whycode-cli 0.2.2__tar.gz → 0.2.4__tar.gz

{whycode_cli-0.2.2/src/whycode_cli.egg-info → whycode_cli-0.2.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: whycode-cli
-Version: 0.2.2
+Version: 0.2.4
 Summary: Tells you what to be afraid of before you touch a file.
 Author: Kevin
 License-Expression: MIT

{whycode_cli-0.2.2 → whycode_cli-0.2.4}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "whycode-cli"
-version = "0.2.2"
+version = "0.2.4"
 description = "Tells you what to be afraid of before you touch a file."
 readme = "README.md"
 license = "MIT"

{whycode_cli-0.2.2 → whycode_cli-0.2.4}/src/whycode/__init__.py

@@ -1,3 +1,3 @@
 """WhyCode — tells you what to be afraid of before touching a file."""
 
-__version__ = "0.2.2"
+__version__ = "0.2.4"

{whycode_cli-0.2.2 → whycode_cli-0.2.4}/src/whycode/cli.py

@@ -29,6 +29,7 @@ from rich.table import Table
 
 from whycode import __version__
 from whycode import git_facts as gf
+from whycode import ignore as ign
 from whycode import risk_card as rc
 from whycode import signals as sig
 from whycode import suppressions as supp
@@ -70,12 +71,29 @@ def _path_is_known_to_git(repo_root: Path, rel: str) -> bool:
     if gf.is_tracked(repo_root, rel):
         return True
     try:
-        out = gf._run_git(repo_root, "log", "--oneline", "-1", "--all", "--", rel)
+        out = gf.run_git(repo_root, "log", "--oneline", "-1", "--all", "--", rel)
     except gf.GitError:
         return False
     return bool(out.strip())
 
 
+def _require_tracked(path_arg: str) -> tuple[Path, str]:
+    """Resolve ``path_arg`` to ``(repo_root, rel)`` or exit with a friendly warning.
+
+    Used by every command that takes a path argument and needs git history
+    to be useful (``why``, ``timeline``, ``honest``). Combines the two earlier
+    helpers so callers don't repeat the warn-and-exit boilerplate.
+    """
+    repo_root, rel = _resolve_repo_and_path(path_arg)
+    if not _path_is_known_to_git(repo_root, rel):
+        err.print(
+            f"[yellow]warning:[/yellow] [bold]{rel}[/bold] is not tracked by git "
+            f"and has no history in this repo. Nothing to learn from."
+        )
+        raise typer.Exit(1)
+    return repo_root, rel
+
+
 # --- shared: band threshold parsing ----------------------------------------
 
 _BAND_THRESHOLDS_BY_KEY: dict[str, int] = {
@@ -141,17 +159,11 @@ def why(
     ),
 ) -> None:
     """Print the Risk Card for ``path``."""
-    repo_root, rel = _resolve_repo_and_path(path)
-    if not _path_is_known_to_git(repo_root, rel):
-        err.print(
-            f"[yellow]warning:[/yellow] [bold]{rel}[/bold] is not tracked by git "
-            f"and has no history in this repo. Nothing to learn from."
-        )
-        raise typer.Exit(1)
+    repo_root, rel = _require_tracked(path)
     resolved_ref: str | None = None
     if at is not None:
         try:
-            resolved_ref = gf._run_git(
+            resolved_ref = gf.run_git(
                 repo_root, "rev-parse", "--verify", f"{at}^{{commit}}"
             ).strip()
         except gf.GitError:
@@ -201,7 +213,7 @@ def _resolve_base_ref(repo_root: Path, requested: str | None) -> str:
     candidates = ("origin/main", "origin/master", "main", "master", "HEAD~1")
     for ref in candidates:
         try:
-            gf._run_git(repo_root, "rev-parse", "--verify", "--quiet", f"{ref}^{{commit}}")
+            gf.run_git(repo_root, "rev-parse", "--verify", "--quiet", f"{ref}^{{commit}}")
             return ref
         except gf.GitError:
             continue
@@ -240,13 +252,13 @@ def diff(
     try:
         repo_root = gf.discover_repo_root(repo.resolve())
         if staged:
-            raw = gf._run_git(
+            raw = gf.run_git(
                 repo_root, "diff", "--cached", "--name-only", "--diff-filter=ACMR"
             )
             actual_base = "(staged changes)"
         else:
             actual_base = _resolve_base_ref(repo_root, base)
-            raw = gf._run_git(repo_root, "diff", "--name-only", f"{actual_base}...HEAD")
+            raw = gf.run_git(repo_root, "diff", "--name-only", f"{actual_base}...HEAD")
     except gf.GitError as exc:
         err.print(f"[red]error:[/red] {exc}")
         raise typer.Exit(2) from exc
@@ -482,13 +494,7 @@ def timeline(
     ),
 ) -> None:
     """Show how this file's risk score evolved over its history."""
-    repo_root, rel = _resolve_repo_and_path(path)
-    if not _path_is_known_to_git(repo_root, rel):
-        err.print(
-            f"[yellow]warning:[/yellow] [bold]{rel}[/bold] is not tracked by git "
-            f"and has no history in this repo."
-        )
-        raise typer.Exit(1)
+    repo_root, rel = _require_tracked(path)
 
     commits = gf.commits_for_path(repo_root, rel)
     if not commits:
@@ -563,6 +569,19 @@ def scan(
         "--sample",
         help="Cap on tracked files to evaluate (for very large repos).",
     ),
+    scan_depth: int = typer.Option(
+        200,
+        "--scan-depth",
+        help=(
+            "Cap commits-per-file scanned (controls scan speed). "
+            "Use 0 for no cap (slow on large repos)."
+        ),
+    ),
+    no_ignore: bool = typer.Option(
+        False,
+        "--no-ignore",
+        help="Bypass the default-ignore list and scan everything (CHANGELOGs, lockfiles, vendored).",
+    ),
     repo: Path = typer.Option(
         Path("."), "--repo", help="Path inside the repo (defaults to cwd)."
     ),
@@ -574,17 +593,20 @@ def scan(
         err.print(f"[red]error:[/red] {exc}")
         raise typer.Exit(2) from exc
 
-    raw = gf._run_git(repo_root, "ls-files")
-    paths = [line for line in raw.splitlines() if line.strip()][:sample]
+    raw = gf.run_git(repo_root, "ls-files")
+    all_paths = [line for line in raw.splitlines() if line.strip()]
+    patterns = () if no_ignore else ign.effective_patterns(repo_root)
+    paths = [p for p in all_paths if not ign.is_ignored(p, patterns)][:sample]
     if not paths:
         console.print("[yellow]no tracked files found[/yellow]")
         raise typer.Exit(0)
 
+    depth_cap = scan_depth if scan_depth > 0 else None
     cards: list[rc.RiskCard] = []
     with console.status(f"Scanning {len(paths)} files…", spinner="dots"):
         for p in paths:
             try:
-                card = rc.build(repo_root, p)
+                card = rc.build(repo_root, p, max_commits=depth_cap)
             except gf.GitError:
                 continue
             # Skip files whose only signal is NEWBORN — that's "not enough
@@ -631,13 +653,7 @@ def honest(
     Use when the Risk Card's first-sentence truncation is hiding important
     context — e.g., a commit whose constraint is stated across two lines.
     """
-    repo_root, rel = _resolve_repo_and_path(path)
-    if not _path_is_known_to_git(repo_root, rel):
-        err.print(
-            f"[yellow]warning:[/yellow] [bold]{rel}[/bold] is not tracked by git "
-            f"and has no history in this repo."
-        )
-        raise typer.Exit(1)
+    repo_root, rel = _require_tracked(path)
     facts = gf.gather(repo_root, rel)
     if not facts.invariant_quotes:
         if json_out:
@@ -699,24 +715,18 @@ def show(
     """Risk-flavored summary for a single commit: classification + per-file risk."""
     try:
         repo_root = gf.discover_repo_root(repo.resolve())
-        full_sha = gf._run_git(repo_root, "rev-parse", "--verify", f"{sha}^{{commit}}").strip()
     except gf.GitError as exc:
         err.print(f"[red]error:[/red] {exc}")
         raise typer.Exit(2) from exc
 
-    raw = gf._run_git(
-        repo_root, "log", "-1", "--no-merges", f"--pretty=format:{gf._log_format()}", full_sha
-    )
-    commits = gf._parse_log_records(raw)
-    if not commits:
-        err.print(f"[red]error:[/red] could not read commit {full_sha}")
+    commit = gf.read_commit(repo_root, sha)
+    if commit is None:
+        err.print(f"[red]error:[/red] could not read commit {sha!r}")
         raise typer.Exit(2)
-    commit = commits[0]
+    full_sha = commit.sha
 
-    is_incident = bool(
-        gf._INCIDENT_RE.search(commit.subject + "\n" + commit.body)
-        or gf._BREAKING_CC_RE.search(commit.subject)
-    )
+    classification = gf.classify_commit(commit)
+    is_incident = classification.incident_flavoured
     invariants = gf.extract_invariant_quotes([commit])
     file_changes = gf.files_changed_in(repo_root, full_sha)
 
@@ -751,14 +761,14 @@ def show(
     )
     console.print(f"  {commit.subject}")
     console.print()
-    classification = []
+    badges: list[str] = []
     if is_incident:
-        classification.append("[bold red]incident-flavored[/bold red]")
+        badges.append("[bold red]incident-flavored[/bold red]")
     if invariants:
-        classification.append(f"[yellow]states {len(invariants)} invariant(s)[/yellow]")
-    if not classification:
-        classification.append("[dim]no special classification[/dim]")
-    console.print("  " + "   ".join(classification))
+        badges.append(f"[yellow]states {len(invariants)} invariant(s)[/yellow]")
+    if not badges:
+        badges.append("[dim]no special classification[/dim]")
+    console.print("  " + "   ".join(badges))
     console.print(f"  [dim]{len(file_changes)} files changed[/dim]")
 
     if not cards:

{whycode_cli-0.2.2 → whycode_cli-0.2.4}/src/whycode/git_facts.py

@@ -129,8 +129,13 @@ class GitError(RuntimeError):
     """Raised when a git invocation fails or produces unexpected output."""
 
 
-def _run_git(repo_root: Path, *args: str) -> str:
-    """Invoke git, return stdout. Raises GitError on non-zero exit."""
+def run_git(repo_root: Path, *args: str) -> str:
+    """Invoke ``git -C <repo_root> <args>`` and return stdout.
+
+    Public API: callers (CLI, MCP server) use this to run git commands
+    that aren't already wrapped in a higher-level helper here. Raises
+    :class:`GitError` on non-zero exit or when ``git`` itself is missing.
+    """
     cmd = ["git", "-C", str(repo_root), *args]
     try:
         proc = subprocess.run(
@@ -150,6 +155,10 @@ def _run_git(repo_root: Path, *args: str) -> str:
     return proc.stdout
 
 
+# Back-compat alias. Prefer ``run_git`` in new code.
+_run_git = run_git
+
+
 def discover_repo_root(start: Path) -> Path:
     """Find the enclosing git repo root for ``start``."""
     out = _run_git(start, "rev-parse", "--show-toplevel").strip()
@@ -240,6 +249,25 @@ def all_commits(repo_root: Path, *, max_count: int | None = None) -> list[Commit
     return _parse_log_records(raw)
 
 
+def read_commit(repo_root: Path, ref: str) -> Commit | None:
+    """Resolve ``ref`` (SHA, tag, branch, ``HEAD~3`` …) to a single ``Commit``.
+
+    Returns ``None`` when the ref doesn't exist or doesn't resolve to a
+    commit. Used by ``whycode show <sha>`` and similar single-commit views.
+    """
+    try:
+        full_sha = run_git(
+            repo_root, "rev-parse", "--verify", f"{ref}^{{commit}}"
+        ).strip()
+    except GitError:
+        return None
+    raw = run_git(
+        repo_root, "log", "-1", "--no-merges", f"--pretty=format:{_log_format()}", full_sha
+    )
+    parsed = _parse_log_records(raw)
+    return parsed[0] if parsed else None
+
+
 def files_changed_in(repo_root: Path, sha: str) -> list[FileChange]:
     """Return the list of files (with diffstat) changed in ``sha``."""
     raw = _run_git(
@@ -268,17 +296,40 @@ def co_changes(
     repo_root: Path,
     commits: Sequence[Commit],
     target_path: str,
+    *,
+    max_count: int | None = None,
 ) -> Counter[str]:
-    """Count, across the given commits, how often other files changed alongside ``target_path``.
+    """Count, across the file's history, how often other files changed alongside ``target_path``.
+
+    Implemented as a single ``git log --no-walk --numstat`` call over the
+    pre-fetched SHA list, rather than one ``git show`` per commit. On a
+    200-commit file this drops the cost from 200 git invocations to 1 —
+    typically a 30-50x speedup for the coupling signal in ``scan``.
 
-    The target file is excluded from the result.
+    Note: we cannot just pass ``--follow -- <path>`` to a single log call,
+    because git limits the numstat output to the followed path itself in
+    that mode. So we depend on the caller having already resolved the
+    relevant SHAs (in ``commits``), then pass them via ``--no-walk``.
     """
+    del max_count  # depth was already applied when ``commits`` was built
+    if not commits:
+        return Counter()
+    shas = [c.sha for c in commits]
+    args = ["log", "--no-walk", "--numstat", "--format=%x1eCOMMIT"]
+    args.extend(shas)
+    raw = _run_git(repo_root, *args)
     counter: Counter[str] = Counter()
-    for commit in commits:
-        for change in files_changed_in(repo_root, commit.sha):
-            if change.path == target_path:
-                continue
-            counter[change.path] += 1
+    for line in raw.splitlines():
+        line = line.strip()
+        if not line or line.startswith(RECORD_SEP):
+            continue
+        parts = line.split("\t")
+        if len(parts) != 3:
+            continue
+        path = parts[2]
+        if path == target_path:
+            continue
+        counter[path] += 1
     return counter
 
 
@@ -336,6 +387,26 @@ def find_incidents(commits: Sequence[Commit]) -> list[Commit]:
     return out
 
 
+@dataclass(frozen=True)
+class CommitClassification:
+    """Light-weight summary of what kind of work a single commit represents."""
+
+    incident_flavoured: bool
+    invariant_count: int
+
+
+def classify_commit(commit: Commit) -> CommitClassification:
+    """Classify a single commit by reusing the same rules ``find_incidents`` and
+    ``extract_invariant_quotes`` apply to a list. Public API for ``whycode show``
+    and any other surface that wants a single-commit verdict without
+    re-implementing the regex ladder.
+    """
+    return CommitClassification(
+        incident_flavoured=bool(find_incidents([commit])),
+        invariant_count=len(extract_invariant_quotes([commit])),
+    )
+
+
 # Straight, backtick, and the four common Unicode "smart" quote code points.
 # We build the string from chr() calls because ruff's RUF001 ambiguous-char
 # check rejects the literal Unicode quotes inline.
@@ -443,7 +514,7 @@ def gather(
         repo_root=repo_root,
         path=path,
         commits=commits,
-        co_changed_files=co_changes(repo_root, commits, path),
+        co_changed_files=co_changes(repo_root, commits, path, max_count=max_commits),
         revert_pairs=find_revert_pairs(commits),
         incident_commits=find_incidents(commits),
         invariant_quotes=extract_invariant_quotes(commits),

whycode_cli-0.2.4/src/whycode/ignore.py

@@ -0,0 +1,114 @@
+"""Default ignore patterns for repo-wide scans.
+
+These are paths/files that almost always pollute risk analysis without
+adding signal: changelogs (touched on every release, so they look "tightly
+coupled to everything"), lockfiles (regenerated on every dependency bump),
+vendored third-party code, and machine-generated stubs.
+
+Users can extend this list with a ``.whycodeignore`` file at repo root,
+one ``fnmatch``-style pattern per line. Comments start with ``#``.
+"""
+
+from __future__ import annotations
+
+import fnmatch
+from collections.abc import Iterable
+from pathlib import Path
+
+DEFAULT_IGNORE_PATTERNS: tuple[str, ...] = (
+    # Changelogs / release-notes — touched every release, never the source of risk.
+    "CHANGELOG*",
+    "CHANGES*",
+    "HISTORY*",
+    "NEWS*",
+    "RELEASE_NOTES*",
+    # Lockfiles — regenerated on every dependency bump.
+    "*.lock",
+    "package-lock.json",
+    "yarn.lock",
+    "pnpm-lock.yaml",
+    "Cargo.lock",
+    "poetry.lock",
+    "uv.lock",
+    "Pipfile.lock",
+    "Gemfile.lock",
+    "composer.lock",
+    "go.sum",
+    # Generated stubs.
+    "*.pb.go",
+    "*.pb.py",
+    "*_pb2.py",
+    "*_pb2_grpc.py",
+    "*.generated.go",
+    "*.generated.ts",
+    "*.generated.js",
+    # Minified / bundled web assets.
+    "*.min.js",
+    "*.min.css",
+    "*.bundle.js",
+    # Vendored third-party trees.
+    "vendor/**",
+    "_vendor/**",
+    "third_party/**",
+    "third-party/**",
+    "node_modules/**",
+    "bower_components/**",
+    # Built docs.
+    "_build/**",
+    "site/**",
+    "docs/_build/**",
+    "docs/build/**",
+    # Common binary / data formats that aren't code.
+    "*.png",
+    "*.jpg",
+    "*.jpeg",
+    "*.gif",
+    "*.ico",
+    "*.svg",
+    "*.pdf",
+    "*.woff",
+    "*.woff2",
+    "*.ttf",
+    "*.otf",
+    "*.eot",
+)
+
+_USER_IGNORE_FILE = ".whycodeignore"
+
+
+def load_user_patterns(repo_root: Path) -> tuple[str, ...]:
+    """Read ``.whycodeignore`` if present. One pattern per line; ``#`` comments."""
+    target = repo_root / _USER_IGNORE_FILE
+    if not target.exists():
+        return ()
+    out: list[str] = []
+    for raw in target.read_text().splitlines():
+        line = raw.strip()
+        if not line or line.startswith("#"):
+            continue
+        out.append(line)
+    return tuple(out)
+
+
+def is_ignored(path: str, patterns: Iterable[str]) -> bool:
+    """True if ``path`` matches any pattern (``fnmatch`` semantics)."""
+    for pat in patterns:
+        if fnmatch.fnmatch(path, pat):
+            return True
+        # Also match basename for non-recursive patterns like ``CHANGELOG*``.
+        if "/" not in pat and "/" in path and fnmatch.fnmatch(path.rsplit("/", 1)[-1], pat):
+            return True
+    return False
+
+
+def effective_patterns(repo_root: Path) -> tuple[str, ...]:
+    """Combine the built-in defaults with the user's ``.whycodeignore``."""
+    return DEFAULT_IGNORE_PATTERNS + load_user_patterns(repo_root)
+
+
+__all__ = [
+    "DEFAULT_IGNORE_PATTERNS",
+    "effective_patterns",
+    "is_ignored",
+    "load_user_patterns",
+]

{whycode_cli-0.2.2 → whycode_cli-0.2.4/src/whycode_cli.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: whycode-cli
-Version: 0.2.2
+Version: 0.2.4
 Summary: Tells you what to be afraid of before you touch a file.
 Author: Kevin
 License-Expression: MIT

{whycode_cli-0.2.2 → whycode_cli-0.2.4}/src/whycode_cli.egg-info/SOURCES.txt

@@ -5,6 +5,7 @@ src/whycode/__init__.py
 src/whycode/__main__.py
 src/whycode/cli.py
 src/whycode/git_facts.py
+src/whycode/ignore.py
 src/whycode/mcp_server.py
 src/whycode/risk_card.py
 src/whycode/scorer.py
@@ -21,6 +22,7 @@ src/whycode_cli.egg-info/requires.txt
 src/whycode_cli.egg-info/top_level.txt
 tests/test_cli.py
 tests/test_git_facts.py
+tests/test_ignore.py
 tests/test_scorer.py
 tests/test_signals.py
 tests/test_suppressions.py

{whycode_cli-0.2.2 → whycode_cli-0.2.4}/tests/test_cli.py

@@ -465,6 +465,62 @@ def test_why_mute_unknown_kind_errors(repo) -> None:  # type: ignore[no-untyped-
     assert "unknown signal kind" in result.output.lower()
 
 
+def test_scan_skips_default_ignored_paths_by_default(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    """CHANGELOG and lockfiles must not appear in scan output by default."""
+    sha = repo.commit(
+        "init",
+        {"CHANGELOG.md": "v1", "package-lock.json": "{}", "src/app.py": "x"},
+        when=days_ago(60),
+    )
+    repo.revert(sha, when=days_ago(50))
+    repo.commit(
+        "release: 1.1",
+        {"CHANGELOG.md": "v2", "src/app.py": "y"},
+        when=days_ago(20),
+    )
+    result = _invoke(repo.root, "scan", "--top", "10")
+    assert result.exit_code == 0
+    out = result.output
+    # CHANGELOG and lockfile must not appear in the table.
+    assert "CHANGELOG" not in out
+    assert "package-lock.json" not in out
+
+
+def test_scan_no_ignore_brings_them_back(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    repo.commit(
+        "init",
+        {"CHANGELOG.md": "v1", "src/app.py": "x"},
+        when=days_ago(60),
+    )
+    sha = repo.commit(
+        "feat: A",
+        {"CHANGELOG.md": "v2", "src/app.py": "y"},
+        when=days_ago(40),
+    )
+    repo.revert(sha, when=days_ago(20))  # safe to revert: files still exist after
+    default_run = _invoke(repo.root, "scan", "--top", "10")
+    permissive_run = _invoke(repo.root, "scan", "--top", "10", "--no-ignore")
+    assert default_run.exit_code == 0
+    assert permissive_run.exit_code == 0
+    # CHANGELOG was hidden from the default run by the ignore list…
+    assert "CHANGELOG" not in default_run.output
+    # …but is at least reachable when --no-ignore is on.
+    assert "CHANGELOG" in permissive_run.output or "src/app.py" in permissive_run.output
+
+
+def test_scan_respects_user_whycodeignore(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
+    (repo.root / ".whycodeignore").write_text("internal/legacy.py\n")
+    sha = repo.commit(
+        "init",
+        {"internal/legacy.py": "1", "src/app.py": "x"},
+        when=days_ago(60),
+    )
+    repo.revert(sha, when=days_ago(50))
+    result = _invoke(repo.root, "scan", "--top", "10")
+    assert result.exit_code == 0
+    assert "internal/legacy.py" not in result.output
+
+
 def test_mcp_summary_field_present_in_json(repo, days_ago) -> None:  # type: ignore[no-untyped-def]
     """Verify the MCP server includes a quotable summary string in get_risk_profile."""
     sha = repo.commit("feat: A", {"a.py": "1"}, when=days_ago(40))

whycode_cli-0.2.4/tests/test_ignore.py

@@ -0,0 +1,73 @@
+"""Tests for the ignore-pattern matcher."""
+
+from __future__ import annotations
+
+from whycode.ignore import (
+    DEFAULT_IGNORE_PATTERNS,
+    effective_patterns,
+    is_ignored,
+    load_user_patterns,
+)
+
+
+def test_default_patterns_match_changelog() -> None:
+    assert is_ignored("CHANGELOG.md", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("CHANGES.rst", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("HISTORY.txt", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("RELEASE_NOTES.md", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_default_patterns_match_lockfiles() -> None:
+    assert is_ignored("package-lock.json", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("yarn.lock", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("Cargo.lock", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("uv.lock", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_default_patterns_match_vendored_dirs() -> None:
+    assert is_ignored("node_modules/foo/index.js", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("vendor/github.com/foo/bar.go", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("third_party/x/y.cc", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_default_patterns_match_generated_stubs() -> None:
+    assert is_ignored("api_pb2.py", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("foo.pb.go", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("schema.generated.ts", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_default_patterns_do_not_match_normal_code() -> None:
+    assert not is_ignored("src/whycode/cli.py", DEFAULT_IGNORE_PATTERNS)
+    assert not is_ignored("README.md", DEFAULT_IGNORE_PATTERNS)
+    assert not is_ignored("tests/test_cli.py", DEFAULT_IGNORE_PATTERNS)
+    assert not is_ignored("Makefile", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_basename_match_for_root_pattern_in_subdir() -> None:
+    # `CHANGELOG*` should match `docs/CHANGELOG.md` even though the pattern has no slash.
+    assert is_ignored("docs/CHANGELOG.md", DEFAULT_IGNORE_PATTERNS)
+    assert is_ignored("packages/foo/CHANGES.rst", DEFAULT_IGNORE_PATTERNS)
+
+
+def test_user_patterns_loaded(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    (tmp_path / ".whycodeignore").write_text(
+        "# this is a comment\n"
+        "*.proto\n"
+        "scripts/\n"
+        "\n"  # blank line
+        "internal/legacy.py\n"
+    )
+    patterns = load_user_patterns(tmp_path)
+    assert patterns == ("*.proto", "scripts/", "internal/legacy.py")
+
+
+def test_user_patterns_empty_when_no_file(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    assert load_user_patterns(tmp_path) == ()
+
+
+def test_effective_patterns_combines_defaults_and_user(tmp_path) -> None:  # type: ignore[no-untyped-def]
+    (tmp_path / ".whycodeignore").write_text("internal/legacy.py\n")
+    eff = effective_patterns(tmp_path)
+    assert "internal/legacy.py" in eff
+    assert "*.lock" in eff  # default still present
+    assert is_ignored("internal/legacy.py", eff)