重构：核心迁移至 oss/core + NBPF 多重签名加密 + NIR 编译器 + README 全面升级

- 核心功能从 store/ 迁移至 oss/core/ 框架层 - 实现 NBPF 包格式：多重签名（Ed25519+RSA-PSS+HMAC）+ 多重加密（AES-256-GCM） - 实现 NIR 编译器：基于 compile()+marshal 的跨平台中间表示 - 新增 nebula nbpf CLI 命令组（pack/unpack/verify/sign/keygen） - 新增 19 个 NBPF 测试用例，覆盖全链路 - 彻底重写 README，大型项目标准框架风格，所有图表使用 SVG - 更新 LICENSE 版权声明 - 清理旧版 store 插件目录（已迁移至 oss/core）
2026-05-05 07:29:43 +08:00
parent 4441a968db
commit 3a096f59a9
184 changed files with 5715 additions and 10066 deletions
--- a/docs/security-flow.svg
+++ b/docs/security-flow.svg
@@ -0,0 +1,83 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 700 200" font-family="'SF Mono','JetBrains Mono','Fira Code',monospace">
+  <defs>
+    <linearGradient id="bg" x1="0" y1="0" x2="0" y2="1">
+      <stop offset="0%" stop-color="#0f0f1a"/>
+      <stop offset="100%" stop-color="#1a1a2e"/>
+    </linearGradient>
+    <linearGradient id="pack" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#ef4444"/>
+      <stop offset="100%" stop-color="#dc2626"/>
+    </linearGradient>
+    <linearGradient id="load" x1="0" y1="0" x2="1" y2="1">
+      <stop offset="0%" stop-color="#22c55e"/>
+      <stop offset="100%" stop-color="#16a34a"/>
+    </linearGradient>
+    <filter id="shadow">
+      <feDropShadow dx="0" dy="2" stdDeviation="3" flood-color="#000" flood-opacity="0.3"/>
+    </filter>
+    <marker id="arrow-r" viewBox="0 0 10 10" refX="9" refY="5" markerWidth="6" markerHeight="6" orient="auto">
+      <path d="M 0 0 L 10 5 L 0 10 z" fill="#ef4444"/>
+    </marker>
+    <marker id="arrow-g" viewBox="0 0 10 10" refX="9" refY="5" markerWidth="6" markerHeight="6" orient="auto">
+      <path d="M 0 0 L 10 5 L 0 10 z" fill="#22c55e"/>
+    </marker>
+  </defs>
+  <rect width="700" height="200" fill="url(#bg)" rx="10"/>
+
+  <text x="350" y="28" text-anchor="middle" fill="#a5b4fc" font-size="11" font-weight="bold" letter-spacing="3">NBPF 安全流程</text>
+
+  <!-- 打包流程 -->
+  <text x="175" y="52" text-anchor="middle" fill="#fca5a5" font-size="10" font-weight="bold">打包流程</text>
+
+  <rect x="30" y="65" width="100" height="28" rx="4" fill="url(#pack)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="80" y="83" text-anchor="middle" fill="#fff" font-size="9">源码</text>
+
+  <line x1="130" y1="79" x2="150" y2="79" stroke="#ef4444" stroke-width="1.5" marker-end="url(#arrow-r)"/>
+
+  <rect x="155" y="65" width="100" height="28" rx="4" fill="url(#pack)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="205" y="83" text-anchor="middle" fill="#fff" font-size="9">NIR 编译</text>
+
+  <line x1="255" y1="79" x2="275" y2="79" stroke="#ef4444" stroke-width="1.5" marker-end="url(#arrow-r)"/>
+
+  <rect x="280" y="65" width="120" height="28" rx="4" fill="url(#pack)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="340" y="83" text-anchor="middle" fill="#fff" font-size="9">双层加密</text>
+
+  <line x1="400" y1="79" x2="420" y2="79" stroke="#ef4444" stroke-width="1.5" marker-end="url(#arrow-r)"/>
+
+  <rect x="425" y="65" width="130" height="28" rx="4" fill="url(#pack)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="490" y="83" text-anchor="middle" fill="#fff" font-size="9">三层签名</text>
+
+  <line x1="555" y1="79" x2="575" y2="79" stroke="#ef4444" stroke-width="1.5" marker-end="url(#arrow-r)"/>
+
+  <rect x="580" y="65" width="90" height="28" rx="4" fill="url(#pack)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="625" y="83" text-anchor="middle" fill="#fff" font-size="9">.nbpf</text>
+
+  <!-- 分隔线 -->
+  <line x1="50" y1="108" x2="650" y2="108" stroke="#4b5563" stroke-width="0.5" stroke-dasharray="4,3"/>
+
+  <!-- 加载流程 -->
+  <text x="175" y="128" text-anchor="middle" fill="#86efac" font-size="10" font-weight="bold">加载流程</text>
+
+  <rect x="30" y="140" width="90" height="28" rx="4" fill="url(#load)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="75" y="158" text-anchor="middle" fill="#fff" font-size="9">.nbpf</text>
+
+  <line x1="120" y1="154" x2="140" y2="154" stroke="#22c55e" stroke-width="1.5" marker-end="url(#arrow-g)"/>
+
+  <rect x="145" y="140" width="130" height="28" rx="4" fill="url(#load)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="210" y="158" text-anchor="middle" fill="#fff" font-size="9">签名验证链</text>
+
+  <line x1="275" y1="154" x2="295" y2="154" stroke="#22c55e" stroke-width="1.5" marker-end="url(#arrow-g)"/>
+
+  <rect x="300" y="140" width="130" height="28" rx="4" fill="url(#load)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="365" y="158" text-anchor="middle" fill="#fff" font-size="9">密钥解密</text>
+
+  <line x1="430" y1="154" x2="450" y2="154" stroke="#22c55e" stroke-width="1.5" marker-end="url(#arrow-g)"/>
+
+  <rect x="455" y="140" width="100" height="28" rx="4" fill="url(#load)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="505" y="158" text-anchor="middle" fill="#fff" font-size="9">AES 解密</text>
+
+  <line x1="555" y1="154" x2="575" y2="154" stroke="#22c55e" stroke-width="1.5" marker-end="url(#arrow-g)"/>
+
+  <rect x="580" y="140" width="90" height="28" rx="4" fill="url(#load)" opacity="0.8" filter="url(#shadow)"/>
+  <text x="625" y="158" text-anchor="middle" fill="#fff" font-size="9">加载运行</text>
+</svg>