{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "HTTP GET to /debug/pprof/cmdline on JuiceFS metrics port (0.0.0.0:9567)",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "redis",
    "juicefs-gateway"
  ],
  "proof_artifacts": [
    "logs/gateway-vuln.log",
    "logs/gateway-fixed.log",
    "logs/redis.log",
    "logs/format.log",
    "repro/artifacts/vuln-cmdline-response.txt",
    "repro/artifacts/fixed-cmdline-response.txt",
    "repro/artifacts/vuln-metrics-response.txt"
  ],
  "notes": "Vulnerable JuiceFS gateway exposes /debug/pprof/cmdline without auth, leaking Redis metadata credentials. Fixed version returns 404."
}