@hominis/fireforge 0.18.0 → 0.18.2

package/dist/src/core/marionette-preflight.d.ts

@@ -44,3 +44,19 @@ export interface MarionettePreflightOptions {
 export declare function runMarionettePreflight(engineDir: string, options?: MarionettePreflightOptions): Promise<MarionettePreflightResult>;
 /** Renders a PASS/FAIL banner to the CLI using the shared logger helpers. */
 export declare function reportMarionettePreflight(result: MarionettePreflightResult): void;
+/**
+ * Formats the PASS/FAIL banner as a plain string for direct
+ * `process.stdout.write` use — bypasses the clack logger entirely so
+ * operators running `fireforge test --doctor` under a non-TTY (pipe,
+ * CI, `tee`-wrapped capture) always see the final line even when the
+ * clack renderer swallows trailing log output just before process exit.
+ *
+ * 2026-04-24 eval Finding 7 reproducibly captured only the `"Running
+ * marionette preflight..."` intro and no PASS line at all — the
+ * `success()` + `outro()` + direct `stdout.write` belt-and-suspenders
+ * we used to ship still lost the summary under some non-TTY flush
+ * races. Returning the raw string here lets the caller compose a single
+ * authoritative write without any clack layer between the probe and
+ * the captured log.
+ */
+export declare function formatMarionettePreflightLine(result: MarionettePreflightResult): string;

package/dist/src/core/marionette-preflight.js

@@ -288,4 +288,23 @@ export function reportMarionettePreflight(result) {
         warn(`Marionette preflight: FAIL (${result.durationMs}ms) — ${result.detail}`);
     }
 }
+/**
+ * Formats the PASS/FAIL banner as a plain string for direct
+ * `process.stdout.write` use — bypasses the clack logger entirely so
+ * operators running `fireforge test --doctor` under a non-TTY (pipe,
+ * CI, `tee`-wrapped capture) always see the final line even when the
+ * clack renderer swallows trailing log output just before process exit.
+ *
+ * 2026-04-24 eval Finding 7 reproducibly captured only the `"Running
+ * marionette preflight..."` intro and no PASS line at all — the
+ * `success()` + `outro()` + direct `stdout.write` belt-and-suspenders
+ * we used to ship still lost the summary under some non-TTY flush
+ * races. Returning the raw string here lets the caller compose a single
+ * authoritative write without any clack layer between the probe and
+ * the captured log.
+ */
+export function formatMarionettePreflightLine(result) {
+    const status = result.ok ? 'PASS' : 'FAIL';
+    return `Marionette preflight: ${status} (${result.durationMs}ms) — ${result.detail}`;
+}
 //# sourceMappingURL=marionette-preflight.js.map

package/dist/src/core/patch-export.d.ts

@@ -21,6 +21,10 @@ export interface CommitExportedPatchInput {
     diff: string;
     filesAffected: string[];
     sourceEsrVersion: string;
+    /** Optional `PatchMetadata.tier` opt-in (only `"branding"` recognised). */
+    tier?: 'branding';
+    /** Optional `PatchMetadata.lintIgnore` (empty array treated as absent). */
+    lintIgnore?: string[];
 }
 export interface CommitExportedPatchResult {
     patchFilename: string;
@@ -88,13 +92,71 @@ export type UpdatePatchCommittedHook = () => Promise<void>;
  *   the mutation succeeds. See {@link UpdatePatchCommittedHook}.
  */
 export declare function updatePatchAndMetadata(patchesDir: string, filename: string, newContent: string, updates: Partial<PatchMetadata>, onCommitted?: UpdatePatchCommittedHook): Promise<void>;
+/**
+ * Optional `PatchMetadata` keys safe to clear via the helpers below.
+ * Required keys (filename, order, etc.) are excluded by construction so
+ * an over-eager `unsetFields: ['filename']` cannot delete a field the
+ * manifest validator requires. Add new keys here only when they become
+ * optional on the type.
+ */
+export type ClearablePatchMetadataField = 'tier' | 'lintIgnore';
 /**
  * Updates metadata for a patch in the manifest.
+ *
+ * Required-field updates go through the `updates` partial. Clearing an
+ * optional field (e.g. removing the `tier` override) goes through
+ * `unsetFields` because TypeScript's `exactOptionalPropertyTypes` does
+ * not let `Partial<PatchMetadata>` carry an explicit `undefined` value
+ * for fields whose declared type does not include `undefined`. The
+ * implementation deletes the listed keys from the merged record before
+ * writing, so the on-disk JSON omits them and the validator's
+ * "preserve only when present" contract is preserved.
+ *
  * @param patchesDir - Path to the patches directory
  * @param filename - Patch filename
- * @param updates - Partial metadata updates
+ * @param updates - Field values to set. Pass an empty object when only
+ *   clearing fields.
+ * @param unsetFields - Optional fields to remove from the entry (so
+ *   serialization drops them).
+ */
+export declare function updatePatchMetadata(patchesDir: string, filename: string, updates: Partial<PatchMetadata>, unsetFields?: ReadonlyArray<ClearablePatchMetadataField>): Promise<void>;
+/**
+ * Return shape from a {@link mutatePatchMetadata} mutator.
+ */
+export interface PatchMetadataMutation {
+    /** Field values to set on the entry. */
+    set?: Partial<PatchMetadata>;
+    /** Optional fields to remove from the entry entirely. */
+    unset?: ReadonlyArray<ClearablePatchMetadataField>;
+}
+/**
+ * Result of a successful {@link mutatePatchMetadata} call.
  */
-export declare function updatePatchMetadata(patchesDir: string, filename: string, updates: Partial<PatchMetadata>): Promise<void>;
+export interface PatchMetadataMutationResult {
+    /** Pre-mutation snapshot of the patch's metadata. */
+    before: PatchMetadata;
+    /** Post-mutation state of the patch's metadata. */
+    after: PatchMetadata;
+}
+/**
+ * Reads a patch's metadata under the directory lock, applies a mutator
+ * function to compute the update, and writes the result back — all
+ * under a single lock so a concurrent writer cannot interleave a
+ * read-modify-write cycle. Useful for operations that need to compute
+ * the new value from the old (e.g. unioning a `lintIgnore` list,
+ * removing a specific entry), which {@link updatePatchMetadata}'s flat
+ * merge cannot express on its own.
+ *
+ * The mutator returns `{ set, unset }` so it can both write fields
+ * and drop optional ones. `set` and `unset` are merged before write:
+ * `set` runs first via spread, then `unset` deletes the listed keys.
+ *
+ * @returns The pre/post metadata pair when the patch is found and the
+ *   write succeeds; `null` when the manifest is missing or the named
+ *   patch is not in it. Callers should treat `null` as "no-op, nothing
+ *   to log".
+ */
+export declare function mutatePatchMetadata(patchesDir: string, filename: string, mutator: (existing: PatchMetadata) => PatchMetadataMutation): Promise<PatchMetadataMutationResult | null>;
 /**
  * Finds patches that are completely superseded by newer patches.
  * A patch is superseded if all its affected files are covered by newer patches.
@@ -196,6 +258,19 @@ export interface PlanExportInput {
     description: string;
     filesAffected: string[];
     sourceEsrVersion: string;
+    /**
+     * Optional `PatchMetadata.tier` opt-in carried from the CLI flag.
+     * Only `"branding"` is currently recognised. When provided the field
+     * is written into the new patch's metadata; when absent the field
+     * stays unset and tier resolution falls back to auto-detection.
+     */
+    tier?: 'branding';
+    /**
+     * Optional `PatchMetadata.lintIgnore` carried from the CLI flag.
+     * Empty arrays are treated as "field absent" — the validator only
+     * preserves the field when it has at least one entry.
+     */
+    lintIgnore?: string[];
 }
 /**
  * Read-only planning function — computes everything a real export would

package/dist/src/core/patch-export.js

@@ -63,6 +63,8 @@ export async function commitExportedPatch(input) {
             description: input.description,
             filesAffected: input.filesAffected,
             sourceEsrVersion: input.sourceEsrVersion,
+            ...(input.tier !== undefined ? { tier: input.tier } : {}),
+            ...(input.lintIgnore !== undefined ? { lintIgnore: input.lintIgnore } : {}),
         });
         const patchPath = plan.patchPath;
         const originalPatchContent = (await pathExists(patchPath)) ? await readText(patchPath) : null;
@@ -236,13 +238,50 @@ export async function updatePatchAndMetadata(patchesDir, filename, newContent, u
         }
     });
 }
+/**
+ * Merges `updates` onto `existing` and removes the listed `unset`
+ * fields. The unset path is an explicit switch over the
+ * {@link ClearablePatchMetadataField} union rather than a dynamic
+ * `delete obj[k]` so the typecheck-time guarantee that only optional
+ * fields can be cleared survives the runtime erasure — and so the lint
+ * rule against dynamic deletes does not have to be silenced. Adding a
+ * new clearable field requires extending both the union and this
+ * switch in lockstep, which is exactly the constraint we want.
+ */
+function applyMetadataUpdate(existing, updates, unset) {
+    const next = { ...existing, ...updates };
+    for (const field of unset) {
+        switch (field) {
+            case 'tier':
+                delete next.tier;
+                break;
+            case 'lintIgnore':
+                delete next.lintIgnore;
+                break;
+        }
+    }
+    return next;
+}
 /**
  * Updates metadata for a patch in the manifest.
+ *
+ * Required-field updates go through the `updates` partial. Clearing an
+ * optional field (e.g. removing the `tier` override) goes through
+ * `unsetFields` because TypeScript's `exactOptionalPropertyTypes` does
+ * not let `Partial<PatchMetadata>` carry an explicit `undefined` value
+ * for fields whose declared type does not include `undefined`. The
+ * implementation deletes the listed keys from the merged record before
+ * writing, so the on-disk JSON omits them and the validator's
+ * "preserve only when present" contract is preserved.
+ *
  * @param patchesDir - Path to the patches directory
  * @param filename - Patch filename
- * @param updates - Partial metadata updates
+ * @param updates - Field values to set. Pass an empty object when only
+ *   clearing fields.
+ * @param unsetFields - Optional fields to remove from the entry (so
+ *   serialization drops them).
  */
-export async function updatePatchMetadata(patchesDir, filename, updates) {
+export async function updatePatchMetadata(patchesDir, filename, updates, unsetFields = []) {
     await withPatchDirectoryLock(patchesDir, async () => {
         const manifest = await loadPatchesManifest(patchesDir);
         if (!manifest)
@@ -252,11 +291,47 @@ export async function updatePatchMetadata(patchesDir, filename, updates) {
             return;
         const existingPatch = manifest.patches[patchIndex];
         if (existingPatch) {
-            manifest.patches[patchIndex] = { ...existingPatch, ...updates };
+            manifest.patches[patchIndex] = applyMetadataUpdate(existingPatch, updates, unsetFields);
             await savePatchesManifest(patchesDir, manifest);
         }
     });
 }
+/**
+ * Reads a patch's metadata under the directory lock, applies a mutator
+ * function to compute the update, and writes the result back — all
+ * under a single lock so a concurrent writer cannot interleave a
+ * read-modify-write cycle. Useful for operations that need to compute
+ * the new value from the old (e.g. unioning a `lintIgnore` list,
+ * removing a specific entry), which {@link updatePatchMetadata}'s flat
+ * merge cannot express on its own.
+ *
+ * The mutator returns `{ set, unset }` so it can both write fields
+ * and drop optional ones. `set` and `unset` are merged before write:
+ * `set` runs first via spread, then `unset` deletes the listed keys.
+ *
+ * @returns The pre/post metadata pair when the patch is found and the
+ *   write succeeds; `null` when the manifest is missing or the named
+ *   patch is not in it. Callers should treat `null` as "no-op, nothing
+ *   to log".
+ */
+export async function mutatePatchMetadata(patchesDir, filename, mutator) {
+    return await withPatchDirectoryLock(patchesDir, async () => {
+        const manifest = await loadPatchesManifest(patchesDir);
+        if (!manifest)
+            return null;
+        const patchIndex = manifest.patches.findIndex((p) => p.filename === filename);
+        if (patchIndex === -1)
+            return null;
+        const existingPatch = manifest.patches[patchIndex];
+        if (!existingPatch)
+            return null;
+        const { set = {}, unset = [] } = mutator(existingPatch);
+        const updatedPatch = applyMetadataUpdate(existingPatch, set, unset);
+        manifest.patches[patchIndex] = updatedPatch;
+        await savePatchesManifest(patchesDir, manifest);
+        return { before: existingPatch, after: updatedPatch };
+    });
+}
 /**
  * Finds patches that are completely superseded by newer patches.
  * A patch is superseded if all its affected files are covered by newer patches.
@@ -419,6 +494,10 @@ async function computeExportPlanUnderLock(input) {
         createdAt: new Date().toISOString(),
         sourceEsrVersion: input.sourceEsrVersion,
         filesAffected: input.filesAffected,
+        ...(input.tier !== undefined ? { tier: input.tier } : {}),
+        ...(input.lintIgnore !== undefined && input.lintIgnore.length > 0
+            ? { lintIgnore: input.lintIgnore }
+            : {}),
     };
     const supersedeMatches = await findAllPatchesForFilesWithDetails(input.patchesDir, input.filesAffected, patchFilename);
     const supersededDetails = supersedeMatches.map((m) => ({

package/dist/src/core/patch-lint-diff-tag.d.ts

@@ -18,6 +18,13 @@ import type { PatchLintIssue } from '../types/commands/index.js';
  * @param rev Git revision to diff against (e.g. `HEAD`, a branch, a SHA).
  */
 export declare function collectDiffFilePaths(engineDir: string, rev: string): Promise<Set<string>>;
+/**
+ * Synthetic "file" value used by aggregate patch-size rules
+ * (`large-patch-files` / `large-patch-lines`) to flag that a finding
+ * describes the whole diff rather than a single path. Exported so callers
+ * can keep the tagging contract visible in one place.
+ */
+export declare const AGGREGATE_PATCH_FILE = "(patch)";
 /**
  * Annotates a list of lint issues with `introduced` / `cumulative` tags
  * based on whether the issue's file is part of the supplied diff set.
@@ -27,6 +34,19 @@ export declare function collectDiffFilePaths(engineDir: string, rev: string): Pr
  * describe queue-wide state — are always `cumulative` under `--since`
  * because they describe drift accumulated across many commits, not a
  * single current-task edit.
+ *
+ * Aggregate patch-size rules emit `issue.file === AGGREGATE_PATCH_FILE`,
+ * which is a synthetic placeholder that will never appear in a real
+ * `diffFiles` set. Without special-casing, `large-patch-files` /
+ * `large-patch-lines` were always tagged `[cumulative]` under
+ * `--only-introduced` even when the diff WAS the aggregate the rules
+ * measured — the eval (Finding #4) reported a stack of 20+ imported
+ * patches whose aggregate-size warnings printed as `[cumulative]` under
+ * `lint --since HEAD --only-introduced`, which reads as "this pre-existed"
+ * to an operator asking "what did this diff introduce?" We promote the
+ * aggregate tag to `introduced` whenever the diff set has any content —
+ * non-empty `diffFiles` means the operator asked about a specific diff
+ * scope and the aggregate-rule finding describes exactly that scope.
  * @param issues Issues returned by the lint orchestrator.
  * @param diffFiles File paths touched since the user's revision.
  */

package/dist/src/core/patch-lint-diff-tag.js

@@ -58,6 +58,13 @@ export async function collectDiffFilePaths(engineDir, rev) {
     }
     return files;
 }
+/**
+ * Synthetic "file" value used by aggregate patch-size rules
+ * (`large-patch-files` / `large-patch-lines`) to flag that a finding
+ * describes the whole diff rather than a single path. Exported so callers
+ * can keep the tagging contract visible in one place.
+ */
+export const AGGREGATE_PATCH_FILE = '(patch)';
 /**
  * Annotates a list of lint issues with `introduced` / `cumulative` tags
  * based on whether the issue's file is part of the supplied diff set.
@@ -67,15 +74,33 @@ export async function collectDiffFilePaths(engineDir, rev) {
  * describe queue-wide state — are always `cumulative` under `--since`
  * because they describe drift accumulated across many commits, not a
  * single current-task edit.
+ *
+ * Aggregate patch-size rules emit `issue.file === AGGREGATE_PATCH_FILE`,
+ * which is a synthetic placeholder that will never appear in a real
+ * `diffFiles` set. Without special-casing, `large-patch-files` /
+ * `large-patch-lines` were always tagged `[cumulative]` under
+ * `--only-introduced` even when the diff WAS the aggregate the rules
+ * measured — the eval (Finding #4) reported a stack of 20+ imported
+ * patches whose aggregate-size warnings printed as `[cumulative]` under
+ * `lint --since HEAD --only-introduced`, which reads as "this pre-existed"
+ * to an operator asking "what did this diff introduce?" We promote the
+ * aggregate tag to `introduced` whenever the diff set has any content —
+ * non-empty `diffFiles` means the operator asked about a specific diff
+ * scope and the aggregate-rule finding describes exactly that scope.
  * @param issues Issues returned by the lint orchestrator.
  * @param diffFiles File paths touched since the user's revision.
  */
 export function tagLintIssues(issues, diffFiles) {
+    const hasDiffContent = diffFiles.size > 0;
     for (const issue of issues) {
         if (!issue.file) {
             issue.tag = 'cumulative';
             continue;
         }
+        if (issue.file === AGGREGATE_PATCH_FILE) {
+            issue.tag = hasDiffContent ? 'introduced' : 'cumulative';
+            continue;
+        }
         issue.tag = diffFiles.has(issue.file) ? 'introduced' : 'cumulative';
     }
     return issues;

package/dist/src/core/patch-lint.js

@@ -8,6 +8,7 @@ import { loadFurnaceConfig } from './furnace-config.js';
 import { containsUpstreamLicenseText, getLicenseHeader, hasAnyLicenseHeader, hasAnyLicenseHeaderAnyStyle, } from './license-headers.js';
 import { runCheckJs } from './patch-lint-checkjs.js';
 import { detectNewFilesInDiff, extractAddedLinesPerFile } from './patch-lint-diff.js';
+import { AGGREGATE_PATCH_FILE } from './patch-lint-diff-tag.js';
 import { validateExportJsDoc } from './patch-lint-jsdoc.js';
 import { resolvePatchOwnedSysMjs } from './patch-lint-ownership.js';
 // ---------------------------------------------------------------------------
@@ -64,14 +65,55 @@ const PATCH_LINE_THRESHOLDS = {
      * Branding patches have a legitimate reason to be large: they include
      * every locale's `brand.ftl`, copied upstream CSS/PNG assets, and the
      * fork-specific `configure.sh` / `brand.properties` under a single
-     * `browser/branding/<name>/` subtree. The general hard limit of 3000
-     * lines fires on even a first-export branding patch (the eval saw 15904
-     * lines for a freshly-setup fork), which is loud but not actionable —
-     * the patch already is the minimum branding diff. A dedicated tier keeps
-     * the size guidance while moving the hard limit to a threshold that
-     * corresponds to "something other than branding is bundled in here too".
+     * `browser/branding/<name>/` subtree. Calibrated against:
+     *
+     * - The 2026-04-21 eval baseline: a fresh-fork branding export landed
+     *   at 15904 lines (localized brand.ftl across many locales + SVG path
+     *   data + copied upstream CSS).
+     * - The 2026-04-25 operator data point: a freshly setup branding patch
+     *   (post-binary-exclusion, after Phase 1+2 patch splits) landed at
+     *   15650 lines — within 2% of the eval baseline.
+     *
+     * Both data points need to surface as a soft `notice` rather than a
+     * `warning`, since they represent the *minimum* branding diff. The
+     * pre-2026-04-25 calibration {3000/8000/20000} put 15904 firmly in the
+     * `warning` band, contradicting the docstring's "loud but not
+     * actionable" intent. The current calibration moves the warning band
+     * above the eval baseline (with ~13% headroom) and the error band to
+     * roughly 2× the baseline — reaching `error` strongly suggests
+     * non-branding work is bundled in.
+     *
+     * Permissive thresholds are safe because the *gate* into this tier is
+     * narrow (auto-detect requires every file under `browser/branding/`
+     * plus a tight registration allowlist, or an explicit
+     * `PatchMetadata.tier: "branding"` opt-in). A non-branding patch
+     * cannot accidentally land here.
      */
-    branding: { notice: 3000, warning: 8000, error: 20000 },
+    branding: { notice: 8000, warning: 18000, error: 30000 },
+};
+/**
+ * File-count thresholds for the `large-patch-files` rule, mirroring the
+ * tier shape of {@link PATCH_LINE_THRESHOLDS}. A single warning-only
+ * threshold per tier is intentional — file count expresses scope, not
+ * blast radius, and there is no error band that would block export.
+ *
+ * The branding tier sits well above the typical floor because branding
+ * patches inherently span many files: PNG/ICO icon assets in 7+ sizes,
+ * MSIX manifests, channel-specific configs, locale `.ftl` files,
+ * Windows/macOS launcher resources. The 2026-04-25 operator data point
+ * reported a 56-file fresh-fork branding bundle as the minimum shape;
+ * 60 leaves headroom for additional channels/locales while still firing
+ * on a genuinely bloated patch.
+ *
+ * Test tier matches general because a test-only patch rarely touches
+ * many files (a single regression test usually adds 1–3 fixtures); the
+ * elevation in {@link PATCH_LINE_THRESHOLDS.test} addresses big
+ * table-driven test bodies, not file fan-out.
+ */
+const PATCH_FILES_THRESHOLDS = {
+    general: 5,
+    test: 5,
+    branding: 60,
 };
 /**
  * Fixed allowlist of non-branding sibling paths that real-world Firefox
@@ -501,50 +543,58 @@ export function resolvePatchSizeTier(filesAffected, patchTier) {
  */
 export function lintPatchSize(filesAffected, lineCount, patchTier) {
     const issues = [];
-    if (filesAffected.length > 5) {
-        issues.push({
-            file: '(patch)',
-            check: 'large-patch-files',
-            message: `Patch affects ${filesAffected.length} files (recommended: ≤5). Consider splitting into smaller, focused patches.`,
-            severity: 'warning',
-        });
-    }
     // Tier selection: test > branding > general. Tests keep their elevated
     // thresholds because a big regression test is legitimate (table-driven
-    // harnesses run into the thousands of lines). Branding patches get their
-    // own tier so a first-export of setup-generated branding doesn't fire
-    // the general hard limit — see `PATCH_LINE_THRESHOLDS.branding` above
-    // for the eval data motivating this tier. An explicit `patchTier`
-    // opt-in forces branding even when `isBrandingOnlyPatch` cannot reach
-    // the patch's actual shape (a branding patch that also touches a
-    // non-allowlisted sibling like a vendor-specific icon resource).
+    // harnesses run into the thousands of lines). Branding patches get
+    // their own tier so a first-export of setup-generated branding doesn't
+    // fire the general hard limit — see `PATCH_LINE_THRESHOLDS.branding`
+    // and `PATCH_FILES_THRESHOLDS.branding` above for the eval data
+    // motivating this tier. An explicit `patchTier` opt-in forces branding
+    // even when `isBrandingOnlyPatch` cannot reach the patch's actual
+    // shape (a branding patch that also touches a non-allowlisted sibling
+    // like a vendor-specific icon resource). Both checks read off the
+    // same decision so the file-count and line-count rules cannot
+    // disagree about which tier applies.
     const decision = resolvePatchSizeTier(filesAffected, patchTier);
-    const thresholds = decision.tier === 'test'
+    const fileThreshold = decision.tier === 'test'
+        ? PATCH_FILES_THRESHOLDS.test
+        : decision.tier === 'branding'
+            ? PATCH_FILES_THRESHOLDS.branding
+            : PATCH_FILES_THRESHOLDS.general;
+    const lineThresholds = decision.tier === 'test'
         ? PATCH_LINE_THRESHOLDS.test
         : decision.tier === 'branding'
             ? PATCH_LINE_THRESHOLDS.branding
             : PATCH_LINE_THRESHOLDS.general;
-    if (lineCount >= thresholds.error) {
+    if (filesAffected.length > fileThreshold) {
+        issues.push({
+            file: AGGREGATE_PATCH_FILE,
+            check: 'large-patch-files',
+            message: `Patch affects ${filesAffected.length} files (recommended: ≤${fileThreshold}). Consider splitting into smaller, focused patches.`,
+            severity: 'warning',
+        });
+    }
+    if (lineCount >= lineThresholds.error) {
         issues.push({
-            file: '(patch)',
+            file: AGGREGATE_PATCH_FILE,
             check: 'large-patch-lines',
-            message: `Patch is ${lineCount} lines (hard limit: ${thresholds.error}). Consider splitting into smaller, focused patches.`,
+            message: `Patch is ${lineCount} lines (hard limit: ${lineThresholds.error}). Consider splitting into smaller, focused patches.`,
             severity: 'error',
         });
     }
-    else if (lineCount >= thresholds.warning) {
+    else if (lineCount >= lineThresholds.warning) {
         issues.push({
-            file: '(patch)',
+            file: AGGREGATE_PATCH_FILE,
             check: 'large-patch-lines',
-            message: `Patch is ${lineCount} lines (soft limit: ${thresholds.warning}, hard limit: ${thresholds.error}). Consider splitting into smaller, focused patches.`,
+            message: `Patch is ${lineCount} lines (soft limit: ${lineThresholds.warning}, hard limit: ${lineThresholds.error}). Consider splitting into smaller, focused patches.`,
             severity: 'warning',
         });
     }
-    else if (lineCount >= thresholds.notice) {
+    else if (lineCount >= lineThresholds.notice) {
         issues.push({
-            file: '(patch)',
+            file: AGGREGATE_PATCH_FILE,
             check: 'large-patch-lines',
-            message: `Patch is ${lineCount} lines (soft limit: ${thresholds.warning}, hard limit: ${thresholds.error}). Consider splitting into smaller, focused patches.`,
+            message: `Patch is ${lineCount} lines (soft limit: ${lineThresholds.warning}, hard limit: ${lineThresholds.error}). Consider splitting into smaller, focused patches.`,
             severity: 'notice',
         });
     }

package/dist/src/core/patch-registration-refs.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Extracts furnace-shaped registration references from a patch body.
+ *
+ * 2026-04-24 eval Finding 1: `export-all --exclude-furnace` can land a
+ * patch that registers a furnace component (via edits to
+ * `toolkit/content/customElements.js`, `toolkit/content/jar.mn`, or
+ * `toolkit/locales/jar.mn`) without including the component's source
+ * files in the patch. `fireforge verify` then reports "Verify clean" for
+ * the broken queue. This module provides a pattern-scoped scan so
+ * `verify` can cross-check registrations against available file bodies.
+ *
+ * The scan is deliberately narrow: it only matches component-shaped
+ * references (widget tag names, locale fluent names). Unrelated jar.mn
+ * or customElements.js edits pass through without spurious warnings.
+ */
+/**
+ * A referenced engine path extracted from a registration hunk, together
+ * with where it came from. The `source` field lets `verify` point
+ * operators at the specific consequence file whose hunk introduced the
+ * reference.
+ */
+export interface PatchRegistrationReference {
+    /** Engine-relative path that the registration hunk adds a reference to. */
+    targetPath: string;
+    /** The registration file that contained the added hunk. */
+    source: string;
+    /** Raw hunk line that produced the reference, for diagnostic context. */
+    lineText: string;
+}
+/**
+ * Walks a unified-diff patch body and returns the set of
+ * component-shaped engine paths that the patch ADDS a registration for.
+ *
+ * Returns the empty array when no registration hunks are present OR
+ * when the registration hunks do not mention any component-shaped
+ * paths — that leaves the scan silent on the vast majority of patches
+ * (branding tweaks, behavioural fixes, module additions) so it only
+ * fires when a furnace-managed component is being newly registered.
+ *
+ * @param patchBody - Full unified-diff body of the patch file.
+ */
+export declare function collectPatchRegistrationReferences(patchBody: string): PatchRegistrationReference[];