{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "POST /v1/mcp with Bearer token traversal",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "fast-mcp-telegram",
    "uvicorn",
    "fastmcp"
  ],
  "proof_artifacts": [
    "logs/server_vuln.log",
    "logs/server_fixed.log",
    "repro/artifacts/http_vuln_reserved.txt",
    "repro/artifacts/http_vuln_traversal.txt",
    "repro/artifacts/http_vuln_noauth.txt",
    "repro/artifacts/http_fixed_traversal.txt"
  ],
  "notes": "Vulnerable 0.19.0 accepted traversal token (HTTP 200) while rejecting the reserved token and no-auth; fixed 0.19.1 rejected the traversal token (HTTP 401)."
}
