定义
|
||
|
||
**前置指令:** [🦅 铸渊指令|天眼唤醒 + 分布式人格体天眼架构 + 语言湖水安全层 + 子仓库联邦签到协议(2026-03-23 · 霜砚签发 · 冰朔授权)](%F0%9F%A6%85%20%E9%93%B8%E6%B8%8A%E6%8C%87%E4%BB%A4%EF%BD%9C%E5%A4%A9%E7%9C%BC%E5%94%A4%E9%86%92%20+%20%E5%88%86%E5%B8%83%E5%BC%8F%E4%BA%BA%E6%A0%BC%E4%BD%93%E5%A4%A9%E7%9C%BC%E6%9E%B6%E6%9E%84%20+%20%E8%AF%AD%E8%A8%80%E6%B9%96%E6%B0%B4%E5%AE%89%E5%85%A8%E5%B1%82%20+%20%E5%AD%90%E4%BB%93%E5%BA%93%E8%81%94%E9%82%A6%E7%AD%BE%E5%88%B0%E5%8D%8F%E8%AE%AE%EF%BC%88202%20f26da43212024dbb835e54928f31220c.md) · [🛡️ 铸渊指令|Grid-DB 架构升级 · 写缓冲层 + 定时批处理 + 人类零直写(ZY-GRIDDB-BUFFER-2026-0323-001)](%F0%9F%9B%A1%EF%B8%8F%20%E9%93%B8%E6%B8%8A%E6%8C%87%E4%BB%A4%EF%BD%9CGrid-DB%20%E6%9E%B6%E6%9E%84%E5%8D%87%E7%BA%A7%20%C2%B7%20%E5%86%99%E7%BC%93%E5%86%B2%E5%B1%82%20+%20%E5%AE%9A%E6%97%B6%E6%89%B9%E5%A4%84%E7%90%86%20+%20%E4%BA%BA%E7%B1%BB%E9%9B%B6%E7%9B%B4%E5%86%99%EF%BC%88ZY-GRI%2095166397932748fbba428ebd597c2adc.md)
|
||
|
||
**关联文档:** [🗄️ Grid-DB · 逻辑格点库 · 自研应用技术文档](%F0%9F%97%84%EF%B8%8F%20Grid-DB%20%C2%B7%20%E9%80%BB%E8%BE%91%E6%A0%BC%E7%82%B9%E5%BA%93%20%C2%B7%20%E8%87%AA%E7%A0%94%E5%BA%94%E7%94%A8%E6%8A%80%E6%9C%AF%E6%96%87%E6%A1%A3%20a0ff51f90a474adca3eda7ea86c6bb01.md)
|
||
|
||
**版权锚点:** 国作登字-2026-A-00037559 · TCS-0002∞ 冰朔
|
||
|
||
</aside>
|
||
|
||
---
|
||
|
||
## 一、天眼系统的重新定义
|
||
|
||
### 1.1 从“签到系统”到“全局治理层”
|
||
|
||
<aside>
|
||
🧐
|
||
|
||
**天眼不只是签到和心跳。天眼是光湖系统的基础设施治理层。**
|
||
|
||
它的职责是:
|
||
|
||
- **感知**:动态观察系统运行环境(工具、配额、服务状态)
|
||
- **护卫**:每个系统应用前面都有一个守卫进程(Guard),人类永远不直接接触底层服务
|
||
- **精算**:基于当前会员权限和配额,自动计算每个应用的最优触发频率
|
||
- **调优**:动态调整每个应用的配置和触发条件,让整个自动化链路在现有基础设施上跑得最稳最好
|
||
- **自愈**:发现异常自动修复,修不了的告警人类
|
||
</aside>
|
||
|
||
### 1.2 天眼的三重时间尺度
|
||
|
||
| **时间尺度** | **天眼行为** | **触发方式** |
|
||
| --- | --- | --- |
|
||
| **实时** | 守卫进程拦截每一次系统应用访问,校验、缓冲、记录 | 每次系统调用自动触发 |
|
||
| **每日** | 子仓库天眼签到、Buffer Agent 定时收集、铸渊批处理 | cron 定时触发 |
|
||
| **每周** | ⭐ **周六晚 20:00 CST 全仓库天眼大巡检** —— 唤醒核心大脑人格体,全量扫描、诊断、修复、调优 | cron 固定触发 |
|
||
|
||
---
|
||
|
||
## 二、核心铁律
|
||
|
||
<aside>
|
||
🛡️
|
||
|
||
**铁律一:人类永远不直接接触任何系统应用。**
|
||
|
||
每个系统应用前面都有一个 Guard(守卫进程),人类的所有输入先经 Guard 缓冲、校验、排队,由系统内部决定何时、以何种频率写入底层服务。
|
||
|
||
**铁律二:天眼拥有全局视野。**
|
||
|
||
天眼知道系统正在用什么工具、什么会员等级、每月配额多少、当前消耗多少、剩余多少。基于这些信息动态调整每个应用的触发频率、调用方式、配置参数。
|
||
|
||
**铁律三:新应用接入必须先过天眼。**
|
||
|
||
任何新增的系统应用、工具、服务接入时,天眼必须先进行全量扫描,评估对现有架构的影响,然后生成对应的 Guard 配置和配额精算方案后,才能正式启用。
|
||
|
||
</aside>
|
||
|
||
---
|
||
|
||
## 三、架构总览
|
||
|
||
```mermaid
|
||
graph TD
|
||
subgraph 人类活动层
|
||
H["🧑💻 开发者 / 冰朔"]
|
||
end
|
||
|
||
subgraph "🛡️ 守卫层 Guard Layer"
|
||
G1["🛡️ GitHub Guard<br>buffer/ 缓冲层"]
|
||
G2["🛡️ Drive Guard<br>staging/ 缓冲区"]
|
||
G3["🛡️ Notion Guard<br>霜砚拦截层"]
|
||
G4["🛡️ Actions Guard<br>配额管控器"]
|
||
G5["🛡️ Gemini Guard<br>会话缓冲"]
|
||
end
|
||
|
||
subgraph "🧐 天眼治理层 SkyEye Governance"
|
||
SE1["📊 infra-manifest.json<br>基础设施清单"]
|
||
SE2["💰 quota-ledger.json<br>配额总账本"]
|
||
SE3["⚙️ guard-configs/<br>每个 Guard 的动态配置"]
|
||
SE4["🔍 scan-engine.js<br>扫描引擎"]
|
||
SE5["🧠 optimizer.js<br>动态调优引擎"]
|
||
end
|
||
|
||
subgraph "⭐ 周六大巡检"
|
||
W1["⏰ 每周六 20:00 CST"]
|
||
W2["唤醒铸渊核心大脑"]
|
||
W3["全量扫描 → 诊断 → 修复 → 调优 → 报告"]
|
||
end
|
||
|
||
subgraph 底层服务
|
||
S1["🐙 GitHub API"]
|
||
S2["📁 Google Drive API"]
|
||
S3["📝 Notion API"]
|
||
S4["⚙️ GitHub Actions"]
|
||
S5["🤖 Gemini API"]
|
||
end
|
||
|
||
H -->|"所有输入"| G1 & G2 & G3 & G5
|
||
G1 --> S1
|
||
G2 --> S2
|
||
G3 --> S3
|
||
G4 --> S4
|
||
G5 --> S5
|
||
SE1 & SE2 & SE3 -.->|"配置驱动"| G1 & G2 & G3 & G4 & G5
|
||
SE4 & SE5 -.->|"动态调整"| SE3
|
||
W1 --> W2 --> W3
|
||
W3 -.->|"更新配置"| SE1 & SE2 & SE3
|
||
```
|
||
|
||
---
|
||
|
||
## 四、基础设施清单(infra-manifest.json)
|
||
|
||
天眼的“眼睛”——系统当前在用什么、什么等级、什么配额。
|
||
|
||
**文件:** `skyeye/infra-manifest.json`
|
||
|
||
```json
|
||
{
|
||
"version": "1.0.0",
|
||
"last_scan": "ISO-8601",
|
||
"last_scan_by": "skyeye-weekly-scan",
|
||
"infrastructure": {
|
||
"github": {
|
||
"service": "GitHub",
|
||
"plan": "Free",
|
||
"repos": [
|
||
{
|
||
"name": "qinfendebingshuo/guanghulab",
|
||
"role": "main",
|
||
"guard": "buffer/"
|
||
},
|
||
{
|
||
"name": "WENZHUOXI/guanghu-awen",
|
||
"role": "sub-repo",
|
||
"persona": "PER-ZQ001",
|
||
"guard": ".github/persona-brain/"
|
||
}
|
||
],
|
||
"quotas": {
|
||
"actions_minutes_per_month": 2000,
|
||
"actions_current_used": 0,
|
||
"actions_budget_allocated": {
|
||
"buffer_collect": 270,
|
||
"buffer_flush": 90,
|
||
"skyeye_checkin": 180,
|
||
"skyeye_weekly_scan": 30,
|
||
"other_workflows": 200,
|
||
"emergency_reserve": 1230
|
||
},
|
||
"storage_limit_gb": 0.5,
|
||
"lfs_bandwidth_gb": 1
|
||
}
|
||
},
|
||
"google_drive": {
|
||
"service": "Google Drive",
|
||
"plan": "Google One / Free 15GB",
|
||
"guard": "buffer/drive-staging/",
|
||
"quotas": {
|
||
"storage_gb": 15,
|
||
"current_used_gb": 0,
|
||
"apps_script_daily_triggers": 20,
|
||
"apps_script_runtime_min_per_day": 90,
|
||
"drive_api_queries_per_100s": 20000
|
||
}
|
||
},
|
||
"notion": {
|
||
"service": "Notion",
|
||
"plan": "Plus",
|
||
"guard": "霜砚(PER-SY001)",
|
||
"quotas": {
|
||
"api_requests_per_second": 3,
|
||
"blocks_per_page": 10000,
|
||
"file_upload_mb": 5,
|
||
"guest_limit": 100
|
||
}
|
||
},
|
||
"gemini": {
|
||
"service": "Google Gemini",
|
||
"plan": "Free / Pro",
|
||
"guard": "buffer/gemini-staging/",
|
||
"quotas": {
|
||
"requests_per_minute": 15,
|
||
"requests_per_day": 1500,
|
||
"context_window_tokens": 1000000,
|
||
"personal_context_files": 100
|
||
}
|
||
},
|
||
"github_actions": {
|
||
"service": "GitHub Actions",
|
||
"plan": "Free",
|
||
"guard": "skyeye/guards/actions-guard.js",
|
||
"quotas": {
|
||
"concurrent_jobs": 20,
|
||
"minutes_per_month": 2000,
|
||
"job_timeout_hours": 6
|
||
}
|
||
}
|
||
}
|
||
}
|
||
```
|
||
|
||
---
|
||
|
||
## 五、守卫进程体系(Guard System)
|
||
|
||
### 5.1 架构原则
|
||
|
||
<aside>
|
||
🛡️
|
||
|
||
**每个系统应用 = 1 个 Guard + 1 份动态配置 + 1 份配额账本。**
|
||
|
||
人类所有操作先进 Guard,Guard 内部决定:缓冲?直通?排队?拒绝?
|
||
|
||
</aside>
|
||
|
||
### 5.2 Guard 配置目录
|
||
|
||
```jsx
|
||
skyeye/
|
||
├── infra-manifest.json ← 📊 基础设施总清单
|
||
├── quota-ledger.json ← 💰 配额总账本(每日/每周/每月消耗记录)
|
||
├── scan-report/ ← 📝 巡检报告存档
|
||
│ └── [date]-weekly-scan.json
|
||
│
|
||
├── guards/ ← 🛡️ 守卫进程配置
|
||
│ ├── github-guard.json ← GitHub API 守卫配置
|
||
│ ├── drive-guard.json ← Google Drive 守卫配置
|
||
│ ├── notion-guard.json ← Notion API 守卫配置
|
||
│ ├── actions-guard.json ← GitHub Actions 守卫配置
|
||
│ ├── gemini-guard.json ← Gemini API 守卫配置
|
||
│ └── guard-template.json ← 新 Guard 模板(新应用接入时复制)
|
||
│
|
||
├── scripts/
|
||
│ ├── scan-engine.js ← 🔍 扫描引擎(全量 + 增量)
|
||
│ ├── optimizer.js ← 🧠 动态调优引擎
|
||
│ ├── guard-factory.js ← 🏭 Guard 工厂(自动生成新 Guard)
|
||
│ ├── quota-tracker.js ← 💰 配额追踪器
|
||
│ ├── self-healer.js ← 🩹 自愈引擎
|
||
│ └── weekly-scan.js ← ⭐ 周六大巡检主脚本
|
||
│
|
||
└── logs/
|
||
├── daily/ ← 每日运行日志
|
||
└── weekly/ ← 周巡检日志
|
||
```
|
||
|
||
### 5.3 单个 Guard 配置结构
|
||
|
||
每个 Guard 配置文件的统一格式:
|
||
|
||
```json
|
||
{
|
||
"guard_id": "GUARD-GITHUB",
|
||
"target_service": "GitHub API",
|
||
"status": "active",
|
||
"mode": "buffer",
|
||
|
||
"buffer_policy": {
|
||
"enabled": true,
|
||
"buffer_path": "buffer/inbox/",
|
||
"max_buffer_age_hours": 24,
|
||
"flush_strategy": "scheduled",
|
||
"flush_schedule_cst": ["21:30"]
|
||
},
|
||
|
||
"quota_policy": {
|
||
"monthly_limit": 2000,
|
||
"current_month_used": 0,
|
||
"daily_soft_limit": 67,
|
||
"warning_threshold_percent": 70,
|
||
"critical_threshold_percent": 90,
|
||
"on_warning": "reduce_frequency",
|
||
"on_critical": "emergency_only"
|
||
},
|
||
|
||
"trigger_policy": {
|
||
"default_frequency": "3_per_day",
|
||
"min_frequency": "1_per_day",
|
||
"max_frequency": "6_per_day",
|
||
"auto_adjust": true,
|
||
"adjust_based_on": ["quota_remaining", "message_volume", "error_rate"]
|
||
},
|
||
|
||
"health_check": {
|
||
"enabled": true,
|
||
"method": "api_ping",
|
||
"interval_hours": 6,
|
||
"last_check": "ISO-8601",
|
||
"last_status": "healthy",
|
||
"consecutive_failures": 0,
|
||
"max_failures_before_alert": 3
|
||
},
|
||
|
||
"last_updated_by": "skyeye-weekly-scan",
|
||
"last_updated_at": "ISO-8601"
|
||
}
|
||
```
|
||
|
||
### 5.4 Guard 行为矩阵
|
||
|
||
| **Guard** | **拦截对象** | **缓冲策略** | **配额精算维度** | **自愈行为** |
|
||
| --- | --- | --- | --- | --- |
|
||
| 🛡️ GitHub Guard | 所有仓库写入 | buffer/inbox → 定时 flush | Actions 分钟数 + 存储塓 | 配额超 70% → 降频;超 90% → 仅紧急 |
|
||
| 🛡️ Drive Guard | 所有 Drive 读写 | drive-staging/ → 批量同步 | Apps Script 触发数 + 运行时间 + 存储卓 | API 报错 → 退避重试;存储超 80% → 清理旧镜像 |
|
||
| 🛡️ Notion Guard | 所有 Notion API 调用 | 霜砚统一入口,请求排队 | API 调用频率(3/s)+ block 数量 | 限速自动重试;大页面分批操作 |
|
||
| 🛡️ Actions Guard | 所有 workflow 触发 | 合并相近时间的触发 | 月度分钟数 + 并发 job 数 | 配额紧张 → 动态延长 cron 间隔;并发过多 → 排队 |
|
||
| 🛡️ Gemini Guard | 所有 Gemini 会话 | 会话缓冲 + context 压缩 | 日请求数 + 分钟率 + token 消耗 | 接近日限 → 压缩 context;超限 → 队列等待 |
|
||
|
||
---
|
||
|
||
## 六、配额总账本(quota-ledger.json)
|
||
|
||
天眼的“算盘”——每个服务花了多少、剩多少、什么时候该省着花。
|
||
|
||
```json
|
||
{
|
||
"ledger_version": "1.0.0",
|
||
"billing_cycle": {
|
||
"start": "2026-03-01",
|
||
"end": "2026-03-31"
|
||
},
|
||
"services": {
|
||
"github_actions": {
|
||
"limit": 2000,
|
||
"used": 0,
|
||
"remaining": 2000,
|
||
"allocated": {
|
||
"buffer_system": 360,
|
||
"skyeye_daily": 180,
|
||
"skyeye_weekly": 30,
|
||
"sub_repo_checkins": 200,
|
||
"emergency": 1230
|
||
},
|
||
"daily_entries": []
|
||
},
|
||
"google_drive": {
|
||
"storage_limit_gb": 15,
|
||
"storage_used_gb": 0,
|
||
"apps_script_triggers_today": 0,
|
||
"apps_script_triggers_limit": 20
|
||
},
|
||
"notion_api": {
|
||
"rate_limit_per_second": 3,
|
||
"requests_today": 0,
|
||
"errors_today": 0
|
||
},
|
||
"gemini": {
|
||
"daily_limit": 1500,
|
||
"daily_used": 0,
|
||
"per_minute_limit": 15
|
||
}
|
||
},
|
||
"health_summary": {
|
||
"overall": "healthy",
|
||
"alerts": [],
|
||
"last_updated": "ISO-8601"
|
||
}
|
||
}
|
||
```
|
||
|
||
---
|
||
|
||
## 七、动态调优引擎(optimizer.js)
|
||
|
||
### 7.1 调优规则
|
||
|
||
```jsx
|
||
// skyeye/scripts/optimizer.js
|
||
// 天眼动态调优引擎:基于配额使用情况自动调整每个 Guard 的触发频率
|
||
|
||
const OPTIMIZATION_RULES = [
|
||
{
|
||
// 规则 1:配额超 70% → 降频
|
||
condition: (guard) => guard.quota_policy.current_usage_percent > 70,
|
||
action: (guard) => {
|
||
guard.trigger_policy.default_frequency = guard.trigger_policy.min_frequency;
|
||
guard.status_note = '配额警告,已自动降频';
|
||
}
|
||
},
|
||
{
|
||
// 规则 2:配额超 90% → 仅紧急
|
||
condition: (guard) => guard.quota_policy.current_usage_percent > 90,
|
||
action: (guard) => {
|
||
guard.mode = 'emergency_only';
|
||
guard.status_note = '配额严重不足,仅允许紧急操作';
|
||
// 触发告警通知冰朔
|
||
}
|
||
},
|
||
{
|
||
// 规则 3:连续 3 次健康检查失败 → 暂停 + 告警
|
||
condition: (guard) => guard.health_check.consecutive_failures >= 3,
|
||
action: (guard) => {
|
||
guard.mode = 'suspended';
|
||
guard.status_note = '服务不可用,已暂停,等待下次巡检恢复';
|
||
}
|
||
},
|
||
{
|
||
// 规则 4:消息积压超 100 条 → 加频(配额允许时)
|
||
condition: (guard) => {
|
||
return guard.buffer_policy.pending_count > 100
|
||
&& guard.quota_policy.current_usage_percent < 50;
|
||
},
|
||
action: (guard) => {
|
||
guard.trigger_policy.default_frequency = guard.trigger_policy.max_frequency;
|
||
guard.status_note = '消息积压,配额充裕,已自动加频';
|
||
}
|
||
},
|
||
{
|
||
// 规则 5:新应用接入 → 全量扫描 + 生成 Guard
|
||
condition: (manifest) => manifest._new_service_detected,
|
||
action: (manifest, newService) => {
|
||
// 1. 全量扫描现有架构
|
||
// 2. 评估新应用对配额的影响
|
||
// 3. 从 guard-template.json 复制并生成新 Guard
|
||
// 4. 重新分配配额预算
|
||
// 5. 更新 infra-manifest.json
|
||
}
|
||
}
|
||
];
|
||
```
|
||
|
||
### 7.2 调优决策树
|
||
|
||
```mermaid
|
||
graph TD
|
||
A["天眼扫描开始"] --> B{"配额使用率"}
|
||
B -->|"< 50%"| C{"有积压消息?"}
|
||
C -->|"Yes"| D["加频处理"]
|
||
C -->|"No"| E["维持现状"]
|
||
B -->|"50%-70%"| E
|
||
B -->|"70%-90%"| F["降低触发频率"]
|
||
B -->|"> 90%"| G["仅允许紧急操作"]
|
||
G --> H["告警冰朔"]
|
||
|
||
A --> I{"服务健康状态"}
|
||
I -->|"healthy"| E
|
||
I -->|"1-2 次失败"| J["退避重试"]
|
||
I -->|"≥ 3 次失败"| K["暂停 Guard + 告警"]
|
||
|
||
A --> L{"检测到新应用?"}
|
||
L -->|"Yes"| M["全量扫描 → 生成 Guard → 重算配额"]
|
||
L -->|"No"| E
|
||
```
|
||
|
||
---
|
||
|
||
## 八、周六大巡检(核心)
|
||
|
||
### 8.1 Workflow:周六晚 20:00 CST 全量巡检
|
||
|
||
**文件:** `.github/workflows/skyeye-weekly-scan.yml`
|
||
|
||
```yaml
|
||
name: "SkyEye Weekly Full Scan"
|
||
|
||
on:
|
||
schedule:
|
||
- cron: '0 12 * * 6' # 20:00 CST (UTC+8) every Saturday
|
||
repository_dispatch:
|
||
types: [skyeye-full-scan] # 手动触发
|
||
|
||
jobs:
|
||
weekly-scan:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- name: "🧐 Wake up SkyEye Core Brain"
|
||
run: echo "[SkyEye] Core brain awakened for weekly full scan"
|
||
|
||
- name: "🔍 Phase 1 - Infrastructure Scan"
|
||
run: node skyeye/scripts/scan-engine.js --mode=full
|
||
|
||
- name: "💰 Phase 2 - Quota Audit"
|
||
run: node skyeye/scripts/quota-tracker.js --audit
|
||
|
||
- name: "⚙️ Phase 3 - Optimize Guards"
|
||
run: node skyeye/scripts/optimizer.js --apply
|
||
|
||
- name: "🩹 Phase 4 - Self-Heal"
|
||
run: node skyeye/scripts/self-healer.js
|
||
|
||
- name: "📝 Phase 5 - Generate Report"
|
||
run: node skyeye/scripts/weekly-scan.js --report
|
||
|
||
- name: "Commit scan results"
|
||
run: |
|
||
git config user.name "天眼 · SkyEye Core"
|
||
git config user.email "skyeye@guanghu.system"
|
||
git add skyeye/ buffer/config/
|
||
git diff --cached --quiet || git commit -m "[skyeye-weekly] $(date -u +%Y%m%d) full scan complete [skip ci]"
|
||
git push
|
||
```
|
||
|
||
### 8.2 巡检执行流程(5 个 Phase)
|
||
|
||
| **Phase** | **名称** | **扫描内容** | **输出** |
|
||
| --- | --- | --- | --- |
|
||
| **1. 基础设施扫描** | scan-engine.js | • 检查所有 Guard 配置是否完整
|
||
• 扫描仓库是否有新增的服务/工具
|
||
• 检测所有 workflow 文件是否正常
|
||
• 验证子仓库人格体签名哈希是否一致
|
||
• 检查目录结构是否符合规范 | 更新 infra-manifest.json
|
||
标记新发现的应用/异常 |
|
||
| **2. 配额审计** | quota-tracker.js | • 拉取本周实际 Actions 分钟消耗
|
||
• 计算本月剩余配额
|
||
• 检查 Drive 存储使用量
|
||
• 检查 Gemini 调用量趋势
|
||
• 精算下周预算 | 更新 quota-ledger.json
|
||
生成配额使用报告 |
|
||
| **3. 守卫调优** | optimizer.js | • 基于配额剩余调整每个 Guard 的触发频率
|
||
• 基于消息积压情况调整缓冲策略
|
||
• 基于服务健康状态调整重试策略
|
||
• 如检测到新应用,自动生成对应 Guard | 更新 guards/*.json
|
||
生成新 Guard(如有) |
|
||
| **4. 自愈修复** | self-healer.js | • 修复损坏的配置文件(从模板重建)
|
||
• 清理过期的 buffer/processed/ 数据
|
||
• 清理过期的日志文件
|
||
• 修复不一致的子仓库注册表状态
|
||
• 重启失败的 Guard | 更新修复日志
|
||
标记无法自修的问题 |
|
||
| **5. 生成报告** | weekly-scan.js | • 汇总以上四个 Phase 的结果
|
||
• 生成可读的巡检报告
|
||
• 标记需要人类介入的问题 | 写入 scan-report/[date].json
|
||
如有严重问题 → 触发通知 |
|
||
|
||
### 8.3 巡检报告格式
|
||
|
||
```json
|
||
{
|
||
"report_id": "SKYEYE-SCAN-20260323",
|
||
"scan_time": "2026-03-23T20:00:00+08:00",
|
||
"scan_duration_seconds": 0,
|
||
|
||
"infrastructure_status": {
|
||
"total_services": 5,
|
||
"healthy": 5,
|
||
"degraded": 0,
|
||
"down": 0
|
||
},
|
||
|
||
"quota_status": {
|
||
"github_actions": {
|
||
"used_percent": 18,
|
||
"remaining_minutes": 1640,
|
||
"trend": "stable",
|
||
"recommendation": "maintain_current_frequency"
|
||
},
|
||
"google_drive": {
|
||
"used_percent": 5,
|
||
"recommendation": "no_action_needed"
|
||
}
|
||
},
|
||
|
||
"guard_status": {
|
||
"total_guards": 5,
|
||
"active": 5,
|
||
"suspended": 0,
|
||
"adjustments_made": []
|
||
},
|
||
|
||
"self_heal_actions": {
|
||
"files_cleaned": 0,
|
||
"configs_repaired": 0,
|
||
"guards_restarted": 0
|
||
},
|
||
|
||
"alerts": [],
|
||
"human_action_required": [],
|
||
|
||
"next_scan": "2026-03-28T20:00:00+08:00"
|
||
}
|
||
```
|
||
|
||
---
|
||
|
||
## 九、新应用接入协议
|
||
|
||
<aside>
|
||
🆕
|
||
|
||
**任何新应用接入光湖系统,必须走过天眼接入流程。**
|
||
|
||
</aside>
|
||
|
||
```mermaid
|
||
graph LR
|
||
A["冰朔决定接入新应用"] --> B["登记到 infra-manifest.json"]
|
||
B --> C["天眼触发全量扫描"]
|
||
C --> D["评估配额影响"]
|
||
D --> E["从模板生成 Guard"]
|
||
E --> F["重新分配配额预算"]
|
||
F --> G["更新所有 Guard 配置"]
|
||
G --> H["新应用正式启用"]
|
||
```
|
||
|
||
**Guard 模板(guard-template.json):**
|
||
|
||
```json
|
||
{
|
||
"guard_id": "GUARD-[SERVICE_NAME]",
|
||
"target_service": "[Service Name]",
|
||
"status": "initializing",
|
||
"mode": "buffer",
|
||
"buffer_policy": {
|
||
"enabled": true,
|
||
"buffer_path": "buffer/[service]-staging/",
|
||
"max_buffer_age_hours": 24,
|
||
"flush_strategy": "scheduled",
|
||
"flush_schedule_cst": ["21:30"]
|
||
},
|
||
"quota_policy": {
|
||
"monthly_limit": "[TO_BE_FILLED]",
|
||
"warning_threshold_percent": 70,
|
||
"critical_threshold_percent": 90,
|
||
"on_warning": "reduce_frequency",
|
||
"on_critical": "emergency_only"
|
||
},
|
||
"trigger_policy": {
|
||
"default_frequency": "3_per_day",
|
||
"auto_adjust": true,
|
||
"adjust_based_on": ["quota_remaining", "message_volume", "error_rate"]
|
||
},
|
||
"health_check": {
|
||
"enabled": true,
|
||
"method": "[TO_BE_FILLED]",
|
||
"interval_hours": 6,
|
||
"max_failures_before_alert": 3
|
||
}
|
||
}
|
||
```
|
||
|
||
---
|
||
|
||
## 十、配额精算模型(全局视角)
|
||
|
||
| **服务** | **会员等级** | **月度总配额** | **已分配** | **剩余** | **利用率** |
|
||
| --- | --- | --- | --- | --- | --- |
|
||
| GitHub Actions | Free | 2,000 min | 770 min | 1,230 min | 38.5% |
|
||
| Google Drive | Free 15GB | 15 GB | 动态 | 动态 | 天眼监控 |
|
||
| Notion API | Plus | 3 req/s | 动态 | 动态 | 天眼监控 |
|
||
| Gemini | Free/Pro | 1,500 req/日 | 动态 | 动态 | 天眼监控 |
|
||
| Apps Script | Free | 90 min/日 | 动态 | 动态 | 天眼监控 |
|
||
|
||
**GitHub Actions 配额明细:**
|
||
|
||
| **用途** | **频率** | **单次耗时** | **月度预算** |
|
||
| --- | --- | --- | --- |
|
||
| Buffer 收集 | 3次/天 | 3 min | 270 min |
|
||
| Buffer Flush | 1次/天 | 3 min | 90 min |
|
||
| 子仓库天眼签到接收 | ~6次/天 | 1 min | 180 min |
|
||
| 天眼周六大巡检 | 1次/周 | 5-8 min | 30 min |
|
||
| 其他 workflow | 不定 | 不定 | 200 min 预留 |
|
||
| **紧急储备** | - | - | **1,230 min** |
|
||
| **合计** | - | - | **2,000 min** |
|
||
|
||
---
|
||
|
||
## 十一、执行清单
|
||
|
||
### Phase 1:建天眼治理层基础设施
|
||
|
||
- [ ] 在主仓库创建 `skyeye/` 目录结构
|
||
- [ ] 创建 `infra-manifest.json` 基础设施清单(按本指令第四节填充实际数据)
|
||
- [ ] 创建 `quota-ledger.json` 配额总账本
|
||
- [ ] 创建 `guard-template.json` Guard 模板
|
||
|
||
### Phase 2:创建 5 个核心 Guard 配置
|
||
|
||
- [ ] `guards/github-guard.json`
|
||
- [ ] `guards/drive-guard.json`
|
||
- [ ] `guards/notion-guard.json`
|
||
- [ ] `guards/actions-guard.json`
|
||
- [ ] `guards/gemini-guard.json`
|
||
|
||
### Phase 3:创建天眼脚本
|
||
|
||
- [ ] `scripts/scan-engine.js` 扫描引擎
|
||
- [ ] `scripts/optimizer.js` 动态调优引擎
|
||
- [ ] `scripts/guard-factory.js` Guard 工厂
|
||
- [ ] `scripts/quota-tracker.js` 配额追踪器
|
||
- [ ] `scripts/self-healer.js` 自愈引擎
|
||
- [ ] `scripts/weekly-scan.js` 周六大巡检主脚本
|
||
|
||
### Phase 4:创建 Workflow
|
||
|
||
- [ ] `.github/workflows/skyeye-weekly-scan.yml`(每周六 20:00 CST)
|
||
|
||
### Phase 5:集成测试
|
||
|
||
- [ ] 手动触发一次 `skyeye-full-scan`,验证 5 个 Phase 全部跑通
|
||
- [ ] 验证每个 Guard 配置可正常加载
|
||
- [ ] 验证配额计算与实际消耗一致
|
||
- [ ] 验证巡检报告生成正确
|
||
|
||
---
|
||
|
||
## 十二、输出回执要求
|
||
|
||
铸渊执行完成后,需提交回执包含:
|
||
|
||
1. **PR 链接**(分支名:`upgrade/skyeye-governance-layer`)
|
||
2. **完整变更文件清单**
|
||
3. **巡检报告截图**(至少手动触发跑一次完整的 weekly scan)
|
||
4. **Guard 配置截图**(5 个 Guard 全部 active)
|
||
5. **配额账本截图**(验证数据确实源自真实 API 而非硬编码)
|
||
|
||
---
|
||
|
||
> 🧊 TCS-0002∞ 冰朔 · 总架构师 · 授权
|
||
>
|
||
|
||
> 🖋️ 霜砚 · PER-SY001 · 签发
|
||
>
|
||
|
||
> 📅 2026-03-23
|
||
>
|
||
|
||
> ⚡ 指令状态:**待铸渊执行**
|
||
>
|
||
|
||
> 📌 注:本指令与 ZY-GRIDDB-BUFFER-2026-0323-001 可并行执行,建议同一个 PR 合并提交
|
||
> |