fix: handle milliseconds in ISO 8601 rate limit reset timestamps

.gitignore

@@ -161,6 +161,9 @@ playwright/.cache/
 *.tmp
 *.temp
 
+# Windows path artifacts (created when Windows symlinks leak into WSL/git)
+C:\\
+
 # Development
 dev/
 _bmad/
@@ -175,3 +178,5 @@ OPUS_ANALYSIS_AND_IDEAS.md
 /shared_docs
 logs/security/
 Agents.md
+auto-claude-desktop.sh
+/images/

apps/backend/agents/coder.py

@@ -897,6 +897,7 @@ def _validate_and_fix_implementation_plan() -> tuple[bool, list[str]]:
     concurrency_error_context: str | None = (
         None  # Context to pass to agent after concurrency error
     )
+    stuck_subtask_ids_local: set[str] = set()  # In-memory tracking of stuck subtasks
 
     def _reset_concurrency_state() -> None:
         """Reset concurrency error tracking state after a successful session or non-concurrency error."""
@@ -937,6 +938,13 @@ def _reset_concurrency_state() -> None:
         # Get the next subtask to work on (planner sessions shouldn't bind to a subtask)
         next_subtask = None if first_run else get_next_subtask(spec_dir)
         subtask_id = next_subtask.get("id") if next_subtask else None
+
+        # Skip subtasks already marked as stuck in this session
+        if subtask_id and subtask_id in stuck_subtask_ids_local:
+            # Try to find a non-stuck subtask by marking this one in the plan
+            next_subtask = None
+            subtask_id = None
+
         phase_name = next_subtask.get("phase_name") if next_subtask else None
 
         # Update status for this session
@@ -1109,6 +1117,7 @@ def _reset_concurrency_state() -> None:
                         subtask_id,
                         f"File validation failed after {attempt_count} attempts: {error_msg}",
                     )
+                    stuck_subtask_ids_local.add(subtask_id)
                     emit_phase(
                         ExecutionPhase.FAILED,
                         f"Subtask {subtask_id} stuck: file validation failed",
@@ -1123,6 +1132,8 @@ def _reset_concurrency_state() -> None:
                             "Consider: update implementation plan with correct filenames"
                         )
                     )
+                    # Skip delay for stuck subtasks - move to next immediately
+                    continue
 
                 # Update status
                 status_manager.update(state=BuildState.ERROR)
@@ -1286,6 +1297,7 @@ def _reset_concurrency_state() -> None:
                 recovery_manager.mark_subtask_stuck(
                     subtask_id, f"Failed after {attempt_count} attempts"
                 )
+                stuck_subtask_ids_local.add(subtask_id)
                 emit_phase(
                     ExecutionPhase.FAILED,
                     f"Subtask {subtask_id} stuck after {attempt_count} attempts",
@@ -1409,6 +1421,7 @@ def _reset_concurrency_state() -> None:
                             subtask_id,
                             f"Tool concurrency errors after {consecutive_concurrency_errors} retries",
                         )
+                        stuck_subtask_ids_local.add(subtask_id)
                         print_status(f"Subtask {subtask_id} marked as STUCK", "error")
 
                     status_manager.update(state=BuildState.ERROR)

apps/backend/cli/batch_commands.py

@@ -6,6 +6,7 @@
 """
 
 import json
+import re
 import shutil
 import subprocess
 from pathlib import Path
@@ -60,8 +61,19 @@ def handle_batch_create_command(batch_file: str, project_dir: str) -> bool:
     for idx, task in enumerate(tasks, 1):
         spec_id = f"{next_id:03d}"
         task_title = task.get("title", f"Task {idx}")
-        task_slug = task_title.lower().replace(" ", "-")[:50]
-        spec_name = f"{spec_id}-{task_slug}"
+
+        # Extract category tag like [sec-001] from title if present
+        tag_match = re.match(r"^\[(\w+-\d+)\]\s*(.*)", task_title)
+        if tag_match:
+            tag = tag_match.group(1)  # e.g. "sec-001"
+            title_rest = tag_match.group(2)  # e.g. "Remove hardcoded API key..."
+            title_slug = re.sub(r"[^\w\-]", "-", title_rest.lower())
+            title_slug = re.sub(r"-+", "-", title_slug).strip("-")[:50]
+            spec_name = f"{spec_id}-[{tag}]-{title_slug}"
+        else:
+            task_slug = re.sub(r"[^\w\-]", "-", task_title.lower())
+            task_slug = re.sub(r"-+", "-", task_slug).strip("-")[:50]
+            spec_name = f"{spec_id}-{task_slug}"
         spec_dir = specs_dir / spec_name
         spec_dir.mkdir(exist_ok=True)
 

apps/backend/cli/main.py

@@ -285,6 +285,11 @@ def parse_args() -> argparse.Namespace:
 
 def main() -> None:
     """Main CLI entry point."""
+    # Preflight self-healing checks (token refresh, ollama, stale locks)
+    from preflight_hook import run_preflight
+
+    run_preflight()
+
     # Set up environment first
     setup_environment()
 

apps/backend/core/client.py

@@ -222,6 +222,31 @@ def invalidate_project_cache(project_dir: Path | None = None) -> None:
 )
 from claude_agent_sdk import ClaudeAgentOptions, ClaudeSDKClient
 from claude_agent_sdk.types import HookMatcher
+
+# Monkey-patch the SDK message parser to gracefully handle unknown message types
+# (e.g. rate_limit_event) instead of raising MessageParseError and killing agent sessions.
+# This is needed until the upstream SDK adds native support for these message types.
+# Guarded with try/except so tests with mocked SDK don't break.
+try:
+    from claude_agent_sdk._errors import MessageParseError as _MessageParseError
+    from claude_agent_sdk._internal import message_parser as _sdk_message_parser
+    from claude_agent_sdk.types import SystemMessage
+
+    _original_parse_message = _sdk_message_parser.parse_message
+
+    def _patched_parse_message(data):
+        try:
+            return _original_parse_message(data)
+        except _MessageParseError as e:
+            if "Unknown message type" in str(e):
+                msg_type = data.get("type", "unknown")
+                logger.debug(f"Skipping unknown SDK message type: {msg_type}")
+                return SystemMessage(subtype=msg_type, data=data)
+            raise
+
+    _sdk_message_parser.parse_message = _patched_parse_message
+except (ImportError, AttributeError):
+    pass  # SDK internals not available (e.g. test mocks)
 from core.auth import (
     configure_sdk_authentication,
     get_sdk_env_vars,

apps/backend/core/worktree.py

@@ -344,7 +344,11 @@ def get_worktree_path(self, spec_name: str) -> Path:
 
     def get_branch_name(self, spec_name: str) -> str:
         """Get the branch name for a spec."""
-        return f"auto-claude/{spec_name}"
+        # Sanitize spec_name: remove characters invalid in git branch names
+        sanitized = re.sub(r"[\[\]~^:?*\\{}]", "", spec_name)
+        # Collapse repeated dashes from removal
+        sanitized = re.sub(r"-{2,}", "-", sanitized)
+        return f"auto-claude/{sanitized}"
 
     def worktree_exists(self, spec_name: str) -> bool:
         """Check if a worktree exists for a spec."""