WitnessOps
What you are looking at

This page is a read-only report: it summarizes recorded evidence, stable evidence references, the current assessment snapshot, and explicit proof boundaries. It does not run tests, deploy changes, bill clients, or authenticate users. Public verification is performed via the WitnessOps public verifier and reflected back here when a verify run is recorded.

Back to reports

Verification report

Verification report: Bastion 0-day hunt - OFFSECSHIELD / WitnessOps

Client
OFFSECSHIELD
Assessment
Bastion Infrastructure Review
Status
Complete

Treat this engagement as recorded, not independently verified, until a verify-run artifact exists.

Assessment gatesPASSrecorded as PASS: mesh + hunt + local gate
Evidence recorded32evidence references available in the report snapshot
Receipt fingerprints recorded0evidence-manifest fingerprint not recorded
Verify runs recorded0no independent verification artifact yet

How to interpret this report

buyer guidance
  • Treat PASS as this stage was recorded as passed under the engagement contract shown here. It is not a blanket security certification by itself.
  • A verify run is the primary way to get an independently checkable proof artifact. Without it, interpret the engagement as recorded rather than verified.

Executive Outcome

buyer summary
Executive outcome by verification area
Verification AreaStatus
Engagement RegistrationComplete
Assessment ExecutionComplete
Evidence CollectionComplete
Review StatusComplete
Public VerificationNot Executed

Evidence Register

operator custody

Evidence remains under operator custody. This report uses stable evidence handles rather than exposing local storage locations or embedding raw evidence.

Evidence Store ID
WOPS-ES-4FA06525C53D4B62
Evidence Manifest ID
Not recorded
Evidence records
32
Receipt fingerprints recorded
0
Custody Descriptor
Operator-held evidence; external evidence store
Custody Proof Token
Not recorded

Findings Summary

review outcome
Assessment finding summary
SeverityFindingStatus
CriticalPublic Console ExposureRemediated
CriticalPublic Service Exposure (Port 8008)Remediated
MediumMissing Authentication RequirementReviewed

Verification Chain

current state
Verification chain status
Verification AreaStatus
Assessment CompletedComplete
Evidence RecordedComplete
Evidence FingerprintedNot Recorded
Independent VerificationNot Performed

Demonstrated by Available Evidence

Claims supported by the current engagement record and evidence references.

  • The engagement record is present and identifies the assessed workflow.
  • The assessment reached a completed review state.
  • Evidence is represented by a buyer-safe evidence store reference with explicit custody expectations.

Not Demonstrated by Available Evidence

Boundaries that should remain clear before this record is used for external assurance.

  • Independent verification backed by a verify-run artifact (verify runs = 0).
  • A complete evidence integrity proof via a recorded evidence-manifest fingerprint (manifest fingerprint = 0).
  • Third-party attestation beyond what is explicitly named in the report.

If you need a proof you can check independently

next verification step

Request or execute a verify run via the verifier endpoint and ensure the resulting verify-run artifact is recorded. Only then can you claim verified in a way backed by an explicit mechanism and artifact.

Technical Detail

Source Record

internal metadata
ID
bastion-0day-hunt-20260621T083757Z
Original title
Bastion 0-day hunt — OFFSECSHIELD / WITNESSOPS
ROE
operator-owned infrastructure; honest 0-day vs misconfig labeling
Notes
Public kernel stays witnessops-web on goal0. Console is fleet-local only.
Evidence namespace
evd://engagement/bastion-0day-hunt-20260621T083757Z
Custody descriptor
Operator-held evidence; external evidence store
Custody proof token
Not recorded
Evidence manifest ID
Not recorded
Updated
2026-06-21T23:48:33.952Z
huntmeshswarmshield

Import Boundary

operator contract
Schema
witnessops.operator_data_contract.v1
Writer
witnessops-console
Readers
witnessops-forge, witnessops-saas
Engagements
engagements/<id>.json
Verify runs
verify-runs/<uuid>.json
Hunt snapshots
hunt-snapshots/<engagement_id>/latest.json

Not enabled in this shell

  • metadata writes from app
  • public verify POST from app
  • proof run execution from app
  • raw evidence import into report

Assessment Snapshot

operator detail
Ingested
2026-06-22T00:45:24.767Z
Local gate
PASS
Latest action
stop
Closeout
misconfig complete no zero day
Loop tail
Overall gate passed and no active leaks remain; ready for operator closeout.
Lines cached
32

Verify Runs

internal records

No verify-run records are present for this engagement.

Receipt Fingerprints

internal hashes

No receipt fingerprints are available for this evidence handle.

Public Authority

endpoints

Proof packs are verified on witnessops.com/api/verify. Gate checks use witnessops.com/api/mesh-gate.

Contract present: yes. Scaffold receipt: FORGE_PHASE_5_NEXT_FORGE_SCAFFOLD_INIT_V1.