{
  "entrypoint_kind": "cli_local",
  "entrypoint_detail": "runc run cve-ptmx-test -b /bundle (inside a privileged Docker container with runc binary and a malicious /dev symlink rootfs)",
  "service_started": false,
  "healthcheck_passed": false,
  "target_path_reached": true,
  "runtime_stack": [
    "docker",
    "runc"
  ],
  "proof_artifacts": [
    "logs/repro_vuln.log",
    "logs/repro_fixed.log",
    "logs/build_repro-runc-vuln.log",
    "logs/build_repro-runc-fixed.log"
  ],
  "notes": "Vulnerable runc deleted the attacker-controlled host decoy; fixed runc preserved it."
}