@hominis/fireforge 0.21.0 → 0.21.2

package/CHANGELOG.md

@@ -6,9 +6,11 @@
 
 - **Chrome-doc previews and cleanup.** `furnace chrome-doc create` now supports `--dry-run`, validating the same target files and jar registrations without writing. New `furnace chrome-doc remove <name>` removes scaffolded chrome-doc files, jar entries, and optional xpcshell packaging-test directories, with `--dry-run` and `--yes` support.
 - **Versioned `status --json` schema.** The JSON output is now an object with `schemaVersion`, `summary`, and `files` instead of a bare array. Error paths also emit versioned JSON objects with `code` and `error`.
+- **Configurable patch queue policy.** Projects can now opt into `fireforge.json#patchPolicy` to define category-owned numeric ranges, reserved exception ranges, filename capture patterns, description requirements, gap policy, and mutation enforcement mode. FireForge enforces the policy during export/re-export/reorder/rename projections and reports the same findings from `verify` and `lint --per-patch`.
 
 ### Hardening
 
+- **Eval 0.21.0 release-gate fixes.** `export --dry-run` now performs the same supersede and cross-patch ownership checks as real export before calling a plan safe; `furnace deploy --dry-run` validates successful custom-component plans against projected jar.mn registrations; generated Furnace components and browser-chrome test scaffolds are strict-checkJs and lazy-custom-element ready; chrome-doc packaging xpcshell tests no longer trip component-orphan validation; supported optional config keys such as `firefox.sha256` print `(not set)` when absent; and Furnace manifest writes preserve existing top-level/component ordering while appending new entries predictably.
 - **Override removal demotes back to stock.** Removing a Furnace override restores engine files, deletes the override workspace, clears override checksums, and re-adds the component to `stock` tracking instead of dropping it from `furnace.json`. Optional Furnace config fields, including `platformPrefixes`, are preserved across the write.
 - **Rename updates browser-chrome test bodies.** `furnace rename` now rewrites generated browser-chrome mochitest contents as well as filenames and `browser.toml`, preventing stale `waitForElement("<old>")` references after a component rename.
 - **UI build preflight is stricter.** `fireforge build --ui` now refuses before `mach build faster` when the current objdir lacks a completed launchable bundle, guiding fresh imports and partial builds through a full `fireforge build` first.

package/README.md

@@ -107,6 +107,47 @@ patches/
 
 The category system is intentionally broad. The numeric ordering provides sequencing.
 
+Projects that need stricter queue semantics can add an optional `patchPolicy` block to
+`fireforge.json`. When present, FireForge checks the policy before mutating the patch queue and
+reports the same policy findings from `fireforge verify` and `fireforge lint --per-patch`.
+
+```json
+{
+  "patchPolicy": {
+    "filenamePattern": "^(?<order>\\d{3})-(?<category>branding|infra|ui)-(?<slug>[a-z0-9-]+)\\.patch$",
+    "requireDescription": true,
+    "allowGaps": true,
+    "mutationMode": "error",
+    "ranges": [
+      { "from": 1, "to": 99, "category": "branding" },
+      { "from": 100, "to": 199, "category": "infra" },
+      { "from": 200, "to": 299, "category": "ui" }
+    ],
+    "reservedRanges": [
+      {
+        "from": 900,
+        "to": 999,
+        "allowed": [
+          {
+            "filename": "900-infra-bootstrap-workaround.patch",
+            "files": ["tools/profiler/rust-api/build.rs"],
+            "adr": "docs/architecture/adr/0001-bootstrap-workaround.md"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+Policy ranges are category-owned: a `ui` patch in the example must use `200-299`, while
+`900-999` is reserved for exact allowlisted exceptions. Reserved exceptions must include either
+`adr` or `documentation`; when `files` is present, the patch may not touch paths outside that
+allowlist. `filenamePattern` must expose named captures `order`, `category`, and `slug`.
+`mutationMode` controls mutating commands: `"error"` refuses, `"warn"` prints warnings and
+continues, and `"force"` refuses unless the command supports and receives `--force-unsafe`.
+Without `patchPolicy`, existing repositories keep the broad category and numeric ordering behavior.
+
 ### Importing patches
 
 ```bash

package/dist/src/commands/config.js

@@ -99,6 +99,11 @@ export async function configCommand(projectRoot, key, value, options = {}) {
         const rawConfig = await loadRawConfigDocument(projectRoot);
         const currentValue = getNestedValue(rawConfig, key);
         if (currentValue === undefined) {
+            if (SUPPORTED_CONFIG_PATHS.includes(key)) {
+                info(`${key} = ${formatValue(currentValue)}`);
+                outro('');
+                return;
+            }
             throw new InvalidArgumentError(`Unknown config key: ${key}`);
         }
         else {

package/dist/src/commands/export-all.js

@@ -1,5 +1,3 @@
-// SPDX-License-Identifier: EUPL-1.2
-import { Option } from 'commander';
 import { isBrandingManagedPath } from '../core/branding.js';
 import { getProjectPaths, loadConfig } from '../core/config.js';
 import { collectFurnaceManagedPrefixes, furnaceConfigExists, loadFurnaceConfig, } from '../core/furnace-config.js';
@@ -14,7 +12,6 @@ import { GeneralError } from '../errors/base.js';
 import { ensureDir, pathExists } from '../utils/fs.js';
 import { info, intro, outro, spinner } from '../utils/logger.js';
 import { pickDefined } from '../utils/options.js';
-import { PATCH_CATEGORIES } from '../utils/validation.js';
 import { renderDryRunPreview } from './export-flow.js';
 import { autoFixLicenseHeaders, confirmSupersedePatches, guardOwnershipOverlap, promptExportPatchMetadata, runPatchLint, } from './export-shared.js';
 async function checkBrandingManagedFiles(paths, config) {
@@ -235,7 +232,7 @@ export async function exportAllCommand(projectRoot, options = {}) {
     if (headersAdded) {
         diff = await getAllDiff(paths.engine);
     }
-    const metadata = await promptExportPatchMetadata(options, isInteractive, 'export-all');
+    const metadata = await promptExportPatchMetadata(options, isInteractive, 'export-all', config);
     if (!metadata)
         return;
     const { patchName, selectedCategory, description } = metadata;
@@ -267,6 +264,9 @@ export async function exportAllCommand(projectRoot, options = {}) {
                 filesAffected,
                 sourceEsrVersion: config.firefox.version,
                 explicitSupersede: options.supersede === true,
+                allowOverlap: options.allowOverlap === true,
+                config,
+                forceUnsafe: options.forceUnsafe === true,
             });
             outro('Dry run complete — no changes made');
             return;
@@ -300,6 +300,9 @@ export async function exportAllCommand(projectRoot, options = {}) {
             diff,
             filesAffected,
             sourceEsrVersion: config.firefox.version,
+            config,
+            policyCommand: 'export-all',
+            forceUnsafe: options.forceUnsafe === true,
         });
         for (const oldPatch of superseded) {
             info(`Superseded: ${oldPatch.filename}`);
@@ -322,18 +325,19 @@ export function registerExportAll(program, { getProjectRoot, withErrorHandling }
         .command('export-all')
         .description('Export all changes as a patch')
         .option('--name <name>', 'Name for the patch')
-        .addOption(new Option('-c, --category <category>', 'Patch category').choices([...PATCH_CATEGORIES]))
+        .option('-c, --category <category>', 'Patch category')
         .option('-d, --description <desc>', 'Description of the patch')
         .option('--supersede', 'Allow superseding multiple existing patches')
         .option('--skip-lint', 'Skip patch lint checks (downgrade errors to warnings)')
         .option('--exclude-furnace', 'Export the non-Furnace subset of the aggregate diff instead of refusing when Furnace-managed files are modified. Furnace-managed files are still deployed by "fireforge furnace apply"; this flag only changes whether export-all aborts or filters in their presence.')
         .option('--allow-overlap', 'Acknowledge cross-patch ownership overlap with non-superseded patches (the resulting queue fails verify). Does not bypass the new-file creation guard — two patches creating the same path is structurally unrecoverable, so that case still refuses regardless of this flag.')
         .option('--dry-run', 'Print the export-all plan (filename, metadata, files affected, supersede preview) without writing anything to patches/. Lint still runs so the operator sees the same lint output a real run would produce.')
+        .option('--force-unsafe', 'Bypass force-mode patchPolicy refusals')
         .action(withErrorHandling(async (options) => {
         const { category, ...rest } = options;
         await exportAllCommand(getProjectRoot(), {
             ...pickDefined(rest),
-            ...(category !== undefined ? { category: category } : {}),
+            ...(category !== undefined ? { category } : {}),
         });
     }));
 }

package/dist/src/commands/export-flow.d.ts

@@ -9,6 +9,7 @@
 import { type ConflictReport } from '../core/destructive.js';
 import { type PatchRenameEntry } from '../core/patch-manifest.js';
 import type { ExportOptions, PatchCategory, PatchMetadata } from '../types/commands/index.js';
+import type { FireForgeConfig } from '../types/config.js';
 /**
  * Shape for the rename map computed when a placement flag forces existing
  * patches to move out of the new slot. Keys are current filenames.
@@ -53,6 +54,10 @@ export interface CommitPlacementExportInput {
     metadata: PatchMetadata;
     expectedPlan: PlacementPlan;
     unsafeOverride?: boolean;
+    /** Project config, used only when opt-in patchPolicy is present. */
+    config?: FireForgeConfig;
+    /** Whether --force-unsafe was supplied by the mutating command. */
+    forceUnsafe?: boolean;
     /**
      * Optional post-commit hook that runs inside the patch directory lock,
      * after the mutation has succeeded but before the lock is released.
@@ -82,10 +87,15 @@ export interface DryRunPreviewInput {
     filesAffected: string[];
     sourceEsrVersion: string;
     explicitSupersede: boolean;
+    allowOverlap: boolean;
     /** Optional `PatchMetadata.tier` opt-in carried from the CLI. */
     tier?: 'branding';
     /** Optional `PatchMetadata.lintIgnore` carried from the CLI. */
     lintIgnore?: string[];
+    /** Project config, used only when opt-in patchPolicy is present. */
+    config?: FireForgeConfig;
+    /** Whether --force-unsafe was supplied by the mutating command. */
+    forceUnsafe?: boolean;
 }
 /**
  * Renders the plain (non-placement) dry-run preview: calls planExport,

package/dist/src/commands/export-flow.js

@@ -12,11 +12,13 @@ import { findAllPatchesForFilesWithDetails, planExport, sanitizeName, } from '..
 import { buildModifiedFileAdditionsFromDiff, buildPatchQueueContext, detectNewFilesInDiff, lintPatchQueue, } from '../core/patch-lint.js';
 import { withPatchDirectoryLock } from '../core/patch-lock.js';
 import { addPatchToManifest, loadPatchesManifest, renumberPatchesInManifest, resolvePatchIdentifier, savePatchesManifest, } from '../core/patch-manifest.js';
+import { applyRenameMapToManifest, buildProjectedManifest, enforcePatchPolicy, } from '../core/patch-policy.js';
 import { extractNewFileContentFromDiff } from '../core/patch-transform.js';
-import { InvalidArgumentError } from '../errors/base.js';
+import { GeneralError, InvalidArgumentError } from '../errors/base.js';
 import { toError } from '../utils/errors.js';
 import { pathExists, readText, removeFile, writeText } from '../utils/fs.js';
 import { info, warn } from '../utils/logger.js';
+import { findPartialOwnershipOverlap } from './export-shared.js';
 function buildFilenameForPlacement(category, name, order, width) {
     const padded = String(order).padStart(Math.max(3, width), '0');
     return `${padded}-${category}-${sanitizeName(name)}.patch`;
@@ -199,13 +201,31 @@ export async function commitPlacementExport(input) {
         if (conflicts && input.unsafeOverride !== true) {
             throw new InvalidArgumentError(`Refusing to run export: ${conflicts.reason}. Pass --force-unsafe to override.`, '--force-unsafe');
         }
+        const originalManifest = await loadPatchesManifest(input.patchesDir);
+        if (input.config !== undefined) {
+            const renamed = originalManifest !== null
+                ? applyRenameMapToManifest(originalManifest, currentPlan.renameMap)
+                : buildProjectedManifest(null, []);
+            enforcePatchPolicy({
+                config: input.config,
+                manifest: buildProjectedManifest(renamed, [
+                    ...renamed.patches,
+                    {
+                        ...input.metadata,
+                        filename: currentPlan.newFilename,
+                        order: currentPlan.insertionOrder,
+                    },
+                ]),
+                command: 'export',
+                forceUnsafe: input.forceUnsafe === true,
+            });
+        }
         // Snapshot pre-mutation state so we can best-effort restore the queue
         // if any of the three steps below fail mid-flight. Mirrors the
         // rollback shape in commitExportedPatch (src/core/patch-export.ts), but
         // inlined because the two rollbacks operate on different state shapes
         // (rename map vs. supersede set) and sharing a helper would be forced.
         const patchPath = join(input.patchesDir, currentPlan.newFilename);
-        const originalManifest = await loadPatchesManifest(input.patchesDir);
         const originalNewPatchContent = (await pathExists(patchPath))
             ? await readText(patchPath)
             : null;
@@ -296,6 +316,11 @@ export async function commitPlacementExport(input) {
  */
 export async function renderDryRunPreview(input) {
     const supersedeDetails = await findAllPatchesForFilesWithDetails(input.patchesDir, input.filesAffected);
+    const supersedingFilenames = new Set(supersedeDetails.map((detail) => detail.patch.filename));
+    const manifest = await loadPatchesManifest(input.patchesDir);
+    const overlap = manifest !== null
+        ? findPartialOwnershipOverlap(manifest, input.filesAffected, supersedingFilenames)
+        : new Map();
     const plan = await planExport({
         patchesDir: input.patchesDir,
         category: input.category,
@@ -305,7 +330,16 @@ export async function renderDryRunPreview(input) {
         sourceEsrVersion: input.sourceEsrVersion,
         ...(input.tier !== undefined ? { tier: input.tier } : {}),
         ...(input.lintIgnore !== undefined ? { lintIgnore: input.lintIgnore } : {}),
+        ...(input.config !== undefined ? { config: input.config } : {}),
     });
+    if (input.config !== undefined) {
+        enforcePatchPolicy({
+            config: input.config,
+            manifest: plan.manifestAfter,
+            command: 'export',
+            forceUnsafe: input.forceUnsafe === true,
+        });
+    }
     info(`\n[dry-run] Would write: patches/${plan.patchFilename}`);
     info(`  category: ${plan.metadata.category}`);
     info(`  order: ${plan.metadata.order}`);
@@ -329,5 +363,19 @@ export async function renderDryRunPreview(input) {
     else {
         info('\n[dry-run] No patches would be superseded.');
     }
+    if (overlap.size > 0) {
+        const entries = [...overlap.entries()].sort(([a], [b]) => a.localeCompare(b));
+        warn(`\n[dry-run] Would create cross-patch ownership overlap on ${String(entries.length)} file${entries.length === 1 ? '' : 's'}:`);
+        for (const [file, owners] of entries) {
+            warn(`  - ${file} already claimed by: ${owners.join(', ')}`);
+        }
+        warn('The real export would leave the queue verify-failing. Repartition ownership with `fireforge re-export --files <paths> <existing-patch>` before exporting, or pass --allow-overlap to acknowledge the conflict.');
+        if (!input.allowOverlap) {
+            throw new GeneralError('Dry-run detected cross-patch ownership overlap. Pass --allow-overlap to preview the acknowledged conflict, or repartition ownership via `fireforge re-export --files`.');
+        }
+    }
+    else {
+        info('[dry-run] No cross-patch ownership overlap detected.');
+    }
 }
 //# sourceMappingURL=export-flow.js.map

package/dist/src/commands/export-shared.d.ts

@@ -31,7 +31,7 @@ export declare function runPatchLint(engineDir: string, filesAffected: string[],
  * @param isInteractive - Whether interactive prompts are allowed
  * @param commandName - Command name for error/help text
  */
-export declare function promptExportPatchMetadata(options: ExportOptions, isInteractive: boolean, commandName: 'export' | 'export-all'): Promise<{
+export declare function promptExportPatchMetadata(options: ExportOptions, isInteractive: boolean, commandName: 'export' | 'export-all', config?: FireForgeConfig): Promise<{
     patchName: string;
     selectedCategory: PatchCategory;
     description: string;

package/dist/src/commands/export-shared.js

@@ -5,10 +5,11 @@ import { addLicenseHeaderToFile, getLicenseHeader } from '../core/license-header
 import { findAllPatchesForFiles } from '../core/patch-export.js';
 import { commentStyleForFile, detectNewFilesInDiff, lintExportedPatch, resolvePatchSizeTier, } from '../core/patch-lint.js';
 import { loadPatchesManifest } from '../core/patch-manifest.js';
+import { getPatchPolicyCategories, isCategoryAllowedByConfig } from '../core/patch-policy.js';
 import { GeneralError, InvalidArgumentError } from '../errors/base.js';
 import { pathExists, readText } from '../utils/fs.js';
 import { cancel, info, isCancel, warn } from '../utils/logger.js';
-import { isValidPatchCategory, PATCH_CATEGORIES, validatePatchName } from '../utils/validation.js';
+import { PATCH_CATEGORIES, validatePatchName } from '../utils/validation.js';
 /**
  * Runs the full patch lint pipeline and reports results.
  * Warnings are always displayed. Errors block the export unless skipLint is true.
@@ -89,7 +90,8 @@ export async function runPatchLint(engineDir, filesAffected, diffContent, config
  * @param isInteractive - Whether interactive prompts are allowed
  * @param commandName - Command name for error/help text
  */
-export async function promptExportPatchMetadata(options, isInteractive, commandName) {
+export async function promptExportPatchMetadata(options, isInteractive, commandName, config) {
+    const categories = config !== undefined ? getPatchPolicyCategories(config) : [...PATCH_CATEGORIES];
     let patchName = options.name;
     if (patchName) {
         const validationError = validatePatchName(patchName);
@@ -98,7 +100,7 @@ export async function promptExportPatchMetadata(options, isInteractive, commandN
         }
     }
     if (!patchName && !isInteractive) {
-        throw new InvalidArgumentError('The --name flag is required in non-interactive mode', `Use: fireforge ${commandName} ${commandName === 'export' ? '<paths...> ' : ''}--name "my-patch-name" --category ui`);
+        throw new InvalidArgumentError('The --name flag is required in non-interactive mode', `Use: fireforge ${commandName} ${commandName === 'export' ? '<paths...> ' : ''}--name "my-patch-name" --category ${categories[0] ?? 'ui'}`);
     }
     if (!patchName) {
         const nameResult = await text({
@@ -114,23 +116,20 @@ export async function promptExportPatchMetadata(options, isInteractive, commandN
     }
     let category = options.category;
     if (category) {
-        if (!isValidPatchCategory(category)) {
-            throw new InvalidArgumentError(`Invalid category. Must be one of: ${PATCH_CATEGORIES.join(', ')}`, '--category');
+        const isAllowed = config !== undefined
+            ? isCategoryAllowedByConfig(config, category)
+            : PATCH_CATEGORIES.includes(category);
+        if (!isAllowed) {
+            throw new InvalidArgumentError(`Invalid category. Must be one of: ${categories.join(', ')}`, '--category');
         }
     }
     else if (!isInteractive) {
-        throw new InvalidArgumentError('The --category flag is required in non-interactive mode', `Use: fireforge ${commandName} ${commandName === 'export' ? '<paths...> ' : ''}--name "name" --category <${PATCH_CATEGORIES.join('|')}>`);
+        throw new InvalidArgumentError('The --category flag is required in non-interactive mode', `Use: fireforge ${commandName} ${commandName === 'export' ? '<paths...> ' : ''}--name "name" --category <${categories.join('|')}>`);
     }
     else {
         const categoryResult = await select({
             message: 'Select a category for this patch:',
-            options: [
-                { value: 'branding', label: 'branding - Logo, icons, names, about pages' },
-                { value: 'ui', label: 'ui - User interface changes' },
-                { value: 'privacy', label: 'privacy - Telemetry, tracking, data collection' },
-                { value: 'security', label: 'security - Security hardening, policies' },
-                { value: 'infra', label: 'infra - Build system, tooling, CI, configuration' },
-            ],
+            options: categories.map((value) => ({ value, label: value })),
         });
         if (isCancel(categoryResult)) {
             cancel('Export cancelled');

package/dist/src/commands/export.js

@@ -11,13 +11,15 @@ import { isBinaryFile } from '../core/git-file-ops.js';
 import { getModifiedFilesInDir, getUntrackedFiles, getUntrackedFilesInDir, } from '../core/git-status.js';
 import { extractAffectedFiles } from '../core/patch-apply.js';
 import { commitExportedPatch, findAllPatchesForFiles } from '../core/patch-export.js';
+import { loadPatchesManifest } from '../core/patch-manifest.js';
+import { applyRenameMapToManifest, buildProjectedManifest, enforcePatchPolicy, } from '../core/patch-policy.js';
 import { GeneralError, InvalidArgumentError } from '../errors/base.js';
 import { toError } from '../utils/errors.js';
 import { ensureDir, pathExists } from '../utils/fs.js';
 import { info, intro, outro, spinner, verbose, warn } from '../utils/logger.js';
 import { pickDefined } from '../utils/options.js';
 import { stripEnginePrefix } from '../utils/paths.js';
-import { parsePositiveIntegerFlag, PATCH_CATEGORIES } from '../utils/validation.js';
+import { parsePositiveIntegerFlag } from '../utils/validation.js';
 import { commitPlacementExport, placementSummary, projectPlacementForLint, renderDryRunPreview, resolvePlacementPlan, } from './export-flow.js';
 import { autoFixLicenseHeaders, confirmSupersedePatches, guardOwnershipOverlap, promptExportPatchMetadata, runPatchLint, } from './export-shared.js';
 async function collectExportFiles(paths, files) {
@@ -164,7 +166,7 @@ export async function exportCommand(projectRoot, files, options) {
     if (headersAdded) {
         diff = await generatePatchDiff(paths.engine, allFiles);
     }
-    const metadata = await promptExportPatchMetadata(options, isInteractive, 'export');
+    const metadata = await promptExportPatchMetadata(options, isInteractive, 'export', config);
     if (!metadata)
         return;
     const { patchName, selectedCategory, description } = metadata;
@@ -190,6 +192,32 @@ export async function exportCommand(projectRoot, files, options) {
             }
             placementPlan = await resolvePlacementPlan(paths.patches, options, selectedCategory, patchName);
             const conflicts = await projectPlacementForLint(paths.patches, placementPlan, diff);
+            const currentManifest = await loadPatchesManifest(paths.patches);
+            const renamed = currentManifest !== null
+                ? applyRenameMapToManifest(currentManifest, placementPlan.renameMap)
+                : buildProjectedManifest(null, []);
+            enforcePatchPolicy({
+                config,
+                manifest: buildProjectedManifest(renamed, [
+                    ...renamed.patches,
+                    {
+                        filename: placementPlan.newFilename,
+                        order: placementPlan.insertionOrder,
+                        category: selectedCategory,
+                        name: patchName,
+                        description,
+                        createdAt: new Date().toISOString(),
+                        sourceEsrVersion: config.firefox.version,
+                        filesAffected,
+                        ...(options.tier !== undefined ? { tier: options.tier } : {}),
+                        ...(options.lintIgnore !== undefined && options.lintIgnore.length > 0
+                            ? { lintIgnore: options.lintIgnore }
+                            : {}),
+                    },
+                ]),
+                command: 'export',
+                forceUnsafe: options.forceUnsafe === true,
+            });
             const summary = placementSummary(placementPlan);
             const renameCount = placementPlan.renameMap.size;
             // Route through confirmDestructive when the operation is destructive
@@ -233,10 +261,13 @@ export async function exportCommand(projectRoot, files, options) {
                 filesAffected,
                 sourceEsrVersion: config.firefox.version,
                 explicitSupersede: options.supersede === true,
+                allowOverlap: options.allowOverlap === true,
                 ...(options.tier !== undefined ? { tier: options.tier } : {}),
                 ...(options.lintIgnore !== undefined && options.lintIgnore.length > 0
                     ? { lintIgnore: options.lintIgnore }
                     : {}),
+                config,
+                forceUnsafe: options.forceUnsafe === true,
             });
             outro('Dry run complete — no changes made');
             return;
@@ -269,6 +300,8 @@ export async function exportCommand(projectRoot, files, options) {
                 metadata: placementMetadata,
                 expectedPlan: placementPlan,
                 unsafeOverride: options.forceUnsafe === true,
+                config,
+                forceUnsafe: options.forceUnsafe === true,
                 // History append runs inside the same lock as the mutation so
                 // concurrent placement exports cannot interleave their records
                 // and a crash between mutation and record cannot orphan the
@@ -334,6 +367,9 @@ export async function exportCommand(projectRoot, files, options) {
             ...(options.lintIgnore !== undefined && options.lintIgnore.length > 0
                 ? { lintIgnore: options.lintIgnore }
                 : {}),
+            config,
+            policyCommand: 'export',
+            forceUnsafe: options.forceUnsafe === true,
         });
         for (const oldPatch of superseded) {
             info(`Superseded: ${oldPatch.filename}`);
@@ -356,7 +392,7 @@ export function registerExport(program, { getProjectRoot, withErrorHandling }) {
         .command('export <paths...>')
         .description('Export new changes as a patch (use re-export to update existing patches)')
         .option('-n, --name <name>', 'Name for the patch')
-        .addOption(new Option('-c, --category <category>', 'Patch category').choices([...PATCH_CATEGORIES]))
+        .option('-c, --category <category>', 'Patch category')
         .option('-d, --description <desc>', 'Description of the patch')
         .option('--supersede', 'Allow superseding multiple existing patches')
         .option('--skip-lint', 'Skip patch lint checks (downgrade errors to warnings)')
@@ -374,7 +410,7 @@ export function registerExport(program, { getProjectRoot, withErrorHandling }) {
         const { category, tier, lintIgnore, ...rest } = options;
         await exportCommand(getProjectRoot(), paths, {
             ...pickDefined(rest),
-            ...(category !== undefined ? { category: category } : {}),
+            ...(category !== undefined ? { category } : {}),
             ...(tier !== undefined ? { tier: tier } : {}),
             ...(lintIgnore !== undefined && lintIgnore.length > 0 ? { lintIgnore } : {}),
         });

package/dist/src/commands/furnace/create-templates.js

@@ -39,12 +39,18 @@ window.MozXULElement?.insertFTLIfNeeded("${ftlPath}");
         ? `
   connectedCallback() {
     super.connectedCallback();
-    this.ownerDocument.l10n?.connectRoot(this.shadowRoot);
+    const { shadowRoot } = this;
+    if (shadowRoot) {
+      this.ownerDocument.l10n?.connectRoot(shadowRoot);
+    }
   }
 
   disconnectedCallback() {
     super.disconnectedCallback();
-    this.ownerDocument.l10n?.disconnectRoot(this.shadowRoot);
+    const { shadowRoot } = this;
+    if (shadowRoot) {
+      this.ownerDocument.l10n?.disconnectRoot(shadowRoot);
+    }
   }
 `
         : '';
@@ -59,6 +65,7 @@ ${ftlModulePreamble}
  * @tagname ${name}
  */
 class ${className} extends MozLitElement {
+  /** @type {Record<string, unknown>} */
   static properties = {};
 
   constructor() {
@@ -72,7 +79,7 @@ ${lifecycleHooks}
     \`;
   }
 }
-customElements.define("${name}", ${className});
+customElements.define("${name}", /** @type {CustomElementConstructor} */ (${className}));
 `;
 }
 /** Generates the .css file content for a custom component. */

package/dist/src/commands/furnace/create.js

@@ -111,6 +111,7 @@ support-files = ["head.js"]
  * @returns {Promise<CustomElementConstructor>}
  */
 async function waitForElement(tag) {
+  document.createElement(tag);
   return customElements.whenDefined(tag);
 }
 `;

package/dist/src/commands/furnace/deploy.js

@@ -364,7 +364,7 @@ export async function furnaceDeployCommand(projectRoot, name, options = {}) {
     }
     const validateSpinner = spinner(isDryRun ? 'Validating (read-only)...' : 'Validating...');
     const failedComponents = getFailedComponentNames(result);
-    const validation = await runDeployValidation(validateSpinner, name, config, furnacePaths, failedComponents, isDryRun, projectRoot);
+    const validation = await runDeployValidation(validateSpinner, name, config, furnacePaths, failedComponents, isDryRun, projectRoot, result.actions);
     if (validation.done)
         return;
     const { totalErrors, totalWarnings, componentCount, skippedValidationCount } = validation;

package/dist/src/commands/furnace/validation-output.d.ts

@@ -1,5 +1,5 @@
 import type { getFurnacePaths } from '../../core/furnace-config.js';
-import type { FurnaceConfig, ValidationIssue } from '../../types/furnace.js';
+import type { DryRunAction, FurnaceConfig, ValidationIssue } from '../../types/furnace.js';
 import { type SpinnerHandle } from '../../utils/logger.js';
 /**
  * Displays validation issues and returns aggregated error and warning counts.
@@ -27,4 +27,4 @@ export type ValidationResult = {
  * @param projectRoot - Root directory of the project
  * @returns Validation counts, or `done: true` if the caller should early-return
  */
-export declare function runDeployValidation(validateSpinner: SpinnerHandle, name: string | undefined, config: FurnaceConfig, furnacePaths: ReturnType<typeof getFurnacePaths>, failedComponents: Set<string>, isDryRun: boolean, projectRoot: string): Promise<ValidationResult>;
+export declare function runDeployValidation(validateSpinner: SpinnerHandle, name: string | undefined, config: FurnaceConfig, furnacePaths: ReturnType<typeof getFurnacePaths>, failedComponents: Set<string>, isDryRun: boolean, projectRoot: string, dryRunActions?: DryRunAction[]): Promise<ValidationResult>;

package/dist/src/commands/furnace/validation-output.js

@@ -24,6 +24,18 @@ export function displayValidationIssues(issues) {
     }
     return [errors, warnings];
 }
+function filterProjectedDryRunIssues(issues, actions) {
+    if (!actions || actions.length === 0)
+        return issues;
+    const plannedJarRegistrations = new Set(actions.filter((action) => action.action === 'register-jar').map((action) => action.component));
+    return issues.filter((issue) => {
+        if (plannedJarRegistrations.has(issue.component) &&
+            (issue.check === 'missing-jar-mn-mjs' || issue.check === 'missing-jar-mn-css')) {
+            return false;
+        }
+        return true;
+    });
+}
 function resolveNamedValidationTarget(name, config, furnacePaths) {
     if (name in config.overrides) {
         return {
@@ -53,7 +65,7 @@ function resolveNamedValidationTarget(name, config, furnacePaths) {
  * @param projectRoot - Root directory of the project
  * @returns Validation counts, or `done: true` if the caller should early-return
  */
-export async function runDeployValidation(validateSpinner, name, config, furnacePaths, failedComponents, isDryRun, projectRoot) {
+export async function runDeployValidation(validateSpinner, name, config, furnacePaths, failedComponents, isDryRun, projectRoot, dryRunActions) {
     let totalErrors = 0;
     let totalWarnings = 0;
     let componentCount = 0;
@@ -75,7 +87,8 @@ export async function runDeployValidation(validateSpinner, name, config, furnace
             validateSpinner.stop('Validation failed');
             throw new FurnaceError(`Component directory not found for "${name}".`, name);
         }
-        const issues = await validateComponent(target.componentDir, name, target.type, config, projectRoot);
+        const rawIssues = await validateComponent(target.componentDir, name, target.type, config, projectRoot);
+        const issues = isDryRun ? filterProjectedDryRunIssues(rawIssues, dryRunActions) : rawIssues;
         componentCount = 1;
         validateSpinner.stop('Validation complete');
         if (issues.length === 0) {
@@ -96,11 +109,14 @@ export async function runDeployValidation(validateSpinner, name, config, furnace
                 continue;
             }
             componentCount++;
-            if (issues.length === 0) {
+            const projectedIssues = isDryRun
+                ? filterProjectedDryRunIssues(issues, dryRunActions)
+                : issues;
+            if (projectedIssues.length === 0) {
                 success(`${componentName} — all checks passed`);
             }
             else {
-                const [errors, warnings] = displayValidationIssues(issues);
+                const [errors, warnings] = displayValidationIssues(projectedIssues);
                 totalErrors += errors;
                 totalWarnings += warnings;
             }

package/dist/src/commands/lint.js

@@ -11,6 +11,7 @@ import { extractAffectedFiles } from '../core/patch-apply.js';
 import { buildPatchQueueContext, lintExportedPatch, lintPatchQueue, resolvePatchSizeTier, } from '../core/patch-lint.js';
 import { collectDiffFilePaths, tagLintIssues } from '../core/patch-lint-diff-tag.js';
 import { loadPatchesManifest } from '../core/patch-manifest.js';
+import { evaluatePatchPolicy } from '../core/patch-policy.js';
 import { GeneralError } from '../errors/base.js';
 import { pathExists } from '../utils/fs.js';
 import { info, intro, outro, success, warn } from '../utils/logger.js';
@@ -407,6 +408,14 @@ async function lintPerPatch(projectRoot, paths) {
     const config = await loadConfig(projectRoot);
     const ctx = await buildPatchQueueContext(paths.patches);
     const issues = [];
+    for (const issue of evaluatePatchPolicy(config, manifest)) {
+        issues.push({
+            file: issue.filename,
+            check: `patch-policy/${issue.code}`,
+            message: issue.message,
+            severity: issue.severity,
+        });
+    }
     let linted = 0;
     let skipped = 0;
     for (const patch of manifest.patches) {