{
  "schema_version": 1,
  "updated_at": "2026-07-09T13:25:03.916987615Z",
  "entries": [
    {
      "logical_path": "repro/reproduction_steps.sh",
      "stage": "repro",
      "role": "primary_reproducer",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after repro stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "repro/rca_report.md",
      "stage": "repro",
      "role": "root_cause_analysis",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after repro stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "repro/validation_verdict.json",
      "stage": "repro",
      "role": "validation_verdict",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after repro stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "repro/runtime_manifest.json",
      "stage": "repro",
      "role": "runtime_manifest",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared supplemental repro stage artifact",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "logs/rce_marker_vuln_latest.txt",
      "stage": "repro",
      "role": "marker_output",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "The marker file written by the attacker's OS command (id) executed inside the Gravitino server JVM via H2 INIT — direct proof of code execution.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "logs/vuln_attempt_1.log",
      "stage": "repro",
      "role": "request_response",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Vulnerable 1.2.0 request/response: testConnection returned 200 {code:0} and marker created with id output.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "logs/fixed_attempt_1.log",
      "stage": "repro",
      "role": "request_response",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Fixed 1.2.1 negative control: testConnection rejected with 'H2 JDBC URL is not allowed' at DataSourceUtils.createDataSource:54, no marker.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "logs/reproduction_steps.log",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/vuln_version.json",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/vuln_attempt_1.log",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/vuln_attempt_2.log",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/rce_marker_vuln_latest.txt",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/vuln_server.log",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/fixed_version.json",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/fixed_attempt_1.log",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/fixed_attempt_2.log",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "logs/fixed_server.log",
      "stage": "repro",
      "role": "proof_log",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Referenced by runtime_manifest.proof_artifacts",
      "declared_by": "runtime_manifest"
    },
    {
      "logical_path": "vuln_variant/reproduction_steps.sh",
      "stage": "repro",
      "role": "primary_reproducer",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Self-contained bypass reproducer: starts fixed 1.2.1 server, sends unauthenticated lakehouse-paimon testConnection with malicious H2 INIT URL, proves RCE on the fixed version. Exit 0 = bypass confirmed.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "logs/vuln_variant/rce_marker_paimon_fixed_latest.txt",
      "stage": "repro",
      "role": "marker_output",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Marker file written by the attacker's OS command (id) inside the FIXED 1.2.1 server JVM via H2 INIT/CREATE ALIAS reached through the lakehouse-paimon jdbc metastore bypass. Direct proof of RCE on the patched version.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "logs/vuln_variant/paimon_fixed_server.log",
      "stage": "repro",
      "role": "runtime_manifest",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Fixed-server log showing the bypass stack (PaimonCatalogOperations.initialize -> PaimonCatalogOps -> CatalogUtils -> JdbcCatalogFactory.create -> JdbcCatalog.<init>) and zero DataSourceUtils H2-block messages, proving the request never hit the patched sink.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "vuln_variant/validation_verdict.json",
      "stage": "judge",
      "role": "validation_verdict",
      "destination": "public_evidence",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Structured final verdict for the variant stage: bypass_confirmed on fixed 1.2.1 (commit e88bffcfc...), code_execution, fixed_version_marker_created=true, fixed_version_datasourceutils_block_fired=false.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "vuln_variant/variant_manifest.json",
      "stage": "vuln_variant",
      "role": "variant_manifest",
      "destination": "variant_candidate",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after vuln_variant stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "vuln_variant/patch_analysis.md",
      "stage": "vuln_variant",
      "role": "patch_analysis",
      "destination": "variant_candidate",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after vuln_variant stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "vuln_variant/rca_report.md",
      "stage": "vuln_variant",
      "role": "root_cause_analysis",
      "destination": "variant_candidate",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after vuln_variant stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "vuln_variant/source_identity.json",
      "stage": "vuln_variant",
      "role": "source_identity",
      "destination": "variant_candidate",
      "required_for_verdict": false,
      "publishable": true,
      "reason": "Auto-declared supplemental vuln_variant stage artifact",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "vuln_variant/runtime_manifest.json",
      "stage": "repro",
      "role": "runtime_manifest",
      "destination": "private_only",
      "required_for_verdict": false,
      "publishable": false,
      "reason": "Runtime evidence manifest summarizing both server runs, marker contents, server stack, and idempotency.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "vuln_variant/root_cause_equivalence.json",
      "stage": "vuln_variant",
      "role": "root_cause_analysis",
      "destination": "variant_candidate",
      "required_for_verdict": false,
      "publishable": true,
      "reason": "Auto-declared supplemental vuln_variant stage artifact",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "vuln_variant/reproduction_steps.sh",
      "stage": "vuln_variant",
      "role": "primary_reproducer",
      "destination": "variant_candidate",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after vuln_variant stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "vuln_variant/validation_verdict.json",
      "stage": "vuln_variant",
      "role": "validation_verdict",
      "destination": "variant_candidate",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after vuln_variant stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "vuln_variant/runtime_manifest.json",
      "stage": "vuln_variant",
      "role": "runtime_manifest",
      "destination": "variant_candidate",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared supplemental vuln_variant stage artifact",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "coding/proposed_fix.diff",
      "stage": "coding",
      "role": "proposed_fix",
      "destination": "protection_artifact",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after coding stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "coding/verify_fix.sh",
      "stage": "coding",
      "role": "fix_verification",
      "destination": "protection_artifact",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after coding stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "coding/summary_report.md",
      "stage": "coding",
      "role": "summary_report",
      "destination": "protection_artifact",
      "required_for_verdict": true,
      "publishable": true,
      "reason": "Auto-declared after coding stage deliverable validation",
      "declared_by": "stage_validator"
    },
    {
      "logical_path": "coding/H2BlockTest.java",
      "stage": "coding",
      "role": "other",
      "destination": "protection_artifact",
      "required_for_verdict": false,
      "publishable": true,
      "reason": "JUnit-free test exercising the real patched DataSourceUtils.createDataSource H2 guard against CVE/variant/encoded/case-insensitive payloads and legit mysql/pg/mariadb configs. Required by verify_fix.sh.",
      "declared_by": "agent_tool"
    },
    {
      "logical_path": "coding/PaimonH2BlockTest.java",
      "stage": "coding",
      "role": "other",
      "destination": "protection_artifact",
      "required_for_verdict": false,
      "publishable": true,
      "reason": "Test exercising the real patched Paimon CatalogUtils.checkPaimonConfig H2 guard (via reflection) for the lakehouse-paimon JDBC-metastore bypass. Required by verify_fix.sh.",
      "declared_by": "agent_tool"
    }
  ]
}
