S203j–k: deep debt comprehensive evolution — async-trait AFIT, tarpc socket fix, workspace unification

13 async traits migrated to native async fn (8 crates freed from async-trait).
tarpc client socket bug fixed (was connecting to JSON-RPC socket).
70+ raw env var strings interned, HTTP/Unix protocol constants added.
4 large files smart-refactored into submodule directories.
Dead code #[allow] → #[expect(reason)], error swallowing → tracing::warn.
Network configurator stubs evolved to structural validation.
~20 Cargo.toml files: inline dep versions → workspace = true.
CUDA/OpenCL stubs marked #[deprecated].
platform_paths constants module added. Magic numbers → named constants.
5 active debt items cataloged. Root docs updated to S203k.
80.7 GiB build artifacts cleaned.

187 files changed, net −6,835 lines.

Made-with: Cursor

Author: westgate

Cargo.toml

@@ -60,7 +60,7 @@ members = [
     "examples",
 ]
 
-exclude = ["fuzz"]
+exclude = ["fuzz", "crates/ml/burn-inference"]
 
 [workspace.package]
 version = "0.1.0"

DEBT.md

@@ -1,12 +1,39 @@
 # Active Technical Debt Register
 
-**Date**: April 14, 2026 — S203i
+**Date**: April 15, 2026 — S203k
 **Philosophy**: Math is universal, precision is silicon. Workarounds are
 short-term solutions that increase debt. We aim to solve deep debt over
 iterations, evolving toward vendor-agnostic, capability-based solutions.
 
 ## Active Debt
 
+### D-SANDBOX-SIMULATION — Active
+**Crate**: `security/sandbox` | **File**: `linux.rs`
+Linux sandbox operations (`destroy_sandbox`, `setup_mount`, `apply_security_policy`,
+`get_sandbox_logs`, `monitor_sandbox`) return success without actual namespace/cgroup/
+seccomp/mount operations. `monitor_sandbox` returns all-zero `ResourceUsage`. Logs are
+synthetic strings. Requires real kernel namespace/cgroup integration to evolve.
+
+### D-PLUGIN-SIMULATE — Active
+**Crate**: `core/toadstool` | **File**: `plugin_system/manager.rs`
+`load_plugin` / `unload_plugin` simulate load/unload (no `dlopen`, no cleanup).
+Evolution requires plugin ABI design.
+
+### D-BYOB-RESOURCE-SIM — Active
+**Crate**: `core/toadstool` | **File**: `byob/byob_impl/mod.rs`
+`update_resource_usage` returns simulated CPU/memory/network from service specs,
+not real metrics. Evolution requires integration with cgroup stats or monitoring.
+
+### D-WORKLOAD-CLIENT-IPC — Active
+**Crate**: `client` | **File**: `client/core.rs`
+`submit_workload` / `get_execution_status` always return `Err` for non-GPU workload
+types. JSON-RPC method mapping not yet wired for native/container/wasm/python paths.
+
+### D-HW-LEARN-VERIFY — Active
+**Crate**: `core/hw-learn` | **File**: `applicator/verify.rs`
+`verify_register`, `verify_compute_readback`, `verify_memory_accessible` return
+failure results with debt-tracking messages. Requires nouveau UAPI parsing.
+
 ### D-TARPC-PHASE3-BINARY
 **Crate**: `integration/protocols` | **Feature**: `tarpc-transport`
 `TRpcTransport::send_message` now wired (S197): resolves target primal's Unix
@@ -55,12 +82,163 @@ Files: `fuzz/Cargo.toml`, `fuzz/fuzz_targets/*.rs`, `.github/workflows/ci.yml`.
 
 ## Known Limitations (not actionable debt)
 
-### D-ASYNC-DYN-MARKERS — Rust language constraint
-**Scope**: Workspace (~55 files) | **Marker**: `NOTE(async-dyn)`
-Traits using `#[async_trait]` because native `async fn` in `dyn Trait` is not yet
-stable in Rust. Cannot resolve until Rust stabilizes this feature. The `#[async_trait]`
-dependency is pure Rust (proc-macro) and zero-overhead at runtime for non-dyn paths.
-**Not actionable** — resolves when Rust stabilizes the feature. Markers are accurate documentation.
+### D-ASYNC-DYN-MARKERS — Partially resolved, ongoing
+**Scope**: Workspace (~148 remaining `#[async_trait]` annotations, down from 183)
+**Wave 1-2**: Migrated 7 traits (zero-dyn + dead-code + concrete-type). Freed 3 crates.
+**Wave 3** (S203j): Migrated 6 more zero-dyn traits: `HealthMonitor`, `SwapExecutor`,
+`DeviceDiscovery`, `HealthProbe`, `CrossCompilationToolchain` (+ 3 impls), `GpuDiscovery`.
+10 more annotations removed. 5 more crates freed from `async-trait` dependency:
+`toadstool-glowplug`, `toadstool-management-monitoring`, `toadstool-runtime-native`,
+`toadstool-integration-security`, `toadstool-runtime-container` (moved to dev-dep).
+Total: 13 traits migrated, 8 crates freed across all waves.
+**Remaining ~148**: On traits with production `dyn` dispatch (`AuthBackend`, `AgentBackend`,
+`CryptoProvider`, `UnifiedMemoryBackend`, `EdgeDevice`, `WorkloadExecutor`, etc.).
+Migration requires Send-aware generics or enum dispatch (Squirrel Wave 2/3 pattern).
+
+## S203k Resolved Debt (Deep Debt Execution: Comprehensive Evolution Pass)
+
+### D-NET-CONFIG-VALIDATION — RESOLVED S203k
+**Scope**: `cli/network_config/configurator` (5 modules)
+Empty `apply_*` functions evolved with explicit "deferred to orchestration layer" debug
+messages. Empty `validate_*` functions evolved with structural validation: circuit breaker
+thresholds, health check intervals, DNS timeout/server validation, auth method checks,
+PKI/audit/isolation field validation, traffic management percentages, port range ordering.
+Files: `reliability.rs`, `security.rs`, `traffic.rs`, `service_mesh.rs`, `discovery.rs`.
+
+### D-ENV-INTERN-WAVE2 — RESOLVED S203k
+**Scope**: Workspace (6 modules, ~40+ raw strings)
+Remaining raw env var string literals centralized to `socket_env::*` constants. Added
+`TOADSTOOL_COORDINATION_URL/PORT`, `TOADSTOOL_SECURITY_URL/PORT`, `TOADSTOOL_STORAGE_URL/PORT`,
+`TOADSTOOL_SONGBIRD_PORT`, discovery/bind/auth/endpoint constants. Wired in
+`primal_discovery_complete`, `infant_discovery/fallback`, `distributed/scheduler`,
+`server/unibin/execution`, `integration/security/discovery`.
+Files: `socket_env.rs`, 6 consumer modules.
+
+### D-HTTP-PROTOCOL-LITERAL — RESOLVED S203k
+**Scope**: Workspace (7 modules)
+Raw `"http://"` in `format!` URLs replaced with `HTTP_PROTOCOL` constant from
+`toadstool_common::constants::network`. Added `UNIX_SOCKET_URL_SCHEME` (`"unix"`) and
+`UNIX_SOCKET_URL_PREFIX` (`"unix://"`) constants for Unix socket URL handling.
+Files: `network.rs`, `primal_discovery_mdns.rs`, `primal_discovery_complete/mod.rs`,
+`discovery_defaults.rs`, `discovery_engine/mod.rs`, `zero_config/service_discovery.rs`,
+`ecosystem_network.rs`, `config/types/network.rs`.
+
+### D-ERROR-SWALLOW — RESOLVED S203k
+**Scope**: 4 production paths
+`.unwrap_or_default()` silent error swallowing evolved to `tracing::warn!` + fallback:
+`agents/manager.rs` (list_agents/list_models), `monitoring/platform.rs` (proc I/O reads),
+`pipeline.rs` (serde serialization), `hw_learn/status.rs` (recipe store open).
+Files: 4 handler/service modules.
+
+### D-DEAD-CODE-LINT — RESOLVED S203k
+**Scope**: 4 crates
+`#[allow(dead_code)]` evolved to `#[cfg_attr(not(test), expect(dead_code, reason = "..."))]`
+with documented reasons: `load_balancer.rs` (retry policy), `internal.rs` (ML selection),
+`mdns/service.rs` (reconfig path). `background/mod.rs` unused import cleaned via
+`#[cfg(test)]` gating.
+
+### D-LARGE-FILE-REFACTOR-S203K — RESOLVED S203k
+**Scope**: 4 production files across 3 crates
+Smart refactoring (not line splits) into cohesive submodules:
+- `edge/platforms/arduino.rs` (679L) → directory module: `device.rs`, `serial.rs`,
+  `deploy.rs`, `edge_device.rs` (4 submodules)
+- `edge/discovery.rs` (644L) → directory module: `serial.rs`, `network.rs`, `usb.rs`,
+  `bluetooth.rs`, `mdns.rs` (5 strategy modules)
+- `crypto_lock/access_control/manager.rs` (601L) → extracted `validation.rs`
+  (delegation validation, resource limits, chain depth)
+- `security/policies/manager.rs` (546L) → extracted `cache.rs` (CachedPolicy, TTL)
+  and `composition.rs` (merge/compose helpers)
+
+### D-ACTIVE-DEBT-CATALOG — RESOLVED S203k
+Cataloged 5 previously-undocumented active debt items with D- prefix:
+`D-SANDBOX-SIMULATION`, `D-PLUGIN-SIMULATE`, `D-BYOB-RESOURCE-SIM`,
+`D-WORKLOAD-CLIENT-IPC`, `D-HW-LEARN-VERIFY`.
+
+## S203j Resolved Debt (Deep Debt Execution: Idiomatic Evolution Pass)
+
+### D-ASYNC-WAVE3-ZERO-DYN — RESOLVED S203j
+**Scope**: Workspace | **Audit**: primalSpring async-trait migration (Class 4)
+Migrated 6 zero-dyn traits to native `async fn` in trait: `HealthMonitor` (byob),
+`SwapExecutor`, `DeviceDiscovery`, `HealthProbe` (glowplug), `CrossCompilationToolchain`
+(specialty, +3 impls), `GpuDiscovery` (gpu). 10 annotations removed. 5 crates freed
+from `async-trait` dep (`glowplug`, `monitoring`, `native`, `integration/security`;
+`container` → dev-dep). All use `#[expect(async_fn_in_trait)]` with documented reasons.
+Files: `byob/health_monitor.rs`, `glowplug/{swap,discovery,health}.rs`,
+`specialty/{types/cross_compilation,cross_compilation}.rs`, `gpu/glowplug/discovery.rs`,
+5× `Cargo.toml`.
+
+### D-UNSAFE-LINT-NVPMU — RESOLVED S203j
+**Crate**: `nvpmu` | **Audit**: unsafe code audit
+Removed 4 redundant `#[allow(unsafe_code)]` attributes from `init.rs` functions that
+contain zero `unsafe` blocks. The functions call `RecipeApplicator::apply()` through
+safe `RegisterAccess` trait — no unsafe needed.
+Files: `nvpmu/src/init.rs`.
+
+### D-HARDCODED-DRI-DEVICE — RESOLVED S203j
+**Crate**: `nvpmu` | **Audit**: hardcoding evolution
+Hardcoded `/dev/dri/card0` in 3 init functions evolved to `DEFAULT_DRI_DEVICE` constant.
+Documents future: accept device path as parameter for multi-GPU support.
+Files: `nvpmu/src/init.rs`.
+
+### D-ENV-RAW-STRINGS — RESOLVED S203j
+**Scope**: `primal_sockets` | **Audit**: hardcoding evolution
+30+ raw env var string literals in `SocketPathEnv::from_env()` evolved to interned
+constants in `socket_env::*`. Added `TOADSTOOL_TARPC_SOCKET` and 25+ connection hint
+constants (`TOADSTOOL_COORDINATION_ENDPOINT`, `LEGACY_SONGBIRD_URL`, etc.).
+Files: `interned_strings/socket_env.rs`, `primal_sockets/env.rs`.
+
+### D-DEPRECATED-STUBS — RESOLVED S203j
+**Scope**: `runtime/gpu`, `runtime/universal`, `distributed`
+Deprecated CUDA/OpenCL production stubs marked with `#[deprecated(since = "0.1.0")]`:
+`CudaBackend`, `OpenClBackend`, `OpenClComputeUnit`, unified memory `OpenClBackend`,
+OpenCL detection helpers. Compile-time deprecation replaces runtime-only error returns.
+Files: `cuda_impl/mod.rs`, `opencl_impl/mod.rs`, `unified_memory/backends/opencl.rs`,
+`universal/backends/opencl.rs`, `distributed/universal/detection/gpu.rs`.
+
+### D-PLATFORM-PATHS-CONSTANTS — RESOLVED S203j
+**Scope**: Workspace | **Audit**: hardcoding evolution
+Created `constants::platform_paths` module with organized constants for procfs
+(`CPUINFO`, `MEMINFO`, `LOADAVG`, cgroup paths), devfs (`KVM`, `DRI_DIR`,
+`VFIO_CONTAINER`), sysfs (`BUS_PCI_DEVICES`), etc paths (`OS_RELEASE`,
+`TOADSTOOL_DIR`, `RESOLV_CONF`), install paths (`OPT_TOADSTOOL`). Helper functions
+for dynamic `/proc/{pid}/` paths. ~20 call sites across 10 crates evolved.
+Files: new `constants/platform_paths.rs`, + ~15 production files.
+
+### D-HARDCODED-PRIMAL-NAMES-S203J — RESOLVED S203j
+**Scope**: Workspace | **Audit**: capability-based evolution
+Remaining hardcoded `"toadstool"` string literals in production code evolved to
+`PRIMAL_NAME` constant: `policies/types.rs`, `secret_string.rs`, `platform_paths/paths.rs`,
+`display/ipc/client/discovery.rs`, `integration/primals/primal_types.rs`, `config/lib.rs`.
+Files: 6 production files.
+
+### D-WORKSPACE-DEPS — RESOLVED S203j
+**Scope**: Workspace manifests
+Unified inline dependency versions to `workspace = true` across all workspace member
+crates. `tokio`, `serde`, `serde_json`, `async-trait`, `thiserror`, `tracing`,
+`tracing-subscriber`, `uuid`, `futures`, `regex` — all consolidated. Extra features
+preserved where needed (e.g. `serde = { workspace = true, features = ["rc"] }`).
+Files: ~20 `Cargo.toml` files.
+
+### D-MAGIC-NUMBERS — RESOLVED S203j
+**Scope**: Workspace | **Audit**: hardcoding evolution
+Magic numbers evolved to named constants: discovery fallback ports (`DEFAULT_COORDINATION_PORT`,
+`DEFAULT_SECURITY_PORT`, `DEFAULT_STORAGE_PORT`), BYOB config (`RESOURCE_MONITORING_INTERVAL_SECS`,
+`HEALTH_CHECK_INTERVAL_SECS`, `DEPLOYMENT_TIMEOUT_SECS`, named web port constants),
+policy defaults (`POLICY_CACHE_TTL_HOURS`, `DEFAULT_MAX_COMPOSITION_DEPTH`,
+`POLICY_VALIDATION_TIMEOUT_MS`).
+Files: `primal_discovery_complete/mod.rs`, `byob/config.rs`, `policies/types.rs`,
+`discovery_ports.rs`, `defaults/ports.rs`.
+
+### D-TARPC-CLIENT-SOCKET — RESOLVED S203j
+**Crate**: `client` | **Audit**: primalSpring downstream (socket unification)
+`ToadStoolTarpcClient::discover()` resolved to the JSON-RPC socket (`compute.sock`)
+instead of the tarpc socket (`compute-tarpc.sock`). Client connections to the wrong
+socket got binary/JSON protocol mismatch errors.
+**Fix**: Added `resolve_toadstool_tarpc_socket` to `primal_sockets` (mirrors server's
+`tarpc_socket_filename_for_family` convention), interned `TOADSTOOL_TARPC_SOCKET` env
+var, and wired `discover()` to `get_toadstool_tarpc_socket_path()`. +3 unit tests.
+Files: `primal_sockets/paths.rs`, `primal_sockets/env.rs`, `primal_sockets/api.rs`,
+`primal_sockets/mod.rs`, `interned_strings/socket_env.rs`, `client/tarpc_client.rs`.
 
 ## S203 Resolved Debt (Deep Audit & Evolution Execution)
 

DOCUMENTATION.md

@@ -1,6 +1,6 @@
 # ToadStool Documentation Hub
 
-**Last Updated**: April 14, 2026 — S203i
+**Last Updated**: April 15, 2026 — S203k
 
 ---
 

NEXT_STEPS.md

@@ -1,8 +1,8 @@
 # ToadStool -- Next Steps
 
-**Updated**: April 14, 2026 — S203i (Deep Debt: Massive Test Extraction + Hardcoding Evolution)
-**Status**: Production-grade | Rust edition **2024** (MSRV 1.85) | **AGPL-3.0-or-later** | **All quality gates green** | 21,600+ tests (0 failures) | **~69 JSON-RPC methods** | Wire Standard L3 (partial) | Zero C FFI deps (ecoBin v3.0) | Zero production unwraps | IPC-first | **43/43 crates with `unsafe_code` lint policy** | **~66 unsafe blocks** (all in hw containment) | **~80 justified #[allow]** | **0 production TODOs** | **~3m30s test runtime** | **rustix 1.x workspace-wide** | **capability-based primal references (no hardcoded names)**
-**Latest**: S203i — 52 production files refactored via test extraction (~10K lines moved). Production files >500L reduced 38→25 (no extractable test blocks remain). Hardcoding evolution: `CORALREEF_URL`/`SOCKET` refs → capability-neutral, `localhost` literal → `DEFAULT_HOSTNAME`. S203h: TCP idle timeout (300s configurable), `TCP_NODELAY` on all TCP streams. S203g: 6 deprecated removals, async GPU discovery, forward clone opt. S203f: wetSpring V143 validation, `compute.execute` direct route.
+**Updated**: April 15, 2026 — S203k (Deep Debt: Comprehensive Evolution Pass)
+**Status**: Production-grade | Rust edition **2024** (MSRV 1.85) | **AGPL-3.0-or-later** | **All quality gates green** | 21,600+ tests (0 failures) | **~69 JSON-RPC methods** | Wire Standard L3 (partial) | Zero C FFI deps (ecoBin v3.0) | Zero production unwraps | IPC-first | **43/43 crates with `unsafe_code` lint policy** | **~66 unsafe blocks** (all in hw containment) | **0 production TODOs** | **~3m30s test runtime** | **rustix 1.x workspace-wide** | **capability-based primal references (no hardcoded names)** | **`async-trait` 183→~144 (8 crates freed)** | **workspace deps unified**
+**Latest**: S203k — Comprehensive evolution: 13 async traits migrated to native AFIT (8 crates freed from async-trait dep). 70+ raw env var strings interned. HTTP/Unix protocol constants. Large file smart refactoring (4 files → submodule directories). Dead code cleanup, error swallowing → tracing::warn. Network configurator stubs → structural validation. 5 active debt items cataloged. S203j: tarpc socket unification, deprecated CUDA/OpenCL stubs, platform path constants, magic number evolution, workspace dep unification.
 
 ---
 

crates/auto_config/Cargo.toml

@@ -26,7 +26,6 @@ uuid = { workspace = true, features = ["v4"] }
 tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 thiserror = { workspace = true }
-async-trait = { workspace = true }
 futures = { workspace = true }
 # PURE RUST: reqwest removed - unix sockets only! ✅
 url = { workspace = true }

crates/auto_config/src/capability_traits.rs

@@ -4,8 +4,6 @@
 //! Trait-based interfaces for hardware and ecosystem detection.
 //! Enables dependency injection and testing with mock implementations.
 
-use async_trait::async_trait;
-
 use crate::ToadStoolResult;
 use crate::ecosystem::DiscoveredServices;
 use crate::hardware::SystemCapabilities;
@@ -14,10 +12,10 @@ use crate::hardware::SystemCapabilities;
 ///
 /// This trait enables dependency injection and testing by allowing
 /// both real and mock implementations of hardware detection.
-///
-/// NOTE(async-dyn): `into_trait()` returns `Box<dyn HardwareCapabilityDetector>`. Native `async fn`
-/// in traits is not object-safe; `#[async_trait]` is required.
-#[async_trait]
+#[expect(
+    async_fn_in_trait,
+    reason = "all implementors are Send + Sync; trait is internal, no dyn dispatch"
+)]
 pub trait HardwareCapabilityDetector: Send + Sync {
     /// Scan system hardware capabilities
     async fn scan_system(&mut self) -> ToadStoolResult<SystemCapabilities>;
@@ -27,10 +25,10 @@ pub trait HardwareCapabilityDetector: Send + Sync {
 ///
 /// This trait enables dependency injection and testing by allowing
 /// both real and mock implementations of service discovery.
-///
-/// NOTE(async-dyn): `into_trait()` returns `Box<dyn EcosystemServiceDiscoverer>`. Native `async fn`
-/// in traits is not object-safe; `#[async_trait]` is required.
-#[async_trait]
+#[expect(
+    async_fn_in_trait,
+    reason = "all implementors are Send + Sync; trait is internal, no dyn dispatch"
+)]
 pub trait EcosystemServiceDiscoverer: Send + Sync {
     /// Discover available ecosystem services
     async fn discover_services(&mut self) -> ToadStoolResult<DiscoveredServices>;
@@ -41,15 +39,13 @@ pub trait EcosystemServiceDiscoverer: Send + Sync {
 // ============================================================================
 
 /// Adapter to make `HardwareDetector` implement the trait
-#[async_trait]
 impl HardwareCapabilityDetector for crate::hardware::HardwareDetector {
     async fn scan_system(&mut self) -> ToadStoolResult<SystemCapabilities> {
         Self::scan_system(self).await
     }
 }
 
 /// Adapter to make `EcosystemDiscoverer` implement the trait
-#[async_trait]
 impl EcosystemServiceDiscoverer for crate::ecosystem::EcosystemDiscoverer {
     async fn discover_services(&mut self) -> ToadStoolResult<DiscoveredServices> {
         Self::discover_services(self).await
@@ -112,7 +108,6 @@ impl Default for MockHardwareDetector {
 }
 
 #[cfg(any(test, feature = "test-mocks"))]
-#[async_trait]
 impl HardwareCapabilityDetector for MockHardwareDetector {
     async fn scan_system(&mut self) -> ToadStoolResult<SystemCapabilities> {
         // Instant return - no I/O
@@ -164,55 +159,13 @@ impl Default for MockEcosystemDiscoverer {
 }
 
 #[cfg(any(test, feature = "test-mocks"))]
-#[async_trait]
 impl EcosystemServiceDiscoverer for MockEcosystemDiscoverer {
     async fn discover_services(&mut self) -> ToadStoolResult<DiscoveredServices> {
         // Instant return - no network I/O
         Ok(self.services.clone())
     }
 }
 
-/// Implement the traits for real detectors
-impl crate::hardware::HardwareDetector {
-    /// Convert to trait object
-    #[must_use]
-    pub fn into_trait(self) -> Box<dyn HardwareCapabilityDetector> {
-        Box::new(RealHardwareDetector { inner: self })
-    }
-}
-
-impl crate::ecosystem::EcosystemDiscoverer {
-    /// Convert to trait object
-    #[must_use]
-    pub fn into_trait(self) -> Box<dyn EcosystemServiceDiscoverer> {
-        Box::new(RealEcosystemDiscoverer { inner: self })
-    }
-}
-
-/// Wrapper for real hardware detector
-struct RealHardwareDetector {
-    inner: crate::hardware::HardwareDetector,
-}
-
-#[async_trait]
-impl HardwareCapabilityDetector for RealHardwareDetector {
-    async fn scan_system(&mut self) -> ToadStoolResult<SystemCapabilities> {
-        self.inner.scan_system().await
-    }
-}
-
-/// Wrapper for real ecosystem discoverer
-struct RealEcosystemDiscoverer {
-    inner: crate::ecosystem::EcosystemDiscoverer,
-}
-
-#[async_trait]
-impl EcosystemServiceDiscoverer for RealEcosystemDiscoverer {
-    async fn discover_services(&mut self) -> ToadStoolResult<DiscoveredServices> {
-        self.inner.discover_services().await
-    }
-}
-
 #[cfg(test)]
 mod tests {
     #![allow(

crates/auto_config/src/ecosystem_network.rs

@@ -12,6 +12,7 @@ use tracing::debug;
 
 use crate::ecosystem_types::{ServiceInfo, ServicePattern, ServiceStatus};
 use crate::{ToadStoolError, ToadStoolResult};
+use toadstool_common::constants::network::HTTP_PROTOCOL;
 use toadstool_config::defaults::network::{
     COMMON_SCAN_SUFFIXES, PROBE_DEFAULT_PORT, RFC1918_SCAN_RANGES,
 };
@@ -116,7 +117,7 @@ pub async fn scan_network_range(
 
         for (capability_key, pattern) in service_patterns {
             for &port in &pattern.default_ports {
-                let endpoint = format!("http://{ip}:{port}");
+                let endpoint = format!("{HTTP_PROTOCOL}{ip}:{port}");
 
                 if let Ok(service_info) = probe_service(&endpoint, pattern).await {
                     debug!("Found {} capability at {}", capability_key, endpoint);