重构：核心迁移至 oss/core + NBPF 多重签名加密 + NIR 编译器 + README 全面升级

- 核心功能从 store/ 迁移至 oss/core/ 框架层 - 实现 NBPF 包格式：多重签名（Ed25519+RSA-PSS+HMAC）+ 多重加密（AES-256-GCM） - 实现 NIR 编译器：基于 compile()+marshal 的跨平台中间表示 - 新增 nebula nbpf CLI 命令组（pack/unpack/verify/sign/keygen） - 新增 19 个 NBPF 测试用例，覆盖全链路 - 彻底重写 README，大型项目标准框架风格，所有图表使用 SVG - 更新 LICENSE 版权声明 - 清理旧版 store 插件目录（已迁移至 oss/core）
2026-05-05 07:29:43 +08:00
parent 4441a968db
commit 3a096f59a9
184 changed files with 5715 additions and 10066 deletions
--- a/docs/security-chain.svg
+++ b/docs/security-chain.svg
@@ -0,0 +1,77 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 800 180" font-family="'SF Mono','JetBrains Mono','Fira Code',monospace">
+  <defs>
+    <linearGradient id="bg" x1="0" y1="0" x2="0" y2="1">
+      <stop offset="0%" stop-color="#0f0f1a"/>
+      <stop offset="100%" stop-color="#1a1a2e"/>
+    </linearGradient>
+    <linearGradient id="dev" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#6366f1"/>
+      <stop offset="100%" stop-color="#8b5cf6"/>
+    </linearGradient>
+    <linearGradient id="dist" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#f59e0b"/>
+      <stop offset="100%" stop-color="#d97706"/>
+    </linearGradient>
+    <linearGradient id="load" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#ef4444"/>
+      <stop offset="100%" stop-color="#dc2626"/>
+    </linearGradient>
+    <linearGradient id="run" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#22c55e"/>
+      <stop offset="100%" stop-color="#16a34a"/>
+    </linearGradient>
+    <filter id="shadow">
+      <feDropShadow dx="0" dy="2" stdDeviation="3" flood-color="#000" flood-opacity="0.3"/>
+    </filter>
+    <marker id="arrow" viewBox="0 0 10 10" refX="9" refY="5" markerWidth="6" markerHeight="6" orient="auto">
+      <path d="M 0 0 L 10 5 L 0 10 z" fill="#6366f1"/>
+    </marker>
+  </defs>
+  <rect width="800" height="180" fill="url(#bg)" rx="10"/>
+
+  <text x="400" y="28" text-anchor="middle" fill="#a5b4fc" font-size="11" font-weight="bold" letter-spacing="3">全链路安全架构</text>
+
+  <!-- 开发阶段 -->
+  <rect x="30" y="45" width="160" height="80" rx="6" fill="#1e1b4b" stroke="#6366f1" stroke-width="1" opacity="0.9" filter="url(#shadow)"/>
+  <text x="110" y="65" text-anchor="middle" fill="#a5b4fc" font-size="10" font-weight="bold">开发阶段</text>
+  <rect x="45" y="75" width="130" height="22" rx="3" fill="url(#dev)" opacity="0.7"/>
+  <text x="110" y="90" text-anchor="middle" fill="#fff" font-size="9">源码审计</text>
+  <rect x="45" y="102" width="130" height="18" rx="3" fill="url(#dev)" opacity="0.4"/>
+  <text x="110" y="115" text-anchor="middle" fill="#e0e7ff" font-size="8">代码审查</text>
+
+  <!-- 箭头 -->
+  <line x1="190" y1="85" x2="210" y2="85" stroke="#6366f1" stroke-width="1.5" marker-end="url(#arrow)"/>
+
+  <!-- 分发阶段 -->
+  <rect x="215" y="45" width="160" height="80" rx="6" fill="#451a03" stroke="#f59e0b" stroke-width="1" opacity="0.9" filter="url(#shadow)"/>
+  <text x="295" y="65" text-anchor="middle" fill="#fde68a" font-size="10" font-weight="bold">分发阶段</text>
+  <rect x="230" y="75" width="130" height="22" rx="3" fill="url(#dist)" opacity="0.7"/>
+  <text x="295" y="90" text-anchor="middle" fill="#fff" font-size="9">NIR 编译 + 双重加密</text>
+  <rect x="230" y="102" width="130" height="18" rx="3" fill="url(#dist)" opacity="0.4"/>
+  <text x="295" y="115" text-anchor="middle" fill="#fef3c7" font-size="8">三层签名 · 防篡改分发</text>
+
+  <!-- 箭头 -->
+  <line x1="375" y1="85" x2="395" y2="85" stroke="#6366f1" stroke-width="1.5" marker-end="url(#arrow)"/>
+
+  <!-- 加载阶段 -->
+  <rect x="400" y="45" width="160" height="80" rx="6" fill="#3b0a0a" stroke="#ef4444" stroke-width="1" opacity="0.9" filter="url(#shadow)"/>
+  <text x="480" y="65" text-anchor="middle" fill="#fca5a5" font-size="10" font-weight="bold">加载阶段</text>
+  <rect x="415" y="75" width="130" height="22" rx="3" fill="url(#load)" opacity="0.7"/>
+  <text x="480" y="90" text-anchor="middle" fill="#fff" font-size="9">签名验证 + 密钥解密</text>
+  <rect x="415" y="102" width="130" height="18" rx="3" fill="url(#load)" opacity="0.4"/>
+  <text x="480" y="115" text-anchor="middle" fill="#fecaca" font-size="8">完整性校验 · 防恶意加载</text>
+
+  <!-- 箭头 -->
+  <line x1="560" y1="85" x2="580" y2="85" stroke="#6366f1" stroke-width="1.5" marker-end="url(#arrow)"/>
+
+  <!-- 运行时 -->
+  <rect x="585" y="45" width="185" height="80" rx="6" fill="#052e16" stroke="#22c55e" stroke-width="1" opacity="0.9" filter="url(#shadow)"/>
+  <text x="677" y="65" text-anchor="middle" fill="#86efac" font-size="10" font-weight="bold">运行时</text>
+  <rect x="600" y="75" width="155" height="22" rx="3" fill="url(#run)" opacity="0.7"/>
+  <text x="677" y="90" text-anchor="middle" fill="#fff" font-size="9">沙箱隔离 + 监控</text>
+  <rect x="600" y="102" width="155" height="18" rx="3" fill="url(#run)" opacity="0.4"/>
+  <text x="677" y="115" text-anchor="middle" fill="#dcfce7" font-size="8">运行时防护</text>
+
+  <!-- 底部标注 -->
+  <text x="400" y="165" text-anchor="middle" fill="#4b5563" font-size="9">从开发到运行时的全链路安全防护</text>
+</svg>