{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "Grafana AuthzService gRPC /authz.v1.AuthzService/List",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "Grafana pkg/services/authz/rbac.Service",
    "authz.v1.AuthzService gRPC server registered with authzv1.RegisterAuthzServiceServer",
    "TCP listener on 127.0.0.1",
    "gRPC client sends /authz.v1.AuthzService/List"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/vuln_grpc_attempt1.log",
    "logs/vuln_grpc_attempt2.log",
    "logs/fixed_grpc_attempt1.log",
    "logs/fixed_grpc_attempt2.log",
    "repro/repro_grpc_boundary_test.go",
    "repro/reproduction_steps.sh"
  ],
  "notes": "Fresh current-run proof used real TCP gRPC AuthzService/List boundary. Vulnerable attempts returned All=true/true for wildcard resource permission without folder authorization; fixed attempts returned All=false/false."
}
