{
  "task": "HRMS_FEISHU_READONLY_SNAPSHOT_REFRESH_DRY_RUN_PREP_PACK_Z4",
  "generated_at": "2026-06-03T16:21:12+08:00",
  "privacy_guardrails_ready": true,
  "public_output_rules": {
    "counts_only": true,
    "metadata_only": true,
    "no_raw_employee_detail": true,
    "no_raw_department_detail": true,
    "no_token_or_secret": true,
    "allowed_public_fields": [
      "run_id",
      "status",
      "counts",
      "field_names",
      "schema_version",
      "contract_version",
      "started_at",
      "completed_at",
      "sanitized_error_code",
      "sanitized_summary"
    ],
    "forbidden_public_fields": [
      "open_id",
      "union_id",
      "user_id",
      "email",
      "mobile",
      "name",
      "raw_user_payload",
      "raw_department_payload",
      "tenant_access_token",
      "user_access_token",
      "app_secret"
    ]
  },
  "sensitive_field_handling": {
    "open_id": "DB internal only if needed; never public output",
    "union_id": "DB internal only if needed; never public output",
    "user_id": "DB internal only if needed; never public output",
    "email": "DB internal/private payload only if approved; never public output",
    "mobile": "DB internal/private payload only if approved; never public output",
    "name": "DB internal/private payload only if approved; public output must use counts or masked labels"
  },
  "counts_only_metadata_only_probe_plan": {
    "purpose": "验证 token/scope/app permission/refresh contract，不展示真实人员明细。",
    "allowed_probe_outputs": [
      "reachable",
      "status_code",
      "scope_metadata",
      "count_summary",
      "run_id"
    ],
    "forbidden_probe_outputs": [
      "open_id",
      "union_id",
      "user_id",
      "email",
      "mobile",
      "name",
      "raw_user_payload",
      "raw_department_payload",
      "tenant_access_token",
      "user_access_token",
      "app_secret"
    ],
    "stop_if_probe_requires_raw_detail_output": true,
    "stop_if_probe_writes_token_cache_without_approval": true
  },
  "dry_run_write_scope_next_apply": {
    "will_write_snapshot_tables_in_next_apply": true,
    "allowed_tables": [
      "feishu_readonly_snapshot_runs",
      "feishu_user_snapshots",
      "feishu_department_snapshots"
    ],
    "forbidden_tables": [
      "departments",
      "positions",
      "employees",
      "permission_subjects",
      "employee_role_assignments",
      "feishu_user_mappings",
      "permission_subjects",
      "employee_role_assignments",
      "assessment_assignments",
      "assessment_results",
      "algorithm_outputs"
    ],
    "allowed_public_output": [
      "run_id",
      "status",
      "counts",
      "field_names",
      "schema_version",
      "contract_version",
      "started_at",
      "completed_at",
      "sanitized_error_code",
      "sanitized_summary"
    ],
    "forbidden_public_output": [
      "open_id",
      "union_id",
      "user_id",
      "email",
      "mobile",
      "name",
      "raw_user_payload",
      "raw_department_payload",
      "tenant_access_token",
      "user_access_token",
      "app_secret"
    ],
    "private_db_payload_allowed_next_apply": [
      "DB 内部可承载飞书用户和部门标识字段，但 public 页面/JSON 只能输出脱敏摘要与 counts。",
      "如 refresh service 当前无法做到字段级脱敏，下一步必须停在 privacy guardrail rework。"
    ]
  }
}