@hominis/fireforge 0.26.0 → 0.27.1

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 0.27.0
+
+- Added first-class `firefox-devedition` source support and atomic `fireforge source set`.
+- Improved `download --force` git indexing progress with phase, count, and heartbeat output.
+- Added elapsed progress for extraction, initial source commits, and rebase/re-export patch refreshes.
+- Added `re-export --files --allow-shrink` so patch ownership shrinkage is refused unless explicitly acknowledged, with clearer dry-run previews.
+- Surfaced likely new sibling files during plain re-export and aligned verify/status ownership reporting for unowned worktree changes.
+- Preserved patch-owned branding `configure.sh` settings during build preflight.
+- Added custom element registration support for Furnace validate/apply and Firefox 152-style array-backed ESM registrations.
+- Normalized generated patch artifacts so blank context lines do not trip raw whitespace checks.
+- Improved rebase conflict summaries and added `doctor --post-rebase-audit` for common registration surfaces.
+
 ## 0.26.0
 
 - Added targeted `re-export --scan --scan-file <path>` for reviewed single-patch new-file assignment without broad sibling collection.

package/README.md

@@ -68,7 +68,7 @@ Use `fireforge --help` for the full set of commands.
 When Mozilla publishes a new ESR you need to update the configured Firefox version, download the new source code and reapply the patches:
 
 ```bash
-npx fireforge config firefox.version 145.0.0esr
+npx fireforge source set --version 145.0.0esr --product firefox-esr --sha256 <archive-sha256>
 npx fireforge download --force
 npx fireforge rebase
 ```

package/dist/src/commands/doctor/post-rebase-audit.d.ts

@@ -0,0 +1,2 @@
+import type { DoctorCheckDefinition } from '../doctor-check-core.js';
+export declare const POST_REBASE_AUDIT_CHECK: DoctorCheckDefinition;

package/dist/src/commands/doctor/post-rebase-audit.js

@@ -0,0 +1,86 @@
+// SPDX-License-Identifier: EUPL-1.2
+import { readdir } from 'node:fs/promises';
+import { join } from 'node:path';
+import { pathExists, readText } from '../../utils/fs.js';
+import { ok, warning } from '../doctor-check-core.js';
+async function readEngineText(engineDir, relativePath) {
+    const fullPath = join(engineDir, relativePath);
+    if (!(await pathExists(fullPath)))
+        return null;
+    return readText(fullPath);
+}
+async function collectBrowserTomlFiles(root) {
+    const testRoot = join(root, 'browser/base/content/test');
+    if (!(await pathExists(testRoot)))
+        return [];
+    const result = [];
+    async function walk(absDir, relDir) {
+        let entries;
+        try {
+            entries = await readdir(absDir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            const relPath = relDir ? `${relDir}/${entry.name}` : entry.name;
+            const absPath = join(absDir, entry.name);
+            if (entry.isDirectory()) {
+                await walk(absPath, relPath);
+            }
+            else if (entry.isFile() && entry.name === 'browser.toml') {
+                result.push(`browser/base/content/test/${relPath}`);
+            }
+        }
+    }
+    await walk(testRoot, '');
+    return result.sort();
+}
+async function runPostRebaseAudit(ctx) {
+    const issues = [];
+    const engineDir = ctx.paths.engine;
+    const mozConfigure = await readEngineText(engineDir, 'browser/moz.configure');
+    if (mozConfigure === null) {
+        issues.push('browser/moz.configure is missing');
+    }
+    else if (!mozConfigure.includes('BROWSER_CHROME_URL')) {
+        issues.push('browser/moz.configure does not mention BROWSER_CHROME_URL');
+    }
+    const browserJar = await readEngineText(engineDir, 'browser/base/jar.mn');
+    if (browserJar === null) {
+        issues.push('browser/base/jar.mn is missing');
+    }
+    else if (!/\.xhtml\b/.test(browserJar)) {
+        issues.push('browser/base/jar.mn has no chrome document .xhtml entries');
+    }
+    const customElements = await readEngineText(engineDir, 'toolkit/content/customElements.js');
+    if (customElements === null) {
+        issues.push('toolkit/content/customElements.js is missing');
+    }
+    else if (!customElements.includes('customElements')) {
+        issues.push('toolkit/content/customElements.js does not contain customElements registrations');
+    }
+    const toolkitJar = await readEngineText(engineDir, 'toolkit/content/jar.mn');
+    if (toolkitJar === null) {
+        issues.push('toolkit/content/jar.mn is missing');
+    }
+    else if (!toolkitJar.includes('content/global/widgets/') &&
+        !toolkitJar.includes('content/global/elements/')) {
+        issues.push('toolkit/content/jar.mn has no widget/element exposure entries');
+    }
+    const browserTomls = await collectBrowserTomlFiles(engineDir);
+    if (browserTomls.length === 0) {
+        issues.push('no browser.toml files found under browser/base/content/test');
+    }
+    if (issues.length === 0) {
+        return ok('Post-rebase registration audit');
+    }
+    return warning('Post-rebase registration audit', `${issues.length} suspicious registration surface${issues.length === 1 ? '' : 's'}: ${issues.join('; ')}.`, 'Inspect the named engine paths, refresh any drifted registration patches, then re-run "fireforge doctor --post-rebase-audit".');
+}
+export const POST_REBASE_AUDIT_CHECK = {
+    name: 'Post-rebase registration audit',
+    skipIf: (ctx) => !ctx.options.postRebaseAudit || !ctx.engineExists,
+    dependsOn: ['fireforge.json is valid'],
+    run: runPostRebaseAudit,
+};
+//# sourceMappingURL=post-rebase-audit.js.map

package/dist/src/commands/doctor.js

@@ -10,6 +10,7 @@ import { toError } from '../utils/errors.js';
 import { pathExists } from '../utils/fs.js';
 import { error, info, intro, outro, success, warn } from '../utils/logger.js';
 import { findExecutable } from '../utils/process.js';
+import { POST_REBASE_AUDIT_CHECK } from './doctor/post-rebase-audit.js';
 import { failure, ok, warning } from './doctor-check-core.js';
 import { FURNACE_DOCTOR_CHECKS } from './doctor-furnace.js';
 import { inspectEngineWorkingTree } from './doctor-working-tree.js';
@@ -358,6 +359,7 @@ const DOCTOR_CHECKS = [
         },
         fix: 'Re-export affected files with "fireforge export <paths...>" to create full-file patches',
     },
+    POST_REBASE_AUDIT_CHECK,
     // Furnace checks live in a sibling module so this file stays under the
     // max-lines threshold. Splicing them in as an array preserves the
     // declarative registry contract — each entry remains a single
@@ -466,6 +468,7 @@ export function registerDoctor(program, { getProjectRoot, withErrorHandling }) {
         .option('--repair-patches-manifest', 'Rebuild patches/patches.json from the current patch files before reporting results')
         .option('--repair-furnace', 'Reconcile furnace state: clear stale furnace-state.json entries, re-run furnace apply to fix engine drift, and clear the pending-repair marker set by a failed preview teardown')
         .option('--clear-resolution', 'Clear stale pendingResolution state after the patch queue health check reports no errors')
+        .option('--post-rebase-audit', 'Check common registration surfaces after a Firefox source rebase')
         .action(withErrorHandling(async (options) => {
         const result = await doctorCommand(getProjectRoot(), options);
         if (result.exitCode !== 0) {

package/dist/src/commands/download.js

@@ -249,7 +249,10 @@ export async function downloadCommand(projectRoot, options) {
                     phaseState.value = 'extract';
                     s = spinner(`Extracting Firefox ${version}... (decompressing ~600 MB of source; typically 30–90s)`);
                 }
-            }, config.firefox.sha256);
+            }, config.firefox.sha256, (message) => {
+                if (phaseState.value === 'extract')
+                    s.message(message);
+            });
             if (phaseState.value === 'extract') {
                 s.stop(`Firefox ${version} extracted`);
             }

package/dist/src/commands/manifest.js

@@ -18,6 +18,7 @@ import { registerReset } from './reset.js';
 import { registerResolve } from './resolve.js';
 import { registerRun } from './run.js';
 import { registerSetup } from './setup.js';
+import { registerSource } from './source.js';
 import { registerStatus } from './status.js';
 import { registerTest } from './test.js';
 import { registerToken } from './token.js';
@@ -31,6 +32,7 @@ import { registerWire } from './wire.js';
  */
 export const COMMAND_MANIFEST = [
     { name: 'setup', group: 'project', register: registerSetup },
+    { name: 'source', group: 'project', register: registerSource },
     { name: 'download', group: 'engine', register: registerDownload },
     { name: 'bootstrap', group: 'engine', register: registerBootstrap },
     { name: 'import', group: 'workflow', register: registerImport },

package/dist/src/commands/re-export-files.js

@@ -92,6 +92,41 @@ function buildFilesModeMetadataUpdates(actualProjectedFiles, options, effectiveL
     }
     return updates;
 }
+async function confirmFilesModeProjection(args) {
+    const { target, retained, removed, added, actualProjectedFiles, missingFiles, options, conflicts, } = args;
+    const isDryRun = options.dryRun === true;
+    const summary = [
+        `re-export ${target.filename} with --files scope`,
+        `current files (${target.filesAffected.length}): ${target.filesAffected.join(', ') || '(none)'}`,
+        `retained files (${retained.length}): ${retained.join(', ') || '(none)'}`,
+        `projected files (${actualProjectedFiles.length}): ${actualProjectedFiles.join(', ') || '(none)'}`,
+    ];
+    if (removed.length > 0) {
+        summary.push(`removed files (${removed.length}; become unmanaged): ${removed.join(', ')}`);
+    }
+    if (added.length > 0) {
+        summary.push(`newly included files (${added.length}): ${added.join(', ')}`);
+    }
+    if (missingFiles.length > 0) {
+        summary.push(`missing on disk (will be dropped): ${missingFiles.join(', ')}`);
+    }
+    if (!isDryRun && removed.length > 0 && options.allowShrink !== true) {
+        warn(`Refusing to shrink ${target.filename} without --allow-shrink.`);
+        for (const line of summary) {
+            info(`  ${line}`);
+        }
+        throw new InvalidArgumentError(`Refusing to re-export ${target.filename} with --files because it would remove ${removed.length} existing patch-owned file${removed.length === 1 ? '' : 's'}. Run again with --allow-shrink after reviewing the dry-run output.`, '--allow-shrink');
+    }
+    return confirmDestructive({
+        operation: 're-export-files',
+        title: `Re-export ${target.filename} with --files`,
+        summary,
+        yes: removed.length === 0 && missingFiles.length === 0 ? true : options.yes === true,
+        dryRun: isDryRun,
+        unsafeOverride: options.forceUnsafe === true,
+        conflicts,
+    });
+}
 /**
  * Handles `re-export --files` end-to-end: computes the projected diff,
  * runs the per-patch and cross-patch lint against a context in which the
@@ -106,7 +141,6 @@ function buildFilesModeMetadataUpdates(actualProjectedFiles, options, effectiveL
  * of the projected state.
  */
 export async function reExportFilesInPlace(paths, selectedPatches, options, config) {
-    const isDryRun = options.dryRun === true;
     const target = selectedPatches[0];
     if (!target) {
         throw new InvalidArgumentError('--files requires a target patch.', '--files');
@@ -118,6 +152,7 @@ export async function reExportFilesInPlace(paths, selectedPatches, options, conf
     const requested = [...new Set(filesOption)].sort();
     const removed = target.filesAffected.filter((f) => !requested.includes(f));
     const added = requested.filter((f) => !target.filesAffected.includes(f));
+    const retained = target.filesAffected.filter((f) => requested.includes(f));
     // Filter out paths that no longer exist on disk; we cannot include
     // them in the new diff because getDiffForFilesAgainstHead would fail.
     // Missing files are still dropped from the manifest so the resulting
@@ -175,31 +210,14 @@ export async function reExportFilesInPlace(paths, selectedPatches, options, conf
             forceUnsafe: options.forceUnsafe === true,
         });
     }
-    // Shrinks are destructive (previously-owned files become unmanaged), so
-    // they keep the explicit confirmation gate. Additive-only scopes are safe
-    // to run non-interactively after lint/policy projection because no existing
-    // patch ownership is being dropped.
-    const summary = [
-        `re-export ${target.filename} with --files scope`,
-        `current files (${target.filesAffected.length}): ${target.filesAffected.join(', ') || '(none)'}`,
-        `new files (${actualProjectedFiles.length}): ${actualProjectedFiles.join(', ') || '(none)'}`,
-    ];
-    if (removed.length > 0) {
-        summary.push(`would drop (become unmanaged): ${removed.join(', ')}`);
-    }
-    if (added.length > 0) {
-        summary.push(`would add: ${added.join(', ')}`);
-    }
-    if (missingFiles.length > 0) {
-        summary.push(`missing on disk (will be dropped): ${missingFiles.join(', ')}`);
-    }
-    const decision = await confirmDestructive({
-        operation: 're-export-files',
-        title: `Re-export ${target.filename} with --files`,
-        summary,
-        yes: removed.length === 0 && missingFiles.length === 0 ? true : options.yes === true,
-        dryRun: isDryRun,
-        unsafeOverride: options.forceUnsafe === true,
+    const decision = await confirmFilesModeProjection({
+        target,
+        retained,
+        removed,
+        added,
+        actualProjectedFiles,
+        missingFiles,
+        options,
         conflicts,
     });
     if (decision === 'cancelled') {

package/dist/src/commands/re-export.js

@@ -1,14 +1,16 @@
 // SPDX-License-Identifier: EUPL-1.2
-import { join } from 'node:path';
+import { dirname, join } from 'node:path';
 import { multiselect } from '@clack/prompts';
 import { Option } from 'commander';
 import { getProjectPaths, loadConfig } from '../core/config.js';
 import { isGitRepository } from '../core/git.js';
 import { getDiffForFilesAgainstHead } from '../core/git-diff.js';
+import { getModifiedFilesInDir, getUntrackedFilesInDir } from '../core/git-status.js';
 import { updatePatchAndMetadata } from '../core/patch-export.js';
-import { loadPatchesManifest, resolvePatchIdentifier, stampPatchVersions, } from '../core/patch-manifest.js';
+import { getClaimedFiles, loadPatchesManifest, resolvePatchIdentifier, stampPatchVersions, } from '../core/patch-manifest.js';
 import { buildProjectedManifest, enforcePatchPolicy } from '../core/patch-policy.js';
 import { GeneralError, InvalidArgumentError } from '../errors/base.js';
+import { elapsedSince } from '../utils/elapsed.js';
 import { toError } from '../utils/errors.js';
 import { pathExists } from '../utils/fs.js';
 import { cancel, info, intro, isCancel, outro, spinner, success, warn } from '../utils/logger.js';
@@ -24,6 +26,49 @@ async function findMissingFiles(engineDir, files) {
     }
     return missingFiles;
 }
+async function findLikelyNewSiblingFiles(args) {
+    const { currentFilesAffected, engineDir, manifest, patchFilename } = args;
+    const parentDirs = [...new Set(currentFilesAffected.map((file) => dirname(file)))];
+    const currentSet = new Set(currentFilesAffected);
+    const claimedByOthers = getClaimedFiles(manifest, patchFilename);
+    const candidates = new Set();
+    for (const dir of parentDirs) {
+        const [modifiedFiles, untrackedFiles] = await Promise.all([
+            getModifiedFilesInDir(engineDir, dir),
+            getUntrackedFilesInDir(engineDir, dir),
+        ]);
+        for (const file of [...modifiedFiles, ...untrackedFiles]) {
+            if (currentSet.has(file) || claimedByOthers.has(file))
+                continue;
+            candidates.add(file);
+        }
+    }
+    return [...candidates].sort();
+}
+async function warnPlainReExportFileDrift(args) {
+    const { patch, paths, manifest, currentFilesAffected } = args;
+    const missingFiles = await findMissingFiles(paths.engine, currentFilesAffected);
+    if (missingFiles.length > 0) {
+        warn(`${patch.filename}: some files in patches.json no longer exist on disk ` +
+            `(${missingFiles.join(', ')}). Without --scan, re-export keeps the manifest's ` +
+            `filesAffected unchanged and the missing entries will be preserved — ` +
+            `\`fireforge verify\` may flag manifest inconsistency after this run.\n` +
+            `  Re-run with --scan to reconcile filesAffected with the current worktree, ` +
+            `or pass --files <paths> to set the list explicitly.`);
+    }
+    const likelyNewFiles = await findLikelyNewSiblingFiles({
+        currentFilesAffected,
+        engineDir: paths.engine,
+        manifest,
+        patchFilename: patch.filename,
+    });
+    if (likelyNewFiles.length === 0)
+        return;
+    warn(`${patch.filename}: found ${likelyNewFiles.length} unowned changed sibling file${likelyNewFiles.length === 1 ? '' : 's'} near this patch. Plain re-export keeps filesAffected unchanged; add reviewed files explicitly with --scan-file.`);
+    for (const file of likelyNewFiles) {
+        info(`  ${file} — fireforge re-export ${patch.filename} --scan --scan-file ${file}`);
+    }
+}
 async function reExportSinglePatch(patch, paths, manifest, options, isDryRun, config) {
     let currentFilesAffected = [...patch.filesAffected];
     // --- Scan for new/removed files ---
@@ -61,15 +106,7 @@ async function reExportSinglePatch(patch, paths, manifest, options, isDryRun, co
         // warning up-front when we can detect the drift cheaply, so the
         // operator has a chance to re-run with `--scan` or `--files`
         // before the stale filesAffected lands in patches.json.
-        const missingFiles = await findMissingFiles(paths.engine, currentFilesAffected);
-        if (missingFiles.length > 0) {
-            warn(`${patch.filename}: some files in patches.json no longer exist on disk ` +
-                `(${missingFiles.join(', ')}). Without --scan, re-export keeps the manifest's ` +
-                `filesAffected unchanged and the missing entries will be preserved — ` +
-                `\`fireforge verify\` may flag manifest inconsistency after this run.\n` +
-                `  Re-run with --scan to reconcile filesAffected with the current worktree, ` +
-                `or pass --files <paths> to set the list explicitly.`);
-        }
+        await warnPlainReExportFileDrift({ patch, paths, manifest, currentFilesAffected });
     }
     // --- Explicit file-subset path ---
     // When --files is given, the target filesAffected is authoritative — drop
@@ -305,8 +342,9 @@ export async function reExportCommand(projectRoot, patches, options) {
     let reExported = 0;
     const reExportedFilenames = [];
     const progress = spinner('Preparing re-export...');
-    for (const patch of selectedPatches) {
-        progress.message(`Re-exporting ${patch.filename}...`);
+    const startedAt = Date.now();
+    for (const [index, patch] of selectedPatches.entries()) {
+        progress.message(`Re-exporting ${index + 1}/${selectedPatches.length}: ${patch.filename} (${patch.filesAffected.length} file(s), ${elapsedSince(startedAt)} elapsed)...`);
         try {
             const exported = await reExportSinglePatch(patch, paths, manifest, options, isDryRun, config);
             if (exported) {
@@ -370,7 +408,8 @@ export function registerReExport(program, { getProjectRoot, withErrorHandling })
         .filter((v) => v.length > 0))
         .option('--dry-run', 'Show what would change without writing')
         .option('--skip-lint', 'Skip patch lint checks (downgrade errors to warnings)')
-        .option('-y, --yes', 'Skip confirmation when --files shrinks a patch (required for non-TTY)')
+        .option('--allow-shrink', 'Allow --files to remove paths currently owned by the patch. Required before --yes can bypass the shrink confirmation.')
+        .option('-y, --yes', 'Skip confirmation prompts (required for non-TTY destructive writes)')
         .option('--force-unsafe', 'Bypass cross-patch lint refusal when --files shrinks a patch')
         .option('--stamp', "After every selected patch refreshes cleanly, stamp each re-exported patch's sourceEsrVersion in patches.json to firefox.version from fireforge.json. No effect on a partial run.")
         .addOption(new Option('--tier <tier>', 'Force a tier override on the selected patch (only "branding" recognised). Mutually exclusive with --all.').choices(['branding']))

package/dist/src/commands/rebase/conflict-summary.d.ts

@@ -0,0 +1,12 @@
+export interface RebaseConflictSummary {
+    patchFilename: string;
+    failedFiles: string[];
+    category: string;
+    nextCommands: string[];
+}
+/** Builds a concise operator-facing summary for a failed rebase patch. */
+export declare function buildRebaseConflictSummary(args: {
+    patchFilename: string;
+    error?: string;
+    rejectFiles?: string[];
+}): RebaseConflictSummary;

package/dist/src/commands/rebase/conflict-summary.js

@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: EUPL-1.2
+import { extractConflictingFiles } from '../../core/patch-parse.js';
+function normalizeRejectFile(file) {
+    return file.replace(/\.rej$/, '');
+}
+function classifyConflict(files) {
+    if (files.some((file) => file.endsWith('toolkit/content/customElements.js'))) {
+        return 'registration context drift';
+    }
+    if (files.some((file) => file.endsWith('jar.mn') ||
+        file.endsWith('moz.build') ||
+        file.endsWith('browser.toml') ||
+        file.endsWith('browser/moz.configure'))) {
+        return 'manifest context drift';
+    }
+    return 'patch context drift';
+}
+/** Builds a concise operator-facing summary for a failed rebase patch. */
+export function buildRebaseConflictSummary(args) {
+    const failedFiles = [
+        ...new Set([
+            ...extractConflictingFiles(args.error),
+            ...(args.rejectFiles ?? []).map(normalizeRejectFile),
+        ]),
+    ].sort();
+    return {
+        patchFilename: args.patchFilename,
+        failedFiles,
+        category: classifyConflict(failedFiles),
+        nextCommands: [
+            "find engine -name '*.rej'",
+            'edit the affected engine/ files',
+            'fireforge rebase --continue',
+            'fireforge rebase --abort',
+        ],
+    };
+}
+//# sourceMappingURL=conflict-summary.js.map

package/dist/src/commands/rebase/patch-loop.js

@@ -15,9 +15,11 @@ import { extractConflictingFiles } from '../../core/patch-parse.js';
 import { clearRebaseSession, saveRebaseSession } from '../../core/rebase-session.js';
 import { runInSignalCriticalSection } from '../../core/signal-critical.js';
 import { RebaseError } from '../../errors/rebase.js';
+import { elapsedSince } from '../../utils/elapsed.js';
 import { toError } from '../../utils/errors.js';
 import { pathExists } from '../../utils/fs.js';
 import { error, info, outro, spinner, success, warn } from '../../utils/logger.js';
+import { buildRebaseConflictSummary } from './conflict-summary.js';
 import { printSummary } from './summary.js';
 /**
  * Runs the patch application loop, re-exports applied patches, and stamps versions.
@@ -37,7 +39,7 @@ export async function runPatchLoop(projectRoot, session, paths, maxFuzz) {
             await saveRebaseSession(projectRoot, session);
             continue;
         }
-        s.message(`Applying ${entry.filename}...`);
+        s.message(`Applying ${i + 1}/${session.patches.length}: ${entry.filename}...`);
         // Apply + session persist is wrapped in a signal-deferred critical
         // section so a SIGINT / SIGTERM between the filesystem mutation and
         // the session-file update is held until the bookkeeping write lands.
@@ -90,8 +92,24 @@ export async function runPatchLoop(projectRoot, session, paths, maxFuzz) {
                 },
             }));
             s.error(`${entry.filename} failed to apply`);
+            const summary = buildRebaseConflictSummary({
+                patchFilename: entry.filename,
+                ...(result.error !== undefined ? { error: result.error } : {}),
+                ...(result.rejectFiles !== undefined ? { rejectFiles: result.rejectFiles } : {}),
+            });
+            warn(`Conflict summary for ${summary.patchFilename}: ${summary.category}`);
+            if (summary.failedFiles.length > 0) {
+                warn(`  Failed files: ${summary.failedFiles.join(', ')}`);
+            }
+            else {
+                warn('  Failed files: not detected from git output');
+            }
+            info('  Suggested next commands:');
+            for (const command of summary.nextCommands) {
+                info(`    ${command}`);
+            }
             if (result.error) {
-                error(`  Error: ${result.error}`);
+                error(`  Raw apply detail: ${result.error}`);
             }
             if (result.rejectFiles && result.rejectFiles.length > 0) {
                 info(`  .rej files created for manual resolution`);
@@ -167,19 +185,19 @@ async function reExportAppliedPatches(session, paths) {
     if (!manifest)
         return failures;
     const s = spinner('Re-exporting patches...');
-    for (const entry of session.patches) {
-        if (entry.status !== 'applied-clean' && entry.status !== 'applied-fuzz')
-            continue;
+    const reExportable = session.patches.filter((entry) => entry.status === 'applied-clean' || entry.status === 'applied-fuzz');
+    const startedAt = Date.now();
+    for (const [index, entry] of reExportable.entries()) {
         const meta = manifest.patches.find((p) => p.filename === entry.filename);
         if (!meta)
             continue;
-        s.message(`Re-exporting ${entry.filename}...`);
         const existingFiles = [];
         for (const f of meta.filesAffected) {
             if (await pathExists(join(paths.engine, f))) {
                 existingFiles.push(f);
             }
         }
+        s.message(`Re-exporting ${index + 1}/${reExportable.length}: ${entry.filename} (${existingFiles.length}/${meta.filesAffected.length} file(s), ${elapsedSince(startedAt)} elapsed)...`);
         try {
             const diffContent = await getDiffForFilesAgainstHead(paths.engine, existingFiles);
             if (diffContent.trim()) {

package/dist/src/commands/setup-support.js

@@ -19,10 +19,13 @@ function renderLicenseTemplate(license, template, vendor, now = new Date()) {
     return template.replace(/\[year\]/g, String(now.getFullYear())).replace(/\[fullname\]/g, vendor);
 }
 function resolveFirefoxProduct(value, field) {
-    if (value === 'firefox' || value === 'firefox-esr' || value === 'firefox-beta') {
+    if (value === 'firefox' ||
+        value === 'firefox-esr' ||
+        value === 'firefox-beta' ||
+        value === 'firefox-devedition') {
         return value;
     }
-    throw new InvalidArgumentError('Invalid product (use: firefox, firefox-esr, firefox-beta)', field);
+    throw new InvalidArgumentError('Invalid product (use: firefox, firefox-esr, firefox-beta, firefox-devedition)', field);
 }
 function resolveProjectLicense(value, field) {
     if (typeof value === 'string' && isValidProjectLicense(value)) {
@@ -153,6 +156,7 @@ async function promptSetupInputs(options) {
                     { value: 'firefox', label: 'Firefox (stable releases)' },
                     { value: 'firefox-esr', label: 'Firefox ESR (extended support)' },
                     { value: 'firefox-beta', label: 'Firefox Beta (pre-release)' },
+                    { value: 'firefox-devedition', label: 'Firefox Developer Edition' },
                 ],
             });
         },

package/dist/src/commands/setup.js

@@ -71,6 +71,7 @@ export function registerSetup(program, { withErrorHandling }) {
         'firefox',
         'firefox-esr',
         'firefox-beta',
+        'firefox-devedition',
     ]))
         .addOption(new Option('--license <license>', 'Project license').choices([...PROJECT_LICENSES]))
         .option('-f, --force', 'Overwrite existing configuration without prompting')

package/dist/src/commands/source.d.ts

@@ -0,0 +1,9 @@
+import { Command } from 'commander';
+import type { CommandContext } from '../types/cli.js';
+import type { SourceSetOptions } from '../types/commands/index.js';
+/**
+ * Atomically updates the Firefox source tuple in fireforge.json.
+ */
+export declare function sourceSetCommand(projectRoot: string, options: SourceSetOptions): Promise<void>;
+/** Registers the source command on the CLI program. */
+export declare function registerSource(program: Command, { getProjectRoot, withErrorHandling }: CommandContext): void;

package/dist/src/commands/source.js

@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: EUPL-1.2
+import { Option } from 'commander';
+import { configExists, loadRawConfigDocument, validateConfig, withConfigFileLock, writeConfigDocument, } from '../core/config.js';
+import { GeneralError, InvalidArgumentError } from '../errors/base.js';
+import { info, intro, outro, success } from '../utils/logger.js';
+import { isValidFirefoxProduct } from '../utils/validation.js';
+const SOURCE_PRODUCTS = [
+    'firefox',
+    'firefox-esr',
+    'firefox-beta',
+    'firefox-devedition',
+];
+function isRecord(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+function cloneRawConfig(raw) {
+    const cloned = structuredClone(raw);
+    if (!isRecord(cloned)) {
+        throw new GeneralError('Cannot update fireforge.json: config clone was not an object.');
+    }
+    return cloned;
+}
+function parseSourceProduct(product) {
+    if (isValidFirefoxProduct(product)) {
+        return product;
+    }
+    throw new InvalidArgumentError(`--product must be one of: ${SOURCE_PRODUCTS.join(', ')}`, '--product');
+}
+/**
+ * Atomically updates the Firefox source tuple in fireforge.json.
+ */
+export async function sourceSetCommand(projectRoot, options) {
+    intro('FireForge Source');
+    if (!(await configExists(projectRoot))) {
+        throw new GeneralError('No fireforge.json found. Run "fireforge setup" to create a project.');
+    }
+    if (options.sha256 !== undefined && options.clearSha256 === true) {
+        throw new InvalidArgumentError('--sha256 cannot be combined with --clear-sha256', '--sha256');
+    }
+    const written = await withConfigFileLock(projectRoot, async () => {
+        const raw = await loadRawConfigDocument(projectRoot);
+        const updated = cloneRawConfig(raw);
+        const firefox = isRecord(updated['firefox']) ? { ...updated['firefox'] } : {};
+        firefox['version'] = options.version;
+        firefox['product'] = options.product;
+        if (options.clearSha256 === true) {
+            delete firefox['sha256'];
+        }
+        else if (options.sha256 !== undefined) {
+            firefox['sha256'] = options.sha256;
+        }
+        updated['firefox'] = firefox;
+        const validated = validateConfig(updated);
+        if (validated.firefox.sha256 !== undefined) {
+            firefox['sha256'] = validated.firefox.sha256;
+        }
+        await writeConfigDocument(projectRoot, updated);
+        return validated.firefox;
+    });
+    success(`Set firefox.version = ${written.version}`);
+    success(`Set firefox.product = ${written.product}`);
+    if (written.sha256 !== undefined) {
+        success(`Set firefox.sha256 = ${written.sha256}`);
+    }
+    else if (options.clearSha256 === true) {
+        info('Cleared firefox.sha256');
+    }
+    outro('');
+}
+/** Registers the source command on the CLI program. */
+export function registerSource(program, { getProjectRoot, withErrorHandling }) {
+    const source = program.command('source').description('Manage Firefox source configuration');
+    source
+        .command('set')
+        .description('Atomically set Firefox source version, product, and optional checksum')
+        .requiredOption('--version <version>', 'Firefox version to base on')
+        .addOption(new Option('--product <product>', 'Firefox product')
+        .choices([...SOURCE_PRODUCTS])
+        .makeOptionMandatory())
+        .option('--sha256 <hash>', 'Pinned SHA-256 for the resolved source archive')
+        .option('--clear-sha256', 'Clear any existing pinned SHA-256')
+        .action(withErrorHandling(async (options) => {
+        const { product, version, sha256, clearSha256 } = options;
+        await sourceSetCommand(getProjectRoot(), {
+            version,
+            product: parseSourceProduct(product),
+            ...(sha256 !== undefined ? { sha256 } : {}),
+            ...(clearSha256 !== undefined ? { clearSha256 } : {}),
+        });
+    }));
+}
+//# sourceMappingURL=source.js.map