{ "metadata": { "generated_at": "2026-06-03T08:00:30.625547+00:00", "stage": "HRMS_FEISHU_READONLY_TOKEN_PERMISSION_CHECK_PACK_Z1" }, "checked_files_tables_endpoints": { "required_files": { "/var/www/talent-review/hrms-feishu-real-user-master-data-sync-prep.html": { "exists": true, "bytes": 5105 }, "/var/www/talent-review/outputs/hrms_feishu_real_user_master_data_sync_prep_summary_v1.json": { "exists": true, "bytes": 4968 }, "/var/www/talent-review/outputs/hrms_feishu_real_user_master_data_readonly_readiness_v1.json": { "exists": true, "bytes": 92213 }, "/var/www/talent-review/outputs/hrms_feishu_to_hrms_master_data_mapping_v1.json": { "exists": true, "bytes": 2244 }, "/var/www/talent-review/outputs/hrms_feishu_real_user_staging_plan_v1.json": { "exists": true, "bytes": 1306 }, "/var/www/talent-review/outputs/hrms_feishu_real_user_sync_next_gate_v1.json": { "exists": true, "bytes": 1324 } }, "scanned_file_count": 300, "db_tables_checked": [ "feishu_readonly_snapshot_runs", "feishu_user_snapshots", "feishu_department_snapshots", "departments", "positions", "employees", "permission_subjects", "employee_role_assignments", "feishu_user_mappings" ], "endpoints_checked": [ "/api/feishu-readonly-snapshot/readiness", "/api/feishu-readonly-snapshot/contract" ] }, "token_provider_readiness": true, "token_cache_metadata_readiness": true, "required_scope_readiness": true, "app_install_permission_readiness": true, "snapshot_table_readiness": false, "readonly_refresh_service_readiness": true, "readiness_endpoint_available": true, "can_enter_snapshot_refresh_dry_run": false, "blocker_summary": "snapshot tables are missing", "next_gate": "FEISHU_READONLY_SNAPSHOT_SCHEMA_GATE", "next_task": "HRMS_FEISHU_READONLY_SNAPSHOT_SCHEMA_PREP_PACK_Z2", "db_read_status": "DB_READ_AVAILABLE", "endpoint_probe": { "/api/feishu-readonly-snapshot/readiness": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/readiness", "http_status": "200", "safe_metadata_only_probe": true, "body_type": "json", "top_level_keys": [ "can_enter_refresh_retry_approval", "client_handle", "data_write", "feishu_api_call", "hard_blocks", "job_created", "mapping_created", "next_gate", "ok", "production_writeback", "provider_installed", "refresh_executed", "safety_scan", "safety_scanner_installed", "secret_read", "snapshot_refreshed", "snapshot_schema", "snapshot_schema_ready", "token_cache_detail", "token_cache_status", "token_metadata_status", "token_output", "warnings", "write_endpoint_risk_status" ], "sanitized_metadata": { "ok": true, "provider_installed": true, "safety_scanner_installed": true, "token_cache_status": "[REDACTED_METADATA_ONLY]", "token_metadata_status": "[REDACTED_METADATA_ONLY]", "token_cache_detail": "[REDACTED_METADATA_ONLY]", "client_handle": { "provider_installed": true, "status": "[REDACTED_METADATA_ONLY]", "token_value_exposed": "[REDACTED_METADATA_ONLY]", "secret_read": "[REDACTED_METADATA_ONLY]", "token_output": "[REDACTED_METADATA_ONLY]", "feishu_api_call": false, "reason": "[REDACTED_METADATA_ONLY]" }, "snapshot_schema_ready": true, "snapshot_schema": { "snapshot_schema_ready": true, "tables": { "feishu_readonly_snapshot_runs": true, "feishu_user_snapshots": true, "feishu_department_snapshots": true }, "data_write": false, "checked_at": "2026-06-03T08:00:38.649069+00:00" }, "write_endpoint_risk_status": "false_positive_from_denylist_literals", "safety_scan": { "write_endpoint_risk_status": "false_positive_from_denylist_literals", "findings": [ { "file": "backend/services/feishu_readonly_directory_client.py", "line": 16, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"PATCH\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 17, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"POST\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 18, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"PUT\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 19, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"DELETE\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 22, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"/writeback\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 23, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"/users/batch\"," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 101, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": False," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 111, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"denylist\": [\"user update\", \"department update\", \"writeback\", \"any write API\"]," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 114, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"mapping_job_production_writeback_boundaries\": {" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 118, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": \"separate approval\"" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 131, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"would_not_write\": [\"feishu_department_mappings\", \"feishu_writeback_jobs\", \"employees\", \"departments\", \"positions\", \"org_change_drafts\"]," }, { "file": "backend/routers/feishu_org_snapshot_cache.py", "line": 396, "classification": "legacy_isolated", "risk_level": "medium", "context": "legacy_router_context", "preview": "@router.post(\"/run\")" } ], "high_risk_count": 0, "legacy_isolated_count": 1, "false_positive_count": 11, "unknown_count": 0, "secret_read": "[REDACTED_METADATA_ONLY]", "token_output": "[REDACTED_METADATA_ONLY]" }, "can_enter_refresh_retry_approval": false, "hard_blocks": [ "[REDACTED_METADATA_ONLY]" ], "warnings": [ "write endpoint risk is classified as non-executable or legacy isolated" ], "feishu_api_call": false, "secret_read": "[REDACTED_METADATA_ONLY]", "token_output": "[REDACTED_METADATA_ONLY]", "data_write": false, "refresh_executed": false, "snapshot_refreshed": false, "mapping_created": false, "job_created": false, "production_writeback": false, "next_gate": "[REDACTED_METADATA_ONLY]" } }, "/api/feishu-readonly-snapshot/contract": { "url": "https://hrms.yuechongjia.com/api/feishu-readonly-snapshot/contract", "http_status": "200", "safe_metadata_only_probe": true, "body_type": "json", "top_level_keys": [ "data_write", "feishu_api_call", "mode", "ok", "readiness", "refresh_executed", "refresh_preview", "request_contract", "secret_read", "token_output" ], "sanitized_metadata": { "ok": true, "mode": "readonly_contract", "readiness": { "ok": true, "provider_installed": true, "safety_scanner_installed": true, "token_cache_status": "[REDACTED_METADATA_ONLY]", "token_metadata_status": "[REDACTED_METADATA_ONLY]", "token_cache_detail": "[REDACTED_METADATA_ONLY]", "client_handle": { "provider_installed": true, "status": "[REDACTED_METADATA_ONLY]", "token_value_exposed": "[REDACTED_METADATA_ONLY]", "secret_read": "[REDACTED_METADATA_ONLY]", "token_output": "[REDACTED_METADATA_ONLY]", "feishu_api_call": false, "reason": "[REDACTED_METADATA_ONLY]" }, "snapshot_schema_ready": true, "snapshot_schema": { "snapshot_schema_ready": true, "tables": { "feishu_readonly_snapshot_runs": true, "feishu_user_snapshots": true, "feishu_department_snapshots": true }, "data_write": false, "checked_at": "2026-06-03T08:00:39.406793+00:00" }, "write_endpoint_risk_status": "false_positive_from_denylist_literals", "safety_scan": { "write_endpoint_risk_status": "false_positive_from_denylist_literals", "findings": [ { "file": "backend/services/feishu_readonly_directory_client.py", "line": 16, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"PATCH\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 17, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"POST\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 18, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"PUT\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 19, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"DELETE\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 22, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"/writeback\"," }, { "file": "backend/services/feishu_readonly_directory_client.py", "line": 23, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"/users/batch\"," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 101, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": False," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 111, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"denylist\": [\"user update\", \"department update\", \"writeback\", \"any write API\"]," }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 114, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"mapping_job_production_writeback_boundaries\": {" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 118, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"production_writeback\": \"separate approval\"" }, { "file": "backend/services/feishu_snapshot_refresh_service.py", "line": 131, "classification": "false_positive_from_denylist_literals", "risk_level": "low", "context": "literal_context", "preview": "\"would_not_write\": [\"feishu_department_mappings\", \"feishu_writeback_jobs\", \"employees\", \"departments\", \"positions\", \"org_change_drafts\"]," }, { "file": "backend/routers/feishu_org_snapshot_cache.py", "line": 396, "classification": "legacy_isolated", "risk_level": "medium", "context": "legacy_router_context", "preview": "@router.post(\"/run\")" } ], "high_risk_count": 0, "legacy_isolated_count": 1, "false_positive_count": 11, "unknown_count": 0, "secret_read": "[REDACTED_METADATA_ONLY]", "token_output": "[REDACTED_METADATA_ONLY]" }, "can_enter_refresh_retry_approval": false, "hard_blocks": [ "[REDACTED_METADATA_ONLY]" ], "warnings": [ "write endpoint risk is classified as non-executable or legacy isolated" ], "feishu_api_call": false, "secret_read": "[REDACTED_METADATA_ONLY]", "token_output": "[REDACTED_METADATA_ONLY]", "data_write": false, "refresh_executed": false, "snapshot_refreshed": false, "mapping_created": false, "job_created": false, "production_writeback": false, "next_gate": "[REDACTED_METADATA_ONLY]" }, "request_contract": { "readonly_only": true, "users_preview": { "method": "GET", "url": "https://open.feishu.cn/open-apis/contact/v3/users/find_by_department?department_id=0&page_size=50", "endpoint_allowed": true, "executable": false, "feishu_api_call": false, "token_output": "[REDACTED_METADATA_ONLY]" }, "departments_preview": { "method": "GET", "url": "https://open.feishu.cn/open-apis/contact/v3/departments/0/children?page_size=50", "endpoint_allowed": true, "executable": false, "feishu_api_call": false, "token_output": "[REDACTED_METADATA_ONLY]" }, "allowlist": [ "GET contact users readonly", "GET contact departments readonly" ], "denylist": [ "user update", "department update", "writeback", "any write API" ], "token_not_returned": "[REDACTED_METADATA_ONLY]", "refresh_requires_separate_approval": true, "mapping_job_production_writeback_boundaries": { "snapshot_refresh": "readonly data capture only", "mapping_apply": "separate approval", "job_register": "separate approval", "production_writeback": "separate approval" }, "feishu_api_call": false, "data_write": false, "token_output": "[REDACTED_METADATA_ONLY]" }, "refresh_preview": { "dry_run": true, "preview_only": true, "execution_enabled": false, "would_write_tables": [ "feishu_readonly_snapshot_runs", "feishu_user_snapshots", "feishu_department_snapshots" ], "would_not_write": [ "feishu_department_mappings", "feishu_writeback_jobs", "employees", "departments", "positions", "org_change_drafts" ], "feishu_api_call": false, "data_write": false, "secret_read": "[REDACTED_METADATA_ONLY]", "token_output": "[REDACTED_METADATA_ONLY]" }, "feishu_api_call": false, "secret_read": "[REDACTED_METADATA_ONLY]", "token_output": "[REDACTED_METADATA_ONLY]", "data_write": false, "refresh_executed": false } } }, "env_key_names_detected": [ "FEISHU", "LARK", "TOKEN" ], "scope_names_detected": [ "contact:write" ], "secret_values_output": false, "redline_checks": { "token_or_secret_output": false, "credential_output": false, "writes_database": false, "snapshot_refreshed": false, "token_cache_written": false, "real_employee_detail_pulled": false, "real_employee_imported": false, "permission_subject_created": false, "real_assignment_created": false, "feishu_write_api_called": false, "feishu_writeback_executed": false, "active_permission_rule_modified": false, "schema_migration_executed": false, "backend_modified": false, "service_restarted": false, "nginx_systemd_postgresql_modified": false } }