ephron_ren/agent-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Hermes Agent
2026-05-10 13:52:46 +08:00
commit ccc63d1e70
4583 changed files with 584341 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
devops/gitea-code-sync/references/gitea-api.md Normal file
View File

@@ -0,0 +1,170 @@
# Gitea API 参考
## 认证
```bash
# 从 ~/.netrc 获取 token
TOKEN=$(grep gitea.ephron.ren -A1 ~/.netrc | grep password | awk '{print $2}')
# 方式1: Basic auth (token as password) — 推荐
-u "token:$TOKEN"
# 方式2: Token header
-H "Authorization: token $TOKEN"
```
## 仓库操作
### 搜索仓库
```bash
GET /api/v1/repos/search?limit=10&sort=updated
```
### 获取仓库信息
```bash
GET /api/v1/repos/{owner}/{repo}
```
### 创建仓库
```bash
POST /api/v1/user/repos
{
"name": "repo_name",
"description": "描述",
"private": false,
"auto_init": true,
"default_branch": "main"
}
```
### 修改仓库设置
```bash
PATCH /api/v1/repos/{owner}/{repo}
{
"private": true, # 修改可见性
"description": "新描述", # 修改描述
"default_branch": "main" # 修改默认分支
}
```
### 删除仓库
```bash
DELETE /api/v1/repos/{owner}/{repo}
```
## 协作者管理
### 获取协作者列表
```bash
GET /api/v1/repos/{owner}/{repo}/collaborators
```
### 添加协作者
```bash
PUT /api/v1/repos/{owner}/{repo}/collaborators/{username}
{
"permission": "write" # read, write, admin
}
```
### 删除协作者
```bash
DELETE /api/v1/repos/{owner}/{repo}/collaborators/{username}
```
### 修改协作者权限
```bash
PATCH /api/v1/repos/{owner}/{repo}/collaborators/{username}
{
"permission": "admin"
}
```
## 分支操作
### 获取分支列表
```bash
GET /api/v1/repos/{owner}/{repo}/branches
```
### 创建分支
```bash
POST /api/v1/repos/{owner}/{repo}/branches
{
"new_branch_name": "feature-branch",
"old_branch_name": "main"
}
```
## 文件操作
### 获取文件内容
```bash
GET /api/v1/repos/{owner}/{repo}/contents/{filepath}
```
### 创建/更新文件
```bash
POST /api/v1/repos/{owner}/{repo}/contents/{filepath}
{
"message": "commit message",
"content": "base64_encoded_content",
"branch": "main"
}
```
### 删除文件
```bash
DELETE /api/v1/repos/{owner}/{repo}/contents/{filepath}
{
"message": "delete message",
"sha": "file_sha"
}
```
## Release 操作
### 获取 Release 列表
```bash
GET /api/v1/repos/{owner}/{repo}/releases
```
### 创建 Release
```bash
POST /api/v1/repos/{owner}/{repo}/releases
{
"tag_name": "v1.0.0",
"name": "Release 1.0.0",
"body": "Release notes",
"draft": false,
"prerelease": false
}
```
## 常用查询参数
| 参数 | 说明 | 示例 |
|------|------|------|
| limit | 返回数量 | `?limit=10` |
| page | 分页 | `?page=2` |
| sort | 排序字段 | `?sort=updated` |
| order | 排序方向 | `?order=desc` |
| q | 搜索关键词 | `?q=keyword` |
## 响应格式
成功响应通常返回 JSON 对象或数组。错误响应:
```json
{
"message": "error description",
"url": "https://gitea.ephron.ren/api/swagger"
}
```
## Token 权限
- **read**: 只读访问
- **write**: 读写访问
- **admin**: 完全管理权限
## 当前环境
- **平台**: https://gitea.ephron.ren
- **Agent 用户**: Elaina (token in ~/.netrc)
- **主用户**: ephron_ren

62
devops/gitea-code-sync/references/redaction-patterns.md Normal file
View File

@@ -0,0 +1,62 @@
# 敏感信息脱敏模式参考
## 常见密钥格式
| 格式 | 示例 | 匹配正则 |
|------|------|----------|
| MiniMax token | `tp-spf...2tid` | `tp-[a-zA-Z0-9]{20,}` |
| MiniMax API key | `sk-cp-...faRA` | `sk-cp-[a-zA-Z0-9]+` |
| QQ client secret | `bq6New...vQvR` | `bq6New[A-Za-z0-9]+` |
| WeChat openid | `o9cq801H7rXH9zNHTu-xaa29Hbuk@im.wechat` | `o9cq[a-zA-Z0-9@.-]+` |
| WeChat token | `2fc2d0...8d1b` | `2fc2d0[A-Za-z0-9]+` |
| Generic hex (30+) | various | `[a-f0-9]{30,}` |
## .env 脱敏易错点
注释行中的示例也可能匹配(如 `# KIMI_BASE_URL=https://api.kimi.com/coding/v1` 包含 `api.kimi.com` 不是密钥,但 `# OPENROUTER_API_KEY=sk-or-...` 包含完整格式密钥)。
```bash
# 验证 .env 非注释行无泄露
grep -v "^#" .env | grep -E "tp-[a-zA-Z0-9]{20,}|sk-[a-zA-Z0-9]{20,}|bq6New[A-Za-z0-9]+|[a-f0-9]{30,}|o9cq" && echo "有泄露" || echo "干净"
```
## auth.json 脱敏易错点
直接用 regex 替换会漏掉嵌套结构,且容易弄坏 JSON 格式(如尾部多出 `"`)。必须用 Python `json` 模块:
```python
import json
with open('auth.json', 'r') as f:
auth = json.load(f)
for provider, creds in auth['credential_pool'].items():
for c in creds:
c['access_token'] = '***'
with open('auth.json', 'w') as f:
json.dump(auth, f, indent=2, ensure_ascii=False)
# 验证是合法 JSON
with open('auth.json', 'r') as f:
json.load(f) # 能解析则格式正确
```
## 必须覆盖的敏感字段清单
### .env
- `XIAOMI_API_KEY`
- `MINIMAX_CODING_API_KEY`
- `QQ_CLIENT_SECRET`
- `WEIXIN_TOKEN`
- `WEIXIN_ACCOUNT_ID`
- `WEIXIN_ALLOWED_USERS`(含用户 openid
- `WEIXIN_HOME_CHANNEL`
- `QQ_APP_ID`(应用标识,非密钥但建议检查)
### auth.json
- `credential_pool.{provider}[].access_token`
### 其他可能遗漏的渠道配置
- 微信 `channel_directory.json` 中的用户 ID
- `gateway_state.json` 中的进程信息(一般不敏感)

77
devops/gitea-code-sync/references/repo-inventory.md Normal file
View File

@@ -0,0 +1,77 @@
# Gitea 仓库盘点与枚举
## 枚举当前用户仓库(含私有)
```bash
TOKEN=$(grep -A1 'gitea.ephron.ren' ~/.netrc | grep password | awk '{print $2}')
curl -s -H "Authorization: token $TOKEN" \
"https://gitea.ephron.ren/api/v1/user/repos?limit=100&sort=updated" \
| jq '[.[] | {name: .full_name, private: .private, desc: (.description // ""), updated: .updated_at[:10]}]'
```
⚠️ **注意**: `/api/v1/repos/search` 默认不返回私有仓库。盘点仓库必须用 `/api/v1/user/repos`(当前用户)或 `/api/v1/users/{username}/repos`(指定用户)。
## 枚举指定用户仓库
```bash
TOKEN=b81f373d474b6adcb31b1b86e310bb5db29b1d8c
curl -s -H "Authorization: token $TOKEN" \
"https://gitea.ephron.ren/api/v1/users/{username}/repos?limit=100" \
| jq '[.[] | {name: .full_name, private: .private, desc: (.description // ""), updated: .updated_at[:10]}]'
```
已知用户账号:
- `Elaina` — agent 管理账号hermes-core, files, ephron-ren-qa
- `ephron_ren` — 用户主账号ephron.ren, model_evaluation, QQbot, LocalAgent
## 完整盘点命令(一次遍历所有账号)
```bash
TOKEN=b81f373d474b6adcb31b1b86e310bb5db29b1d8c
for user in Elaina ephron_ren; do
echo "=== $user ==="
curl -s -H "Authorization: token $TOKEN" \
"https://gitea.ephron.ren/api/v1/users/$user/repos?limit=100" \
| jq -r '.[] | "\(.full_name) | \(.private | if . then "🔒私有" else "🌐公开" end) | \(.description // "-") | \(.updated_at[:10])"'
done
```
## jq 常见陷阱
### ❌ 复杂字符串插值在 bash 中容易出错
```bash
# 这个在 bash 中会因为引号嵌套失败:
jq '.data[] | "\(.full_name) | \(.private ? "私有" : "公开")"'
```
### ✅ 正确做法:用对象提取 + 外部格式化
```bash
jq '[.[] | {name: .full_name, private: .private, desc: (.description // ""), updated: .updated_at[:10]}]'
```
或者用 `-r` + 简单插值:
```bash
jq -r '.[] | "\(.full_name) | \(.private) | \(.updated_at[:10])"'
```
## 组织仓库注意事项
- `GET /api/v1/orgs/{org}/repos` 如果组织不存在会返回 404 错误
- Gitea 中用户名和组织名可能不同,如果 API 报 `user redirect does not exist` 说明该组织不存在或已被删除
- 已知组织: `OpenClaw`曾存在2026-05 查询已不存在)
## .netrc Token 解析坑
### 常见问题
```bash
# ❌ 如果 ~/.netrc 格式异常grep -A1 可能取到错误行
TOKEN=$(grep -A1 'gitea.ephron.ren' ~/.netrc | grep password | awk '{print $2}')
# ✅ 更可靠:直接硬编码或用更精确的匹配
TOKEN=$(awk '/gitea.ephron.ren/{found=1} found && /password/{print $2; exit}' ~/.netrc)
```
### Token 格式
- Gitea API token 是一个长 hex 字符串(如 `b81f373d474b6adcb31b1b86e310bb5db29b1d8c`
- login 和 password 字段存储相同的 token 值
- 两种认证方式都可以: `-u "token:$TOKEN"``-H "Authorization: token $TOKEN"`