ExtS3 · github-actions · Jun 10, 2026
diff --git a/ExtAnalysis/reports.json b/ExtAnalysis/reports.json
@@ -1175,6 +1175,13 @@
             "report_directory": "<reports_path>/EXA2026156043442",
             "time": "2026-06-05 04:34:42",
             "version": "3.2.2"
+        },
+        {
+            "id": "EXA2026160091302",
+            "name": "ResuMatch - Free Offline Keyword Analyzer",
+            "report_directory": "<reports_path>\\EXA2026160091302",
+            "time": "2026-06-09 09:13:02",
+            "version": "1.0.0"
         }
     ]
 }
diff --git a/backend/risk_scoring.py b/backend/risk_scoring.py
@@ -348,26 +348,22 @@ def calculate_weighted_final_risk(
     if risk_level in {"HIGH", "CRITICAL"}:
         blockers.append(f"final weighted risk level is {risk_level}")
 
-    # decision: only LOW is auto-approved; every non-safe outcome goes to review.
-    if risk_level == "LOW":
-        recommended = "approve"
-    else:
-        recommended = "review"
+    # Suppressor only reports scan risk. ExtS3 applies operational approval policy.
+    recommended = "review"
 
     if dynamic["status"] in {"error", "skipped"} and (
         static["risk_level"] in {"MEDIUM", "HIGH", "CRITICAL"}
         or obf["risk_level"] in {"MEDIUM", "HIGH", "CRITICAL"}
     ):
-        if recommended == "approve":
-            recommended = "review"
+        recommended = "review"
 
-    if error_or_skipped >= 2 and recommended == "approve":
+    if error_or_skipped >= 2:
         recommended = "review"
 
-    if recommended == "review":
-        decision_reason = "Risk signals or analysis uncertainty require human review before approval."
+    if risk_level == "LOW":
+        decision_reason = "No strong dynamic or corroborated static/obfuscation risk indicators were detected; ExtS3 policy determines final approval."
     else:
-        decision_reason = "No strong dynamic or corroborated static/obfuscation risk indicators were detected."
+        decision_reason = "Risk signals or analysis uncertainty require human review before approval."
 
     return {
         "risk_level": risk_level,

diff --git a/backend/web_payload.py b/backend/web_payload.py
@@ -309,7 +309,7 @@ def summarize_rag_result(rag_fingerprint_result: dict, rag_rerank_result: dict)
 def infer_recommended_decision(payload: dict) -> str:
     overall = _safe_dict(payload.get("overall"))
     weighted_decision = str(overall.get("recommended_decision", "")).strip().lower()
-    if weighted_decision in {"approve", "review", "reject"}:
+    if weighted_decision in {"review", "reject"}:
         return weighted_decision
 
     overall = _safe_dict(payload.get("overall"))
@@ -333,7 +333,7 @@ def infer_recommended_decision(payload: dict) -> str:
     if risk == "UNKNOWN" or error_count >= 2:
         return "review"
 
-    return "approve"
+    return "review"
 
 
 def _build_review_fields(payload: dict) -> tuple[list[str], list[str], list[str]]:
@@ -467,7 +467,7 @@ def build_web_payload(
         "overall": {
             "risk_level": overall_level,
             "risk_score": overall_score,
-            "recommended_decision": weighted_decision if weighted_decision in {"approve", "review"} else "review",
+            "recommended_decision": "review",
             "decision_reason": weighted_reason,
             "summary": _clip_text(
                 _safe_dict(dynamic_result.get("final_risk") if isinstance(dynamic_result, dict) else {}).get("reason")
@@ -504,20 +504,15 @@ def build_web_payload(
     final_decision = str(decision).strip().lower() if decision else inferred
     if final_decision == "reject":
         final_decision = "review"
-    if final_decision not in {"approve", "review"}:
-        final_decision = inferred
-    if final_decision == "reject":
+    if final_decision != "review":
         final_decision = "review"
 
     payload["overall"]["recommended_decision"] = final_decision
     if not payload["overall"].get("decision_reason"):
-        payload["overall"]["decision_reason"] = {
-            "review": "Some risk indicators or analysis uncertainty require human validation.",
-            "approve": "No significant risk indicators were detected in the summarized analyses.",
-        }[final_decision]
+        payload["overall"]["decision_reason"] = "ExtS3 policy determines final approval from the scan risk result."
 
     review_reasons, blockers, actions = _build_review_fields(payload)
-    payload["review"]["needs_human_review"] = final_decision != "approve"
+    payload["review"]["needs_human_review"] = True
     payload["review"]["review_reasons"] = review_reasons
     payload["review"]["approval_blockers"] = blockers
     payload["review"]["recommended_actions"] = actions