From 890c0f5ddff263c8e37ab477ea46a03ea65c6345 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dav=C3=AD=C3=B0=20Steinn=20Geirsson?= <david@dsg.is>
Date: Fri, 27 Mar 2026 01:22:44 +0000
Subject: [PATCH] docs: update CLAUDE.md fuzzing section for AFL++/SymCC and
 renamed apps

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 CLAUDE.md | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/CLAUDE.md b/CLAUDE.md
index 8e4a30f..424252d 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -27,24 +27,33 @@ nix build .#
 ## Fuzzing
 
 ```bash
-# Enter fuzz devShell (nightly Rust + cargo-fuzz)
+# Enter cargo-fuzz devShell (nightly Rust + cargo-fuzz)
 nix develop .#fuzz
 cd vmsilo-dbus-proxy && cargo fuzz run <target>
 
-# Or one-liner
-nix run .#fuzz-dbus-proxy -- <target>
+# Or one-liner (cargo-fuzz / libFuzzer)
+nix run .#fuzz-cargo-dbus-proxy -- <target>
 
-# Parallel fuzzing (restarts automatically on crash)
-nix run .#fuzz-dbus-proxy -- <target> --fork=4
+# Parallel cargo-fuzz (restarts automatically on crash)
+nix run .#fuzz-cargo-dbus-proxy -- <target> --fork=4
 
-# Re-test artifacts after a fix, delete those that no longer crash
-nix run .#fuzz-clean-dbus-proxy -- <target>
+# Re-test cargo-fuzz artifacts after a fix, delete those that no longer crash
+nix run .#fuzz-clean-cargo-dbus-proxy -- <target>
 
-# Generate/refresh seed corpus for deserialize targets
-cd vmsilo-dbus-proxy && cargo run --manifest-path fuzz/Cargo.toml --bin generate_seeds
+# AFL++ with SymCC (single instance)
+nix run .#fuzz-afl-dbus-proxy -- <target>
+
+# AFL++ parallel (1 main + 3 secondaries + SymCC companion)
+nix run .#fuzz-afl-dbus-proxy -- <target> --jobs=4
+
+# Re-test AFL++ crash files after a fix
+nix run .#fuzz-clean-afl-dbus-proxy -- <target>
+
+# Generate/refresh seed corpus for both engines
+nix run .#fuzz-gen-corpus
 ```
 
-Fuzz targets live in `vmsilo-dbus-proxy/fuzz/`. Protocol types have `Arbitrary` derives behind the `fuzz` feature flag. Invariant assertions are in `src/fuzz_helpers.rs`.
+Fuzz targets live in `vmsilo-dbus-proxy/fuzz/` (cargo-fuzz) and `vmsilo-dbus-proxy/fuzz-afl/` (AFL++). Protocol types have `Arbitrary` derives behind the `fuzz` feature flag. Invariant assertions are in `src/fuzz_helpers.rs`.
 
 ### Fixing fuzz findings