From f0e4e289f9b2d5527bbdb093c1e0dc51532e56e9 Mon Sep 17 00:00:00 2001
From: Michael Heller <21163552+mdheller@users.noreply.github.com>
Date: Wed, 11 Feb 2026 20:05:43 -0500
Subject: [PATCH] Workflow: harden PR helper (no git add -A, no nested repos)

---
 scripts/pr.sh | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/scripts/pr.sh b/scripts/pr.sh
index 5d36571..fcdcad7 100755
--- a/scripts/pr.sh
+++ b/scripts/pr.sh
@@ -4,16 +4,39 @@ cd "$(dirname "$0")/.."
 
 BRANCH="${1:-}"
 MSG="${2:-}"
+shift 2 || true
+
 if [[ -z "${BRANCH}" || -z "${MSG}" ]]; then
-  echo "usage: scripts/pr.sh <branch-name> <commit-message>" >&2
+  echo "usage: scripts/pr.sh <branch-name> <commit-message> [paths...]" >&2
   exit 2
 fi
 
+# Guard: refuse to run if there are nested git repos (prevents submodule/gitlink accidents)
+if find . -mindepth 2 -maxdepth 6 -name .git -type d | grep -q .; then
+  echo "[error] nested .git directories detected under repo root; refuse to 'git add' blindly" >&2
+  find . -mindepth 2 -maxdepth 6 -name .git -type d >&2
+  exit 3
+fi
+
 ./scripts/hygiene.sh
 
-git checkout -b "${BRANCH}"
-git add -A
+# Create branch if missing; otherwise just checkout
+if git show-ref --verify --quiet "refs/heads/${BRANCH}"; then
+  git checkout "${BRANCH}"
+else
+  git checkout -b "${BRANCH}"
+fi
+
+# Safer staging:
+# - if paths provided, stage only those
+# - else stage tracked changes only (no new untracked surprises)
+if [[ "$#" -gt 0 ]]; then
+  git add -- "$@"
+else
+  git add -u
+fi
+
 git commit -m "${MSG}"
 git push -u origin "${BRANCH}"
 
-gh pr create --repo SocioProphet/agentplane --base main --head "${BRANCH}" --title "${MSG}" --body "${MSG}"
+gh pr create --base main --head "${BRANCH}" --title "${MSG}" --body "${MSG}"