Add OpenAI Agents JS lockfile example and verified case study

[Ayush7614]

Summary

• Adds lockfile-only snapshot examples/openai-agents-js/ from openai/openai-agents-js@f76fc19 (package.json + pnpm-lock.yaml).
• Documents verified baseline scan in website/docs/case-studies/openai-agents-js.md (1,683 packages, 31 findings, pnpm audit comparison).
• Bundles logo at website/static/img/openai-agents-js-logo.svg.
• Frames 0 direct / 31 transitive per maintainer review on Add OpenAI Agents JS lockfile example and verified case study #490: parent-tracing narrative, one pnpm add verdaccio@6.7.2 command, MCP/Daytona clusters.
• Includes Remaining risk, full 31-row Baseline findings table, and Want your project reviewed?

Closes #490

Test plan

• npm run build && node dist/index.js examples/openai-agents-js --verbose --all — 31 findings (0 critical · 13 high · 16 medium · 2 low), 0 direct
• Generated command: pnpm add verdaccio@6.7.2 (1/31 first-pass coverage)
• pnpm audit (Node 22+, pnpm 10.14.0) — 52 entries documented
• cd website && npm run build — Docusaurus build succeeds

Made with Cursor

[sonukapoor]

The all-transitive framing is documented well, and the one concrete verdaccio parent upgrade makes this more useful than a pure zero-output study. The framing note in Summary sets honest expectations.

Same CHANGELOG issue as #500: the second bullet references VS Code in [Unreleased], but VS Code shipped in v1.18.1. Please remove the second bullet or trim it to reference OpenAI Agents JS only.

[sonukapoor]

The all-transitive framing is well handled — making the case for transitive parent tracing on a high-visibility AI SDK repo is a legitimate angle. Two things before merge:

Please rebase against main. The branch was cut before v1.18.2 shipped, so the CHANGELOG has a conflict. After rebasing, drop the VS Code line from your [Unreleased] CHANGELOG entry — that's already captured in v1.18.2. Keep just the OpenAI Agents JS line.

Add a row to website/docs/case-studies/index.md. A case studies index page was added after your branch was cut — it's on main now. After rebasing you'll find it at website/docs/case-studies/index.md. Suggested row:

| [OpenAI Agents SDK (JS)](./openai-agents-js.md) | pnpm | AI agent monorepo — 1,683 packages, 0 direct findings, 31 transitive, one verdaccio parent-upgrade command |

Everything else looks good — README updated, sidebar entry present, logo committed locally.

[Ayush7614]

Thanks for the review @sonukapoor — addressed all requested updates:

• Rebased onto latest main (conflicts resolved in CHANGELOG.md, README.md, examples/readme.md, website/sidebars.ts)
• [Unreleased] CHANGELOG now has OpenAI Agents JS only — removed VS Code reference (already in v1.18.2) and dropped the redundant second bullet
• Added OpenAI Agents SDK row to website/docs/case-studies/index.md using your suggested wording

Ready for another look.