{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "HTTP GET to embedded Camel platform-http subpath /api/hello without credentials",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "openjdk-17",
    "maven",
    "camel-platform-http-main",
    "vertx-platform-http-server"
  ],
  "proof_artifacts": [
    "logs/reproduction_summary.log",
    "logs/vulnerable_4.14.5_app.log",
    "logs/vulnerable_4.14.5_no_creds.txt",
    "logs/vulnerable_4.14.5_with_creds.txt",
    "logs/fixed_4.14.6_app.log",
    "logs/fixed_4.14.6_no_creds.txt",
    "logs/fixed_4.14.6_with_creds.txt"
  ],
  "notes": "Vulnerable 4.14.5: /api/hello without credentials -> HTTP 200 (auth bypass). Fixed 4.14.6: /api/hello without credentials -> HTTP 401 (rejected). Identical app code + config; only the Camel version differs. bypass_confirmed=yes"
}