{ "task": "HRMS_FEISHU_READONLY_TOKEN_PROVIDER_AND_REFRESH_ENDPOINT_BLOCKER_REVIEW_PACK_Z5A", "generated_at": "2026-06-03T16:41:11+08:00", "router_scan": { "path": "/root/.openclaw/workspace/talent-review-system/backend/routers/feishu_readonly_snapshot.py", "exists": true, "routes": [ { "method": "GET", "path": "/readiness" }, { "method": "GET", "path": "/contract" } ], "functions": [ "readiness", "contract" ], "contains_refresh_term": true, "contains_dry_run_term": false }, "refresh_service_scan": { "path": "/root/.openclaw/workspace/talent-review-system/backend/services/feishu_snapshot_refresh_service.py", "exists": true, "classes": [ "FeishuSnapshotRefreshService" ], "functions": [ "_now_iso", "_table_exists", "snapshot_schema_status", "__init__", "readiness", "request_contract", "refresh_preview", "sanitize" ], "callable_refresh_candidates": [ "snapshot_schema_status", "refresh_preview" ], "contains_db_write_words": true, "contains_feishu_write_words": true, "contains_privacy_terms": true }, "directory_client_scan": { "path": "/root/.openclaw/workspace/talent-review-system/backend/services/feishu_readonly_directory_client.py", "exists": true, "classes": [ "ReadonlyRequestPreview", "FeishuReadonlyDirectoryClient" ], "functions": [ "public", "__init__", "is_readonly_endpoint", "build_request_preview", "list_users_preview", "list_departments_preview", "sanitize_error" ], "callable_refresh_candidates": [], "contains_db_write_words": true, "contains_feishu_write_words": true, "contains_privacy_terms": true }, "refresh_service_callable_readiness": true, "refresh_endpoint_exists_any": false, "refresh_dry_run_endpoint_readiness": false, "endpoint_probe_results": { "/api/feishu-readonly-snapshot/readiness": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/readiness", "path": "/api/feishu-readonly-snapshot/readiness", "status": 200, "ok": true, "content_type": "application/json", "json": { "ok": true, "provider_installed": true, "safety_scanner_installed": true, "token_cache_status": "token_cache_expired", "token_metadata_status": "token_cache_expired", "token_cache_detail": { "cache_exists": true, "cache_source": "feishu_tenant_token_cache", "token_type": "", "expires_at": "2026-05-12T15:49:49.701271+08:00", "ttl_seconds": -1903882, "readonly_scope_declared": true, "write_scope_detected": false, "last_refresh_at": "2026-05-12 14:16:38.701305+08:00", "provider_usable": false, "token_cache_status": "token_cache_expired", "token_metadata_status": "token_cache_expired", "metadata_rows_checked": 3, "token_value_read": false, "token_value_output": false, "secret_read": "[REDACTED]", "feishu_api_call": false, "reason": "metadata validated without reading token value" }, "client_handle": { "provider_installed": true, "status": "token_cache_expired", "token_value_exposed": false, "secret_read": "[REDACTED]", "token_output": false, "feishu_api_call": false, "reason": "metadata validated without reading token value" }, "snapshot_schema_ready": true, "snapshot_schema": { "snapshot_schema_ready": true, "tables": { "feishu_readonly_snapshot_runs": true, "feishu_user_snapshots": true, "feishu_department_snapshots": true }, "data_write": false, "checked_at": "2026-06-03T08:41:12.269688+00:00" }, "write_endpoint_risk_status": "[REDACTED_LIKE_CREDENTIAL]", "safety_scan": { "write_endpoint_risk_status": "[REDACTED_LIKE_CREDENTIAL]", "findings": [ { "file": "backend/services/feishu_readonly_directory_client.py", "line": 16, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"PATCH\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 17, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"POST\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 18, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"PUT\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 19, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"DELETE\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 22, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"/writeback\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 23, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"/users/batch\"," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 101, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": False," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 111, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"denylist\": [\"user update\", \"department update\", \"writeback\", \"any write API\"]," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 114, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"mapping_job_production_writeback_boundaries\": {" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 118, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": \"separate approval\"" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 131, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"would_not_write\": [\"feishu_department_mappings\", \"feishu_writeback_jobs\", \"employees\", \"departments\", \"positions\", \"org_change_drafts\"]," }, { "file": "backend/routers/feishu_org_snapshot_cache.py", "line": 396, "classification": "legacy_isolated", "risk_level": "medium", "context": "legacy_router_context", "preview": "@router.post(\"/run\")" } ], "high_risk_count": 0, "legacy_isolated_count": 1, "false_positive_count": 11, "unknown_count": 0, "secret_read": "[REDACTED]", "token_output": false }, "can_enter_refresh_retry_approval": false, "hard_blocks": [ "token_cache_expired" ], "warnings": [ "write endpoint risk is classified as non-executable or legacy isolated" ], "feishu_api_call": false, "secret_read": "[REDACTED]", "token_output": false, "data_write": false, "refresh_executed": false, "snapshot_refreshed": false, "mapping_created": false, "job_created": false, "production_writeback": false, "next_gate": "[REDACTED_LIKE_CREDENTIAL]" }, "body_len": 4692 }, "/api/feishu-readonly-snapshot/contract": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/contract", "path": "/api/feishu-readonly-snapshot/contract", "status": 200, "ok": true, "content_type": "application/json", "json": { "ok": true, "mode": "readonly_contract", "readiness": { "ok": true, "provider_installed": true, "safety_scanner_installed": true, "token_cache_status": "token_cache_expired", "token_metadata_status": "token_cache_expired", "token_cache_detail": { "cache_exists": true, "cache_source": "feishu_tenant_token_cache", "token_type": "", "expires_at": "2026-05-12T15:49:49.701271+08:00", "ttl_seconds": -1903882, "readonly_scope_declared": true, "write_scope_detected": false, "last_refresh_at": "2026-05-12 14:16:38.701305+08:00", "provider_usable": false, "token_cache_status": "token_cache_expired", "token_metadata_status": "token_cache_expired", "metadata_rows_checked": 3, "token_value_read": false, "token_value_output": false, "secret_read": "[REDACTED]", "feishu_api_call": false, "reason": "metadata validated without reading token value" }, "client_handle": { "provider_installed": true, "status": "token_cache_expired", "token_value_exposed": false, "secret_read": "[REDACTED]", "token_output": false, "feishu_api_call": false, "reason": "metadata validated without reading token value" }, "snapshot_schema_ready": true, "snapshot_schema": { "snapshot_schema_ready": true, "tables": { "feishu_readonly_snapshot_runs": true, "feishu_user_snapshots": true, "feishu_department_snapshots": true }, "data_write": false, "checked_at": "2026-06-03T08:41:12.726578+00:00" }, "write_endpoint_risk_status": "[REDACTED_LIKE_CREDENTIAL]", "safety_scan": { "write_endpoint_risk_status": "[REDACTED_LIKE_CREDENTIAL]", "findings": [ { "file": "backend/services/feishu_readonly_directory_client.py", "line": 16, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"PATCH\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 17, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"POST\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 18, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"PUT\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 19, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"DELETE\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 22, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"/writeback\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 23, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"/users/batch\"," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 101, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": False," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 111, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"denylist\": [\"user update\", \"department update\", \"writeback\", \"any write API\"]," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 114, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"mapping_job_production_writeback_boundaries\": {" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 118, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": \"separate approval\"" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 131, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"would_not_write\": [\"feishu_department_mappings\", \"feishu_writeback_jobs\", \"employees\", \"departments\", \"positions\", \"org_change_drafts\"]," }, { "file": "backend/routers/feishu_org_snapshot_cache.py", "line": 396, "classification": "legacy_isolated", "risk_level": "medium", "context": "legacy_router_context", "preview": "@router.post(\"/run\")" } ], "high_risk_count": 0, "legacy_isolated_count": 1, "false_positive_count": 11, "unknown_count": 0, "secret_read": "[REDACTED]", "token_output": false }, "can_enter_refresh_retry_approval": false, "hard_blocks": [ "token_cache_expired" ], "warnings": [ "write endpoint risk is classified as non-executable or legacy isolated" ], "feishu_api_call": false, "secret_read": "[REDACTED]", "token_output": false, "data_write": false, "refresh_executed": false, "snapshot_refreshed": false, "mapping_created": false, "job_created": false, "production_writeback": false, "next_gate": "[REDACTED_LIKE_CREDENTIAL]" }, "request_contract": { "readonly_only": true, "users_preview": { "method": "GET", "url": "https://open.feishu.cn/open-apis/contact/v3/users/find_by_department?department_id=0&page_size=50", "endpoint_allowed": true, "executable": false, "feishu_api_call": false, "token_output": false }, "departments_preview": { "method": "GET", "url": "https://open.feishu.cn/open-apis/contact/v3/departments/0/children?page_size=50", "endpoint_allowed": true, "executable": false, "feishu_api_call": false, "token_output": false }, "allowlist": [ "GET contact users readonly", "GET contact departments readonly" ], "denylist": [ "user update", "department update", "writeback", "any write API" ], "token_not_returned": true, "refresh_requires_separate_approval": true, "mapping_job_production_writeback_boundaries": { "snapshot_refresh": "readonly data capture only", "mapping_apply": "separate approval", "job_register": "separate approval", "production_writeback": "separate approval" }, "feishu_api_call": false, "data_write": false, "token_output": false }, "refresh_preview": { "dry_run": true, "preview_only": true, "execution_enabled": false, "would_write_tables": [ "feishu_readonly_snapshot_runs", "feishu_user_snapshots", "feishu_department_snapshots" ], "would_not_write": [ "feishu_department_mappings", "feishu_writeback_jobs", "employees", "departments", "positions", "org_change_drafts" ], "feishu_api_call": false, "data_write": false, "secret_read": "[REDACTED]", "token_output": false }, "feishu_api_call": false, "secret_read": "[REDACTED]", "token_output": false, "data_write": false, "refresh_executed": false }, "body_len": 6236 }, "/api/feishu-readonly-snapshot/refresh-dry-run": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/refresh-dry-run", "path": "/api/feishu-readonly-snapshot/refresh-dry-run", "status": 404, "ok": false, "error": "HTTPError" }, "/api/feishu-readonly-snapshot/dry-run": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/dry-run", "path": "/api/feishu-readonly-snapshot/dry-run", "status": 404, "ok": false, "error": "HTTPError" }, "/api/feishu-readonly-snapshot/refresh": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/refresh", "path": "/api/feishu-readonly-snapshot/refresh", "status": 404, "ok": false, "error": "HTTPError" } }, "gap_summary": "Refresh service exists, but no safe callable refresh-dry-run route is currently available." }