diff --git a/TESTING_EVIDENCE.md b/TESTING_EVIDENCE.md
index a324f00..7133ccc 100644
--- a/TESTING_EVIDENCE.md
+++ b/TESTING_EVIDENCE.md
@@ -24,6 +24,11 @@ Coverage policy consistency check passed (threshold: 95%)
 - `artifacts/fuzz_aspec_verify.log`
 - `artifacts/fuzz_etl_read_entry.log`
 - `artifacts/fuzz_structured_claim_validate.log`
+- `artifacts/fuzz_ledger_ops.log`
+- `artifacts/fuzz_oracle_roundtrip.log`
+- `artifacts/fuzz_etl_ops.log`
+- `artifacts/fuzz_probe_detector.log`
+- `artifacts/fuzz_daemon_decode_limits.log`
 
 ## Gates
 
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
new file mode 100644
index 0000000..19ef398
--- /dev/null
+++ b/fuzz/.gitignore
@@ -0,0 +1,9 @@
+# cargo-fuzz build artifacts
+target/
+# Crash/timeout artifacts produced by libfuzzer
+artifacts/
+# Fuzzing corpus (may contain large inputs; not needed in source control)
+corpus/
+# Cargo.lock is intentionally excluded here; reproducibility is handled by
+# the workspace-level Cargo.lock
+Cargo.lock
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index 8faac02..6cd3375 100644
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -7,6 +7,8 @@ edition = "2021"
 [package.metadata]
 cargo-fuzz = true
 
+[workspace]
+
 [dependencies]
 libfuzzer-sys = "0.4"
 evidenceos-core = { path = "../crates/evidenceos-core" }
diff --git a/fuzz/fuzz_targets/fuzz_ledger_ops.rs b/fuzz/fuzz_targets/fuzz_ledger_ops.rs
index 28a1d26..890ec3f 100644
--- a/fuzz/fuzz_targets/fuzz_ledger_ops.rs
+++ b/fuzz/fuzz_targets/fuzz_ledger_ops.rs
@@ -43,7 +43,7 @@ fuzz_target!(|data: &[u8]| {
         .map(|l| l.with_budgets(input.k_budget, input.access_budget))
         .unwrap_or_else(|_| ConservationLedger::new(0.5).expect("fixed alpha must be valid"));
 
-    let mut frozen = ledger.frozen;
+    let mut frozen = ledger.is_frozen();
     for op in input.ops {
         let result = match op {
             Op::ChargeAll {
@@ -69,9 +69,9 @@ fuzz_target!(|data: &[u8]| {
             frozen = true;
         }
 
-        assert!(ledger.k_bits_total >= 0.0 || ledger.k_bits_total.is_nan());
-        assert!(ledger.access_credit_spent >= 0.0 || ledger.access_credit_spent.is_nan());
-        assert!(ledger.wealth.is_finite());
-        assert!(ledger.wealth > 0.0 || ledger.wealth == 0.0);
+        assert!(ledger.k_bits_total() >= 0.0 || ledger.k_bits_total().is_nan());
+        assert!(ledger.access_credit_spent() >= 0.0 || ledger.access_credit_spent().is_nan());
+        assert!(ledger.wealth().is_finite());
+        assert!(ledger.wealth() >= 0.0);
     }
 });
diff --git a/fuzz/rust-toolchain.toml b/fuzz/rust-toolchain.toml
new file mode 100644
index 0000000..77b3138
--- /dev/null
+++ b/fuzz/rust-toolchain.toml
@@ -0,0 +1,9 @@
+# Copyright (c) 2026 Joseph Verdicchio and EvidenceOS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# cargo-fuzz requires nightly for -Z flags (sanitizers, fuzzing instrumentation).
+# This override is scoped to the fuzz/ sub-crate only.
+
+[toolchain]
+channel = "nightly"
+profile = "minimal"
diff --git a/scripts/test_evidence.sh b/scripts/test_evidence.sh
index bf84497..49d1ece 100755
--- a/scripts/test_evidence.sh
+++ b/scripts/test_evidence.sh
@@ -27,6 +27,7 @@ mkdir -p artifacts target
 : > artifacts/fuzz_oracle_roundtrip.log
 : > artifacts/fuzz_etl_ops.log
 : > artifacts/fuzz_probe_detector.log
+: > artifacts/fuzz_daemon_decode_limits.log
 
 trap 'echo "[FAIL] stage=$CURRENT_STAGE" | tee -a artifacts/test_output.txt' ERR
 
@@ -108,6 +109,7 @@ fi
     cargo +nightly fuzz run fuzz_oracle_roundtrip -- -max_total_time=30 2>&1 | tee artifacts/fuzz_oracle_roundtrip.log
     cargo +nightly fuzz run fuzz_etl_ops -- -max_total_time=30 2>&1 | tee artifacts/fuzz_etl_ops.log
     cargo +nightly fuzz run fuzz_probe_detector -- -max_total_time=30 2>&1 | tee artifacts/fuzz_probe_detector.log
+    cargo +nightly fuzz run fuzz_daemon_decode_limits -- -max_total_time=30 2>&1 | tee artifacts/fuzz_daemon_decode_limits.log
   else
     echo "skipped (strict CI disabled or dependency resolution unavailable)" | tee artifacts/fuzz_aspec_verify.log
     echo "skipped (strict CI disabled or dependency resolution unavailable)" | tee artifacts/fuzz_etl_read_entry.log
@@ -116,6 +118,7 @@ fi
     echo "skipped (strict CI disabled or dependency resolution unavailable)" | tee artifacts/fuzz_oracle_roundtrip.log
     echo "skipped (strict CI disabled or dependency resolution unavailable)" | tee artifacts/fuzz_etl_ops.log
     echo "skipped (strict CI disabled or dependency resolution unavailable)" | tee artifacts/fuzz_probe_detector.log
+    echo "skipped (strict CI disabled or dependency resolution unavailable)" | tee artifacts/fuzz_daemon_decode_limits.log
   fi
 } 2>&1 | tee -a artifacts/test_output.txt
 
@@ -131,6 +134,6 @@ if [[ -n "$ignored" ]]; then
   fi
 fi
 
-for f in artifacts/test_output.txt artifacts/coverage.lcov artifacts/clippy-report.txt artifacts/fuzz_aspec_verify.log artifacts/fuzz_etl_read_entry.log artifacts/fuzz_structured_claim_validate.log artifacts/fuzz_ledger_ops.log artifacts/fuzz_oracle_roundtrip.log artifacts/fuzz_etl_ops.log artifacts/fuzz_probe_detector.log artifacts/scenarios/summary.json; do
+for f in artifacts/test_output.txt artifacts/coverage.lcov artifacts/clippy-report.txt artifacts/fuzz_aspec_verify.log artifacts/fuzz_etl_read_entry.log artifacts/fuzz_structured_claim_validate.log artifacts/fuzz_ledger_ops.log artifacts/fuzz_oracle_roundtrip.log artifacts/fuzz_etl_ops.log artifacts/fuzz_probe_detector.log artifacts/fuzz_daemon_decode_limits.log artifacts/scenarios/summary.json; do
   [[ -s "$f" ]] || { echo "missing required artifact: $f"; exit 1; }
 done