@hominis/fireforge 0.16.3 → 0.17.0

package/dist/src/core/marionette-port.d.ts

@@ -0,0 +1,50 @@
+/** Default Marionette control port set by `-marionette`. */
+export declare const DEFAULT_MARIONETTE_PORT = 2828;
+/**
+ * Information about a process holding the Marionette port.
+ */
+export interface MarionettePortHolder {
+    /** OS process ID. */
+    pid: number;
+    /** Process basename (e.g. `forgefresh`, `firefox`). */
+    command: string;
+    /**
+     * Full command line the holder was launched with, when the probe
+     * can recover it. `lsof` by itself only returns the basename, so
+     * POSIX callers see `command === commandLine`; Windows callers
+     * recover the full command line via `Get-Process`. Used to detect
+     * the `-marionette` flag, which positively identifies a stale
+     * browser rather than an unrelated listener.
+     */
+    commandLine: string;
+}
+/**
+ * Result of a Marionette port probe.
+ */
+export interface MarionettePortProbeResult {
+    /** True when something is listening on the probed port. */
+    inUse: boolean;
+    /** Details about the holder, when the probe recovered them. */
+    holder?: MarionettePortHolder;
+}
+/**
+ * Probes whether the Marionette port is currently bound by a
+ * listener. The probe is best-effort: missing tooling returns
+ * `{ inUse: false }` without failing.
+ *
+ * @param port - Port to probe (default {@link DEFAULT_MARIONETTE_PORT}).
+ */
+export declare function probeMarionettePort(port?: number): Promise<MarionettePortProbeResult>;
+/**
+ * Raises a targeted {@link GeneralError} when the Marionette port
+ * is held by a browser process; raises a softer warning-shaped
+ * error when the holder is unrelated (so the operator still sees
+ * a useful signal but can decide whether to wait it out).
+ *
+ * @param port - Port to probe (default {@link DEFAULT_MARIONETTE_PORT}).
+ * @param options - Extra context for the error message (the project's
+ *   `binaryName` is used to recognise fork-branded browser binaries).
+ */
+export declare function assertMarionettePortAvailable(port?: number, options?: {
+    binaryName?: string;
+}): Promise<void>;

package/dist/src/core/marionette-port.js

@@ -0,0 +1,215 @@
+// SPDX-License-Identifier: EUPL-1.2
+/**
+ * Marionette port probe.
+ *
+ * Gecko's Marionette control channel binds `127.0.0.1:2828` when a
+ * Firefox / ForgeFresh / Hominis instance is launched with
+ * `-marionette`. The `fireforge test` harness spawns the browser with
+ * that flag, so any test run needs the port to be free at start.
+ *
+ * Motivating case (2026-04-21 eval, Finding #20): an interrupted
+ * `fireforge test --headless` left an orphan
+ * `ForgeFresh.app/Contents/MacOS/forgefresh -marionette` process
+ * listening on 2828 with parent PID 1. The next `fireforge test` run
+ * — in a *different* FireForge project — failed immediately with a
+ * Marionette bind error, and FireForge's generic "re-run build" hint
+ * did not mention the stale listener. The probe in this module runs
+ * before every test launch, detects when the port is held, and —
+ * when the holder is a browser process (by command-line `-marionette`
+ * flag or by basename matching a known browser binary) — throws a
+ * targeted `GeneralError` naming the PID and the exact `kill` command
+ * to run.
+ *
+ * Cross-platform implementation:
+ *   - POSIX (macOS / Linux): `lsof -i tcp:<port> -P -n -sTCP:LISTEN`
+ *   - Windows: `Get-NetTCPConnection` via PowerShell, then
+ *     `Get-Process` to resolve the PID into a command line.
+ *
+ * Both paths tolerate missing tooling: if `lsof` / PowerShell isn't
+ * installed, the probe returns `{ inUse: false }` rather than failing
+ * the test run itself — the probe is a best-effort friendliness
+ * check, not a prerequisite.
+ */
+import { GeneralError } from '../errors/base.js';
+import { toError } from '../utils/errors.js';
+import { getPlatform } from '../utils/platform.js';
+import { exec } from '../utils/process.js';
+/** Default Marionette control port set by `-marionette`. */
+export const DEFAULT_MARIONETTE_PORT = 2828;
+/** Basenames of browser binaries that ship a Marionette listener. */
+const BROWSER_BASENAMES = new Set([
+    'firefox',
+    'firefox-bin',
+    'firefox-esr',
+    'forgefresh',
+    'hominis',
+    'thunderbird',
+]);
+/**
+ * Returns `true` when the holder's command basename or command-line
+ * flags clearly identify it as a Firefox-family browser with
+ * Marionette enabled. Used to decide whether to raise a targeted
+ * "stale browser on port" error vs a soft "unrelated listener"
+ * warning.
+ *
+ * Includes the operator-provided `binaryName` from `fireforge.json`
+ * so a fork that ships under a custom name (e.g. Hominis'
+ * `hominis-nightly`) is still recognised as a browser.
+ */
+function isBrowserHolder(holder, binaryName) {
+    if (/\s-marionette(?:\s|$)/.test(holder.commandLine)) {
+        return true;
+    }
+    const name = holder.command.toLowerCase();
+    if (BROWSER_BASENAMES.has(name))
+        return true;
+    if (binaryName && name === binaryName.toLowerCase())
+        return true;
+    return false;
+}
+/**
+ * Probes the given port with `lsof` (macOS / Linux). Returns
+ * `{ inUse: false }` when the port is free OR when `lsof` is not
+ * available — the probe is a best-effort courtesy check, so a
+ * missing tool must not block the test run.
+ */
+async function probeWithLsof(port) {
+    try {
+        // `-sTCP:LISTEN` filters to listeners only; `-P -n` avoids
+        // service/host lookups (faster + no DNS-dependent flakiness).
+        // `-Fpcn` emits a machine-readable format: one field per line,
+        // with `p<pid>`, `c<command>`, `n<name>` records.
+        const result = await exec('lsof', ['-i', `tcp:${port}`, '-P', '-n', '-sTCP:LISTEN', '-Fpcn']);
+        // `lsof` exits 1 when no matches — that's "port is free", not an
+        // error. We key off stdout shape instead of exit code.
+        const stdout = result.stdout;
+        const lines = stdout.split(/\r?\n/).filter((l) => l.length > 0);
+        let pid = -1;
+        let command = '';
+        for (const line of lines) {
+            if (line.startsWith('p'))
+                pid = parseInt(line.slice(1), 10);
+            else if (line.startsWith('c'))
+                command = line.slice(1);
+        }
+        if (!Number.isFinite(pid) || pid < 0 || command === '') {
+            return { inUse: false };
+        }
+        // `lsof` does not return the full command line; `ps` does. A
+        // missing `ps` (exotic Linux container) falls back to `command`
+        // alone, which is still enough to match `BROWSER_BASENAMES`.
+        let commandLine = command;
+        try {
+            const psResult = await exec('ps', ['-p', String(pid), '-o', 'args=']);
+            const psLine = psResult.stdout.split(/\r?\n/).find((l) => l.trim().length > 0);
+            if (psLine)
+                commandLine = psLine.trim();
+        }
+        catch {
+            // ps not available — keep the basename.
+        }
+        return { inUse: true, holder: { pid, command, commandLine } };
+    }
+    catch (error) {
+        // `lsof` missing, or stdout parse failed. Treat as "unknown" ⇒
+        // port probe is silently skipped.
+        const message = toError(error).message;
+        if (/ENOENT|not found|command not found/i.test(message)) {
+            return { inUse: false };
+        }
+        return { inUse: false };
+    }
+}
+/**
+ * Probes the given port with PowerShell (Windows). Uses
+ * `Get-NetTCPConnection` to find listeners, then `Get-Process -Id`
+ * to resolve the process name and command line. Gracefully degrades
+ * when PowerShell is unavailable.
+ */
+async function probeWithPowerShell(port) {
+    const script = `$c = Get-NetTCPConnection -LocalPort ${port} -State Listen -ErrorAction SilentlyContinue;` +
+        ` if ($null -eq $c) { exit 0 }` +
+        ` $p = Get-Process -Id $c[0].OwningProcess -ErrorAction SilentlyContinue;` +
+        ` if ($null -eq $p) { exit 0 }` +
+        ` $w = Get-CimInstance Win32_Process -Filter "ProcessId = $($p.Id)" -ErrorAction SilentlyContinue;` +
+        ` Write-Output ("PID=" + $p.Id);` +
+        ` Write-Output ("NAME=" + $p.ProcessName);` +
+        ` if ($w -ne $null) { Write-Output ("CMD=" + $w.CommandLine) }`;
+    try {
+        const result = await exec('powershell.exe', [
+            '-NoProfile',
+            '-NonInteractive',
+            '-Command',
+            script,
+        ]);
+        const stdout = result.stdout;
+        const pidMatch = /PID=(\d+)/.exec(stdout);
+        const nameMatch = /NAME=([^\r\n]+)/.exec(stdout);
+        if (!pidMatch || !nameMatch)
+            return { inUse: false };
+        const pid = parseInt(pidMatch[1] ?? '', 10);
+        const command = (nameMatch[1] ?? '').trim();
+        const cmdMatch = /CMD=([^\r\n]+)/.exec(stdout);
+        const commandLine = cmdMatch ? (cmdMatch[1] ?? '').trim() : command;
+        if (!Number.isFinite(pid) || command === '')
+            return { inUse: false };
+        return { inUse: true, holder: { pid, command, commandLine } };
+    }
+    catch {
+        return { inUse: false };
+    }
+}
+/**
+ * Probes whether the Marionette port is currently bound by a
+ * listener. The probe is best-effort: missing tooling returns
+ * `{ inUse: false }` without failing.
+ *
+ * @param port - Port to probe (default {@link DEFAULT_MARIONETTE_PORT}).
+ */
+export async function probeMarionettePort(port = DEFAULT_MARIONETTE_PORT) {
+    let platform;
+    try {
+        platform = getPlatform();
+    }
+    catch {
+        return { inUse: false };
+    }
+    if (platform === 'darwin' || platform === 'linux') {
+        return probeWithLsof(port);
+    }
+    // win32
+    return probeWithPowerShell(port);
+}
+/**
+ * Raises a targeted {@link GeneralError} when the Marionette port
+ * is held by a browser process; raises a softer warning-shaped
+ * error when the holder is unrelated (so the operator still sees
+ * a useful signal but can decide whether to wait it out).
+ *
+ * @param port - Port to probe (default {@link DEFAULT_MARIONETTE_PORT}).
+ * @param options - Extra context for the error message (the project's
+ *   `binaryName` is used to recognise fork-branded browser binaries).
+ */
+export async function assertMarionettePortAvailable(port = DEFAULT_MARIONETTE_PORT, options = {}) {
+    const probe = await probeMarionettePort(port);
+    if (!probe.inUse || !probe.holder)
+        return;
+    const holder = probe.holder;
+    if (isBrowserHolder(holder, options.binaryName)) {
+        const killHint = process.platform === 'win32'
+            ? `Stop-Process -Id ${holder.pid} -Force`
+            : `kill ${holder.pid}  # or "kill -9 ${holder.pid}" if it doesn't exit`;
+        throw new GeneralError(`Marionette port ${port} is already in use by ${holder.command} (PID ${holder.pid}). ` +
+            `This is usually a browser left running by a previously interrupted "fireforge test" run. ` +
+            `Kill it with "${killHint}", then retry. ` +
+            `(If you expected ${holder.command} to be running on ${port}, stop it manually or pass ` +
+            `"--marionette-port <port>" to launch mach test on a different port.)`);
+    }
+    // Non-browser holder: mach test will still fail to bind, but the
+    // cause is not a stale FireForge-launched browser. Flag it
+    // explicitly so the operator can decide what to do instead of
+    // getting mach's bind error with no FireForge context.
+    throw new GeneralError(`Marionette port ${port} is already in use by ${holder.command} (PID ${holder.pid}). ` +
+        `This is not a FireForge-launched browser; stop the holder process or free the port before rerunning.`);
+}
+//# sourceMappingURL=marionette-port.js.map

package/dist/src/core/patch-manifest-consistency.d.ts

@@ -14,11 +14,31 @@ export interface PatchManifestConsistencyIssue {
  * @returns Consistency issues between manifest metadata and on-disk patch files
  */
 export declare function validatePatchesManifestConsistency(patchesDir: string): Promise<PatchManifestConsistencyIssue[]>;
+/**
+ * Summary of a {@link rebuildPatchesManifest} run. `recoveredFilenames`
+ * lists patches whose manifest entry was reconstructed from filename,
+ * mtime, and diff alone (no pre-existing manifest entry to preserve).
+ * These entries carry generic descriptions and mtime-based
+ * timestamps; callers like `doctor --repair-patches-manifest` surface
+ * a per-patch review warning so operators know which metadata was
+ * invented vs which was restored.
+ */
+export interface RebuildPatchesManifestResult {
+    /** Rebuilt manifest, ready to be re-applied by callers (already persisted). */
+    manifest: PatchesManifest;
+    /**
+     * Filenames whose manifest entry had no pre-existing metadata to
+     * preserve — every descriptive field on these entries is inferred.
+     */
+    recoveredFilenames: string[];
+}
 /**
  * Rebuilds patches.json from the patch files currently present on disk.
  * Existing metadata is preserved when possible; missing entries are recovered
  * from filename structure, patch contents, and file mtimes.
  * @param patchesDir - Path to the patches directory
  * @param fallbackSourceEsrVersion - ESR version to use for recovered entries
+ * @returns {@link RebuildPatchesManifestResult} — the persisted manifest
+ *   plus the filenames that were reconstructed from generic defaults.
  */
-export declare function rebuildPatchesManifest(patchesDir: string, fallbackSourceEsrVersion: string): Promise<PatchesManifest>;
+export declare function rebuildPatchesManifest(patchesDir: string, fallbackSourceEsrVersion: string): Promise<RebuildPatchesManifestResult>;

package/dist/src/core/patch-manifest-consistency.js

@@ -85,6 +85,8 @@ export async function validatePatchesManifestConsistency(patchesDir) {
  * from filename structure, patch contents, and file mtimes.
  * @param patchesDir - Path to the patches directory
  * @param fallbackSourceEsrVersion - ESR version to use for recovered entries
+ * @returns {@link RebuildPatchesManifestResult} — the persisted manifest
+ *   plus the filenames that were reconstructed from generic defaults.
  */
 export async function rebuildPatchesManifest(patchesDir, fallbackSourceEsrVersion) {
     const manifestState = await loadPatchesManifestState(patchesDir);
@@ -96,6 +98,7 @@ export async function rebuildPatchesManifest(patchesDir, fallbackSourceEsrVersio
     }
     const patches = await discoverPatches(patchesDir);
     const rebuiltPatches = [];
+    const recoveredFilenames = [];
     const highestFiniteOrder = patches.reduce((highest, patch) => {
         return Number.isFinite(patch.order) ? Math.max(highest, patch.order) : highest;
     }, 0);
@@ -106,6 +109,18 @@ export async function rebuildPatchesManifest(patchesDir, fallbackSourceEsrVersio
         const patchStats = await stat(patch.path);
         const inferred = inferPatchMetadataFromFilename(patch.filename);
         const recoveredOrder = Number.isFinite(patch.order) ? patch.order : nextRecoveredOrder++;
+        if (!existing) {
+            // Track every filename that had no pre-existing manifest entry
+            // so callers can warn the operator per-patch. A missing entry
+            // means every descriptive field (`description`, `createdAt`,
+            // `category`) was invented rather than preserved. FireForge
+            // patch files carry no header metadata that could carry a
+            // human description forward, so full fidelity is impossible —
+            // visibility is the best we can offer. 2026-04-21 eval
+            // (Finding #17) tripped over silent overwrites of useful
+            // human-written descriptions during a recovery run.
+            recoveredFilenames.push(patch.filename);
+        }
         rebuiltPatches.push({
             filename: patch.filename,
             order: recoveredOrder,
@@ -124,7 +139,7 @@ export async function rebuildPatchesManifest(patchesDir, fallbackSourceEsrVersio
         patches: rebuiltPatches,
     };
     await savePatchesManifest(patchesDir, rebuiltManifest);
-    return rebuiltManifest;
+    return { manifest: rebuiltManifest, recoveredFilenames };
 }
 function normalizeFiles(files) {
     return Array.from(new Set(files)).sort((left, right) => left.localeCompare(right));

package/dist/src/core/status-classify.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Status classifier: partitions engine file changes into
+ * patch-backed / unmanaged / branding / furnace / conflict buckets.
+ *
+ * Extracted from `src/commands/status.ts` so that command file stays
+ * under the per-file line budget as the number of buckets grows.
+ */
+/**
+ * Classification buckets for engine file changes:
+ * - `patch-backed`: content matches the expected post-patch state —
+ *   normal after `fireforge import`.
+ * - `unmanaged`: edits not explained by any patch or tool — local
+ *   drift to export or discard.
+ * - `branding`: files under tool-managed branding paths, written by
+ *   FireForge's branding pipeline.
+ * - `furnace`: files under Furnace-managed component prefixes.
+ * - `conflict`: the file is claimed by two or more patches in
+ *   `patches.json`. The human `--ownership` mode already surfaces
+ *   this bucket as `CONFLICT`; the classification is carried through
+ *   the JSON pipeline so machine consumers can detect the same
+ *   ownership breakage the human output shows. Before 0.16.0,
+ *   cross-patch conflicts silently rolled into the `unmanaged` bucket
+ *   in `--json`, which misled scripts built on top of the JSON view
+ *   into treating the file as routine local drift.
+ */
+export type FileClassification = 'patch-backed' | 'unmanaged' | 'branding' | 'furnace' | 'conflict';
+export interface StatusFile {
+    status: string;
+    file: string;
+}
+export interface ClassifiedFile extends StatusFile {
+    classification: FileClassification;
+    /**
+     * Names of patch files that claim this path in `patches.json`.
+     * Populated only when `classification === 'conflict'` — single-claim
+     * patch-backed entries don't need to expose their owner because the
+     * single claim is fully captured by the classification itself.
+     */
+    claimedBy?: string[];
+}
+/**
+ * Classifies files into patch-backed, unmanaged, branding, furnace, or
+ * conflict buckets.
+ *
+ * Tracks patch ownership as a `Map<file, patchFilename[]>` rather than
+ * a plain `Set<file>` so the classifier can surface cross-patch
+ * ownership conflicts the same way the human `--ownership` mode does.
+ * The 2026-04-21 eval's `status --json` run reported
+ * `classification: "unmanaged"` on two files (`browser/base/jar.mn`,
+ * `browser/themes/shared/jar.inc.mn`) that `--ownership` correctly
+ * flagged as `CONFLICT`; the JSON output was effectively lying to
+ * machine consumers about the nature of the drift.
+ */
+export declare function classifyFiles(files: StatusFile[], engineDir: string, patchesDir: string, binaryName: string, furnacePrefixes: Set<string>): Promise<ClassifiedFile[]>;

package/dist/src/core/status-classify.js

@@ -0,0 +1,134 @@
+// SPDX-License-Identifier: EUPL-1.2
+/**
+ * Status classifier: partitions engine file changes into
+ * patch-backed / unmanaged / branding / furnace / conflict buckets.
+ *
+ * Extracted from `src/commands/status.ts` so that command file stays
+ * under the per-file line budget as the number of buckets grows.
+ */
+import { join } from 'node:path';
+import { toError } from '../utils/errors.js';
+import { readText } from '../utils/fs.js';
+import { verbose } from '../utils/logger.js';
+import { isBrandingManagedPath } from './branding.js';
+import { computePatchedContent } from './patch-apply.js';
+import { loadPatchesManifest } from './patch-manifest.js';
+function getPrimaryStatusCode(status) {
+    if (status.includes('?'))
+        return '?';
+    if (status.includes('!'))
+        return '!';
+    for (const code of status) {
+        if (code !== ' ') {
+            return code;
+        }
+    }
+    return status;
+}
+/**
+ * Classifies files into patch-backed, unmanaged, branding, furnace, or
+ * conflict buckets.
+ *
+ * Tracks patch ownership as a `Map<file, patchFilename[]>` rather than
+ * a plain `Set<file>` so the classifier can surface cross-patch
+ * ownership conflicts the same way the human `--ownership` mode does.
+ * The 2026-04-21 eval's `status --json` run reported
+ * `classification: "unmanaged"` on two files (`browser/base/jar.mn`,
+ * `browser/themes/shared/jar.inc.mn`) that `--ownership` correctly
+ * flagged as `CONFLICT`; the JSON output was effectively lying to
+ * machine consumers about the nature of the drift.
+ */
+export async function classifyFiles(files, engineDir, patchesDir, binaryName, furnacePrefixes) {
+    const manifest = await loadPatchesManifest(patchesDir);
+    // Build a multimap from file path → list of claiming patch
+    // filenames so we can detect cross-patch ownership conflicts. The
+    // previous `Set<string>` captured only whether a path was claimed,
+    // not by whom, and collapsed multi-owner files into the single-owner
+    // branch where the expected-vs-actual content comparison then routed
+    // them into `unmanaged` when the content didn't match either owner's
+    // expectation.
+    const patchClaims = new Map();
+    if (manifest) {
+        for (const patch of manifest.patches) {
+            for (const f of patch.filesAffected) {
+                const owners = patchClaims.get(f);
+                if (owners) {
+                    owners.push(patch.filename);
+                }
+                else {
+                    patchClaims.set(f, [patch.filename]);
+                }
+            }
+        }
+    }
+    const results = [];
+    for (const entry of files) {
+        // Branding check first
+        if (isBrandingManagedPath(entry.file, binaryName)) {
+            results.push({ ...entry, classification: 'branding' });
+            continue;
+        }
+        // Furnace-managed component paths
+        if (furnacePrefixes.size > 0) {
+            let isFurnace = false;
+            for (const prefix of furnacePrefixes) {
+                if (entry.file.startsWith(prefix)) {
+                    isFurnace = true;
+                    break;
+                }
+            }
+            if (isFurnace) {
+                results.push({ ...entry, classification: 'furnace' });
+                continue;
+            }
+        }
+        const owners = patchClaims.get(entry.file);
+        // Multiple patches claim this file — surface the cross-patch
+        // ownership conflict regardless of whether the current content
+        // matches any single claim. `--ownership` reports the same state
+        // as `CONFLICT`; `--json` must agree so machine consumers of the
+        // two views see the same truth.
+        if (owners && owners.length >= 2) {
+            results.push({
+                ...entry,
+                classification: 'conflict',
+                claimedBy: [...owners],
+            });
+            continue;
+        }
+        // Not in any patch → unmanaged
+        if (!owners) {
+            results.push({ ...entry, classification: 'unmanaged' });
+            continue;
+        }
+        // File is claimed by exactly one patch — compare content.
+        const primaryCode = getPrimaryStatusCode(entry.status);
+        if (primaryCode === 'D') {
+            // Deleted file: patch-backed only if patch expects deletion
+            const expected = await computePatchedContent(patchesDir, engineDir, entry.file);
+            results.push({
+                ...entry,
+                classification: expected === null ? 'patch-backed' : 'unmanaged',
+            });
+            continue;
+        }
+        // File exists on disk — compare actual vs expected
+        try {
+            const [expected, actual] = await Promise.all([
+                computePatchedContent(patchesDir, engineDir, entry.file),
+                readText(join(engineDir, entry.file)),
+            ]);
+            results.push({
+                ...entry,
+                classification: actual === expected ? 'patch-backed' : 'unmanaged',
+            });
+        }
+        catch (error) {
+            verbose(`Treating ${entry.file} as unmanaged because patch-backed classification failed: ${toError(error).message}`);
+            // If we can't read the file, treat as unmanaged
+            results.push({ ...entry, classification: 'unmanaged' });
+        }
+    }
+    return results;
+}
+//# sourceMappingURL=status-classify.js.map

package/dist/src/core/token-dark-mode.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Dark-mode insertion helpers for the tokens CSS scaffold.
+ *
+ * The 2026-04-21 eval reproduced a bug where `fireforge token add
+ * --mode override --dark-value ...` landed the dark declaration
+ * AFTER the nested `:root { }` inside the
+ * `@media (prefers-color-scheme: dark)` block had already closed,
+ * producing a declaration outside any rule block. The helpers here
+ * scan the comment-stripped source lines to find the *inner* `:root`
+ * block's closing `}` and return a line index the caller can splice
+ * into. When the inner `:root` is missing (a scaffold that drifted
+ * from the default), the fallback helper returns the outer `@media`
+ * block's close so the caller can materialise a fresh `:root` wrapper
+ * rather than dropping the dark value.
+ */
+/**
+ * Strips the content of `/* ... *\/` block comments from an array of
+ * CSS source lines while preserving each line's length. Indexed scans
+ * over the returned mirror line up with the original, so callers that
+ * compute an insertion index against the stripped array can splice
+ * into the original array at the same index.
+ *
+ * We blank the comment body with spaces (rather than removing it) so
+ * any downstream consumer that indexes by column — or derives an
+ * insertion index as a line number in the original array — still
+ * agrees on line numbers.
+ */
+export declare function stripBlockCommentsInLines(lines: string[]): string[];
+/**
+ * Finds the closing `}` line of the nested `:root { ... }` block inside
+ * a `@media (prefers-color-scheme: dark)` block. Returns `-1` when the
+ * media block exists but the nested `:root` block is missing; returns
+ * `null` when the `@media` block itself is absent.
+ *
+ * Runs the scan over a comment-stripped mirror of the source lines so
+ * braces inside CSS comments (`/* before { after *\/`) do not offset
+ * the depth counter. The scan is deliberately line-indexed so callers
+ * can splice into the original `lines` array at the returned index.
+ */
+export declare function findDarkRootInsertionIndex(lines: string[]): number | null;
+/**
+ * Finds the closing `}` of the outermost
+ * `@media (prefers-color-scheme: dark)` block. Used as the fallback
+ * landing site when the scaffold has no nested `:root { }` — the
+ * insertion helper uses this index to splice a brand-new `:root`
+ * wrapper containing the dark declaration, rather than dropping the
+ * value.
+ */
+export declare function findDarkMediaCloseIndex(lines: string[]): number;