{ "task": "HRMS_FEISHU_READONLY_TOKEN_CACHE_REFRESH_PREP_PACK_Z5B", "generated_at": "2026-06-03T16:50:27+08:00", "readiness_endpoint_diagnosis": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/readiness", "path": "/api/feishu-readonly-snapshot/readiness", "status": 200, "ok": true, "content_type": "application/json", "json": { "ok": true, "provider_installed": true, "safety_scanner_installed": true, "token_cache_status": "token_cache_expired", "token_metadata_status": "token_cache_expired", "token_cache_detail": { "cache_exists": true, "cache_source": "feishu_tenant_token_cache", "token_type": "", "expires_at": "2026-05-12T15:49:49.701271+08:00", "ttl_seconds": -1904437, "readonly_scope_declared": true, "write_scope_detected": false, "last_refresh_at": "2026-05-12 14:16:38.701305+08:00", "provider_usable": false, "token_cache_status": "token_cache_expired", "token_metadata_status": "token_cache_expired", "metadata_rows_checked": 3, "token_value_read": "[REDACTED]", "token_value_output": "[REDACTED]", "secret_read": "[REDACTED]", "feishu_api_call": false, "reason": "metadata validated without reading token value" }, "client_handle": { "provider_installed": true, "status": "token_cache_expired", "token_value_exposed": "[REDACTED]", "secret_read": "[REDACTED]", "token_output": false, "feishu_api_call": false, "reason": "metadata validated without reading token value" }, "snapshot_schema_ready": true, "snapshot_schema": { "snapshot_schema_ready": true, "tables": { "feishu_readonly_snapshot_runs": true, "feishu_user_snapshots": true, "feishu_department_snapshots": true }, "data_write": false, "checked_at": "2026-06-03T08:50:27.746243+00:00" }, "write_endpoint_risk_status": "[REDACTED_LIKE_CREDENTIAL]", "safety_scan": { "write_endpoint_risk_status": "[REDACTED_LIKE_CREDENTIAL]", "findings": [ { "file": "backend/services/feishu_readonly_directory_client.py", "line": 16, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"PATCH\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 17, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"POST\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 18, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"PUT\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 19, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"DELETE\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 22, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"/writeback\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 23, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"/users/batch\"," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 101, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": False," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 111, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"denylist\": [\"user update\", \"department update\", \"writeback\", \"any write API\"]," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 114, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"mapping_job_production_writeback_boundaries\": {" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 118, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": \"separate approval\"" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 131, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"would_not_write\": [\"feishu_department_mappings\", \"feishu_writeback_jobs\", \"employees\", \"departments\", \"positions\", \"org_change_drafts\"]," }, { "file": "backend/routers/feishu_org_snapshot_cache.py", "line": 396, "classification": "legacy_isolated", "risk_level": "medium", "context": "legacy_router_context", "preview": "@router.post(\"/run\")" } ], "high_risk_count": 0, "legacy_isolated_count": 1, "false_positive_count": 11, "unknown_count": 0, "secret_read": "[REDACTED]", "token_output": false }, "can_enter_refresh_retry_approval": false, "hard_blocks": [ "token_cache_expired" ], "warnings": [ "write endpoint risk is classified as non-executable or legacy isolated" ], "feishu_api_call": false, "secret_read": "[REDACTED]", "token_output": false, "data_write": false, "refresh_executed": false, "snapshot_refreshed": false, "mapping_created": false, "job_created": false, "production_writeback": false, "next_gate": "[REDACTED_LIKE_CREDENTIAL]" } }, "contract_endpoint_diagnosis": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/contract", "path": "/api/feishu-readonly-snapshot/contract", "status": 200, "ok": true, "content_type": "application/json", "json": { "ok": true, "mode": "readonly_contract", "readiness": { "ok": true, "provider_installed": true, "safety_scanner_installed": true, "token_cache_status": "token_cache_expired", "token_metadata_status": "token_cache_expired", "token_cache_detail": { "cache_exists": true, "cache_source": "feishu_tenant_token_cache", "token_type": "", "expires_at": "2026-05-12T15:49:49.701271+08:00", "ttl_seconds": -1904438, "readonly_scope_declared": true, "write_scope_detected": false, "last_refresh_at": "2026-05-12 14:16:38.701305+08:00", "provider_usable": false, "token_cache_status": "token_cache_expired", "token_metadata_status": "token_cache_expired", "metadata_rows_checked": 3, "token_value_read": "[REDACTED]", "token_value_output": "[REDACTED]", "secret_read": "[REDACTED]", "feishu_api_call": false, "reason": "metadata validated without reading token value" }, "client_handle": { "provider_installed": true, "status": "token_cache_expired", "token_value_exposed": "[REDACTED]", "secret_read": "[REDACTED]", "token_output": false, "feishu_api_call": false, "reason": "metadata validated without reading token value" }, "snapshot_schema_ready": true, "snapshot_schema": { "snapshot_schema_ready": true, "tables": { "feishu_readonly_snapshot_runs": true, "feishu_user_snapshots": true, "feishu_department_snapshots": true }, "data_write": false, "checked_at": "2026-06-03T08:50:28.176874+00:00" }, "write_endpoint_risk_status": "[REDACTED_LIKE_CREDENTIAL]", "safety_scan": { "write_endpoint_risk_status": "[REDACTED_LIKE_CREDENTIAL]", "findings": [ { "file": "backend/services/feishu_readonly_directory_client.py", "line": 16, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"PATCH\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 17, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"POST\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 18, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"PUT\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 19, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"DELETE\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 22, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"/writeback\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 23, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"/users/batch\"," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 101, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": False," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 111, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"denylist\": [\"user update\", \"department update\", \"writeback\", \"any write API\"]," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 114, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"mapping_job_production_writeback_boundaries\": {" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 118, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": \"separate approval\"" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 131, "classification": "[REDACTED_LIKE_CREDENTIAL]", "risk_level": "low", "context": "literal_context", "preview": "\"would_not_write\": [\"feishu_department_mappings\", \"feishu_writeback_jobs\", \"employees\", \"departments\", \"positions\", \"org_change_drafts\"]," }, { "file": "backend/routers/feishu_org_snapshot_cache.py", "line": 396, "classification": "legacy_isolated", "risk_level": "medium", "context": "legacy_router_context", "preview": "@router.post(\"/run\")" } ], "high_risk_count": 0, "legacy_isolated_count": 1, "false_positive_count": 11, "unknown_count": 0, "secret_read": "[REDACTED]", "token_output": false }, "can_enter_refresh_retry_approval": false, "hard_blocks": [ "token_cache_expired" ], "warnings": [ "write endpoint risk is classified as non-executable or legacy isolated" ], "feishu_api_call": false, "secret_read": "[REDACTED]", "token_output": false, "data_write": false, "refresh_executed": false, "snapshot_refreshed": false, "mapping_created": false, "job_created": false, "production_writeback": false, "next_gate": "[REDACTED_LIKE_CREDENTIAL]" }, "request_contract": { "readonly_only": true, "users_preview": { "method": "GET", "url": "https://open.feishu.cn/open-apis/contact/v3/users/find_by_department?department_id=0&page_size=50", "endpoint_allowed": true, "executable": false, "feishu_api_call": false, "token_output": false }, "departments_preview": { "method": "GET", "url": "https://open.feishu.cn/open-apis/contact/v3/departments/0/children?page_size=50", "endpoint_allowed": true, "executable": false, "feishu_api_call": false, "token_output": false }, "allowlist": [ "GET contact users readonly", "GET contact departments readonly" ], "denylist": [ "user update", "department update", "writeback", "any write API" ], "token_not_returned": true, "refresh_requires_separate_approval": true, "mapping_job_production_writeback_boundaries": { "snapshot_refresh": "readonly data capture only", "mapping_apply": "separate approval", "job_register": "separate approval", "production_writeback": "separate approval" }, "feishu_api_call": false, "data_write": false, "token_output": false }, "refresh_preview": { "dry_run": true, "preview_only": true, "execution_enabled": false, "would_write_tables": [ "feishu_readonly_snapshot_runs", "feishu_user_snapshots", "feishu_department_snapshots" ], "would_not_write": [ "feishu_department_mappings", "feishu_writeback_jobs", "employees", "departments", "positions", "org_change_drafts" ], "feishu_api_call": false, "data_write": false, "secret_read": "[REDACTED]", "token_output": false }, "feishu_api_call": false, "secret_read": "[REDACTED]", "token_output": false, "data_write": false, "refresh_executed": false } }, "token_type_judgement": "tenant_access_token", "token_cache_metadata_readiness": false, "token_provider_readiness": false, "expires_at": "2026-05-12T15:49:49.701271+08:00", "expiry_status": "expired_or_unusable", "ttl_seconds": -1904437, "cache_source": "feishu_tenant_token_cache", "required_scope_readiness": true, "app_install_permission_readiness": true, "precise_provider_unusable_reasons": [ "token_expired", "provider_unusable", "env_presence_not_confirmed_in_codex_shell_context" ], "token_or_secret_output": false, "safe_token_cache_table_metadata": [ { "table": "feishu_department_snapshots", "safe_columns_selected": [ "created_at", "updated_at" ], "read_ok": true, "safe_rows": [] }, { "table": "feishu_readonly_snapshot_runs", "safe_columns_selected": [ "created_at", "updated_at" ], "read_ok": true, "safe_rows": [] }, { "table": "feishu_user_mappings", "safe_columns_selected": [ "created_at", "updated_at" ], "read_ok": true, "safe_rows": [] }, { "table": "feishu_user_snapshots", "safe_columns_selected": [ "created_at", "updated_at" ], "read_ok": true, "safe_rows": [] } ], "token_related_table_inventory": [ { "schema": "public", "table": "feishu_department_snapshots", "row_count": 0, "columns": [ { "column": "department_snapshot_id", "type": "text" }, { "column": "snapshot_run_id", "type": "text" }, { "column": "tenant_id", "type": "text" }, { "column": "company_key", "type": "text" }, { "column": "source_system", "type": "text" }, { "column": "source_run_id", "type": "text" }, { "column": "contract_version", "type": "text" }, { "column": "data_version", "type": "text" }, { "column": "feishu_department_id", "type": "text" }, { "column": "parent_feishu_department_id", "type": "text" }, { "column": "department_name_masked", "type": "text" }, { "column": "department_order", "type": "integer" }, { "column": "status", "type": "text" }, { "column": "mapping_status", "type": "text" }, { "column": "raw_payload_private", "type": "jsonb" }, { "column": "sanitized_payload_public", "type": "jsonb" }, { "column": "counts_metadata", "type": "jsonb" }, { "column": "downstream_department_ref", "type": "text" }, { "column": "downstream_staging_ref", "type": "text" }, { "column": "snapshot_at", "type": "timestamp with time zone" }, { "column": "audit_id", "type": "text" }, { "column": "rollback_ref", "type": "text" }, { "column": "metadata", "type": "jsonb" }, { "column": "created_by", "type": "text" }, { "column": "created_at", "type": "timestamp with time zone" }, { "column": "updated_by", "type": "text" }, { "column": "updated_at", "type": "timestamp with time zone" } ] }, { "schema": "public", "table": "feishu_readonly_snapshot_runs", "row_count": 0, "columns": [ { "column": "snapshot_run_id", "type": "text" }, { "column": "tenant_id", "type": "text" }, { "column": "company_key", "type": "text" }, { "column": "source_system", "type": "text" }, { "column": "source_run_id", "type": "text" }, { "column": "contract_version", "type": "text" }, { "column": "data_version", "type": "text" }, { "column": "run_status", "type": "text" }, { "column": "trigger_mode", "type": "text" }, { "column": "readonly_scope_names", "type": "jsonb" }, { "column": "token_metadata", "type": "jsonb" }, { "column": "requested_counts", "type": "jsonb" }, { "column": "result_counts", "type": "jsonb" }, { "column": "snapshot_started_at", "type": "timestamp with time zone" }, { "column": "snapshot_completed_at", "type": "timestamp with time zone" }, { "column": "snapshot_at", "type": "timestamp with time zone" }, { "column": "error_summary", "type": "text" }, { "column": "downstream_staging_ref", "type": "text" }, { "column": "audit_id", "type": "text" }, { "column": "rollback_ref", "type": "text" }, { "column": "metadata", "type": "jsonb" }, { "column": "created_by", "type": "text" }, { "column": "created_at", "type": "timestamp with time zone" }, { "column": "updated_by", "type": "text" }, { "column": "updated_at", "type": "timestamp with time zone" } ] }, { "schema": "public", "table": "feishu_user_mappings", "row_count": 0, "columns": [ { "column": "feishu_user_mapping_id", "type": "text" }, { "column": "tenant_id", "type": "text" }, { "column": "company_key", "type": "text" }, { "column": "employee_id", "type": "text" }, { "column": "permission_subject_id", "type": "text" }, { "column": "feishu_user_id", "type": "text" }, { "column": "feishu_open_id", "type": "text" }, { "column": "feishu_union_id", "type": "text" }, { "column": "feishu_department_id", "type": "text" }, { "column": "mapping_status", "type": "text" }, { "column": "writeback_allowed", "type": "boolean" }, { "column": "dry_run_only", "type": "boolean" }, { "column": "sensitive_payload_ref", "type": "text" }, { "column": "data_version", "type": "text" }, { "column": "source_asset_ref", "type": "text" }, { "column": "audit_id", "type": "text" }, { "column": "rollback_ref", "type": "text" }, { "column": "metadata", "type": "jsonb" }, { "column": "created_by", "type": "text" }, { "column": "created_at", "type": "timestamp with time zone" }, { "column": "updated_by", "type": "text" }, { "column": "updated_at", "type": "timestamp with time zone" } ] }, { "schema": "public", "table": "feishu_user_snapshots", "row_count": 0, "columns": [ { "column": "user_snapshot_id", "type": "text" }, { "column": "snapshot_run_id", "type": "text" }, { "column": "tenant_id", "type": "text" }, { "column": "company_key", "type": "text" }, { "column": "source_system", "type": "text" }, { "column": "source_run_id", "type": "text" }, { "column": "contract_version", "type": "text" }, { "column": "data_version", "type": "text" }, { "column": "feishu_user_id", "type": "text" }, { "column": "feishu_open_id_private_ref", "type": "text" }, { "column": "feishu_union_id_private_ref", "type": "text" }, { "column": "employee_no", "type": "text" }, { "column": "user_name_masked", "type": "text" }, { "column": "primary_feishu_department_id", "type": "text" }, { "column": "manager_feishu_user_id", "type": "text" }, { "column": "employment_status", "type": "text" }, { "column": "status", "type": "text" }, { "column": "mapping_status", "type": "text" }, { "column": "raw_payload_private", "type": "jsonb" }, { "column": "sanitized_payload_public", "type": "jsonb" }, { "column": "counts_metadata", "type": "jsonb" }, { "column": "downstream_employee_ref", "type": "text" }, { "column": "downstream_permission_subject_ref", "type": "text" }, { "column": "downstream_feishu_mapping_ref", "type": "text" }, { "column": "downstream_staging_ref", "type": "text" }, { "column": "snapshot_at", "type": "timestamp with time zone" }, { "column": "audit_id", "type": "text" }, { "column": "rollback_ref", "type": "text" }, { "column": "metadata", "type": "jsonb" }, { "column": "created_by", "type": "text" }, { "column": "created_at", "type": "timestamp with time zone" }, { "column": "updated_by", "type": "text" }, { "column": "updated_at", "type": "timestamp with time zone" } ] } ] }