@seanyao/roll 2026.522.1 → 2026.523.1

package/bin/roll

@@ -4,7 +4,7 @@ set -euo pipefail
 # Roll — AI Agent Convention Manager
 # Single source of truth for how all AI coding agents behave.
 
-VERSION="2026.522.1"
+VERSION="2026.523.1"
 ROLL_HOME="${ROLL_HOME:-${HOME}/.roll}"
 ROLL_CONFIG="${ROLL_HOME}/config.yaml"
 ROLL_GLOBAL="${ROLL_HOME}/conventions/global"
@@ -59,6 +59,9 @@ ai_tool_name() {
   elif [[ "$bn" == "agent" || "$bn" == "workspace" ]]; then
     bn="$(basename "$(dirname "$dir")" | sed 's/^\.//')"
   fi
+  # Antigravity (agy) reuses ~/.gemini/ from the deprecated Gemini CLI for
+  # its config dir, so a literal `gemini` basename now identifies agy.
+  [[ "$bn" == "gemini" ]] && bn="agy"
   echo "$bn"
 }
 
@@ -94,6 +97,123 @@ _is_ai_installed() {
   return 1
 }
 
+# ─── Spinner: TTY-aware status display for long-running steps (US-REL-003) ───
+# _spin_setup [off]
+#   Opens FD 3 for spinner output. Without args: FD 3 → stdout if interactive,
+#   else stderr (best-effort visibility for the operator). With "off": FD 3
+#   → /dev/null, silencing all _spin output (useful for scripts that drive
+#   release.sh in non-interactive contexts but still want exit codes).
+_spin_setup() {
+  if [ "${1:-}" = "off" ]; then
+    exec 3>/dev/null
+    return 0
+  fi
+  if [ -t 1 ]; then
+    # Interactive: spinner shares stdout with normal program output.
+    exec 3>&1
+  else
+    # Non-interactive (stdout redirected to file / piped): route the spinner
+    # trail to stderr so it stays visible in CI logs and never pollutes the
+    # caller's redirected stdout (e.g. > release_notes.txt). FD 3 will be
+    # plain-text mode whenever stderr is also not a TTY.
+    exec 3>&2
+  fi
+}
+
+# _spin <label> <cmd> [args...]
+#   Runs cmd with a status indicator written to FD 3 only. cmd's own
+#   stdout (FD 1) and stderr (FD 2) pass through untouched, so caller-side
+#   `>file` and `2>file` redirections on the _spin call behave normally.
+#
+#   FD 3 is a TTY (or ROLL_SPIN_FORCE_TTY=1):
+#     ⠋ label [Ns]  (refreshed ~10/s, line-cleared with \r\033[2K)
+#     final: ✓ label (Ns)   on success
+#            ✗ label (rc=N, Ns) on failure
+#
+#   FD 3 not a TTY (CI, pipes, `2>&1 | tee`):
+#     » label...   on start
+#     done label (Ns)            on success
+#     fail label (rc=N, Ns)      on failure
+#
+#   Returns wrapped cmd's exit code (transparent under `set -e` callers
+#   when used in `if`/`&&`/`||` contexts).
+_spin() {
+  local _label="$1"
+  shift
+
+  local _spin_tty=0
+  if [ "${ROLL_SPIN_FORCE_TTY:-}" = "1" ] || [ -t 3 ]; then
+    _spin_tty=1
+  fi
+
+  local _spin_start=$SECONDS
+  local _spin_pid=""
+
+  if [ "$_spin_tty" = "1" ]; then
+    # Bash 3.2-safe: indexed array of braille frames.
+    local _spin_frames
+    _spin_frames=( $'\xe2\xa0\x8b' $'\xe2\xa0\x99' $'\xe2\xa0\xb9' $'\xe2\xa0\xb8' $'\xe2\xa0\xbc' $'\xe2\xa0\xb4' $'\xe2\xa0\xa6' $'\xe2\xa0\xa7' $'\xe2\xa0\x87' $'\xe2\xa0\x8f' )
+    # Print initial frame at t=0 so users see something immediately.
+    printf '\r\033[2K%s %s [0s]' "${_spin_frames[0]}" "$_label" >&3 2>/dev/null || true
+    # Only animate when FD 3 is a real TTY — when force-on for tests, skip
+    # the background animator so the test gets deterministic output (the
+    # initial frame, the cleared final frame).
+    if [ -t 3 ]; then
+      (
+        set +e +u 2>/dev/null
+        local _i=1
+        local _t0=$_spin_start
+        while :; do
+          sleep 0.1
+          local _e=$(( SECONDS - _t0 ))
+          printf '\r\033[2K%s %s [%ds]' "${_spin_frames[$_i]}" "$_label" "$_e" >&3 2>/dev/null || true
+          _i=$(( (_i + 1) % 10 ))
+        done
+      ) &
+      _spin_pid=$!
+      # Kill spinner on Ctrl-C / SIGTERM / EXIT. Save no prior trap because
+      # release.sh and its callers install no traps of their own; if a
+      # future caller does, _spin's scope is short and traps are restored
+      # to default after reaping.
+      # shellcheck disable=SC2064
+      trap "kill ${_spin_pid} 2>/dev/null; wait ${_spin_pid} 2>/dev/null; trap - INT TERM EXIT; exit 130" INT TERM
+      # shellcheck disable=SC2064
+      trap "kill ${_spin_pid} 2>/dev/null; wait ${_spin_pid} 2>/dev/null" EXIT
+    fi
+  else
+    printf '» %s...\n' "$_label" >&3 2>/dev/null || true
+  fi
+
+  local _spin_rc=0
+  if [ "$#" -gt 0 ]; then
+    "$@" || _spin_rc=$?
+  fi
+
+  if [ -n "$_spin_pid" ]; then
+    kill "$_spin_pid" 2>/dev/null || true
+    wait "$_spin_pid" 2>/dev/null || true
+    trap - INT TERM EXIT
+  fi
+
+  local _spin_elapsed=$(( SECONDS - _spin_start ))
+
+  if [ "$_spin_tty" = "1" ]; then
+    if [ "$_spin_rc" -eq 0 ]; then
+      printf '\r\033[2K✓ %s (%ds)\n' "$_label" "$_spin_elapsed" >&3 2>/dev/null || true
+    else
+      printf '\r\033[2K✗ %s (rc=%d, %ds)\n' "$_label" "$_spin_rc" "$_spin_elapsed" >&3 2>/dev/null || true
+    fi
+  else
+    if [ "$_spin_rc" -eq 0 ]; then
+      printf 'done %s (%ds)\n' "$_label" "$_spin_elapsed" >&3 2>/dev/null || true
+    else
+      printf 'fail %s (rc=%d, %ds)\n' "$_label" "$_spin_rc" "$_spin_elapsed" >&3 2>/dev/null || true
+    fi
+  fi
+
+  return "$_spin_rc"
+}
+
 # ─── Helper: read config value ───────────────────────────────────────────────
 config_get() {
   local key="$1"
@@ -136,7 +256,7 @@ _ensure_config_entries() {
 
   local -a default_keys=(
     "ai_claude:~/.claude|CLAUDE.md|CLAUDE.md"
-    "ai_gemini:~/.gemini|GEMINI.md|GEMINI.md"
+    "ai_agy:~/.gemini|GEMINI.md|GEMINI.md"
     "ai_kimi:~/.kimi|AGENTS.md|AGENTS.md"
     "ai_codex:~/.codex|AGENTS.md|AGENTS.md"
     "ai_cursor:~/.cursor|.cursor-rules|.cursor-rules"
@@ -202,16 +322,25 @@ safe_copy() {
     if diff -q "$src" "$dst" &>/dev/null; then
       return  # identical, skip silently
     fi
+    # Non-interactive (stdin is not a terminal): silently overwrite.
+    # _run_setup_step / cmd_update redirect stdin to /dev/null and all
+    # stdout/stderr is suppressed — prompting here would either hang on a
+    # hidden read or silently default to overwrite. Be explicit.
+    if [[ ! -t 0 ]]; then
+      cp "$src" "$dst"
+      ok "Wrote: ${dst/#$HOME/~}  已写入: ${dst/#$HOME/~}"
+      return
+    fi
     echo ""
     warn "File exists and differs: ${dst/#$HOME/~}  文件已存在且内容不同: ${dst/#$HOME/~}"
     echo -e "  ${BOLD}Overwrite?${NC} [Y/n/d(iff)] "
-    read -r answer
+    read -r answer || answer="Y"
     case "$answer" in
       d|D|diff)
         diff --color=auto "$dst" "$src" || true
         echo ""
         echo -e "  ${BOLD}Overwrite?${NC} [Y/n] "
-        read -r answer2
+        read -r answer2 || answer2="Y"
         [[ "$answer2" =~ ^[Nn]$ ]] && { info "Skipped: ${dst/#$HOME/\~}  已跳过: ${dst/#$HOME/\~}"; return; }
         ;;
       n|N) info "Skipped: ${dst/#$HOME/~}  已跳过: ${dst/#$HOME/~}"; return ;;
@@ -606,7 +735,7 @@ _run_setup_step() {
   local watch="$1"; shift
   local before after
   before=$(_setup_snapshot "$watch")
-  if "$@" >/dev/null 2>&1; then
+  if "$@" </dev/null >/dev/null 2>&1; then
     after=$(_setup_snapshot "$watch")
     if [[ "$before" == "$after" ]]; then
       _ROLL_SETUP_STATE="unchanged"
@@ -763,6 +892,40 @@ HINT
 # in (or opted out) don't get spammed each upgrade.
 cmd_doctor() {
   _doctor_pr_section
+  _doctor_launchd_stale_section
+}
+
+# FIX-097: scan ${_LAUNCHD_DIR}/com.roll.*.plist for entries whose
+# WorkingDirectory no longer exists on disk. These are the ghost agents left
+# behind when a user manually reproduces a bug under /private/tmp/ or
+# /var/folders/ — the auto-sandbox redirects plist writes but launchctl
+# bootstrap (before this fix) registered them anyway. Print labels +
+# cleanup hint; never auto-delete (host launchctl state is user-owned).
+_doctor_launchd_stale_section() {
+  [[ "$(uname)" == "Darwin" ]] || return 0
+  local dir="${_LAUNCHD_DIR:-${HOME}/Library/LaunchAgents}"
+  [[ -d "$dir" ]] || return 0
+
+  local found=0 plist label wd
+  for plist in "$dir"/com.roll.*.plist; do
+    [[ -e "$plist" ]] || continue
+    wd=$(awk '
+      /<key>WorkingDirectory<\/key>/ { getline; gsub(/.*<string>|<\/string>.*/, ""); print; exit }
+    ' "$plist" 2>/dev/null)
+    [[ -n "$wd" ]] || continue
+    [[ -d "$wd" ]] && continue
+    if [[ "$found" -eq 0 ]]; then
+      echo ""
+      echo "Stale launchd plists  无效的 launchd 服务"
+      echo ""
+      found=1
+    fi
+    label=$(basename "$plist" .plist)
+    echo "  ⚠ ${label}"
+    echo "    WorkingDirectory missing: ${wd}"
+    echo "    路径已失效，可清理: launchctl bootout gui/$(id -u)/${label}; rm '${plist}'"
+  done
+  return 0
 }
 
 _doctor_pr_section() {
@@ -1784,7 +1947,7 @@ PY
   fi
   if [ "${#plists[@]}" -gt 0 ]; then
     for item in "${plists[@]}"; do
-      launchctl unload -w "$HOME/Library/LaunchAgents/$item" 2>/dev/null && echo "    unloaded     $item"
+      _launchctl_safe unload -w "$HOME/Library/LaunchAgents/$item" 2>/dev/null && echo "    unloaded     $item"
       rm -f "$HOME/Library/LaunchAgents/$item" 2>/dev/null
     done
   fi
@@ -2495,19 +2658,23 @@ _peer_route() {
 }
 
 # Open a Terminal.app window attached to the given tmux session (peer
-# auto-attach). No-ops when muted, non-macOS, or osascript unavailable.
+# auto-attach). No-ops when muted or non-macOS.
 # FIX-054: terminal selection removed — always dispatches to macOS
 # Terminal.app for predictability (per-user detection silently failed on
 # Ghostty upgrades).
+# Uses `open -g` so the window appears in the background and does not steal
+# focus from the user's active app (replaces a prior osascript-based
+# capture-frontmost / restore-focus dance that triggered LaunchServices
+# "where is <app>" prompts when the active process name differed from its
+# .app bundle name, e.g. MSTeams vs Microsoft Teams.app).
 _peer_auto_attach() {
   local session="$1"
   [ "$(uname)" = "Darwin" ] || return 0
   [ -f "$_LOOP_MUTE_FILE" ] && return 0
-  command -v osascript >/dev/null 2>&1 || return 0
-  osascript \
-    -e 'tell application "System Events" to set _prev to name of first application process whose frontmost is true' \
-    -e "tell application \"Terminal\" to do script \"tmux attach -t $session\"" \
-    -e 'delay 0.3' -e 'try' -e 'tell application _prev to activate' -e 'end try' >/dev/null 2>&1 || true
+  local attach_cmd="${_SHARED_ROOT}/loop/attach-${session}.command"
+  printf '#!/bin/bash\nexec tmux attach -t %s\n' "$session" > "$attach_cmd" 2>/dev/null || return 0
+  chmod +x "$attach_cmd" 2>/dev/null || return 0
+  open -g -a Terminal "$attach_cmd" >/dev/null 2>&1 || true
 }
 
 # Dispatch a peer CLI command inside an existing tmux session (window 0).
@@ -2976,10 +3143,13 @@ _agent_argv() {
         interactive) _AGENT_ARGV=(opencode "$prompt") ;;
         *)           _AGENT_ARGV=(opencode run "$prompt") ;;
       esac ;;
-    gemini)
-      # gemini integration is interactive-only for now (used by onboard flow).
+    agy)
+      # Antigravity (agy) replaces the deprecated Google Gemini CLI as of
+      # late 2025. agy reuses ~/.gemini/ for config and reads GEMINI.md
+      # natively, so the convention sync target is unchanged — only the
+      # invoked binary changes. Interactive-only (used by onboard flow).
       case "$mode" in
-        interactive) _AGENT_ARGV=(gemini "$prompt") ;;
+        interactive) _AGENT_ARGV=(agy -i "$prompt") ;;
         *) return 1 ;;
       esac ;;
     *) return 1 ;;
@@ -3072,7 +3242,7 @@ _slides_lib() {
 # Returns 0 + prints the path if the template exists, else returns 1.
 _slides_template_path() {
   local name="$1"
-  local tpl="${ROLL_PKG_DIR}/site/slides/templates/${name}.html"
+  local tpl="${ROLL_PKG_DIR}/lib/slides/templates/${name}.html"
   if [[ -f "$tpl" ]]; then
     printf '%s' "$tpl"
     return 0
@@ -3702,8 +3872,12 @@ _slug_migrate_from_legacy() {
     [[ "$(uname -s 2>/dev/null)" == "Darwin" ]] || return 0
     # Compute the pre-FIX-056 slug: same algorithm but without realpath.
     local raw_path; raw_path=$(pwd 2>/dev/null)
+    # FIX-094: `_common=$(...)` as a standalone assignment statement inherits the
+    # command's exit code; `set -e` aborts the whole script when cwd is non-git
+    # (git rev-parse exits 128). `|| true` keeps probing semantics — we WANT to
+    # detect "no git" by empty output, not by killing the script.
     local _common
-    _common=$(git -C "$raw_path" rev-parse --git-common-dir 2>/dev/null)
+    _common=$(git -C "$raw_path" rev-parse --git-common-dir 2>/dev/null) || true
     if [[ -n "$_common" && "$_common" == *"/.git" ]]; then
       raw_path="${_common%/.git}"
     fi
@@ -3761,7 +3935,7 @@ PYEOF
 
   local old_plist=~/Library/LaunchAgents/com.roll.loop.${old_slug}.plist
   if [[ -f "$old_plist" ]]; then
-    launchctl unload "$old_plist" 2>/dev/null || true
+    _launchctl_safe unload "$old_plist" 2>/dev/null || true
     rm -f "$old_plist"
   fi
 
@@ -3838,6 +4012,13 @@ if [ -z "${_LAUNCHD_DIR:-}" ]; then
         _LAUNCHD_DIR="${_SHARED_ROOT}/LaunchAgents"
         mkdir -p "$_LAUNCHD_DIR"
         export _LAUNCHD_DIR
+        # FIX-097: same trigger that sandboxed the plist FILE path must also
+        # short-circuit every `launchctl bootstrap/load/unload/enable` against
+        # that path. Otherwise a user who reproduces a bug under /private/tmp/
+        # or /var/folders/ ends up with sandboxed plists registered in their
+        # real gui/<uid> domain — when the tmp dir is cleaned, the agents become
+        # ghosts that fire forever (the historical 23:13 CST Terminal popup).
+        export _LAUNCHD_SKIP_REGISTRY=1
       fi
       unset _roll_in_test_ctx _roll_caller
       ;;
@@ -3964,6 +4145,25 @@ _launchd_label() {
   printf 'com.roll.%s.%s' "$service" "$(_project_slug "$project_path")"
 }
 
+# FIX-097: central skip predicate consulted by every launchctl invocation that
+# operates on a plist path Roll wrote. Returns 0 (skip) when either:
+#   - explicit: _LAUNCHD_SKIP_REGISTRY=1 was exported (tests, future opt-out)
+#   - implicit: _LAUNCHD_DIR is a child of _SHARED_ROOT (auto-sandbox active)
+# Returns 1 (do not skip) in production.
+#
+# History: FIX-090 introduced the same logic INSIDE _install_launchd_plists.
+# FIX-097 hoists it to a helper because the bootstrap call inside
+# _install_launchd_plists was not the only leak: _loop_on / _loop_off /
+# _loop_pause / _loop_resume each had bare `launchctl load/unload/enable`
+# calls that bypassed the gate.
+_launchd_should_skip_registry() {
+  [[ "${_LAUNCHD_SKIP_REGISTRY:-}" == "1" ]] && return 0
+  case "${_LAUNCHD_DIR:-}/" in
+    "${_SHARED_ROOT:-/nonexistent}"/*) return 0 ;;
+  esac
+  return 1
+}
+
 _launchd_plist_path() {
   local service="$1" project_path="$2"
   printf '%s/%s.plist' "$_LAUNCHD_DIR" "$(_launchd_label "$service" "$project_path")"
@@ -3992,16 +4192,34 @@ _write_launchd_plist() {
       ;;
   esac
 
-  local hour_xml=""
-  [[ -n "$hour" ]] && hour_xml="    <key>Hour</key>
-    <integer>${hour}</integer>
-"
-
   # FIX-050: bake PATH into the plist so launchd-spawned bash can find tmux,
   # claude, node, etc. The runner script also re-asserts PATH at runtime as
   # a second layer (covers stale plists where brew was installed after setup).
   local path_value; path_value=$(_detect_path_prepend)
 
+  # FIX-105: macOS 26.4 launchd silently refuses to fire StartCalendarInterval
+  # entries that contain BOTH Hour and Minute keys (verified: runs stays 0,
+  # last exit "never exited", no log output, the calendarinterval trigger is
+  # registered but never invoked by UserEventAgent-Aqua). Single-Minute (hourly)
+  # entries still fire fine. Workaround: when an Hour is provided (daily
+  # schedule), emit StartInterval=86400 (24h period) instead. First fire is
+  # bootstrap+24h rather than the exact requested wall-clock time — acceptable
+  # trade since the alternative was "never fires at all" (dream/brief broken
+  # for 4+ days). The Minute/Hour args are still kept in the function signature
+  # for callers that may want to filter at runtime, but they no longer steer
+  # the plist trigger format for daily schedules.
+  local schedule_xml
+  if [[ -n "$hour" ]]; then
+    schedule_xml="  <key>StartInterval</key>
+  <integer>86400</integer>"
+  else
+    schedule_xml="  <key>StartCalendarInterval</key>
+  <dict>
+    <key>Minute</key>
+    <integer>${minute}</integer>
+  </dict>"
+  fi
+
   local content
   content="<?xml version=\"1.0\" encoding=\"UTF-8\"?>
 <!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
@@ -4020,11 +4238,7 @@ _write_launchd_plist() {
     <key>PATH</key>
     <string>${path_value}</string>
   </dict>
-  <key>StartCalendarInterval</key>
-  <dict>
-    <key>Minute</key>
-    <integer>${minute}</integer>
-${hour_xml}  </dict>
+${schedule_xml}
   <key>WorkingDirectory</key>
   <string>${project_path}</string>
 </dict>
@@ -4195,14 +4409,43 @@ _inner_cleanup() {
      && [ -n "\${CYCLE_ID:-}" ]; then
     _unpushed=\$(cd "\$WT" && git rev-list --count "origin/main..HEAD" 2>/dev/null || echo 0)
     if [ "\${_unpushed:-0}" -gt 0 ]; then
-      _orphan_tag="loop-orphan-\${CYCLE_ID}"
-      if ( cd "\$WT" && git push origin "\$BRANCH" 2>/dev/null \\
-           && git tag "\$_orphan_tag" 2>/dev/null \\
-           && git push origin "\$_orphan_tag" 2>/dev/null ); then
-        _loop_event cycle_end "\${CYCLE_ID}" "\${BRANCH:-}" "orphan" 2>/dev/null || true
+      # FIX-091: prefer a real PR so auto-merge lands the work; tag-only is the
+      # last-resort because it requires manual cherry-pick. Emit cycle_end "done"
+      # (canonical success status the dashboard recognizes) when PR publishes.
+      # FIX-099: compute tcr_count + built[] from the worktree (it's still alive
+      # at EXIT trap time) so runs.jsonl and ALERT carry truthful data.
+      _orphan_tcr=0
+      _orphan_built="[]"
+      if command -v jq >/dev/null 2>&1; then
+        _orphan_tcr=\$(cd "\$WT" && git log --oneline "origin/main..HEAD" 2>/dev/null | grep -c ' tcr:' || echo 0)
+        _orphan_built=\$(cd "\$WT" && git log --oneline "origin/main..HEAD" 2>/dev/null \
+          | grep ' tcr:' \
+          | grep -oE '\b(FIX|US|REFACTOR|CHORE)-[0-9]+\b' \
+          | sort -u \
+          | jq -R -s 'split("\n") | map(select(length>0))' 2>/dev/null || echo "[]")
+      fi
+      _slug=""
+      if _gh_resolve _slug \\
+         && ( cd "\$WT" && _loop_publish_pr "\$BRANCH" "loop cycle \${CYCLE_ID}" ) >/dev/null 2>&1; then
+        _loop_event cycle_end "\${CYCLE_ID}" "\${BRANCH:-}" "done" 2>/dev/null || true
         _CYCLE_END_WRITTEN=1
-        _runs_append "orphan" 0 "[]" 2>/dev/null || true
-        _worktree_alert "cycle \${CYCLE_ID}: aborted with \${_unpushed} commits; FIX-086 pushed orphan tag \${_orphan_tag}" 2>/dev/null || true
+        # FIX-099: pass real tcr_count + built[] instead of 0/"[]"
+        _runs_append "done" "\${_orphan_tcr}" "\${_orphan_built}" 2>/dev/null || true
+        # FIX-099: three-field ALERT so callers can distinguish recovered orphan
+        # from a cycle's normally-picked story (was: "FIX-091 published as PR"
+        # which leaked a hardcoded string regardless of what was actually built).
+        _worktree_alert "cycle \${CYCLE_ID}: recovered_from_orphan=yes; tcr_commits=\${_orphan_tcr}; stories=\${_orphan_built}; pr_branch=\${BRANCH:-unknown}" 2>/dev/null || true
+      else
+        _orphan_tag="loop-orphan-\${CYCLE_ID}"
+        if ( cd "\$WT" && git push origin "\$BRANCH" 2>/dev/null \\
+             && git tag "\$_orphan_tag" 2>/dev/null \\
+             && git push origin "\$_orphan_tag" 2>/dev/null ); then
+          _loop_event cycle_end "\${CYCLE_ID}" "\${BRANCH:-}" "orphan" 2>/dev/null || true
+          _CYCLE_END_WRITTEN=1
+          # FIX-099: pass real tcr_count + built[] for the orphan-tag path too
+          _runs_append "orphan" "\${_orphan_tcr}" "\${_orphan_built}" 2>/dev/null || true
+          _worktree_alert "cycle \${CYCLE_ID}: recovered_from_orphan=yes; tcr_commits=\${_orphan_tcr}; stories=\${_orphan_built}; FIX-086 pushed orphan tag \${_orphan_tag}" 2>/dev/null || true
+        fi
       fi
     fi
   fi
@@ -4252,6 +4495,10 @@ WT="\$(_worktree_path "${slug}" "cycle-\${CYCLE_ID}")"
 BRANCH="loop/cycle-\${CYCLE_ID}"
 _USE_WORKTREE=0
 cd "${project_path}" 2>/dev/null || true
+# FIX-104: GC stale merged temp branches at cycle entry — before worktree setup
+# and before any early-exit gate (pre-run abort, CI red precheck). The post-claude
+# call site doesn't cover those paths, so merged branches accumulated on origin.
+_loop_cleanup_stale_cycle_branches "${project_path}" || true
 # FIX-040: orphan worktree recovery — scan for worktrees left by previous failed
 # cycles (publish failed or inner script was SIGKILL'd). Attempt to publish each
 # before starting the new cycle. Glob is chronological via timestamp in name.
@@ -4479,9 +4726,6 @@ if [ "\$_USE_WORKTREE" = "1" ]; then
   fi
 fi
 
-# US-AUTO-040: fallback GC — delete remote loop/cycle-* branches already merged to main.
-_loop_cleanup_stale_cycle_branches "${project_path}" || true
-
 # FIX-044 / Step 5: Write loop cycle run summary to runs.jsonl
 # Deterministic — runs in shell regardless of whether agent executes SKILL.md Step 5.
 # US-LOOP-005: now routed through _runs_append so timeout/worktree-setup-fail
@@ -4588,13 +4832,16 @@ if command -v tmux >/dev/null 2>&1; then
   # to the tmux session so the user can watch the loop work in real time.
   # FIX-054: terminal selection removed — fixed to macOS Terminal.app for
   # predictability (per-user detection silently failed on Ghostty upgrades).
-  # Best-effort focus retention: capture the current frontmost app and
-  # re-activate after.
-  if [ -z "\${ROLL_LOOP_NO_POPUP:-}" ] && [ -z "\${BATS_TEST_NUMBER:-}" ] && [ ! -f "\$HOME/.shared/roll/loop/mute-${slug}" ] && [ "\$(uname)" = "Darwin" ] && command -v osascript >/dev/null 2>&1; then
-    osascript \\
-      -e 'tell application "System Events" to set _prev to name of first application process whose frontmost is true' \\
-      -e "tell application \"Terminal\" to do script \"tmux attach -t \$SESSION\"" \\
-      -e 'delay 0.3' -e 'try' -e 'tell application _prev to activate' -e 'end try' >/dev/null 2>&1 || true
+  # Uses \`open -g\` so the window appears in the background and does not steal
+  # focus. Replaces a prior osascript capture-frontmost / restore-focus dance
+  # that triggered LaunchServices "where is <app>" prompts when the active
+  # process name differed from its .app bundle name (e.g. MSTeams vs
+  # Microsoft Teams.app).
+  if [ -z "\${ROLL_LOOP_NO_POPUP:-}" ] && [ -z "\${BATS_TEST_NUMBER:-}" ] && [ ! -f "\$HOME/.shared/roll/loop/mute-${slug}" ] && [ "\$(uname)" = "Darwin" ]; then
+    _attach_cmd="\$HOME/.shared/roll/loop/attach-\$SESSION.command"
+    printf '#!/bin/bash\\nexec tmux attach -t %s\\n' "\$SESSION" > "\$_attach_cmd" 2>/dev/null || true
+    chmod +x "\$_attach_cmd" 2>/dev/null || true
+    open -g -a Terminal "\$_attach_cmd" >/dev/null 2>&1 || true
   fi
   _OUTER_TIMEOUT=\$(( \${ROLL_LOOP_CYCLE_TIMEOUT_SEC:-2700} + 300 ))
   _outer_wait_start=\$(date +%s)
@@ -4614,17 +4861,67 @@ SCRIPT
 }
 
 _launchd_is_loaded() {
-  launchctl print-disabled "gui/$(id -u)" 2>/dev/null | grep -qF "\"$1\" => enabled"
+  # FIX-098: probe actual launchd registry via `launchctl print`, NOT
+  # `launchctl print-disabled`. The disabled-overrides DB only tracks
+  # labels explicitly enabled/disabled by the user — after `roll loop off`
+  # (bootout) + `roll update` the label stays absent from the overrides DB,
+  # so the old grep returned false-positive "loaded". `launchctl print`
+  # returns exit 0 only when the agent is actually registered in the current
+  # launchd session; non-zero means the label is unknown to launchd.
+  launchctl print "gui/$(id -u)/$1" >/dev/null 2>&1
+}
+
+# FIX-101 tripwire: refuse to mutate the host's launchd session when
+# _LAUNCHD_DIR has been sandboxed (i.e. is not the canonical
+# ${HOME}/Library/LaunchAgents). Tests that auto-sandbox _LAUNCHD_DIR for
+# isolation (FIX-087) may still forget to set _LAUNCHD_SKIP_REGISTRY=1 or
+# stub the launchctl binary; without this defensive layer the production
+# label's plist path can get overwritten with a transient sandbox path,
+# leading to launchd EX_CONFIG (exit 78) when the tmp dir is later cleaned
+# and the next scheduled fire can't find the plist. Read-only ops (print*,
+# list, version) are always allowed since they have no side effects.
+_launchctl_safe() {
+  # Read-only ops are always safe (no host launchd state mutation).
+  case "${1:-}" in
+    print|print-disabled|list|version|dumpstate|examine)
+      launchctl "$@"
+      return $?
+      ;;
+  esac
+  # If `launchctl` has been replaced by a function stub (typical in bats tests
+  # that want to assert against captured calls), pass through to the stub.
+  # Stubs by definition don't touch host launchd, so this is safe; and tests
+  # like `_install_launchd_plists: bootout targets gui/<uid>/<label>` rely on
+  # the literal call landing in their captured log.
+  if [[ "$(type -t launchctl 2>/dev/null)" == "function" ]]; then
+    launchctl "$@"
+    return $?
+  fi
+  # Real launchctl binary path: refuse to mutate when _LAUNCHD_DIR has been
+  # sandboxed (i.e. is not the canonical ${HOME}/Library/LaunchAgents). This
+  # is the FIX-101 defensive layer — when a test forgets to stub launchctl
+  # AND has _LAUNCHD_DIR sandboxed, prevent the call from reaching the host's
+  # production launchd and overwriting a live label's plist path.
+  local canonical="${HOME}/Library/LaunchAgents"
+  if [[ "${_LAUNCHD_DIR:-$canonical}" != "$canonical" ]]; then
+    return 0
+  fi
+  launchctl "$@"
 }
 
 _launchd_svc_state() {
+  # FIX-098: three-state classification:
+  #   enabled       — plist on disk AND registered in launchd
+  #   stale         — plist on disk BUT NOT registered in launchd
+  #   installed-off — kept for back-compat (maps to stale semantics)
+  #   not-installed — no plist
   local svc="$1" project_path="$2"
   local label; label=$(_launchd_label "$svc" "$project_path")
   local plist; plist=$(_launchd_plist_path "$svc" "$project_path")
   if _launchd_is_loaded "$label"; then
     echo "enabled"
   elif [[ -f "$plist" ]]; then
-    echo "installed-off"
+    echo "stale"
   else
     echo "not-installed"
   fi
@@ -4687,21 +4984,26 @@ _install_launchd_plists() {
     local after; after=$(cat "$plist")
     if [[ "$before" != "$after" ]]; then
       updated=$((updated + 1))
-      if _launchd_is_loaded "$label"; then
-        # FIX-027: use bootout/bootstrap so we don't disturb the label's
-        # enabled flag in the launchd overrides db (which legacy
-        # unload/load no-`-w` wipes on macOS Sonoma+, causing
-        # `roll loop status` to falsely report off after `roll update`).
-        local uid; uid=$(id -u)
-        launchctl bootout "gui/${uid}/${label}" 2>/dev/null || true
-        launchctl bootstrap "gui/${uid}" "$plist" 2>/dev/null || true
-      elif [[ -z "$before" ]]; then
-        # FIX-059: brand-new plist — macOS FSEvents auto-bootstraps any new
-        # file dropped in ~/Library/LaunchAgents/, so projects never enabled
-        # via 'roll loop on' would fire every hour. Immediately mark disabled
-        # in the overrides db to block that auto-load.
-        local uid; uid=$(id -u)
-        launchctl disable "gui/${uid}/${label}" 2>/dev/null || true
+      # FIX-090/FIX-097: gate launchctl writes via central helper so a
+      # sandboxed plist never gets registered into the user's REAL gui/<uid>
+      # domain. See _launchd_should_skip_registry for the predicate rules.
+      if ! _launchd_should_skip_registry; then
+        if _launchd_is_loaded "$label"; then
+          # FIX-027: use bootout/bootstrap so we don't disturb the label's
+          # enabled flag in the launchd overrides db (which legacy
+          # unload/load no-`-w` wipes on macOS Sonoma+, causing
+          # `roll loop status` to falsely report off after `roll update`).
+          local uid; uid=$(id -u)
+          _launchctl_safe bootout "gui/${uid}/${label}" 2>/dev/null || true
+          _launchctl_safe bootstrap "gui/${uid}" "$plist" 2>/dev/null || true
+        elif [[ -z "$before" ]]; then
+          # FIX-059: brand-new plist — macOS FSEvents auto-bootstraps any new
+          # file dropped in ~/Library/LaunchAgents/, so projects never enabled
+          # via 'roll loop on' would fire every hour. Immediately mark disabled
+          # in the overrides db to block that auto-load.
+          local uid; uid=$(id -u)
+          _launchctl_safe disable "gui/${uid}/${label}" 2>/dev/null || true
+        fi
       fi
     fi
   done
@@ -4757,7 +5059,8 @@ cmd_loop() {
     notify)       _notify "${1:-roll}" "${2:-}" ;;
     enforce-tcr)  _loop_enforce_tcr "${1:-}" "${2:-}" ;;
     precheck-ci)  _loop_precheck_ci ;;
-    *) err "Usage: roll loop <on|off|now|test|status|monitor|runs|events|attach|mute|unmute|pause|resume|reset|notify|enforce-tcr|precheck-ci>"; exit 1 ;;
+    branches)     _loop_branches "$(pwd -P)" ;;
+    *) err "Usage: roll loop <on|off|now|test|status|monitor|runs|events|attach|mute|unmute|pause|resume|reset|notify|enforce-tcr|precheck-ci|branches>"; exit 1 ;;
   esac
 }
 
@@ -4777,12 +5080,25 @@ _loop_on() {
   if [[ "$(uname)" == "Darwin" ]]; then
     _install_launchd_plists "$project_path" >/dev/null
 
+    # FIX-098: use launchctl bootstrap/enable instead of load -w.
+    # `load -w` writes to the disabled-overrides DB which causes FIX-027's
+    # re-source to break after `roll update`. bootstrap is idem-potent and
+    # does not disturb the overrides DB.
+    local uid; uid=$(id -u)
     local all_loaded=true
     for svc in loop dream brief; do
       local label; label=$(_launchd_label "$svc" "$project_path")
+      local plist; plist=$(_launchd_plist_path "$svc" "$project_path")
       if ! _launchd_is_loaded "$label"; then
         all_loaded=false
-        launchctl load -w "$(_launchd_plist_path "$svc" "$project_path")" 2>/dev/null || true
+        # FIX-097 guard: skip real launchctl when _LAUNCHD_DIR was auto-sandboxed.
+        _launchd_should_skip_registry && continue
+        # FIX-098 semantic: enable+bootstrap pair (better than load -w).
+        # enable clears any disable-override; bootstrap registers with launchd.
+        # FIX-101 wrapper additionally tripwire-gates each call so a sandboxed
+        # _LAUNCHD_DIR can't accidentally touch host launchd state.
+        _launchctl_safe enable "gui/${uid}/${label}" 2>/dev/null || true
+        _launchctl_safe bootstrap "gui/${uid}" "$plist" 2>/dev/null || true
       fi
     done
 
@@ -4834,11 +5150,15 @@ _loop_off() {
 
   if [[ "$(uname)" == "Darwin" ]]; then
     local any_loaded=false
+    local _skip_off; _launchd_should_skip_registry && _skip_off=1 || _skip_off=0
     for svc in loop dream brief; do
       local label; label=$(_launchd_label "$svc" "$project_path")
       if _launchd_is_loaded "$label"; then
         any_loaded=true
-        launchctl unload -w "$(_launchd_plist_path "$svc" "$project_path")" 2>/dev/null || true
+        # FIX-097: skip real launchctl in sandbox to avoid touching the user's
+        # real launchd registry.
+        [[ "$_skip_off" == "1" ]] && continue
+        _launchctl_safe unload -w "$(_launchd_plist_path "$svc" "$project_path")" 2>/dev/null || true
       fi
     done
     if ! $any_loaded; then
@@ -4857,7 +5177,9 @@ _loop_off() {
       # disable list, polluting `launchctl print-disabled` forever even after
       # the project dir, plists, and ~/.roll are gone.
       local label; label=$(_launchd_label "$svc" "$project_path")
-      launchctl enable "gui/${uid}/${label}" 2>/dev/null || true
+      # FIX-097: same gate — never touch host launchctl from a sandbox.
+      [[ "$_skip_off" == "1" ]] && continue
+      _launchctl_safe enable "gui/${uid}/${label}" 2>/dev/null || true
     done
     ok "Loop disabled  已停用"
     return 0
@@ -5001,7 +5323,7 @@ _legacy_loop_status() {
       else
         case "$state" in
           enabled)       echo -e "    ${GREEN}${svc}     ● enabled${NC}" ;;
-          installed-off) echo -e "    ${YELLOW}${svc}     ⚠ installed/off${NC}   run: roll loop on" ;;
+          stale|installed-off) echo -e "    ${YELLOW}${svc}     ⚠ STALE — plist present but not loaded${NC}   run: roll loop on" ;;
           not-installed) echo -e "    ${RED}${svc}     ○ not installed${NC}   run: roll setup" ;;
         esac
       fi
@@ -5037,7 +5359,10 @@ _loop_pause() {
     if ! _launchd_is_loaded "$label"; then
       warn "Loop not enabled — nothing to pause  loop 未启用，无需暂停"; return 0
     fi
-    launchctl unload -w "$(_launchd_plist_path "loop" "$project_path")" 2>/dev/null || true
+    # FIX-097: never touch host launchctl from a sandboxed plist path.
+    if ! _launchd_should_skip_registry; then
+      _launchctl_safe unload -w "$(_launchd_plist_path "loop" "$project_path")" 2>/dev/null || true
+    fi
   else
     local slug; slug=$(_project_slug "$project_path")
     mkdir -p "${_SHARED_ROOT}/loop"
@@ -5057,8 +5382,9 @@ _loop_resume() {
     if [[ "$(uname)" == "Darwin" ]]; then
       local label; label=$(_launchd_label "loop" "$project_path")
       local plist; plist=$(_launchd_plist_path "loop" "$project_path")
-      if [[ -f "$plist" ]]; then
-        launchctl load -w "$plist" 2>/dev/null || true
+      if [[ -f "$plist" ]] && ! _launchd_should_skip_registry; then
+        # FIX-097: never touch host launchctl from a sandboxed plist path.
+        _launchctl_safe load -w "$plist" 2>/dev/null || true
       fi
     else
       local slug; slug=$(_project_slug "$project_path")
@@ -5394,15 +5720,28 @@ _loop_precheck_ci() {
 
   local commit; commit=$(git rev-parse HEAD 2>/dev/null) || return 0
 
+  # FIX-103: fetch both `status` and `conclusion`. Pre-run gate must distinguish
+  # a still-running CI (status=in_progress/queued/waiting, conclusion=null) from
+  # a genuinely red CI (conclusion=failure/cancelled/timed_out/...). Treating
+  # in_progress as red kills every cycle started within the first ~30s of a
+  # merge-triggered CI run.
   local runs
-  runs=$(gh -R "$slug" run list --commit "$commit" --json conclusion 2>/dev/null) || return 0
+  runs=$(gh -R "$slug" run list --commit "$commit" --json conclusion,status 2>/dev/null) || return 0
   [[ -z "$runs" || "$runs" == "[]" ]] && return 0
 
-  local failed
-  failed=$(echo "$runs" | jq -r '[.[] | select(.conclusion != null and .conclusion != "success" and .conclusion != "skipped")] | length' 2>/dev/null || echo "0")
+  # Conclusions that block the loop. Anything else (success, skipped, neutral,
+  # or null while still running) is treated as pass/pending.
+  local failed_conclusions
+  failed_conclusions=$(echo "$runs" \
+    | jq -r '[.[] | select(.conclusion=="failure" or .conclusion=="cancelled" or .conclusion=="timed_out" or .conclusion=="action_required" or .conclusion=="startup_failure") | .conclusion] | unique | join(",")' \
+    2>/dev/null || echo "")
 
-  if [[ "$failed" -gt 0 ]]; then
+  if [[ -n "$failed_conclusions" ]]; then
     local short; short=$(git rev-parse --short HEAD 2>/dev/null || echo unknown)
+    local run_states
+    run_states=$(echo "$runs" \
+      | jq -r '[.[] | "\(.status // "?")/\(.conclusion // "null")"] | unique | join(", ")' \
+      2>/dev/null || echo "?")
     err "Pre-run CI check: HEAD CI is red — refuse to build on broken base (${short})  HEAD CI 红，拒绝在破损的基础上构建"
     mkdir -p "$(dirname "$_LOOP_ALERT")"
     cat > "$_LOOP_ALERT" << EOF
@@ -5411,6 +5750,8 @@ _loop_precheck_ci() {
 **Time**: $(date '+%Y-%m-%d %H:%M')
 **Commit**: ${short}
 **Reason**: HEAD CI is red — loop refused to build on a broken base  HEAD CI 红，loop 拒绝在破损的基础上构建
+**Failing conclusions**: ${failed_conclusions}
+**Run states**: ${run_states}
 
 **Action required**:
 - Investigate and fix CI: \`gh -R ${slug} run list --commit ${commit}\`
@@ -5914,10 +6255,24 @@ _loop_mark_in_progress() {
   [ -n "$story_id" ] || return 1
   [ -f "$backlog" ] || return 0
   local tmp; tmp=$(mktemp "${backlog}.XXXXXX") || return 1
+  # FIX-106: match the story-id column (col 2) for equality instead of doing
+  # substring match on the whole row. Pre-fix, picking US-X-001 also flipped
+  # any row whose description contained "depends-on:US-X-001" — leaving the
+  # dashboard claiming work on stories no one had picked.
   awk -v sid="$story_id" '
     {
-      if (index($0, sid) > 0 && index($0, "📋 Todo") > 0) {
-        sub(/📋 Todo/, "🔨 In Progress")
+      if (index($0, "📋 Todo") > 0) {
+        n = split($0, cols, "|")
+        if (n >= 2) {
+          id_cell = cols[2]
+          gsub(/[[:space:]]/, "", id_cell)
+          # Markdown link form "[ID](path)" → keep just "ID"
+          sub(/^\[/, "", id_cell)
+          sub(/\].*$/, "", id_cell)
+          if (id_cell == sid) {
+            sub(/📋 Todo/, "🔨 In Progress")
+          }
+        }
       }
       print
     }
@@ -5933,10 +6288,20 @@ _loop_mark_todo() {
   [ -n "$story_id" ] || return 1
   [ -f "$backlog" ] || return 0
   local tmp; tmp=$(mktemp "${backlog}.XXXXXX") || return 1
+  # FIX-106: same column-2 equality match as _loop_mark_in_progress.
   awk -v sid="$story_id" '
     {
-      if (index($0, sid) > 0 && index($0, "🔨 In Progress") > 0) {
-        sub(/🔨 In Progress/, "📋 Todo")
+      if (index($0, "🔨 In Progress") > 0) {
+        n = split($0, cols, "|")
+        if (n >= 2) {
+          id_cell = cols[2]
+          gsub(/[[:space:]]/, "", id_cell)
+          sub(/^\[/, "", id_cell)
+          sub(/\].*$/, "", id_cell)
+          if (id_cell == sid) {
+            sub(/🔨 In Progress/, "📋 Todo")
+          }
+        }
       }
       print
     }
@@ -6344,14 +6709,29 @@ _claude_cleanup_stale_worktrees() {
   return 0
 }
 
+# FIX-104: scan multiple ephemeral prefixes (loop/cycle-, worktree-agent-,
+# claude/) and delete any already merged to origin/main. Unmerged branches
+# are preserved — they may be active WIP. Caller can pass a custom prefix
+# list via $2 (newline-separated `refs/heads/<prefix>*` patterns) but the
+# default whitelist covers every temp prefix the loop / Claude session /
+# worktree-agent paths create.
 _loop_cleanup_stale_cycle_branches() {
   local project_path="${1:-.}"
   local url; url=$(git -C "$project_path" remote get-url origin 2>/dev/null) || return 0
   [[ "$url" == *github.com* ]] || return 0
 
-  local branches
-  branches=$(git -C "$project_path" ls-remote --heads origin 'refs/heads/loop/cycle-*' 2>/dev/null \
-    | awk '{print $2}' | sed 's|^refs/heads/||')
+  local prefixes="${2:-refs/heads/loop/cycle-*
+refs/heads/worktree-agent-*
+refs/heads/claude/*}"
+
+  local branches=""
+  while IFS= read -r pat; do
+    [ -z "$pat" ] && continue
+    local found
+    found=$(git -C "$project_path" ls-remote --heads origin "$pat" 2>/dev/null \
+      | awk '{print $2}' | sed 's|^refs/heads/||')
+    [ -n "$found" ] && branches+="${found}"$'\n'
+  done <<< "$prefixes"
   [ -z "$branches" ] && return 0
 
   while IFS= read -r branch; do
@@ -6366,6 +6746,41 @@ _loop_cleanup_stale_cycle_branches() {
   return 0
 }
 
+# FIX-104: residual-visibility command. List origin's ephemeral temp branches
+# (loop/cycle-*, worktree-agent-*, claude/*) with their merge status so the
+# user can see what GC will clean up next cycle and what's still active WIP.
+# Output: TAB-separated `<branch>\t<merged|open>` lines, one per branch.
+# Silent on non-GitHub remote / empty / unreachable.
+_loop_branches() {
+  local project_path="${1:-.}"
+  local url; url=$(git -C "$project_path" remote get-url origin 2>/dev/null) || return 0
+  [[ "$url" == *github.com* ]] || return 0
+
+  local prefixes="refs/heads/loop/cycle-*
+refs/heads/worktree-agent-*
+refs/heads/claude/*"
+
+  local branches=""
+  while IFS= read -r pat; do
+    [ -z "$pat" ] && continue
+    local found
+    found=$(git -C "$project_path" ls-remote --heads origin "$pat" 2>/dev/null \
+      | awk '{print $2}' | sed 's|^refs/heads/||')
+    [ -n "$found" ] && branches+="${found}"$'\n'
+  done <<< "$prefixes"
+  [ -z "$branches" ] && return 0
+
+  while IFS= read -r branch; do
+    [ -z "$branch" ] && continue
+    local status="open"
+    if git -C "$project_path" merge-base --is-ancestor "$branch" origin/main 2>/dev/null; then
+      status="merged"
+    fi
+    printf "%s\t%s\n" "$branch" "$status"
+  done <<< "$branches"
+  return 0
+}
+
 # US-AUTO-033: publish a loop cycle branch as a GitHub PR with auto-merge.
 #
 # _loop_publish_pr <branch> [title]
@@ -6946,7 +7361,19 @@ cmd_ci() {
 # will switch to hard-fail. Output format mirrors a linter ("file:line:
 # message") so editors can navigate from it.
 _backlog_lint() {
-  local backlog="${1:-.roll/backlog.md}"
+  # FIX-102: --gate flag flips Phase 1 warn-only behavior to hard-fail.
+  # When passed, any violation makes the command exit 1 — used by the
+  # PreToolUse / Stop hook in ~/.claude/settings.json to actually block
+  # the assistant from leaving the backlog dirty.
+  local gate=0
+  local backlog=".roll/backlog.md"
+  while [ $# -gt 0 ]; do
+    case "$1" in
+      --gate) gate=1 ;;
+      *) backlog="$1" ;;
+    esac
+    shift
+  done
   [ -f "$backlog" ] || { err "backlog not found: $backlog"; return 1; }
 
   local violations=0
@@ -6971,6 +7398,18 @@ _backlog_lint() {
       | sed -E 's|^\[[A-Z]+-[0-9]+\]\([^)]*\)[[:space:]]*||' \
       | sed -E 's|^[A-Z]+-[0-9]+[[:space:]]*||')
     local issues=""
+    # FIX-102: length check — backlog rows are an index page; descriptions
+    # must be one human sentence (≤120 chars). Longer = technical detail
+    # that belongs in the linked .roll/features/<epic>/<slug>.md.
+    if [ "${#body}" -gt 120 ]; then
+      issues="${issues:+${issues}, }length>${#body}"
+    fi
+    # FIX-102: code-fence check — backticks (`code`) signal technical jargon
+    # (commands, identifiers, paths). Keep description prose plain text;
+    # any code goes in the feature file.
+    if echo "$body" | grep -qF '`'; then
+      issues="${issues:+${issues}, }code-fence"
+    fi
     # Filenames: bare `something.ext` for common code/config extensions
     if echo "$body" | grep -qE '\b[A-Za-z_][A-Za-z0-9_.-]*\.(sh|bash|yaml|yml|json|js|ts|tsx|py|rb|go|rs|c|cpp|h)\b'; then
       issues="${issues:+${issues}, }filename"
@@ -6997,11 +7436,14 @@ _backlog_lint() {
   echo ""
   if [ "$violations" -gt 0 ]; then
     echo "  ${violations} violation(s) — see conventions/global/AGENTS.md §4"
+    if [ "$gate" = 1 ]; then
+      echo "  ${violations} 条违规 — --gate enabled, exiting 1"
+      return 1
+    fi
     echo "  ${violations} 条违规 — Phase 1: warn-only, not blocking"
   else
     echo "  No violations  无违规"
   fi
-  # Phase 1: warn-only. Exit 0 regardless.
   return 0
 }
 
@@ -7017,7 +7459,8 @@ cmd_backlog() {
   # ── Status management subcommands ─────────────────────────────────────────
   case "$subcmd" in
     lint)
-      _backlog_lint "$backlog"
+      shift
+      _backlog_lint "$@" "$backlog"
       return
       ;;
     block|defer|unblock|promote)