@dailephd/my-dev-kit-lab 0.2.0

package/benchmarks/projects/todo-ts/tests/taskService.test.ts

@@ -0,0 +1,45 @@
+import { describe, expect, it } from "vitest";
+import { TaskService } from "../src/taskService.js";
+
+describe("todo-ts TaskService", () => {
+  it("creates tasks with deterministic ids", () => {
+    const service = new TaskService();
+    expect(service.createTask("First").id).toBe("task-1");
+    expect(service.createTask("Second").id).toBe("task-2");
+  });
+
+  it("completes tasks", () => {
+    const service = new TaskService();
+    const created = service.createTask("Ship benchmark");
+    const completed = service.completeTask(created.id);
+    expect(completed.completed).toBe(true);
+  });
+
+  it("lists all tasks", () => {
+    const service = new TaskService();
+    service.createTask("One");
+    service.createTask("Two");
+    expect(service.listTasks()).toHaveLength(2);
+  });
+
+  it("lists open tasks", () => {
+    const service = new TaskService();
+    const one = service.createTask("One");
+    service.createTask("Two");
+    service.completeTask(one.id);
+    expect(service.listOpenTasks().map((task) => task.title)).toEqual(["Two"]);
+  });
+
+  it("summarizes task counts", () => {
+    const service = new TaskService();
+    const one = service.createTask("One");
+    service.createTask("Two");
+    service.completeTask(one.id);
+    expect(service.summarizeTasks()).toEqual({ total: 2, open: 1, completed: 1 });
+  });
+
+  it("rejects empty task titles", () => {
+    const service = new TaskService();
+    expect(() => service.createTask("   ")).toThrowError("Task title must not be empty.");
+  });
+});

package/benchmarks/projects/todo-ts/tsconfig.json

@@ -0,0 +1,12 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "types": ["vitest/globals"]
+  },
+  "include": ["src/**/*.ts", "tests/**/*.ts"]
+}

package/benchmarks/projects/todo-ts/vitest.config.ts

@@ -0,0 +1,5 @@
+import { defineConfig } from "vitest/config";
+
+export default defineConfig({
+  cacheDir: "../../../.vitest/todo-ts"
+});

package/dist/scripts/build-gallery.js

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import { runBuildGalleryCommand } from "../src/commands/buildGalleryCommand.js";
+process.exitCode = await runBuildGalleryCommand(process.argv.slice(2));

package/dist/scripts/capture-demo-report.js

@@ -0,0 +1,3 @@
+import { runCaptureDemoReportCommand } from "../src/commands/captureDemoReport.js";
+const exitCode = await runCaptureDemoReportCommand(process.argv.slice(2));
+process.exitCode = exitCode;

package/dist/scripts/evaluate-token-savings.js

@@ -0,0 +1,2 @@
+import { runEvaluateTokenSavingsCommand } from "../src/commands/evaluateTokenSavings.js";
+process.exitCode = await runEvaluateTokenSavingsCommand(process.argv.slice(2));

package/dist/scripts/experiments/describeExperiment.js

@@ -0,0 +1,143 @@
+import { createDefaultExperimentPluginRegistry } from "../../src/experiments/index.js";
+async function main(argv) {
+    try {
+        const args = parseDescribeArgs(argv);
+        const registry = createDefaultExperimentPluginRegistry();
+        const plugin = registry.get(args.experimentId);
+        if (args.json) {
+            console.log(JSON.stringify(buildDescription(plugin), null, 2));
+            return 0;
+        }
+        printDescription(plugin);
+        return 0;
+    }
+    catch (error) {
+        if (process.env.DEBUG) {
+            console.error(error);
+        }
+        else {
+            console.error(error instanceof Error ? error.message : String(error));
+        }
+        return 1;
+    }
+}
+function parseDescribeArgs(argv) {
+    let experimentId = "";
+    let json = false;
+    for (let index = 0; index < argv.length; index += 1) {
+        const arg = argv[index];
+        if (arg === "--experiment") {
+            experimentId = argv[++index] ?? "";
+        }
+        else if (arg === "--json") {
+            json = true;
+        }
+        else {
+            throw new Error(`Unknown argument: ${arg}`);
+        }
+    }
+    if (!experimentId) {
+        throw new Error("Usage: --experiment <id> [--json]");
+    }
+    return { experimentId, json };
+}
+function buildDescription(plugin) {
+    return {
+        metadata: plugin.metadata,
+        purpose: describePurpose(plugin),
+        supportedVariants: readSupportedVariants(plugin),
+        requiredConfigFields: readConfigFields(plugin, true),
+        optionalConfigFields: readConfigFields(plugin, false),
+        targetBehavior: describeTargetBehavior(plugin),
+        expectedReports: describeExpectedReports(plugin),
+        examples: describeExamples(plugin),
+    };
+}
+function printDescription(plugin) {
+    const description = buildDescription(plugin);
+    console.log(`${plugin.metadata.name}`);
+    console.log("");
+    console.log(`ID: ${plugin.metadata.id}`);
+    console.log(`Description: ${plugin.metadata.description}`);
+    console.log(`Status: ${plugin.metadata.status}`);
+    console.log(`Schema version: ${plugin.metadata.schemaVersion}`);
+    console.log(`Supported targets: ${plugin.metadata.supportedTargets.join(", ")}`);
+    console.log(`Supported outputs: ${plugin.metadata.supportedOutputs.join(", ")}`);
+    console.log("");
+    console.log(`Purpose: ${description.purpose}`);
+    console.log(`Supported variants: ${description.supportedVariants.join(", ") || "not declared"}`);
+    console.log("");
+    printConfigSection("Required config fields", description.requiredConfigFields);
+    printConfigSection("Optional config fields", description.optionalConfigFields);
+    console.log("");
+    console.log(`Target behavior: ${description.targetBehavior}`);
+    console.log(`Expected reports: ${description.expectedReports}`);
+    console.log("");
+    console.log("Examples:");
+    for (const example of description.examples) {
+        console.log(`  ${example}`);
+    }
+}
+function printConfigSection(title, fields) {
+    console.log(`${title}:`);
+    if (fields.length === 0) {
+        console.log("  none");
+        return;
+    }
+    for (const field of fields) {
+        const defaultSuffix = field.defaultValue === undefined ? "" : ` default=${JSON.stringify(field.defaultValue)}`;
+        const typeSuffix = field.type ? ` (${field.type})` : "";
+        console.log(`  ${field.name}${typeSuffix}${defaultSuffix}${field.description ? ` - ${field.description}` : ""}`);
+    }
+}
+function readConfigFields(plugin, required) {
+    return (plugin.configDefinition?.fields ?? [])
+        .filter((field) => Boolean(field.required) === required)
+        .map((field) => ({
+        ...field,
+        defaultValue: readDefaultValue(plugin.defaultConfig, field.name),
+    }));
+}
+function readSupportedVariants(plugin) {
+    const strategies = readArrayField(plugin.defaultConfig, "strategies");
+    return strategies.filter((value) => typeof value === "string");
+}
+function readDefaultValue(config, key) {
+    if (!config || typeof config !== "object" || Array.isArray(config)) {
+        return undefined;
+    }
+    return config[key];
+}
+function readArrayField(value, key) {
+    const field = readDefaultValue(value, key);
+    return Array.isArray(field) ? field : [];
+}
+function describePurpose(plugin) {
+    if (plugin.metadata.id === "context-strategy-comparison") {
+        return "Compare raw full-file prompts with my-dev-kit-guided retrieval prompts using the existing controlled experiment workflow.";
+    }
+    return plugin.metadata.description;
+}
+function describeTargetBehavior(plugin) {
+    const supportsExternal = plugin.metadata.supportedTargets.includes("external-local");
+    if (supportsExternal) {
+        return "Runs against the current lab repository when --target is omitted, or against an explicit local target project when --target <path> is provided. Outputs stay under lab-controlled output directories by default.";
+    }
+    return "Runs against the current lab repository.";
+}
+function describeExpectedReports(plugin) {
+    if (plugin.metadata.supportedOutputs.includes("html") && plugin.metadata.supportedOutputs.includes("json")) {
+        return "Writes plugin-aware JSON and HTML reports with plugin, target, variant, case, metric, artifact, warning, skip, and failure metadata.";
+    }
+    return `Writes supported outputs: ${plugin.metadata.supportedOutputs.join(", ")}.`;
+}
+function describeExamples(plugin) {
+    return [
+        `npm run experiment:describe -- --experiment ${plugin.metadata.id}`,
+        `npm run experiment:run -- --experiment ${plugin.metadata.id} --agents fake-agent --complexities short`,
+        `npm run experiment:run -- --experiment ${plugin.metadata.id} --target "Z:\\Users\\newuser\\Projects\\my-dev-kit-v1" --agents fake-agent --complexities short --no-screenshot`,
+    ];
+}
+if (process.argv[1] && import.meta.url.endsWith(process.argv[1].replaceAll("\\", "/"))) {
+    process.exitCode = await main(process.argv.slice(2));
+}

package/dist/scripts/experiments/listExperiments.js

@@ -0,0 +1,44 @@
+import { createDefaultExperimentPluginRegistry } from "../../src/experiments/index.js";
+async function main(argv) {
+    const json = argv.includes("--json");
+    const registry = createDefaultExperimentPluginRegistry();
+    const plugins = registry.list().map((metadata) => {
+        const plugin = registry.get(metadata.id);
+        return toListedExperiment(metadata, plugin);
+    });
+    if (json) {
+        console.log(JSON.stringify({ experiments: plugins }, null, 2));
+        return 0;
+    }
+    console.log("Registered experiment plugins");
+    console.log("");
+    for (const plugin of plugins) {
+        console.log(`${plugin.id}`);
+        console.log(`  Name: ${plugin.name}`);
+        console.log(`  Description: ${plugin.description}`);
+        console.log(`  Status: ${plugin.status}`);
+        console.log(`  Supported variants: ${plugin.supportedVariants.join(", ") || "not declared"}`);
+        console.log(`  Outputs: ${plugin.supportedOutputs.join(", ")}`);
+    }
+    return 0;
+}
+function toListedExperiment(metadata, plugin) {
+    return {
+        ...metadata,
+        supportedVariants: readSupportedVariants(plugin),
+    };
+}
+function readSupportedVariants(plugin) {
+    const strategies = readArrayField(plugin.defaultConfig, "strategies");
+    return strategies.filter((value) => typeof value === "string");
+}
+function readArrayField(value, key) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return [];
+    }
+    const field = value[key];
+    return Array.isArray(field) ? field : [];
+}
+if (process.argv[1] && import.meta.url.endsWith(process.argv[1].replaceAll("\\", "/"))) {
+    process.exitCode = await main(process.argv.slice(2));
+}

package/dist/scripts/experiments/runExperiment.js

@@ -0,0 +1,199 @@
+import path from "node:path";
+import { parseAgentCommandTemplate } from "../../src/agents/index.js";
+import { parseAgentId } from "../../src/agents/agentRegistry.js";
+import { readBenchmarkProjectProfiles, readEvaluationCases } from "../../src/evaluation/index.js";
+import { createDefaultExperimentPluginRegistry, runExperiment } from "../../src/experiments/index.js";
+import { contextStrategyComparisonPlugin } from "../../src/experiments/plugins/contextStrategyComparison/index.js";
+import { parsePromptComplexityLevel, parsePromptStrategy } from "../../src/prompts/index.js";
+import { writePluginExperimentReports } from "../../src/report/index.js";
+async function main(argv) {
+    try {
+        const args = parseRunExperimentArgs(argv);
+        const toolRoot = process.cwd();
+        const registry = createDefaultExperimentPluginRegistry();
+        const inputs = await loadPluginInputs(args, toolRoot);
+        const result = await runExperiment({
+            pluginId: args.experimentId,
+            registry,
+            targetPath: args.targetPath,
+            outputRoot: args.outDir,
+            config: args.config,
+            inputs,
+            toolRoot,
+        });
+        const reports = await writePluginExperimentReports({
+            run: result,
+            plugin: registry.describe(result.pluginId),
+            outputRoot: String(result.metadata?.outputRoot ?? ""),
+        });
+        console.log([
+            `Experiment: ${result.pluginId}`,
+            `Run ID: ${result.runId}`,
+            `Status: ${result.status}`,
+            `Mode: ${result.target.isSelf ? "self" : "external target"}`,
+            `Tool root: ${result.target.toolRoot}`,
+            `Target root: ${result.target.targetRoot}`,
+            `Output: ${String(result.metadata?.outputRoot ?? "")}`,
+            `Report JSON: ${reports.outputPaths.jsonPath}`,
+            `Report HTML: ${reports.outputPaths.htmlPath}`,
+        ].join("\n"));
+        return result.status === "failed" ? 1 : 0;
+    }
+    catch (error) {
+        if (process.env.DEBUG) {
+            console.error(error);
+        }
+        else {
+            console.error(error instanceof Error ? error.message : String(error));
+        }
+        return 1;
+    }
+}
+export function parseRunExperimentArgs(argv) {
+    let experimentId = "";
+    let targetPath;
+    let outDir;
+    let casesPath;
+    let projectProfilesPath;
+    const caseIds = [];
+    const benchmarkProjects = [];
+    let agents;
+    let strategies;
+    let complexityLevels;
+    let timeoutMs;
+    let maxRuns;
+    let continueOnFailure;
+    let requireAgents;
+    let includeRealAgents;
+    const commandTemplates = {};
+    for (let index = 0; index < argv.length; index += 1) {
+        const arg = argv[index];
+        if (arg === "--experiment") {
+            experimentId = readRequiredValue(argv, ++index, "--experiment");
+        }
+        else if (arg === "--target") {
+            targetPath = readRequiredValue(argv, ++index, "--target");
+        }
+        else if (arg === "--out") {
+            outDir = readRequiredValue(argv, ++index, "--out");
+        }
+        else if (arg === "--cases") {
+            casesPath = readRequiredValue(argv, ++index, "--cases");
+        }
+        else if (arg === "--project-profiles") {
+            projectProfilesPath = readRequiredValue(argv, ++index, "--project-profiles");
+        }
+        else if (arg === "--case") {
+            caseIds.push(...splitList(readRequiredValue(argv, ++index, "--case")));
+        }
+        else if (arg === "--benchmark-project") {
+            benchmarkProjects.push(...splitList(readRequiredValue(argv, ++index, "--benchmark-project")));
+        }
+        else if (arg === "--agents") {
+            agents = splitList(readRequiredValue(argv, ++index, "--agents")).map((value) => parseAgentId(value));
+        }
+        else if (arg === "--strategies") {
+            strategies = splitList(readRequiredValue(argv, ++index, "--strategies")).map(parsePromptStrategy);
+        }
+        else if (arg === "--complexities") {
+            complexityLevels = splitList(readRequiredValue(argv, ++index, "--complexities")).map(parsePromptComplexityLevel);
+        }
+        else if (arg === "--timeout-ms") {
+            timeoutMs = parsePositiveInteger("--timeout-ms", readRequiredValue(argv, ++index, "--timeout-ms"));
+        }
+        else if (arg === "--max-runs") {
+            maxRuns = parsePositiveInteger("--max-runs", readRequiredValue(argv, ++index, "--max-runs"));
+        }
+        else if (arg === "--continue-on-failure") {
+            continueOnFailure = true;
+        }
+        else if (arg === "--no-continue-on-failure") {
+            continueOnFailure = false;
+        }
+        else if (arg === "--require-agents") {
+            requireAgents = true;
+        }
+        else if (arg === "--include-real-agents") {
+            includeRealAgents = true;
+        }
+        else if (arg === "--command-template-codex") {
+            commandTemplates.codex = parseAgentCommandTemplate(readRequiredValue(argv, ++index, "--command-template-codex"));
+        }
+        else if (arg === "--command-template-claude") {
+            commandTemplates.claude = parseAgentCommandTemplate(readRequiredValue(argv, ++index, "--command-template-claude"));
+        }
+        else if (arg === "--no-screenshot") {
+            // The plugin-aware report path does not capture screenshots yet; accept this
+            // flag so smoke commands can share the legacy demo option set.
+        }
+        else {
+            throw new Error(`Unknown argument: ${arg}`);
+        }
+    }
+    if (!experimentId) {
+        throw new Error("Usage: --experiment <id> [--target <path>] [--out <directory>]");
+    }
+    return {
+        experimentId,
+        targetPath,
+        outDir,
+        config: withoutUndefined({
+            casesPath,
+            projectProfilesPath,
+            caseIds: caseIds.length > 0 ? caseIds : undefined,
+            benchmarkProjects: benchmarkProjects.length > 0 ? benchmarkProjects : undefined,
+            agents,
+            strategies,
+            complexityLevels,
+            timeoutMs,
+            maxRuns,
+            continueOnFailure,
+            requireAgents,
+            includeRealAgents,
+            commandTemplates: Object.keys(commandTemplates).length > 0 ? commandTemplates : undefined,
+        }),
+    };
+}
+async function loadPluginInputs(args, toolRoot) {
+    if (args.experimentId !== contextStrategyComparisonPlugin.metadata.id) {
+        return undefined;
+    }
+    const validation = contextStrategyComparisonPlugin.validateConfig(args.config);
+    if (!validation.valid || !validation.config) {
+        throw new Error(`Invalid context strategy comparison config: ${validation.errors.join("; ")}`);
+    }
+    const projectProfilesPath = path.resolve(toolRoot, validation.config.projectProfilesPath ?? "benchmarks/contracts/benchmark-project-profiles.json");
+    const casesPath = path.resolve(toolRoot, validation.config.casesPath);
+    const projectProfiles = await readBenchmarkProjectProfiles(projectProfilesPath, toolRoot);
+    const cases = await readEvaluationCases(casesPath, toolRoot, {
+        projectProfiles,
+        requireProjectProfileRef: true,
+    });
+    return { cases, projectProfiles, env: process.env };
+}
+function splitList(value) {
+    return value
+        .split(",")
+        .map((item) => item.trim())
+        .filter(Boolean);
+}
+function readRequiredValue(argv, index, label) {
+    const value = argv[index];
+    if (!value || value.startsWith("--")) {
+        throw new Error(`${label} requires a value.`);
+    }
+    return value;
+}
+function parsePositiveInteger(label, value) {
+    const parsed = Number(value);
+    if (!Number.isInteger(parsed) || parsed <= 0) {
+        throw new Error(`${label} must be a positive integer.`);
+    }
+    return parsed;
+}
+function withoutUndefined(value) {
+    return Object.fromEntries(Object.entries(value).filter(([, entryValue]) => entryValue !== undefined));
+}
+if (process.argv[1] && import.meta.url.endsWith(process.argv[1].replaceAll("\\", "/"))) {
+    process.exitCode = await main(process.argv.slice(2));
+}

package/dist/scripts/generate-experiment-plots.js

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import { runGenerateExperimentPlotsCommand } from "../src/commands/generateExperimentPlotsCommand.js";
+process.exitCode = await runGenerateExperimentPlotsCommand(process.argv.slice(2));

package/dist/scripts/generate-prompt-variants.js

@@ -0,0 +1,2 @@
+import { runGeneratePromptVariantsCommand } from "../src/commands/generatePromptVariants.js";
+process.exitCode = await runGeneratePromptVariantsCommand(process.argv.slice(2));

package/dist/scripts/render-experiment-report.js

@@ -0,0 +1,2 @@
+import { runRenderExperimentReportCommand } from "../src/commands/renderExperimentReportCommand.js";
+process.exitCode = await runRenderExperimentReportCommand(process.argv.slice(2));

package/dist/scripts/run-agent-prompt.js

@@ -0,0 +1,2 @@
+import { runAgentPromptCommand } from "../src/commands/runAgentPromptCommand.js";
+process.exitCode = await runAgentPromptCommand(process.argv.slice(2));

package/dist/scripts/run-controlled-experiment.js

@@ -0,0 +1,2 @@
+import { runControlledExperimentCommand } from "../src/commands/runControlledExperimentCommand.js";
+process.exitCode = await runControlledExperimentCommand(process.argv.slice(2));

package/dist/scripts/run-final-demo.js

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import { runFinalDemoCommand } from "../src/commands/runFinalDemoCommand.js";
+process.exitCode = await runFinalDemoCommand(process.argv.slice(2));

package/dist/scripts/run-lab-demo.js

@@ -0,0 +1,5 @@
+import { runLabDemoCommand } from "../src/commands/runLabDemo.js";
+const exitCode = await runLabDemoCommand(process.argv.slice(2));
+if (exitCode !== 0) {
+    process.exitCode = exitCode;
+}

package/dist/scripts/run-visualization-demos.js

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import { runVisualizationDemosCommand } from "../src/commands/runVisualizationDemosCommand.js";
+process.exitCode = await runVisualizationDemosCommand(process.argv.slice(2));

package/dist/scripts/security/runCodeql.js

@@ -0,0 +1,57 @@
+#!/usr/bin/env node
+import { runCodeqlCheck } from "../../src/securityValidation/staticScans/codeql.js";
+import { resolveValidationTarget } from "../../src/securityValidation/validate/resolveTarget.js";
+const rawArgs = process.argv.slice(2);
+const args = parseArgs(rawArgs);
+const toolRoot = process.cwd();
+let targetRoot;
+try {
+    const target = resolveValidationTarget(args.target, toolRoot);
+    targetRoot = target.targetRoot;
+    if (!target.isSelf) {
+        console.log(`Target: ${targetRoot}`);
+    }
+}
+catch (err) {
+    console.error(`ERROR: ${err instanceof Error ? err.message : String(err)}`);
+    process.exitCode = 1;
+    process.exit(1);
+}
+console.log("Running CodeQL static analysis check...");
+const result = await runCodeqlCheck({
+    cwd: toolRoot,
+    targetRoot,
+    timeoutMs: 30_000,
+});
+const label = result.status === "skipped"
+    ? `SKIPPED — ${result.skippedReason ?? "tool unavailable"}`
+    : result.status.toUpperCase();
+console.log(`Status: ${label}`);
+if (result.findings.length > 0) {
+    console.log("\nFindings:");
+    for (const f of result.findings) {
+        console.log(`  [${f.severity.toUpperCase()}] ${f.title}`);
+        if (f.description)
+            console.log(`    ${f.description.slice(0, 120)}`);
+    }
+}
+console.log(`\nDuration: ${result.durationMs}ms`);
+if (result.status === "skipped") {
+    console.log("\nCodeQL is optional. Absence does not block release.");
+    process.exitCode = 0;
+}
+else if (result.status === "failed") {
+    process.exitCode = 1;
+}
+else {
+    process.exitCode = 0;
+}
+function parseArgs(argv) {
+    const result = {};
+    for (let i = 0; i < argv.length; i++) {
+        if ((argv[i] === "--target" || argv[i] === "-t") && i + 1 < argv.length) {
+            result.target = argv[++i];
+        }
+    }
+    return result;
+}

package/dist/scripts/security/runDependencyChecks.js

@@ -0,0 +1,57 @@
+#!/usr/bin/env node
+import path from "node:path";
+import { runDependencyChecks } from "../../src/securityValidation/index.js";
+import { DEFAULT_SECURITY_CONFIG } from "../../src/securityValidation/index.js";
+import { resolveValidationTarget } from "../../src/securityValidation/validate/resolveTarget.js";
+const rawArgs = process.argv.slice(2);
+const args = parseArgs(rawArgs);
+const toolRoot = process.cwd();
+let targetRoot;
+try {
+    const target = resolveValidationTarget(args.target, toolRoot);
+    targetRoot = target.targetRoot;
+    if (!target.isSelf) {
+        console.log(`Target: ${targetRoot}`);
+    }
+}
+catch (err) {
+    console.error(`ERROR: ${err instanceof Error ? err.message : String(err)}`);
+    process.exitCode = 1;
+    process.exit(1);
+}
+const config = {
+    ...DEFAULT_SECURITY_CONFIG,
+    reportDir: path.join(toolRoot, DEFAULT_SECURITY_CONFIG.reportDir),
+    rawOutputDir: path.join(toolRoot, DEFAULT_SECURITY_CONFIG.rawOutputDir),
+};
+console.log("Running dependency checks...");
+console.log(`Report directory: ${config.reportDir}`);
+const output = await runDependencyChecks({ cwd: targetRoot, config });
+const passed = output.checks.filter((c) => c.status === "passed").length;
+const failed = output.checks.filter((c) => c.status === "failed").length;
+const warned = output.checks.filter((c) => c.status === "warning").length;
+const skipped = output.checks.filter((c) => c.status === "skipped").length;
+console.log(`\nDependency checks complete:`);
+console.log(`  Passed:  ${passed}`);
+console.log(`  Warned:  ${warned}`);
+console.log(`  Failed:  ${failed}`);
+console.log(`  Skipped: ${skipped}`);
+console.log(`  Findings: ${output.findings.length}`);
+if (output.findings.length > 0) {
+    console.log("\nFindings:");
+    for (const f of output.findings) {
+        console.log(`  [${f.severity.toUpperCase()}] ${f.title}`);
+    }
+}
+console.log(`\nResults written to ${config.reportDir}`);
+const hasBlocker = output.findings.some((f) => f.severity === "blocker");
+process.exitCode = hasBlocker ? 1 : 0;
+function parseArgs(argv) {
+    const result = {};
+    for (let i = 0; i < argv.length; i++) {
+        if ((argv[i] === "--target" || argv[i] === "-t") && i + 1 < argv.length) {
+            result.target = argv[++i];
+        }
+    }
+    return result;
+}

package/dist/scripts/security/runFuzzSmoke.js

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+import { runAllFuzzTargets } from "../../src/securityValidation/fuzz/fuzzHarness.js";
+import { ALL_FUZZ_TARGETS } from "../../src/securityValidation/fuzz/fuzzTargets.js";
+const SEED = parseInt(process.env["FUZZ_SEED"] ?? "0xDEADBEEF", 16);
+const ITERATIONS = parseInt(process.env["FUZZ_ITERATIONS"] ?? "50", 10);
+console.log(`Running fuzz smoke tests...`);
+console.log(`  Targets   : ${ALL_FUZZ_TARGETS.length}`);
+console.log(`  Seed      : 0x${SEED.toString(16).toUpperCase()}`);
+console.log(`  Iterations: ${ITERATIONS} per target`);
+const result = await runAllFuzzTargets(ALL_FUZZ_TARGETS, {
+    seed: SEED,
+    iterations: ITERATIONS,
+});
+console.log(`\nStatus  : ${result.status.toUpperCase()}`);
+console.log(`Duration: ${result.durationMs}ms`);
+console.log(`Crashes : ${result.findings.length}`);
+if (result.findings.length > 0) {
+    console.log("\nCrash findings:");
+    for (const f of result.findings) {
+        console.log(`  [${f.severity.toUpperCase()}] ${f.title}`);
+        if (f.evidence)
+            console.log(`    Evidence: ${f.evidence.slice(0, 160)}`);
+    }
+    process.exitCode = 1;
+}
+else {
+    console.log("\nAll fuzz targets completed without crashes.");
+    process.exitCode = 0;
+}