@hominis/fireforge 0.16.3 → 0.17.0

package/dist/src/commands/patch/index.js

@@ -20,7 +20,16 @@ export { patchReorderCommand } from './reorder.js';
 export function registerPatch(program, context) {
     const patch = program
         .command('patch')
-        .description('Manage individual patches in the queue (compact, delete, reorder)');
+        .description('Manage individual patches in the queue (compact, delete, reorder)')
+        // Match `fireforge furnace`'s no-args contract: print the group's help and
+        // exit 0. Without this default action, commander routes `fireforge patch`
+        // (no subcommand) through its own help-then-exit-1 path, so scripts that
+        // probe the CLI surface see a misleading non-zero exit for a purely
+        // informational invocation. The action prints the exact same help commander
+        // would otherwise print, but returns successfully.
+        .action(() => {
+        patch.outputHelp();
+    });
     registerPatchCompact(patch, context);
     registerPatchDelete(patch, context);
     registerPatchReorder(patch, context);

package/dist/src/commands/re-export.js

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: EUPL-1.2
 import { dirname, join } from 'node:path';
-import { multiselect } from '@clack/prompts';
+import { confirm, multiselect } from '@clack/prompts';
 import { getProjectPaths, loadConfig } from '../core/config.js';
 import { isGitRepository } from '../core/git.js';
 import { getDiffForFilesAgainstHead } from '../core/git-diff.js';
@@ -11,6 +11,14 @@ import { GeneralError, InvalidArgumentError } from '../errors/base.js';
 import { toError } from '../utils/errors.js';
 import { pathExists } from '../utils/fs.js';
 import { cancel, info, intro, isCancel, outro, spinner, success, warn } from '../utils/logger.js';
+/**
+ * Threshold above which `--scan` must be explicitly confirmed. Values were
+ * picked so the common "refresh after one-or-two-file tweak" case stays
+ * frictionless while catching the eval finding #13 scenario where `--scan`
+ * silently pulled in an entire sibling feature (xhtml + tests + theme CSS).
+ */
+const SCAN_ADD_COUNT_THRESHOLD = 3;
+const SCAN_DIR_COUNT_THRESHOLD = 2;
 import { pickDefined } from '../utils/options.js';
 import { runPatchLint } from './export-shared.js';
 import { reExportFilesInPlace } from './re-export-files.js';
@@ -39,25 +47,90 @@ async function scanPatchFiles(currentFilesAffected, engineDir, manifest, patchFi
             removed.push(f);
         }
     }
-    for (const f of added.sort()) {
+    const sortedAdded = [...added].sort();
+    const sortedRemoved = [...removed].sort();
+    for (const f of sortedAdded) {
         info(`  + ${f}`);
     }
-    for (const f of removed.sort()) {
+    for (const f of sortedRemoved) {
         info(`  - ${f}`);
     }
     if (added.length > 0 || removed.length > 0) {
         const removedSet = new Set(removed);
         const updated = [...currentFilesAffected.filter((f) => !removedSet.has(f)), ...added].sort();
         info(`  ${isDryRun ? 'Would update' : 'Updated'} ${patchFilename}: +${added.length} / -${removed.length} files`);
-        return updated;
+        return { updated, added: sortedAdded, removed: sortedRemoved };
     }
-    return currentFilesAffected;
+    return { updated: currentFilesAffected, added: [], removed: [] };
+}
+/**
+ * Returns true when the caller-confirmed threshold is exceeded for this
+ * scan's additions. The heuristic treats "small, same-directory" additions
+ * as friction-free (the common refresh case) and flags larger or
+ * multi-directory expansions so operators see them before they land.
+ *
+ * Pre-0.16.0 `--scan` silently broadened patches to include any modified or
+ * untracked file that shared a parent directory with the existing
+ * filesAffected — in practice, pulling adjacent feature code into a patch
+ * that had nothing to do with it. The gate below turns the broadening into
+ * an explicit opt-in.
+ */
+function scanAdditionsNeedConfirmation(added) {
+    if (added.length === 0)
+        return false;
+    if (added.length > SCAN_ADD_COUNT_THRESHOLD)
+        return true;
+    const dirs = new Set(added.map((f) => dirname(f)));
+    return dirs.size >= SCAN_DIR_COUNT_THRESHOLD;
+}
+/**
+ * Gate for broad `--scan` additions. Enforces explicit acknowledgement when
+ * the scan would pull in more files than a narrow refresh. Dry-run always
+ * proceeds (the preview is the whole point).
+ *
+ * @returns true if the caller should proceed; false if the user cancelled.
+ */
+async function confirmBroadScanAdditions(args) {
+    const { patchFilename, added, isDryRun, yes, isInteractive } = args;
+    if (isDryRun)
+        return true;
+    if (!scanAdditionsNeedConfirmation(added))
+        return true;
+    if (yes)
+        return true;
+    warn(`${patchFilename}: --scan would add ${String(added.length)} file(s) that span ${String(new Set(added.map((f) => dirname(f))).size)} director${new Set(added.map((f) => dirname(f))).size === 1 ? 'y' : 'ies'}. ` +
+        'Broad scans can silently pull adjacent features into a patch — review the diff before continuing.');
+    if (!isInteractive) {
+        throw new GeneralError(`Refusing to broaden "${patchFilename}" via --scan in non-interactive mode. ` +
+            'Pass --yes to acknowledge the expansion, or run with --dry-run first to review.');
+    }
+    const confirmed = await confirm({
+        message: `Proceed and broaden ${patchFilename} with ${String(added.length)} newly discovered file(s)?`,
+        initialValue: false,
+    });
+    if (isCancel(confirmed) || !confirmed) {
+        cancel(`Skipped ${patchFilename}`);
+        return false;
+    }
+    return true;
 }
 async function reExportSinglePatch(patch, paths, manifest, options, isDryRun, config) {
     let currentFilesAffected = [...patch.filesAffected];
     // --- Scan for new/removed files ---
     if (options.scan) {
-        currentFilesAffected = await scanPatchFiles(currentFilesAffected, paths.engine, manifest, patch.filename, isDryRun);
+        const scanResult = await scanPatchFiles(currentFilesAffected, paths.engine, manifest, patch.filename, isDryRun);
+        const isInteractive = process.stdin.isTTY && process.stdout.isTTY;
+        const proceed = await confirmBroadScanAdditions({
+            patchFilename: patch.filename,
+            added: scanResult.added,
+            isDryRun,
+            yes: options.yes === true,
+            isInteractive,
+        });
+        if (!proceed) {
+            return false;
+        }
+        currentFilesAffected = scanResult.updated;
     }
     else if (options.files === undefined) {
         // Finding #16: when neither `--scan` nor `--files` is set and some

package/dist/src/commands/resolve.d.ts

@@ -1,9 +1,33 @@
 import { Command } from 'commander';
 import type { CommandContext } from '../types/cli.js';
+/**
+ * Options accepted by {@link resolveCommand}.
+ */
+export interface ResolveCommandOptions {
+    /**
+     * Skip the interactive "Have you finished fixing the files?"
+     * confirmation prompt and treat the resolution as complete.
+     *
+     * Motivating case (2026-04-21 eval, Finding #18): a scripted or
+     * CI-assisted recovery flow that has already completed the manual
+     * merge step cannot advance through `fireforge resolve` because the
+     * TTY guard refuses non-interactive invocations outright. `--yes`
+     * is the explicit opt-in for those flows: the operator is asserting
+     * they have already done the merge, and the command proceeds
+     * straight to the patch-refresh + state-clear path.
+     *
+     * The guard without `--yes` is preserved — running `resolve` with
+     * no TTY and no `--yes` still refuses so an accidental pipe-into
+     * invocation doesn't silently commit whatever the engine happens
+     * to contain.
+     */
+    yes?: boolean;
+}
 /**
  * Runs the resolve command to fix broken patches.
  * @param projectRoot - Root directory of the project
+ * @param options - Optional flags; see {@link ResolveCommandOptions}.
  */
-export declare function resolveCommand(projectRoot: string): Promise<void>;
+export declare function resolveCommand(projectRoot: string, options?: ResolveCommandOptions): Promise<void>;
 /** Registers the resolve command on the CLI program. */
 export declare function registerResolve(program: Command, { getProjectRoot, withErrorHandling }: CommandContext): void;

package/dist/src/commands/resolve.js

@@ -5,6 +5,7 @@ import { getProjectPaths, loadConfig, loadState, updateState } from '../core/con
 import { isGitRepository } from '../core/git.js';
 import { getStagedDiffForFiles } from '../core/git-diff.js';
 import { stageFiles, unstageFiles } from '../core/git-file-ops.js';
+import { extractAffectedFiles } from '../core/patch-apply.js';
 import { updatePatchAndMetadata } from '../core/patch-export.js';
 import { loadPatchesManifest } from '../core/patch-manifest.js';
 import { GeneralError, ResolutionError } from '../errors/base.js';
@@ -14,8 +15,9 @@ import { error as logError, info, intro, isCancel, outro, spinner, success, } fr
 /**
  * Runs the resolve command to fix broken patches.
  * @param projectRoot - Root directory of the project
+ * @param options - Optional flags; see {@link ResolveCommandOptions}.
  */
-export async function resolveCommand(projectRoot) {
+export async function resolveCommand(projectRoot, options = {}) {
     intro('FireForge Resolve');
     const paths = getProjectPaths(projectRoot);
     const state = await loadState(projectRoot);
@@ -34,17 +36,25 @@ export async function resolveCommand(projectRoot) {
     if (!(await isGitRepository(paths.engine))) {
         throw new GeneralError('Engine directory is not a git repository. Run "fireforge download" to initialize.');
     }
-    if (!process.stdin.isTTY) {
-        throw new GeneralError('Cannot run "fireforge resolve" in non-interactive mode. Use a terminal with TTY support.');
+    // Non-interactive mode requires an explicit `--yes` to proceed: the
+    // operator is asserting the manual merge is complete and the
+    // refreshed diff is the one to record. Without `--yes`, an accidental
+    // pipe / CI shell could otherwise commit whatever the engine
+    // currently contains. 2026-04-21 eval (Finding #18): a scripted
+    // recovery flow was dead-ended by the unconditional TTY refusal.
+    if (!process.stdin.isTTY && !options.yes) {
+        throw new GeneralError('Cannot run "fireforge resolve" in non-interactive mode. Use a terminal with TTY support, or pass "--yes" to skip the interactive confirmation once the manual merge is complete.');
     }
-    const finished = await confirm({
-        message: 'Have you finished manually fixing the files in engine/?',
-        initialValue: true,
-    });
-    if (isCancel(finished) || !finished) {
-        info('Please fix the conflicts and run "fireforge resolve" again.');
-        outro('Resolution paused');
-        return;
+    if (!options.yes) {
+        const finished = await confirm({
+            message: 'Have you finished manually fixing the files in engine/?',
+            initialValue: true,
+        });
+        if (isCancel(finished) || !finished) {
+            info('Please fix the conflicts and run "fireforge resolve" again.');
+            outro('Resolution paused');
+            return;
+        }
     }
     const manifest = await loadPatchesManifest(paths.patches);
     if (!manifest) {
@@ -106,9 +116,22 @@ export async function resolveCommand(projectRoot) {
         // import / export / re-export / patch reorder / patch compact could
         // interleave with and leave the manifest disagreeing with the
         // freshly-written patch body.
+        //
+        // Always recompute `filesAffected` from the diff content itself. The
+        // eval finding #16 scenario: the user's manual fix removed every
+        // hunk for one file while the file still existed on disk, so the
+        // pre-0.16.0 gate of "update filesAffected only when files were
+        // deleted from disk" left the manifest claiming a file the patch
+        // body no longer targeted. The next `fireforge import` then failed
+        // the patch-manifest consistency check even though resolve reported
+        // success. `extractAffectedFiles` already owns the canonical
+        // "parse a diff, return its target paths" logic used by export and
+        // consistency — using it here keeps resolve in agreement with every
+        // other writer.
+        const diffFilesAffected = extractAffectedFiles(diffContent);
         const config = await loadConfig(projectRoot);
         await updatePatchAndMetadata(paths.patches, patchFilename, diffContent, {
-            ...(activeFiles.length < existingFiles.length ? { filesAffected: activeFiles } : {}),
+            filesAffected: diffFilesAffected,
             sourceEsrVersion: config.firefox.version,
         });
         // Cleanup: Clear pendingResolution from state.json transactionally so
@@ -124,7 +147,7 @@ export async function resolveCommand(projectRoot) {
         });
         s.stop(`Updated ${patchFilename}`);
         success('Patch updated successfully and resolution state cleared.');
-        info('Run "fireforge import" to apply the remaining patches.');
+        info('Patch updated. Run "fireforge import" next to resume the queue from this point — resolve only refreshes the one broken patch, it does not continue applying the remaining patches itself.');
         outro('Resolution complete');
     }
     catch (error) {
@@ -137,9 +160,10 @@ export async function resolveCommand(projectRoot) {
 export function registerResolve(program, { getProjectRoot, withErrorHandling }) {
     program
         .command('resolve')
-        .description('Update a broken patch with manual fixes and continue')
-        .action(withErrorHandling(async () => {
-        await resolveCommand(getProjectRoot());
+        .description('Update a broken patch with manual fixes (then run "fireforge import" to resume the queue)')
+        .option('-y, --yes', 'Skip the interactive confirmation prompt. Use for non-interactive automation flows (CI, scripted recovery) after the manual merge is complete.')
+        .action(withErrorHandling(async (options) => {
+        await resolveCommand(getProjectRoot(), options);
     }));
 }
 //# sourceMappingURL=resolve.js.map

package/dist/src/commands/run.js

@@ -183,17 +183,31 @@ async function runSmokeExit(engineDir, options) {
         warn(`--capture-console stream error: ${err.message}`);
     });
     const findings = [];
-    let allowlistedHits = 0;
+    let allowlistedErrorHits = 0;
+    let allowlistedTotalHits = 0;
     const handleLine = (stream, line) => {
         // Mirror raw output to the terminal so operators watching the smoke
         // run still see what the browser is printing. Stream selection on the
         // mirror preserves stdout/stderr separation for downstream piping.
         const sink = stream === 'stdout' ? process.stdout : process.stderr;
         sink.write(`${line}\n`);
+        // Count allowlist hits up-front, regardless of error-pattern match.
+        // Pre-0.16.0 the counter only incremented when the line ALSO matched
+        // an error pattern — so an allowlist regex that visibly matched
+        // `console.warn: RSLoader:` still reported 0 hits because
+        // `console.warn:` is not a smoke error class, confusing operators
+        // who were tuning their allowlist. We now surface two numbers: the
+        // total set of allowlisted lines (what the operator sees in the
+        // console) and the subset that were error-class (what the smoke
+        // exit contract cares about). The exit contract itself is unchanged.
+        const isAllowlisted = allowlist.length > 0 && matchesAllowlist(line, allowlist);
+        if (isAllowlisted) {
+            allowlistedTotalHits += 1;
+        }
         if (!matchesSmokeError(line))
             return;
-        if (matchesAllowlist(line, allowlist)) {
-            allowlistedHits += 1;
+        if (isAllowlisted) {
+            allowlistedErrorHits += 1;
             return;
         }
         findings.push({ stream, line });
@@ -221,7 +235,8 @@ async function runSmokeExit(engineDir, options) {
         smokeTimeoutMs,
         elapsedMs,
         timedOut: result.timedOut,
-        allowlistedHits,
+        allowlistedErrorHits,
+        allowlistedTotalHits,
         findings,
         exitCode: result.exitCode,
     });
@@ -278,7 +293,14 @@ function reportSmokeSummary(args) {
     info('');
     info(`Smoke run complete: ${seconds}s elapsed of ${windowSeconds}s window${suffix}`);
     info(`  Unallowed errors: ${String(args.findings.length)}`);
-    info(`  Allowlisted hits: ${String(args.allowlistedHits)}`);
+    // The "suppressed errors" count is what the exit contract cares about —
+    // it is the subset of allowlisted hits that would otherwise have been
+    // tallied as findings. The "all allowlisted lines" count answers the
+    // operator's mental model ("my --console-allow pattern matched N
+    // console lines"), which pre-0.16.0 was missing and led to 0-hit
+    // reports on visibly matching regexes.
+    info(`  Allowlisted error hits (suppressed): ${String(args.allowlistedErrorHits)}`);
+    info(`  Allowlisted lines total: ${String(args.allowlistedTotalHits)}`);
     info(`  Child exit code:  ${String(args.exitCode)}`);
     if (args.findings.length === 0)
         return;

package/dist/src/commands/status.js

@@ -1,19 +1,15 @@
-// SPDX-License-Identifier: EUPL-1.2
-import { join } from 'node:path';
-import { isBrandingManagedPath } from '../core/branding.js';
 import { getProjectPaths, loadConfig } from '../core/config.js';
 import { collectFurnaceManagedPrefixes } from '../core/furnace-config.js';
 import { getHead, getStatusWithCodes, isGitRepository, isMissingHeadError } from '../core/git.js';
 import { getUntrackedFilesInDir } from '../core/git-status.js';
 import { isFileRegistered, matchesRegistrablePattern } from '../core/manifest-rules.js';
 import { buildOwnershipTable, renderOwnershipTable } from '../core/ownership-table.js';
-import { computePatchedContent } from '../core/patch-apply.js';
 import { buildPatchQueueContext, collectNewFileCreatorsByPath } from '../core/patch-lint.js';
 import { loadPatchesManifest } from '../core/patch-manifest.js';
+import { classifyFiles, } from '../core/status-classify.js';
 import { GeneralError } from '../errors/base.js';
-import { toError } from '../utils/errors.js';
-import { FIREFORGE_TMP_PATH_PATTERN, pathExists, readText } from '../utils/fs.js';
-import { info, intro, outro, verbose, warn } from '../utils/logger.js';
+import { FIREFORGE_TMP_PATH_PATTERN, pathExists } from '../utils/fs.js';
+import { info, intro, outro, warn } from '../utils/logger.js';
 /**
  * Status code descriptions for git status.
  */
@@ -179,87 +175,27 @@ async function expandDirectoryEntries(files, engineDir) {
 function filterFireForgeTempFiles(files) {
     return files.filter((entry) => !FIREFORGE_TMP_PATH_PATTERN.test(entry.file));
 }
-/**
- * Classifies files into patch-backed, unmanaged, or branding buckets.
- */
-async function classifyFiles(files, engineDir, patchesDir, binaryName, furnacePrefixes) {
-    const manifest = await loadPatchesManifest(patchesDir);
-    // Build set of all patch-claimed file paths
-    const patchClaimedFiles = new Set();
-    if (manifest) {
-        for (const patch of manifest.patches) {
-            for (const f of patch.filesAffected) {
-                patchClaimedFiles.add(f);
-            }
-        }
-    }
-    const results = [];
-    for (const entry of files) {
-        // Branding check first
-        if (isBrandingManagedPath(entry.file, binaryName)) {
-            results.push({ ...entry, classification: 'branding' });
-            continue;
-        }
-        // Furnace-managed component paths
-        if (furnacePrefixes.size > 0) {
-            let isFurnace = false;
-            for (const prefix of furnacePrefixes) {
-                if (entry.file.startsWith(prefix)) {
-                    isFurnace = true;
-                    break;
-                }
-            }
-            if (isFurnace) {
-                results.push({ ...entry, classification: 'furnace' });
-                continue;
-            }
-        }
-        // Not in any patch → unmanaged
-        if (!patchClaimedFiles.has(entry.file)) {
-            results.push({ ...entry, classification: 'unmanaged' });
-            continue;
-        }
-        // File is claimed by a patch — compare content
-        const primaryCode = getPrimaryStatusCode(entry.status);
-        if (primaryCode === 'D') {
-            // Deleted file: patch-backed only if patch expects deletion
-            const expected = await computePatchedContent(patchesDir, engineDir, entry.file);
-            results.push({
-                ...entry,
-                classification: expected === null ? 'patch-backed' : 'unmanaged',
-            });
-            continue;
-        }
-        // File exists on disk — compare actual vs expected
-        try {
-            const [expected, actual] = await Promise.all([
-                computePatchedContent(patchesDir, engineDir, entry.file),
-                readText(join(engineDir, entry.file)),
-            ]);
-            results.push({
-                ...entry,
-                classification: actual === expected ? 'patch-backed' : 'unmanaged',
-            });
-        }
-        catch (error) {
-            verbose(`Treating ${entry.file} as unmanaged because patch-backed classification failed: ${toError(error).message}`);
-            // If we can't read the file, treat as unmanaged
-            results.push({ ...entry, classification: 'unmanaged' });
-        }
-    }
-    return results;
-}
 /**
  * Renders classified file status as machine-readable JSON to stdout.
  */
 async function renderJsonStatus(files, paths, projectRoot, binaryName) {
     const furnacePrefixes = await collectFurnaceManagedPrefixes(projectRoot);
     const classified = await classifyFiles(files, paths.engine, paths.patches, binaryName, furnacePrefixes);
-    const output = classified.map((f) => ({
-        file: f.file,
-        status: f.status.trim(),
-        classification: f.classification,
-    }));
+    const output = classified.map((f) => {
+        const entry = {
+            file: f.file,
+            status: f.status.trim(),
+            classification: f.classification,
+        };
+        // `claimedBy` is an optional field present only on conflict
+        // entries, so non-conflict output stays byte-identical to the
+        // pre-0.16.0 shape (no unconditional schema change for the
+        // 99% of entries that are not cross-patch conflicts).
+        if (f.classification === 'conflict' && f.claimedBy && f.claimedBy.length > 0) {
+            entry.claimedBy = [...f.claimedBy];
+        }
+        return entry;
+    });
     process.stdout.write(JSON.stringify(output, null, 2) + '\n');
 }
 /**
@@ -394,65 +330,107 @@ export async function statusCommand(projectRoot, options = {}) {
     // Patch-aware classification
     const furnacePrefixes = await collectFurnaceManagedPrefixes(projectRoot);
     const classified = await classifyFiles(files, paths.engine, paths.patches, config.binaryName, furnacePrefixes);
-    const unmanagedFiles = classified.filter((f) => f.classification === 'unmanaged');
-    const patchBackedFiles = classified.filter((f) => f.classification === 'patch-backed');
-    const brandingFiles = classified.filter((f) => f.classification === 'branding');
-    const furnaceFiles = classified.filter((f) => f.classification === 'furnace');
+    const buckets = {
+        conflict: classified.filter((f) => f.classification === 'conflict'),
+        unmanaged: classified.filter((f) => f.classification === 'unmanaged'),
+        patchBacked: classified.filter((f) => f.classification === 'patch-backed'),
+        branding: classified.filter((f) => f.classification === 'branding'),
+        furnace: classified.filter((f) => f.classification === 'furnace'),
+    };
     // --unmanaged mode: only show unmanaged
     if (options.unmanaged) {
-        info(`${unmanagedFiles.length} unmanaged file${unmanagedFiles.length === 1 ? '' : 's'} (${files.length} total modified):\n`);
-        if (unmanagedFiles.length > 0) {
-            printStatusGroups(unmanagedFiles);
-            await printUnregisteredWarnings(unmanagedFiles, projectRoot, config.binaryName);
-        }
-        else {
-            info('No unmanaged changes');
-        }
-        outro(unmanagedFiles.length === 0
-            ? 'No unmanaged changes'
-            : `${unmanagedFiles.length} unmanaged change${unmanagedFiles.length === 1 ? '' : 's'}`);
+        await renderUnmanagedOnly(buckets.unmanaged, files.length, projectRoot, config.binaryName);
         return;
     }
-    // Default mode: three-bucket display
-    info(`${files.length} modified file${files.length === 1 ? '' : 's'}:\n`);
+    await renderDefaultStatus(files.length, buckets, projectRoot, config.binaryName);
+}
+async function renderUnmanagedOnly(unmanagedFiles, totalModified, projectRoot, binaryName) {
+    info(`${unmanagedFiles.length} unmanaged file${unmanagedFiles.length === 1 ? '' : 's'} (${totalModified} total modified):\n`);
     if (unmanagedFiles.length > 0) {
-        warn('Unmanaged changes:');
         printStatusGroups(unmanagedFiles);
-        await printUnregisteredWarnings(unmanagedFiles, projectRoot, config.binaryName);
+        await printUnregisteredWarnings(unmanagedFiles, projectRoot, binaryName);
+    }
+    else {
+        info('No unmanaged changes');
+    }
+    outro(unmanagedFiles.length === 0
+        ? 'No unmanaged changes'
+        : `${unmanagedFiles.length} unmanaged change${unmanagedFiles.length === 1 ? '' : 's'}`);
+}
+/**
+ * Renders the default five-bucket status display: conflicts first
+ * (they block export/import/rebase), then unmanaged, patch-backed,
+ * branding, and furnace-managed sections. Cross-bucket separators
+ * ensure the sections are visually distinct without trailing empty
+ * groups. Empty buckets are omitted — the very-empty case surfaces a
+ * single `No changes` line.
+ */
+async function renderDefaultStatus(totalModified, buckets, projectRoot, binaryName) {
+    const { conflict, unmanaged, patchBacked, branding, furnace } = buckets;
+    info(`${totalModified} modified file${totalModified === 1 ? '' : 's'}:\n`);
+    if (conflict.length > 0) {
+        // Surface cross-patch ownership conflicts at the top of the default
+        // output — they block export/import/rebase and want immediate
+        // attention. The `--ownership` view already renders the full table;
+        // here we just name the files and point the operator at the
+        // canonical recovery path.
+        warn('Cross-patch ownership conflicts (same file claimed by multiple patches):');
+        printStatusGroups(conflict);
+        for (const entry of conflict) {
+            if (entry.claimedBy && entry.claimedBy.length > 0) {
+                info(`  ${entry.file} — claimed by ${entry.claimedBy.join(', ')}`);
+            }
+        }
+        info('Run "fireforge status --ownership" for the full conflict table, then repartition with "fireforge re-export --files <paths> <patch>".');
     }
-    if (patchBackedFiles.length > 0) {
-        if (unmanagedFiles.length > 0)
+    if (unmanaged.length > 0) {
+        if (conflict.length > 0)
+            info('');
+        warn('Unmanaged changes:');
+        printStatusGroups(unmanaged);
+        await printUnregisteredWarnings(unmanaged, projectRoot, binaryName);
+    }
+    if (patchBacked.length > 0) {
+        if (conflict.length > 0 || unmanaged.length > 0)
             info('');
         warn('Patch-backed materialized changes:');
-        printStatusGroups(patchBackedFiles);
+        printStatusGroups(patchBacked);
     }
-    if (brandingFiles.length > 0) {
-        if (unmanagedFiles.length > 0 || patchBackedFiles.length > 0)
+    if (branding.length > 0) {
+        if (conflict.length > 0 || unmanaged.length > 0 || patchBacked.length > 0) {
             info('');
+        }
         warn('Tool-managed branding changes:');
-        printStatusGroups(brandingFiles);
+        printStatusGroups(branding);
     }
-    if (furnaceFiles.length > 0) {
-        if (unmanagedFiles.length > 0 || patchBackedFiles.length > 0 || brandingFiles.length > 0)
+    if (furnace.length > 0) {
+        if (conflict.length > 0 ||
+            unmanaged.length > 0 ||
+            patchBacked.length > 0 ||
+            branding.length > 0) {
             info('');
+        }
         warn('Furnace-managed component changes:');
-        printStatusGroups(furnaceFiles);
+        printStatusGroups(furnace);
     }
-    if (unmanagedFiles.length === 0 &&
-        patchBackedFiles.length === 0 &&
-        brandingFiles.length === 0 &&
-        furnaceFiles.length === 0) {
+    if (conflict.length === 0 &&
+        unmanaged.length === 0 &&
+        patchBacked.length === 0 &&
+        branding.length === 0 &&
+        furnace.length === 0) {
         info('No changes');
     }
     const parts = [];
-    if (unmanagedFiles.length > 0)
-        parts.push(`${unmanagedFiles.length} unmanaged`);
-    if (patchBackedFiles.length > 0)
-        parts.push(`${patchBackedFiles.length} patch-backed`);
-    if (brandingFiles.length > 0)
-        parts.push(`${brandingFiles.length} branding`);
-    if (furnaceFiles.length > 0)
-        parts.push(`${furnaceFiles.length} furnace`);
+    if (conflict.length > 0)
+        parts.push(`${conflict.length} conflict`);
+    if (unmanaged.length > 0)
+        parts.push(`${unmanaged.length} unmanaged`);
+    if (patchBacked.length > 0)
+        parts.push(`${patchBacked.length} patch-backed`);
+    if (branding.length > 0)
+        parts.push(`${branding.length} branding`);
+    if (furnace.length > 0)
+        parts.push(`${furnace.length} furnace`);
     outro(parts.join(', '));
 }
 /** Registers the status command on the CLI program. */