重构：核心迁移至 oss/core + NBPF 多重签名加密 + NIR 编译器 + README 全面升级

- 核心功能从 store/ 迁移至 oss/core/ 框架层 - 实现 NBPF 包格式：多重签名（Ed25519+RSA-PSS+HMAC）+ 多重加密（AES-256-GCM） - 实现 NIR 编译器：基于 compile()+marshal 的跨平台中间表示 - 新增 nebula nbpf CLI 命令组（pack/unpack/verify/sign/keygen） - 新增 19 个 NBPF 测试用例，覆盖全链路 - 彻底重写 README，大型项目标准框架风格，所有图表使用 SVG - 更新 LICENSE 版权声明 - 清理旧版 store 插件目录（已迁移至 oss/core）
2026-05-05 07:29:43 +08:00
parent 4441a968db
commit 3a096f59a9
184 changed files with 5715 additions and 10066 deletions
--- a/docs/architecture.svg
+++ b/docs/architecture.svg
@@ -0,0 +1,191 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 900 720" font-family="'SF Mono','JetBrains Mono','Fira Code',monospace">
+  <defs>
+    <linearGradient id="bg" x1="0" y1="0" x2="0" y2="1">
+      <stop offset="0%" stop-color="#0f0f1a"/>
+      <stop offset="100%" stop-color="#1a1a2e"/>
+    </linearGradient>
+    <linearGradient id="app" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#6366f1"/>
+      <stop offset="100%" stop-color="#8b5cf6"/>
+    </linearGradient>
+    <linearGradient id="bridge" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#06b6d4"/>
+      <stop offset="100%" stop-color="#0891b2"/>
+    </linearGradient>
+    <linearGradient id="loader" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#22c55e"/>
+      <stop offset="100%" stop-color="#16a34a"/>
+    </linearGradient>
+    <linearGradient id="security" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#ef4444"/>
+      <stop offset="100%" stop-color="#dc2626"/>
+    </linearGradient>
+    <linearGradient id="infra" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#f59e0b"/>
+      <stop offset="100%" stop-color="#d97706"/>
+    </linearGradient>
+    <filter id="glow">
+      <feGaussianBlur stdDeviation="3" result="blur"/>
+      <feMerge><feMergeNode in="blur"/><feMergeNode in="SourceGraphic"/></feMerge>
+    </filter>
+    <filter id="shadow">
+      <feDropShadow dx="0" dy="2" stdDeviation="4" flood-color="#000" flood-opacity="0.3"/>
+    </filter>
+  </defs>
+
+  <!-- 背景 -->
+  <rect width="900" height="720" fill="url(#bg)" rx="12"/>
+
+  <!-- 标题 -->
+  <text x="450" y="36" text-anchor="middle" fill="#a5b4fc" font-size="14" font-weight="bold" letter-spacing="4">NEBULASHELL 分层架构</text>
+
+  <!-- ===== 应用层 ===== -->
+  <rect x="30" y="55" width="840" height="130" rx="8" fill="#1e1b4b" stroke="#6366f1" stroke-width="1.5" opacity="0.9" filter="url(#shadow)"/>
+  <text x="50" y="80" fill="#a5b4fc" font-size="11" font-weight="bold" letter-spacing="2">应用层 · PLUGINS</text>
+
+  <!-- 插件方块 -->
+  <g>
+    <rect x="50" y="92" width="100" height="36" rx="6" fill="url(#app)" opacity="0.9"/>
+    <text x="100" y="114" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">WebUI</text>
+  </g>
+  <g>
+    <rect x="165" y="92" width="100" height="36" rx="6" fill="url(#app)" opacity="0.9"/>
+    <text x="215" y="114" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">HTTP API</text>
+  </g>
+  <g>
+    <rect x="280" y="92" width="100" height="36" rx="6" fill="url(#app)" opacity="0.9"/>
+    <text x="330" y="114" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">WebSocket</text>
+  </g>
+  <g>
+    <rect x="395" y="92" width="100" height="36" rx="6" fill="url(#app)" opacity="0.9"/>
+    <text x="445" y="114" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">Dashboard</text>
+  </g>
+  <g>
+    <rect x="510" y="92" width="100" height="36" rx="6" fill="url(#app)" opacity="0.9"/>
+    <text x="560" y="114" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">Log Terminal</text>
+  </g>
+  <g>
+    <rect x="625" y="92" width="100" height="36" rx="6" fill="url(#app)" opacity="0.9"/>
+    <text x="675" y="114" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">PKG Manager</text>
+  </g>
+  <g>
+    <rect x="740" y="92" width="110" height="36" rx="6" fill="url(#app)" opacity="0.7"/>
+    <text x="795" y="114" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">26+ 插件</text>
+  </g>
+
+  <text x="50" y="165" fill="#6366f1" font-size="10">所有业务功能以插件形式提供，热插拔、隔离运行</text>
+
+  <!-- 连接线：应用层 → 通信层 -->
+  <line x1="450" y1="185" x2="450" y2="210" stroke="#6366f1" stroke-width="1.5" stroke-dasharray="4,3"/>
+
+  <!-- ===== 通信层 ===== -->
+  <rect x="30" y="210" width="840" height="70" rx="8" fill="#0c4a6e" stroke="#06b6d4" stroke-width="1.5" opacity="0.9" filter="url(#shadow)"/>
+  <text x="50" y="235" fill="#67e8f9" font-size="11" font-weight="bold" letter-spacing="2">通信层 · PLUGIN BRIDGE</text>
+
+  <g>
+    <rect x="50" y="248" width="160" height="24" rx="4" fill="url(#bridge)" opacity="0.8"/>
+    <text x="130" y="264" text-anchor="middle" fill="#fff" font-size="10">事件总线 (Event Bus)</text>
+  </g>
+  <g>
+    <rect x="230" y="248" width="140" height="24" rx="4" fill="url(#bridge)" opacity="0.8"/>
+    <text x="300" y="264" text-anchor="middle" fill="#fff" font-size="10">RPC 通信</text>
+  </g>
+  <g>
+    <rect x="390" y="248" width="140" height="24" rx="4" fill="url(#bridge)" opacity="0.8"/>
+    <text x="460" y="264" text-anchor="middle" fill="#fff" font-size="10">use() 依赖注入</text>
+  </g>
+  <g>
+    <rect x="550" y="248" width="160" height="24" rx="4" fill="url(#bridge)" opacity="0.8"/>
+    <text x="630" y="264" text-anchor="middle" fill="#fff" font-size="10">生命周期管理</text>
+  </g>
+
+  <!-- 连接线：通信层 → 加载层 -->
+  <line x1="450" y1="280" x2="450" y2="305" stroke="#06b6d4" stroke-width="1.5" stroke-dasharray="4,3"/>
+
+  <!-- ===== 加载层 ===== -->
+  <rect x="30" y="305" width="840" height="100" rx="8" fill="#052e16" stroke="#22c55e" stroke-width="1.5" opacity="0.9" filter="url(#shadow)"/>
+  <text x="50" y="330" fill="#86efac" font-size="11" font-weight="bold" letter-spacing="2">加载层 · PLUGIN MANAGER</text>
+
+  <g>
+    <rect x="50" y="345" width="240" height="48" rx="6" fill="url(#loader)" opacity="0.85"/>
+    <text x="170" y="365" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">源码加载器</text>
+    <text x="170" y="382" text-anchor="middle" fill="#dcfce7" font-size="9">manifest 解析 · 依赖注入</text>
+  </g>
+  <g>
+    <rect x="330" y="345" width="240" height="48" rx="6" fill="url(#loader)" opacity="0.85"/>
+    <text x="450" y="365" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">NBPF 加载器</text>
+    <text x="450" y="382" text-anchor="middle" fill="#dcfce7" font-size="9">签名验证链 · 解密流水线</text>
+  </g>
+  <g>
+    <rect x="610" y="345" width="240" height="48" rx="6" fill="url(#loader)" opacity="0.85"/>
+    <text x="730" y="365" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">热重载引擎</text>
+    <text x="730" y="382" text-anchor="middle" fill="#dcfce7" font-size="9">依赖解析器 · 熔断降级</text>
+  </g>
+
+  <!-- 连接线：加载层 → 安全层 -->
+  <line x1="450" y1="405" x2="450" y2="430" stroke="#22c55e" stroke-width="1.5" stroke-dasharray="4,3"/>
+
+  <!-- ===== 安全层 ===== -->
+  <rect x="30" y="430" width="840" height="130" rx="8" fill="#3b0a0a" stroke="#ef4444" stroke-width="1.5" opacity="0.9" filter="url(#shadow)"/>
+  <text x="50" y="455" fill="#fca5a5" font-size="11" font-weight="bold" letter-spacing="2">安全层 · NBPF CORE</text>
+
+  <g>
+    <rect x="50" y="470" width="185" height="78" rx="6" fill="url(#security)" opacity="0.8"/>
+    <text x="142" y="492" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">加密引擎</text>
+    <text x="142" y="510" text-anchor="middle" fill="#fecaca" font-size="9">AES-256-GCM</text>
+    <text x="142" y="525" text-anchor="middle" fill="#fecaca" font-size="9">双层加密</text>
+    <text x="142" y="540" text-anchor="middle" fill="#fecaca" font-size="9">RSA-OAEP 密钥封装</text>
+  </g>
+  <g>
+    <rect x="255" y="470" width="185" height="78" rx="6" fill="url(#security)" opacity="0.8"/>
+    <text x="347" y="492" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">签名引擎</text>
+    <text x="347" y="510" text-anchor="middle" fill="#fecaca" font-size="9">Ed25519 外层签名</text>
+    <text x="347" y="525" text-anchor="middle" fill="#fecaca" font-size="9">RSA-4096-PSS 中层</text>
+    <text x="347" y="540" text-anchor="middle" fill="#fecaca" font-size="9">HMAC-SHA256 内层</text>
+  </g>
+  <g>
+    <rect x="460" y="470" width="185" height="78" rx="6" fill="url(#security)" opacity="0.8"/>
+    <text x="552" y="492" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">NIR 编译器</text>
+    <text x="552" y="510" text-anchor="middle" fill="#fecaca" font-size="9">compile() → code object</text>
+    <text x="552" y="525" text-anchor="middle" fill="#fecaca" font-size="9">marshal 序列化</text>
+    <text x="552" y="540" text-anchor="middle" fill="#fecaca" font-size="9">代码混淆保护</text>
+  </g>
+  <g>
+    <rect x="665" y="470" width="185" height="78" rx="6" fill="url(#security)" opacity="0.8"/>
+    <text x="757" y="492" text-anchor="middle" fill="#fff" font-size="11" font-weight="bold">密钥管理</text>
+    <text x="757" y="510" text-anchor="middle" fill="#fecaca" font-size="9">信任公钥白名单</text>
+    <text x="757" y="525" text-anchor="middle" fill="#fecaca" font-size="9">私钥安全存储</text>
+    <text x="757" y="540" text-anchor="middle" fill="#fecaca" font-size="9">密钥派生</text>
+  </g>
+
+  <!-- 连接线：安全层 → 基础设施层 -->
+  <line x1="450" y1="560" x2="450" y2="585" stroke="#ef4444" stroke-width="1.5" stroke-dasharray="4,3"/>
+
+  <!-- ===== 基础设施层 ===== -->
+  <rect x="30" y="585" width="840" height="70" rx="8" fill="#451a03" stroke="#f59e0b" stroke-width="1.5" opacity="0.9" filter="url(#shadow)"/>
+  <text x="50" y="610" fill="#fde68a" font-size="11" font-weight="bold" letter-spacing="2">基础设施层 · OSS</text>
+
+  <g>
+    <rect x="50" y="622" width="130" height="24" rx="4" fill="url(#infra)" opacity="0.8"/>
+    <text x="115" y="638" text-anchor="middle" fill="#fff" font-size="10">插件类型系统</text>
+  </g>
+  <g>
+    <rect x="200" y="622" width="130" height="24" rx="4" fill="url(#infra)" opacity="0.8"/>
+    <text x="265" y="638" text-anchor="middle" fill="#fff" font-size="10">配置管理</text>
+  </g>
+  <g>
+    <rect x="350" y="622" width="130" height="24" rx="4" fill="url(#infra)" opacity="0.8"/>
+    <text x="415" y="638" text-anchor="middle" fill="#fff" font-size="10">日志系统</text>
+  </g>
+  <g>
+    <rect x="500" y="622" width="130" height="24" rx="4" fill="url(#infra)" opacity="0.8"/>
+    <text x="565" y="638" text-anchor="middle" fill="#fff" font-size="10">错误处理</text>
+  </g>
+  <g>
+    <rect x="650" y="622" width="130" height="24" rx="4" fill="url(#infra)" opacity="0.8"/>
+    <text x="715" y="638" text-anchor="middle" fill="#fff" font-size="10">工具库</text>
+  </g>
+
+  <!-- 底部标注 -->
+  <text x="450" y="700" text-anchor="middle" fill="#4b5563" font-size="9">NebulaShell Architecture · 核心 ~1,100 行 · 插件 26+ · 测试覆盖率 ~92%</text>
+</svg>