# @Sensitive 标记缺口分析报告

- 时间: 2026-05-08T07:17:59.138Z
- @Auditable 端点总数: 284
- 已标 @Sensitive: 210
- 已标 @Financial: 3
- **启发式判定应敏感但未标: 0**
- 启发式未命中但已标: 108

## 启发式规则

命中以下任一即建议标 `@Sensitive`:

- `verb=DELETE`：删除一律视为敏感
- `auth/credential`：路径或方法名匹配 `/password|reset|token|secret|credential|api[-_]?key/i`
- `bulk/batch`：路径或方法名匹配 `/\b(bulk|batch|mass|all)\b/i`
- `permission/role`：路径或方法名匹配 `/\brole\b|\bpermission\b|data[-_]?scope|\bgrant\b|\brevoke\b|\baccess\b/i`
- `lifecycle`：路径或方法名匹配 `/\block\b|unlock|disable|enable|suspend|activate|archive|restore|deactivate/i`
- `approval/state`：路径或方法名匹配 `/\bapprove\b|\breject\b|\bpublish\b|\btransfer\b|\bmerge\b|\bemergency\b|\bbypass\b|impersonate|sudo/i`

## 缺口（按模块）

## 已标但启发式未命中（信息性，通常不需处理）

| 模块 | Verb | Path | Controller.method |
|---|---|---|---|
| tickets | POST | `/tickets/admin/categories` | TicketAdminController.createCategory |
| tickets | PATCH | `/tickets/admin/categories/:id` | TicketAdminController.updateCategory |
| tickets | POST | `/tickets/admin/groups` | TicketAdminController.createGroup |
| tickets | PATCH | `/tickets/admin/groups/:id` | TicketAdminController.updateGroup |
| tickets | POST | `/tickets/admin/groups/:id/members` | TicketAdminController.addGroupMembers |
| tickets | POST | `/tickets` | TicketsController.create |
| tickets | POST | `/tickets/:id/assign` | TicketsController.assign |
| tickets | POST | `/tickets/:id/watch` | TicketsController.watch |
| parts | POST | `/alerts/acknowledge` | AlertsController.acknowledge |
| parts | POST | `/alerts/resolve` | AlertsController.resolve |
| parts | POST | `/alerts/auto-resolve` | AlertsController.autoResolveFixedAlerts |
| parts | POST | `/parts/columns/configs` | ColumnConfigController.create |
| parts | PUT | `/parts/columns/configs/:id` | ColumnConfigController.update |
| parts | POST | `/parts/columns/configs/:id/set-default` | ColumnConfigController.setDefault |
| parts | POST | `/parts/columns/configs/:id/copy` | ColumnConfigController.copy |
| parts | POST | `/parts/excel/import` | ExcelController.importExcel |
| parts | POST | `/parts/excel/validate` | ExcelController.validateExcel |
| parts | POST | `/inventory/check-in` | InventoryController.checkIn |
| parts | POST | `/inventory/check-out` | InventoryController.checkOut |
| parts | POST | `/inventory/adjust` | InventoryController.adjustInventory |
| parts | POST | `/labels/generate` | LabelsController.generateLabel |
| parts | POST | `/labels/print` | LabelsController.printLabel |
| parts | POST | `/parts` | PartsController.create |
| parts | PUT | `/parts/:partIdentifier` | PartsController.update |
| parts/controllers | POST | `/parts/groups` | PartGroupsController.createGroup |
| parts/controllers | PUT | `/parts/groups/:id` | PartGroupsController.updateGroup |
| parts/controllers | POST | `/parts/groups/:groupId/fields` | PartGroupsController.addCustomFieldToGroup |
| parts/controllers | PUT | `/parts/groups/fields/:fieldId` | PartGroupsController.updateCustomField |
| parts/controllers | POST | `/parts/groups/:groupId/parts` | PartGroupsController.assignPartsToGroup |
| parts/controllers | POST | `/stations` | StationController.create |
| parts/controllers | PUT | `/stations/:id` | StationController.update |
| parts/controllers | POST | `/storage-locations` | StorageLocationController.create |
| parts/controllers | PUT | `/storage-locations/:id` | StorageLocationController.update |
| parts/controllers | POST | `/warehouses` | WarehouseController.create |
| parts/controllers | PUT | `/warehouses/:id` | WarehouseController.update |
| organization/workflow-roles | POST | `/workflow-roles` | WorkflowRolesController.create |
| organization/workflow-roles | PUT | `/workflow-roles/:id` | WorkflowRolesController.update |
| organization/workflow-roles | POST | `/workflow-roles/:id/users` | WorkflowRolesController.assignUsers |
| organization/workflow-roles | POST | `/workflow-roles/resolve` | WorkflowRolesController.resolve |
| organization/users | POST | `/users/import-work-city/commit` | UsersController.commitImportWorkCity |
| organization/users | POST | `/users/:id/roles` | UsersController.assignRoles |
| organization/users | POST | `/users/:id/roles/add` | UsersController.addRoles |
| organization/users | POST | `/users/:id/region-roles` | UsersController.assignRegionRoles |
| organization/users | POST | `/users/:id/region-roles/add` | UsersController.addRegionRole |
| organization/users | POST | `/users/:id/region-roles/remove` | UsersController.removeRegionRole |
| organization/users | POST | `/users/:id/terminate` | UsersController.terminate |
| organization/users | PATCH | `/users/:id/status` | UsersController.updateStatus |
| organization/user-departments | POST | `/users/:userId/departments` | UserDepartmentsController.addUserDepartment |
| organization/user-departments | PATCH | `/users/:userId/departments/:departmentId` | UserDepartmentsController.updateUserDepartment |
| organization/user-departments | PUT | `/users/:userId/departments/:departmentId/primary` | UserDepartmentsController.setPrimaryDepartment |
| organization/sync | POST | `/organization/sync` | SyncController.syncFromEntraId |
| organization/roles | POST | `/roles` | RolesController.create |
| organization/roles | PUT | `/roles/:id` | RolesController.update |
| organization/roles | PUT | `/roles/:id/permissions` | RolesController.assignPermissions |
| organization/regions | POST | `/regions` | RegionsController.create |
| organization/regions | PATCH | `/regions/:id` | RegionsController.update |
| organization/regions | PUT | `/regions/:id/default-organization` | RegionsController.setDefaultOrganization |
| organization/departments | PUT | `/departments/:id/head` | DepartmentsController.setHead |
| organization/auth | POST | `/auth/register` | AuthController.register |
| ops-center/m365-dormant | POST | `/ops-center/m365-dormant/sync` | M365DormantController.triggerSync |
| feedback | PATCH | `/feedbacks/:id/status` | FeedbackController.updateStatus |
| feedback | PATCH | `/feedbacks/:id` | FeedbackController.update |
| ai-assistant/knowledge | POST | `/ai-assistant/knowledge-fixes` | KnowledgeController.create |
| ai-assistant/knowledge | PUT | `/ai-assistant/knowledge-fixes/:id/review` | KnowledgeController.review |
| ai-assistant/config | PUT | `/ai-assistant/config/:key` | AIConfigController.update |
| engines/form | POST | `/form-management/definitions` | FormManagementController.create |
| engines/form | PATCH | `/form-management/definitions/:id` | FormManagementController.update |
| engines/form | PUT | `/form-management/definitions/:id/design` | FormManagementController.saveDesign |
| engines/form | PUT | `/form-management/definitions/:id/form-design` | FormManagementController.saveFormDesign |
| engines/form | PUT | `/form-management/definitions/:id/process-design` | FormManagementController.saveProcessDesign |
| engines/form | POST | `/form-management/instances` | InstanceController.create |
| engines/form | PATCH | `/form-management/instances/:id` | InstanceController.updateInstance |
| engines/form | POST | `/form-management/instances/:id/submit` | InstanceController.submitInstance |
| engines/form | POST | `/form-management/instances/:id/withdraw` | InstanceController.withdrawInstance |
| engines/form | POST | `/form-management/definitions/:id/submit-review` | SnapshotController.submitReview |
| engines/form | POST | `/form-management/snapshots/:snapshotId/review` | SnapshotController.review |
| engines/form | POST | `/form-management/snapshots/:snapshotId/rollback` | SnapshotController.rollback |
| engines/form | POST | `/form-management/webhooks` | WebhookController.create |
| engines/form | PATCH | `/form-management/webhooks/:id` | WebhookController.update |
| engines/form | POST | `/form-management/webhooks/:id/test` | WebhookController.sendTestEvent |
| engines/form | POST | `/form-instances` | FormInstancesController.create |
| engines/form | PATCH | `/form-instances/:instanceIdentifier` | FormInstancesController.update |
| engines/form | POST | `/form-instances/:instanceIdentifier/submit` | FormInstancesController.submit |
| engines/form | POST | `/form-instances/:instanceIdentifier/cancel` | FormInstancesController.cancel |
| engines/form | POST | `/form-instances/:instanceIdentifier/withdraw` | FormInstancesController.withdrawForm |
| engines/form | POST | `/form-templates` | FormTemplatesController.create |
| engines/form | PATCH | `/form-templates/:templateIdentifier` | FormTemplatesController.update |
| engines/form | POST | `/form-templates/:templateIdentifier/create-form` | FormTemplatesController.createFormFromTemplate |
| engines/form | PUT | `/forms/:formIdentifier/versions/:version/translations/:locale` | FormTranslationsController.upsert |
| engines/form | POST | `/forms/:formIdentifier/versions/:version/translations/import` | FormTranslationsController.batchImport |
| engines/form | POST | `/forms/:formIdentifier/versions` | FormVersionsController.create |
| engines/form | PATCH | `/forms/:formIdentifier/versions/:version` | FormVersionsController.update |
| engines/form | POST | `/forms/:formIdentifier/versions/:version/deprecate` | FormVersionsController.deprecate |
| engines/form | POST | `/forms/:formIdentifier/versions/_actions/set-default` | FormVersionsController.setDefault |
| engines/form | POST | `/forms/:formIdentifier/versions/:version/submit-review` | FormVersionsController.submitForReview |
| engines/form | POST | `/forms/:formIdentifier/versions/:version/review` | FormVersionsController.reviewVersion |
| engines/approval | POST | `/approval/admin/sync` | ApprovalController.syncDefinitions |
| engines/approval | POST | `/approval/:instanceId/return` | ApprovalController.return |
| engines/approval | POST | `/approval/:instanceId/approver-withdraw` | ApprovalController.approverWithdraw |
| engines/approval | POST | `/approval/:instanceId/add-sign` | ApprovalController.addSign |
| core/messaging | POST | `/notifications/:id/retry` | NotificationController.retry |
| core/messaging | POST | `/notifications/templates` | NotificationController.createTemplate |
| core/messaging | PUT | `/notifications/templates/:code` | NotificationController.updateTemplate |
| core/messaging | POST | `/notifications/templates/test-render` | NotificationController.testRender |
| core/compute | POST | `/automation/tasks` | AutomationController.create |
| core/compute | PATCH | `/automation/tasks/:id` | AutomationController.update |
| core/compute | POST | `/automation/tasks/:id/pause` | AutomationController.pause |
| core/compute | POST | `/automation/tasks/:id/execute` | AutomationController.execute |