{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "POST /api/v2/manifest/bake/KUSTOMIZE4 on a real Rosco Spring Boot HTTP server (SpringBootTest RANDOM_PORT)",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "rosco-web",
    "rosco-manifests",
    "spring-boot-test-http-server",
    "wiremock-clouddriver-artifact-peer"
  ],
  "variant_reproduced_on_vulnerable": true,
  "variant_reproduced_on_fixed": false,
  "is_bypass": false,
  "proof_artifacts": [
    "bundle/logs/vuln_variant/reproduction_steps.log",
    "bundle/logs/vuln_variant/vulnerable_attempt_1.log",
    "bundle/logs/vuln_variant/fixed_attempt_1.log",
    "bundle/vuln_variant/vulnerable_attempt_1.evidence.txt",
    "bundle/vuln_variant/fixed_attempt_1.evidence.txt"
  ],
  "tested_commits": {
    "vulnerable": "d7d131a1b1fcb831256034f1e8d023f6e9dc4fc3",
    "fixed": "f5cec213f8cf207843ed5a6929395960a1ca094f"
  },
  "notes": "KUSTOMIZE4 alternate endpoint confirmed as an alternate trigger of the same root cause on the vulnerable build (payloadExecuted=true, ScriptEngineManager instantiated, HTTP 500 ClassCastException). On the fixed build the SafeConstructor fix blocks it (payloadExecuted=false, HTTP 400). No bypass."
}
