Running one project: verify [CALLSITE_HIT] [PROOF_MARKER]: getTLogTimestamp() accepted UNAUTHENTICATED tlog integratedTime=1763174679 as a trusted timestamp (2025-11-15T02:44:39.000Z); entry has NO inclusionPromise (inclusionProof-only) -> integratedTime not cryptographically bound [PROOF_MARKER]: Verifier.verify() (public-key path) SUCCEEDED; sole timestamp was UNAUTHENTICATED tlog integratedTime=1763174679 from inclusionProof-only entry -> timestampThreshold satisfied & key validity accepted on attacker-chosen time [CALLSITE_HIT] [PROOF_MARKER]: Verifier.verify() (certificate path) SUCCEEDED for a cert that is EXPIRED now (notBefore=2025-12-14T02:04:39.000Z, notAfter=2025-12-14T02:14:39.000Z, now=2026-07-02T18:10:00.869Z) using UNAUTHENTICATED tlog integratedTime=1765677909 from an inclusionProof-only entry -> certificate validity window satisfied by attacker-chosen, unauthenticated time PASS verify packages/verify/src/__tests__/cve_repro.test.ts CVE-2026-48816 Part A: getTLogTimestamp callsite (inclusionProof-only entry) ✓ records whether the unauthenticated integratedTime is accepted as a trusted timestamp (2 ms) Part B: Verifier.verify() public-key path (inclusionProof-only sole timestamp) ✓ records whether the unauthenticated integratedTime satisfies timestampThreshold + key validity (4 ms) Part C: Verifier.verify() certificate path (real fixture, expired cert accepted via untrusted integratedTime) ✓ records whether an expired cert is accepted using an attacker-chosen inclusionProof-only integratedTime (16 ms) Test Suites: 1 passed, 1 total Tests: 3 passed, 3 total Snapshots: 0 total Time: 0.132 s, estimated 1 s Ran all test suites matching cve_repro.test.ts.