Read-only operator view

This surface cannot write evidence, deploy infrastructure, bill clients, or authenticate users. Console records · shell reads · witnessops.com verifies later.

← All engagements

WitnessOps Verification Report

Bastion 0-day hunt — OFFSECSHIELD / WITNESSOPS

A buyer-facing view of recorded evidence references, assessment status, receipt fingerprints, and explicit proof boundaries.

inert · read-onlymesh PASShunt PASSscaffold PHASE_5_NEXT_FORGE_SCAFFOLD_INIT
Writerwitnessops-console
Metadatarecord snapshots
Readeroperator-shell
Public verifywitnessops.com
Local gatePASSmesh PASS · hunt PASS
Evidence references32report snapshot references
Receipt fingerprints0evidence-manifest fingerprint not recorded
Verify runs0public verify remains external to this shell

Scope & contract boundary

read-only import contract
Schema
witnessops.operator_data_contract.v1
Writer
witnessops-console
Readers
witnessops-forge, witnessops-saas
Engagements
engagements/<id>.json
Verify runs
verify-runs/<uuid>.json
Hunt snapshots
hunt-snapshots/<engagement_id>/latest.json

Not enabled in this shell

  • SaaS production
  • public verify (in shell)
  • public mesh-gate (in shell)
  • goal0 mirror live
  • Neon
  • Clerk
  • Stripe
  • billing
  • Vercel deployment
  • SaaS login

Verify-run status

verifier records

No verify runs recorded for this engagement.

Verify runs are written by console when public verify is invoked. Empty state is honest — not a product failure.

Hunt snapshot

assessment snapshot
Ingested
2026-06-22T00:45:24.767Z
Latest gate
PASS
Latest action
stop
Closeout
misconfig complete no zero day
Loop tail
Overall gate passed and no active leaks remain; ready for operator closeout.
Lines cached
32

Top findings (closeout)

  • criticalconsoleState-public-staticremediated
  • criticalbastion-8008-publicremediated
  • mediummcp-no-bearerpass_on_bastion

Receipt hashes

evidence fingerprints

No receipt fingerprints are available for this evidence handle.

Public verify

placeholder · external authority

Proof packs are verified on witnessops.com/api/verify. Mesh gate checks use witnessops.com/api/mesh-gate.

This demo does not POST verify requests. Console records verify-run results when operators run them locally.

Submit proof pack — not available in inert shell

Evidence custody

chain-of-custody note
  • Operator custody keeps raw evidence outside the report. Buyer views use stable evidence handles.
  • Metadata records hold engagements, assessment snapshots, and verify-run records. Written only by witnessops-console.
  • Receipt hashes are SHA-256 fingerprints read from operator-held evidence at display time. They are not a public attestation without a recorded verify run.
  • Scaffold receipt FORGE_PHASE_5_NEXT_FORGE_SCAFFOLD_INIT_V1 closed with body hash 264eec3f…3054d5c2.

Demonstrated by Available Evidence

Facts this read-only shell can show from recorded metadata and evidence fingerprints.

  • Engagement record present — assessment gate PASS
  • Hunt snapshot gate PASS (action: stop)
  • Closeout verdict: misconfig complete no zero day
  • Operator contract record present

Not Demonstrated by Available Evidence

Limits buyers should understand before treating this as production SaaS.

  • No verify-run records are present for this engagement
  • Public verify not executed from this shell — authority is witnessops.com
  • Third-party cryptographic attestation not shown here
  • Raw evidence is not embedded in this report (custody boundary)
  • SaaS production — not enabled
  • public verify (in shell) — not enabled
  • public mesh-gate (in shell) — not enabled
  • goal0 mirror live — not enabled
  • Neon — not enabled
  • Clerk — not enabled
  • Stripe — not enabled
  • billing — not enabled
  • Vercel deployment — not enabled
  • SaaS login — not enabled
← All engagementsWriter: witnessops-console · Readers: witnessops-forge, witnessops-saas · Port 3030