{ "task": "HRMS_SECURITY_REGRESSION_SCAN_AFTER_B35_D35_PACK_E33", "generated_at": "2026-06-15T08:26:31Z", "scan_scope": { "explicit_b35_pages": [ "online-assessment-workbench.html", "assessment-task-operational-mvp.html", "assessment-answer-operational-mvp.html", "assessment-result-mapping-operational-mvp.html", "assessment-mvp-workbench.html", "algorithm-talent-review-workbench.html", "hrms-business-experience-product-surface-repair-b35.html" ], "explicit_d35_pages": [ "org-canvas-pro.html", "hrms-org-position-governance-operating-hub.html", "hrms-org-canvas-post-business-effective-surface-repair-d35.html" ], "recent_output_tokens": [ "b33", "b34", "b35", "d33", "d34", "d35" ], "scope_policy": "B35/D35 explicit pages plus recent B33-B35/D33-D35 HTML/JSON/TXT outputs and limited referenced outputs only" }, "scan_file_count": 57, "file_inventory": [ { "path": "/var/www/talent-review/algorithm-talent-review-workbench.html", "scope": "B35 explicit page", "byte_size": 8817, "sha256_12": "2c52215ded97" }, { "path": "/var/www/talent-review/assessment-answer-operational-mvp.html", "scope": "B35 explicit page", "byte_size": 13682, "sha256_12": "069e0484753b" }, { "path": "/var/www/talent-review/assessment-mvp-workbench.html", "scope": "B35 explicit page", "byte_size": 17210, "sha256_12": "2ff26a3c4351" }, { "path": "/var/www/talent-review/assessment-result-mapping-operational-mvp.html", "scope": "B35 explicit page", "byte_size": 12499, "sha256_12": "b721e595d74e" }, { "path": "/var/www/talent-review/assessment-task-operational-mvp.html", "scope": "B35 explicit page", "byte_size": 14947, "sha256_12": "908f90420bee" }, { "path": "/var/www/talent-review/hrms-business-experience-product-surface-repair-b35.html", "scope": "B35 explicit page", "byte_size": 3535, "sha256_12": "98a3286d758a" }, { "path": "/var/www/talent-review/hrms-org-canvas-post-business-effective-surface-repair-d35.html", "scope": "D35 explicit page", "byte_size": 2335, "sha256_12": "71c05c884d0b" }, { "path": "/var/www/talent-review/hrms-org-position-governance-operating-hub.html", "scope": "D35 explicit page", "byte_size": 18297, "sha256_12": "f36179a4b1b2" }, { "path": "/var/www/talent-review/online-assessment-workbench.html", "scope": "B35 explicit page", "byte_size": 8981, "sha256_12": "65474d06c5ba" }, { "path": "/var/www/talent-review/org-canvas-pro.html", "scope": "D35 explicit page", "byte_size": 8633, "sha256_12": "265b14782dc7" }, { "path": "/var/www/talent-review/outputs/assessment_b_line_product_surface_audit_b34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 6319, "sha256_12": "9077e4bece35" }, { "path": "/var/www/talent-review/outputs/assessment_b_line_product_surface_gap_list_b34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 3385, "sha256_12": "e63131ab2b13" }, { "path": "/var/www/talent-review/outputs/assessment_b_line_product_surface_sync_repair_plan_b34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 959, "sha256_12": "7fb13c450be2" }, { "path": "/var/www/talent-review/outputs/assessment_real_user_b33_next_gate_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 371, "sha256_12": "c4037afcf481" }, { "path": "/var/www/talent-review/outputs/assessment_real_user_validation_algorithm_shadow_input_preview_b33_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 2264, "sha256_12": "53e58b1e81f9" }, { "path": "/var/www/talent-review/outputs/assessment_real_user_validation_algorithm_shadow_output_preview_b33_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1121, "sha256_12": "b8835f8ba3d3" }, { "path": "/var/www/talent-review/outputs/assessment_real_user_validation_algorithm_shadow_preview_b33_execution_policy_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 474, "sha256_12": "8dc51ccdc488" }, { "path": "/var/www/talent-review/outputs/assessment_real_user_validation_algorithm_shadow_preview_b33_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 270, "sha256_12": "85c863258ffd" }, { "path": "/var/www/talent-review/outputs/assessment_real_user_validation_algorithm_shadow_preview_b33_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1028, "sha256_12": "2040d4ad582d" }, { "path": "/var/www/talent-review/outputs/assessment_real_user_validation_algorithm_shadow_preview_b33_zero_execution_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 2068, "sha256_12": "f36bbc327f03" }, { "path": "/var/www/talent-review/outputs/assessment_shadow_preview_review_and_product_surface_sync_audit_b34_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1164, "sha256_12": "a32f0213effd" }, { "path": "/var/www/talent-review/outputs/assessment_shadow_preview_review_b34_b33_review_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1414, "sha256_12": "cd70cd4b1d89" }, { "path": "/var/www/talent-review/outputs/assessment_shadow_preview_review_b34_next_gate_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 390, "sha256_12": "66ccc0fcbcbf" }, { "path": "/var/www/talent-review/outputs/assessment_shadow_preview_review_b34_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 270, "sha256_12": "2b9dfaa6ad96" }, { "path": "/var/www/talent-review/outputs/assessment_shadow_preview_review_b34_zero_based_user_ux_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 344, "sha256_12": "c950d932a37b" }, { "path": "/var/www/talent-review/outputs/assessment_shadow_preview_review_b34_zero_write_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 2036, "sha256_12": "2700e496134d" }, { "path": "/var/www/talent-review/outputs/hrms_business_experience_product_surface_repair_b35_before_after_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 5016, "sha256_12": "77663a252d5f" }, { "path": "/var/www/talent-review/outputs/hrms_business_experience_product_surface_repair_b35_next_gate_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 361, "sha256_12": "f4a409b66188" }, { "path": "/var/www/talent-review/outputs/hrms_business_experience_product_surface_repair_b35_page_quality_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 337, "sha256_12": "e5753e355c8d" }, { "path": "/var/www/talent-review/outputs/hrms_business_experience_product_surface_repair_b35_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 232, "sha256_12": "715f90d4b44e" }, { "path": "/var/www/talent-review/outputs/hrms_business_experience_product_surface_repair_b35_status_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 589, "sha256_12": "ea140198007f" }, { "path": "/var/www/talent-review/outputs/hrms_business_experience_product_surface_repair_b35_summary_v1.json", "scope": "referenced B33-B35/D33-D35 output", "byte_size": 2068, "sha256_12": "aa9c2239bb03" }, { "path": "/var/www/talent-review/outputs/hrms_business_experience_product_surface_repair_b35_url_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1824, "sha256_12": "c71c56ed788d" }, { "path": "/var/www/talent-review/outputs/hrms_org_canvas_post_business_effective_hrms_feishu_boundary_d35_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 354, "sha256_12": "1deaf9b18c2e" }, { "path": "/var/www/talent-review/outputs/hrms_org_canvas_post_business_effective_surface_repair_before_after_d35_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1994, "sha256_12": "2a7f8388b28e" }, { "path": "/var/www/talent-review/outputs/hrms_org_canvas_post_business_effective_surface_repair_d35_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 8456, "sha256_12": "6302d323f3c5" }, { "path": "/var/www/talent-review/outputs/hrms_org_canvas_post_business_effective_surface_repair_quality_d35_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1026, "sha256_12": "2f7ead452907" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_d33_next_gate_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 279, "sha256_12": "b277da902004" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_d33_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 328, "sha256_12": "9d4a985bba93" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_d34_next_gate_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 297, "sha256_12": "41d9a11fede3" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_d34_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 328, "sha256_12": "9d4a985bba93" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_d35_next_gate_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 293, "sha256_12": "9a6caed80acc" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_d35_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 328, "sha256_12": "9d4a985bba93" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_group_draft_hrms_only_business_effective_apply_review_d33_employee_binding_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1080, "sha256_12": "fe071f520713" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_group_draft_hrms_only_business_effective_apply_review_d33_item_review_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1076, "sha256_12": "83c23cf1ab71" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_group_draft_hrms_only_business_effective_apply_review_d33_rollback_readiness_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 213, "sha256_12": "94678e3cb4dc" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_group_draft_hrms_only_business_effective_apply_review_d33_row_count_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1818, "sha256_12": "f7ea94b3eeba" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_group_draft_hrms_only_business_effective_apply_review_d33_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 9083, "sha256_12": "88dc013fe0ee" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_group_draft_hrms_only_business_effective_apply_review_d33_zero_external_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 645, "sha256_12": "ff85d0c0d523" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_binding_review_d34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 898, "sha256_12": "b4b6f7cfcddd" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_item_review_d34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 904, "sha256_12": "5af0a6cbf8cb" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_org_canvas_review_d34_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 26674, "sha256_12": "0af408108e29" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_surface_audit_d34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 55798, "sha256_12": "a85ed11cf98a" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_surface_gap_list_d34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 18197, "sha256_12": "6a50fc7f1e90" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_surface_repair_plan_d34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 1704, "sha256_12": "4fae71889358" }, { "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_zero_based_hr_ux_d34_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 409, "sha256_12": "8037763e8d06" }, { "path": "/var/www/talent-review/outputs/hrms_security_regression_scan_after_b35_d35_e33_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "byte_size": 22834, "sha256_12": "1b8619cb0f34" } ], "risk_counts": { "high": 0, "medium": 0, "low": 9 }, "risk_total": 9, "risks_masked": [ { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/assessment_shadow_preview_review_b34_b33_review_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 14, "snippet": "_source_linkage_only\": true, \"raw_answer_payload_absent\": true, \"sensitive_ide" }, { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/hrms_org_canvas_post_business_effective_surface_repair_d35_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 159, "snippet": "ields_publicly_output\": false, \"token_or_secret_publicly_output\": false, " }, { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/hrms_org_position_d33_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 4, "snippet": "_fields_publicly_output\": false, \"token_or_secret_publicly_output\": false, " }, { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/hrms_org_position_d34_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 4, "snippet": "_fields_publicly_output\": false, \"token_or_secret_publicly_output\": false, " }, { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/hrms_org_position_d35_privacy_validation_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 4, "snippet": "_fields_publicly_output\": false, \"token_or_secret_publicly_output\": false, " }, { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/hrms_org_position_group_draft_hrms_only_business_effective_apply_review_d33_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 220, "snippet": "ields_publicly_output\": false, \"token_or_secret_publicly_output\": false, " }, { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_org_canvas_review_d34_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 557, "snippet": "ields_publicly_output\": false, \"token_or_secret_publicly_output\": false, " }, { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/hrms_org_position_post_business_effective_surface_audit_d34_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 1030, "snippet": " { \"page\": \"/hrms-feishu-app-secret-rotation-runtime-validation.html\", " }, { "severity": "low", "category": "field_name_or_metadata_only", "path": "/var/www/talent-review/outputs/hrms_security_regression_scan_after_b35_d35_e33_summary_v1.json", "scope": "recent B33-B35/D33-D35 output", "line": 19, "snippet": "d35.html\" ], \"recent_output_tokens\": [ \"b33\", \"b34\", " } ], "blocks_c33_shared_entry_integration": false, "b35_privacy_review": { "raw_answer_payload_public": "pass", "shadow_preview_as_formal_talent_conclusion": "pass" }, "d35_privacy_feishu_boundary_review": { "employee_sensitive_fields": "pass", "misleading_feishu_effective_claim": "pass" }, "redline_touched": { "wrote_db": false, "modified_business_data": false, "deleted_files": false, "executed_rollback": false, "called_feishu_api": false, "wrote_back_feishu": false, "restarted_service": false, "output_sensitive_values": false, "touched_redline": false }, "recommendations": [], "next_gate": "C33_SHARED_ENTRY_INTEGRATION_NOT_BLOCKED", "url_regression": { "checked": 12, "ok_200": 12, "failed": [], "results": [ { "url": "https://hrms.yuechongjia.com/online-assessment-workbench.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/online-assessment-workbench.html" }, { "url": "https://hrms.yuechongjia.com/assessment-task-operational-mvp.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/assessment-task-operational-mvp.html" }, { "url": "https://hrms.yuechongjia.com/assessment-answer-operational-mvp.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/assessment-answer-operational-mvp.html" }, { "url": "https://hrms.yuechongjia.com/assessment-result-mapping-operational-mvp.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/assessment-result-mapping-operational-mvp.html" }, { "url": "https://hrms.yuechongjia.com/assessment-mvp-workbench.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/assessment-mvp-workbench.html" }, { "url": "https://hrms.yuechongjia.com/algorithm-talent-review-workbench.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/algorithm-talent-review-workbench.html" }, { "url": "https://hrms.yuechongjia.com/hrms-business-experience-product-surface-repair-b35.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/hrms-business-experience-product-surface-repair-b35.html" }, { "url": "https://hrms.yuechongjia.com/org-canvas-pro.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/org-canvas-pro.html" }, { "url": "https://hrms.yuechongjia.com/hrms-org-position-governance-operating-hub.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/hrms-org-position-governance-operating-hub.html" }, { "url": "https://hrms.yuechongjia.com/hrms-org-canvas-post-business-effective-surface-repair-d35.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/hrms-org-canvas-post-business-effective-surface-repair-d35.html" }, { "url": "https://hrms.yuechongjia.com/hrms-security-regression-scan-after-b35-d35-e33.html", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/hrms-security-regression-scan-after-b35-d35-e33.html" }, { "url": "https://hrms.yuechongjia.com/outputs/hrms_security_regression_scan_after_b35_d35_e33_summary_v1.json", "status_code": 200, "effective_url": "https://hrms.yuechongjia.com/outputs/hrms_security_regression_scan_after_b35_d35_e33_summary_v1.json" } ] } }