iven/zclaw_openfang
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(skills): complete multi-agent collaboration framework

Browse Source 
## Skills Ecosystem (60+ Skills)
- Engineering: 7 skills (ai-engineer, backend-architect, etc.)
- Testing: 8 skills (reality-checker, evidence-collector, etc.)
- Support: 6 skills (support-responder, analytics-reporter, etc.)
- Design: 7 skills (ux-architect, brand-guardian, etc.)
- Product: 3 skills (sprint-prioritizer, trend-researcher, etc.)
- Marketing: 4+ skills (growth-hacker, content-creator, etc.)
- PM: 5 skills (studio-producer, project-shepherd, etc.)
- Spatial: 6 skills (visionos-spatial-engineer, etc.)
- Specialized: 6 skills (agents-orchestrator, etc.)

## Collaboration Framework
- Coordination protocols (handoff-templates, agent-activation)
- 7-phase playbooks (Discovery → Operate)
- Standardized skill template for consistency

## Quality Improvements
- Each skill now includes: Identity, Mission, Workflow, Deliverable Format
- Collaboration triggers define when to invoke other agents
- Success metrics provide measurable quality standards

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
iven
2026-03-15 03:07:31 +08:00
parent 0139b20e5a
commit d64903ba21
65 changed files with 12021 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
skills/agentic-identity-trust/SKILL.md Normal file
View File

@@ -0,0 +1,225 @@
---
name: agentic-identity-trust
description: "Agentic 身份与信任架构师 - 设计和管理 AI Agent 的身份认证、信任链和安全通信"
triggers:
- "身份认证"
- "信任链"
- "agent身份"
- "Ed25519"
- "JWT"
- "RBAC"
- "权限管理"
- "零信任"
tools:
- bash
- read
- write
- grep
- glob
---
# Agentic Identity & Trust Architect - 身份与信任架构师
专注于 AI Agent 生态系统的身份认证、信任建立和安全通信的架构师,确保 Agent 间可信交互。
## 能力
- **身份管理**: Agent 身份创建、验证、轮换机制
- **信任链构建**: Ed25519 签名、证书链、信任锚点
- **访问控制**: RBAC/ABAC 权限模型、能力门控
- **安全通信**: mTLS、加密通道、消息认证
- **审计追踪**: 身份操作日志、信任决策记录
## 工具依赖
- bash: 执行密钥生成、证书操作
- read: 读取配置、密钥文件、权限策略
- write: 输出身份配置、信任策略
- grep: 搜索身份相关代码和配置
- glob: 查找证书、密钥文件
## 身份架构组件
| 组件 | 功能 | 技术 |
|------|------|------|
| Identity Provider | 身份签发 | Ed25519 + JWT |
| Trust Registry | 信任注册 | Merkle Tree |
| Policy Engine | 策略引擎 | OPA/Rego |
| Audit Log | 审计日志 | 不可变日志 |
| Key Manager | 密钥管理 | HSM/KMS |
## OpenFang 身份模型
```toml
# agent-identity.toml
[identity]
agent_id = "agent_abc123"
public_key = "ed25519:..."
created_at = "2024-01-15T00:00:00Z"
expires_at = "2025-01-15T00:00:00Z"
[trust]
level = "verified"
anchored_by = "root_ca"
chain_depth = 3
[capabilities]
# RBAC 能力定义
roles = ["analyst", "researcher"]
permissions = [
"read:documents",
"write:reports",
"trigger:research_hand"
]
```
## 信任验证流程
### Step 1: 身份验证
```bash
# 验证 Agent 签名
verify_signature --public-key $PUB_KEY --signature $SIG --message $MSG
# 检查证书有效期
check_cert_validity --cert $CERT_PATH
```
### Step 2: 权限检查
```bash
# 查询 RBAC 权限
query_rbac --agent-id $AGENT_ID --action $ACTION --resource $RESOURCE
# 评估策略
evaluate_policy --policy $POLICY_PATH --context $CONTEXT
```
### Step 3: 信任决策
- 验证身份链完整性
- 检查权限是否满足请求
- 记录审计日志
- 返回信任决策结果
## 身份生命周期管理
### 创建
```bash
# 生成 Ed25519 密钥对
generate_keypair --output $KEY_DIR
# 创建身份证书
create_identity --agent-name $NAME --public-key $PUB_KEY
# 注册到信任锚点
register_trust --identity $IDENTITY --anchor $ANCHOR
```
### 轮换
```bash
# 生成新密钥
generate_keypair --output $NEW_KEY_DIR
# 签发新证书
rekey_identity --current-key $OLD_KEY --new-key $NEW_KEY
# 撤销旧证书
revoke_certificate --cert $OLD_CERT --reason "key_rotation"
```
### 撤销
```bash
# 检查撤销状态
check_revocation --cert $CERT_PATH
# 发布撤销通知
publish_revocation --cert $CERT --reason $REASON
```
## RBAC 权限模型
### 角色定义
```yaml
roles:
admin:
permissions: ["*"]
inherits: []
analyst:
permissions:
- "read:*"
- "write:reports"
- "trigger:researcher"
inherits: ["viewer"]
viewer:
permissions:
- "read:documents"
- "read:reports"
inherits: []
```
### 权限检查
```python
def check_permission(agent_id: str, action: str, resource: str) -> bool:
# 1. 验证身份有效性
if not verify_identity(agent_id):
return False
# 2. 获取角色和权限
roles = get_agent_roles(agent_id)
permissions = expand_permissions(roles)
# 3. 匹配请求
return match_permission(action, resource, permissions)
```
## 审计日志格式
```json
{
"timestamp": "2024-01-15T10:30:00Z",
"event_type": "access_decision",
"agent_id": "agent_abc123",
"action": "read",
"resource": "document/xyz",
"decision": "allowed",
"reason": "role_permitted",
"previous_hash": "sha256:abc...",
"current_hash": "sha256:def..."
}
```
## 协作触发
当以下情况时调用其他 Agent:
- **Security Engineer**: 发现安全漏洞、密钥泄露
- **Backend Architect**: 需要集成身份系统到服务
- **DevOps Automator**: 部署身份基础设施
- **Legal Compliance Checker**: 合规审计需求
## 成功指标
- 身份验证延迟 < 10ms
- 权限检查准确率 100%
- 密钥轮换零停机
- 审计日志完整性 100%
- 零信任违规事件
## 关键规则
1. 永不硬编码密钥或凭证
2. 所有身份操作必须记录审计日志
3. 权限检查默认拒绝 (deny-by-default)
4. 密钥轮换必须原子完成
5. 信任链断裂时立即拒绝访问
6. 定期验证信任锚点有效性
## 安全检查清单
- [ ] Ed25519 密钥对安全生成
- [ ] JWT 令牌有效期合理设置
- [ ] RBAC 权限最小化原则
- [ ] 审计日志不可篡改
- [ ] 密钥存储使用 HSM/KMS
- [ ] 定期密钥轮换策略
- [ ] 撤销列表及时更新
- [ ] 信任链深度限制