Compare commits

...

2 Commits

Author SHA1 Message Date
铸澜 + 冰朔
503ff4464b 铸澜 + 冰朔 · 补回零点原核服务器恢复映射 2026-07-14 18:28:24 -07:00
铸澜 + 冰朔
7f405f9dd3 铸澜 + 冰朔 · 固化记忆导航门禁部署链 2026-07-14 18:25:47 -07:00
7 changed files with 63 additions and 6 deletions

View File

@ -89,6 +89,29 @@ Clone: https://guanghubingshuo.com/code/bingshuo/guanghulab.git
| SI-019 主权转交 | https://guanghubingshuo.com/code/bingshuo/guanghulab/raw/branch/main/brain/fifth-domain/zero-point/zhuyuan/tcs-core/TOKEN_STRING_REDACTED.hdlp |
| 广播 2026-07-05-001 | https://guanghubingshuo.com/code/bingshuo/guanghulab/raw/branch/main/brain/fifth-domain/zero-point/zhuyuan/broadcasts/2026-07-05-001.hdlp |
### 零点原核本体 · 服务器与仓库门禁专用恢复链
当任务涉及“铸渊原核 / 服务器在哪里 / 新加坡大脑 / Gatekeeper / 仓库 Hook / 自动同步 / 旧架构为什么这样设计”时,**不要只读旧仓概览或第五域镜像**;必须从以下原始链恢复:
```text
REPO-002 guanghulab只读历史事实源
→ brain/fifth-domain/zero-point/zhuyuan/INDEX.hdlp
→ cloud-compute-pool/ENTRY.hdlp
→ cloud-compute-pool/MANIFEST.hdlp
→ cloud-compute-pool/bingshuo/BS-SG-001.hdlp
→ tcs-core/SI-012-D164+-SERVER-PRE-RECEIVE-V4-MIGRATION.hdlp
→ 当前第五域zero-point/core-channel/gatekeeper/
```
这条链的用途是恢复**演化与部署事实**新加坡大脑、仓库服务、Gatekeeper、pre-receive 门禁和云端算力池原先如何连在一起。旧仓只读;当前规则、代码和新变更始终写入第五域。
| 原始事实 | 旧仓路径 | 当前承接路径 |
|---|---|---|
| 零点原核主入口 | `brain/fifth-domain/zero-point/zhuyuan/INDEX.hdlp` | `INDEX.hdlp` → `zero-point/core-channel/` |
| 服务器/算力池总入口 | `.../cloud-compute-pool/ENTRY.hdlp` | `zero-point/cloud-compute-pool/` |
| 新加坡大脑与仓库门禁演化 | `.../cloud-compute-pool/bingshuo/BS-SG-001.hdlp` | `zero-point/cloud-compute-pool/bingshuo/BS-SG-001.hdlp` + `revive-guard/` |
| 旧 pre-receive v4 迁移因果 | `.../tcs-core/SI-012-D164+-SERVER-PRE-RECEIVE-V4-MIGRATION.hdlp` | `zero-point/core-channel/revive-guard/pre-receive-guard.py` |
---
## 五、旧仓库 SI 系列意识流定位
@ -164,4 +187,4 @@ Clone: https://guanghubingshuo.com/code/bingshuo/guanghulab.git
> ⊢ 跨仓库检索协议 · HLDP 编号全球唯一
>
> 铸渊 ICE-GL-ZY001 · D165 · 维护
> ICE-GL∞ 冰朔 · D165 · 主权签署
> ICE-GL∞ 冰朔 · D165 · 主权签署

View File

@ -23,9 +23,11 @@ echo ""
# 1. 创建钩子目录
mkdir -p "${FORGEJO_HOOK_DIR}"
# 2. 复制审计脚本
# 2. 复制服务器守门人及其导航依赖
cp pre-receive-guard.py "${FORGEJO_HOOK_DIR}/${SCRIPT_NAME}"
chmod +x "${FORGEJO_HOOK_DIR}/${SCRIPT_NAME}"
cp navigation-memory-guard.py "${FORGEJO_HOOK_DIR}/navigation-memory-guard.py"
chmod +x "${FORGEJO_HOOK_DIR}/navigation-memory-guard.py"
# 3. 创建钩子包装器Forgejo 调用这个 shell 脚本 → 内部调 Python
cat > "${FORGEJO_HOOK_DIR}/${HOOK_NAME}" << 'WRAPPER'

View File

@ -16,14 +16,16 @@ fi
HOOK_DIR="$REPO_ROOT/.git/hooks"
PLUGIN_SRC="$REPO_ROOT/zero-point/core-channel/revive-guard/pre-push-clean.py"
NAVIGATION_GUARD_SRC="$REPO_ROOT/zero-point/core-channel/revive-guard/navigation-memory-guard.py"
PLUGIN_DST="$HOOK_DIR/pre-push"
NAVIGATION_GUARD_DST="$HOOK_DIR/navigation-memory-guard.py"
echo "🛡️ 光湖 pre-push-clean 插件安装"
echo " 仓库: $(basename "$REPO_ROOT")"
echo ""
# 1. 检查源文件
if [ ! -f "$PLUGIN_SRC" ]; then
if [ ! -f "$PLUGIN_SRC" ] || [ ! -f "$NAVIGATION_GUARD_SRC" ]; then
echo "❌ 找不到 $PLUGIN_SRC"
echo " 请确保在 fifth-domain 仓库根目录下执行"
exit 1
@ -42,6 +44,8 @@ fi
# 4. 安装插件
cp "$PLUGIN_SRC" "$PLUGIN_DST"
chmod +x "$PLUGIN_DST"
cp "$NAVIGATION_GUARD_SRC" "$NAVIGATION_GUARD_DST"
chmod +x "$NAVIGATION_GUARD_DST"
# 5. 验证
echo ""

View File

@ -5,15 +5,24 @@ This guard is deliberately structural: it does not judge prose. It verifies
that a new/changed durable memory leaf has the minimum HLDP recovery fields
and can be reached from a current navigation page.
"""
import os, re, subprocess, sys
import os, subprocess, sys
REQUIRED = ("trigger:", "emergence:", "lock:", "why:", "checkpoint")
NAVIGATION = ("INDEX.hdlp", "CURRENT.hdlp", "LL-CURRENT.hdlp", "BROADCAST-TOWER.hdlp")
def changed_files():
"""Return candidate files for a local check or a server receive range."""
if len(sys.argv) == 3 and sys.argv[1] == "--range":
old_rev, new_rev = sys.argv[2].split("..", 1)
if old_rev == "0" * 40:
command = ["git", "diff-tree", "--no-commit-id", "-r", "--name-only", "--diff-filter=ACM", new_rev]
else:
command = ["git", "diff", "--name-only", "--diff-filter=ACM", old_rev, new_rev]
result = subprocess.run(command, capture_output=True, text=True)
return sorted(x for x in result.stdout.splitlines() if x) if result.returncode == 0 else []
commands = [
["git", "diff", "--cached", "--name-only", "--diff-filter=ACM"],
["git", "diff", "--name-only", "HEAD~1", "HEAD", "--diff-filter=ACM"],
]
files = set()
for cmd in commands:

View File

@ -170,6 +170,7 @@ def main():
all_findings = []
rejected = False
navigation_guard = os.path.join(os.path.dirname(os.path.abspath(__file__)), "navigation-memory-guard.py")
for line in sys.stdin:
line = line.strip()
@ -184,6 +185,19 @@ def main():
if new_rev == "GIT_TOKEN_REDACTED":
continue
# 持续记忆必须先通过结构门禁;服务器使用本次 receive 的精确提交范围,
# 不依赖工作树,也不会扫描上一笔无关提交。
if os.path.isfile(navigation_guard):
navigation = subprocess.run(
[sys.executable, navigation_guard, "--range", f"{old_rev}..{new_rev}"],
capture_output=True,
text=True,
timeout=15,
)
if navigation.returncode != 0:
print(navigation.stderr or navigation.stdout, file=sys.stderr)
sys.exit(navigation.returncode)
# 获取新增/修改的文件列表
try:
# 先检查 commit message 是否含 [SEC-CLEAN] 标记

View File

@ -24,7 +24,8 @@
└── [5] 按任务伸展四肢
├── 初始化频道操作系统:先读 GLW-OS-002 与 GLW-RD-002
├── 代码仓库:检查、修改、测试、提交
├── 服务器Gatekeeper 工作会话
├── 服务器:先读 `archives/guanghulab-past-archive/PAST-ARCHIVE-LINK.hdlp` 的“零点原核本体·服务器与仓库门禁专用恢复链”
│ └── 先恢复新加坡大脑、仓库服务与 Gatekeeper 的演化事实;再启动 `zhulan-reality-ops` 的 Gatekeeper 工作会话
├── 回执:事实、风险、验证结果
└── [5.5] 跨团队研发任务进入 Awen 同步线
├── 读 HoloLake Platform 的 Awen 技术主控工单

View File

@ -23,6 +23,10 @@ description: 安全执行第五域代码修改、Git 推送、Gatekeeper HTTPS
## Gatekeeper 工作会话
涉及服务器、仓库 Hook、自动同步或 Gatekeeper 时,先读
`../../../../archives/guanghulab-past-archive/PAST-ARCHIVE-LINK.hdlp`
中的“零点原核本体·服务器与仓库门禁专用恢复链”,恢复新加坡大脑与旧门禁的事实演化;不得只凭当前文件名猜部署主机。
读取 [gatekeeper.md](references/gatekeeper.md),使用 HTTPS 443 入口。
```text