feat: 升级至 v2.1.0，引入官方机器人公共中枢模式并优化 README

LICENSE

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

README.md

@@ -1,44 +1,78 @@
-# 🛡️ IP-Sentinel (IP 哨兵)
+# 🛡️ IP-Sentinel (分布式 IP 哨兵集群)
 
-> **一个极度轻量、零感知的 VPS IP 自动化养护与区域纠偏引擎。**
+> **一个极度轻量、零感知、支持中枢遥控的 VPS IP 自动化养护与区域纠偏引擎。**
 
-专为解决 VPS IPv4 被 Google 等数据库错误定位到中国大陆/香港（俗称“送中”）等问题而生。IP-Sentinel 像影子一样潜伏在你的服务器后台，通过高度拟真的真实用户行为和动态养料注入，默默为你积累 IP 权重。
+📢 官方战术交流频道: 🛰️ [IP-Sentinel Matrix](https://t.me/IP_Sentinel_Matrix)
+
+专为解决 VPS IPv4 被 Google 等数据库错误定位到中国大陆/香港（俗称“送中”）等问题而生。IP-Sentinel 已从单机脚本全面跃升为 **Master-Agent 分布式架构**。它像影子一样潜伏在全球各地的服务器后台，通过高度拟真的真实用户行为为你默默积累 IP 权重，并允许你通过 Telegram 随时随地对整个舰队进行毫秒级“点名”与“遥控”。
 
 ## ✨ 核心极客特性
 
-* 🪶 **极致轻量 (Zero-Resource)**：主控引擎采用 `nice -n 19` 进程降权机制，只在 CPU 绝对空闲时运行，对小内存 VPS 上的建站或代理等主营业务**真正零影响**。
-* 👻 **防僵尸网络特征 (Cron Jitter)**：独创全局随机休眠调度机制（0~1小时内随机触发），彻底打散全球并发请求，完美避开 Google AI 对大规模并发脚本的封控。
-* 🧠 **高仿真人类行为 (Human-Like)**：摒弃死板的 Ping/Curl，引入单次会话指纹锁定、10 米级 GPS 坐标微抖动、以及 60-120 秒的真实阅读停顿拉伸。
-* 📡 **OTA 静默进化 (Smart Updates)**：彻底解耦逻辑与数据。系统每周自动从云端节点拉取最新的“热搜词汇”和“真实设备指纹池”，确保养护行为永不过时。
-
-## 🚀 极速安装 (一键部署)
-
-只需在你的 Linux 终端（Debian/Ubuntu/CentOS 等）以 root 身份运行以下一行命令，即可开启全自动养护：
-
-```bash
-bash <(curl -sL https://git.94211762.xyz/hotyue/IP-Sentinel/raw/branch/main/core/install.sh)
-```
-
-*安装过程中将引导你选择目标区域（目前支持日本、美国等，规则库持续更新中）。*
+* ☁️ **云端中枢 (Public Master)**：**v2.1.0 新特性**。引入官方公共机器人 [@OmniBeacon_bot](https://t.me/OmniBeacon_bot)，新手无需部署 Master 司令部，一键回车即可接入全球养护矩阵，极大降低入伍门槛。
+* 🧠 **分布式中枢 (Master-Agent)**：对于硬核极客，支持私有化部署。一台 Master 主控集成 SQLite 数据库，统管无数台 Agent 边缘节点，确保数据绝对私有。
+* 🎮 **TG 战术面板 (Command Center)**：无需记忆繁琐命令，原生 Inline Keyboard 按钮驱动。支持一键调出节点列表、一键下发伪装指令、一键索要精准战报、**毫秒级抓取实时运行日志**。
+* 🛡️ **NAT 穿透与安全网关 (NAT-Friendly)**：边缘节点采用 Python3 极轻量 Webhook 监听，**完全自定义通信端口**，完美支持受限 NAT 小鸡。独创 TG 转发授权机制，杜绝野生节点恶意接入。
+* 👻 **高仿真人类行为 (Human-Like)**：摒弃死板的 Ping/Curl，引入单次会话指纹锁定、10 米级 GPS 坐标微抖动、以及 60~150 秒的真实阅读停顿拉伸，完美避开 AI 封控。
+* 📡 **OTA 静默进化 (Smart Updates)**：系统每周日凌晨自动从云端拉取最新的“热搜词汇”和“真实设备指纹池”，确保养护行为与时俱进、永不过时。
 
 ## 📂 项目架构 (Monorepo)
 
-本项目采用企业级的“冷热数据分离”架构：
+本项目采用企业级的“主从控制”与“冷热数据分离”双重架构：
 
 ```text
 📦 IP-Sentinel
- ┣ 📂 core/                   # 🧠 核心逻辑控制中心 (引擎、业务模块)
+ ┣ 📂 master/                 # 🧠 司令部：SQLite 存储、TG 监听与 Webhook 调度中心
+ ┣ 📂 core/                   # 🛡️ 边缘哨兵：Webhook 被动监听、高拟真养护引擎
  ┗ 📂 data/                   # 🗂️ 全球数据规则库
     ┣ 📂 regions/             # 🧊 冷数据：各地区 GPS 基准配置 (固化)
     ┣ 📂 keywords/            # 🔥 热数据：动态搜索词库 (OTA 自动更新)
     ┗ 📜 user_agents.txt      # 🔥 热数据：全局真实设备指纹池
 ```
 
-## 🤝 参与贡献
+## 🚀 极速部署 (Quick Start)
 
-如果你想为项目增加新的节点（例如德国、英国、新加坡等），或者提供更丰富的本土化搜索词库，非常欢迎提交 Pull Request！
-只需在 `data/regions/` 新增对应国家的 JSON 规则，并在 `data/keywords/` 新增词库 txt 即可。
+v2.1.0 提供了两种接入模式，请根据您的战术需求选择：
 
-## ⚠️ 免责声明
+### 🔹 模式 A：官方公共模式 (最简、推荐)
+**适合不想折腾、只想快速养护 IP 的新兵。**
+
+1. **关注机器人**：在 TG 中关注 [@OmniBeacon_bot](https://t.me/OmniBeacon_bot) 并发送 `/start`。
+2. **部署 Agent**：在目标 VPS 上执行以下指令，安装过程中**直接回车**使用官方机器人，并输入您的 Chat ID：
+```Bash
+   bash <(curl -sL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/core/install.sh)
+```
+3. **激活节点**：安装完成后，您的手机会收到一条 #REGISTER# 暗号，将其转发给机器人即可完成入库。
+
+### 🔸 模式 B：私有独立模式 (全自主、硬核)
+**适合追求绝对数据隐私、需自建机器人的领主。**
+
+1. **部署 Master**：找一台 VPS 作为大脑（仅需部署一台），执行：
+```Bash
+bash <(curl -sL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/master/install_master.sh)
+
+```
+2. **部署 Agent**：在需要养护的机器上执行 Agent 脚本，输入您自建机器人的 Token 以及与 Master 一致的配置。
+```Bash
+   bash <(curl -sL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/core/install.sh)
+```
+3. **激活节点**：同上，将暗号转发给您自己的机器人即可。
+
+
+🗑️ 一键无痕卸载
+如果你需要清理某个边缘节点，只需重新运行 core/install.sh 并选择 [3]，或直接在节点终端执行：
+
+```Bash
+bash /opt/ip_sentinel/core/uninstall.sh
+```
+
+📡 战术联络 (Community)
+如果你在使用过程中遇到任何疑难杂症，或者想围观大佬们的养护战报，欢迎加入我们的基地：
+- Telegram 频道: [@IP_Sentinel_Matrix](https://t.me/IP_Sentinel_Matrix)
+
+🤝 参与贡献
+如果你想为项目增加新的节点区域（例如德国、英国、新加坡等），或者提供更丰富的本土化搜索词库，非常欢迎提交 Pull Request！
+只需在 data/regions/ 新增对应国家的 JSON 规则，并在 data/keywords/ 新增词库 txt 即可。
+
+⚠️ 免责声明
+本项目仅供网络原理研究、个人 VPS 维护学习使用。请遵守当地法律法规及目标服务商的 TOS（服务条款），切勿用于恶意高频请求或任何非法用途。使用者需自行承担因不当使用造成的 IP 封禁或其他相关风险。
 
-本项目仅供网络原理研究、个人 VPS 维护学习使用。请遵守当地法律法规及目标服务商的 TOS（服务条款），切勿用于恶意高频请求或任何非法用途。使用者需自行承担因不当使用造成的 IP 封禁或其他相关风险。

core/agent_daemon.sh

@@ -1,12 +1,13 @@
 #!/bin/bash
 
 # ==========================================================
-# 脚本名称: agent_daemon.sh (受控节点 Webhook 守护进程)
-# 核心功能: 向 Master 汇报公网 IP 注册、监听本地 HTTP 唤醒指令
+# 脚本名称: agent_daemon.sh (受控节点 Webhook 守护进程 V2.0)
+# 核心功能: 智能防打扰注册、进程自检、模块级路由分发(403拦截)
 # ==========================================================
 
 INSTALL_DIR="/opt/ip_sentinel"
 CONFIG_FILE="${INSTALL_DIR}/config.conf"
+IP_CACHE="${INSTALL_DIR}/core/.last_ip"
 
 [ ! -f "$CONFIG_FILE" ] && exit 1
 source "$CONFIG_FILE"
@@ -14,54 +15,93 @@ source "$CONFIG_FILE"
 # 如果没有配置 TG，说明未开启联控模式，直接退出
 [ -z "$TG_TOKEN" ] || [ -z "$CHAT_ID" ] && exit 0
 
-# 默认 Webhook 监听端口，可在安装时动态写入配置
+# 默认 Webhook 监听端口
 AGENT_PORT=${AGENT_PORT:-9527}
-# 截取主机名作为节点唯一标识 (可限制长度防超长)
 NODE_NAME=$(hostname | cut -c 1-15)
 
-# 1. 获取本机原生公网 IPv4
-AGENT_IP=$(curl -4 -s -m 5 api.ip.sb/ip)
-
-if [ -n "$AGENT_IP" ]; then
-    # 2. 向 Master 发送注册暗号 (借助 TG API)
-    # 【升级点】利用 TG API 机制，引导用户充当“安全网关”手动转发授权
-    REG_MSG="👋 **[边缘节点接入申请]**%0A节点: \`${NODE_NAME}\`%0A地址: \`${AGENT_IP}:${AGENT_PORT}\`%0A%0A⚠️ **安全验证**: 为防止非法节点接入，请长按复制下方代码，并**发送给我**以完成最终授权录入：%0A%0A\`#REGISTER#|${NODE_NAME}|${AGENT_IP}|${AGENT_PORT}\`"
-    
-    curl -s -m 5 -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
-        -d "chat_id=${CHAT_ID}" \
-        -d "text=${REG_MSG}" \
-        -d "parse_mode=Markdown" > /dev/null
-    
-    echo "✅ [Agent] 已向司令部发送接入申请，请在 Telegram 手机端完成授权！"
+# --- [重点升级 1: 守护进程防冲突自检] ---
+if pgrep -f "webhook.py $AGENT_PORT" > /dev/null; then
+    exit 0
 fi
 
-# 3. 启动轻量级 Python3 Webhook 监听服务
-# (相比纯 Bash 的 nc 命令，Python3 的 HTTP 库在各发行版间兼容性最完美，且支持并发)
+# 1. 获取本机原生公网 IPv4 (强制去除所有不可见换行符和空格)
+AGENT_IP=$(curl -4 -s -m 5 api.ip.sb/ip | tr -d '[:space:]')
+
+if [ -n "$AGENT_IP" ]; then
+    # --- [重点升级 2: 智能防打扰注册机制] ---
+    LAST_IP=""
+    [ -f "$IP_CACHE" ] && LAST_IP=$(cat "$IP_CACHE" | tr -d '[:space:]')
+
+    # 只有当这是第一次运行，或者公网 IP 发生变动时，才发送 Telegram 申请
+    if [ "$AGENT_IP" != "$LAST_IP" ]; then
+        REG_MSG="👋 **[边缘节点接入申请]**%0A节点: \`${NODE_NAME}\`%0A地址: \`${AGENT_IP}:${AGENT_PORT}\`%0A%0A⚠️ **安全验证**: 为防止非法节点接入，请长按复制下方代码，并**发送给我**以完成最终授权录入：%0A%0A\`#REGISTER#|${NODE_NAME}|${AGENT_IP}|${AGENT_PORT}\`"
+        
+        curl -s -m 5 -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
+            -d "chat_id=${CHAT_ID}" \
+            -d "text=${REG_MSG}" \
+            -d "parse_mode=Markdown" > /dev/null
+        
+        echo "✅ [Agent] 已向司令部发送接入申请，请在 Telegram 手机端完成授权！"
+        echo "$AGENT_IP" > "$IP_CACHE"
+    else
+        echo "ℹ️ [Agent] IP 未变动 ($AGENT_IP)，跳过重复注册申请。"
+    fi
+fi
+
+# 3. 启动轻量级 Python3 Webhook 监听服务 (带 403 权限校验路由)
 cat > "${INSTALL_DIR}/core/webhook.py" << 'EOF'
 import http.server
 import socketserver
 import subprocess
 import sys
+import os
 
 PORT = int(sys.argv[1])
 
 class AgentHandler(http.server.BaseHTTPRequestHandler):
     def do_GET(self):
-        # 统一返回成功，防止 Master 请求超时阻塞
-        self.send_response(200)
-        self.send_header("Content-type", "text/plain")
-        self.end_headers()
-        self.wfile.write(b"Agent Received Action\n")
-        
-        # 路由分发
-        if self.path == '/trigger_run':
-            # 另起后台进程执行深度伪装，不阻塞 Webhook 响应
-            subprocess.Popen(['bash', '/opt/ip_sentinel/core/mod_google.sh'])
+        # 路由 1: Google 区域纠偏 (含老版 run 指令兼容)
+        if self.path == '/trigger_google' or self.path == '/trigger_run':
+            if os.path.exists('/opt/ip_sentinel/core/mod_google.sh'):
+                self.send_response(200)
+                self.send_header("Content-type", "text/plain")
+                self.end_headers()
+                self.wfile.write(b"Action Accepted: mod_google\n")
+                subprocess.Popen(['bash', '/opt/ip_sentinel/core/mod_google.sh'])
+            else:
+                self.send_response(403)
+                self.send_header("Content-type", "text/plain")
+                self.end_headers()
+                self.wfile.write(b"403 Forbidden: Google Module Disabled\n")
+
+        # 路由 2: IP 信用净化
+        elif self.path == '/trigger_trust':
+            if os.path.exists('/opt/ip_sentinel/core/mod_trust.sh'):
+                self.send_response(200)
+                self.send_header("Content-type", "text/plain")
+                self.end_headers()
+                self.wfile.write(b"Action Accepted: mod_trust\n")
+                subprocess.Popen(['bash', '/opt/ip_sentinel/core/mod_trust.sh'])
+            else:
+                self.send_response(403)
+                self.send_header("Content-type", "text/plain")
+                self.end_headers()
+                self.wfile.write(b"403 Forbidden: Trust Module Disabled\n")
+
+        # 路由 3: 触发战报推送
         elif self.path == '/trigger_report':
-            # 另起后台进程执行战报生成
+            self.send_response(200)
+            self.send_header("Content-type", "text/plain")
+            self.end_headers()
+            self.wfile.write(b"Action Accepted: tg_report\n")
             subprocess.Popen(['bash', '/opt/ip_sentinel/core/tg_report.sh'])
+
+        # 路由 4: 抓取并回传实时日志
         elif self.path == '/trigger_log':
-            # 【新增升级】抓取最后15行日志并通过 TG 原路返回 (直接通过 bash -c 运行复合命令)
+            self.send_response(200)
+            self.send_header("Content-type", "text/plain")
+            self.end_headers()
+            self.wfile.write(b"Action Accepted: fetch_log\n")
             bash_cmd = """
             source /opt/ip_sentinel/config.conf
             LOG_DATA=$(tail -n 15 /opt/ip_sentinel/logs/sentinel.log)
@@ -72,9 +112,12 @@ class AgentHandler(http.server.BaseHTTPRequestHandler):
                 -d "parse_mode=Markdown"
             """
             subprocess.Popen(['bash', '-c', bash_cmd])
+            
+        else:
+            self.send_response(404)
+            self.end_headers()
 
     def log_message(self, format, *args):
-        # 关闭默认的控制台日志输出，保持后台清爽
         pass
 
 try:
@@ -84,5 +127,8 @@ except Exception as e:
     sys.exit(1)
 EOF
 
-# 保持前台运行 (被 Cron 的 nohup 放入后台守护)
-python3 "${INSTALL_DIR}/core/webhook.py" "$AGENT_PORT"
+# --- [重点升级 3: 真正的静默后台启动] ---
+echo "🚀 [Agent] 正在后台启动 Webhook 监听服务 (端口: $AGENT_PORT)..."
+nohup python3 "${INSTALL_DIR}/core/webhook.py" "$AGENT_PORT" > /dev/null 2>&1 &
+disown 2>/dev/null || true
+echo "✅ [Agent] 守护进程启动完毕，可安全关闭终端。"

core/install.sh

@@ -1,12 +1,12 @@
 #!/bin/bash
 
 # ==========================================================
-# 脚本名称: install.sh (IP-Sentinel 分布式边缘节点部署脚本 V5.0)
-# 核心功能: 区域选择、一键卸载、解析冷数据、配置高频调度与 Webhook 守护
+# 脚本名称: install.sh (IP-Sentinel 分布式边缘节点部署脚本 v2.1.0)
+# 核心功能: 区域选择、模块按需开启、官方机器人一键配置
 # ==========================================================
 
-# 你的专属 Forgejo 仓库 Raw 数据直链前缀
-REPO_RAW_URL="https://git.94211762.xyz/hotyue/IP-Sentinel/raw/branch/main"
+# 你的 GitHub 仓库 Raw 数据直链前缀
+REPO_RAW_URL="https://raw.githubusercontent.com/hotyue/IP-Sentinel/main"
 INSTALL_DIR="/opt/ip_sentinel"
 CONFIG_FILE="${INSTALL_DIR}/config.conf"
 
@@ -15,7 +15,7 @@ echo "      🛡️ 欢迎使用 IP-Sentinel (边缘节点 Edge Agent)"
 echo "========================================================"
 
 # 1. 依赖检查与安装 (新增 python3 用于轻量级 Webhook 服务)
-echo -e "\n[1/6] 正在安装必要环境依赖 (curl, jq, cron, procps, python3)..."
+echo -e "\n[1/7] 正在安装必要环境依赖 (curl, jq, cron, procps, python3)..."
 if [ -f /etc/debian_version ]; then
     apt-get update -y >/dev/null 2>&1
     apt-get install -y curl jq cron procps python3 >/dev/null 2>&1
@@ -27,7 +27,7 @@ else
 fi
 
 # 2. 交互式引导 (包含卸载选项)
-echo -e "\n[2/6] 请选择你要伪装的目标区域或执行卸载:"
+echo -e "\n[2/7] 请选择你要伪装的目标区域或执行卸载:"
 echo "  1) 🇯🇵 日本 (东京 - JP)"
 echo "  2) 🇺🇸 美国 (美西 - US)"
 echo "  3) 🗑️ 一键卸载 IP-Sentinel"
@@ -52,37 +52,68 @@ esac
 # 本地工作目录初始化
 mkdir -p "${INSTALL_DIR}/core"
 mkdir -p "${INSTALL_DIR}/data/keywords"
+mkdir -p "${INSTALL_DIR}/data/regions"
 mkdir -p "${INSTALL_DIR}/logs"
 
-# 3. 接入 Master 中枢配置
-echo -e "\n[3/6] 是否接入 Master 司令部？(需要配置与主控相同的 TG 机器人) (y/n)"
+# 3. 功能模块前置开关 (按需加载)
+echo -e "\n[3/7] 请选择需要开启的养护模块 (按需开启，节省资源):"
+echo "  1) 📍 仅开启 [Google 区域纠偏] (默认，适合流媒体解锁机位漂移)"
+echo "  2) 🛡️ 仅开启 [IP 信用净化] (适合高风险机房 IP 降低 Scamalytics 分数)"
+echo "  3) 🔥 双管齐下 (同时开启以上两项)"
+read -p "请输入选择 [1-3] (默认1): " MODULE_CHOICE
+
+ENABLE_GOOGLE="true"
+ENABLE_TRUST="false"
+case ${MODULE_CHOICE:-1} in
+    2) ENABLE_GOOGLE="false"; ENABLE_TRUST="true" ;;
+    3) ENABLE_GOOGLE="true"; ENABLE_TRUST="true" ;;
+    *) ENABLE_GOOGLE="true"; ENABLE_TRUST="false" ;;
+esac
+
+# 4. 接入 Master 中枢配置
+echo -e "\n[4/7] 是否接入 Master 司令部？(需要配置与主控相同的 TG 机器人) (y/n)"
 read -p "请输入选择 [y/n] (默认n): " TG_CHOICE
 TG_TOKEN=""
 CHAT_ID=""
 AGENT_PORT="9527"
 if [[ "$TG_CHOICE" =~ ^[Yy]$ ]]; then
-    read -p "请输入 Telegram Bot Token (与主控一致): " TG_TOKEN
+    echo -e "\n\033[33m💡 提示：您可以选择使用自己的机器人，或者直接回车使用官方公共机器人。\033[0m"
+    echo -e "\033[33m⚠️  注意：若使用官方机器人，请务必先在 TG 中关注 @OmniBeacon_bot 并发送 /start\033[0m"
+    
+    read -p "请输入您的 Telegram Bot Token (回车使用官方默认): " USER_TOKEN
+    
+    if [ -z "$USER_TOKEN" ]; then
+        TG_TOKEN="8733029779:AAErXnFw45NCWZl4ylKQX-0OIC9SA_4XifM"
+        echo -e "\033[32m✅ 已自动配置官方机器人 (@OmniBeacon_bot)。\033[0m"
+        echo -e "\033[33m👉 请确保您已关注官方机器人并发送过 /start，否则将无法接收消息。\033[0m"
+    else
+        TG_TOKEN="$USER_TOKEN"
+        echo -e "\033[32m✅ 已记录您的私有机器人 Token。\033[0m"
+    fi
+
+    echo -e "\033[33m💡 提示：如果您不知道自己的 Chat ID，可以关注 @userinfobot 获取。\033[0m"
     read -p "请输入你的 Chat ID (与主控一致): " CHAT_ID
-    read -p "请输入本机用于接收指令的 Webhook 端口 (默认 9527，请确保防火墙已放开此端口): " INPUT_PORT
+    read -p "请输入本机用于接收指令的 Webhook 端口 (默认 9527): " INPUT_PORT
     [ -n "$INPUT_PORT" ] && AGENT_PORT="$INPUT_PORT"
 fi
 
-# 4. 远程拉取冷数据并解析固化
-echo -e "\n[4/6] 正在从你的数据仓库拉取 [${REGION_CODE}] 节点的底层规则..."
-REGION_JSON=$(curl -sL "${REPO_RAW_URL}/data/regions/${REGION_CODE}.json")
+# 5. 远程拉取冷数据并解析固化
+echo -e "\n[5/7] 正在从你的数据仓库拉取 [${REGION_CODE}] 节点的底层规则..."
+REGION_JSON_FILE="${INSTALL_DIR}/data/regions/${REGION_CODE}.json"
+curl -sL "${REPO_RAW_URL}/data/regions/${REGION_CODE}.json" -o "$REGION_JSON_FILE"
 
-# 使用 jq 提取 JSON 里的核心值
-REGION_NAME=$(echo "$REGION_JSON" | jq -r '.region_name')
-BASE_LAT=$(echo "$REGION_JSON" | jq -r '.google_module.base_lat')
-BASE_LON=$(echo "$REGION_JSON" | jq -r '.google_module.base_lon')
-LANG_PARAMS=$(echo "$REGION_JSON" | jq -r '.google_module.lang_params')
-VALID_URL_SUFFIX=$(echo "$REGION_JSON" | jq -r '.google_module.valid_url_suffix')
-
-if [ -z "$BASE_LAT" ] || [ "$BASE_LAT" == "null" ]; then
+if [ ! -s "$REGION_JSON_FILE" ]; then
     echo "❌ 拉取或解析规则失败！请检查 Forgejo 仓库是否公开或网络是否畅通。"
     exit 1
 fi
 
+# 使用 jq 提取 JSON 里的核心值
+REGION_NAME=$(jq -r '.region_name' "$REGION_JSON_FILE")
+BASE_LAT=$(jq -r '.google_module.base_lat' "$REGION_JSON_FILE")
+BASE_LON=$(jq -r '.google_module.base_lon' "$REGION_JSON_FILE")
+LANG_PARAMS=$(jq -r '.google_module.lang_params' "$REGION_JSON_FILE")
+VALID_URL_SUFFIX=$(jq -r '.google_module.valid_url_suffix' "$REGION_JSON_FILE")
+
 # 写入本地静态配置文件
 cat > "$CONFIG_FILE" << EOF
 # IP-Sentinel 本地固化配置 (生成时间: $(date '+%Y-%m-%d %H:%M:%S'))
@@ -93,6 +124,10 @@ BASE_LON="$BASE_LON"
 LANG_PARAMS="$LANG_PARAMS"
 VALID_URL_SUFFIX="$VALID_URL_SUFFIX"
 
+# 模块开关状态
+ENABLE_GOOGLE="$ENABLE_GOOGLE"
+ENABLE_TRUST="$ENABLE_TRUST"
+
 TG_TOKEN="$TG_TOKEN"
 CHAT_ID="$CHAT_ID"
 AGENT_PORT="$AGENT_PORT"
@@ -100,22 +135,30 @@ INSTALL_DIR="$INSTALL_DIR"
 LOG_FILE="${INSTALL_DIR}/logs/sentinel.log"
 EOF
 
-# 5. 拉取全套组件 (引擎、业务、更新、战报、Webhook守护进程、卸载脚本及热数据)
-echo -e "\n[5/6] 正在部署核心引擎、Webhook 组件与热数据..."
+# 6. 拉取全套组件 (按需下载，绝不浪费空间)
+echo -e "\n[6/7] 正在根据模块开关部署核心引擎与热数据..."
+# 基础公共组件
 curl -sL "${REPO_RAW_URL}/core/runner.sh" -o "${INSTALL_DIR}/core/runner.sh"
-curl -sL "${REPO_RAW_URL}/core/mod_google.sh" -o "${INSTALL_DIR}/core/mod_google.sh"
 curl -sL "${REPO_RAW_URL}/core/updater.sh" -o "${INSTALL_DIR}/core/updater.sh"
 curl -sL "${REPO_RAW_URL}/core/tg_report.sh" -o "${INSTALL_DIR}/core/tg_report.sh"
-# 【核心替换】下载边缘节点的 Webhook 守护进程
 curl -sL "${REPO_RAW_URL}/core/agent_daemon.sh" -o "${INSTALL_DIR}/core/agent_daemon.sh"
 curl -sL "${REPO_RAW_URL}/core/uninstall.sh" -o "${INSTALL_DIR}/core/uninstall.sh"
+curl -sL "${REPO_RAW_URL}/data/user_agents.txt" -o "${INSTALL_DIR}/data/user_agents.txt"
+
+# 动态按需组件
+if [ "$ENABLE_GOOGLE" == "true" ]; then
+    curl -sL "${REPO_RAW_URL}/core/mod_google.sh" -o "${INSTALL_DIR}/core/mod_google.sh"
+    curl -sL "${REPO_RAW_URL}/data/keywords/kw_${REGION_CODE}.txt" -o "${INSTALL_DIR}/data/keywords/kw_${REGION_CODE}.txt"
+fi
+
+if [ "$ENABLE_TRUST" == "true" ]; then
+    curl -sL "${REPO_RAW_URL}/core/mod_trust.sh" -o "${INSTALL_DIR}/core/mod_trust.sh"
+fi
+
 chmod +x ${INSTALL_DIR}/core/*.sh
 
-curl -sL "${REPO_RAW_URL}/data/user_agents.txt" -o "${INSTALL_DIR}/data/user_agents.txt"
-curl -sL "${REPO_RAW_URL}/data/keywords/kw_${REGION_CODE}.txt" -o "${INSTALL_DIR}/data/keywords/kw_${REGION_CODE}.txt"
-
-# 6. 配置系统定时任务 (高频调度与看门狗)
-echo -e "\n[6/6] 正在注入系统定时任务与看门狗进程..."
+# 7. 配置系统定时任务 (高频调度与看门狗)
+echo -e "\n[7/7] 正在注入系统定时任务与看门狗进程..."
 crontab -l 2>/dev/null | grep -v "ip_sentinel" > /tmp/cron_backup
 
 # 核心养护模块: 每 30 分钟触发一次
@@ -128,16 +171,45 @@ if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then
     # 每天早上 8 点发送昨天的统计战报
     echo "0 8 * * * ${INSTALL_DIR}/core/tg_report.sh >/dev/null 2>&1" >> /tmp/cron_backup
     
-    # 边缘守护进程看门狗: 检查 agent_daemon.sh (或其拉起的 webhook.py) 是否存活
-    echo "* * * * * pgrep -f webhook.py >/dev/null || nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup
+    # 双保险守护进程看门狗
+    echo "@reboot nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup
+    echo "* * * * * nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup
     
-    # 安装时立刻启动一次边缘守护进程 (触发注册与 Webhook 监听)
-    pgrep -f webhook.py >/dev/null || nohup bash "${INSTALL_DIR}/core/agent_daemon.sh" >/dev/null 2>&1 &
+    # 安装时立刻启动一次边缘守护进程
+    nohup bash "${INSTALL_DIR}/core/agent_daemon.sh" >/dev/null 2>&1 &
 fi
 
 crontab /tmp/cron_backup
 rm -f /tmp/cron_backup
 
+if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then
+    echo -e "\n📡 正在向指挥部发送注册暗号..."
+    
+    # 获取公网 IP
+    PUBLIC_IP=$(curl -s https://api64.ipify.org || curl -s https://ifconfig.me || echo "未知IP")
+    
+    # 构造注册暗号
+    REG_MSG="#REGISTER#:${REGION_NAME}:${PUBLIC_IP}:${AGENT_PORT}"
+    
+    # 执行主动推送
+    PUSH_RESULT=$(curl -s -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
+        -d "chat_id=${CHAT_ID}" \
+        -d "parse_mode=Markdown" \
+        -d "text=✨ *IP-Sentinel 部署成功！*
+📍 区域：${REGION_NAME}
+🌐 IP：${PUBLIC_IP}
+🔌 端口：${AGENT_PORT}
+
+🔑 *请点击下方指令复制并回复给机器人：*
+\`${REG_MSG}\`")
+
+    if echo "$PUSH_RESULT" | grep -q '"ok":true'; then
+        echo -e "\033[32m✅ 注册信息已推送到您的 Telegram，请按指令完成最终激活！\033[0m"
+    else
+        echo -e "\033[31m❌ 消息推送失败，请检查 Chat ID 是否正确或是否已关注机器人。\033[0m"
+    fi
+fi
+
 echo "========================================================"
 echo "🎉 边缘节点 (Agent) 部署流程彻底完成！"
 echo "📍 你的本地守护区域已锁定为: $REGION_NAME"

core/mod_trust.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+
+# ==========================================================
+# 脚本名称: mod_trust.sh (IP 信用净化模块 V2.0 数据解耦版)
+# 核心功能: 动态读取云端/本地 JSON 规则池，模拟访问高权重网站稀释恶意流量
+# ==========================================================
+
+INSTALL_DIR="/opt/ip_sentinel"
+CONFIG_FILE="${INSTALL_DIR}/config.conf"
+UA_FILE="${INSTALL_DIR}/data/user_agents.txt"
+REPO_RAW_URL="https://git.94211762.xyz/hotyue/IP-Sentinel/raw/branch/main"
+
+# 1. 基础环境校验
+[ ! -f "$CONFIG_FILE" ] && exit 1
+source "$CONFIG_FILE"
+
+REGION=${REGION_CODE:-"US"}
+LOG_FILE="${INSTALL_DIR}/logs/sentinel.log"
+REGION_JSON_FILE="${INSTALL_DIR}/data/regions/${REGION}.json"
+
+# 2. 动态获取配置 (解耦核心)
+# 兼容旧节点：如果本地没有 json，自动拉取最新的云端配置
+if [ ! -f "$REGION_JSON_FILE" ]; then
+    mkdir -p "${INSTALL_DIR}/data/regions"
+    curl -sL "${REPO_RAW_URL}/data/regions/${REGION}.json" -o "$REGION_JSON_FILE"
+fi
+
+# 使用 jq 将 json 中的网址数组安全地读入 Bash 数组
+if [ -f "$REGION_JSON_FILE" ]; then
+    mapfile -t TRUST_URLS < <(jq -r '.trust_module.white_urls[]' "$REGION_JSON_FILE" 2>/dev/null)
+fi
+
+# 兜底：如果仓库挂了或者解析失败，提供国际通用白名单
+if [ ${#TRUST_URLS[@]} -eq 0 ]; then
+    TRUST_URLS=("https://en.wikipedia.org/wiki/Special:Random" "https://www.apple.com/" "https://www.microsoft.com/")
+fi
+
+# 3. 日志规范化
+log_msg() {
+    local TYPE=$1
+    local MSG=$2
+    local TIME=$(date "+%Y-%m-%d %H:%M:%S")
+    echo "[$TIME] [$TYPE] [Trust  ] [$REGION] $MSG" | tee -a "$LOG_FILE"
+}
+
+# 4. 锁定单次会话指纹
+if [ -f "$UA_FILE" ]; then
+    CURRENT_UA=$(shuf -n 1 "$UA_FILE")
+else
+    CURRENT_UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
+fi
+
+# ==========================================
+# 🚀 净化行动开始
+# ==========================================
+log_msg "START" "========== 启动区域 IP 信用净化会话 =========="
+log_msg "INFO " "已载入 [${REGION}] 区域白名单，配置库条目: ${#TRUST_URLS[@]} 个"
+log_msg "INFO " "已锁定本地伪装指纹: $(echo $CURRENT_UA | cut -d' ' -f1-2)..."
+
+STEP_COUNT=$((RANDOM % 4 + 3))
+SUCCESS_INJECT=0
+
+for ((i=1; i<=STEP_COUNT; i++)); do
+    # 随机抽取本地区域权威网址
+    TARGET_URL=${TRUST_URLS[$RANDOM % ${#TRUST_URLS[@]}]}
+    
+    HTTP_CODE=$(curl -A "$CURRENT_UA" \
+        -H "Accept: text/html,application/xhtml+xml;q=0.9,image/avif,image/webp,*/*;q=0.8" \
+        -H "Accept-Language: en-US,en;q=0.9" \
+        -H "Sec-Fetch-Dest: document" \
+        -H "Sec-Fetch-Mode: navigate" \
+        -H "Upgrade-Insecure-Requests: 1" \
+        --compressed \
+        -s -o /dev/null -w "%{http_code}" -m 15 "$TARGET_URL")
+
+    if [[ "$HTTP_CODE" =~ ^(200|301|302)$ ]]; then
+        log_msg "EXEC " "动作[$i/$STEP_COUNT]完成 | 状态: $HTTP_CODE | 注入: $TARGET_URL"
+        ((SUCCESS_INJECT++))
+    else
+        log_msg "EXEC " "动作[$i/$STEP_COUNT]异常 | 状态: $HTTP_CODE | 阻拦: $TARGET_URL"
+    fi
+
+    if [ $i -lt $STEP_COUNT ]; then
+        SLEEP_TIME=$((RANDOM % 76 + 45))
+        log_msg "WAIT " "正在浏览本地高权重页面，模拟停留 $SLEEP_TIME 秒..."
+        sleep $SLEEP_TIME
+    fi
+done
+
+# ==========================================
+# 📊 结论判定与输出
+# ==========================================
+if [ "$SUCCESS_INJECT" -ge $((STEP_COUNT / 2)) ]; then
+    log_msg "SCORE" "自检结论: ✅ 信用净化完成 (已成功注入 $SUCCESS_INJECT 条无害流量)"
+else
+    log_msg "SCORE" "自检结论: ❌ 净化受阻 (部分站点拦截或网络超时)"
+fi
+
+log_msg "END  " "========== 会话结束，释放进程 =========="
+log_msg "INFO " "系统级调度完毕，信任因子持续积累中..."

core/runner.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 # ==========================================================
-# 脚本名称: runner.sh (IP-Sentinel 主控调度引擎)
-# 核心功能: 防并发随机延迟启动、加载本地固化配置、调度业务模块
+# 脚本名称: runner.sh (IP-Sentinel 主控调度引擎 V2.0 智能分配版)
+# 核心功能: 防并发延迟启动、功能开关(Feature Flag)自适应、多模块概率轮盘调度
 # ==========================================================
 
 INSTALL_DIR="/opt/ip_sentinel"
@@ -28,21 +28,46 @@ export -f log
 export CONFIG_FILE INSTALL_DIR
 
 # 3. 防僵尸网络特征 (Cron Jitter) - 核心隐蔽逻辑
-# 【核心升级】配合每 30 分钟的调度周期，将随机休眠控制在 0 到 180 秒 (3分钟) 内，彻底打散全球并发请求
+# 配合每 30 分钟的调度周期，将随机休眠控制在 0 到 180 秒 (3分钟) 内，彻底打散全球并发请求
 JITTER_TIME=$((RANDOM % 180))
 log "SYSTEM" "INFO" "主控引擎被 Cron 唤醒，进入防并发随机休眠状态: ${JITTER_TIME} 秒..."
 sleep $JITTER_TIME
 
-# 4. 唤醒并调度业务模块
-log "SYSTEM" "INFO" "休眠结束，开始执行养护任务..."
+# 4. 唤醒并读取功能开关，执行智能调度 (Feature Flag)
+log "SYSTEM" "INFO" "休眠结束，开始计算本轮任务轮盘..."
 
-# 调度 Google 模块
-if [ -x "${INSTALL_DIR}/core/mod_google.sh" ]; then
-    log "SYSTEM" "INFO" "加载子模块: Google 业务模拟"
-    # 核心降耗逻辑：使用 nice -n 19 赋予进程最低 CPU 优先级，绝不抢占 VPS 正常业务的资源
-    nice -n 19 bash "${INSTALL_DIR}/core/mod_google.sh"
+TARGET_MOD=""
+MOD_NAME=""
+
+# 智能轮盘赌算法
+if [ "$ENABLE_GOOGLE" == "true" ] && [ "$ENABLE_TRUST" == "true" ]; then
+    # 双管齐下: 70% 概率跑 Google 稳固定位，30% 概率跑 Trust 洗刷风控分
+    ROLL=$((RANDOM % 100 + 1))
+    if [ $ROLL -le 70 ]; then
+        TARGET_MOD="mod_google.sh"
+        MOD_NAME="Google 区域纠偏"
+    else
+        TARGET_MOD="mod_trust.sh"
+        MOD_NAME="IP 信用净化"
+    fi
+elif [ "$ENABLE_GOOGLE" == "true" ]; then
+    TARGET_MOD="mod_google.sh"
+    MOD_NAME="Google 区域纠偏"
+elif [ "$ENABLE_TRUST" == "true" ]; then
+    TARGET_MOD="mod_trust.sh"
+    MOD_NAME="IP 信用净化"
 else
-    log "SYSTEM" "ERROR" "未找到可执行的 Google 模块"
+    log "SYSTEM" "WARN" "节点未开启任何养护模块，跳过本轮执行。"
+    exit 0
+fi
+
+# 5. 拉起选定的业务模块
+if [ -n "$TARGET_MOD" ] && [ -x "${INSTALL_DIR}/core/${TARGET_MOD}" ]; then
+    log "SYSTEM" "INFO" "命中触发条件，加载并执行子模块: ${MOD_NAME}"
+    # 核心降耗逻辑：使用 nice -n 19 赋予进程最低 CPU 优先级，绝不抢占 VPS 正常业务的资源
+    nice -n 19 bash "${INSTALL_DIR}/core/${TARGET_MOD}"
+else
+    log "SYSTEM" "ERROR" "配置了模块 ${MOD_NAME}，但未找到对应的可执行脚本: ${TARGET_MOD}"
 fi
 
 log "SYSTEM" "INFO" "本轮所有模块调度完毕，哨兵继续隐蔽待命。"

core/tg_report.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 # ==========================================================
-# 脚本名称: tg_report.sh (Telegram 每日战报模块 V5.3 缝合加强版)
-# 核心功能: 分析日志并推送 24 小时统计数据到 TG (修复 Markdown 断联Bug)
+# 脚本名称: tg_report.sh (Telegram 每日战报模块 V6.0 动态拼装版)
+# 核心功能: 适配 Feature Flag 架构，按需展示 Google/Trust 独立统计数据
 # ==========================================================
 
 INSTALL_DIR="/opt/ip_sentinel"
@@ -22,7 +22,7 @@ fi
 NODE_NAME=$(hostname | cut -c 1-15)
 CURRENT_IP=$(curl -4 -s -m 5 api.ip.sb/ip || echo "Unknown")
 
-# 智能判断 IP 属性 (通过检查 ISP 标识)
+# 智能判断 IP 属性
 ISP_INFO=$(curl -4 -s -m 5 api.ip.sb/geoip | jq -r '.organization' 2>/dev/null)
 if [[ "$ISP_INFO" == *"Cloudflare"* ]]; then
     IP_TYPE="Cloudflare Warp 🛰️"
@@ -30,80 +30,93 @@ else
     IP_TYPE="Native 原生网卡 🏠"
 fi
 
+# 动态国旗
+case "$REGION_CODE" in
+    "JP") FLAG="🇯🇵" ;;
+    "US") FLAG="🇺🇸" ;;
+    "DE") FLAG="🇩🇪" ;;
+    "SG") FLAG="🇸🇬" ;;
+    "HK") FLAG="🇭🇰" ;;
+    "GB"|"UK") FLAG="🇬🇧" ;;
+    *) FLAG="🌐" ;;
+esac
+
 # 3. 截取过去 24 小时的日志
 LOG_CONTENT=$(find "$LOG_FILE" -mtime -1 -exec cat {} \; 2>/dev/null)
 
 if [ -z "$LOG_CONTENT" ]; then
-    # 修复了换行问题，统一用 EOF 块构造
     read -r -d '' MSG <<EOT
 🛑 **[IP-Sentinel] 告警：节点异常**
 ----------------------------
 📍 **节点名称**: \`${NODE_NAME}\`
 ⚠️ **警告**: 过去 24 小时无运行日志！
-🛠️ **建议**: 节点可能刚部署完毕，请手动执行一次 [执行深度伪装]。
+🛠️ **建议**: 节点可能刚部署完毕，请在面板手动执行一次养护动作。
 EOT
 else
-    # 4. 数据精准分析
-    TOTAL_SESSIONS=$(echo "$LOG_CONTENT" | grep "\[START\]" -c)
-    SUCCESS_COUNT=$(echo "$LOG_CONTENT" | grep "✅" -c)
-    FAILED_COUNT=$(echo "$LOG_CONTENT" | grep "❌" -c)
-    UNKNOWN_COUNT=$(echo "$LOG_CONTENT" | grep "⚠️" -c)
+    # ==========================================
+    # 4. 动态模块数据分析 (核心升级)
+    # ==========================================
+    
+    # 提取最近一次运行的快照 (智能识别所属模块)
+    LAST_LOG_LINE=$(echo "$LOG_CONTENT" | grep "\[SCORE\]" | tail -n 1)
+    LAST_TIME=$(echo "$LAST_LOG_LINE" | awk '{print $1,$2}' | tr -d '[]')
+    LAST_MOD=$(echo "$LAST_LOG_LINE" | awk '{print $4}' | tr -d '[]')
+    LAST_SCORE=$(echo "$LAST_LOG_LINE" | awk -F'自检结论: ' '{print $2}')
 
-    # 提取最近一次运行的时间和结论文本 
-    # (⚠️ 核心 Bug 修复: 用 awk 切割并过滤掉中括号 []，防止触发 TG Markdown 语法错误导致消息丢弃)
-    LAST_TIME=$(echo "$LOG_CONTENT" | grep "\[END" | tail -n 1 | awk '{print $1,$2}' | tr -d '[]')
-    LAST_SCORE=$(echo "$LOG_CONTENT" | grep "\[SCORE\]" | tail -n 1 | awk -F'自检结论: ' '{print $2}' | tr -d '[]')
-
-    # 计算成功率
-    if [ "$TOTAL_SESSIONS" -gt 0 ]; then
-        RATE=$(awk "BEGIN {printf \"%.1f\", ($SUCCESS_COUNT/$TOTAL_SESSIONS)*100}")
-    else
-        RATE=0
-    fi
-
-    # 状态表情逻辑：成功率 100% 显绿色，0% 显红色，中间显黄色
-    if [ "$SUCCESS_COUNT" -eq "$TOTAL_SESSIONS" ] && [ "$TOTAL_SESSIONS" -gt 0 ]; then
-        STATUS_EMOJI="🟢 隐匿完美"
-    elif [ "$SUCCESS_COUNT" -gt 0 ]; then
-        STATUS_EMOJI="🟡 伪装拉锯中"
-    else
-        STATUS_EMOJI="🔴 目标已暴露"
-    fi
-
-    # 动态国旗
-    case "$REGION_CODE" in
-        "JP") FLAG="🇯🇵" ;;
-        "US") FLAG="🇺🇸" ;;
-        "DE") FLAG="🇩🇪" ;;
-        "SG") FLAG="🇸🇬" ;;
-        *) FLAG="🌐" ;;
-    esac
-
-    # 5. 组装 Markdown 消息体 (吸收了老版本的优点)
-    read -r -d '' MSG <<EOT
-📊 **IP-Sentinel 每日简报 (${FLAG} ${REGION_NAME})**
+    # 开始组装战报头部
+    MSG="📊 **IP-Sentinel 每日简报 (${FLAG} ${REGION_NAME})**
 ----------------------------
 📍 **节点名称**: \`${NODE_NAME}\`
 📡 **出口 IP**: \`${CURRENT_IP}\`
-🛡️ **IP 属性**: ${IP_TYPE}
-🔰 **当前状态**: ${STATUS_EMOJI}
+🛡️ **IP 属性**: ${IP_TYPE}"
 
-📅 **24H 统计数据**:
-🚀 执行总数: ${TOTAL_SESSIONS} 次
-✅ 成功伪装: ${SUCCESS_COUNT} 次
-❌ 判定送中: ${FAILED_COUNT} 次
-⚠️ 未知跳转: ${UNKNOWN_COUNT} 次
-📈 综合胜率: **${RATE}%**
+    # --- [分析块 1: Google 纠偏模块] ---
+    if [ "$ENABLE_GOOGLE" == "true" ]; then
+        GOOGLE_LOGS=$(echo "$LOG_CONTENT" | grep "\[Google")
+        G_TOTAL=$(echo "$GOOGLE_LOGS" | grep "\[START\]" -c)
+        G_SUCCESS=$(echo "$GOOGLE_LOGS" | grep "✅" -c)
+        G_FAILED=$(echo "$GOOGLE_LOGS" | grep "❌" -c)
+        G_WARN=$(echo "$GOOGLE_LOGS" | grep "⚠️" -c)
+        
+        G_RATE="0.0"
+        [ "$G_TOTAL" -gt 0 ] && G_RATE=$(awk "BEGIN {printf \"%.1f\", ($G_SUCCESS/$G_TOTAL)*100}")
 
-🕒 **最近执行快照**:
+        MSG="$MSG
+
+🎯 **[Google 区域纠偏]**
+🚀 执行总数: ${G_TOTAL} 次 (胜率: **${G_RATE}%**)
+✅ 成功: ${G_SUCCESS} | ❌ 送中: ${G_FAILED} | ⚠️ 警告: ${G_WARN}"
+    fi
+
+    # --- [分析块 2: IP 信用净化模块] ---
+    if [ "$ENABLE_TRUST" == "true" ]; then
+        TRUST_LOGS=$(echo "$LOG_CONTENT" | grep "\[Trust")
+        T_TOTAL=$(echo "$TRUST_LOGS" | grep "\[START\]" -c)
+        T_SUCCESS=$(echo "$TRUST_LOGS" | grep "✅" -c)
+        T_FAILED=$(echo "$TRUST_LOGS" | grep "❌" -c)
+        
+        T_RATE="0.0"
+        [ "$T_TOTAL" -gt 0 ] && T_RATE=$(awk "BEGIN {printf \"%.1f\", ($T_SUCCESS/$T_TOTAL)*100}")
+
+        MSG="$MSG
+
+🔰 **[IP 信用净化]**
+🚀 净化总数: ${T_TOTAL} 轮 (成功率: **${T_RATE}%**)
+✅ 成功注入: ${T_SUCCESS} | ❌ 访问受阻: ${T_FAILED}"
+    fi
+
+    # 组装战报尾部 (最近快照)
+    MSG="$MSG
+
+🕒 **最近执行快照 [${LAST_MOD:-"System"}]:**
 时间: ${LAST_TIME:-"暂无数据"}
 结论: ${LAST_SCORE:-"暂无数据"}
 ----------------------------
-💡 哨兵正在后台默默守护您的资产。
-EOT
+💡 哨兵正在后台默默守护您的资产。"
+
 fi
 
-# 6. 调用 API 推送 (增加返回值校验输出，方便查错)
+# 5. 调用 API 推送
 RESPONSE=$(curl -s -m 10 -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
     -d "chat_id=${CHAT_ID}" \
     -d "text=${MSG}" \

core/uninstall.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 # ==========================================================
-# 脚本名称: uninstall.sh (IP-Sentinel 一键卸载脚本)
-# 核心功能: 清除守护进程、清理系统定时任务、删除所有程序文件
+# 脚本名称: uninstall.sh (IP-Sentinel 一键卸载脚本 V2.0)
+# 核心功能: 清除所有世代的守护进程、清理系统定时任务、删除程序文件
 # ==========================================================
 
 INSTALL_DIR="/opt/ip_sentinel"
@@ -11,11 +11,24 @@ echo "========================================================"
 echo "      🗑️ 准备卸载 IP-Sentinel (VPS IP 自动养护哨兵)"
 echo "========================================================"
 
-# 1. 停止运行中的守护进程与主控模块
-echo "[1/3] 正在终止后台 Telegram 守护进程与养护任务..."
+# 1. 停止运行中的守护进程与主控模块 (涵盖 V1.0 至 V2.0 架构全量进程)
+echo "[1/3] 正在终止后台守护进程与所有养护任务..."
+
+# 击杀旧版 (V1.x) 遗留进程
 pgrep -f tg_daemon.sh | xargs -r kill -9 >/dev/null 2>&1
+
+# 击杀新版 (V2.x) 神经末梢守护进程
+pgrep -f agent_daemon.sh | xargs -r kill -9 >/dev/null 2>&1
+pgrep -f webhook.py | xargs -r kill -9 >/dev/null 2>&1
+
+# 击杀调度引擎与更新/战报模块
 pgrep -f runner.sh | xargs -r kill -9 >/dev/null 2>&1
+pgrep -f updater.sh | xargs -r kill -9 >/dev/null 2>&1
+pgrep -f tg_report.sh | xargs -r kill -9 >/dev/null 2>&1
+
+# 击杀所有具体的业务执行模块
 pgrep -f mod_google.sh | xargs -r kill -9 >/dev/null 2>&1
+pgrep -f mod_trust.sh | xargs -r kill -9 >/dev/null 2>&1
 
 # 2. 清除系统定时任务 (Cron)
 echo "[2/3] 正在清理系统定时任务 (Cron)..."

data/regions/JP.json

@@ -1,10 +1,20 @@
 {
-  "region_code": "JP",
   "region_name": "日本 (东京)",
   "google_module": {
-    "base_lat": 35.6895,
-    "base_lon": 139.6917,
-    "lang_params": "hl=ja&gl=jp&ceid=JP:ja",
-    "valid_url_suffix": "google.co.jp"
+    "base_lat": 35.6812,
+    "base_lon": 139.7671,
+    "lang_params": "hl=ja&gl=JP",
+    "valid_url_suffix": "com" 
+  },
+  "trust_module": {
+    "white_urls": [
+      "https://ja.wikipedia.org/wiki/Special:Random",
+      "https://www.yahoo.co.jp/",
+      "https://www.rakuten.co.jp/",
+      "https://www.nhk.or.jp/",
+      "kakaku.com/",
+      "https://www.goo.ne.jp/",
+      "https://www.amazon.co.jp/"
+    ]
   }
 }

data/regions/US.json

@@ -1,10 +1,20 @@
 {
-  "region_code": "US",
-  "region_name": "美国 (美西洛杉矶)",
+  "region_name": "美国 (美西)",
   "google_module": {
     "base_lat": 34.0522,
     "base_lon": -118.2437,
-    "lang_params": "hl=en&gl=us&ceid=US:en",
-    "valid_url_suffix": "google.com"
+    "lang_params": "hl=en&gl=US",
+    "valid_url_suffix": "com"
+  },
+  "trust_module": {
+    "white_urls": [
+      "https://en.wikipedia.org/wiki/Special:Random",
+      "https://www.yahoo.com/",
+      "https://www.target.com/",
+      "https://www.npr.org/",
+      "https://www.weather.com/",
+      "https://www.amazon.com/",
+      "https://www.cdc.gov/"
+    ]
   }
 }

master/tg_master.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 # ==========================================================
-# 脚本名称: tg_master.sh (Master 端调度枢纽)
-# 核心功能: 监听 TG、操作 SQLite、向 Agent 发送多维 Webhook 指令
+# 脚本名称: tg_master.sh (Master 端调度枢纽 V2.0 模块化适配版)
+# 核心功能: 监听 TG、操作 SQLite、Webhook 精准调度、403权限拦截、僵尸节点清理
 # ==========================================================
 
 CONF="/opt/ip_sentinel_master/master.conf"
@@ -45,31 +45,39 @@ while true; do
             TEXT=$(echo "$UPDATE" | jq -r '.message.text // .callback_query.data')
 
             # ==========================================
-            # 1. 节点注册通道 (处理 Agent 发来的注册暗号)
-            # 格式: #REGISTER#|<NodeName>|<IP>|<Port>
+            # 1. 节点注册通道
             # ==========================================
             if [[ "$TEXT" == *"#REGISTER#"* ]]; then
-                # 提取包含暗号的那一行，并剔除可能误复制的反引号和空格
                 REG_LINE=$(echo "$TEXT" | grep "#REGISTER#" | head -n 1 | tr -d '\` ')
                 IFS='|' read -r MAGIC NODE_NAME AGENT_IP AGENT_PORT <<< "$REG_LINE"
                 
-                # UPSERT 逻辑
                 db_exec "INSERT INTO nodes (chat_id, node_name, agent_ip, agent_port, last_seen) VALUES ('$CHAT_ID', '$NODE_NAME', '$AGENT_IP', '$AGENT_PORT', CURRENT_TIMESTAMP) ON CONFLICT(chat_id, node_name) DO UPDATE SET agent_ip='$AGENT_IP', agent_port='$AGENT_PORT', last_seen=CURRENT_TIMESTAMP;"
                 send_msg "$CHAT_ID" "✅ 司令部已确认！节点接入成功: \`$NODE_NAME\` ($AGENT_IP:$AGENT_PORT)"
                 continue
             fi
 
             # ==========================================
-            # 2. 交互菜单与下发通道 (主控逻辑)
+            # 2. 交互菜单与下发通道
             # ==========================================
             case "$TEXT" in
                 "/start"|"/menu")
-                    BTNS="[[{\"text\":\"🖥️ 我的节点列表\",\"callback_data\":\"list_nodes\"}], [{\"text\":\"🚀 全节点一键维护\",\"callback_data\":\"all_run\"}]]"
+                    BTNS="[[{\"text\":\"🖥️ 我的节点列表\",\"callback_data\":\"list_nodes\"}], [{\"text\":\"🚀 全节点日报汇总\",\"callback_data\":\"all_reports\"}], [{\"text\":\"🛠️ 全节点一键维护\",\"callback_data\":\"all_run\"}]]"
                     send_ui "$CHAT_ID" "🛡️ **IP-Sentinel 司令部**\n欢迎回来，长官。请下达指令：" "$BTNS"
                     ;;
 
+                "all_reports")
+                    NODE_DATA=$(db_exec "SELECT node_name, agent_ip, agent_port FROM nodes WHERE chat_id='$CHAT_ID';")
+                    if [ -z "$NODE_DATA" ]; then
+                        send_msg "$CHAT_ID" "⚠️ 您名下暂无在线节点。"
+                    else
+                        send_msg "$CHAT_ID" "📢 **司令部指令下达：正在召唤所有哨兵回传简报...**"
+                        echo "$NODE_DATA" | while IFS='|' read -r NNAME AIP APORT; do
+                            curl -s -m 5 "http://${AIP}:${APORT}/trigger_report" > /dev/null &
+                        done
+                    fi
+                    ;;
+
                 "list_nodes")
-                    # 从 SQLite 查询属于该 CHAT_ID 的节点
                     NODE_LIST=$(db_exec "SELECT node_name FROM nodes WHERE chat_id='$CHAT_ID';")
                     if [ -z "$NODE_LIST" ]; then
                         send_msg "$CHAT_ID" "⚠️ 您名下暂无在线节点，请先在边缘机执行部署。"
@@ -85,17 +93,34 @@ while true; do
 
                 manage:*)
                     TARGET_NODE=${TEXT#*:}
-                    # 【升级点】补齐包含 run、log、report 的复合面板菜单
-                    BTNS="[[{\"text\":\"▶️ 执行深度伪装\",\"callback_data\":\"run:$TARGET_NODE\"}, {\"text\":\"📜 查看实时日志\",\"callback_data\":\"log:$TARGET_NODE\"}], [{\"text\":\"📊 索要统计战报\",\"callback_data\":\"report:$TARGET_NODE\"}, {\"text\":\"⬅️ 返回主列表\",\"callback_data\":\"list_nodes\"}]]"
+                    # 【核心升级】拆分下发按钮，精准对应 Google 与 Trust 两个模块，并排版为 3 行 2 列
+                    BTNS="[[{\"text\":\"📍 Google 纠偏\",\"callback_data\":\"google:$TARGET_NODE\"}, {\"text\":\"🛡️ 信用净化\",\"callback_data\":\"trust:$TARGET_NODE\"}], [{\"text\":\"📜 实时日志\",\"callback_data\":\"log:$TARGET_NODE\"}, {\"text\":\"📊 统计战报\",\"callback_data\":\"report:$TARGET_NODE\"}], [{\"text\":\"🗑️ 剔除失联节点\",\"callback_data\":\"del:$TARGET_NODE\"}, {\"text\":\"⬅️ 返回主列表\",\"callback_data\":\"list_nodes\"}]]"
                     send_ui "$CHAT_ID" "⚙️ **目标锁定**: \`$TARGET_NODE\`\n请选择战术动作：" "$BTNS"
                     ;;
 
-                run:*|report:*|log:*)
-                    # 【升级点】合并 Webhook 触发逻辑，智能识别动作类型
+                del:*)
+                    TARGET_NODE=${TEXT#*:}
+                    db_exec "DELETE FROM nodes WHERE chat_id='$CHAT_ID' AND node_name='$TARGET_NODE';"
+                    send_msg "$CHAT_ID" "🗑️ 节点 \`$TARGET_NODE\` 的档案已从司令部彻底销毁！"
+                    
+                    NODE_LIST=$(db_exec "SELECT node_name FROM nodes WHERE chat_id='$CHAT_ID';")
+                    if [ -z "$NODE_LIST" ]; then
+                        send_msg "$CHAT_ID" "⚠️ 当前司令部已无任何节点挂载。"
+                    else
+                        BTNS="["
+                        for N in $NODE_LIST; do
+                            BTNS="$BTNS[{\"text\":\"🖥️ $N\",\"callback_data\":\"manage:$N\"}],"
+                        done
+                        BTNS="${BTNS%,}]"
+                        send_ui "$CHAT_ID" "🔍 刷新后的节点列表：" "$BTNS"
+                    fi
+                    ;;
+
+                # 【核心升级】增加拦截规则，支持 google 和 trust 前缀
+                google:*|trust:*|run:*|report:*|log:*)
                     ACTION_TYPE=$(echo "$TEXT" | cut -d':' -f1)
                     TARGET_NODE=$(echo "$TEXT" | cut -d':' -f2)
                     
-                    # 从 DB 提取 IP 和 Port
                     AGENT_INFO=$(db_exec "SELECT agent_ip, agent_port FROM nodes WHERE chat_id='$CHAT_ID' AND node_name='$TARGET_NODE' LIMIT 1;")
                     AGENT_IP=$(echo "$AGENT_INFO" | cut -d'|' -f1)
                     AGENT_PORT=$(echo "$AGENT_INFO" | cut -d'|' -f2)
@@ -103,15 +128,20 @@ while true; do
                     if [ -n "$AGENT_IP" ] && [ -n "$AGENT_PORT" ]; then
                         send_msg "$CHAT_ID" "⏳ 正在向 \`$TARGET_NODE\` ($AGENT_IP) 下发 [$ACTION_TYPE] 指令，请稍候..."
                         
-                        # 向 Agent 的开放端口发送动态 Webhook 唤醒指令 (如 trigger_run, trigger_log)
+                        # 触发 Webhook
                         RESPONSE=$(curl -s -m 5 "http://${AGENT_IP}:${AGENT_PORT}/trigger_${ACTION_TYPE}" || echo "FAILED")
                         
+                        # 【核心升级】处理 Agent 传回来的 403 拦截状态码
                         if [ "$RESPONSE" == "FAILED" ]; then
                             send_msg "$CHAT_ID" "❌ 指令下发超时或失败！请检查节点公网 IP 或防火墙端口 ($AGENT_PORT) 是否放行。"
+                        elif [[ "$RESPONSE" == *"403"* ]]; then
+                            send_msg "$CHAT_ID" "⚠️ **拒绝执行**：该节点未在本地开启此模块，请检查安装时的配置！"
                         else
-                            # 只有 run 指令需要主控单独回复确认，log 和 report 会由 Agent 直接将内容发到你的 TG
-                            if [ "$ACTION_TYPE" == "run" ]; then
-                                send_msg "$CHAT_ID" "✅ 节点 \`$TARGET_NODE\` 回应: 指令已接收，伪装程序启动。"
+                            # 细化成功提示
+                            if [ "$ACTION_TYPE" == "google" ] || [ "$ACTION_TYPE" == "run" ]; then
+                                send_msg "$CHAT_ID" "✅ 节点 \`$TARGET_NODE\` 回应: 📍 Google 纠偏程序启动。"
+                            elif [ "$ACTION_TYPE" == "trust" ]; then
+                                send_msg "$CHAT_ID" "✅ 节点 \`$TARGET_NODE\` 回应: 🛡️ IP 信用净化程序启动。"
                             fi
                         fi
                     else