tgit 0.34.2__tar.gz → 0.35.0__tar.gz

{tgit-0.34.2 → tgit-0.35.0}/CHANGELOG.md

@@ -1,3 +1,15 @@
+## v0.35.0
+
+[v0.34.2...v0.35.0](https://github.com/Jannchie/tgit/compare/v0.34.2...v0.35.0)
+
+### :sparkles: Features
+
+- **version**: add support for syncing Cargo.lock with Cargo.toml - By [Jannchie](mailto:jannchie@gmail.com) in [7ca29ae](https://github.com/Jannchie/tgit/commit/7ca29ae)
+
+### :wrench: Chores
+
+- update risk detection guidelines - By [Jannchie](mailto:jannchie@gmail.com) in [b5e0762](https://github.com/Jannchie/tgit/commit/b5e0762)
+
 ## v0.34.2
 
 [v0.34.1...v0.34.2](https://github.com/Jannchie/tgit/compare/v0.34.1...v0.34.2)

{tgit-0.34.2 → tgit-0.35.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tgit
-Version: 0.34.2
+Version: 0.35.0
 Summary: AI-powered Git CLI for commits, changelogs, and semantic versioning.
 Project-URL: Homepage, https://github.com/Jannchie/tgit
 Project-URL: Repository, https://github.com/Jannchie/tgit

{tgit-0.34.2 → tgit-0.35.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "tgit"
-version = "0.34.2"
+version = "0.35.0"
 description = "AI-powered Git CLI for commits, changelogs, and semantic versioning."
 authors = [{ name = "Jannchie", email = "jannchie@gmail.com" }]
 dependencies = [

{tgit-0.34.2 → tgit-0.35.0}/tests/integration/test_version_integration.py

@@ -305,6 +305,110 @@ description = "Test package"
         node_modules_content = json.loads(node_modules_package_json.read_text())
         assert node_modules_content["version"] == "1.0.0"
 
+    def _build_args(self, tmp_path, *, recursive: bool) -> VersionArgs:
+        return VersionArgs(
+            version="",
+            verbose=0,
+            no_commit=True,
+            no_tag=True,
+            no_push=True,
+            patch=False,
+            minor=False,
+            major=False,
+            prepatch="",
+            preminor="",
+            premajor="",
+            recursive=recursive,
+            custom="",
+            path=str(tmp_path),
+        )
+
+    def test_update_version_files_syncs_cargo_lock(self, tmp_path):
+        """End-to-end: bumping a crate's Cargo.toml also rewrites its
+        Cargo.lock entry. The lockfile lives next to the manifest."""
+        (tmp_path / "Cargo.toml").write_text(
+            '[package]\nname = "demo"\nversion = "0.1.0"\n',
+            encoding="utf-8",
+        )
+        (tmp_path / "Cargo.lock").write_text(
+            '[[package]]\nname = "demo"\nversion = "0.1.0"\n',
+            encoding="utf-8",
+        )
+        update_version_files(
+            self._build_args(tmp_path, recursive=False),
+            Version(major=0, minor=2, patch=0),
+            verbose=0,
+            recursive=False,
+        )
+        assert 'version = "0.2.0"' in (tmp_path / "Cargo.toml").read_text()
+        assert 'version = "0.2.0"' in (tmp_path / "Cargo.lock").read_text()
+
+    def test_update_version_files_workspace_lockfile_dedups(self, tmp_path):
+        """Cargo workspace with two members and one shared lockfile —
+        both [[package]] entries get rewritten, but the lockfile is
+        not duplicated."""
+        (tmp_path / ".git").mkdir()
+        (tmp_path / "Cargo.toml").write_text(
+            '[workspace]\nmembers = ["crates/alpha", "crates/beta"]\n',
+            encoding="utf-8",
+        )
+        (tmp_path / "Cargo.lock").write_text(
+            '[[package]]\nname = "alpha"\nversion = "0.1.0"\n\n'
+            '[[package]]\nname = "beta"\nversion = "0.1.0"\n',
+            encoding="utf-8",
+        )
+        alpha = tmp_path / "crates" / "alpha"
+        alpha.mkdir(parents=True)
+        (alpha / "Cargo.toml").write_text(
+            '[package]\nname = "alpha"\nversion = "0.1.0"\n',
+            encoding="utf-8",
+        )
+        beta = tmp_path / "crates" / "beta"
+        beta.mkdir(parents=True)
+        (beta / "Cargo.toml").write_text(
+            '[package]\nname = "beta"\nversion = "0.1.0"\n',
+            encoding="utf-8",
+        )
+        update_version_files(
+            self._build_args(tmp_path, recursive=True),
+            Version(major=0, minor=2, patch=0),
+            verbose=0,
+            recursive=True,
+        )
+        lockfile_content = (tmp_path / "Cargo.lock").read_text()
+        assert lockfile_content.count('version = "0.2.0"') == 2
+        assert 'version = "0.1.0"' not in lockfile_content
+
+    def test_update_version_files_pnpm_root_without_version(self, tmp_path):
+        """pnpm workspace root without `version`: bump must insert
+        one in the root package.json and update children too."""
+        (tmp_path / "package.json").write_text(
+            '{\n  "name": "monorepo",\n  "private": true\n}\n',
+            encoding="utf-8",
+        )
+        (tmp_path / "pnpm-workspace.yaml").write_text(
+            'packages:\n  - "packages/*"\n',
+            encoding="utf-8",
+        )
+        alpha = tmp_path / "packages" / "alpha"
+        alpha.mkdir(parents=True)
+        (alpha / "package.json").write_text(
+            '{"name": "@x/alpha", "version": "0.1.0"}\n',
+            encoding="utf-8",
+        )
+
+        update_version_files(
+            self._build_args(tmp_path, recursive=True),
+            Version(major=0, minor=2, patch=0),
+            verbose=0,
+            recursive=True,
+        )
+        root_data = json.loads((tmp_path / "package.json").read_text())
+        assert root_data["version"] == "0.2.0"
+        assert root_data["name"] == "monorepo"
+        child_data = json.loads((alpha / "package.json").read_text())
+        assert child_data["version"] == "0.2.0"
+
     @patch("tgit.version.get_next_version")
     @patch("tgit.version.get_current_version")
     @patch("tgit.version.update_version_files")

{tgit-0.34.2 → tgit-0.35.0}/tests/unit/test_version.py

@@ -19,8 +19,11 @@ from tgit.version import (
     _parse_gitignore,
     _prompt_for_version_choice,
     _should_ignore_path,
+    _version_from_workspace_children,
     bump_version,
+    cargo_lockfiles_for_manifests,
     execute_git_commands,
+    find_workspace_package_jsons,
     format_diff_lines,
     get_current_version,
     get_custom_version,
@@ -39,9 +42,11 @@ from tgit.version import (
     get_version_from_version_txt,
     handle_version,
     show_file_diff,
+    sync_cargo_lockfiles,
     update_cargo_lock_version,
     update_cargo_toml_version,
     update_file,
+    update_package_json_version,
     update_version_files,
     update_version_in_file,
     version,
@@ -1110,37 +1115,32 @@ class TestUpdateCargoLockVersion:
         assert lockfile.stat().st_mtime_ns == before
 
 
-class TestUpdateVersionInFileCargoIntegration:
-    """update_version_in_file should sync Cargo.lock when it sees Cargo.toml."""
+class TestSyncCargoLockfiles:
+    """sync_cargo_lockfiles is the post-manifest step that rewrites
+    every Cargo.lock entry matching a bumped manifest. Manifest update
+    and lockfile sync are deliberately decoupled so workspace members
+    sharing one lockfile don't trigger N rewrites of it."""
 
-    def test_cargo_toml_branch_syncs_sibling_lockfile(self, tmp_path):
+    def test_syncs_sibling_lockfile(self, tmp_path):
         cargo_toml = tmp_path / "Cargo.toml"
         cargo_toml.write_text(
             "[package]\n"
             'name = "arthash"\n'
-            'version = "0.2.0"\n'
-            "\n"
-            "[dependencies]\n"
-            'matrixmultiply = "0.3"\n',
+            'version = "0.3.0"\n',
             encoding="utf-8",
         )
         lockfile = tmp_path / "Cargo.lock"
         lockfile.write_text(
             "[[package]]\n"
             'name = "arthash"\n'
-            'version = "0.2.0"\n'
-            "dependencies = [\n"
-            ' "matrixmultiply",\n'
-            "]\n",
+            'version = "0.2.0"\n',
             encoding="utf-8",
         )
-        update_version_in_file(0, "0.3.0", "Cargo.toml", cargo_toml, show_diff=False)
-        # Both files should now report 0.3.0.
-        assert 'version = "0.3.0"' in cargo_toml.read_text()
+        sync_cargo_lockfiles([cargo_toml], "0.3.0", 0, show_diff=False)
         assert 'version = "0.3.0"' in lockfile.read_text()
 
-    def test_cargo_toml_branch_syncs_workspace_root_lockfile(self, tmp_path):
-        """Lockfile in workspace root, Cargo.toml in a member directory."""
+    def test_syncs_workspace_root_lockfile(self, tmp_path):
+        """Workspace member's manifest, lockfile at the workspace root."""
         (tmp_path / ".git").mkdir()
         lockfile = tmp_path / "Cargo.lock"
         lockfile.write_text(
@@ -1155,26 +1155,235 @@ class TestUpdateVersionInFileCargoIntegration:
         cargo_toml.write_text(
             "[package]\n"
             'name = "alpha"\n'
-            'version = "0.2.0"\n',
+            'version = "0.3.0"\n',
             encoding="utf-8",
         )
-        update_version_in_file(0, "0.3.0", "Cargo.toml", cargo_toml, show_diff=False)
-        assert 'version = "0.3.0"' in cargo_toml.read_text()
+        sync_cargo_lockfiles([cargo_toml], "0.3.0", 0, show_diff=False)
         assert 'version = "0.3.0"' in lockfile.read_text()
 
-    def test_cargo_toml_branch_no_lockfile_present(self, tmp_path):
-        """When there's no lockfile at all, the manifest update still proceeds."""
+    def test_no_lockfile_present_is_noop(self, tmp_path):
+        """Pure non-Rust projects or fresh crates may lack a lockfile."""
         (tmp_path / ".git").mkdir()
         cargo_toml = tmp_path / "Cargo.toml"
         cargo_toml.write_text(
             "[package]\n"
             'name = "alpha"\n'
+            'version = "0.3.0"\n',
+            encoding="utf-8",
+        )
+        # Should not raise.
+        sync_cargo_lockfiles([cargo_toml], "0.3.0", 0, show_diff=False)
+
+    def test_workspace_members_dedup_to_one_lockfile_rewrite(self, tmp_path):
+        """Two members share one lockfile; both their entries must be
+        rewritten, and the lockfile resolution must not duplicate."""
+        (tmp_path / ".git").mkdir()
+        lockfile = tmp_path / "Cargo.lock"
+        lockfile.write_text(
+            "[[package]]\n"
+            'name = "alpha"\n'
+            'version = "0.2.0"\n'
+            "\n"
+            "[[package]]\n"
+            'name = "beta"\n'
             'version = "0.2.0"\n',
             encoding="utf-8",
         )
+        alpha_toml = tmp_path / "crates" / "alpha" / "Cargo.toml"
+        alpha_toml.parent.mkdir(parents=True)
+        alpha_toml.write_text(
+            "[package]\n"
+            'name = "alpha"\n'
+            'version = "0.3.0"\n',
+            encoding="utf-8",
+        )
+        beta_toml = tmp_path / "crates" / "beta" / "Cargo.toml"
+        beta_toml.parent.mkdir(parents=True)
+        beta_toml.write_text(
+            "[package]\n"
+            'name = "beta"\n'
+            'version = "0.3.0"\n',
+            encoding="utf-8",
+        )
+        sync_cargo_lockfiles([alpha_toml, beta_toml], "0.3.0", 0, show_diff=False)
+        new_content = lockfile.read_text()
+        assert new_content.count('version = "0.3.0"') == 2
+        assert 'version = "0.2.0"' not in new_content
+
+    def test_manifests_without_package_name_skipped(self, tmp_path):
+        """A pure [workspace] manifest has no `name`; nothing to do."""
+        (tmp_path / ".git").mkdir()
+        ws_toml = tmp_path / "Cargo.toml"
+        ws_toml.write_text('[workspace]\nmembers = ["crates/alpha"]\n', encoding="utf-8")
+        lockfile = tmp_path / "Cargo.lock"
+        original = '[[package]]\nname = "alpha"\nversion = "0.2.0"\n'
+        lockfile.write_text(original, encoding="utf-8")
+        sync_cargo_lockfiles([ws_toml], "0.3.0", 0, show_diff=False)
+        assert lockfile.read_text() == original
+
+
+class TestCargoLockfilesForManifests:
+    """Resolution of unique Cargo.lock files for a manifest set."""
+
+    def test_dedups_shared_workspace_lockfile(self, tmp_path):
+        (tmp_path / ".git").mkdir()
+        lockfile = tmp_path / "Cargo.lock"
+        lockfile.write_text("# lock\n")
+        alpha = tmp_path / "crates" / "alpha" / "Cargo.toml"
+        alpha.parent.mkdir(parents=True)
+        alpha.write_text('[package]\nname = "alpha"\nversion = "0.1.0"\n')
+        beta = tmp_path / "crates" / "beta" / "Cargo.toml"
+        beta.parent.mkdir(parents=True)
+        beta.write_text('[package]\nname = "beta"\nversion = "0.1.0"\n')
+        result = cargo_lockfiles_for_manifests([alpha, beta])
+        assert result == [lockfile]
+
+    def test_ignores_non_cargo_paths(self, tmp_path):
+        assert cargo_lockfiles_for_manifests([tmp_path / "package.json"]) == []
+
+    def test_missing_lockfile_returns_empty(self, tmp_path):
+        (tmp_path / ".git").mkdir()
+        cargo_toml = tmp_path / "Cargo.toml"
+        cargo_toml.write_text('[package]\nname = "x"\nversion = "0.1.0"\n')
+        assert cargo_lockfiles_for_manifests([cargo_toml]) == []
+
+
+class TestUpdatePackageJsonVersion:
+    """update_package_json_version handles both replace (most pkgs) and
+    insert (pnpm/npm workspace roots that omit `version`)."""
+
+    def test_replaces_existing_version(self, tmp_path):
+        pkg = tmp_path / "package.json"
+        pkg.write_text('{\n  "name": "x",\n  "version": "0.1.0"\n}\n', encoding="utf-8")
+        update_package_json_version(str(pkg), "0.2.0", 0, show_diff=False)
+        assert '"version": "0.2.0"' in pkg.read_text()
+        assert '"version": "0.1.0"' not in pkg.read_text()
+
+    def test_inserts_when_missing(self, tmp_path):
+        """Workspace root without `version` — must end up with one
+        and remain valid JSON."""
+        pkg = tmp_path / "package.json"
+        pkg.write_text(
+            '{\n  "name": "monorepo",\n  "private": true,\n  "workspaces": ["packages/*"]\n}\n',
+            encoding="utf-8",
+        )
+        update_package_json_version(str(pkg), "1.0.0", 0, show_diff=False)
+        new_content = pkg.read_text()
+        assert '"version": "1.0.0"' in new_content
+        # Still valid JSON
+        import json as _json
+        data = _json.loads(new_content)
+        assert data["version"] == "1.0.0"
+        assert data["name"] == "monorepo"
+
+    def test_only_first_version_match_replaced(self, tmp_path):
+        """Avoid touching a nested `"version"` inside dependencies."""
+        pkg = tmp_path / "package.json"
+        pkg.write_text(
+            '{\n'
+            '  "name": "x",\n'
+            '  "version": "0.1.0",\n'
+            '  "dependencies": {\n'
+            '    "left-pad": "1.3.0"\n'
+            '  }\n'
+            '}\n',
+            encoding="utf-8",
+        )
+        update_package_json_version(str(pkg), "0.2.0", 0, show_diff=False)
+        new_content = pkg.read_text()
+        assert '"version": "0.2.0"' in new_content
+        # left-pad pin must remain unchanged
+        assert '"left-pad": "1.3.0"' in new_content
+
+    def test_file_not_exists_is_noop(self, tmp_path):
         # Should not raise.
-        update_version_in_file(0, "0.3.0", "Cargo.toml", cargo_toml, show_diff=False)
-        assert 'version = "0.3.0"' in cargo_toml.read_text()
+        update_package_json_version(str(tmp_path / "missing.json"), "1.0.0", 0, show_diff=False)
+
+
+class TestWorkspaceVersionDiscovery:
+    """When the root package.json omits `version` (typical pnpm/yarn
+    monorepo root), version detection falls back to the highest
+    version among workspace children."""
+
+    def test_pnpm_workspace_yaml_resolves_child_versions(self, tmp_path):
+        (tmp_path / "package.json").write_text('{"name": "root", "private": true}\n', encoding="utf-8")
+        (tmp_path / "pnpm-workspace.yaml").write_text('packages:\n  - "packages/*"\n', encoding="utf-8")
+        alpha = tmp_path / "packages" / "alpha"
+        alpha.mkdir(parents=True)
+        (alpha / "package.json").write_text('{"name": "@x/alpha", "version": "1.2.3"}\n', encoding="utf-8")
+        beta = tmp_path / "packages" / "beta"
+        beta.mkdir(parents=True)
+        (beta / "package.json").write_text('{"name": "@x/beta", "version": "1.5.0"}\n', encoding="utf-8")
+
+        version = get_version_from_package_json(tmp_path)
+        assert version is not None
+        # Max of child versions
+        assert (version.major, version.minor, version.patch) == (1, 5, 0)
+
+    def test_npm_workspaces_field_list(self, tmp_path):
+        (tmp_path / "package.json").write_text(
+            '{"name": "root", "private": true, "workspaces": ["packages/*"]}\n',
+            encoding="utf-8",
+        )
+        alpha = tmp_path / "packages" / "alpha"
+        alpha.mkdir(parents=True)
+        (alpha / "package.json").write_text('{"name": "@x/alpha", "version": "0.4.0"}\n', encoding="utf-8")
+
+        version = get_version_from_package_json(tmp_path)
+        assert version is not None
+        assert (version.major, version.minor, version.patch) == (0, 4, 0)
+
+    def test_yarn_workspaces_object_form(self, tmp_path):
+        (tmp_path / "package.json").write_text(
+            '{"name": "root", "workspaces": {"packages": ["modules/*"]}}\n',
+            encoding="utf-8",
+        )
+        alpha = tmp_path / "modules" / "alpha"
+        alpha.mkdir(parents=True)
+        (alpha / "package.json").write_text('{"name": "@x/alpha", "version": "2.0.1"}\n', encoding="utf-8")
+
+        version = get_version_from_package_json(tmp_path)
+        assert version is not None
+        assert (version.major, version.minor, version.patch) == (2, 0, 1)
+
+    def test_root_version_takes_precedence(self, tmp_path):
+        """If root has its own version, children are ignored."""
+        (tmp_path / "package.json").write_text(
+            '{"name": "root", "version": "5.0.0", "workspaces": ["packages/*"]}\n',
+            encoding="utf-8",
+        )
+        alpha = tmp_path / "packages" / "alpha"
+        alpha.mkdir(parents=True)
+        (alpha / "package.json").write_text('{"version": "9.9.9"}\n', encoding="utf-8")
+        version = get_version_from_package_json(tmp_path)
+        assert version is not None
+        assert (version.major, version.minor, version.patch) == (5, 0, 0)
+
+    def test_no_workspace_no_version_returns_none(self, tmp_path):
+        (tmp_path / "package.json").write_text('{"name": "x"}\n', encoding="utf-8")
+        assert get_version_from_package_json(tmp_path) is None
+
+    def test_child_without_version_skipped(self, tmp_path):
+        (tmp_path / "package.json").write_text('{"workspaces": ["packages/*"]}\n', encoding="utf-8")
+        alpha = tmp_path / "packages" / "alpha"
+        alpha.mkdir(parents=True)
+        (alpha / "package.json").write_text('{"name": "@x/alpha"}\n', encoding="utf-8")
+        beta = tmp_path / "packages" / "beta"
+        beta.mkdir(parents=True)
+        (beta / "package.json").write_text('{"name": "@x/beta", "version": "0.1.0"}\n', encoding="utf-8")
+
+        version = get_version_from_package_json(tmp_path)
+        assert version is not None
+        assert (version.major, version.minor, version.patch) == (0, 1, 0)
+
+    def test_find_workspace_package_jsons_excludes_root(self, tmp_path):
+        (tmp_path / "package.json").write_text('{"workspaces": ["."]}\n', encoding="utf-8")
+        result = find_workspace_package_jsons(tmp_path)
+        assert result == []
+
+    def test_version_from_workspace_children_no_workspace(self, tmp_path):
+        """No workspaces config at all → no children, returns None."""
+        assert _version_from_workspace_children(tmp_path) is None
 
 
 class TestParseGitignore:

{tgit-0.34.2 → tgit-0.35.0}/tests/unit/test_version_coverage.py

@@ -311,14 +311,12 @@ version = "invalid"
             str(file_path), r'version\s*=\s*".*?"', 'version = "1.2.3"', 0, show_diff=False
         )
 
-    @patch("tgit.version.update_file")
+    @patch("tgit.version.update_package_json_version")
     def test_update_version_in_file_package_json(self, mock_update, tmp_path):
         """Test update_version_in_file for package.json."""
         file_path = tmp_path / "package.json"
         update_version_in_file(0, "1.2.3", "package.json", file_path)
-        mock_update.assert_called_once_with(
-            str(file_path), r'"version":\s*".*?"', '"version": "1.2.3"', 0, show_diff=False
-        )
+        mock_update.assert_called_once_with(str(file_path), "1.2.3", 0, show_diff=False)
 
     @patch("tgit.version.update_file")
     def test_update_version_in_file_version_txt(self, mock_update, tmp_path):

{tgit-0.34.2 → tgit-0.35.0}/tgit/prompts/commit.txt

@@ -65,12 +65,27 @@ Select the most appropriate type based on the semantic versioning rules above.
 - Cover the primary change(s) in the diff
 - If multiple distinct changes, separate with " && " (e.g., "update api && fix validation")
 
-### Secret Detection
-- Review the diff for potential secrets (API keys, tokens, passwords, private keys, credentials, etc.).
-- For every suspected secret, add an entry to the `secrets` array with the file path, a brief description, and a `level`.
-- Use `level: "error"` when an actual secret value appears (tokens, passwords, private keys, credentials, connection strings, or high-entropy values).
-- Use `level: "warning"` when only key names or variable names appear without values (e.g., `API_KEY`, `SECRET_KEY`, `PASSWORD`).
-- If no secrets are found, return an empty array.
+### Risky Content & Files Detection
+Review the diff and the list of changed files for anything that should not normally be committed. For every finding, append an entry to the `secrets` array with the file path, a brief description, and a `level` (`warning` or `error`). Return an empty array if nothing is found.
+
+Flag two broad categories:
+
+**1. Secrets / credentials embedded in code or config**
+- `level: "error"` when an actual secret value appears: tokens, passwords, private keys, credentials, connection strings, OAuth client secrets, or high-entropy strings that look like generated keys.
+- `level: "warning"` when only key names or variable names appear without values (e.g., `API_KEY=`, `SECRET_KEY=`, `PASSWORD=`).
+
+**2. Files that should not be tracked in version control**
+Flag these as `level: "error"` (description should explain what kind of file it is and why it shouldn't be committed). Use judgment based on filename, file path, and content:
+- Log files: `*.log`, `npm-debug.log*`, `yarn-error.log*`, `pnpm-debug.log*`, anything under a `logs/` directory.
+- Local/runtime environment files: `.env`, `.env.local`, `.env.*.local`, `.env.development.local`, `.env.production.local`. (Example/template env files like `.env.example`, `.env.sample`, `.env.template` are fine — do NOT flag them.)
+- Private key / credential files: `*.pem`, `*.key`, `*.p12`, `*.pfx`, `id_rsa`, `id_ed25519`, `id_dsa`, `id_ecdsa`, `credentials.json`, `secrets.json`, `secrets.yaml`, `secrets.yml`.
+- OS metadata: `.DS_Store`, `Thumbs.db`, `desktop.ini`, `ehthumbs.db`.
+- Editor swap / backup files: `*.swp`, `*.swo`, `*~`, `*.orig`, `*.bak`, `*.rej`.
+- Dependency / build / cache directories that virtually never belong in source control: `node_modules/`, `__pycache__/`, `*.pyc`, `*.pyo`, `.pytest_cache/`, `.mypy_cache/`, `.ruff_cache/`, `.tox/`, `.coverage`, `htmlcov/`, `*.egg-info/`, `.next/`, `.nuxt/`, `.turbo/`, `.parcel-cache/`, `.venv/`, `venv/`, `dist/`, `build/`, `target/debug/`, `target/release/`, `coverage/`.
+- Runtime databases / data dumps that look like artifacts: `*.sqlite`, `*.sqlite3`, `*.db`, large data dumps in obvious artifact locations.
+- Generic temp files: `*.tmp`, `*.temp`, core dumps (`core.*`).
+
+Apply judgment — these patterns are heuristics, not absolute rules. If a file matches a pattern but the project genuinely tracks it on purpose (e.g., a fixture SQLite under `tests/fixtures/`, a vendored binary, a checked-in `dist/` for a published artifact), do not flag it. Conversely, flag files that clearly look like artifacts even if they don't match the patterns above.
 
 ## Output Format
 Return valid JSON matching this structure:
@@ -97,6 +112,7 @@ Return valid JSON matching this structure:
 {"type": "refactor", "scope": "api", "msg": "restructure endpoint handlers", "is_breaking": false, "secrets": []}
 {"type": "feat", "scope": "api", "msg": "add user deletion endpoint", "is_breaking": true, "secrets": []}
 {"type": "chore", "scope": "deps", "msg": "update dependencies", "is_breaking": false, "secrets": [{"file": "config/.env", "description": "detected value resembling api key", "level": "error"}]}
+{"type": "chore", "scope": null, "msg": "update build pipeline", "is_breaking": false, "secrets": [{"file": "logs/server.log", "description": "log file should not be committed", "level": "error"}, {"file": "node_modules/lodash/package.json", "description": "node_modules dependency directory should not be committed", "level": "error"}]}
 ```
 
 Now analyze the provided diff and generate the commit message.