claude-teammate 0.1.305 → 0.1.306

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-teammate",
-  "version": "0.1.305",
+  "version": "0.1.306",
   "description": "CLI bootstrapper for Claude Teammate.",
   "license": "MIT",
   "type": "module",

package/src/claude/process.js

@@ -1,7 +1,8 @@
 import { spawn } from "node:child_process";
 
 const CHILD_CLEANUP_WAIT_MS = 1_000;
-const CLAUDE_MAX_ATTEMPTS = 1;
+const CLAUDE_MAX_ATTEMPTS = 3;
+const CLAUDE_RETRY_BASE_DELAY_MS = 2_000;
 const DEFAULT_CLAUDE_PERMISSION_MODE = "bypassPermissions";
 
 export class ClaudeCliError extends Error {
@@ -53,8 +54,44 @@ export function formatClaudeInvocationError(error, timeoutMs) {
   return `Claude CLI invocation failed${timeout ? ` after ${timeoutMs}ms` : ""}${signal ? ` (${signal})` : ""}${codeFragment}${details ? `: ${details}` : "."}`;
 }
 
-export function shouldRetryClaudeCommand(options = {}, attempt) {
-  return !options.noRetry && attempt < CLAUDE_MAX_ATTEMPTS;
+// Resource/transport failures that a fresh attempt can plausibly clear:
+// fork failures under VM load (EAGAIN/ENOMEM/ENFILE/EMFILE), OOM-kills
+// (SIGKILL), and timeouts. Deterministic failures must NOT retry: a usage
+// limit, an over-long prompt, or a clean non-zero exit (a logic/permission
+// error from a CLI that actually ran) will fail again identically and just
+// burn quota.
+const TRANSIENT_SPAWN_ERRNOS = new Set(["EAGAIN", "ENOMEM", "ENFILE", "EMFILE", "ECONNRESET", "ETIMEDOUT"]);
+
+export function isTransientClaudeError(error) {
+  if (!error || typeof error !== "object") {
+    return false;
+  }
+  if (error.hitUsageLimit || error.promptTooLong) {
+    return false;
+  }
+  if (error.killed) {
+    return true;
+  }
+  if (typeof error.code === "string" && TRANSIENT_SPAWN_ERRNOS.has(error.code)) {
+    return true;
+  }
+  // External SIGKILL with no captured output is the classic OOM-killer
+  // signature; SIGTERM here is our own maxBuffer/limit kill and is handled
+  // by the flags above, so only treat SIGKILL as transient.
+  if (error.signal === "SIGKILL") {
+    return true;
+  }
+  return false;
+}
+
+export function shouldRetryClaudeCommand(options = {}, attempt, error) {
+  return !options.noRetry && attempt < CLAUDE_MAX_ATTEMPTS && isTransientClaudeError(error);
+}
+
+function delay(ms) {
+  return new Promise((resolve) => {
+    setTimeout(resolve, ms);
+  });
 }
 
 export async function runClaudeCommand(command, args, options) {
@@ -62,9 +99,13 @@ export async function runClaudeCommand(command, args, options) {
     try {
       return await runClaudeCommandOnce(command, args, options);
     } catch (error) {
-      if (!shouldRetryClaudeCommand(options, attempt)) {
+      if (!shouldRetryClaudeCommand(options, attempt, error)) {
         throw error;
       }
+      options.onRetry?.({ attempt, error });
+      // Exponential backoff so a transient spike (fork storm, OOM) gets a
+      // moment to subside before the next attempt.
+      await delay(CLAUDE_RETRY_BASE_DELAY_MS * 2 ** (attempt - 1));
     }
   }
 }

package/src/claude/prompts.js

@@ -1,5 +1,28 @@
 import { formatAdditionalRepoPaths } from "./paths.js";
 
+// Re-ground a re-invoked implementation run on what an earlier run already did.
+// Both fields are optional; when neither is present this contributes nothing so
+// first runs are unchanged. The diff is truncated by the caller to stay within
+// the prompt budget.
+function formatPriorWorkContext(input) {
+  const sections = [];
+  const priorSummary = String(input.priorSummary || "").trim();
+  if (priorSummary) {
+    sections.push(`\nPrior run summary (what you reported last time):\n${priorSummary}`);
+  }
+  const branchDiff = String(input.branchDiff || "").trim();
+  if (branchDiff) {
+    sections.push(`\nWork already done on this branch (diff vs base):\n${branchDiff}`);
+  }
+  if (sections.length === 0) {
+    return "";
+  }
+  sections.push(
+    "\nBuild on the work above; do not redo or revert changes that already satisfy the plan unless the latest comment asks for it."
+  );
+  return `${sections.join("\n")}\n`;
+}
+
 const INCLUDE_RESOURCE_LINKS_RULE =
   "When your response is posted as a comment on a Jira issue, GitHub issue, or GitHub PR, include the URL of every resource you created (e.g. Jira task, spreadsheet, test design, test cases, document, Confluence page) so the reader can navigate directly to it.";
 
@@ -353,7 +376,7 @@ ${input.latestComment?.body || "(none)"}
 
 Recent PR comments:
 ${recentComments || "(none)"}
-
+${formatPriorWorkContext(input)}
 Instructions:
 - Checkout the branch above in this repository.
 - Implement the plan described in the pull request body.
@@ -469,7 +492,7 @@ ${JSON.stringify(input.memory?.epic || {}, null, 2)}
 
 Step to implement:
 ${input.step}
-
+${formatPriorWorkContext(input)}
 Instructions:
 - Checkout the branch above in this repository.
 - Implement only the step described above. Do not implement other parts of the plan.

package/src/claude/stream.js

@@ -26,6 +26,24 @@ export function formatStreamEvent(event) {
   }
 }
 
+// Pull the Claude session id out of stream-json events so the caller can
+// persist it and resume the same conversation on a later run (e.g. when a
+// developer comments on the PR). Both `system` (init) and `result` events
+// carry session_id; the last one wins.
+export function extractSessionId(lines) {
+  for (let i = lines.length - 1; i >= 0; i -= 1) {
+    try {
+      const event = JSON.parse(lines[i]);
+      if (event && typeof event.session_id === "string" && event.session_id) {
+        return event.session_id;
+      }
+    } catch {
+      // skip non-JSON lines
+    }
+  }
+  return "";
+}
+
 export function extractResultFromStreamJson(lines) {
   for (let i = lines.length - 1; i >= 0; i--) {
     try {

package/src/claude.js

@@ -13,6 +13,7 @@ import {
   cleanupClaudeProcesses,
   formatClaudeInvocationError,
   isClaudeCliError,
+  isTransientClaudeError,
   resolveClaudePermissionMode,
   runClaudeCommand,
   shouldRetryClaudeCommand
@@ -45,7 +46,12 @@ import {
   buildSuggestionRevisionSystemPrompt,
   buildSuggestionRevisionUserPrompt
 } from "./claude/prompts.js";
-import { extractResultFromStreamJson, formatStreamEvent, parseClaudeOutput } from "./claude/stream.js";
+import {
+  extractResultFromStreamJson,
+  extractSessionId,
+  formatStreamEvent,
+  parseClaudeOutput
+} from "./claude/stream.js";
 import {
   validateClaudeResult,
   validateEpicMemoryCleanupResult,
@@ -76,6 +82,7 @@ export {
   hasPlaywrightMcpConfigured,
   isClaudeCliError,
   isHeadlessPlaywrightMcpConfig,
+  isTransientClaudeError,
   parseClaudeOutput,
   shouldRetryClaudeCommand
 };
@@ -380,10 +387,39 @@ const REPO_EXTRACTION_SCHEMA = {
   required: ["repos", "pr_repo_url"]
 };
 
+// A `--resume <id>` invocation failed specifically because the session could
+// not be loaded (worker moved hosts, local session store cleared, id stale).
+// Distinct from a real task failure so we only fall back to a fresh run for
+// the recoverable case.
+export function isResumeSessionError(error) {
+  if (!error || typeof error !== "object") {
+    return false;
+  }
+  const text = `${error.stderr || ""}\n${error.stdout || ""}\n${error.message || ""}`.toLowerCase();
+  return (
+    text.includes("no conversation found") ||
+    text.includes("session not found") ||
+    text.includes("could not find session") ||
+    text.includes("no session") ||
+    (text.includes("resume") && text.includes("not found"))
+  );
+}
+
+function wrapClaudeCliError(error, timeoutMs) {
+  const cliError = new ClaudeCliError(formatClaudeInvocationError(error, timeoutMs));
+  if (error?.hitUsageLimit) {
+    cliError.hitUsageLimit = true;
+  }
+  if (error?.promptTooLong) {
+    cliError.promptTooLong = true;
+  }
+  return cliError;
+}
+
 async function invokeClaudeTask(schema, systemPrompt, userPrompt, opts = {}) {
   const { model, permissionMode, effort, extraArgs = [], validate, runOpts = {} } = opts;
 
-  const args = [
+  const baseArgs = [
     "--print",
     "--model",
     model || DEFAULT_MODEL,
@@ -400,14 +436,21 @@ async function invokeClaudeTask(schema, systemPrompt, userPrompt, opts = {}) {
     userPrompt
   ];
 
-  const { issueKey, logger, phase, epicContext, ...restRunOpts } = runOpts;
+  const { issueKey, logger, phase, epicContext, resumeSessionId, onSessionId, ...restRunOpts } = runOpts;
 
   // Always use stream-json so we have full event data for skill failure detection.
   const loggingEnabled = Boolean(issueKey && logger && typeof logger.issueLog === "function");
-  const effectiveArgs = buildStreamArgs(args);
+
+  // Resume the prior conversation when a session id is supplied so the model
+  // keeps its earlier context (e.g. responding to a PR comment). `--resume`
+  // is prepended; if it fails because the session is gone we fall back to a
+  // fresh run below so a stale id never permanently blocks the task.
+  const resumeId = String(resumeSessionId || "").trim();
+  const buildArgs = (withResume) =>
+    buildStreamArgs(withResume && resumeId ? ["--resume", resumeId, ...baseArgs] : baseArgs);
 
   const collectedLines = [];
-  const onData = (chunk) => {
+  const makeOnData = () => (chunk) => {
     const lines = String(chunk)
       .split("\n")
       .filter((l) => l.trim());
@@ -427,21 +470,40 @@ async function invokeClaudeTask(schema, systemPrompt, userPrompt, opts = {}) {
     }
   };
 
-  try {
-    await runClaudeCommand("claude", effectiveArgs, {
+  const runOnce = (withResume) => {
+    collectedLines.length = 0;
+    return runClaudeCommand("claude", buildArgs(withResume), {
       maxBuffer: 10 * 1024 * 1024,
       ...restRunOpts,
-      onData
+      onData: makeOnData()
     });
+  };
+
+  try {
+    await runOnce(Boolean(resumeId));
   } catch (error) {
-    const cliError = new ClaudeCliError(formatClaudeInvocationError(error, runOpts.timeout));
-    if (error?.hitUsageLimit) {
-      cliError.hitUsageLimit = true;
+    // A stale/missing session is recoverable: retry once from a clean slate.
+    if (resumeId && isResumeSessionError(error)) {
+      void logger?.info?.("Claude session resume failed; retrying without resume", { issueKey, phase });
+      try {
+        await runOnce(false);
+      } catch (retryError) {
+        throw wrapClaudeCliError(retryError, runOpts.timeout);
+      }
+    } else {
+      throw wrapClaudeCliError(error, runOpts.timeout);
     }
-    if (error?.promptTooLong) {
-      cliError.promptTooLong = true;
+  }
+
+  if (typeof onSessionId === "function") {
+    const sessionId = extractSessionId(collectedLines);
+    if (sessionId) {
+      try {
+        onSessionId(sessionId);
+      } catch {
+        // Persisting the session id is best-effort; never fail the task on it.
+      }
     }
-    throw cliError;
   }
 
   const outputToParse = extractResultFromStreamJson(collectedLines);
@@ -787,7 +849,9 @@ export async function runClaudeImplementation(input) {
         issueKey: input.issueKey,
         logger: input.logger,
         phase: "implementation",
-        epicContext: input.epicContext
+        epicContext: input.epicContext,
+        resumeSessionId: input.resumeSessionId,
+        onSessionId: input.onSessionId
       }
     }
   );
@@ -870,7 +934,9 @@ export async function runClaudeImplementationStep(input) {
         issueKey: input.issueKey,
         logger: input.logger,
         phase: "implementation-step",
-        epicContext: input.epicContext
+        epicContext: input.epicContext,
+        resumeSessionId: input.resumeSessionId,
+        onSessionId: input.onSessionId
       }
     }
   );

package/src/forge/gitlab.js

@@ -150,17 +150,17 @@ export function createGitLabClient(config) {
 
     async createIssueReaction(repoUrl, issueNumber, content = "eyes") {
       const repo = parseGitLabRepoUrl(repoUrl);
-      return requestGitLabProject(config, repo, `${issueNotePath(issueNumber)}/award_emoji`, {
-        method: "POST",
-        body: {
-          name: mapReaction(content)
-        }
-      });
+      return awardEmojiOnce(
+        config,
+        projectPath(repo, `${issueNotePath(issueNumber)}/award_emoji`),
+        `${repo.origin}/`,
+        mapReaction(content)
+      );
     },
 
     async createIssueCommentReaction(repoUrl, commentId, content = "eyes", issueNumber = "") {
       const repo = parseGitLabRepoUrl(repoUrl);
-      const body = { name: mapReaction(content) };
+      const name = mapReaction(content);
       const candidates = [
         projectPath(repo, `${mergeRequestNotePath(issueNumber)}/${commentId}/award_emoji`),
         projectPath(repo, `/issues/${issueNumber}/notes/${commentId}/award_emoji`)
@@ -169,15 +169,9 @@ export function createGitLabClient(config) {
       let lastError = null;
       for (const candidate of candidates) {
         try {
-          return await requestGitLab(config, candidate, {
-            baseUrl: `${repo.origin}/`,
-            method: "POST",
-            body
-          });
+          // Don't swallow 404 here: a wrong-kind path must fall through to the next candidate.
+          return await awardEmojiOnce(config, candidate, `${repo.origin}/`, name, { ignoreMissing: false });
         } catch (error) {
-          if (String(error?.message || "").includes("Award Emoji Name has already been taken")) {
-            return;
-          }
           lastError = error;
         }
       }
@@ -187,13 +181,12 @@ export function createGitLabClient(config) {
 
     async createPullRequestCommentReaction(repoUrl, commentId, content = "eyes", pullNumber = "") {
       const repo = parseGitLabRepoUrl(repoUrl);
-      return requestGitLab(config, projectPath(repo, `${mergeRequestNotePath(pullNumber)}/${commentId}/award_emoji`), {
-        baseUrl: `${repo.origin}/`,
-        method: "POST",
-        body: {
-          name: mapReaction(content)
-        }
-      });
+      return awardEmojiOnce(
+        config,
+        projectPath(repo, `${mergeRequestNotePath(pullNumber)}/${commentId}/award_emoji`),
+        `${repo.origin}/`,
+        mapReaction(content)
+      );
     },
 
     async isRepoCollaborator(repoUrl, username) {
@@ -544,11 +537,12 @@ export function createGitLabClient(config) {
 
     async addReactionToNote(repoUrl, prNumber, noteId, reaction = "eyes") {
       const repo = parseGitLabRepoUrl(repoUrl);
-      return requestGitLab(config, projectPath(repo, `/merge_requests/${prNumber}/notes/${noteId}/award_emoji`), {
-        baseUrl: `${repo.origin}/`,
-        method: "POST",
-        body: { name: mapReaction(reaction) }
-      });
+      return awardEmojiOnce(
+        config,
+        projectPath(repo, `/merge_requests/${prNumber}/notes/${noteId}/award_emoji`),
+        `${repo.origin}/`,
+        mapReaction(reaction)
+      );
     },
 
     async listAiReviewedPrs(repoUrl) {
@@ -1014,6 +1008,47 @@ function mapReaction(content) {
   }
 }
 
+async function findExistingAward(config, awardEmojiPath, baseUrl, name) {
+  // GitLab returns every award on the resource; reuse ours instead of re-POSTing each poll.
+  try {
+    const existing = await requestGitLab(config, awardEmojiPath, { baseUrl });
+    if (Array.isArray(existing)) {
+      return existing.find((emoji) => emoji?.name === name) || null;
+    }
+  } catch {
+    // List failed — fall through to POST, which still tolerates a duplicate.
+  }
+  return null;
+}
+
+function isAwardEmojiDuplicate(error) {
+  return String(error?.message || "").includes("has already been taken");
+}
+
+function isMissingResource(error) {
+  return error?.statusCode === 404 || /failed with 404\b/u.test(String(error?.message || ""));
+}
+
+// Idempotent award: skip when ours already exists, swallow the duplicate race,
+// and (for single-path callers) treat a deleted resource as a no-op success.
+async function awardEmojiOnce(config, awardEmojiPath, baseUrl, name, { ignoreMissing = true } = {}) {
+  const found = await findExistingAward(config, awardEmojiPath, baseUrl, name);
+  if (found) {
+    return found;
+  }
+  try {
+    return await requestGitLab(config, awardEmojiPath, { baseUrl, method: "POST", body: { name } });
+  } catch (error) {
+    if (isAwardEmojiDuplicate(error)) {
+      return {};
+    }
+    if (ignoreMissing && isMissingResource(error)) {
+      return {};
+    }
+    throw error;
+  }
+}
+
 async function requestGitLab(config, pathOrUrl, init = {}) {
   const url = pathOrUrl.startsWith("http")
     ? new URL(pathOrUrl)
@@ -1050,7 +1085,9 @@ async function requestGitLab(config, pathOrUrl, init = {}) {
       authError.statusCode = response.status;
       throw authError;
     }
-    throw new Error(buildGitLabRequestError(response.status, url, body));
+    const requestError = new Error(buildGitLabRequestError(response.status, url, body));
+    requestError.statusCode = response.status;
+    throw requestError;
   }
 
   if (response.status === 204) {

package/src/forge/repo-host.js

@@ -2,6 +2,22 @@ import process from "node:process";
 
 const GITHUB_HOST = "github.com";
 
+// Path segments that mark a URL as something other than a repo root: forge
+// sub-pages (blob/tree/pull/merge_requests/…) and auth/account endpoints
+// (sign_in/users/…). Matched as a whole path component (slash-delimited).
+const NON_REPO_PATHS =
+  /\/(?:blob|tree|raw|actions|issues|pull|commit|releases|compare|discussions|wiki|tags|branches|security|pulse|graphs|settings|merge_requests|pipelines|environments|packages|network|activity|sign_in|sign_up|users|sessions|oauth|-)\//u;
+// GitLab uses /-/ as a separator before sub-paths (e.g. /-/merge_requests/12).
+const GITLAB_SUBPATH = /\/-\//u;
+
+// True when a URL path is NOT a plain `owner/repo` root. Used both to filter
+// discovered URLs and (authoritatively) inside parseRepoParts so a junk URL
+// can never be turned into a clone target.
+export function isNonRepoPath(pathOrUrl) {
+  const probe = `/${String(pathOrUrl || "").replace(/^\/+/u, "")}/`;
+  return NON_REPO_PATHS.test(probe) || GITLAB_SUBPATH.test(probe);
+}
+
 export function parseRepoUrl(repoUrl) {
   const value = String(repoUrl || "").trim();
   if (!value) {
@@ -101,12 +117,8 @@ export function extractRepoUrls(text) {
     return [];
   }
 
-  // Filter out URLs that are not repo roots (e.g. blob, tree, actions, issues, pull, commit paths)
-  const NON_REPO_PATHS =
-    /\/(?:blob|tree|raw|actions|issues|pull|commit|releases|compare|discussions|wiki|tags|branches|security|pulse|graphs|settings|merge_requests|pipelines|environments|packages|network|activity)\//u;
-  // GitLab uses /-/ as a separator before sub-paths (e.g. /-/merge_requests/12, /-/issues/5)
-  const GITLAB_SUBPATH = /\/-\//u;
-  const repoUrls = matches.filter((url) => !NON_REPO_PATHS.test(url) && !GITLAB_SUBPATH.test(url));
+  // Filter out URLs that are not repo roots (blob/tree/issues/merge_requests/…)
+  const repoUrls = matches.filter((url) => !isNonRepoPath(url));
 
   return [...new Set(repoUrls)];
 }
@@ -116,6 +128,14 @@ function parseRepoParts(host, rawPath) {
   const cleanPath = String(rawPath || "")
     .replace(/\.git$/u, "")
     .replace(/\/+$/u, "");
+
+  // Single source of truth: reject MR/issue/auth/redirect paths here so a junk
+  // URL reaching parseRepoUrl by any route can never be built into a bogus
+  // clone target (e.g. `.../-/merge_requests/15.git`, `.../users/sign_in.git`).
+  if (isNonRepoPath(cleanPath)) {
+    throw new Error(`Not a ${getProviderLabel(provider)} repo URL (sub-page or auth path): ${rawPath}`);
+  }
+
   const segments = cleanPath.split("/").filter(Boolean);
 
   if (segments.length < 2) {

package/src/fs-atomic.js

@@ -0,0 +1,23 @@
+import { rename, writeFile } from "node:fs/promises";
+
+// Monotonic per-process counter so two writes from the same process never
+// share a temp path, even within the same millisecond.
+let tempCounter = 0;
+
+// Build a temp path that is unique per process + call. Concurrent writers
+// (same process or two worker processes) each rename their own temp file onto
+// the target, so the rename can never hit ENOENT from another writer having
+// already consumed a shared `<file>.tmp`.
+export function buildTempPath(filePath) {
+  tempCounter = (tempCounter + 1) % Number.MAX_SAFE_INTEGER;
+  return `${filePath}.${process.pid}.${tempCounter}.tmp`;
+}
+
+// Atomically write `content` to `filePath`: write to a unique temp file then
+// rename onto the target. The rename is atomic on POSIX, so readers always see
+// either the old or the new complete file, never a partial write.
+export async function atomicWriteFile(filePath, content) {
+  const tempFile = buildTempPath(filePath);
+  await writeFile(tempFile, content, "utf8");
+  await rename(tempFile, filePath);
+}

package/src/logger.js

@@ -1,17 +1,52 @@
-import { appendFile, mkdir } from "node:fs/promises";
+import { appendFile, mkdir, rename, rm, stat } from "node:fs/promises";
 import path from "node:path";
 
+const LEVELS = { DEBUG: 10, INFO: 20, WARN: 30, ERROR: 40 };
+const DEFAULT_MAX_BYTES = 50 * 1024 * 1024; // 50MB per worker log file before rotation.
+const DEFAULT_MAX_FILES = 5;
+
+// Serialize writes + rotation per log file so concurrent log calls can't
+// interleave a rotation rename with an append (which produced lost/garbled lines).
+const writeChains = new Map();
+
 export function getIssueLogFile(workerLogFile, issueKey) {
   return path.join(path.dirname(workerLogFile), "issue-logs", `${issueKey}.log`);
 }
 
+function resolveThreshold() {
+  const raw = String(process.env.LOG_LEVEL || "INFO").toUpperCase();
+  return LEVELS[raw] ?? LEVELS.INFO;
+}
+
+function resolvePositiveInt(value, fallback) {
+  const parsed = Number.parseInt(String(value ?? ""), 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+
 export function createLogger(logFile) {
+  const threshold = resolveThreshold();
+  const maxBytes = resolvePositiveInt(process.env.WORKER_LOG_MAX_BYTES, DEFAULT_MAX_BYTES);
+  const maxFiles = resolvePositiveInt(process.env.WORKER_LOG_MAX_FILES, DEFAULT_MAX_FILES);
+
+  const write = (level, message, metadata) => {
+    if (LEVELS[level] < threshold) {
+      return Promise.resolve();
+    }
+    return enqueue(logFile, () => writeLogLine(logFile, level, message, metadata, maxBytes, maxFiles));
+  };
+
   const base = {
+    debug(message, metadata) {
+      return write("DEBUG", message, metadata);
+    },
     info(message, metadata) {
-      return writeLogLine(logFile, "INFO", message, metadata);
+      return write("INFO", message, metadata);
+    },
+    warn(message, metadata) {
+      return write("WARN", message, metadata);
     },
     error(message, metadata) {
-      return writeLogLine(logFile, "ERROR", message, metadata);
+      return write("ERROR", message, metadata);
     },
     issueLog(issueKey, chunk, phase) {
       const issueLogFile = getIssueLogFile(logFile, issueKey);
@@ -19,7 +54,9 @@ export function createLogger(logFile) {
     },
     withTag(tag) {
       return {
+        debug: (message, metadata) => base.debug(`[${tag}] ${message}`, metadata),
         info: (message, metadata) => base.info(`[${tag}] ${message}`, metadata),
+        warn: (message, metadata) => base.warn(`[${tag}] ${message}`, metadata),
         error: (message, metadata) => base.error(`[${tag}] ${message}`, metadata),
         issueLog: (issueKey, chunk, phase) => base.issueLog(issueKey, chunk, phase),
         withTag: (subTag) => base.withTag(`${tag}:${subTag}`)
@@ -29,6 +66,53 @@ export function createLogger(logFile) {
   return base;
 }
 
+function enqueue(logFile, task) {
+  const prev = writeChains.get(logFile) || Promise.resolve();
+  // Run the task whether the previous one resolved or rejected; never let a
+  // prior logging failure block subsequent log lines.
+  const next = prev.then(task, task);
+  const tracked = next
+    .catch(() => {})
+    .finally(() => {
+      if (writeChains.get(logFile) === tracked) {
+        writeChains.delete(logFile);
+      }
+    });
+  writeChains.set(logFile, tracked);
+  return next;
+}
+
+async function rotateIfNeeded(logFile, maxBytes, maxFiles) {
+  let size = 0;
+  try {
+    size = (await stat(logFile)).size;
+  } catch {
+    return; // No file yet (or unstattable) — nothing to rotate.
+  }
+  if (size < maxBytes) {
+    return;
+  }
+
+  // Shift archives: .(N-1) -> .N (overwriting the oldest), ..., .1 -> .2, then live -> .1.
+  for (let i = maxFiles - 1; i >= 1; i--) {
+    try {
+      await rename(`${logFile}.${i}`, `${logFile}.${i + 1}`);
+    } catch {
+      // Archive slot may not exist yet; skip.
+    }
+  }
+  try {
+    await rename(logFile, `${logFile}.1`);
+  } catch {
+    // Live file vanished between stat and rename — next append recreates it.
+  }
+  try {
+    await rm(`${logFile}.${maxFiles + 1}`, { force: true });
+  } catch {
+    // Best-effort cleanup of an over-the-limit archive.
+  }
+}
+
 async function writeIssueChunk(issueLogFile, chunk, phase) {
   await mkdir(path.dirname(issueLogFile), { recursive: true });
   const timestamp = new Date().toISOString();
@@ -43,7 +127,11 @@ async function writeIssueChunk(issueLogFile, chunk, phase) {
   }
 }
 
-async function writeLogLine(logFile, level, message, metadata) {
+async function writeLogLine(logFile, level, message, metadata, maxBytes, maxFiles) {
+  if (!logFile) {
+    return;
+  }
+  await rotateIfNeeded(logFile, maxBytes, maxFiles);
   const timestamp = new Date().toISOString();
   const payload = metadata === undefined ? "" : formatMetadata(metadata);
 

package/src/memory.js

@@ -1,6 +1,7 @@
-import { access, mkdir, readdir, readFile, rename, unlink, writeFile } from "node:fs/promises";
+import { access, mkdir, readdir, readFile, unlink } from "node:fs/promises";
 import path from "node:path";
 import { extractRepoUrls as extractForgeRepoUrls } from "./forge/repo-host.js";
+import { atomicWriteFile } from "./fs-atomic.js";
 
 const MEMORY_DIR_NAME = "memory";
 const LEGACY_JSON_BLOCK_PATTERN = /```json\s*([\s\S]*?)\s*```/u;
@@ -77,9 +78,7 @@ export async function saveEpicMemory(filePath, issue, updates) {
   const output = JSON.stringify(nextData, null, 2);
   const directory = path.dirname(filePath);
   await mkdir(directory, { recursive: true });
-  const tempFile = `${filePath}.tmp`;
-  await writeFile(tempFile, output, "utf8");
-  await rename(tempFile, filePath);
+  await atomicWriteFile(filePath, output);
   _knownReposCacheByRoot.clear();
   return nextData;
 }
@@ -98,9 +97,7 @@ export async function saveIssueMemory(filePath, issue, updates) {
   const output = JSON.stringify(nextData, null, 2);
   const directory = path.dirname(filePath);
   await mkdir(directory, { recursive: true });
-  const tempFile = `${filePath}.tmp`;
-  await writeFile(tempFile, output, "utf8");
-  await rename(tempFile, filePath);
+  await atomicWriteFile(filePath, output);
   _issueMemoryCacheByRoot.clear();
   return nextData;
 }
@@ -147,9 +144,7 @@ async function loadMemoryFile(filePath, fallbackData, normalize) {
           };
           const directory = path.dirname(filePath);
           await mkdir(directory, { recursive: true });
-          const tempFile = `${filePath}.tmp`;
-          await writeFile(tempFile, JSON.stringify(mergedData, null, 2), "utf8");
-          await rename(tempFile, filePath);
+          await atomicWriteFile(filePath, JSON.stringify(mergedData, null, 2));
           await unlink(mdPath);
           return {
             filePath,

package/src/repo.js

@@ -1,5 +1,5 @@
 import { execFile } from "node:child_process";
-import { access, mkdir, rm } from "node:fs/promises";
+import { access, mkdir, rename, rm } from "node:fs/promises";
 import path from "node:path";
 import { promisify } from "node:util";
 import { buildGitEnvForRepoUrl, parseGitHubRepoUrl, parseRepoUrl } from "./forge/repo-host.js";
@@ -582,14 +582,51 @@ export async function hasUsableGitCheckout(repoPath) {
   return isUsableGitCheckout(repoPath);
 }
 
+/**
+ * Quarantine a checkout we cannot delete by renaming it aside. Renaming only
+ * needs write permission on the *parent* directory, not ownership of the
+ * (root-owned) contents — so this succeeds in the multi-user case where `rm`
+ * and `chmod` fail with EACCES. Once moved out of the way, the caller can
+ * clone a fresh checkout into the original path and the worker self-recovers
+ * instead of churning the same issue forever.
+ *
+ * Returns the quarantine path on success, or null if even the rename failed
+ * (e.g. the parent directory itself is not writable).
+ */
+export async function quarantineCheckout(targetPath) {
+  const parent = path.dirname(targetPath);
+  const base = path.basename(targetPath);
+  // Stable, idempotent suffix sequence so repeated runs don't accumulate
+  // unbounded copies: reuse a `.broken` slot, trying to clear a previous one
+  // first, then fall back to numbered slots.
+  for (let i = 0; i < 50; i += 1) {
+    const suffix = i === 0 ? ".broken" : `.broken.${i}`;
+    const quarantinePath = path.join(parent, `${base}${suffix}`);
+    if (await pathExists(quarantinePath)) {
+      // Try to reclaim the slot; if it is also undeletable, move to the next.
+      await rm(quarantinePath, { recursive: true, force: true }).catch(() => {});
+      if (await pathExists(quarantinePath)) {
+        continue;
+      }
+    }
+    try {
+      await rename(targetPath, quarantinePath);
+      return quarantinePath;
+    } catch {
+      // Parent likely not writable, or a race recreated the slot — try next.
+    }
+  }
+  return null;
+}
+
 /**
  * Forcefully remove a local checkout directory. Silently ignoring removal
  * failures used to leave the worker wedged in a loop whenever the directory
  * contained files owned by another user (for example, skills synced into the
- * checkout by a process running as root). Instead we attempt to relax
- * permissions and retry, and if that still fails we throw an actionable
- * error so the operator sees the real blocker rather than a confusing
- * downstream `fatal: not a git repository` from the next git command.
+ * checkout by a process running as root). We attempt to relax permissions and
+ * retry; if that still fails we quarantine the directory aside so a fresh
+ * clone can proceed. Only when even the quarantine fails do we throw an
+ * actionable error so the operator sees the real blocker.
  */
 async function forceRemoveCheckout(targetPath) {
   if (!targetPath) {
@@ -617,13 +654,22 @@ async function forceRemoveCheckout(targetPath) {
 
   try {
     await rm(targetPath, { recursive: true, force: true });
+    return;
   } catch (retryErr) {
+    // Multi-user fallback: move the undeletable checkout aside so work can
+    // continue. This unblocks the worker without sudo.
+    const quarantinePath = await quarantineCheckout(targetPath);
+    if (quarantinePath) {
+      return;
+    }
+
     const reason = retryErr && retryErr.message ? retryErr.message : String(retryErr);
     throw new Error(
       `Failed to remove stale repository checkout at ${targetPath}. ` +
-        "The directory likely contains files owned by a different user and must " +
-        `be cleaned up manually (e.g. \`sudo rm -rf ${targetPath}\`) before the ` +
-        `worker can recover. Underlying error: ${reason}`
+        "The directory contains files owned by a different user and its parent " +
+        "directory is not writable, so it could not be removed or quarantined. " +
+        `It must be cleaned up manually (e.g. \`sudo rm -rf ${targetPath}\`) ` +
+        `before the worker can recover. Underlying error: ${reason}`
     );
   }
 }
@@ -687,6 +733,36 @@ async function execGitOutput(repoPath, args) {
   }
 }
 
+/**
+ * Return a truncated unified diff of the current branch against its base, so a
+ * re-invoked implementation run can see what earlier runs already committed and
+ * build on it instead of losing that context. Returns "" when there is no diff
+ * or the diff cannot be produced (best-effort — never throws).
+ *
+ * @param {string} repoPath
+ * @param {string} baseBranch  base to diff against (e.g. "main", "develop")
+ * @param {number} maxChars    hard cap so the diff cannot blow the prompt budget
+ */
+export async function getBranchDiffAgainstBase(repoPath, baseBranch, maxChars = 12_000) {
+  const base = String(baseBranch || "").trim() || (await resolveRemoteDefaultBranch(repoPath));
+  try {
+    // Use the merge-base (`...`) form so only this branch's own changes show,
+    // not commits that merely landed on the base since the branch started.
+    const diff = await execGitOutput(repoPath, ["diff", "--stat=200", `origin/${base}...HEAD`]);
+    const patch = await execGitOutput(repoPath, ["diff", `origin/${base}...HEAD`]);
+    const combined = `${diff.trim()}\n\n${patch.trim()}`.trim();
+    if (!combined) {
+      return "";
+    }
+    if (combined.length <= maxChars) {
+      return combined;
+    }
+    return `${combined.slice(0, maxChars)}\n... [diff truncated at ${maxChars} chars]`;
+  } catch {
+    return "";
+  }
+}
+
 export async function branchHasChangesAgainstMain(repoPath, baseRef) {
   const branch = baseRef || (await resolveRemoteDefaultBranch(repoPath));
   const output = await execGitOutput(repoPath, ["rev-list", "--count", `origin/${branch}..HEAD`]);

package/src/runtime.js

@@ -1,5 +1,6 @@
-import { mkdir, readFile, rename, rm, writeFile } from "node:fs/promises";
+import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
 import path from "node:path";
+import { atomicWriteFile } from "./fs-atomic.js";
 
 export const RUNTIME_DIR_NAME = ".claude-teammate";
 const stateWriteQueues = new Map();
@@ -119,9 +120,7 @@ async function startStateWrite(stateFile, state) {
   let queuedWrite;
   queuedWrite = (async () => {
     await mkdir(path.dirname(stateFile), { recursive: true });
-    const tempFile = `${stateFile}.tmp`;
-    await writeFile(tempFile, `${JSON.stringify(state, null, 2)}\n`, "utf8");
-    await rename(tempFile, stateFile);
+    await atomicWriteFile(stateFile, `${JSON.stringify(state, null, 2)}\n`);
   })().finally(() => {
     if (stateWriteQueues.get(stateFile) === queuedWrite) {
       stateWriteQueues.delete(stateFile);

package/src/worker/forge-sync.js

@@ -406,13 +406,19 @@ export async function transitionLinkedJiraIssueToReview(pullRequestTitle, jira,
       moved: transition.transitioned ? "yes" : "no"
     });
   } catch (error) {
+    // Transitioning Jira is a secondary sync step; it must never fail an
+    // already-completed PR implementation. Log and continue on any error.
     if (error.status === 404) {
       await logger.warn("Linked Jira issue not found, skipping transition to In Review", {
         issue: jiraKey,
         pr: pullRequestNumber
       });
     } else {
-      throw error;
+      await logger.error("Failed to transition linked Jira issue to In Review; continuing", {
+        issue: jiraKey,
+        pr: pullRequestNumber,
+        error
+      });
     }
   }
 }

package/src/worker/github-issue-workflow.js

@@ -28,7 +28,8 @@ import {
   checkCommentAuthorIsMember,
   hasEyesReaction,
   hasPlusOneReaction,
-  isApprovalComment
+  isApprovalComment,
+  parseRequestedBranch
 } from "./pull-request.js";
 import { buildGitHubIssueState } from "./state-builders.js";
 import { buildIssueRefFromContext, parseOptionalInt, summarizeForLog } from "./utils.js";
@@ -210,9 +211,21 @@ export async function processGitHubIssue({
   const approvalComment = isApprovalComment(latestComment.body);
 
   if (approvalComment) {
-    const englishSlug = githubIssueMemory.branch_name ? "" : await runClaudeBranchSlug(detail.title, projectRoot);
+    // Branch selection priority: (1) a branch already persisted in memory,
+    // (2) a branch the developer named explicitly in the description or the
+    // approval comment, (3) an LLM-slug fallback. Honoring (2) stops the bot
+    // from ignoring "dùng nhánh feature/x" and inventing an unstable slug.
+    const requestedBranch = githubIssueMemory.branch_name
+      ? { branch: "", base: "" }
+      : parseRequestedBranch(`${detail.body || ""}\n${latestComment.body || ""}`);
+    const englishSlug =
+      githubIssueMemory.branch_name || requestedBranch.branch
+        ? ""
+        : await runClaudeBranchSlug(detail.title, projectRoot);
     const nextBranchName =
-      githubIssueMemory.branch_name || buildImplementationBranchName(detail.title, detail.number, englishSlug);
+      githubIssueMemory.branch_name ||
+      requestedBranch.branch ||
+      buildImplementationBranchName(detail.title, detail.number, englishSlug);
     const existingPr = await github.findPullRequestByHead(githubIssueMemory.repo_url, nextBranchName);
     if (!existingPr) {
       githubIssueMemory.pr_url = "";
@@ -260,7 +273,13 @@ export async function processGitHubIssue({
       }
 
       const repoEpicEntry = (approvalEpicMemory?.repos || []).find((r) => r.url === githubIssueMemory.repo_url);
-      const baseBranch = repoEpicEntry?.working_branch || (await github.getDefaultBranch(githubIssueMemory.repo_url));
+      // A base/target branch the developer named explicitly (e.g. "base lên
+      // develop") wins over the epic's working branch and the repo default, so
+      // the PR is opened against the branch they actually asked for.
+      const baseBranch =
+        requestedBranch.base ||
+        repoEpicEntry?.working_branch ||
+        (await github.getDefaultBranch(githubIssueMemory.repo_url));
       await services.pullLatest(githubIssueMemory.local_path);
 
       // Use a short-lived worktree to create the branch so the primary clone

package/src/worker/pollers/draft-pull-requests.js

@@ -75,7 +75,7 @@ export function createDraftPullRequestPoller({
 
     const latestComment = getLatestGitHubComment(detail.comments);
     if (!latestComment || isForgeBotAuthor(latestComment.author, botUser)) {
-      await logger.info("Draft PR has no actionable human comment, not queueing for work", {
+      await logger.debug("Draft PR has no actionable human comment, not queueing for work", {
         pr: pullRequest.number,
         repo: pullRequest.repoUrl
       });

package/src/worker/pollers/tracked-issues.js

@@ -70,7 +70,7 @@ export function createTrackedIssuePoller({
     const detail = await provider.fetchIssue(repo.url, issue.number);
     const latestComment = getLatestGitHubComment(detail.comments);
     if (!latestComment || isForgeBotAuthor(latestComment.author, botUser)) {
-      await logger.info("GitHub issue has no actionable human comment, not queueing for work", {
+      await logger.debug("GitHub issue has no actionable human comment, not queueing for work", {
         issue: issue.number,
         repo: issue.repoUrl
       });

package/src/worker/pull-request-workflow-support.js

@@ -9,6 +9,7 @@ import {
   branchHasChangesAgainstMain,
   commitAndPushRepoChanges,
   ensureWorktreeForBranch,
+  getBranchDiffAgainstBase,
   prepareRepoForBranch,
   removeWorktree
 } from "../repo.js";
@@ -88,6 +89,7 @@ export function createPullRequestImplementationServices(overrides = {}) {
     clearForgePullRequestBlocked,
     ensureWorktreeForBranch,
     removeWorktree,
+    getBranchDiffAgainstBase,
     commitPartialPullRequestChanges: (repo, detail, logger) => commitPartialPullRequestChanges(repo, detail, logger),
     ...overrides
   };
@@ -178,6 +180,14 @@ export async function processPullRequestImplementation({
     const issueKey = githubIssueMemory?.jira_key || `PR-${detail.number}`;
     const epicSnapshot = buildEpicMemoryPromptSnapshot(epicMemory);
 
+    // Re-ground the run on any work earlier runs already committed to this
+    // branch. Without this, a re-invocation triggered by a PR comment loses the
+    // context of what was done and re-implements or reverts prior changes.
+    const branchDiff =
+      typeof services.getBranchDiffAgainstBase === "function"
+        ? await services.getBranchDiffAgainstBase(repoPath, detail.baseRef)
+        : "";
+
     // Proactively break down large PRs before attempting full implementation
     if (!inStepMode && nextBody.length > 5000) {
       try {
@@ -248,6 +258,7 @@ export async function processPullRequestImplementation({
         step: stepText,
         memory: { epic: epicSnapshot },
         epicContext: epicMemory,
+        branchDiff,
         repoPath,
         repoPaths: repoAccess.repoPaths,
         branchName: detail.headRef,
@@ -296,6 +307,7 @@ export async function processPullRequestImplementation({
         memory: { epic: epicSnapshot },
         epicContext: epicMemory,
         latestComment,
+        branchDiff,
         repoPath,
         repoPaths: repoAccess.repoPaths,
         branchName: detail.headRef,

package/src/worker/pull-request.js

@@ -310,6 +310,66 @@ export function buildImplementationBranchName(title, issueNumber, englishSlug =
   return `${type}/${id}${suffix}`;
 }
 
+// A git ref a human would actually type: optional type prefix then a path.
+// Deliberately strict so prose around the keyword ("the develop environment")
+// does not get mistaken for a branch request.
+const BRANCH_TOKEN = "[A-Za-z0-9]/(?:[A-Za-z0-9._-]+/?)*[A-Za-z0-9._-]|[A-Za-z][A-Za-z0-9._/-]*[A-Za-z0-9]";
+// Filler words that can sit between the keyword and the ref ("base it on X",
+// "base lên X", "checkout the X branch") — consumed so they are not captured
+// as the branch name.
+const BRANCH_CONNECTOR = "(?:branch\\s+)?(?:it\\s+)?(?:the\\s+)?(?:on(?:to)?|off(?:\\s+of)?|lên|vào|từ)?";
+// Single-word tokens that are never a real branch name; if the capture lands on
+// one, the directive was prose, not a request.
+const BRANCH_STOPWORDS = new Set([
+  "the",
+  "it",
+  "this",
+  "that",
+  "a",
+  "an",
+  "on",
+  "to",
+  "of",
+  "your",
+  "my",
+  "our",
+  "please",
+  "and",
+  "for",
+  "branch",
+  "nhánh"
+]);
+
+function matchBranchDirective(text, keywords) {
+  const source = String(text || "");
+  // Accept "branch: x", "branch = x", "use branch `x`", "nhánh x", "base on x",
+  // quoted or backticked. Scan all matches and take the first that is an actual
+  // ref token (not a stopword), so filler between keyword and ref is skipped.
+  const re = new RegExp(`(?:${keywords})\\s*${BRANCH_CONNECTOR}\\s*[:=]?\\s*[\`'"]?(${BRANCH_TOKEN})[\`'"]?`, "giu");
+  let m = re.exec(source);
+  while (m) {
+    const candidate = m[1].trim();
+    if (candidate && !BRANCH_STOPWORDS.has(candidate.toLowerCase())) {
+      return candidate;
+    }
+    m = re.exec(source);
+  }
+  return "";
+}
+
+// Extract a branch and/or base branch the developer explicitly asked for in an
+// issue description / comment. Returns "" for any field not specified. The
+// caller prefers these over an LLM-generated slug so the bot stops ignoring
+// "dùng nhánh feature/x" / "base lên develop".
+export function parseRequestedBranch(text) {
+  const branch = matchBranchDirective(text, "branch|nhánh|use\\s+branch|dùng\\s+nhánh|checkout");
+  const base = matchBranchDirective(text, "base(?:\\s+branch)?|target(?:\\s+branch)?|base\\s+lên|lên\\s+nhánh");
+  return {
+    branch: branch && branch !== base ? branch : "",
+    base: base || ""
+  };
+}
+
 function detectBranchType(title) {
   const t = String(title || "");