whycode-cli 0.2.4__py3-none-any.whl → 0.2.5__py3-none-any.whl

whycode/__init__.py

@@ -1,3 +1,3 @@
 """WhyCode — tells you what to be afraid of before touching a file."""
 
-__version__ = "0.2.4"
+__version__ = "0.2.5"

whycode/cli.py

@@ -238,6 +238,14 @@ def diff(
     json_out: bool = typer.Option(
         False, "--json", help="Emit machine-readable JSON instead of a table."
     ),
+    markdown: bool = typer.Option(
+        False,
+        "--markdown",
+        help=(
+            "Emit GitHub-flavoured markdown suitable for posting as a PR comment. "
+            "Pipe into a workflow step that calls `gh pr comment`."
+        ),
+    ),
     fail_on: str | None = typer.Option(
         None,
         "--fail-on",
@@ -305,6 +313,37 @@ def diff(
 
     flagged = [c for c in cards if _is_actionable(c)]
     quiet_n = len(cards) - len(flagged)
+    scope_md = "files staged for commit" if staged else f"files changed vs `{actual_base}`"
+    if markdown:
+        # Stable marker so a follow-up workflow step can find-and-update the
+        # same comment on subsequent pushes instead of stacking new ones.
+        print("<!-- whycode-comment -->")
+        print("## WhyCode risk briefing")
+        print()
+        print(f"**{len(files)} {scope_md}**")
+        print()
+        if not flagged:
+            print("Nothing flagged. Read the diff anyway.")
+        else:
+            print("| Score | Band | File | Top signal |")
+            print("| ----: | ---- | ---- | ---------- |")
+            for c in flagged:
+                top_signal = c.signals[0].headline.replace("|", "\\|")
+                print(
+                    f"| {c.score.value} | {c.score.band.value} | "
+                    f"`{c.path}` | {top_signal} |"
+                )
+            if quiet_n:
+                print()
+                print(f"_+ {quiet_n} file(s) changed with no flags._")
+            print()
+            print(
+                "_Run `whycode why <path>` for the full Risk Card on any of the above._"
+            )
+        if threshold is not None and any(c.score.value >= threshold for c in cards):
+            raise typer.Exit(1)
+        return
+
     scope = "staged for commit" if staged else f"changed vs {actual_base}"
     console.print(f"[bold]{len(files)} file(s) {scope}[/bold]")
     if not flagged:

whycode/templates/github-workflow.yml

@@ -1,11 +1,12 @@
 # Risk-rank pull requests with WhyCode.
 #
-# On every PR this workflow computes the Risk Card for each changed file
-# (vs the PR base) and prints a risk-ranked table to the job log.
-# Advisory by default — humans decide.
+# On every PR this workflow:
+#   1. Computes the Risk Card for each changed file (vs the PR base)
+#   2. Prints a risk-ranked table to the job log
+#   3. Posts (or updates) a single PR comment with the same table
 #
-# To turn it into a hard gate that blocks merging, append `--fail-on <band>`
-# to the `whycode diff` line below:
+# Advisory by default — humans decide. To turn it into a hard gate that
+# blocks merging, append `--fail-on <band>` to the diff line:
 #   handle    block at HANDLE WITH CARE   (score >= 75)
 #   history   block at READ HISTORY FIRST (score >= 50)
 #   look      stricter — block at >= 25
@@ -17,7 +18,7 @@ on:
 
 permissions:
   contents: read
-  pull-requests: read
+  pull-requests: write  # required to post / update the PR comment
 
 jobs:
   whycode:
@@ -36,5 +37,28 @@ jobs:
       - name: Install WhyCode
         run: pip install whycode-cli
 
-      - name: Risk-rank files in this PR
+      - name: Risk-rank files in this PR (job log)
         run: whycode diff --base origin/${{ github.base_ref }}
+
+      - name: Build PR comment body
+        run: whycode diff --base origin/${{ github.base_ref }} --markdown > whycode-comment.md
+
+      - name: Post or update the PR comment
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO: ${{ github.repository }}
+        run: |
+          set -euo pipefail
+          BODY=$(cat whycode-comment.md)
+          # Find any existing comment we previously posted (identified by the
+          # hidden HTML marker WhyCode emits at the top of the message).
+          EXISTING=$(gh api "repos/${REPO}/issues/${PR_NUMBER}/comments" \
+            --jq 'map(select(.body | contains("<!-- whycode-comment -->"))) | .[0].id // empty')
+          if [ -n "$EXISTING" ]; then
+            gh api -X PATCH "repos/${REPO}/issues/comments/${EXISTING}" \
+              -f body="$BODY" > /dev/null
+          else
+            gh api -X POST "repos/${REPO}/issues/${PR_NUMBER}/comments" \
+              -f body="$BODY" > /dev/null
+          fi

{whycode_cli-0.2.4.dist-info → whycode_cli-0.2.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: whycode-cli
-Version: 0.2.4
+Version: 0.2.5
 Summary: Tells you what to be afraid of before you touch a file.
 Author: Kevin
 License-Expression: MIT

{whycode_cli-0.2.4.dist-info → whycode_cli-0.2.5.dist-info}/RECORD

@@ -1,6 +1,6 @@
-whycode/__init__.py,sha256=vahOy3X-a02yX10f7cBtuylMKDlCKJQyvZVggnCiQqw,96
+whycode/__init__.py,sha256=xXDqsMrsG7I_1V_VGQJ-kv6ORri4-rfyuFN-BlildIk,96
 whycode/__main__.py,sha256=dqAk6746YpuM-FTIH4TBOULegGc5WweojiZjce0VYgQ,105
-whycode/cli.py,sha256=jrX3GaMmZbNjnXzQtCViXMB6C3F-zwKKoMPtsISwgT4,30917
+whycode/cli.py,sha256=QB33UGjSTF6DXcxM2r8TZcODIjOw0QqOBb9Kh7TsCbs,32464
 whycode/git_facts.py,sha256=VozSt59dWhUcDQ2qyDA2Bfa6AWvfBmIaQKP1DAYUpPM,17820
 whycode/ignore.py,sha256=sdRO_0HSedm8aO69CSGl-zQrUVX5MEg9QGcAJWwAvP4,3021
 whycode/mcp_server.py,sha256=56csOHSP90Zk59-_Puvk4WTSlCJ6xQAm-K10b_qmyAQ,7105
@@ -9,11 +9,11 @@ whycode/scorer.py,sha256=4pBejunfxzYhGUzMeL8uGEMQzC6DWiqwcTeMdo3eras,1444
 whycode/signals.py,sha256=14KziRolXvhmOnMnluXpPPInoBRO5uDu0tm024EYik0,13066
 whycode/suppressions.py,sha256=1lKSs-kCgpnJbcxozcgiSP8ZAfjEDMHXuM3sw4FaY78,3836
 whycode/templates/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-whycode/templates/github-workflow.yml,sha256=yy87tbYKCexNYFso4e4OxGAdIIYOLn2cVxEt-FzP2oo,1095
+whycode/templates/github-workflow.yml,sha256=LAfHMDG2TkAwi4vCNinHk-4zOt-mCWErBpmpaqlW5oA,2251
 whycode/templates/pre-commit,sha256=IhU11CvoDwqRAAsvHwUo-BwaNbdgy1cpXc54Z_phrmQ,316
-whycode_cli-0.2.4.dist-info/licenses/LICENSE,sha256=U6LN5qg5kJXSJf7KFPm9KJhmiGn3qK_GsTVWXdt1DFA,1062
-whycode_cli-0.2.4.dist-info/METADATA,sha256=ESACr8PI_DsPCZl0_LQ4fD0EhpsK1FEKgUrdwv3HDV4,9260
-whycode_cli-0.2.4.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
-whycode_cli-0.2.4.dist-info/entry_points.txt,sha256=xrNWc4CQn3ZhQFJxsGIPiTqpN19K4pRpgaj6qGaEzSQ,44
-whycode_cli-0.2.4.dist-info/top_level.txt,sha256=6yIL5rxW-4DbARHQYrPlGQVqKddZ88sjvmNosDh1w3A,8
-whycode_cli-0.2.4.dist-info/RECORD,,
+whycode_cli-0.2.5.dist-info/licenses/LICENSE,sha256=U6LN5qg5kJXSJf7KFPm9KJhmiGn3qK_GsTVWXdt1DFA,1062
+whycode_cli-0.2.5.dist-info/METADATA,sha256=IhRYXPiCmhDwmP2H_FiViZGeR4kw4o_tzwYVS60piV0,9260
+whycode_cli-0.2.5.dist-info/WHEEL,sha256=aeYiig01lYGDzBgS8HxWXOg3uV61G9ijOsup-k9o1sk,91
+whycode_cli-0.2.5.dist-info/entry_points.txt,sha256=xrNWc4CQn3ZhQFJxsGIPiTqpN19K4pRpgaj6qGaEzSQ,44
+whycode_cli-0.2.5.dist-info/top_level.txt,sha256=6yIL5rxW-4DbARHQYrPlGQVqKddZ88sjvmNosDh1w3A,8
+whycode_cli-0.2.5.dist-info/RECORD,,