{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "HTTP GET / on APISIX gateway (port 9080) with Authorization: Bearer <forged JWT>; route protected by jwt-auth plugin with RS256 consumer",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "apache/apisix:3.16.0-debian (vulnerable)",
    "apache/apisix:3.17.0-debian (fixed)",
    "bitnamilegacy/etcd:3.6",
    "python:3-slim upstream + client"
  ],
  "proof_artifacts": [
    "logs/harness_vulnerable.log",
    "logs/harness_fixed.log",
    "logs/apisix_vulnerable.log",
    "logs/apisix_fixed.log",
    "artifacts/results_vulnerable.json",
    "artifacts/results_fixed.json",
    "artifacts/rsa_public.pem",
    "artifacts/apisix_config.yaml"
  ],
  "notes": "Forged HS256 JWT (signed with consumer RSA public key as HMAC secret) accepted on vulnerable 3.16.0 (HTTP 200 = auth bypass) and rejected on fixed 3.17.0 (HTTP 401 = 'algorithm mismatch, expected RS256'). Forged token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkiOiJqYWNrLWtleSJ9.rG2T5SBruABPF0GauV"
}