AztecProtocol
diff --git a/‎barretenberg/cpp/scripts/merge_fuzzer_manifests.py‎
Lines changed: 0 additions & 62 deletions b/‎barretenberg/cpp/scripts/merge_fuzzer_manifests.py‎
Lines changed: 0 additions & 62 deletions
diff --git a/‎barretenberg/cpp/scripts/merge_fuzzer_manifests_v2.py‎
Lines changed: 75 additions & 0 deletions b/‎barretenberg/cpp/scripts/merge_fuzzer_manifests_v2.py‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎container-builds/fuzzing-container/run.sh‎
Lines changed: 45 additions & 127 deletions b/‎container-builds/fuzzing-container/run.sh‎
Lines changed: 45 additions & 127 deletions
diff --git a/‎container-builds/fuzzing-container/src/Dockerfile‎
Lines changed: 20 additions & 8 deletions b/‎container-builds/fuzzing-container/src/Dockerfile‎
Lines changed: 20 additions & 8 deletions
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+"""Merge per-preset fuzzer manifests into ContFuzzer v2 schema.
+
+Reads per-preset manifest JSON files (generated by cmake) and produces a
+unified manifest with schema v2 that ContFuzzer v2 consumes via ORAS.
+
+Each (fuzzer, variant) pair that should be independently scheduled becomes
+a target. Companion binaries (asan, cov) are NOT listed — the entrypoint
+discovers them automatically by suffix convention.
+"""
+
+import argparse
+import json
+import os
+import sys
+
+
+def main():
+    parser = argparse.ArgumentParser(description="Merge per-preset fuzzer manifests (v2 schema)")
+    parser.add_argument("manifests", nargs="+", help="Per-preset manifest JSON files")
+    parser.add_argument("--output", required=True, help="Output merged manifest path")
+    parser.add_argument("--cpus", type=int, default=4, help="Default CPU allocation per target")
+    parser.add_argument("--memory-gb", type=int, default=8, help="Default memory (GB) per target")
+    args = parser.parse_args()
+
+    # Collect fuzzers per preset
+    preset_fuzzers: dict[str, dict[str, str]] = {}
+    for path in args.manifests:
+        if not os.path.exists(path):
+            print(f"Warning: {path} not found, skipping", file=sys.stderr)
+            continue
+        with open(path) as f:
+            manifest = json.load(f)
+        preset = manifest.get("preset", "unknown")
+        for fuzzer in manifest.get("fuzzers", []):
+            preset_fuzzers.setdefault(preset, {})[fuzzer["name"]] = fuzzer["source_path"]
+
+    cov_names = set(preset_fuzzers.get("fuzzing-coverage", {}).keys())
+
+    # Schedulable variants: (preset, suffix, label)
+    schedulable = [
+        ("fuzzing",       "",       "asm"),
+        ("fuzzing-noasm", "_noasm", "noasm"),
+        ("fuzzing-avm",   "_avm",   "avm"),
+    ]
+
+    targets = []
+    for preset, suffix, label in schedulable:
+        fuzzers = preset_fuzzers.get(preset, {})
+        for name, source_path in sorted(fuzzers.items()):
+            modes = ["fuzz", "minimize", "reproduce"]
+            if name in cov_names:
+                modes.append("coverage")
+
+            targets.append({
+                "name": f"{name}{suffix}",
+                "display_name": f"{name} ({label})",
+                "language": "c++",
+                "fuzzer_engine": "libfuzzer",
+                "source_path": f"barretenberg/cpp/src/barretenberg/{source_path}",
+                "modes": modes,
+                "resources": {"cpus": args.cpus, "memory_gb": args.memory_gb},
+            })
+
+    output = {"schema": "2", "targets": targets}
+
+    os.makedirs(os.path.dirname(args.output) or ".", exist_ok=True)
+    with open(args.output, "w") as f:
+        json.dump(output, f, indent=2)
+
+    print(f"Merged {len(targets)} targets into {args.output} (schema v2)")
+
+
+if __name__ == "__main__":
+    main()
@@ -1,159 +1,77 @@
 #!/usr/bin/env bash
+# Local runner for the ContFuzzer v2 fuzzing container.
+# Builds the image and runs a target using the v2 env-var interface.
 
 set -euo pipefail
 IFS=$'\n\t'
 
-fuzzer=''
-verbosity='0'
-timeout='2592000' # 1 month
-mode='fuzzing'
-asm='on'
+target=''
+mode='fuzz'
+timeout='3600'
 cpus='8'
-mem="16G"
+mem='16G'
 jobs_="$cpus"
-workers='0'
-avm='off'
-rss_limit='2048	'
+rss_limit='2048'
 
 show_help() {
 	echo "Usage: $0 [options]"
 	echo ""
 	echo "Options:"
-	echo "  -v, --verbose               Enable fuzzer's verbose mode (default: disabled)"
-	echo "  -f, --fuzzer <fuzzer_name>  Specify the fuzzer to use (current: $fuzzer)"
-	echo "  -t, --timeout <timeout>     Set the maximum total time for fuzzing in seconds (default: $timeout - 1 month)"
-	echo "  -c, --cpus <cpus>           Set the amount of CPUs for container to use (default: $cpus)"
-	echo "  --mem <memory>              Set the amount of memory for container to use (default: $mem)"
-	echo "  -j, --jobs <N>              Set the amount of processes to run (default: $jobs_)"
-	echo "  -w, --workers <N>           Set the amount of subprocesses per job (default: $workers)"
-	echo "  -m, --mode <mode>           Set the mode of operation (fuzzing, coverage or regress-only) (default: $mode)"
-	echo "  -a, --asm <mode>            Set the flag to enable/disable asm instructions (on/off) (default: $asm)"
-	echo "  -A, --avm                   Enable AVM fuzzing mode (uses build-fuzzing-avm) (default: $avm)"
-	echo "  -r, --rss-limit <MB>        Set RSS limit in megabytes (default: 2048 MB)"
-	echo "  -h, --help                  Display this help and exit"
-	echo "  --show-fuzzers              Display the available fuzzers"
-	echo ""
-	echo "This script handles fuzzing testing with specified parameters, managing crash reports,"
-	echo "and coverage testing based on the mode specified."
+	echo "  -t, --target <name>     Target name (from /targets/), e.g. bigfield_fuzzer"
+	echo "  -m, --mode <mode>       fuzz | coverage | minimize | reproduce (default: $mode)"
+	echo "  --timeout <secs>        Fuzzing timeout in seconds (default: $timeout)"
+	echo "  -c, --cpus <n>          CPU allocation (default: $cpus)"
+	echo "  --mem <size>            Memory limit (default: $mem)"
+	echo "  -j, --jobs <n>          Parallelism (default: $jobs_)"
+	echo "  -r, --rss-limit <MB>    RSS limit in MB (default: $rss_limit)"
+	echo "  --list-targets          List available targets and exit"
+	echo "  -h, --help              Show this help"
 }
 
+list_targets=0
+
 while [[ $# -gt 0 ]]; do
 	case "$1" in
-	-v | --verbose)
-		verbosity="1"
-		shift
-		;;
-	-f | --fuzzer)
-		fuzzer="$2"
-		shift 2
-		;;
-	--show-fuzzers)
-		mode="show-fuzzers"
-		shift
-		;;
-	-t | --timeout)
-		timeout="$2"
-		shift 2
-		;;
-	-w | --workers)
-		workers="$2"
-		shift 2
-		;;
-	-j | --jobs)
-		jobs_="$2"
-		shift 2
-		;;
-	-m | --mode)
-		mode="$2"
-		shift 2
-		;;
-	-a | --asm)
-		asm="$2"
-		shift 2
-		;;
-	-A | --avm)
-		avm='on'
-		shift
-		;;
-	-r | --rss-limit)
-		rss_limit="$2"
-		shift 2
-		;;
-	-c | --cpus)
-		cpus="$2"
-		shift 2
-		;;
-	--mem)
-		mem="$2"
-		shift 2
-		;;
-	-h | --help)
-		show_help
-		exit 0
-		;;
-	--)
-		shift
-		break
-		;;
-	-*)
-		echo "Error: Unsupported flag $1" >&2
-		exit 1
-		;;
-	*)
-		break
-		;;
+	-t | --target)  target="$2";    shift 2 ;;
+	-m | --mode)    mode="$2";      shift 2 ;;
+	--timeout)      timeout="$2";   shift 2 ;;
+	-c | --cpus)    cpus="$2"; jobs_="$cpus"; shift 2 ;;
+	--mem)          mem="$2";       shift 2 ;;
+	-j | --jobs)    jobs_="$2";     shift 2 ;;
+	-r | --rss-limit) rss_limit="$2"; shift 2 ;;
+	--list-targets) list_targets=1; shift ;;
+	-h | --help)    show_help; exit 0 ;;
+	*)              echo "Unknown flag: $1" >&2; exit 1 ;;
 	esac
 done
 
 image_name=barretenberg-fuzzer
 
 docker build src/ -t "$image_name":latest
 
-if [[ "$mode" == "show-fuzzers" ]]; then
-	entrypoint_args=(--show-fuzzers)
-	entrypoint_args+=(--asm "$asm")
-	entrypoint_args+=(--avm "$avm")
-
-	docker run -it --rm \
-		--entrypoint "./entrypoint.sh" \
-		"$image_name" \
-		"${entrypoint_args[@]}"
+if [[ "$list_targets" -eq 1 ]]; then
+	docker run --rm "$image_name" ls /targets/
 	exit 0
 fi
 
-if [ -z "${fuzzer}" ]; then
-	echo "err: No fuzzer was provided"
-	echo
+if [ -z "$target" ]; then
+	echo "err: No target specified. Use --target <name> or --list-targets" >&2
 	show_help
 	exit 1
 fi
 
-mkdir -p crash-reports/unsorted output corpus coverage artifacts
+mkdir -p corpus crashes output
 
-docker_args=(
-	-it --rm
-	--user root
-	-v "$(pwd)/crash-reports:/home/fuzzer/crash-reports:rw"
-	-v "$(pwd)/output:/home/fuzzer/output:rw"
-	-v "$(pwd)/corpus:/home/fuzzer/corpus:rw"
-	-v "$(pwd)/coverage:/home/fuzzer/coverage:rw"
-	-v "$(pwd)/artifacts:/home/fuzzer/artifacts:rw"
-	--cpus="$cpus"
-	-m "$mem"
-	--entrypoint "./entrypoint.sh"
+docker run -it --rm \
+	--user root \
+	--cpus="$cpus" \
+	-m "$mem" \
+	-e "FUZZ_TARGET=$target" \
+	-e "FUZZ_MODE=$mode" \
+	-e "FUZZ_TIMEOUT=$timeout" \
+	-e "FUZZ_JOBS=$jobs_" \
+	-e "FUZZ_RSS_LIMIT=$rss_limit" \
+	-v "$(pwd)/corpus:/corpus:rw" \
+	-v "$(pwd)/crashes:/crashes:rw" \
+	-v "$(pwd)/output:/output:rw" \
 	"$image_name"
-)
-
-entrypoint_args=(
-	--fuzzer "$fuzzer"
-	--mode "$mode"
-	--asm "$asm"
-	--avm "$avm"
-	--timeout "$timeout"
-	--workers "$workers"
-	--jobs "$jobs_"
-	--verbosity "$verbosity"
-	--rss-limit "$rss_limit"
-)
-
-docker run "${docker_args[@]}" "${entrypoint_args[@]}"
@@ -65,14 +65,28 @@ RUN cmake --build build-fuzzing-cov
 RUN cmake -DCMAKE_C_COMPILER=clang-18 -DCMAKE_CXX_COMPILER=clang++-18 --preset fuzzing-avm
 RUN cmake --build build-fuzzing-avm && mv build-fuzzing-avm/bin bin-fuzzing-avm && rm -rf build-fuzzing-avm
 
-# Merge per-preset manifests into unified manifest
-RUN python3 scripts/merge_fuzzer_manifests.py \
+# Generate v2 manifest from per-preset manifests
+RUN python3 scripts/merge_fuzzer_manifests_v2.py \
     bin-fuzzing/fuzzer_manifest.json \
     bin-fuzzing-noasm/fuzzer_manifest.json \
     bin-fuzzing-avm/fuzzer_manifest.json \
     build-fuzzing-cov/bin/fuzzer_manifest.json \
     --output /tmp/fuzzer_manifest.json
 
+# Flatten all variant binaries into /targets/<name>[_variant]
+RUN mkdir -p /targets && \
+    for f in bin-fuzzing/*; do \
+        name=$(basename "$f"); \
+        [ -x "bin-fuzzing/$name" ]           && cp "bin-fuzzing/$name"           "/targets/${name}"; \
+        [ -x "bin-fuzzing-noasm/$name" ]     && cp "bin-fuzzing-noasm/$name"     "/targets/${name}_noasm"  2>/dev/null || true; \
+        [ -x "bin-fuzzing-asan/$name" ]      && cp "bin-fuzzing-asan/$name"      "/targets/${name}_asan"   2>/dev/null || true; \
+        [ -x "build-fuzzing-cov/bin/$name" ] && cp "build-fuzzing-cov/bin/$name" "/targets/${name}_cov"    2>/dev/null || true; \
+    done && \
+    for f in bin-fuzzing-avm/*; do \
+        name=$(basename "$f"); \
+        [ -x "bin-fuzzing-avm/$name" ] && cp "bin-fuzzing-avm/$name" "/targets/${name}_avm" 2>/dev/null || true; \
+    done
+
 # Runtime stage
 FROM ubuntu:noble AS runtime
 
@@ -99,20 +113,18 @@ COPY --from=builder /home/fuzzer/aztec-packages-src /home/fuzzer/aztec-packages
 
 WORKDIR /home/fuzzer/aztec-packages/barretenberg/cpp
 
-# Copy binaries from build stage
-COPY --from=builder /home/fuzzer/aztec-packages/barretenberg/cpp/bin-fuzzing ./build-fuzzing/bin
-COPY --from=builder /home/fuzzer/aztec-packages/barretenberg/cpp/bin-fuzzing-noasm ./build-fuzzing-noasm/bin
-COPY --from=builder /home/fuzzer/aztec-packages/barretenberg/cpp/bin-fuzzing-asan ./build-fuzzing-asan/bin
-COPY --from=builder /home/fuzzer/aztec-packages/barretenberg/cpp/bin-fuzzing-avm ./build-fuzzing-avm/bin
-
 # Copy full cov-build to keep LLVM links and external dependencies for coverage report
 COPY --from=builder /home/fuzzer/aztec-packages/barretenberg/cpp/build-fuzzing-cov/ ./build-fuzzing-cov/
 
 # Copy CRS
 COPY --from=builder /root/.bb-crs /root/.bb-crs
 
+# Copy flattened target binaries
+COPY --from=builder /targets/ /targets/
+
 # Copy fuzzer manifest
 COPY --from=builder /tmp/fuzzer_manifest.json ./fuzzer_manifest.json
 
 # Copy entrypoint script
 COPY entrypoint.sh .
+ENTRYPOINT ["./entrypoint.sh"]