Hardproof scan report

{"artifacts":[{"content_type":"application/json; charset=utf-8","digest":"926abe066297fff838c19322b33ff08f0e74b7a5ddea83c2e696c0c19a7ff644","id":"conformance.summary.json","kind":"conformance_artifact","path":"conformance.summary.json"},{"content_type":"application/json","digest":"ceab7bf39a337982e3849910f039068f75882768bcbceb256035edc68fe0d26e","id":"perf.samples.json","kind":"report","path":"perf.samples.json"},{"content_type":"application/json","digest":"0a80c4b2005cd72e1b3144bd7aed29cc7bd09213f18441274bf30b1f082af2a8","id":"reliability.cases.json","kind":"report","path":"reliability.cases.json"},{"content_type":"application/json","digest":"e040e3266e87027c0bff195c21a816d82ca81a9eb5108fb8777221940830b15d","id":"reliability.replay.json","kind":"report","path":"reliability.replay.json"},{"content_type":"application/json; charset=utf-8","digest":"d7e4e6b0ddcb5546b8eb33471543cd7f2bc8efe85ebf7e62b86507f8c0e886ed","id":"usage.tools.list.json","kind":"usage_artifact","path":"tools.list.json"}],"dimension_coverage":{"conformance":true,"performance":true,"reliability":true,"security":true,"trust":true},"dimensions":[{"artifact_refs":["conformance.summary.json"],"finding_refs":[],"metrics":{"failed":0,"full_suite":false,"passed":9,"raw_dir":"out/scan/raw/20260407-030248","total":9,"warnings":0},"name":"conformance","score":100,"status":"pass","weight":0.3},{"artifact_refs":[],"finding_refs":[],"metrics":{"auth_challenge_status_code":0,"auth_expectation_mismatch":false,"auth_protection_status":"missing","command_risk_pattern_count":0,"descriptor_bytes":141,"families":{"auth_exposure":{"auth_protection_status":"missing","status":"local_only"},"command_surface":{"pattern_count":0,"status":"clear"},"descriptor_drift":{"drift_kind":"none","status":"stable"},"injection_pattern":{"pattern_count":0,"status":"clear"},"transport_exposure":{"status":"local_only"}},"host_origin_guard_ok":true,"injection_pattern_count":0,"metadata_drift_kind":"none","remote_http_without_tls":false},"name":"security","score":100,"status":"pass","weight":0.2},{"artifact_refs":["perf.samples.json"],"finding_refs":[],"metrics":{"budget_fuel_concurrent_probe":10000000,"budget_fuel_discover":10000000,"budget_fuel_ping_samples":10000000,"budget_fuel_tool_call_samples":10000000,"concurrent_ok_n":4,"concurrent_slots":4,"ping_p95_ms":1,"ping_p99_ms":1,"ping_sample_count":20,"throughput_calls_per_sec":1000,"tool_call_confidence":"high","tool_call_p95_ms":1,"tool_call_p99_ms":1,"tool_call_sample_count":20,"workload_profile":"steady_small"},"name":"performance","score":100,"status":"pass","weight":0.15},{"artifact_refs":[],"finding_refs":["TRUST-EVIDENCE-MISSING","TRUST-PUBLISHER-META-MISSING"],"metrics":{"bundle_consistency":"fail","bundle_status":"fail","identity_confidence":"low","publisher_identity":"warn","publisher_status":"warn","signature_integrity":"unknown","signature_status":"unknown","tlog_status":"unknown","transparency_evidence":"unknown","trust_evaluable":true},"name":"trust","score":0,"status":"fail","weight":0.2},{"artifact_refs":["reliability.cases.json","reliability.replay.json"],"finding_refs":[],"metrics":{"invalid_elapsed_ms":1,"invalid_jsonrpc_ok":true,"invalid_status_code":200,"malformed_elapsed_ms":1,"malformed_json_ok":true,"malformed_status_code":400,"oversize_elapsed_ms":1,"oversize_request_ok":true,"oversize_status_code":200,"ping_drift":false,"ran":true,"replay_stable":true,"restart_reconnect_ok":true,"timeout_cancel_ok":true,"tools_list_drift":false,"unknown_method_drift":false},"name":"reliability","score":100,"status":"pass","weight":0.15}],"elapsed_ms":109,"findings":[{"code":"TRUST-EVIDENCE-MISSING","dimension":"trust","docs_ref":"https://x07.io/docs/hardproof/findings/TRUST-EVIDENCE-MISSING","evidence":{},"severity":"critical","suggested_fix":"Provide --server-json (and --mcpb when available) to enable trust verification.","summary":"No server.json metadata was provided, so publisher/signature/tlog trust checks cannot run.","title":"Trust evidence missing"},{"code":"TRUST-PUBLISHER-META-MISSING","dimension":"trust","docs_ref":"https://x07.io/docs/hardproof/findings/TRUST-PUBLISHER-META-MISSING","evidence":{},"severity":"warning","suggested_fix":"Publish server.json with registry publisher metadata under _meta.","summary":"server.json does not include publisher-provided trust metadata.","title":"Publisher metadata missing"}],"gating_reasons":[],"generated_at":"2026-04-07T03:02:48.502480000Z","methodology_version":"0.4.0","overall_score":80,"overall_status":"fail","partial_reasons":[],"partial_score":80,"report_digest":"2219299e1f07614bcb914dee5e038ba783a69f20579a03cc5a6036a62fcde90f","report_kind":"scan","run_id":"aafd25173b9701cb","schema_version":"x07.mcp.scan.report@0.4.0","score_available":true,"score_mode":"partial","score_truth_status":"partial","score_weight_present":100,"spec_baseline":"mcp@2025-11-25","status":"fail","target":{"kind":"mcp_server","meta":{},"ref":"http://127.0.0.1:18080/mcp","transport":"streamable_http"},"tool":"hardproof","tool_family":"hardproof","tool_version":"0.4.0-beta.4","transport":"streamable_http","unknown_dimensions":[],"usage_metrics":{"avg_tool_description_tokens":3,"avg_tool_description_tokens_exact":2,"avg_tool_description_tokens_observed":null,"estimator_confidence":"low","estimator_family":"bytes_per_token_v1","estimator_version":"v1","example_payload_est_tokens_total":0,"input_schema_bytes_total":17,"input_schema_est_tokens_total":5,"input_schema_tokens_exact_total":5,"input_schema_tokens_observed_total":null,"max_tool_description_tokens":3,"max_tool_description_tokens_exact":2,"max_tool_description_tokens_observed":null,"metadata_to_payload_ratio_pct":391,"replay_transcript_est_tokens_total":0,"response_payload_est_tokens_p50":9,"response_payload_est_tokens_p95":9,"response_payload_tokens_exact_p50":16,"response_payload_tokens_exact_p95":16,"response_payload_tokens_observed_p50":null,"response_payload_tokens_observed_p95":null,"tokenizer_id":"openai:o200k_base","tool_catalog_bytes":141,"tool_catalog_est_tokens_cl100k":36,"tool_catalog_est_tokens_o200k":32,"tool_catalog_tokens_exact":39,"tool_catalog_tokens_observed":null,"tool_count":1,"trace_source":"","usage_confidence":"high","usage_mode":"tokenizer_exact"}}