Capstone delivery. The CVE-2025-65106 reproduction, the detector tool, the cross-language Gonja write-up, the six-to-eight-page coordinated-disclosure-style report, the five-minute recorded demo. Graded against the rubric in CAPSTONE.html.
What you ship
- Git repo URL containing: reproduction harness, detector tool source, Gonja write-up, requirements.txt pinning both vulnerable and patched LangChain, README, six-to-eight-page report (Markdown or PDF), Toolchain Diary.
- Five-minute recorded demo (MP4 or webm).
- Short cohort-showcase pitch (one minute), live in front of the cohort in Week 10's last session.
Tools you use
- Whichever tools you actually used.
- OBS or your screen-recorder of choice for the demo.
Success criteria
- The reproduction actually runs. We will rebuild the virtualenv from your requirements.txt and execute your harness.
- The detector tool correctly flags the positive-test virtualenv and skips the negative-test virtualenv.
- The report covers reproduction depth, OWASP mapping (specific LLM01 sub-class plus relevant ASI items), the upstream-patch reference, the cross-language pointer at CVE-2025-9556, a hypothetical disclosure timeline, and at least one cited reading.
- The demo runs the work end-to-end in five minutes and reads the report's disclosure section aloud.
Time budget
Plan for two ninety-minute lab sessions plus two hours of independent build-out. Modules 4 and 6 commonly run over; budget one extra session for those.
Submission
Push to your student repo under adv-102/labs/lab-10/. Include source, a one-paragraph README, the output you observed, and where applicable a structured detector or trace file.