{
  "schema_version": "1.0",
  "created_at": "2026-07-07T22:09:00Z",
  "verdict": "no_distinct_variant_or_bypass_confirmed",
  "confirmed": false,
  "bypass_confirmed": false,
  "alternate_trigger_confirmed": false,
  "repository": "npm:9router",
  "submitted_target": {
    "target_kind": "npm_package",
    "version": "0.4.39",
    "display": "npm:9router@0.4.39"
  },
  "variant_target": {
    "target_kind": "npm_package",
    "version": "0.5.20",
    "ref": "npm dist-tag latest resolved during variant run",
    "display": "npm:9router@0.5.20"
  },
  "tested_fixed_or_latest": true,
  "tested_fixed_or_latest_identity": {
    "target_kind": "npm_package",
    "version": "0.5.20",
    "ref": "npm dist-tag latest resolved during variant run",
    "display": "npm:9router@0.5.20"
  },
  "script_exit_code_semantics": "bundle/vuln_variant/reproduction_steps.sh exits 0 only for confirmed patched-target bypass; exits 1 for no bypass/variant. The script completed with exit 1 in both required verification runs.",
  "candidate_matrix": [
    {
      "candidate_id": "c0_parent_install_baseline",
      "entrypoint": "POST /api/tunnel/tailscale-install",
      "purpose": "parent vulnerable control and fixed negative control",
      "vulnerable_result": "HTTP 200, marker present, original shell sink reached",
      "fixed_latest_result": "HTTP 403, marker absent",
      "variant_status": "parent_control_not_variant"
    },
    {
      "candidate_id": "c1_install_trailing_slash",
      "entrypoint": "POST /api/tunnel/tailscale-install/",
      "purpose": "path normalization/trailing slash bypass attempt",
      "vulnerable_result": "HTTP 308 redirect, marker absent",
      "fixed_latest_result": "HTTP 308 redirect, marker absent",
      "variant_status": "not_confirmed"
    },
    {
      "candidate_id": "c2_start_daemon",
      "entrypoint": "POST /api/tunnel/tailscale-start-daemon",
      "purpose": "adjacent tunnel route with sudoPassword field",
      "vulnerable_result": "HTTP 200, marker absent; no shell-script stdin interpretation",
      "fixed_latest_result": "HTTP 401, marker absent",
      "variant_status": "not_same_sink_not_bypass"
    },
    {
      "candidate_id": "c3_cli_tools_mitm",
      "entrypoint": "POST /api/cli-tools/antigravity-mitm",
      "purpose": "adjacent privileged CLI-tools route with sudoPassword field",
      "vulnerable_result": "HTTP 401, marker absent",
      "fixed_latest_result": "HTTP 403, marker absent",
      "variant_status": "protected_not_bypass"
    }
  ],
  "evidence": [
    "bundle/logs/vuln_variant/reproduction_steps.log",
    "bundle/vuln_variant/runtime_manifest.json",
    "bundle/vuln_variant/source_scan_summary.json",
    "bundle/logs/vuln_variant/latest_version.txt",
    "bundle/logs/vuln_variant/fixed_version.txt"
  ],
  "blocking_mitigation": "Catch-all middleware authorization in fixed/latest build and install helper no longer executing downloaded shell script from stdin after sudoPassword bytes.",
  "notes": "Ticket patched version 0.4.44 was not available from npm during this run, so 0.5.20 (npm latest) was used for the mandatory fixed/latest test; repro-stage evidence also showed 0.4.45 blocks the parent request."
}