@seanyao/roll 2026.527.1 → 2026.528.1

package/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## v2026.528.1
+
+### Added
+
+- **`roll test` — 测试隔离运行，不再误伤本机 loop 服务** `[loop]`
+
+### Fixed
+
+- **Kimi CLI 升级改名为 kimi-code 后，roll 现在能正常识别** `[loop]`
+
 ## v2026.527.1
 
 ### Added

package/README.md

@@ -69,6 +69,7 @@ roll loop on        # let AI work through the backlog (optional)
 | Configuration (env vars) | [guide/en/configuration.md](guide/en/configuration.md) | [guide/zh/configuration.md](guide/zh/configuration.md) |
 | Skill selection guide | [guide/en/skills.md](guide/en/skills.md) | [guide/zh/skills.md](guide/zh/skills.md) |
 | Slides (deck generator) | [guide/en/slides.md](guide/en/slides.md) | [guide/zh/slides.md](guide/zh/slides.md) |
+| Test isolation (`roll test` + Tart VM) | [guide/en/test-isolation.md](guide/en/test-isolation.md) | [guide/zh/test-isolation.md](guide/zh/test-isolation.md) |
 | Cross-machine sync | [guide/en/loop.md#cross-machine-sync](guide/en/loop.md#cross-machine-sync) | [guide/zh/loop.md#跨机器同步](guide/zh/loop.md#%E8%B7%A8%E6%9C%BA%E5%99%A8%E5%90%8C%E6%AD%A5) |
 | Pricing (cost visibility) | [guide/en/pricing.md](guide/en/pricing.md) | [guide/zh/pricing.md](guide/zh/pricing.md) |
 | FAQ (troubleshooting) | [guide/en/faq.md](guide/en/faq.md) | [guide/zh/faq.md](guide/zh/faq.md) |

package/bin/roll

@@ -4,7 +4,7 @@ set -euo pipefail
 # Roll — AI Agent Convention Manager
 # Single source of truth for how all AI coding agents behave.
 
-VERSION="2026.527.1"
+VERSION="2026.528.1"
 ROLL_HOME="${ROLL_HOME:-${HOME}/.roll}"
 ROLL_CONFIG="${ROLL_HOME}/config.yaml"
 ROLL_GLOBAL="${ROLL_HOME}/conventions/global"
@@ -70,6 +70,11 @@ ai_tool_name() {
   # Antigravity (agy) reuses ~/.gemini/ from the deprecated Gemini CLI for
   # its config dir, so a literal `gemini` basename now identifies agy.
   [[ "$bn" == "gemini" ]] && bn="agy"
+  # FIX-126: Kimi upstream renamed its CLI to kimi-code and its config dir
+  # to ~/.kimi-code/; map both old and new basenames to the canonical
+  # "kimi" agent identifier so downstream argv / config / sync paths stay
+  # uniform across the upgrade.
+  [[ "$bn" == "kimi-code" ]] && bn="kimi"
   echo "$bn"
 }
 
@@ -266,6 +271,7 @@ _ensure_config_entries() {
     "ai_claude:~/.claude|CLAUDE.md|CLAUDE.md"
     "ai_agy:~/.gemini|GEMINI.md|GEMINI.md"
     "ai_kimi:~/.kimi|AGENTS.md|AGENTS.md"
+    "ai_kimi_code:~/.kimi-code|AGENTS.md|AGENTS.md"
     "ai_codex:~/.codex|AGENTS.md|AGENTS.md"
     "ai_cursor:~/.cursor|.cursor-rules|.cursor-rules"
     "ai_trae:~/.trae|user_rules.md|project_rules.md"
@@ -490,6 +496,7 @@ _install_local() {
 ai_claude: ~/.claude|CLAUDE.md|CLAUDE.md
 ai_gemini: ~/.gemini|GEMINI.md|GEMINI.md
 ai_kimi: ~/.kimi|AGENTS.md|AGENTS.md
+ai_kimi_code: ~/.kimi-code|AGENTS.md|AGENTS.md
 ai_codex: ~/.codex|AGENTS.md|AGENTS.md
 ai_cursor: ~/.cursor|.cursor-rules|.cursor-rules
 ai_trae: ~/.trae|user_rules.md|project_rules.md
@@ -782,7 +789,7 @@ cmd_setup() {
     esac
   }
 
-  local _ai_dirs="$HOME/.claude:$HOME/.gemini:$HOME/.kimi:$HOME/.codex:$HOME/.cursor:$HOME/.trae:$HOME/.config/opencode:$HOME/.openclaw:$HOME/.pi:$HOME/.deepseek:$HOME/.qwen"
+  local _ai_dirs="$HOME/.claude:$HOME/.gemini:$HOME/.kimi:$HOME/.kimi-code:$HOME/.codex:$HOME/.cursor:$HOME/.trae:$HOME/.config/opencode:$HOME/.openclaw:$HOME/.pi:$HOME/.deepseek:$HOME/.qwen"
 
   _run_setup_step "$ROLL_HOME" _install_local "$force"
   _record "$(_state_to_marker "$_ROLL_SETUP_STATE")" "Install templates & conventions to ~/.roll"
@@ -1928,6 +1935,18 @@ PY
     return 0
   fi
 
+  # FIX-125: cycle-context tripwire. Apply phase below runs launchctl unload
+  # and rm against ${HOME}/Library/LaunchAgents/<plist> (bin/roll:1957-1958).
+  # From inside a loop cycle this would mutate the host's launchd domain
+  # using another project's identity. Doc-only offboards (no plists) stay
+  # allowed so cycles can still call offboard for non-launchd cleanup.
+  if [ "${#plists[@]}" -gt 0 ] && _loop_in_cycle; then
+    err "Refusing to unload launchd plists from inside a loop cycle (FIX-125)."
+    echo "  Run 'roll offboard --confirm' from a terminal outside the cycle," >&2
+    echo "  or pause the loop first: 'roll loop pause'." >&2
+    return 1
+  fi
+
   # Apply. Guard every loop with a count check — `set -u` upstream makes
   # naked `"${arr[@]}"` over an empty array a hard error on bash 5.0.
   echo "$(msg offboard.applying_offboard)"
@@ -3133,9 +3152,20 @@ _agent_argv() {
         *)           _AGENT_ARGV=(claude -p "$prompt") ;;
       esac ;;
     kimi)
+      # FIX-126: Kimi upstream renamed binary from kimi-cli → kimi-code.
+      # Prefer the new name when present; fall back through legacy names
+      # so users mid-upgrade keep working until they reinstall.
+      local _kimi_bin
+      if command -v kimi-code >/dev/null 2>&1; then
+        _kimi_bin=kimi-code
+      elif command -v kimi-cli >/dev/null 2>&1; then
+        _kimi_bin=kimi-cli
+      else
+        _kimi_bin=kimi
+      fi
       case "$mode" in
-        interactive) _AGENT_ARGV=(kimi "$prompt") ;;
-        *)           _AGENT_ARGV=(kimi --quiet -p "$prompt") ;;
+        interactive) _AGENT_ARGV=("$_kimi_bin" "$prompt") ;;
+        *)           _AGENT_ARGV=("$_kimi_bin" --quiet -p "$prompt") ;;
       esac ;;
     deepseek)
       # deepseek has the same argv shape in both modes (positional prompt).
@@ -4417,6 +4447,397 @@ cmd_agent() {
   esac
 }
 
+# ═══════════════════════════════════════════════════════════════════════════════
+# ISOLATION — pluggable adapter for running tests in an isolated environment
+# (US-ISO-001). Phase 1 supports two providers: `none` (default — direct host
+# execution) and `tart` (US-ISO-002 — macOS VM). The dispatcher reads
+# .roll/local.yaml's `test_isolation.type` and routes to
+# `_isolation_<type>_<method>`. See .roll/features/engineering-infrastructure/
+# dev-vm-isolation-plan.md for the full interface contract.
+# ═══════════════════════════════════════════════════════════════════════════════
+
+_ISOLATION_SUPPORTED_TYPES="none tart"
+
+# Read test_isolation.type from .roll/local.yaml. Falls back to "none" when
+# the file or key is missing. Uses python3+yaml for nested-key parsing,
+# matching the parser used by cmd_offboard.
+_isolation_get_type() {
+  local val=""
+  if [[ -f .roll/local.yaml ]] && command -v python3 >/dev/null 2>&1; then
+    val=$(python3 - <<'PY' 2>/dev/null
+import sys
+try:
+    import yaml
+except ImportError:
+    sys.exit(0)
+try:
+    data = yaml.safe_load(open(".roll/local.yaml")) or {}
+except Exception:
+    sys.exit(0)
+section = data.get("test_isolation")
+if isinstance(section, dict):
+    t = section.get("type")
+    if isinstance(t, str) and t:
+        print(t)
+PY
+    )
+  fi
+  if [[ -z "$val" ]]; then
+    val="none"
+  fi
+  printf '%s\n' "$val"
+}
+
+# Dispatch an isolation-adapter method to the configured provider.
+# Usage: _isolation_dispatch <method> [args...]
+# Methods: init / provision / exec / status / reset / destroy
+_isolation_dispatch() {
+  local method="$1"; shift || true
+  if [[ -z "$method" ]]; then
+    err "isolation: missing method"
+    echo "  usage: _isolation_dispatch <init|provision|exec|status|reset|destroy> [args...]" >&2
+    return 1
+  fi
+
+  # Resolve provider; emit a fallback-INFO line only when the config file is
+  # missing (so an explicit `type: none` stays quiet). Goes to stderr so the
+  # actual dispatch output (e.g. exec stdout) stays clean.
+  local type; type=$(_isolation_get_type)
+  if [[ "$type" = "none" ]] && [[ ! -f .roll/local.yaml ]]; then
+    info "isolation: no test_isolation config, falling back to type=none (host)" >&2
+  fi
+
+  # Reject unknown types up front so the error names the provider, not the
+  # missing function — this is the difference between "you typed it wrong"
+  # and "the adapter is broken".
+  local supported_ok=0 t
+  for t in $_ISOLATION_SUPPORTED_TYPES; do
+    [[ "$type" = "$t" ]] && supported_ok=1
+  done
+  if (( ! supported_ok )); then
+    err "isolation: unknown type '$type' in .roll/local.yaml"
+    echo "  supported types: ${_ISOLATION_SUPPORTED_TYPES// /, }" >&2
+    return 1
+  fi
+
+  local fn="_isolation_${type}_${method}"
+  if ! declare -F "$fn" >/dev/null 2>&1; then
+    err "isolation: provider '$type' has no '${method}' implementation"
+    return 1
+  fi
+  "$fn" "$@"
+}
+
+# ── `none` adapter (default — direct host execution) ──────────────────────
+# init / provision / destroy are no-ops; exec runs the command in the host
+# shell unchanged; status is always 'ready'; reset is a benign no-op
+# (US-ISO-004 will print an explanatory message when invoked via roll test).
+_isolation_none_init()      { return 0; }
+_isolation_none_provision() { return 0; }
+_isolation_none_exec()      { "$@"; }
+_isolation_none_status()    { echo "ready"; return 0; }
+_isolation_none_reset() {
+  # US-ISO-004 AC: type=none has nothing to reset; print explanation but
+  # exit 0 (not a failure — host execution is already as clean as it gets).
+  info "isolation type 'none' has nothing to reset (host execution is stateless)" >&2
+  return 0
+}
+_isolation_none_destroy()   { return 0; }
+
+# ─── reset lock (US-ISO-004) ──────────────────────────────────────────────
+# A single lockfile under .roll/ prevents two `roll test --reset` runs from
+# racing, and forces concurrent `roll test` test-execution paths to bail
+# fast rather than blocking on a half-rebuilt VM. --where is read-only and
+# deliberately bypasses the lock.
+_isolation_reset_lock_path() {
+  echo ".roll/.iso-reset.lock"
+}
+
+_isolation_reset_lock_held() {
+  [[ -f "$(_isolation_reset_lock_path)" ]]
+}
+
+# Returns 0 if the caller now holds the lock; 1 if someone else does.
+_isolation_reset_acquire_lock() {
+  local lock; lock=$(_isolation_reset_lock_path)
+  if [[ -f "$lock" ]]; then
+    return 1
+  fi
+  mkdir -p "$(dirname "$lock")"
+  echo "$$" > "$lock"
+  return 0
+}
+
+_isolation_reset_release_lock() {
+  rm -f "$(_isolation_reset_lock_path)"
+}
+
+# ── `tart` adapter (US-ISO-002 — macOS Apple Silicon VM via Tart) ─────────
+# Test override hooks (used by unit tests; default values keep prod stable):
+#   _TART_VM_NAME      — VM identifier (default: roll-dev-test)
+#   _TART_BASE_IMAGE   — OCI base image (default: cirruslabs macos-tahoe-base)
+#   _TART_SSH_USER     — SSH user inside the VM (default: admin)
+
+_isolation_tart_vm_name()    { printf '%s\n' "${_TART_VM_NAME:-roll-dev-test}"; }
+_isolation_tart_base_image() { printf '%s\n' "${_TART_BASE_IMAGE:-ghcr.io/cirruslabs/macos-tahoe-base:latest}"; }
+_isolation_tart_ssh_user()   { printf '%s\n' "${_TART_SSH_USER:-admin}"; }
+
+_isolation_tart_check_platform() {
+  if [[ "$(uname)" != "Darwin" ]] || [[ "$(uname -m)" != "arm64" ]]; then
+    err "Tart 仅支持 Apple Silicon macOS"
+    err "Tart only supports Apple Silicon macOS"
+    return 1
+  fi
+  return 0
+}
+
+_isolation_tart_check_binary() {
+  if ! command -v tart >/dev/null 2>&1; then
+    err "tart binary not found"
+    err "  install via: brew install cirruslabs/cli/tart"
+    return 1
+  fi
+  return 0
+}
+
+# Returns 0 with the VM name on stdout when the VM is in `tart list`,
+# returns 1 silently otherwise. Caller decides what to do.
+_isolation_tart_vm_present() {
+  local name; name=$(_isolation_tart_vm_name)
+  tart list 2>/dev/null | awk -v n="$name" '$1 == n { found=1 } END { exit !found }'
+}
+
+# Returns the VM's IP on stdout when reachable; exit non-zero when the VM
+# is stopped or `tart ip` fails for any other reason.
+_isolation_tart_ip() {
+  local name; name=$(_isolation_tart_vm_name)
+  local ip; ip=$(tart ip "$name" 2>/dev/null) || return 1
+  [[ "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] || return 1
+  printf '%s\n' "$ip"
+}
+
+# Status state machine — see dev-vm-isolation-plan.md §4.
+# Returns one of: not-installed | stopped | running | ready
+_isolation_tart_status() {
+  _isolation_tart_check_platform >/dev/null 2>&1 || { echo "not-installed"; return 0; }
+  command -v tart >/dev/null 2>&1 || { echo "not-installed"; return 0; }
+  _isolation_tart_vm_present || { echo "not-installed"; return 0; }
+  local ip
+  if ! ip=$(_isolation_tart_ip); then
+    echo "stopped"
+    return 0
+  fi
+  # VM up. Is it provisioned? A trivial SSH probe is the cheapest check.
+  local user; user=$(_isolation_tart_ssh_user)
+  if ssh -o BatchMode=yes -o ConnectTimeout=3 -o StrictHostKeyChecking=no \
+         "${user}@${ip}" "true" >/dev/null 2>&1; then
+    echo "ready"
+  else
+    echo "running"
+  fi
+  return 0
+}
+
+# init: ensure the base image is cloned into our VM slot. Idempotent —
+# `tart clone` is skipped when the VM already exists.
+_isolation_tart_init() {
+  _isolation_tart_check_platform || return 1
+  _isolation_tart_check_binary || return 1
+  local name; name=$(_isolation_tart_vm_name)
+  if _isolation_tart_vm_present; then
+    return 0
+  fi
+  local img; img=$(_isolation_tart_base_image)
+  tart clone "$img" "$name"
+}
+
+# provision: ensure runtime deps are installed inside the VM. Idempotent —
+# brew install no-ops for already-installed packages. Requires the VM to
+# be running with SSH responsive (caller's responsibility, usually exec).
+_isolation_tart_provision() {
+  _isolation_tart_check_platform || return 1
+  _isolation_tart_check_binary || return 1
+  local ip; ip=$(_isolation_tart_ip) || { err "tart provision: VM not running"; return 1; }
+  local user; user=$(_isolation_tart_ssh_user)
+  ssh -o BatchMode=yes -o StrictHostKeyChecking=no \
+      "${user}@${ip}" "brew list bats >/dev/null 2>&1 || brew install bats-core; \
+                       brew list node >/dev/null 2>&1 || brew install node; \
+                       brew list bash >/dev/null 2>&1 || brew install bash"
+}
+
+# exec: run the command inside the VM. Auto-starts the VM if it's stopped.
+# Mounts the host worktree at /Volumes/My Shared Files/roll (Tart virtiofs).
+_isolation_tart_exec() {
+  _isolation_tart_check_platform || return 1
+  _isolation_tart_check_binary || return 1
+  local name; name=$(_isolation_tart_vm_name)
+  local ip
+  if ! ip=$(_isolation_tart_ip); then
+    # VM stopped — start it in the background with the repo mounted.
+    local repo_root; repo_root="$(pwd -P)"
+    tart run --dir="roll:${repo_root}" "$name" >/dev/null 2>&1 &
+    # Wait up to ~30s for IP to come up.
+    local i=0
+    while (( i < 30 )); do
+      if ip=$(_isolation_tart_ip); then break; fi
+      sleep 1
+      i=$((i + 1))
+    done
+    [[ -n "${ip:-}" ]] || { err "tart exec: VM failed to start in 30s"; return 1; }
+  fi
+  local user; user=$(_isolation_tart_ssh_user)
+  ssh -o BatchMode=yes -o StrictHostKeyChecking=no "${user}@${ip}" "$@"
+}
+
+# reset: stop, delete, re-clone from base image, then re-provision.
+# Target: ≤90s (caller's perception); actual depends on tart clone speed.
+# Clone is called directly (not via init) so the sequence is unconditional —
+# tart's own "VM exists" check still no-ops re-clone if delete didn't take.
+_isolation_tart_reset() {
+  _isolation_tart_check_platform || return 1
+  _isolation_tart_check_binary || return 1
+  local name; name=$(_isolation_tart_vm_name)
+  local img; img=$(_isolation_tart_base_image)
+  tart stop "$name" 2>/dev/null || true
+  tart delete "$name" 2>/dev/null || true
+  tart clone "$img" "$name" || return 1
+  _isolation_tart_provision || true   # provision may fail mid-reset; surface
+                                       # via subsequent status check.
+}
+
+# destroy: stop + delete. Doesn't rebuild.
+_isolation_tart_destroy() {
+  _isolation_tart_check_platform || return 1
+  _isolation_tart_check_binary || return 1
+  local name; name=$(_isolation_tart_vm_name)
+  tart stop "$name" 2>/dev/null || true
+  tart delete "$name" 2>/dev/null || true
+  return 0
+}
+
+# ─── cmd_test ────────────────────────────────────────────────────────────
+# US-ISO-003: `roll test` — runs the project's test suite through the
+# isolation dispatcher. The configured `test_isolation.type` determines
+# where the tests execute (host shell vs Tart VM). When type=tart and
+# the VM fails to start, the failure surfaces non-zero — no silent
+# fallback to host, since that would lie about where the tests ran.
+
+# Print where the test suite will execute. Format is machine-readable
+# (one token, optionally with a colon-separated detail) so scripts can
+# parse it: `host`, `tart:<ip>`, `tart:stopped`, `tart:not-installed`, …
+_cmd_test_where() {
+  local type; type=$(_isolation_get_type)
+  case "$type" in
+    none)
+      echo "host"
+      ;;
+    tart)
+      local st; st=$(_isolation_tart_status)
+      case "$st" in
+        ready|running)
+          local ip
+          if ip=$(_isolation_tart_ip 2>/dev/null); then
+            echo "tart:${ip}"
+          else
+            echo "tart:${st}"
+          fi
+          ;;
+        *)
+          echo "tart:${st}"
+          ;;
+      esac
+      ;;
+    *)
+      echo "unknown:${type}"
+      ;;
+  esac
+}
+
+cmd_test() {
+  # US-ISO-005: `--help` / `-h` anywhere in pre-`--` args shows help and
+  # exits 0, so `roll test --reset --help` is a help lookup, not a reset.
+  # Args appearing after `--` are forwarded verbatim and not intercepted.
+  local _a
+  for _a in "$@"; do
+    case "$_a" in
+      --) break ;;
+      --help|-h) set -- --help; break ;;
+    esac
+  done
+  case "${1:-}" in
+    --help|-h)
+      cat <<'EOF'
+Usage: roll test [--where | --reset] [--] [<extra-args>...]
+
+Runs the project's test suite through the isolation adapter chosen in
+.roll/local.yaml:
+
+  test_isolation:
+    type: none   (default)   Direct host execution — same shell as `npm test`.
+    type: tart               Inside the Apple-Silicon `roll-dev-test` Tart VM,
+                             so tests can't reach the host's launchd / shared
+                             roll state. Tart isn't auto-installed; run
+                             `brew install cirruslabs/cli/tart` first.
+
+Flags:
+  --where        Print where tests will run, then exit (e.g. `host`,
+                 `tart:192.168.64.5`, `tart:stopped`).
+  --reset        Rebuild the isolation environment to a clean baseline.
+                 type=tart: stop → delete → clone → provision (~90s).
+                 type=none: prints a note and exits 0 (host is stateless).
+                 Holds a lockfile under .roll/.iso-reset.lock; concurrent
+                 `roll test` invocations fast-fail with a clear error.
+  --help, -h     Show this help.
+
+Examples:
+  roll test                    Run the suite in whatever the config says.
+  roll test -- --tier=fast     Forward arguments to npm test.
+  roll test --where            Don't run; just report routing.
+  roll test --reset            Rebuild the VM (or host no-op).
+
+When type=tart and the VM can't be reached, the command exits non-zero
+rather than silently falling back to host execution.
+EOF
+      return 0
+      ;;
+    --where)
+      _cmd_test_where
+      return 0
+      ;;
+    --reset)
+      # Refuse if another reset is in progress — fast-fail beats blocking
+      # on a half-rebuilt VM (US-ISO-004 AC).
+      if _isolation_reset_lock_held; then
+        err "roll test --reset: another reset is already in progress"
+        echo "  lock: $(_isolation_reset_lock_path) (delete manually if stale)" >&2
+        return 1
+      fi
+      _isolation_reset_acquire_lock || {
+        err "roll test --reset: failed to acquire reset lock"
+        return 1
+      }
+      # Make sure the lock comes off no matter how dispatch exits.
+      trap '_isolation_reset_release_lock' RETURN
+      _isolation_dispatch reset
+      return $?
+      ;;
+    --)
+      shift
+      ;;
+  esac
+
+  # Test-execution path. If a reset is in progress, bail rather than racing
+  # into a half-rebuilt VM — user can `roll test --where` to inspect state.
+  if _isolation_reset_lock_held; then
+    err "roll test: a reset is in progress (lock: $(_isolation_reset_lock_path))"
+    echo "  re-run once the reset completes, or delete the lockfile if stale" >&2
+    return 1
+  fi
+
+  # Pass remaining args through to npm test inside the configured adapter.
+  _isolation_dispatch exec npm test "$@"
+}
+
 # ═══════════════════════════════════════════════════════════════════════════════
 # LOOP — autonomous BACKLOG executor management
 # ═══════════════════════════════════════════════════════════════════════════════
@@ -6768,11 +7189,33 @@ _loop_attach() {
   exec tmux attach -t "$session"
 }
 
+# FIX-125: detect whether we are running inside a loop cycle. Cycle context
+# is signalled by env vars exported by the cycle runner (ROLL_LOOP_AGENT,
+# bin/roll:5736) or by the outer cycle script (ROLL_CYCLE_LOG_RAW,
+# bin/roll:6044). Used by callers that touch canonical ${HOME}/Library/LaunchAgents
+# directly (_loop_gc, cmd_offboard) to refuse host-loop mutations from inside
+# a cycle. Read-only ops are unaffected.
+_loop_in_cycle() {
+  [[ -n "${ROLL_LOOP_AGENT:-}" || -n "${ROLL_CYCLE_LOG_RAW:-}" ]]
+}
+
 # US-LOOP-021: garbage-collect orphan slugs, tmp debris, and expired backups.
 # Usage: _loop_gc [--dry-run] [--keep-days N]
 # Keeps backups/migrated files within N days (default 30).
 # Retention order: ROLL_LOOP_GC_RETENTION_DAYS env > .roll/local.yaml loop_gc.retention_days > 30.
 _loop_gc() {
+  # FIX-125: refuse from inside a loop cycle. Phase 1 below scans/mutates
+  # ${HOME}/Library/LaunchAgents directly (bin/roll:6814,6847) — running it
+  # from a cycle would let one project's tick remove another project's plist
+  # under the host's launchd domain. Read-only ops (status, runs) are
+  # unaffected; only the GC mutator is gated.
+  if _loop_in_cycle; then
+    echo "roll loop gc: refusing — cycle-context tripwire (FIX-125)" >&2
+    echo "  This command scans ~/Library/LaunchAgents directly. Running it" >&2
+    echo "  from inside a loop cycle is a known host-state corruption path." >&2
+    return 1
+  fi
+
   local dry_run=false
   local keep_days=30
 
@@ -9854,6 +10297,7 @@ main() {
     doctor)        cmd_doctor "$@" ;;
     review-pr)     cmd_review_pr "$@" ;;
     slides)        cmd_slides "$@" ;;
+    test)          cmd_test "$@" ;;
     prices)        cmd_prices "$@" ;;
     changelog)     cmd_changelog "$@" ;;
     version|--version|-v) echo "roll v${VERSION}" ;;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@seanyao/roll",
-  "version": "2026.527.1",
+  "version": "2026.528.1",
   "description": "Roll — Roll out features with AI agents",
   "scripts": {
     "test": "bash tests/run.sh"

package/skills/roll-design/SKILL.md

@@ -121,7 +121,7 @@ Document structure (two-layer separation):
 3. **FIX / IDEA detail files use ID-prefixed filenames**: `.roll/features/<epic>/FIX-097.md`, not `.roll/features/<epic>/some-descriptive-slug.md`. Reason: a single FIX is one card, not a long-lived feature; the ID is the most stable handle, descriptive slugs date quickly and break links. US can keep feature-slug naming (US lives inside a multi-Story feature file). Quick lookup: `ls .roll/features/<epic>/FIX-*.md` finds all bugs in that area without grepping content.
 4. .roll/backlog.md only contains index rows (one row per US), **do not write** AC / Files / Notes
 5. Domain model files go in `.roll/domain/` — create on first greenfield design, update incrementally
-6. **Do not** write to `~/.kimi/` or any global config directory
+6. **Do not** write to `~/.kimi/`, `~/.kimi-code/`, or any global config directory
 
 **File path resolution order:**
 1. Determine Feature ownership (based on the requirement domain: compiler / ingest / qa / ...)