From 208a079f4230edd520f5aa92288ae48247340910 Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Sun, 19 Apr 2026 17:14:54 -0500
Subject: feat(hooks): shared _common.py helpers + systemMessage AI-attribution
 warning
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Consolidates stdin-parse and response-emit across the two confirm hooks
into `hooks/_common.py` (stdlib-only, sibling symlinked alongside the
hooks it serves). Net ~28 lines less duplication.

Adds a `systemMessage` banner alongside the confirmation modal when the
commit message or PR title/body contains AI-attribution patterns:

  - Co-Authored-By: Claude|Anthropic|GPT|AI trailers
  - 🤖 robot emoji
  - "Generated with Claude Code" / similar footers
  - "Created with …" / "Assisted by …" variants

Scanning targets structural leak patterns only — bare mentions of
"Claude" or "Anthropic" in diff context don't fire, so discussing the
tools themselves in a commit message doesn't false-positive.

Clean-room synthesis from GowayLee/cchooks (MIT) — specifically, the
systemMessage-alongside-reason pattern and event-aware stdin helpers.
---
 hooks/gh-pr-create-confirm.py | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

(limited to 'hooks/gh-pr-create-confirm.py')

diff --git a/hooks/gh-pr-create-confirm.py b/hooks/gh-pr-create-confirm.py
index b983352..e3c2f13 100755
--- a/hooks/gh-pr-create-confirm.py
+++ b/hooks/gh-pr-create-confirm.py
@@ -24,20 +24,17 @@ Wire in ~/.claude/settings.json alongside git-commit-confirm.py:
     }
 """
 
-import json
 import re
 import sys
 
+from _common import read_payload, respond_ask, scan_attribution
+
 
 MAX_BODY_LINES = 20
 
 
 def main() -> int:
-    try:
-        payload = json.loads(sys.stdin.read())
-    except (json.JSONDecodeError, ValueError):
-        return 0
-
+    payload = read_payload()
     if payload.get("tool_name") != "Bash":
         return 0
 
@@ -48,14 +45,16 @@ def main() -> int:
     fields = parse_pr_create(cmd)
     reason = format_pr_confirmation(fields)
 
-    output = {
-        "hookSpecificOutput": {
-            "hookEventName": "PreToolUse",
-            "permissionDecision": "ask",
-            "permissionDecisionReason": reason,
-        }
-    }
-    print(json.dumps(output))
+    # Scan both title and body — PRs leak attribution in either slot.
+    scan_text = "\n".join(filter(None, [fields.get("title"), fields.get("body")]))
+    hits = scan_attribution(scan_text)
+    system_message = (
+        f"WARNING — PR title/body contains AI-attribution patterns: "
+        f"{'; '.join(hits)}. Policy forbids AI credit in PRs."
+        if hits else None
+    )
+
+    respond_ask(reason, system_message=system_message)
     return 0
 
 
-- 
cgit v1.2.3