googleprojectzero/fuzzilli — reverse-engineered prompt

Build me a command line JavaScript engine fuzzer in Swift, something like a coverage guided tool that can target supported JS shells, generate and mutate semantically valid programs through its own intermediate representation, turn those programs into JavaScript, run them against the engine, and keep the interesting or crashing cases.

I want it to feel usable end to end, not just like a partial library. It should include the core fuzzing loop, corpus management, basic minimization of crashes, coverage based evaluation, and a way to save results to disk. If the project already expects patching and instrumenting target engines, wire that workflow in clearly and make the docs and examples easy to follow so I can get from source checkout to an actual fuzzing run without guessing. If there is support for running in Docker or cloud environments, keep that working too.

Please also make the main entry point and usage help clean and practical. Look up current docs online if you need to.