@hominis/fireforge 0.25.0 → 0.27.0

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## 0.27.0
+
+- Improved `download --force` git indexing progress with phase, count, and heartbeat output.
+- Added `re-export --files --allow-shrink` so patch ownership shrinkage is refused unless explicitly acknowledged, with clearer dry-run previews.
+- Surfaced likely new sibling files during plain re-export and aligned verify/status ownership reporting for unowned worktree changes.
+- Preserved patch-owned branding `configure.sh` settings during build preflight.
+- Added custom element registration support for Furnace validate/apply.
+
+## 0.26.0
+
+- Added targeted `re-export --scan --scan-file <path>` for reviewed single-patch new-file assignment without broad sibling collection.
+- Added a FireForge-owned worktree whitespace gate that excludes generated `patches/*.patch` diff syntax from repository whitespace checks.
+- Kept generated patch context lines unchanged while making release checks use the FireForge whitespace gate.
+
 ## 0.25.0
 
 - Kept `MOZ_APP_VENDOR` in `browser/moz.configure` for Firefox ESR 140 project-flag trees instead of generated branding `configure.sh`.

package/dist/src/commands/re-export-files.js

@@ -92,6 +92,41 @@ function buildFilesModeMetadataUpdates(actualProjectedFiles, options, effectiveL
     }
     return updates;
 }
+async function confirmFilesModeProjection(args) {
+    const { target, retained, removed, added, actualProjectedFiles, missingFiles, options, conflicts, } = args;
+    const isDryRun = options.dryRun === true;
+    const summary = [
+        `re-export ${target.filename} with --files scope`,
+        `current files (${target.filesAffected.length}): ${target.filesAffected.join(', ') || '(none)'}`,
+        `retained files (${retained.length}): ${retained.join(', ') || '(none)'}`,
+        `projected files (${actualProjectedFiles.length}): ${actualProjectedFiles.join(', ') || '(none)'}`,
+    ];
+    if (removed.length > 0) {
+        summary.push(`removed files (${removed.length}; become unmanaged): ${removed.join(', ')}`);
+    }
+    if (added.length > 0) {
+        summary.push(`newly included files (${added.length}): ${added.join(', ')}`);
+    }
+    if (missingFiles.length > 0) {
+        summary.push(`missing on disk (will be dropped): ${missingFiles.join(', ')}`);
+    }
+    if (!isDryRun && removed.length > 0 && options.allowShrink !== true) {
+        warn(`Refusing to shrink ${target.filename} without --allow-shrink.`);
+        for (const line of summary) {
+            info(`  ${line}`);
+        }
+        throw new InvalidArgumentError(`Refusing to re-export ${target.filename} with --files because it would remove ${removed.length} existing patch-owned file${removed.length === 1 ? '' : 's'}. Run again with --allow-shrink after reviewing the dry-run output.`, '--allow-shrink');
+    }
+    return confirmDestructive({
+        operation: 're-export-files',
+        title: `Re-export ${target.filename} with --files`,
+        summary,
+        yes: removed.length === 0 && missingFiles.length === 0 ? true : options.yes === true,
+        dryRun: isDryRun,
+        unsafeOverride: options.forceUnsafe === true,
+        conflicts,
+    });
+}
 /**
  * Handles `re-export --files` end-to-end: computes the projected diff,
  * runs the per-patch and cross-patch lint against a context in which the
@@ -106,7 +141,6 @@ function buildFilesModeMetadataUpdates(actualProjectedFiles, options, effectiveL
  * of the projected state.
  */
 export async function reExportFilesInPlace(paths, selectedPatches, options, config) {
-    const isDryRun = options.dryRun === true;
     const target = selectedPatches[0];
     if (!target) {
         throw new InvalidArgumentError('--files requires a target patch.', '--files');
@@ -118,6 +152,7 @@ export async function reExportFilesInPlace(paths, selectedPatches, options, conf
     const requested = [...new Set(filesOption)].sort();
     const removed = target.filesAffected.filter((f) => !requested.includes(f));
     const added = requested.filter((f) => !target.filesAffected.includes(f));
+    const retained = target.filesAffected.filter((f) => requested.includes(f));
     // Filter out paths that no longer exist on disk; we cannot include
     // them in the new diff because getDiffForFilesAgainstHead would fail.
     // Missing files are still dropped from the manifest so the resulting
@@ -175,31 +210,14 @@ export async function reExportFilesInPlace(paths, selectedPatches, options, conf
             forceUnsafe: options.forceUnsafe === true,
         });
     }
-    // Shrinks are destructive (previously-owned files become unmanaged), so
-    // they keep the explicit confirmation gate. Additive-only scopes are safe
-    // to run non-interactively after lint/policy projection because no existing
-    // patch ownership is being dropped.
-    const summary = [
-        `re-export ${target.filename} with --files scope`,
-        `current files (${target.filesAffected.length}): ${target.filesAffected.join(', ') || '(none)'}`,
-        `new files (${actualProjectedFiles.length}): ${actualProjectedFiles.join(', ') || '(none)'}`,
-    ];
-    if (removed.length > 0) {
-        summary.push(`would drop (become unmanaged): ${removed.join(', ')}`);
-    }
-    if (added.length > 0) {
-        summary.push(`would add: ${added.join(', ')}`);
-    }
-    if (missingFiles.length > 0) {
-        summary.push(`missing on disk (will be dropped): ${missingFiles.join(', ')}`);
-    }
-    const decision = await confirmDestructive({
-        operation: 're-export-files',
-        title: `Re-export ${target.filename} with --files`,
-        summary,
-        yes: removed.length === 0 && missingFiles.length === 0 ? true : options.yes === true,
-        dryRun: isDryRun,
-        unsafeOverride: options.forceUnsafe === true,
+    const decision = await confirmFilesModeProjection({
+        target,
+        retained,
+        removed,
+        added,
+        actualProjectedFiles,
+        missingFiles,
+        options,
         conflicts,
     });
     if (decision === 'cancelled') {

package/dist/src/commands/re-export-scan.d.ts

@@ -0,0 +1,35 @@
+import type { PatchesManifest } from '../types/commands/index.js';
+export interface ScanResult {
+    updated: string[];
+    added: string[];
+    removed: string[];
+}
+/** Normalizes repeatable `--scan-file` inputs into safe engine-relative paths. */
+export declare function normalizeScanFiles(scanFiles: readonly string[] | undefined): string[] | undefined;
+/** Scans either broad sibling directories or explicit `--scan-file` paths for re-export. */
+export declare function scanPatchFilesForReExport(args: {
+    currentFilesAffected: string[];
+    engineDir: string;
+    manifest: PatchesManifest;
+    patchFilename: string;
+    isDryRun: boolean;
+    scanFiles?: readonly string[];
+}): Promise<ScanResult>;
+/**
+ * Confirms broad directory-scan additions before a mutating re-export writes
+ * them into patch ownership.
+ */
+export declare function confirmBroadScanAdditions(args: {
+    patchFilename: string;
+    added: readonly string[];
+    isDryRun: boolean;
+    yes: boolean;
+    isInteractive: boolean;
+}): Promise<boolean>;
+/** Refuses explicit `--scan-file` additions that did not produce patch hunks. */
+export declare function assertScanFileAdditionsHaveDiffHunks(args: {
+    diffContent: string;
+    patchFilename: string;
+    previousFilesAffected: readonly string[];
+    scanFiles: readonly string[] | undefined;
+}): void;

package/dist/src/commands/re-export-scan.js

@@ -0,0 +1,139 @@
+// SPDX-License-Identifier: EUPL-1.2
+import { dirname, join } from 'node:path';
+import { confirm } from '@clack/prompts';
+import { getModifiedFilesInDir, getUntrackedFilesInDir } from '../core/git-status.js';
+import { extractAffectedFiles } from '../core/patch-apply.js';
+import { getClaimedFiles } from '../core/patch-manifest.js';
+import { GeneralError, InvalidArgumentError } from '../errors/base.js';
+import { pathExists } from '../utils/fs.js';
+import { cancel, info, isCancel, warn } from '../utils/logger.js';
+import { isContainedRelativePath, normalizePathSlashes, stripEnginePrefix, } from '../utils/paths.js';
+const SCAN_ADD_COUNT_THRESHOLD = 3;
+const SCAN_DIR_COUNT_THRESHOLD = 2;
+/** Normalizes repeatable `--scan-file` inputs into safe engine-relative paths. */
+export function normalizeScanFiles(scanFiles) {
+    const normalized = [...new Set(scanFiles ?? [])]
+        .map((file) => normalizeEngineRelativeInput(file, '--scan-file'))
+        .sort();
+    return normalized.length > 0 ? normalized : undefined;
+}
+function normalizeEngineRelativeInput(rawPath, flagName) {
+    const normalized = normalizePathSlashes(stripEnginePrefix(rawPath).trim());
+    if (normalized.length === 0) {
+        throw new InvalidArgumentError(`${flagName} requires a non-empty engine-relative path.`, flagName);
+    }
+    if (!isContainedRelativePath(normalized)) {
+        throw new InvalidArgumentError(`${flagName} path must stay within engine/: ${rawPath}`, flagName);
+    }
+    return normalized;
+}
+/** Scans either broad sibling directories or explicit `--scan-file` paths for re-export. */
+export async function scanPatchFilesForReExport(args) {
+    const { scanFiles } = args;
+    if (scanFiles !== undefined) {
+        return scanPatchFilesTargeted({ ...args, scanFiles });
+    }
+    return scanPatchFiles(args);
+}
+async function scanPatchFiles(args) {
+    const { currentFilesAffected, engineDir, manifest, patchFilename, isDryRun } = args;
+    const parentDirs = [...new Set(currentFilesAffected.map((f) => dirname(f)))];
+    const claimedByOthers = getClaimedFiles(manifest, patchFilename);
+    const discoveredFiles = new Set();
+    for (const dir of parentDirs) {
+        const modifiedFiles = await getModifiedFilesInDir(engineDir, dir);
+        const untrackedFiles = await getUntrackedFilesInDir(engineDir, dir);
+        for (const f of [...modifiedFiles, ...untrackedFiles])
+            discoveredFiles.add(f);
+    }
+    const currentSet = new Set(currentFilesAffected);
+    const added = [...discoveredFiles]
+        .filter((f) => !currentSet.has(f) && !claimedByOthers.has(f))
+        .sort();
+    const removed = await findRemovedFiles(currentFilesAffected, engineDir);
+    return reportScanResult(currentFilesAffected, patchFilename, isDryRun, added, removed);
+}
+async function scanPatchFilesTargeted(args) {
+    const { currentFilesAffected, engineDir, manifest, patchFilename, isDryRun, scanFiles } = args;
+    const currentSet = new Set(currentFilesAffected);
+    const claimedByOthers = getClaimedFiles(manifest, patchFilename);
+    const added = [];
+    for (const file of scanFiles) {
+        if (claimedByOthers.has(file)) {
+            throw new InvalidArgumentError(`--scan-file path is already claimed by another patch: ${file}`, '--scan-file');
+        }
+        if (!(await pathExists(join(engineDir, file)))) {
+            throw new InvalidArgumentError(`--scan-file path not found in engine/: ${file}`, '--scan-file');
+        }
+        if (!currentSet.has(file))
+            added.push(file);
+    }
+    const removed = await findRemovedFiles(currentFilesAffected, engineDir);
+    return reportScanResult(currentFilesAffected, patchFilename, isDryRun, added.sort(), removed);
+}
+async function findRemovedFiles(files, engineDir) {
+    const removed = [];
+    for (const file of files) {
+        if (!(await pathExists(join(engineDir, file))))
+            removed.push(file);
+    }
+    return removed.sort();
+}
+function reportScanResult(currentFilesAffected, patchFilename, isDryRun, added, removed) {
+    for (const f of added)
+        info(`  + ${f}`);
+    for (const f of removed)
+        info(`  - ${f}`);
+    if (added.length === 0 && removed.length === 0) {
+        return { updated: currentFilesAffected, added: [], removed: [] };
+    }
+    const removedSet = new Set(removed);
+    const updated = [...currentFilesAffected.filter((f) => !removedSet.has(f)), ...added].sort();
+    info(`  ${isDryRun ? 'Would update' : 'Updated'} ${patchFilename}: +${added.length} / -${removed.length} files`);
+    return { updated, added, removed };
+}
+/**
+ * Confirms broad directory-scan additions before a mutating re-export writes
+ * them into patch ownership.
+ */
+export async function confirmBroadScanAdditions(args) {
+    const { patchFilename, added, isDryRun, yes, isInteractive } = args;
+    if (isDryRun || yes || !scanAdditionsNeedConfirmation(added))
+        return true;
+    const dirCount = new Set(added.map((f) => dirname(f))).size;
+    warn(`${patchFilename}: --scan would add ${String(added.length)} file(s) that span ${String(dirCount)} director${dirCount === 1 ? 'y' : 'ies'}. ` +
+        'Broad scans can silently pull adjacent features into a patch — review the diff before continuing.');
+    if (!isInteractive) {
+        throw new GeneralError(`Refusing to broaden "${patchFilename}" via --scan in non-interactive mode. ` +
+            'Pass --yes to acknowledge the expansion, or run with --dry-run first to review.');
+    }
+    const confirmed = await confirm({
+        message: `Proceed and broaden ${patchFilename} with ${String(added.length)} newly discovered file(s)?`,
+        initialValue: false,
+    });
+    if (isCancel(confirmed) || !confirmed) {
+        cancel(`Skipped ${patchFilename}`);
+        return false;
+    }
+    return true;
+}
+function scanAdditionsNeedConfirmation(added) {
+    if (added.length === 0)
+        return false;
+    if (added.length > SCAN_ADD_COUNT_THRESHOLD)
+        return true;
+    return new Set(added.map((f) => dirname(f))).size >= SCAN_DIR_COUNT_THRESHOLD;
+}
+/** Refuses explicit `--scan-file` additions that did not produce patch hunks. */
+export function assertScanFileAdditionsHaveDiffHunks(args) {
+    const { diffContent, patchFilename, previousFilesAffected, scanFiles } = args;
+    if (scanFiles === undefined)
+        return;
+    const previous = new Set(previousFilesAffected);
+    const diffFiles = new Set(extractAffectedFiles(diffContent));
+    const noDiffScanFiles = scanFiles.filter((file) => !previous.has(file) && !diffFiles.has(file));
+    if (noDiffScanFiles.length === 0)
+        return;
+    throw new InvalidArgumentError(`Refusing to re-export ${patchFilename} with --scan-file because ${noDiffScanFiles.length} explicit added path${noDiffScanFiles.length === 1 ? '' : 's'} produced no diff hunks (${noDiffScanFiles.join(', ')}). Remove unchanged paths or modify them before retrying.`, '--scan-file');
+}
+//# sourceMappingURL=re-export-scan.js.map

package/dist/src/commands/re-export.js

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: EUPL-1.2
 import { dirname, join } from 'node:path';
-import { confirm, multiselect } from '@clack/prompts';
+import { multiselect } from '@clack/prompts';
 import { Option } from 'commander';
 import { getProjectPaths, loadConfig } from '../core/config.js';
 import { isGitRepository } from '../core/git.js';
@@ -13,124 +13,85 @@ import { GeneralError, InvalidArgumentError } from '../errors/base.js';
 import { toError } from '../utils/errors.js';
 import { pathExists } from '../utils/fs.js';
 import { cancel, info, intro, isCancel, outro, spinner, success, warn } from '../utils/logger.js';
-/**
- * Threshold above which `--scan` must be explicitly confirmed. Values were
- * picked so the common "refresh after one-or-two-file tweak" case stays
- * frictionless while catching the eval finding #13 scenario where `--scan`
- * silently pulled in an entire sibling feature (xhtml + tests + theme CSS).
- */
-const SCAN_ADD_COUNT_THRESHOLD = 3;
-const SCAN_DIR_COUNT_THRESHOLD = 2;
 import { pickDefined } from '../utils/options.js';
 import { runPatchLint } from './export-shared.js';
 import { reExportFilesInPlace } from './re-export-files.js';
-async function scanPatchFiles(currentFilesAffected, engineDir, manifest, patchFilename, isDryRun) {
-    const parentDirs = [...new Set(currentFilesAffected.map((f) => dirname(f)))];
-    const claimedByOthers = getClaimedFiles(manifest, patchFilename);
-    const discoveredFiles = new Set();
-    for (const dir of parentDirs) {
-        const modifiedFiles = await getModifiedFilesInDir(engineDir, dir);
-        const untrackedFiles = await getUntrackedFilesInDir(engineDir, dir);
-        for (const f of [...modifiedFiles, ...untrackedFiles]) {
-            discoveredFiles.add(f);
-        }
+import { assertScanFileAdditionsHaveDiffHunks, confirmBroadScanAdditions, normalizeScanFiles, scanPatchFilesForReExport, } from './re-export-scan.js';
+async function findMissingFiles(engineDir, files) {
+    const missingFiles = [];
+    for (const file of files) {
+        if (!(await pathExists(join(engineDir, file))))
+            missingFiles.push(file);
     }
+    return missingFiles;
+}
+async function findLikelyNewSiblingFiles(args) {
+    const { currentFilesAffected, engineDir, manifest, patchFilename } = args;
+    const parentDirs = [...new Set(currentFilesAffected.map((file) => dirname(file)))];
     const currentSet = new Set(currentFilesAffected);
-    const added = [];
-    for (const f of discoveredFiles) {
-        if (!currentSet.has(f) && !claimedByOthers.has(f)) {
-            added.push(f);
-        }
-    }
-    const removed = [];
-    for (const f of currentFilesAffected) {
-        const filePath = join(engineDir, f);
-        if (!(await pathExists(filePath))) {
-            removed.push(f);
+    const claimedByOthers = getClaimedFiles(manifest, patchFilename);
+    const candidates = new Set();
+    for (const dir of parentDirs) {
+        const [modifiedFiles, untrackedFiles] = await Promise.all([
+            getModifiedFilesInDir(engineDir, dir),
+            getUntrackedFilesInDir(engineDir, dir),
+        ]);
+        for (const file of [...modifiedFiles, ...untrackedFiles]) {
+            if (currentSet.has(file) || claimedByOthers.has(file))
+                continue;
+            candidates.add(file);
         }
     }
-    const sortedAdded = [...added].sort();
-    const sortedRemoved = [...removed].sort();
-    for (const f of sortedAdded) {
-        info(`  + ${f}`);
-    }
-    for (const f of sortedRemoved) {
-        info(`  - ${f}`);
-    }
-    if (added.length > 0 || removed.length > 0) {
-        const removedSet = new Set(removed);
-        const updated = [...currentFilesAffected.filter((f) => !removedSet.has(f)), ...added].sort();
-        info(`  ${isDryRun ? 'Would update' : 'Updated'} ${patchFilename}: +${added.length} / -${removed.length} files`);
-        return { updated, added: sortedAdded, removed: sortedRemoved };
-    }
-    return { updated: currentFilesAffected, added: [], removed: [] };
-}
-/**
- * Returns true when the caller-confirmed threshold is exceeded for this
- * scan's additions. The heuristic treats "small, same-directory" additions
- * as friction-free (the common refresh case) and flags larger or
- * multi-directory expansions so operators see them before they land.
- *
- * Pre-0.16.0 `--scan` silently broadened patches to include any modified or
- * untracked file that shared a parent directory with the existing
- * filesAffected — in practice, pulling adjacent feature code into a patch
- * that had nothing to do with it. The gate below turns the broadening into
- * an explicit opt-in.
- */
-function scanAdditionsNeedConfirmation(added) {
-    if (added.length === 0)
-        return false;
-    if (added.length > SCAN_ADD_COUNT_THRESHOLD)
-        return true;
-    const dirs = new Set(added.map((f) => dirname(f)));
-    return dirs.size >= SCAN_DIR_COUNT_THRESHOLD;
+    return [...candidates].sort();
 }
-/**
- * Gate for broad `--scan` additions. Enforces explicit acknowledgement when
- * the scan would pull in more files than a narrow refresh. Dry-run always
- * proceeds (the preview is the whole point).
- *
- * @returns true if the caller should proceed; false if the user cancelled.
- */
-async function confirmBroadScanAdditions(args) {
-    const { patchFilename, added, isDryRun, yes, isInteractive } = args;
-    if (isDryRun)
-        return true;
-    if (!scanAdditionsNeedConfirmation(added))
-        return true;
-    if (yes)
-        return true;
-    warn(`${patchFilename}: --scan would add ${String(added.length)} file(s) that span ${String(new Set(added.map((f) => dirname(f))).size)} director${new Set(added.map((f) => dirname(f))).size === 1 ? 'y' : 'ies'}. ` +
-        'Broad scans can silently pull adjacent features into a patch — review the diff before continuing.');
-    if (!isInteractive) {
-        throw new GeneralError(`Refusing to broaden "${patchFilename}" via --scan in non-interactive mode. ` +
-            'Pass --yes to acknowledge the expansion, or run with --dry-run first to review.');
-    }
-    const confirmed = await confirm({
-        message: `Proceed and broaden ${patchFilename} with ${String(added.length)} newly discovered file(s)?`,
-        initialValue: false,
+async function warnPlainReExportFileDrift(args) {
+    const { patch, paths, manifest, currentFilesAffected } = args;
+    const missingFiles = await findMissingFiles(paths.engine, currentFilesAffected);
+    if (missingFiles.length > 0) {
+        warn(`${patch.filename}: some files in patches.json no longer exist on disk ` +
+            `(${missingFiles.join(', ')}). Without --scan, re-export keeps the manifest's ` +
+            `filesAffected unchanged and the missing entries will be preserved — ` +
+            `\`fireforge verify\` may flag manifest inconsistency after this run.\n` +
+            `  Re-run with --scan to reconcile filesAffected with the current worktree, ` +
+            `or pass --files <paths> to set the list explicitly.`);
+    }
+    const likelyNewFiles = await findLikelyNewSiblingFiles({
+        currentFilesAffected,
+        engineDir: paths.engine,
+        manifest,
+        patchFilename: patch.filename,
     });
-    if (isCancel(confirmed) || !confirmed) {
-        cancel(`Skipped ${patchFilename}`);
-        return false;
+    if (likelyNewFiles.length === 0)
+        return;
+    warn(`${patch.filename}: found ${likelyNewFiles.length} unowned changed sibling file${likelyNewFiles.length === 1 ? '' : 's'} near this patch. Plain re-export keeps filesAffected unchanged; add reviewed files explicitly with --scan-file.`);
+    for (const file of likelyNewFiles) {
+        info(`  ${file} — fireforge re-export ${patch.filename} --scan --scan-file ${file}`);
     }
-    return true;
 }
 async function reExportSinglePatch(patch, paths, manifest, options, isDryRun, config) {
     let currentFilesAffected = [...patch.filesAffected];
     // --- Scan for new/removed files ---
     if (options.scan) {
-        const scanResult = await scanPatchFiles(currentFilesAffected, paths.engine, manifest, patch.filename, isDryRun);
-        const isInteractive = process.stdin.isTTY && process.stdout.isTTY;
-        const proceed = await confirmBroadScanAdditions({
+        const scanResult = await scanPatchFilesForReExport({
+            currentFilesAffected,
+            engineDir: paths.engine,
+            manifest,
             patchFilename: patch.filename,
-            added: scanResult.added,
             isDryRun,
-            yes: options.yes === true,
-            isInteractive,
+            ...(options.scanFiles !== undefined ? { scanFiles: options.scanFiles } : {}),
         });
-        if (!proceed) {
-            return false;
+        if (options.scanFiles === undefined) {
+            const isInteractive = process.stdin.isTTY && process.stdout.isTTY;
+            const proceed = await confirmBroadScanAdditions({
+                patchFilename: patch.filename,
+                added: scanResult.added,
+                isDryRun,
+                yes: options.yes === true,
+                isInteractive,
+            });
+            if (!proceed) {
+                return false;
+            }
         }
         currentFilesAffected = scanResult.updated;
     }
@@ -144,20 +105,7 @@ async function reExportSinglePatch(patch, paths, manifest, options, isDryRun, co
         // warning up-front when we can detect the drift cheaply, so the
         // operator has a chance to re-run with `--scan` or `--files`
         // before the stale filesAffected lands in patches.json.
-        const missingFiles = [];
-        for (const file of currentFilesAffected) {
-            if (!(await pathExists(join(paths.engine, file)))) {
-                missingFiles.push(file);
-            }
-        }
-        if (missingFiles.length > 0) {
-            warn(`${patch.filename}: some files in patches.json no longer exist on disk ` +
-                `(${missingFiles.join(', ')}). Without --scan, re-export keeps the manifest's ` +
-                `filesAffected unchanged and the missing entries will be preserved — ` +
-                `\`fireforge verify\` may flag manifest inconsistency after this run.\n` +
-                `  Re-run with --scan to reconcile filesAffected with the current worktree, ` +
-                `or pass --files <paths> to set the list explicitly.`);
-        }
+        await warnPlainReExportFileDrift({ patch, paths, manifest, currentFilesAffected });
     }
     // --- Explicit file-subset path ---
     // When --files is given, the target filesAffected is authoritative — drop
@@ -175,13 +123,7 @@ async function reExportSinglePatch(patch, paths, manifest, options, isDryRun, co
         for (const f of removed)
             info(`  - ${f}`);
     }
-    const missingFiles = [];
-    for (const file of currentFilesAffected) {
-        const filePath = join(paths.engine, file);
-        if (!(await pathExists(filePath))) {
-            missingFiles.push(file);
-        }
-    }
+    const missingFiles = await findMissingFiles(paths.engine, currentFilesAffected);
     if (missingFiles.length === currentFilesAffected.length) {
         warn(`Skipped ${patch.filename}: all affected files missing`);
         warn(`Missing files: ${missingFiles.join(', ')}`);
@@ -193,6 +135,12 @@ async function reExportSinglePatch(patch, paths, manifest, options, isDryRun, co
     const missingSet = new Set(missingFiles);
     const existingFiles = currentFilesAffected.filter((f) => !missingSet.has(f));
     const diffContent = await getDiffForFilesAgainstHead(paths.engine, existingFiles);
+    assertScanFileAdditionsHaveDiffHunks({
+        diffContent,
+        patchFilename: patch.filename,
+        previousFilesAffected: patch.filesAffected,
+        scanFiles: options.scanFiles,
+    });
     if (!diffContent.trim()) {
         warn(`Skipped ${patch.filename}: no changes (files unchanged from HEAD)`);
         return false;
@@ -317,6 +265,15 @@ async function resolveSelectedPatches(patches, options, manifest) {
  * @param options - Re-export options
  */
 export async function reExportCommand(projectRoot, patches, options) {
+    const normalizedScanFiles = normalizeScanFiles(options.scanFiles);
+    if (normalizedScanFiles !== undefined) {
+        options = { ...options, scanFiles: normalizedScanFiles };
+    }
+    else if (options.scanFiles !== undefined) {
+        const cleanedOptions = { ...options };
+        delete cleanedOptions.scanFiles;
+        options = cleanedOptions;
+    }
     const isDryRun = options.dryRun === true;
     intro(isDryRun ? 'FireForge Re-export (dry run)' : 'FireForge Re-export');
     // --files is mutually exclusive with --scan and --all: they select
@@ -329,6 +286,14 @@ export async function reExportCommand(projectRoot, patches, options) {
             throw new InvalidArgumentError('--files operates on exactly one target patch. Pass a single patch identifier.', '--files');
         }
     }
+    if (options.scanFiles !== undefined) {
+        if (!options.scan) {
+            throw new InvalidArgumentError('--scan-file requires --scan.', '--scan-file');
+        }
+        if (options.all || patches.length !== 1) {
+            throw new InvalidArgumentError('--scan-file operates on exactly one target patch. Pass a single patch identifier.', '--scan-file');
+        }
+    }
     // --tier and --lint-ignore are per-patch metadata edits; combining them
     // with --all silently rewrites every patch's tier/ignore list, which is
     // virtually always wrong (different patches have different shapes).
@@ -434,21 +399,24 @@ export function registerReExport(program, { getProjectRoot, withErrorHandling })
         'version stamping.')
         .option('-a, --all', 'Re-export all patches')
         .option('-s, --scan', 'Scan directories for new/removed files and update filesAffected')
+        .option('--scan-file <path>', 'With --scan, add this explicit engine-relative file to one target patch without collecting adjacent files. Repeatable.', (value, prev) => [...prev, value], [])
         .option('--files <paths>', 'Restrict the re-exported filesAffected to this comma-separated list (single target patch only)', (value) => value
         .split(',')
         .map((v) => v.trim())
         .filter((v) => v.length > 0))
         .option('--dry-run', 'Show what would change without writing')
         .option('--skip-lint', 'Skip patch lint checks (downgrade errors to warnings)')
-        .option('-y, --yes', 'Skip confirmation when --files shrinks a patch (required for non-TTY)')
+        .option('--allow-shrink', 'Allow --files to remove paths currently owned by the patch. Required before --yes can bypass the shrink confirmation.')
+        .option('-y, --yes', 'Skip confirmation prompts (required for non-TTY destructive writes)')
         .option('--force-unsafe', 'Bypass cross-patch lint refusal when --files shrinks a patch')
         .option('--stamp', "After every selected patch refreshes cleanly, stamp each re-exported patch's sourceEsrVersion in patches.json to firefox.version from fireforge.json. No effect on a partial run.")
         .addOption(new Option('--tier <tier>', 'Force a tier override on the selected patch (only "branding" recognised). Mutually exclusive with --all.').choices(['branding']))
         .option('--lint-ignore <check-id>', 'Append a lint check ID to the patch\'s PatchMetadata.lintIgnore (union, de-duped, repeatable). Mutually exclusive with --all. Use "fireforge patch lint-ignore" for --remove / --clear.', (value, prev) => [...prev, value], [])
         .action(withErrorHandling(async (patches, options) => {
-        const { tier, lintIgnore, ...rest } = options;
+        const { tier, lintIgnore, scanFile, ...rest } = options;
         await reExportCommand(getProjectRoot(), patches, {
             ...pickDefined(rest),
+            ...(scanFile !== undefined && scanFile.length > 0 ? { scanFiles: scanFile } : {}),
             ...(tier !== undefined ? { tier: tier } : {}),
             ...(lintIgnore !== undefined && lintIgnore.length > 0 ? { lintIgnore } : {}),
         });

package/dist/src/commands/verify.js

@@ -16,6 +16,8 @@
  */
 import { join } from 'node:path';
 import { getProjectPaths, loadConfig } from '../core/config.js';
+import { isGitRepository } from '../core/git.js';
+import { expandUntrackedDirectoryEntries, getWorkingTreeStatus } from '../core/git-status.js';
 import { buildPatchQueueContext, lintPatchQueue } from '../core/patch-lint.js';
 import { loadPatchesManifest, validatePatchesManifestConsistency } from '../core/patch-manifest.js';
 import { evaluatePatchPolicy } from '../core/patch-policy.js';
@@ -100,6 +102,15 @@ function detectCrossPatchFileClaims(manifestPatches) {
     }
     return results;
 }
+async function detectUnownedWorktreeChanges(engineDir, claimedFiles) {
+    if (!(await pathExists(engineDir)) || !(await isGitRepository(engineDir))) {
+        return [];
+    }
+    const entries = await expandUntrackedDirectoryEntries(engineDir, await getWorkingTreeStatus(engineDir));
+    return [
+        ...new Set(entries.map((entry) => entry.file).filter((file) => !claimedFiles.has(file))),
+    ].sort();
+}
 /**
  * Collects the same queue-health findings reported by `fireforge verify`
  * without printing. Used by doctor recovery paths that need a read-only
@@ -177,6 +188,22 @@ export async function collectPatchQueueHealth(projectRoot) {
         warningCount += lintWarnings;
     }
     if (manifest) {
+        const claimedFiles = new Set();
+        for (const patch of manifest.patches) {
+            for (const file of patch.filesAffected) {
+                claimedFiles.add(file);
+            }
+        }
+        const unownedWorktreeChanges = await detectUnownedWorktreeChanges(paths.engine, claimedFiles);
+        if (unownedWorktreeChanges.length > 0) {
+            groups.push({
+                title: `Unowned worktree changes (${unownedWorktreeChanges.length})`,
+                issues: unownedWorktreeChanges.map((file) => `${file} is changed in engine/ but is not listed in any patch filesAffected entry`),
+                errorCount: 0,
+                warningCount: unownedWorktreeChanges.length,
+            });
+            warningCount += unownedWorktreeChanges.length;
+        }
         const registrationIssues = await detectDanglingRegistrations(paths.patches, paths.engine, manifest.patches);
         if (registrationIssues.length > 0) {
             groups.push({

package/dist/src/core/branding.js

@@ -54,6 +54,11 @@ export class BrandingMozconfigMismatchError extends FireForgeError {
     }
 }
 const MOZ_APP_VENDOR_IMPLY_REGEX = /imply_option\("MOZ_APP_VENDOR",\s*"[^"]*"\)/;
+const BRANDING_CONFIGURE_MANAGED_KEYS = new Set([
+    'MOZ_APP_DISPLAYNAME',
+    'MOZ_APP_VENDOR',
+    'MOZ_MACBUNDLE_ID',
+]);
 /**
  * Sets up the custom branding directory for the browser.
  *
@@ -91,16 +96,58 @@ export async function setupBranding(engineDir, config) {
  */
 async function createConfigureScript(brandingDir, config, vendorPlacement) {
     const configureShPath = join(brandingDir, 'configure.sh');
-    await writeTextIfChanged(configureShPath, buildConfigureScriptContent(config, vendorPlacement));
+    const existing = (await pathExists(configureShPath))
+        ? await readText(configureShPath)
+        : undefined;
+    await writeTextIfChanged(configureShPath, buildConfigureScriptContent(config, vendorPlacement, existing));
 }
-function buildConfigureScriptContent(config, vendorPlacement) {
+function buildConfigureScriptContent(config, vendorPlacement, existingContent) {
     const header = getLicenseHeader(config.license ?? DEFAULT_LICENSE, 'hash');
-    const lines = [`MOZ_APP_DISPLAYNAME="${escapeShellValue(config.name)}"`];
+    const managedLines = [`MOZ_APP_DISPLAYNAME="${escapeShellValue(config.name)}"`];
+    if (vendorPlacement === 'branding-configure') {
+        managedLines.push(`MOZ_APP_VENDOR="${escapeShellValue(config.vendor)}"`);
+    }
+    managedLines.push(`MOZ_MACBUNDLE_ID="${escapeShellValue(config.appId)}"`);
+    const preservedLines = existingContent ? extractPreservedConfigureLines(existingContent) : [];
+    const body = [...managedLines, ...preservedLines].join('\n');
+    return `${header}\n\n${body}\n`;
+}
+function extractPreservedConfigureLines(content) {
+    return content.split(/\r?\n/).filter((line) => {
+        const trimmed = line.trim();
+        if (trimmed.length === 0)
+            return false;
+        if (/^#\s*SPDX-License-Identifier:/i.test(trimmed))
+            return false;
+        const keyMatch = /^([A-Za-z_][A-Za-z0-9_]*)=/.exec(trimmed);
+        if (keyMatch && BRANDING_CONFIGURE_MANAGED_KEYS.has(keyMatch[1] ?? ''))
+            return false;
+        return true;
+    });
+}
+function parseConfigureAssignments(content) {
+    const assignments = new Map();
+    for (const line of content.split(/\r?\n/)) {
+        const match = /^([A-Za-z_][A-Za-z0-9_]*)=(.*)$/.exec(line.trim());
+        if (match?.[1] && match[2] !== undefined) {
+            assignments.set(match[1], match[2]);
+        }
+    }
+    return assignments;
+}
+function isConfigureScriptCurrent(content, config, vendorPlacement) {
+    const assignments = parseConfigureAssignments(content);
+    if (assignments.get('MOZ_APP_DISPLAYNAME') !== `"${escapeShellValue(config.name)}"`) {
+        return false;
+    }
+    if (assignments.get('MOZ_MACBUNDLE_ID') !== `"${escapeShellValue(config.appId)}"`) {
+        return false;
+    }
+    const vendorValue = assignments.get('MOZ_APP_VENDOR');
     if (vendorPlacement === 'branding-configure') {
-        lines.push(`MOZ_APP_VENDOR="${escapeShellValue(config.vendor)}"`);
+        return vendorValue === `"${escapeShellValue(config.vendor)}"`;
     }
-    lines.push(`MOZ_MACBUNDLE_ID="${escapeShellValue(config.appId)}"`);
-    return `${header}\n\n${lines.join('\n')}\n`;
+    return vendorValue === undefined;
 }
 /**
  * Updates the brand.properties localization file.
@@ -270,7 +317,7 @@ export async function isBrandingSetup(engineDir, config) {
     }
     const vendorPlacement = await resolveVendorPlacement(engineDir);
     const configureContent = await readText(configureShPath);
-    if (configureContent !== buildConfigureScriptContent(config, vendorPlacement)) {
+    if (!isConfigureScriptCurrent(configureContent, config, vendorPlacement)) {
         return false;
     }
     if (await pathExists(propsPath)) {

package/dist/src/core/furnace-registration-ast.js

@@ -81,6 +81,30 @@ function isInsideDOMContentLoaded(ancestors, content) {
     }
     return false;
 }
+function collectArrayDeclarations(ast) {
+    const arrays = new Map();
+    walkAST(ast, {
+        enter(node) {
+            if (node.type !== 'VariableDeclarator')
+                return;
+            const declarator = node;
+            if (declarator.id.type !== 'Identifier' || declarator.init?.type !== 'ArrayExpression') {
+                return;
+            }
+            arrays.set(declarator.id.name, declarator.init);
+        },
+    });
+    return arrays;
+}
+function resolveForOfArray(right, declaredArrays) {
+    if (right.type === 'ArrayExpression') {
+        return right;
+    }
+    if (right.type === 'Identifier') {
+        return declaredArrays.get(right.name);
+    }
+    return undefined;
+}
 function selectRegistrationTarget(targets, isESModule, tagName) {
     const target = isESModule
         ? targets.find((candidate) => candidate.insideDCL)
@@ -116,6 +140,7 @@ function buildRegistrationEntry(referenceEntry, tagName, modulePath, markerComme
 function addRegistrationAST(content, tagName, modulePath, isESModule, markerComment) {
     validateTagName(tagName);
     const ast = parseScript(content);
+    const declaredArrays = collectArrayDeclarations(ast);
     const ancestors = [];
     // Collect all ForOfStatement nodes with ArrayExpression rights
     const forOfs = [];
@@ -124,8 +149,8 @@ function addRegistrationAST(content, tagName, modulePath, isESModule, markerComm
             ancestors.push(node);
             if (node.type === 'ForOfStatement') {
                 const forOf = node;
-                if (forOf.right.type === 'ArrayExpression') {
-                    const array = forOf.right;
+                const array = resolveForOfArray(forOf.right, declaredArrays);
+                if (array) {
                     forOfs.push({
                         array,
                         insideDCL: isInsideDOMContentLoaded(ancestors, content),
@@ -262,6 +287,9 @@ function addRegistrationRegexFallback(content, tagName, modulePath, isESModule,
     const insertPos = firstMatch.index;
     return content.slice(0, insertPos) + newEntry + '\n' + content.slice(insertPos);
 }
+function hasRecognizableRegistrationLoop(content) {
+    return /for\s*\(\s*(?:let|const|var)\s*\[[^)]*\]\s+of\s+(?:\[|[A-Za-z_$][\w$]*)/.test(content);
+}
 /**
  * Adds a custom element registration entry to customElements.js.
  *
@@ -303,7 +331,7 @@ export async function addCustomElementRegistration(engineDir, tagName, modulePat
     // assumption is violated the AST path errors with a confusing
     // "Could not find DOMContentLoaded block" message — fail fast here with
     // actionable guidance instead.
-    if (!/for\s*\(\s*(?:let|const|var)\s*\[/.test(content)) {
+    if (!hasRecognizableRegistrationLoop(content)) {
         throw new FurnaceError(`${CUSTOM_ELEMENTS_JS} does not contain a recognizable registration loop; refusing to mutate. ` +
             'Run "fireforge reset --force" to restore the engine, or inspect the file manually.', tagName);
     }
@@ -359,7 +387,7 @@ export async function validateCustomElementRegistration(engineDir, tagName, modu
         return;
     }
     const isESModule = modulePath.endsWith('.mjs');
-    if (!/for\s*\(\s*(?:let|const|var)\s*\[/.test(content)) {
+    if (!hasRecognizableRegistrationLoop(content)) {
         throw new FurnaceError(`${CUSTOM_ELEMENTS_JS} does not contain a recognizable registration loop; refusing to mutate. ` +
             'Run "fireforge reset --force" to restore the engine, or inspect the file manually.', tagName);
     }

package/dist/src/core/furnace-registration-validate.js

@@ -42,11 +42,36 @@ export function validateRegistrationPlacement(result, tagName, isESModule) {
         return;
     const contentBeforeTag = result.slice(0, insertedPos);
     const hasDCLBefore = dclPattern.test(contentBeforeTag);
-    if (isESModule && !hasDCLBefore) {
+    if (isESModule && !hasDCLBefore && !isTagInArrayConsumedInsideDOMContentLoaded(result, tagName)) {
         throw new FurnaceError(`${tagName} was registered in the loadSubScript block (Pattern A) instead of the DOMContentLoaded/importESModule block (Pattern B). This will cause the component to fail at runtime. The customElements.js file structure may have changed upstream — manual intervention required.`, tagName);
     }
     if (!isESModule && hasDCLBefore) {
         throw new FurnaceError(`${tagName} was registered in the DOMContentLoaded/importESModule block (Pattern B) instead of the loadSubScript block (Pattern A). This will cause the component to fail at runtime. The customElements.js file structure may have changed upstream — manual intervention required.`, tagName);
     }
 }
+function isTagInArrayConsumedInsideDOMContentLoaded(content, tagName) {
+    const dclMatch = /document\.addEventListener\(\s*["']DOMContentLoaded["']/.exec(content);
+    if (!dclMatch)
+        return false;
+    const beforeDcl = content.slice(0, dclMatch.index);
+    const afterDcl = content.slice(dclMatch.index);
+    const consumedArrays = new Set();
+    const forOfPattern = /for\s*\(\s*(?:let|const|var)\s*\[[^)]*\]\s+of\s+([A-Za-z_$][\w$]*)\s*\)/g;
+    let match;
+    while ((match = forOfPattern.exec(afterDcl)) !== null) {
+        if (match[1])
+            consumedArrays.add(match[1]);
+    }
+    for (const arrayName of consumedArrays) {
+        const declarationPattern = new RegExp(`(?:const|let|var)\\s+${escapeRegex(arrayName)}\\s*=\\s*\\[([\\s\\S]*?)\\];`);
+        const declaration = declarationPattern.exec(beforeDcl);
+        if (declaration?.[1] && new RegExp(`["']${escapeRegex(tagName)}["']`).test(declaration[1])) {
+            return true;
+        }
+    }
+    return false;
+}
+function escapeRegex(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
 //# sourceMappingURL=furnace-registration-validate.js.map

package/dist/src/core/furnace-validate-registration.js

@@ -40,7 +40,8 @@ export async function validateRegistrationPatterns(root, config) {
         // Check if this tag is referenced before the DOMContentLoaded block
         const contentBeforeDCL = stripJsComments(content.slice(0, domContentLoadedIdx));
         const tagPattern = new RegExp(`"${name}"`);
-        if (tagPattern.test(contentBeforeDCL)) {
+        if (tagPattern.test(contentBeforeDCL) &&
+            !isArrayDeclaredBeforeDclAndConsumedInsideDcl(content, domContentLoadedIdx, name)) {
             issues.push({
                 component: name,
                 severity: 'error',
@@ -51,6 +52,28 @@ export async function validateRegistrationPatterns(root, config) {
     }
     return issues;
 }
+function isArrayDeclaredBeforeDclAndConsumedInsideDcl(content, domContentLoadedIdx, tagName) {
+    const contentBeforeDCL = stripJsComments(content.slice(0, domContentLoadedIdx));
+    const contentAfterDCL = stripJsComments(content.slice(domContentLoadedIdx));
+    const consumedArrays = new Set();
+    const forOfPattern = /for\s*\(\s*(?:let|const|var)\s*\[[^)]*\]\s+of\s+([A-Za-z_$][\w$]*)\s*\)/g;
+    let match;
+    while ((match = forOfPattern.exec(contentAfterDCL)) !== null) {
+        if (match[1])
+            consumedArrays.add(match[1]);
+    }
+    for (const arrayName of consumedArrays) {
+        const declarationPattern = new RegExp(`(?:const|let|var)\\s+${escapeRegex(arrayName)}\\s*=\\s*\\[([\\s\\S]*?)\\];`);
+        const declaration = declarationPattern.exec(contentBeforeDCL);
+        if (declaration?.[1] && new RegExp(`["']${escapeRegex(tagName)}["']`).test(declaration[1])) {
+            return true;
+        }
+    }
+    return false;
+}
+function escapeRegex(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
 /**
  * Checks registration consistency for a single custom component.
  *

package/dist/src/core/git.js

@@ -105,12 +105,8 @@ async function isPathIgnored(dir, relativePath) {
  * saw. The typed error carries the environment-variable override so the
  * operator can extend the budget and re-run.
  */
-async function stageAllFilesChunked(dir, options = {}) {
-    const entries = await readdir(dir, { withFileTypes: true });
-    const directories = entries
-        .filter((e) => e.isDirectory() && e.name !== '.git')
-        .map((e) => e.name)
-        .sort();
+async function stageAllFilesChunked(dir, scan, options = {}) {
+    const { directories, topLevelFiles: topLevelCandidates } = scan;
     async function runChunk(args, label) {
         try {
             await git(args, dir, {
@@ -126,29 +122,30 @@ async function stageAllFilesChunked(dir, options = {}) {
             throw error;
         }
     }
+    let stagedDirectories = 0;
     for (const dirName of directories) {
+        stagedDirectories++;
         if (await isPathIgnored(dir, dirName)) {
-            options.onProgress?.(`Skipping gitignored: ${dirName}/`);
+            options.onProgress?.(`Skipping gitignored directory ${stagedDirectories}/${directories.length}: ${dirName}/`);
             continue;
         }
-        options.onProgress?.(`Staging directory: ${dirName}/...`);
+        options.onProgress?.(`Staging directory ${stagedDirectories}/${directories.length}: ${dirName}/...`);
         await runChunk(['add', '--', dirName], dirName);
     }
     // Stage any top-level files (excluding gitignored ones — `git add`
     // on an explicit ignored path errors out, which would otherwise
     // abort the chunked fallback after the monolithic path has already
     // timed out).
-    const topLevelCandidates = entries.filter((e) => e.isFile()).map((e) => e.name);
     const topLevelFiles = [];
     for (const name of topLevelCandidates) {
         if (await isPathIgnored(dir, name)) {
-            options.onProgress?.(`Skipping gitignored: ${name}`);
+            options.onProgress?.(`Skipping gitignored top-level file: ${name}`);
             continue;
         }
         topLevelFiles.push(name);
     }
     if (topLevelFiles.length > 0) {
-        options.onProgress?.('Staging top-level files...');
+        options.onProgress?.(`Staging ${topLevelFiles.length} top-level file(s)...`);
         await runChunk(['add', '--', ...topLevelFiles], 'top-level files');
     }
 }
@@ -161,6 +158,19 @@ async function stageAllFilesChunked(dir, options = {}) {
  * SIGINT'd mid-way assuming the process had stalled.
  */
 const GIT_ADD_HEARTBEAT_MS = 15_000;
+async function scanTopLevelSource(dir) {
+    const entries = await readdir(dir, { withFileTypes: true });
+    return {
+        directories: entries
+            .filter((entry) => entry.isDirectory() && entry.name !== '.git')
+            .map((entry) => entry.name)
+            .sort(),
+        topLevelFiles: entries
+            .filter((entry) => entry.isFile())
+            .map((entry) => entry.name)
+            .sort(),
+    };
+}
 /**
  * Stages all files in the repository.
  * Tries a monolithic `git add -A` first; if that times out, falls back to
@@ -169,6 +179,9 @@ const GIT_ADD_HEARTBEAT_MS = 15_000;
 export async function stageAllFiles(dir, options = {}) {
     const timeout = options.timeout ?? GIT_ADD_TIMEOUT_MS;
     const reportProgress = options.onProgress;
+    reportProgress?.('Scanning Firefox source tree before indexing...');
+    const scan = await scanTopLevelSource(dir);
+    reportProgress?.(`Source scan complete: ${scan.directories.length} top-level director${scan.directories.length === 1 ? 'y' : 'ies'}, ${scan.topLevelFiles.length} top-level file${scan.topLevelFiles.length === 1 ? '' : 's'}`);
     // 2026-04-26 eval Finding 5: the pre-fix heartbeat used a single
     // `heartbeatStartedAt` set at function entry and reported cumulative
     // elapsed for the whole `stageAllFiles` invocation. After a
@@ -191,7 +204,9 @@ export async function stageAllFiles(dir, options = {}) {
     heartbeatTimer?.unref();
     try {
         try {
+            reportProgress?.(`Starting monolithic git add -A for ${scan.directories.length} director${scan.directories.length === 1 ? 'y' : 'ies'} and ${scan.topLevelFiles.length} top-level file${scan.topLevelFiles.length === 1 ? '' : 's'}...`);
             await git(['add', '-A'], dir, { timeout, env: GIT_ADD_ENV });
+            reportProgress?.('Monolithic git add -A completed.');
             return;
         }
         catch (error) {
@@ -215,7 +230,7 @@ export async function stageAllFiles(dir, options = {}) {
         phase = 'chunked';
         phaseStartedAt = Date.now();
         try {
-            await stageAllFilesChunked(dir, options);
+            await stageAllFilesChunked(dir, scan, options);
         }
         catch (error) {
             if (error instanceof GitIndexingTimeoutError)

package/dist/src/core/status-classify.js

@@ -25,6 +25,14 @@ function getPrimaryStatusCode(status) {
     }
     return status;
 }
+function isGeneratedBrandingPath(file, binaryName) {
+    const normalized = file.replace(/\\/g, '/');
+    const brandingRoot = `browser/branding/${binaryName}`;
+    return (normalized === 'browser/moz.configure' ||
+        normalized === `${brandingRoot}/configure.sh` ||
+        normalized === `${brandingRoot}/locales/en-US/brand.properties` ||
+        normalized === `${brandingRoot}/locales/en-US/brand.ftl`);
+}
 /**
  * Classifies files into patch-backed, unmanaged, branding, furnace, or
  * conflict buckets.
@@ -63,8 +71,17 @@ export async function classifyFiles(files, engineDir, patchesDir, binaryName, fu
     }
     const results = [];
     for (const entry of files) {
-        // Branding check first
-        if (isBrandingManagedPath(entry.file, binaryName)) {
+        const owners = patchClaims.get(entry.file);
+        const primaryCode = getPrimaryStatusCode(entry.status);
+        // Branding paths are tool-managed for generated edits, but a brand-new
+        // unowned branding asset must not disappear from `status --unmanaged`.
+        // The Hominis Firefox 152 side-grade added Assets.car under the active
+        // branding tree; classifying every branding path before checking
+        // ownership hid that new patch candidate as "branding" even though no
+        // patch claimed it yet.
+        const isUnownedNewFile = owners === undefined && (primaryCode === '?' || primaryCode === 'A');
+        if (isBrandingManagedPath(entry.file, binaryName) &&
+            (!isUnownedNewFile || isGeneratedBrandingPath(entry.file, binaryName))) {
             results.push({ ...entry, classification: 'branding' });
             continue;
         }
@@ -82,7 +99,6 @@ export async function classifyFiles(files, engineDir, patchesDir, binaryName, fu
                 continue;
             }
         }
-        const owners = patchClaims.get(entry.file);
         // Multiple patches claim this file — surface the cross-patch
         // ownership conflict regardless of whether the current content
         // matches any single claim. `--ownership` reports the same state
@@ -102,7 +118,6 @@ export async function classifyFiles(files, engineDir, patchesDir, binaryName, fu
             continue;
         }
         // File is claimed by exactly one patch — compare content.
-        const primaryCode = getPrimaryStatusCode(entry.status);
         if (primaryCode === 'D') {
             // Deleted file: patch-backed only if patch expects deletion
             const expected = await computePatchedContent(patchesDir, engineDir, entry.file);

package/dist/src/types/commands/options.d.ts

@@ -164,6 +164,12 @@ export interface ReExportOptions {
     all?: boolean;
     /** Scan directories for new/removed files and update filesAffected */
     scan?: boolean;
+    /**
+     * Explicit engine-relative files to add while scanning. Unlike broad
+     * `--scan`, this does not collect adjacent files from the same directory.
+     * Requires `--scan` and exactly one target patch.
+     */
+    scanFiles?: string[];
     /**
      * Restrict the re-exported patch's filesAffected to this explicit list.
      * Files currently in the patch but not in this list are dropped (shrink);
@@ -178,6 +184,12 @@ export interface ReExportOptions {
     skipLint?: boolean;
     /** Skip confirmation prompt on shrink (required for non-TTY) */
     yes?: boolean;
+    /**
+     * Explicitly allow `--files` to remove paths that are currently owned by
+     * the patch. Without this acknowledgement, non-dry-run shrinks are refused
+     * before the interactive/`--yes` confirmation path.
+     */
+    allowShrink?: boolean;
     /** Bypass cross-patch lint refusal on projected shrink state */
     forceUnsafe?: boolean;
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hominis/fireforge",
-  "version": "0.25.0",
+  "version": "0.27.0",
   "description": "FireForge — a build tool for customizing Firefox",
   "type": "module",
   "main": "./dist/src/index.js",
@@ -29,13 +29,14 @@
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage && node ./scripts/check-coverage-thresholds.mjs",
     "test:firefox-full": "node ./scripts/run-full-firefox-integration.mjs",
+    "whitespace:check": "node ./scripts/check-worktree-whitespace.mjs",
     "pack:verify": "vitest run src/__tests__/wrapper-smoke.test.ts",
     "pack:dry-run": "npm pack --dry-run --json --silent",
     "format": "prettier --write --ignore-unknown \"src/**/*.ts\" \"bin/**/*.ts\" \"scripts/**/*.mjs\" \"package.json\" \"eslint.config.js\" \"vitest.config.ts\" \"tsconfig.json\" \"tsconfig.build.json\" \".lintstagedrc.json\" \".prettierignore\" \".prettierrc\" \".gitignore\" \"README.md\" \"CHANGELOG.md\"",
     "format:check": "prettier --check --ignore-unknown \"src/**/*.ts\" \"bin/**/*.ts\" \"scripts/**/*.mjs\" \"package.json\" \"eslint.config.js\" \"vitest.config.ts\" \"tsconfig.json\" \"tsconfig.build.json\" \".lintstagedrc.json\" \".prettierignore\" \".prettierrc\" \".gitignore\" \"README.md\" \"CHANGELOG.md\"",
     "prepare": "node -e \"import('./scripts/prepare.mjs').catch((error) => { if (error && typeof error === 'object' && 'code' in error && error.code === 'ERR_MODULE_NOT_FOUND') process.exit(0); throw error; })\"",
     "prepack": "npm run build",
-    "release:check": "npm run format:check && npm run lint:ci && npm run typecheck && npm run test:coverage && npm run pack:verify && npm run pack:dry-run",
+    "release:check": "npm run format:check && npm run whitespace:check && npm run lint:ci && npm run typecheck && npm run test:coverage && npm run pack:verify && npm run pack:dry-run",
     "prepublishOnly": "npm run release:check"
   },
   "files": [
@@ -52,7 +53,7 @@
   "dependencies": {
     "@clack/prompts": "^1.2.0",
     "acorn": "^8.14.0",
-    "commander": "^14.0.0",
+    "commander": "^15.0.0",
     "estree-walker": "^3.0.3",
     "magic-string": "^0.30.17",
     "picocolors": "^1.1.0"