name: cargo_fuzzing
version: "1.0.0"
vertical: rust
description: "Fuzz Rust code using cargo-fuzz with real-time monitoring. Automatically discovers and fuzzes fuzz_target!() functions in user code."
author: "FuzzForge Team"
tags:
  - "fuzzing"
  - "cargo-fuzz"
  - "rust"
  - "libfuzzer"
  - "memory-safety"

# Workspace isolation mode (system-level configuration)
# - "isolated" (default): Each workflow run gets its own isolated workspace (safe for concurrent fuzzing)
# - "shared": All runs share the same workspace (for read-only analysis workflows)
# - "copy-on-write": Download once, copy for each run (balances performance and isolation)
workspace_isolation: "isolated"

parameters:
  type: object
  properties:
    target_name:
      type: string
      description: "Fuzz target name from fuzz/fuzz_targets/ (auto-discovered if not specified)"
    max_iterations:
      type: integer
      default: 1000000
      description: "Maximum fuzzing iterations"
    timeout_seconds:
      type: integer
      default: 1800
      description: "Fuzzing timeout in seconds (30 minutes)"
    sanitizer:
      type: string
      enum: ["address", "memory", "undefined"]
      default: "address"
      description: "Sanitizer to use (address, memory, undefined)"

output_schema:
  type: object
  properties:
    findings:
      type: array
      description: "Crashes and memory safety issues found during fuzzing"
      items:
        type: object
        properties:
          title:
            type: string
          severity:
            type: string
          category:
            type: string
          metadata:
            type: object
    summary:
      type: object
      description: "Fuzzing execution summary"
      properties:
        total_executions:
          type: integer
        crashes_found:
          type: integer
        execution_time:
          type: number