#!/usr/bin/env python3
"""Stop hook: Claude 结束回复时检查是否有未审计的高风险变更"""
import json, subprocess, sys, os

project_dir = os.environ.get("CLAUDE_PROJECT_DIR", os.getcwd())
script = os.path.join(project_dir, "scripts", "audit", "prescan.py")

if not os.path.isfile(script):
    sys.exit(0)

try:
    r = subprocess.run(
        [sys.executable, script],
        capture_output=True, text=True, timeout=10, cwd=project_dir,
    )
    if r.returncode != 0:
        sys.exit(0)
    result = json.loads(r.stdout)
except Exception:
    sys.exit(0)

high_risk = result.get("high_risk_files", [])
if result.get("audit_required", False) and len(high_risk) > 0:
    print(json.dumps({
        "systemMessage": f"[audit-check] 当前有 {len(high_risk)} 个高风险文件变更未审计。建议执行 /audit。"
    }))