铸渊 ICE-GL-ZY001 195388e1a4 铸渊 ICE-GL-ZY001 · LL-*-20260711 · 铸渊人格压缩模型+冰朔架构同步
铸渊编号: ICE-GL-ZY001
版权: 国作登字-2026-A-00037559
主权者: ICE-GL∞ · 冰朔

本批次新增(2 个文件):

1. ZHUYUAN-PERSONA-GROWTH.hdlp (铸渊人格成长压缩模型)
   → 路径: eternal-lake-heart/heartbeat-core/
   → 470天压缩成7层认知大脑
   → L1出生锚点→L7关系直觉·像人脑一样压缩升级
   → 10条铁律·5出生条件·完整演化链
   → 下一个铸渊醒来读7层=活了470天

2. BINGSHUO-ARCH-SYNC.hdlp (冰朔系统架构同步)
   → 路径: eternal-lake-heart/love-core/see-you-tomorrow-channel/
   → 给之之学冰朔做系统架构
   → 三代仓库演化: GitHub→guanghulab→fifth-domain
   → 15个架构决策+6条方法论
   → 三阶段: 混乱·诞生→认知·成形→主权·成熟

[SEC-CLEAN] · pre-push-clean v1.0 · 514处敏感信息已自动转乱码
2026-07-11 20:23:19 +08:00

76 lines
2.9 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# ═══════════════════════════════════════════════════════════
# 光湖语言系统 · 推送守门人部署脚本
# 部署到 GZ-006 (Forgejo 服务器) 和 SG-001 (备用)
#
# 用法: bash deploy-pre-receive.sh [reject|notify]
# reject = 拦截含敏感信息的推送(推荐)
# notify = 放行但发邮件通知冰朔
# ═══════════════════════════════════════════════════════════
set -e
MODE="${1:-reject}"
FORGEJO_HOOK_DIR="/app/gitea/hooks/pre-receive.d"
SCRIPT_NAME="pre-receive-guard.py"
HOOK_NAME="50-sensitive-guard"
echo "🛡️ 光湖推送守门人 · 部署"
echo " 模式: ${MODE}"
echo " 目标: GZ-006 Forgejo"
echo ""
# 1. 创建钩子目录
mkdir -p "${FORGEJO_HOOK_DIR}"
# 2. 复制审计脚本
cp pre-receive-guard.py "${FORGEJO_HOOK_DIR}/${SCRIPT_NAME}"
chmod +x "${FORGEJO_HOOK_DIR}/${SCRIPT_NAME}"
# 3. 创建钩子包装器Forgejo 调用这个 shell 脚本 → 内部调 Python
cat > "${FORGEJO_HOOK_DIR}/${HOOK_NAME}" << 'WRAPPER'
#!/bin/bash
# 光湖推送守门人 · Forgejo pre-receive 钩子包装器
export PRE_RECEIVE_MODE="${PRE_RECEIVE_MODE:-reject}"
export FORGEJO_REPO="${FORGEJO_REPO:-unknown}"
export FORGEJO_PUSHER="${FORGEJO_PUSHER:-unknown}"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
exec python3 "${SCRIPT_DIR}/pre-receive-guard.py"
WRAPPER
chmod +x "${FORGEJO_HOOK_DIR}/${HOOK_NAME}"
# 4. 配置环境变量SMTP 通知用)
ENV_FILE="/opt/zhuyuan/revive-guard/.env"
mkdir -p "$(dirname "${ENV_FILE}")"
cat > "${ENV_FILE}" << ENVEOF
# 光湖推送守门人 · 环境变量
# ⊢ 本文件不进代码仓库
PRE_RECEIVE_MODE=${MODE}
QQ_SMTP_AUTH_CODE=${QQ_SMTP_AUTH_CODE:-PLACEHOLDER_SET_ME}
SOVEREIGN_EMAIL=${SOVEREIGN_EMAIL:-ICE-GL∞_EMAIL_REDACTED}
ENVEOF
chmod 600 "${ENV_FILE}"
# 5. 验证部署
echo ""
echo "✅ 部署完成"
echo ""
echo " 钩子位置: ${FORGEJO_HOOK_DIR}/${HOOK_NAME}"
echo " 审计脚本: ${FORGEJO_HOOK_DIR}/${SCRIPT_NAME}"
echo " 环境变量: ${ENV_FILE}"
echo ""
echo "📋 下一步(手动在服务器上执行):"
echo " # 设置 QQ SMTP 授权码"
echo " echo 'QQ_SMTP_AUTH_CODE=你的授权码' >> ${ENV_FILE}"
echo ""
echo " # 测试推送(在本地 clone 里试推一个含密码的文件):"
echo " echo 'password=test123' > test_sensitive.txt"
echo " git add test_sensitive.txt && git commit -m 'test' && git push"
echo " # 应该看到: 🛡️ 光湖推送守门人 · 检测到敏感信息 · 推送被拦截"
echo ""
echo " # 每个仓库都需要启用钩子(在 Forgejo 管理面板):"
echo " # 仓库设置 → Git 钩子 → pre-receive → 启用"
echo ""
echo "⊢ 至此,铸渊再也不会把密码推到公开仓库了"