whycode-cli 0.2.1__tar.gz → 0.2.3__tar.gz

{whycode_cli-0.2.1/src/whycode_cli.egg-info → whycode_cli-0.2.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: whycode-cli
-Version: 0.2.1
+Version: 0.2.3
 Summary: Tells you what to be afraid of before you touch a file.
 Author: Kevin
 License-Expression: MIT
@@ -88,9 +88,11 @@ Requires Python 3.11+.
 cd /path/to/your/repo
 
 whycode init                        # one-command setup: CI workflow + pre-commit gate
+whycode highlights                  # first-run treasure map: top decisions + incidents
 whycode why src/some/file.py        # the Risk Card for one file
 whycode why src/some/file.py -b     # one-line summary (for triage / scripts)
-whycode why src/some/file.py --at <sha>  # what did this file's risk look like as of <sha>?
+whycode why src/some/file.py --at <sha>     # risk as of a past commit
+whycode why src/some/file.py --mute <kind>  # local "this signal is wrong, hide it" feedback
 whycode diff                        # rank everything you changed vs origin/main
 whycode diff --staged               # ditto, for files staged for commit
 whycode diff --fail-on history      # CI gate: exit 1 if any file is ≥ READ HISTORY FIRST

{whycode_cli-0.2.1 → whycode_cli-0.2.3}/README.md

@@ -60,9 +60,11 @@ Requires Python 3.11+.
 cd /path/to/your/repo
 
 whycode init                        # one-command setup: CI workflow + pre-commit gate
+whycode highlights                  # first-run treasure map: top decisions + incidents
 whycode why src/some/file.py        # the Risk Card for one file
 whycode why src/some/file.py -b     # one-line summary (for triage / scripts)
-whycode why src/some/file.py --at <sha>  # what did this file's risk look like as of <sha>?
+whycode why src/some/file.py --at <sha>     # risk as of a past commit
+whycode why src/some/file.py --mute <kind>  # local "this signal is wrong, hide it" feedback
 whycode diff                        # rank everything you changed vs origin/main
 whycode diff --staged               # ditto, for files staged for commit
 whycode diff --fail-on history      # CI gate: exit 1 if any file is ≥ READ HISTORY FIRST

{whycode_cli-0.2.1 → whycode_cli-0.2.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "whycode-cli"
-version = "0.2.1"
+version = "0.2.3"
 description = "Tells you what to be afraid of before you touch a file."
 readme = "README.md"
 license = "MIT"

{whycode_cli-0.2.1 → whycode_cli-0.2.3}/src/whycode/__init__.py

@@ -1,3 +1,3 @@
 """WhyCode — tells you what to be afraid of before touching a file."""
 
-__version__ = "0.2.1"
+__version__ = "0.2.3"

{whycode_cli-0.2.1 → whycode_cli-0.2.3}/src/whycode/cli.py

@@ -4,6 +4,8 @@ Commands
 --------
 - ``whycode why <path>``        — print the Risk Card for a single file.
 - ``whycode why <path> --at SHA`` — risk card as of a past commit.
+- ``whycode why <path> --mute KIND`` — locally suppress a noisy signal kind.
+- ``whycode highlights``        — repo-wide treasure map of decisions and incidents.
 - ``whycode diff [--base REF]`` — risk-rank files changed against a base ref.
 - ``whycode show <sha>``        — risk-flavored summary for one commit.
 - ``whycode timeline <path>``   — risk score evolution across the file's history.
@@ -27,8 +29,10 @@ from rich.table import Table
 
 from whycode import __version__
 from whycode import git_facts as gf
+from whycode import ignore as ign
 from whycode import risk_card as rc
 from whycode import signals as sig
+from whycode import suppressions as supp
 
 app = typer.Typer(
     add_completion=False,
@@ -119,6 +123,20 @@ def why(
         "--at",
         help="Show the Risk Card as of this commit / ref (postmortem queries).",
     ),
+    mute: list[str] = typer.Option(
+        [],
+        "--mute",
+        help=(
+            "Suppress a signal kind for this path going forward "
+            "(stored in .whycode/suppressed.json). Accepts kind name or "
+            "unique prefix: incident, revert, ghost, coupling, silence, …"
+        ),
+    ),
+    no_mutes: bool = typer.Option(
+        False,
+        "--no-mutes",
+        help="Bypass the local suppression list — show all signals.",
+    ),
     max_commits: int | None = typer.Option(
         None, "--max-commits", help="Cap the number of commits scanned (debug)."
     ),
@@ -140,7 +158,31 @@ def why(
         except gf.GitError:
             err.print(f"[red]error:[/red] unknown commit / ref: {at!r}")
             raise typer.Exit(2) from None
-    card = rc.build(repo_root, rel, max_commits=max_commits, ref=resolved_ref)
+    if mute:
+        sl = supp.load(repo_root)
+        added: list[str] = []
+        for token in mute:
+            try:
+                kind = supp.resolve_kind(token)
+            except ValueError as exc:
+                err.print(f"[red]error:[/red] {exc}")
+                raise typer.Exit(2) from None
+            if sl.add(rel, kind):
+                added.append(kind.value)
+        if added:
+            supp.save(repo_root, sl)
+            if not json_out:
+                err.print(
+                    f"[dim]muted on {rel}: {', '.join(added)}  "
+                    f"(stored in .whycode/suppressed.json — edit to undo)[/dim]"
+                )
+    card = rc.build(
+        repo_root,
+        rel,
+        max_commits=max_commits,
+        ref=resolved_ref,
+        apply_suppressions=not no_mutes,
+    )
     if json_out:
         console.print_json(json.dumps(card.to_dict()))
         return
@@ -286,6 +328,136 @@ def diff(
             raise typer.Exit(1)
 
 
+@app.command()
+def highlights(
+    invariants: int = typer.Option(
+        5, "--invariants", help="How many invariant lines to surface."
+    ),
+    incidents: int = typer.Option(
+        5, "--incidents", help="How many incident commits to surface."
+    ),
+    max_commits: int | None = typer.Option(
+        None,
+        "--max-commits",
+        help="Cap on commits scanned (defaults to no cap; tune for very large repos).",
+    ),
+    repo: Path = typer.Option(Path("."), "--repo", help="Path inside the repo."),
+    json_out: bool = typer.Option(
+        False, "--json", help="Emit machine-readable JSON instead of a card."
+    ),
+) -> None:
+    """The first-run treasure map: top decisions and incidents across the repo.
+
+    Surfaces the highest-value commit-message lines (invariants stated by past
+    authors) and the most recent incident-flavoured commits — the things a
+    reader most wants to know about the codebase before touching anything.
+    """
+    try:
+        repo_root = gf.discover_repo_root(repo.resolve())
+    except gf.GitError as exc:
+        err.print(f"[red]error:[/red] {exc}")
+        raise typer.Exit(2) from exc
+
+    with console.status("Reading repo history…", spinner="dots"):
+        commits = gf.all_commits(repo_root, max_count=max_commits)
+    if not commits:
+        console.print("[yellow]no commits in this repo[/yellow]")
+        return
+
+    inv_pairs = gf.extract_invariant_quotes(commits)
+    sha_to_commit = {c.sha: c for c in commits}
+    seen_lines: dict[str, str] = {}
+    for sha, line in inv_pairs:
+        seen_lines.setdefault(line, sha)
+    inv_records: list[tuple[str, str, gf.Commit]] = []
+    for line, sha in seen_lines.items():
+        commit = sha_to_commit.get(sha)
+        if commit is None:
+            continue
+        inv_records.append((line, sha, commit))
+    inv_records.sort(key=lambda t: t[2].authored_at, reverse=True)
+    inv_records = inv_records[:invariants]
+
+    incident_records = gf.find_incidents(commits)[:incidents]
+
+    if json_out:
+        console.print_json(
+            json.dumps(
+                {
+                    "repo": str(repo_root),
+                    "scanned_commits": len(commits),
+                    "invariants": [
+                        {
+                            "sha": c.sha[:12],
+                            "subject": c.subject,
+                            "author": c.author_name,
+                            "authored_at": c.authored_at.isoformat(),
+                            "line": line,
+                        }
+                        for line, _, c in inv_records
+                    ],
+                    "incidents": [
+                        {
+                            "sha": c.sha[:12],
+                            "subject": c.subject,
+                            "author": c.author_name,
+                            "authored_at": c.authored_at.isoformat(),
+                        }
+                        for c in incident_records
+                    ],
+                }
+            )
+        )
+        return
+
+    console.print(
+        f"[bold]WhyCode highlights[/bold]   "
+        f"[dim]{len(commits)} commits scanned in this repo[/dim]\n"
+    )
+    if inv_records:
+        console.print(
+            f"[bold yellow]INVARIANTS[/bold yellow] "
+            f"[dim]({len(inv_records)} most recent stated by past authors)[/dim]"
+        )
+        for i, (line, sha, commit) in enumerate(inv_records, 1):
+            short = sha[:7]
+            date = str(commit.authored_at.date())
+            console.print(
+                f"  {i}. [dim]{short}  {date}  {commit.author_name}[/dim]"
+            )
+            console.print(f"     [italic]{line}[/italic]")
+        console.print()
+    else:
+        console.print(
+            "[dim]INVARIANTS: none found. The repo's commit bodies don't use "
+            "cautionary language like 'do not', 'must not', 'warning:', etc.[/dim]\n"
+        )
+
+    if incident_records:
+        console.print(
+            f"[bold red]INCIDENTS[/bold red] "
+            f"[dim]({len(incident_records)} most recent incident-flavoured commits)[/dim]"
+        )
+        for i, c in enumerate(incident_records, 1):
+            short = c.sha[:7]
+            date = str(c.authored_at.date())
+            subj = c.subject if len(c.subject) <= 70 else c.subject[:69] + "…"
+            console.print(
+                f"  {i}. [dim]{short}  {date}  {c.author_name}[/dim]\n"
+                f"     {subj}"
+            )
+        console.print()
+    else:
+        console.print(
+            "[dim]INCIDENTS: none found. No commit subject contains 'hotfix', "
+            "'incident', 'regression', etc.[/dim]\n"
+        )
+
+    console.print(
+        "[dim]→ whycode why <path>   to dig into the file behind any of these.[/dim]"
+    )
+
+
 def _sample_indices(total: int, max_samples: int) -> list[int]:
     """Pick at most ``max_samples`` indices spread across [0, total).
 
@@ -392,6 +564,19 @@ def scan(
         "--sample",
         help="Cap on tracked files to evaluate (for very large repos).",
     ),
+    scan_depth: int = typer.Option(
+        200,
+        "--scan-depth",
+        help=(
+            "Cap commits-per-file scanned (controls scan speed). "
+            "Use 0 for no cap (slow on large repos)."
+        ),
+    ),
+    no_ignore: bool = typer.Option(
+        False,
+        "--no-ignore",
+        help="Bypass the default-ignore list and scan everything (CHANGELOGs, lockfiles, vendored).",
+    ),
     repo: Path = typer.Option(
         Path("."), "--repo", help="Path inside the repo (defaults to cwd)."
     ),
@@ -404,16 +589,19 @@ def scan(
         raise typer.Exit(2) from exc
 
     raw = gf._run_git(repo_root, "ls-files")
-    paths = [line for line in raw.splitlines() if line.strip()][:sample]
+    all_paths = [line for line in raw.splitlines() if line.strip()]
+    patterns = () if no_ignore else ign.effective_patterns(repo_root)
+    paths = [p for p in all_paths if not ign.is_ignored(p, patterns)][:sample]
     if not paths:
         console.print("[yellow]no tracked files found[/yellow]")
         raise typer.Exit(0)
 
+    depth_cap = scan_depth if scan_depth > 0 else None
     cards: list[rc.RiskCard] = []
     with console.status(f"Scanning {len(paths)} files…", spinner="dots"):
         for p in paths:
             try:
-                card = rc.build(repo_root, p)
+                card = rc.build(repo_root, p, max_commits=depth_cap)
             except gf.GitError:
                 continue
             # Skip files whose only signal is NEWBORN — that's "not enough

{whycode_cli-0.2.1 → whycode_cli-0.2.3}/src/whycode/git_facts.py

@@ -268,17 +268,40 @@ def co_changes(
     repo_root: Path,
     commits: Sequence[Commit],
     target_path: str,
+    *,
+    max_count: int | None = None,
 ) -> Counter[str]:
-    """Count, across the given commits, how often other files changed alongside ``target_path``.
+    """Count, across the file's history, how often other files changed alongside ``target_path``.
 
-    The target file is excluded from the result.
+    Implemented as a single ``git log --no-walk --numstat`` call over the
+    pre-fetched SHA list, rather than one ``git show`` per commit. On a
+    200-commit file this drops the cost from 200 git invocations to 1 —
+    typically a 30-50x speedup for the coupling signal in ``scan``.
+
+    Note: we cannot just pass ``--follow -- <path>`` to a single log call,
+    because git limits the numstat output to the followed path itself in
+    that mode. So we depend on the caller having already resolved the
+    relevant SHAs (in ``commits``), then pass them via ``--no-walk``.
     """
+    del max_count  # depth was already applied when ``commits`` was built
+    if not commits:
+        return Counter()
+    shas = [c.sha for c in commits]
+    args = ["log", "--no-walk", "--numstat", "--format=%x1eCOMMIT"]
+    args.extend(shas)
+    raw = _run_git(repo_root, *args)
     counter: Counter[str] = Counter()
-    for commit in commits:
-        for change in files_changed_in(repo_root, commit.sha):
-            if change.path == target_path:
-                continue
-            counter[change.path] += 1
+    for line in raw.splitlines():
+        line = line.strip()
+        if not line or line.startswith(RECORD_SEP):
+            continue
+        parts = line.split("\t")
+        if len(parts) != 3:
+            continue
+        path = parts[2]
+        if path == target_path:
+            continue
+        counter[path] += 1
     return counter
 
 
@@ -443,7 +466,7 @@ def gather(
         repo_root=repo_root,
         path=path,
         commits=commits,
-        co_changed_files=co_changes(repo_root, commits, path),
+        co_changed_files=co_changes(repo_root, commits, path, max_count=max_commits),
         revert_pairs=find_revert_pairs(commits),
         incident_commits=find_incidents(commits),
         invariant_quotes=extract_invariant_quotes(commits),

whycode_cli-0.2.3/src/whycode/ignore.py

@@ -0,0 +1,114 @@
+"""Default ignore patterns for repo-wide scans.
+
+These are paths/files that almost always pollute risk analysis without
+adding signal: changelogs (touched on every release, so they look "tightly
+coupled to everything"), lockfiles (regenerated on every dependency bump),
+vendored third-party code, and machine-generated stubs.
+
+Users can extend this list with a ``.whycodeignore`` file at repo root,
+one ``fnmatch``-style pattern per line. Comments start with ``#``.
+"""
+
+from __future__ import annotations
+
+import fnmatch
+from collections.abc import Iterable
+from pathlib import Path
+
+DEFAULT_IGNORE_PATTERNS: tuple[str, ...] = (
+    # Changelogs / release-notes — touched every release, never the source of risk.
+    "CHANGELOG*",
+    "CHANGES*",
+    "HISTORY*",
+    "NEWS*",
+    "RELEASE_NOTES*",
+    # Lockfiles — regenerated on every dependency bump.
+    "*.lock",
+    "package-lock.json",
+    "yarn.lock",
+    "pnpm-lock.yaml",
+    "Cargo.lock",
+    "poetry.lock",
+    "uv.lock",
+    "Pipfile.lock",
+    "Gemfile.lock",
+    "composer.lock",
+    "go.sum",
+    # Generated stubs.
+    "*.pb.go",
+    "*.pb.py",
+    "*_pb2.py",
+    "*_pb2_grpc.py",
+    "*.generated.go",
+    "*.generated.ts",
+    "*.generated.js",
+    # Minified / bundled web assets.
+    "*.min.js",
+    "*.min.css",
+    "*.bundle.js",
+    # Vendored third-party trees.
+    "vendor/**",
+    "_vendor/**",
+    "third_party/**",
+    "third-party/**",
+    "node_modules/**",
+    "bower_components/**",
+    # Built docs.
+    "_build/**",
+    "site/**",
+    "docs/_build/**",
+    "docs/build/**",
+    # Common binary / data formats that aren't code.
+    "*.png",
+    "*.jpg",
+    "*.jpeg",
+    "*.gif",
+    "*.ico",
+    "*.svg",
+    "*.pdf",
+    "*.woff",
+    "*.woff2",
+    "*.ttf",
+    "*.otf",
+    "*.eot",
+)
+
+_USER_IGNORE_FILE = ".whycodeignore"
+
+
+def load_user_patterns(repo_root: Path) -> tuple[str, ...]:
+    """Read ``.whycodeignore`` if present. One pattern per line; ``#`` comments."""
+    target = repo_root / _USER_IGNORE_FILE
+    if not target.exists():
+        return ()
+    out: list[str] = []
+    for raw in target.read_text().splitlines():
+        line = raw.strip()
+        if not line or line.startswith("#"):
+            continue
+        out.append(line)
+    return tuple(out)
+
+
+def is_ignored(path: str, patterns: Iterable[str]) -> bool:
+    """True if ``path`` matches any pattern (``fnmatch`` semantics)."""
+    for pat in patterns:
+        if fnmatch.fnmatch(path, pat):
+            return True
+        # Also match basename for non-recursive patterns like ``CHANGELOG*``.
+        if "/" not in pat and "/" in path and fnmatch.fnmatch(path.rsplit("/", 1)[-1], pat):
+            return True
+    return False
+
+
+def effective_patterns(repo_root: Path) -> tuple[str, ...]:
+    """Combine the built-in defaults with the user's ``.whycodeignore``."""
+    return DEFAULT_IGNORE_PATTERNS + load_user_patterns(repo_root)
+
+
+__all__ = [
+    "DEFAULT_IGNORE_PATTERNS",
+    "effective_patterns",
+    "is_ignored",
+    "load_user_patterns",
+]

{whycode_cli-0.2.1 → whycode_cli-0.2.3}/src/whycode/risk_card.py

@@ -18,6 +18,7 @@ from rich.text import Text
 
 from whycode import git_facts as gf
 from whycode import signals as sig
+from whycode import suppressions as supp
 from whycode.scorer import Band, Score, score
 
 if TYPE_CHECKING:
@@ -73,9 +74,20 @@ def build(
     *,
     max_commits: int | None = None,
     ref: str | None = None,
+    apply_suppressions: bool = True,
 ) -> RiskCard:
+    """Build a Risk Card.
+
+    By default, signals matching the local ``.whycode/suppressed.json`` list
+    are dropped — that file is the user's "this signal is wrong, hide it"
+    feedback. Pass ``apply_suppressions=False`` to bypass it (useful for
+    debug or auditing what was hidden).
+    """
     facts = gf.gather(repo_root, path, max_commits=max_commits, ref=ref)
     signals = sig.all_signals(facts)
+    if apply_suppressions:
+        suppressions = supp.load(repo_root)
+        signals = supp.filter_signals(signals, suppressions, path)
     s = score(signals)
     head = facts.commits[0] if facts.commits else None
     return RiskCard(

whycode_cli-0.2.3/src/whycode/suppressions.py

@@ -0,0 +1,123 @@
+"""Local suppression list — the "this signal is wrong, hide it" feedback loop.
+
+Stored at ``<repo>/.whycode/suppressed.json``.  ``.whycode/`` is gitignored,
+so the list is per-developer and never travels with the repo.  This honours
+the privacy contract: no central DB, no telemetry, no cross-team sharing of
+"these signals are bogus" data.
+
+Schema (intentionally tiny — easy to hand-edit):
+
+    {
+      "suppressed": [
+        ["src/foo.py", "incident_history"],
+        ["src/bar.py", "ghost_keeper"]
+      ]
+    }
+
+Match is exact ``(path, kind)`` — no globs.  We can add patterns if real
+users ask for them; for now precision beats convenience.
+"""
+
+from __future__ import annotations
+
+import json
+from collections.abc import Iterable, Iterator
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import TYPE_CHECKING
+
+from whycode.signals import SignalKind
+
+if TYPE_CHECKING:
+    from whycode.signals import Signal
+
+_FILENAME = "suppressed.json"
+_DIRNAME = ".whycode"
+
+
+@dataclass
+class SuppressionList:
+    entries: list[tuple[str, str]] = field(default_factory=list)
+
+    def is_suppressed(self, path: str, kind: SignalKind) -> bool:
+        return (path, kind.value) in self.entries
+
+    def add(self, path: str, kind: SignalKind) -> bool:
+        """Idempotent. Returns True if a new entry was added."""
+        pair = (path, kind.value)
+        if pair in self.entries:
+            return False
+        self.entries.append(pair)
+        return True
+
+    def __iter__(self) -> Iterator[tuple[str, str]]:
+        return iter(self.entries)
+
+    def __len__(self) -> int:
+        return len(self.entries)
+
+
+def _path(repo_root: Path) -> Path:
+    return repo_root / _DIRNAME / _FILENAME
+
+
+def load(repo_root: Path) -> SuppressionList:
+    """Return the suppression list for ``repo_root``. Empty if no file exists."""
+    target = _path(repo_root)
+    if not target.exists():
+        return SuppressionList()
+    try:
+        raw = json.loads(target.read_text())
+    except (OSError, json.JSONDecodeError):
+        # A corrupt file should not stop ``whycode why`` from running.
+        # Treat as empty and let the user see what happened on next save.
+        return SuppressionList()
+    items = raw.get("suppressed", [])
+    out: list[tuple[str, str]] = []
+    for item in items:
+        if isinstance(item, list) and len(item) == 2:
+            out.append((str(item[0]), str(item[1])))
+    return SuppressionList(entries=out)
+
+
+def save(repo_root: Path, sl: SuppressionList) -> None:
+    target = _path(repo_root)
+    target.parent.mkdir(parents=True, exist_ok=True)
+    payload = {"suppressed": [list(pair) for pair in sl.entries]}
+    target.write_text(json.dumps(payload, indent=2) + "\n")
+
+
+def resolve_kind(token: str) -> SignalKind:
+    """Resolve a user-supplied kind name (or unique prefix) to a SignalKind.
+
+    Raises ValueError when the token is unknown or matches multiple kinds.
+    """
+    needle = token.lower().replace("-", "_").strip()
+    if not needle:
+        raise ValueError("empty signal kind")
+    matches = [k for k in SignalKind if needle in k.value]
+    if not matches:
+        raise ValueError(
+            f"unknown signal kind: {token!r}. "
+            f"Known: {', '.join(k.value for k in SignalKind)}"
+        )
+    if len(matches) > 1:
+        names = ", ".join(k.value for k in matches)
+        raise ValueError(f"ambiguous: {token!r} matches multiple kinds: {names}")
+    return matches[0]
+
+
+def filter_signals(
+    signals: Iterable[Signal], suppressions: SuppressionList, path: str
+) -> list[Signal]:
+    """Drop signals whose ``(path, kind)`` is in the suppression list."""
+    return [s for s in signals if not suppressions.is_suppressed(path, s.kind)]
+
+
+__all__ = [
+    "SuppressionList",
+    "filter_signals",
+    "load",
+    "resolve_kind",
+    "save",
+]

{whycode_cli-0.2.1 → whycode_cli-0.2.3/src/whycode_cli.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: whycode-cli
-Version: 0.2.1
+Version: 0.2.3
 Summary: Tells you what to be afraid of before you touch a file.
 Author: Kevin
 License-Expression: MIT
@@ -88,9 +88,11 @@ Requires Python 3.11+.
 cd /path/to/your/repo
 
 whycode init                        # one-command setup: CI workflow + pre-commit gate
+whycode highlights                  # first-run treasure map: top decisions + incidents
 whycode why src/some/file.py        # the Risk Card for one file
 whycode why src/some/file.py -b     # one-line summary (for triage / scripts)
-whycode why src/some/file.py --at <sha>  # what did this file's risk look like as of <sha>?
+whycode why src/some/file.py --at <sha>     # risk as of a past commit
+whycode why src/some/file.py --mute <kind>  # local "this signal is wrong, hide it" feedback
 whycode diff                        # rank everything you changed vs origin/main
 whycode diff --staged               # ditto, for files staged for commit
 whycode diff --fail-on history      # CI gate: exit 1 if any file is ≥ READ HISTORY FIRST

{whycode_cli-0.2.1 → whycode_cli-0.2.3}/src/whycode_cli.egg-info/SOURCES.txt

@@ -5,10 +5,12 @@ src/whycode/__init__.py
 src/whycode/__main__.py
 src/whycode/cli.py
 src/whycode/git_facts.py
+src/whycode/ignore.py
 src/whycode/mcp_server.py
 src/whycode/risk_card.py
 src/whycode/scorer.py
 src/whycode/signals.py
+src/whycode/suppressions.py
 src/whycode/templates/__init__.py
 src/whycode/templates/github-workflow.yml
 src/whycode/templates/pre-commit
@@ -20,5 +22,7 @@ src/whycode_cli.egg-info/requires.txt
 src/whycode_cli.egg-info/top_level.txt
 tests/test_cli.py
 tests/test_git_facts.py
+tests/test_ignore.py
 tests/test_scorer.py
-tests/test_signals.py
+tests/test_signals.py
+tests/test_suppressions.py

{whycode_cli-0.2.1 → whycode_cli-0.2.3}/tests/test_cli.py

@@ -377,6 +377,150 @@ def test_honest_silent_when_no_invariants(repo, days_ago) -> None:  # type: igno
     assert "no invariants" in result.output.lower()
 
 
+def test_highlights_surfaces_invariants_and_incidents(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    repo.commit(
+        "compat: keep sync path",
+        {"a.py": "1"},
+        body="Do not switch to async — v1 clients break.",
+        when=days_ago(60),
+    )
+    repo.commit(
+        "hotfix: refund regression",
+        {"b.py": "1"},
+        body="See INC-447 for context.",
+        when=days_ago(20),
+    )
+    result = _invoke(repo.root, "highlights")
+    assert result.exit_code == 0
+    out = result.output
+    assert "INVARIANTS" in out
+    assert "Do not switch to async" in out
+    assert "INCIDENTS" in out
+    assert "hotfix: refund regression" in out
+
+
+def test_highlights_json_output(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    repo.commit(
+        "compat: keep sync",
+        {"a.py": "1"},
+        body="Important: legacy header must stay.",
+        when=days_ago(30),
+    )
+    result = _invoke(repo.root, "highlights", "--json")
+    assert result.exit_code == 0
+    data = json.loads(result.output)
+    assert "invariants" in data
+    assert "incidents" in data
+    assert any("legacy header" in inv["line"] for inv in data["invariants"])
+
+
+def test_highlights_quiet_repo_does_not_error(repo) -> None:  # type: ignore[no-untyped-def]
+    repo.commit("init: nothing here", {"a.py": "1"})
+    result = _invoke(repo.root, "highlights")
+    assert result.exit_code == 0
+    out = result.output.lower()
+    assert "none found" in out
+
+
+def test_why_mute_writes_suppression_and_hides_signal(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    repo.commit(
+        "init",
+        {"refund.py": "1"},
+        when=days_ago(60),
+    )
+    repo.commit(
+        "hotfix: regression",
+        {"refund.py": "2"},
+        body="See #INC-42",
+        when=days_ago(10),
+    )
+    # First call: incident_history fires.
+    before = _invoke(repo.root, "why", "refund.py", "--json")
+    data_before = json.loads(before.output)
+    assert any(s["kind"] == "incident_history" for s in data_before["signals"])
+
+    # Mute it.
+    muted = _invoke(repo.root, "why", "refund.py", "--mute", "incident", "--json")
+    assert muted.exit_code == 0
+    data_muted = json.loads(muted.output)
+    assert all(s["kind"] != "incident_history" for s in data_muted["signals"])
+    # File now exists on disk.
+    assert (repo.root / ".whycode" / "suppressed.json").exists()
+
+    # Subsequent run: still hidden (persistence).
+    again = _invoke(repo.root, "why", "refund.py", "--json")
+    data_again = json.loads(again.output)
+    assert all(s["kind"] != "incident_history" for s in data_again["signals"])
+
+    # --no-mutes brings it back without removing from the file.
+    bypass = _invoke(repo.root, "why", "refund.py", "--no-mutes", "--json")
+    data_bypass = json.loads(bypass.output)
+    assert any(s["kind"] == "incident_history" for s in data_bypass["signals"])
+
+
+def test_why_mute_unknown_kind_errors(repo) -> None:  # type: ignore[no-untyped-def]
+    repo.commit("init", {"a.py": "1"})
+    result = _invoke(repo.root, "why", "a.py", "--mute", "nonsense")
+    assert result.exit_code != 0
+    assert "unknown signal kind" in result.output.lower()
+
+
+def test_scan_skips_default_ignored_paths_by_default(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    """CHANGELOG and lockfiles must not appear in scan output by default."""
+    sha = repo.commit(
+        "init",
+        {"CHANGELOG.md": "v1", "package-lock.json": "{}", "src/app.py": "x"},
+        when=days_ago(60),
+    )
+    repo.revert(sha, when=days_ago(50))
+    repo.commit(
+        "release: 1.1",
+        {"CHANGELOG.md": "v2", "src/app.py": "y"},
+        when=days_ago(20),
+    )
+    result = _invoke(repo.root, "scan", "--top", "10")
+    assert result.exit_code == 0
+    out = result.output
+    # CHANGELOG and lockfile must not appear in the table.
+    assert "CHANGELOG" not in out
+    assert "package-lock.json" not in out
+
+
+def test_scan_no_ignore_brings_them_back(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    repo.commit(
+        "init",
+        {"CHANGELOG.md": "v1", "src/app.py": "x"},
+        when=days_ago(60),
+    )
+    sha = repo.commit(
+        "feat: A",
+        {"CHANGELOG.md": "v2", "src/app.py": "y"},
+        when=days_ago(40),
+    )
+    repo.revert(sha, when=days_ago(20))  # safe to revert: files still exist after
+    default_run = _invoke(repo.root, "scan", "--top", "10")
+    permissive_run = _invoke(repo.root, "scan", "--top", "10", "--no-ignore")
+    assert default_run.exit_code == 0
+    assert permissive_run.exit_code == 0
+    # CHANGELOG was hidden from the default run by the ignore list…
+    assert "CHANGELOG" not in default_run.output
+    # …but is at least reachable when --no-ignore is on.
+    assert "CHANGELOG" in permissive_run.output or "src/app.py" in permissive_run.output
+
+
+def test_scan_respects_user_whycodeignore(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    (repo.root / ".whycodeignore").write_text("internal/legacy.py\n")
+    sha = repo.commit(
+        "init",
+        {"internal/legacy.py": "1", "src/app.py": "x"},
+        when=days_ago(60),
+    )
+    repo.revert(sha, when=days_ago(50))
+    result = _invoke(repo.root, "scan", "--top", "10")
+    assert result.exit_code == 0
+    assert "internal/legacy.py" not in result.output
+
+
 def test_mcp_summary_field_present_in_json(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
     """Verify the MCP server includes a quotable summary string in get_risk_profile."""
     sha = repo.commit("feat: A", {"a.py": "1"}, when=days_ago(40))

whycode_cli-0.2.3/tests/test_ignore.py

@@ -0,0 +1,73 @@
+"""Tests for the ignore-pattern matcher."""
+
+from __future__ import annotations
+
+from whycode.ignore import (
+    DEFAULT_IGNORE_PATTERNS,
+    effective_patterns,
+    is_ignored,
+    load_user_patterns,
+)
+
+
+def test_default_patterns_match_changelog() -> None:
+    assert is_ignored("CHANGELOG.md", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("CHANGES.rst", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("HISTORY.txt", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("RELEASE_NOTES.md", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_default_patterns_match_lockfiles() -> None:
+    assert is_ignored("package-lock.json", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("yarn.lock", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("Cargo.lock", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("uv.lock", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_default_patterns_match_vendored_dirs() -> None:
+    assert is_ignored("node_modules/foo/index.js", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("vendor/github.com/foo/bar.go", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("third_party/x/y.cc", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_default_patterns_match_generated_stubs() -> None:
+    assert is_ignored("api_pb2.py", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("foo.pb.go", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("schema.generated.ts", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_default_patterns_do_not_match_normal_code() -> None:
+    assert not is_ignored("src/whycode/cli.py", DEFAULT_IGNORE_PATTERNS)
+    assert not is_ignored("README.md", DEFAULT_IGNORE_PATTERNS)
+    assert not is_ignored("tests/test_cli.py", DEFAULT_IGNORE_PATTERNS)
+    assert not is_ignored("Makefile", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_basename_match_for_root_pattern_in_subdir() -> None:
+    # `CHANGELOG*` should match `docs/CHANGELOG.md` even though the pattern has no slash.
+    assert is_ignored("docs/CHANGELOG.md", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("packages/foo/CHANGES.rst", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_user_patterns_loaded(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    (tmp_path / ".whycodeignore").write_text(
+        "# this is a comment\n"
+        "*.proto\n"
+        "scripts/\n"
+        "\n"  # blank line
+        "internal/legacy.py\n"
+    )
+    patterns = load_user_patterns(tmp_path)
+    assert patterns == ("*.proto", "scripts/", "internal/legacy.py")
+
+
+def test_user_patterns_empty_when_no_file(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    assert load_user_patterns(tmp_path) == ()
+
+
+def test_effective_patterns_combines_defaults_and_user(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    (tmp_path / ".whycodeignore").write_text("internal/legacy.py\n")
+    eff = effective_patterns(tmp_path)
+    assert "internal/legacy.py" in eff
+    assert "*.lock" in eff  # default still present
+    assert is_ignored("internal/legacy.py", eff)

whycode_cli-0.2.3/tests/test_suppressions.py

@@ -0,0 +1,96 @@
+"""Tests for the local suppression list."""
+
+from __future__ import annotations
+
+import json
+
+import pytest
+
+from whycode import suppressions as sup
+from whycode.signals import SignalKind
+
+
+def test_empty_when_no_file(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    sl = sup.load(tmp_path)
+    assert len(sl) == 0
+    assert not sl.is_suppressed("foo.py", SignalKind.NEWBORN)
+
+
+def test_add_save_load_roundtrip(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    sl = sup.load(tmp_path)
+    assert sl.add("src/a.py", SignalKind.INCIDENT_HISTORY) is True
+    assert sl.add("src/a.py", SignalKind.INCIDENT_HISTORY) is False  # idempotent
+    sl.add("src/b.py", SignalKind.GHOST_KEEPER)
+    sup.save(tmp_path, sl)
+
+    reloaded = sup.load(tmp_path)
+    assert reloaded.is_suppressed("src/a.py", SignalKind.INCIDENT_HISTORY)
+    assert reloaded.is_suppressed("src/b.py", SignalKind.GHOST_KEEPER)
+    assert not reloaded.is_suppressed("src/a.py", SignalKind.GHOST_KEEPER)
+    assert not reloaded.is_suppressed("src/c.py", SignalKind.INCIDENT_HISTORY)
+
+
+def test_corrupt_file_treated_as_empty(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    target = tmp_path / ".whycode" / "suppressed.json"
+    target.parent.mkdir()
+    target.write_text("not json {")
+    sl = sup.load(tmp_path)
+    assert len(sl) == 0  # graceful degradation
+
+
+def test_save_creates_directory(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    sl = sup.SuppressionList()
+    sl.add("a.py", SignalKind.SILENCE)
+    sup.save(tmp_path, sl)
+    assert (tmp_path / ".whycode" / "suppressed.json").exists()
+    payload = json.loads((tmp_path / ".whycode" / "suppressed.json").read_text())
+    assert payload == {"suppressed": [["a.py", "silence"]]}
+
+
+def test_resolve_kind_exact_match() -> None:
+    assert sup.resolve_kind("incident_history") is SignalKind.INCIDENT_HISTORY
+
+
+def test_resolve_kind_prefix_match() -> None:
+    assert sup.resolve_kind("revert") is SignalKind.REVERT_CHAIN
+    assert sup.resolve_kind("ghost") is SignalKind.GHOST_KEEPER
+    assert sup.resolve_kind("invariant") is SignalKind.INVARIANT_QUOTE
+
+
+def test_resolve_kind_dash_normalised() -> None:
+    assert sup.resolve_kind("incident-history") is SignalKind.INCIDENT_HISTORY
+
+
+def test_resolve_kind_unknown_raises() -> None:
+    with pytest.raises(ValueError, match="unknown signal kind"):
+        sup.resolve_kind("nonsense")
+
+
+def test_resolve_kind_empty_raises() -> None:
+    with pytest.raises(ValueError, match="empty"):
+        sup.resolve_kind("")
+
+
+def test_filter_signals_drops_suppressed() -> None:
+    from whycode.signals import Signal
+
+    sigs = [
+        Signal(kind=SignalKind.INCIDENT_HISTORY, severity=3, headline="x", detail="x"),
+        Signal(kind=SignalKind.SILENCE, severity=2, headline="y", detail="y"),
+    ]
+    sl = sup.SuppressionList()
+    sl.add("foo.py", SignalKind.INCIDENT_HISTORY)
+    out = sup.filter_signals(sigs, sl, "foo.py")
+    assert len(out) == 1
+    assert out[0].kind is SignalKind.SILENCE
+
+
+def test_filter_signals_path_specific() -> None:
+    from whycode.signals import Signal
+
+    sigs = [Signal(kind=SignalKind.INCIDENT_HISTORY, severity=3, headline="x", detail="x")]
+    sl = sup.SuppressionList()
+    sl.add("other.py", SignalKind.INCIDENT_HISTORY)
+    # Suppression is for other.py — must not affect foo.py.
+    out = sup.filter_signals(sigs, sl, "foo.py")
+    assert len(out) == 1