@lumoai/cli 1.34.0 → 1.36.0

package/assets/skill/SKILL.md

@@ -51,7 +51,7 @@ The command catalog below is a **map**: it lists every command grouped by domain
 - `lumo task figma context <id> <linkId>` — Figma link metadata (v1)
 - `lumo task comments list <id>` — comment thread, capped to the output budget (`--full` prints every comment; read-only; ≠ `task comment`)
 - `lumo task pr show <id> <number>` — synced PR metadata (v1)
-- `lumo task lineage <id>` — show the causal trail: fragments that fed the task + each one's outcome + the run's token/loop cost (read-only audit view); `lumo task lineage <id> --signal` also appends workspace-level usage signal-health (used distribution, per-session variance, used-vs-base merge rate)
+- `lumo task lineage <id>` — show the causal trail: fragments that fed the task + each one's outcome + the run's token/loop cost (read-only audit view); `lumo task lineage <id> --signal` also appends workspace-level usage signal-health (used distribution, per-session variance, used-vs-base merge rate via iteration-taint fold — tasks with a send-back/reopen/PR-close count as the negative class even if later merged; shows negative-class size per side; prints "metric cannot discriminate" when no failure outcomes exist yet)
 
 **Tasks** — see [tasks.md](references/tasks.md)
 
@@ -79,7 +79,7 @@ The command catalog below is a **map**: it lists every command grouped by domain
 **Verification (machine acceptance loop)** — see [verify.md](references/verify.md)
 
 - `lumo verify [task] [--timeout <seconds>]` — run every MACHINE criterion's checkpointer locally, report one structured PASS/FAIL verdict per criterion to the server, print next actions. Defaults to the session-bound task. Round cap 3: an all-pass round moves the task to IN_REVIEW (agent stops there); a round-3 fail escalates to a human (stop retrying). **Run this before claiming a task is done.**
-- `lumo task status [task] [--json]` — read-only acceptance self-check (no LLM, milliseconds): the contract with each criterion's latest verdict (REVIEW_ADDED provenance visible), verification history, current round, last round's failure reasons, `nextActions` = the unmet criteria (the declarative "what's next" — no separate plan), and any OPEN (undispositioned) boundary crossings (count + per crossing category/severity/detail + a read-only attribution line `↳ by model=…·agent=…·session=…` naming who/what crossed, `unknown` when unresolved — LUM-469; `--json` adds an `openCrossings[]` field, each entry carrying an `attribution` object) — read-only awareness, disposition stays web + human-only (LUM-448). Defaults to the session-bound task; `--json` emits a versioned payload (`version` field). **Run it first when resuming a task in a new session or after a verification round was rejected.**
+- `lumo task status [task] [--json]` — read-only acceptance self-check (no LLM, milliseconds): the contract with each criterion's latest verdict (REVIEW_ADDED provenance visible), verification history, current round, last round's failure reasons, `nextActions` = the unmet criteria (the declarative "what's next" — no separate plan), and any OPEN (undispositioned) boundary crossings (count + per crossing category/severity/detail + a read-only attribution line `↳ by model=…·agent=…·session=…` naming who/what crossed, `unknown` when unresolved — LUM-469; `--json` adds an `openCrossings` field, each entry carrying an `attribution` object) — read-only awareness, disposition stays web + human-only (LUM-448). The crossings check fails closed (LUM-480): if the read errors, the block prints `⚠ Boundary-crossing check failed` instead of staying silent, and `--json` sets `openCrossings: null` (distinct from `[]` = a successful read with zero open — treat `null` as "could not confirm", not "safe"). Defaults to the session-bound task; `--json` emits a versioned payload (`version` field). **Run it first when resuming a task in a new session or after a verification round was rejected.**
 - `lumo verdict [task] --pass | --pass-with-followup | --fail` — acceptance verdicts (LUM-422). `--pass` / `--pass-with-followup` open the browser to the human verdict bar focused on the passing action (a deep link — **records nothing**; a passing data row is only ever a human's own click). `--fail --reason <enum> [--note <text>] [--criterion <id>…]` records an **AGENT send-back** (verifierType=AGENT, verdict hard-coded FAIL) and bounces the task to IN_PROGRESS. Defaults to the session-bound task. **An unresolved send-back (machine/AGENT/human FAIL) blocks the agent/CLI DONE transition with 409** — clear it (re-verify) before `task update --status done`.
 
 **Artifacts & Figma** — see [artifacts-figma.md](references/artifacts-figma.md)
@@ -126,7 +126,7 @@ The command catalog below is a **map**: it lists every command grouped by domain
 
 - `lumo session attach <id>` — bind this session to a task (then run `task context`). **Lifetime lock**: re-attaching to the same task is a no-op; attaching to a _different_ task is refused with 409 — start a new Claude Code session instead. No `--force`, no `session detach`.
 - `lumo session status` — show current binding
-- `lumo session wrap [--yes] [--dry-run] [--used <indices>]` — end-of-session panel: progress comment + memory review + fragment-usage vote (`--used`, LUM-300) + blocked-tag prompt, then a read-only reminder when the bound task has ≥1 OPEN boundary crossing still undispositioned (silent when none — no wrap-up noise; pointer is web + human-only, LUM-448). Usage is now also audited automatically when a task reaches DONE (evidence-gated, true-only — confident fragments marked used, the rest left NULL); `session wrap --used` remains the manual override and takes precedence for a session.
+- `lumo session wrap [--yes] [--dry-run] [--used <indices>]` — end-of-session panel: memory review + fragment-usage vote (`--used`, LUM-300) + blocked-tag prompt, then a read-only reminder when the bound task has ≥1 OPEN boundary crossing still undispositioned (silent only on a genuine empty read — no wrap-up noise; a crossings-check failure prints a "could not confirm" warning instead of staying silent, LUM-480; pointer is web + human-only, LUM-448). Usage is now also audited automatically when a task reaches DONE (evidence-gated, true-only — confident fragments marked used, the rest left NULL); `session wrap --used` remains the manual override and takes precedence for a session.
 - Git-suggest at session start (suggests `session attach`, never auto-binds) + Layer-2 project-memory review — see the reference
 
 **Worktrees (local dev tooling)** — see [worktree.md](references/worktree.md)

package/assets/skill/references/sessions.md

@@ -125,18 +125,11 @@ lumo session status
 
 When to suggest: the user asks "which task am I on", "what's this session bound to", or you need to decide whether to suggest `session attach` for a mentioned task ID.
 
-### `lumo session wrap [--yes] [--dry-run] [--used <indices>]` — wrap-up panel: progress comment + memory review + fragment-usage vote + blocked-tag prompt
+### `lumo session wrap [--yes] [--dry-run] [--used <indices>]` — wrap-up panel: memory review + fragment-usage vote + blocked-tag prompt
 
-Session-end wrap-up panel with **four sections, run in order**:
+Session-end wrap-up panel with **three sections, run in order**:
 
-**1. Progress comment** — reads back the current Claude Code session's per-turn
-`turnSummary` rows (the one-line summaries written each STOP), aggregates
-every turn **since the last progress comment** into one bulleted body, and — after
-a `[y] post / [e] edit / [s] skip` confirmation — posts it as a comment on the
-session's bound task. A server-side watermark (`Session.lastProgressCommentAt`)
-means re-running never re-posts the same turns.
-
-**2. Memory review** — lists the Layer1 memories this session sedimented since the
+**1. Memory review** — lists the Layer1 memories this session sedimented since the
 last review (deduped by a per-session watermark `Session.lastMemoryReviewAt`).
 Each new memory is shown as `[SCOPE] CATEGORY  headline`, numbered from 1. You
 curate with a single line: `d 1,3` deletes rows 1 and 3, `p 2` promotes row 2 to
@@ -147,7 +140,7 @@ Out-of-range indices are ignored. Deletes/promotes run server-side, scoped to
 memories this session created (you can't touch other sessions' memories through
 this panel). With no new memories the section prints "(no content)" and does nothing.
 
-**3. Fragment-usage vote (LUM-300)** — lists the context
+**2. Fragment-usage vote (LUM-300)** — lists the context
 fragments this session **consumed** (its lineage edges: memory / slack / web /
 figma / PR / review-todo / session), numbered from 1 with a content snippet
 label. The agent records which it **actually used** via
@@ -161,7 +154,7 @@ upgrades the flywheel signal from "co-loaded" (constant, no information) to
 fragment's usage-based merge rate, falling back to the weaker presence rate when
 usage samples are thin. With no consumed fragments the section prints "(no content)".
 
-**4. Blocked check (blocked-tag prompt, LUM-153)** — if the **same kind of failure
+**3. Blocked check (blocked-tag prompt, LUM-153)** — if the **same kind of failure
 recurred ≥ 3 times** in this session (server-aggregated from
 `POST_TOOL_USE_FAILURE` events grouped by tool name, plus `STOP_FAILURE`
 turn-level failures), the section surfaces the dominant failure (`This session looks repeatedly stuck on <tool> (N failures).` + last error summary) and prompts `[y] tag / [s] skip` whether to
@@ -177,44 +170,44 @@ shared board requires an interactive `y`, so `--yes` (and non-TTY) prints the
 suggestion and moves on rather than silently flipping board state. When there's
 nothing to prompt, the section prints "(no content)".
 
-**After the panel — open-crossings reminder (LUM-448).** Once the four sections
+**After the panel — open-crossings reminder (LUM-448).** Once the three sections
 finish, `session wrap` prints a one-shot read-only reminder **if** the bound
 task has ≥1 OPEN (undispositioned) boundary crossing: `⚠ N open boundary
 crossing(s) on LUM-N still undispositioned:` then a line per crossing `• [SEVERITY]
-CATEGORY` and a web pointer. When there are none — or the session is unbound —
-it prints **nothing** (truly silent, not a "(no content)" line), so a clean task
-adds no wrap-up noise. **Awareness only:** it points at the web acceptance panel;
-there is **no CLI path** to disposition or clear a crossing. Disposition stays
-web + human-only (LUM-426/435/422) — an agent/CLI bearer cannot clear its own
-crossing from the terminal.
+CATEGORY` and a web pointer. When the read genuinely comes back empty — or the
+session is unbound — it prints **nothing** (truly silent, not a "(no content)"
+line), so a clean task adds no wrap-up noise. **But a crossings-check failure is
+not silent (LUM-480):** if the read errors (network / server), it prints
+`⚠ Could not check boundary crossings on LUM-N (network/server error) — unable
+to confirm whether any are still undispositioned`, so a failed safety check never
+masquerades as "0 open / safe". **Awareness only:** it points at the web
+acceptance panel; there is **no CLI path** to disposition or clear a crossing.
+Disposition stays web + human-only (LUM-426/435/422) — an agent/CLI bearer cannot
+clear its own crossing from the terminal.
 
 ```bash
 lumo session wrap                  # interactive: preview each section, choose per-section
-lumo session wrap --yes            # progress posted + memories kept; blocked tag NOT auto-applied (needs interactive y)
+lumo session wrap --yes            # memories kept; blocked tag NOT auto-applied (needs interactive y)
 lumo session wrap --yes --used 1,3 # also record fragments 1 & 3 as used (the rest used=false)
 lumo session wrap --used none      # record that none of the injected fragments were used
-lumo session wrap --dry-run        # print all drafts only; never posts, never mutates, never advances watermarks
+lumo session wrap --dry-run        # print all drafts only; never mutates, never advances watermarks
 ```
 
 The usage vote is a two-step flow for agents: run `lumo session wrap` once to
 see the numbered fragment list, decide which you actually used, then re-run with
 `--used <indices>`. Re-running is safe — the other sections are watermark-guarded
-(progress won't double-post, reviewed memories won't re-list).
+(reviewed memories won't re-list).
 
 - Requires `$CLAUDE_CODE_SESSION_ID` (must run inside Claude Code) and a bound
-  task (`lumo session attach <LUM-N>` first). With no bound task or no new turn
-  summaries, the Progress comment section prints "(no content)" and posts nothing.
-- `[e] edit` (Progress comment) opens `$EDITOR` (fallback vi/nano) on the drafted body;
-  the edited text is posted and the watermark still advances to the turns the
-  draft covered.
-- `--yes` posts the progress comment AND keeps all memories (no
-  deletes/promotes) while advancing the memory-review watermark; for the
-  blocked-tag section it prints the suggestion but does **not** apply the tag.
-- `--dry-run` prints all drafts; never posts, never mutates memories/tags, never
-  advances either watermark.
-- Non-TTY without `--yes`: prints the drafts and does **not** post, mutate, or
-  tag (safe default).
-
-When to suggest: at the end of a working session on a bound task, to record what
-was done as a progress comment — offer `lumo session wrap` rather than composing
-a `task comment` by hand.
+  task (`lumo session attach <LUM-N>` first).
+- `--yes` keeps all memories (no deletes/promotes) while advancing the
+  memory-review watermark; for the blocked-tag section it prints the suggestion
+  but does **not** apply the tag.
+- `--dry-run` prints all drafts; never mutates memories/tags, never advances the
+  memory-review watermark.
+- Non-TTY without `--yes`: prints the drafts and does **not** mutate or tag (safe
+  default).
+
+When to suggest: at the end of a working session on a bound task, to review the
+memories it sedimented, vote which injected fragments were actually used, and
+flag the task `blocked` if it got repeatedly stuck — offer `lumo session wrap`.

package/assets/skill/references/task-context.md

@@ -132,7 +132,7 @@ identifier (`LUM-N`), prints the causal trail:
 
 ```bash
 lumo task lineage LUM-42            # per-session causal trail + cost
-lumo task lineage LUM-42 --signal   # append workspace-level usage signal-health
+lumo task lineage LUM-42 --signal   # append workspace-level usage signal-health; used-vs-base merge rate uses iteration-taint fold (send-back/reopen/PR-close = negative class even if later merged); shows negative-class size per side; prints "metric cannot discriminate" when no failure outcomes exist yet
 ```
 
 - **Totals banner** — distinct sessions, fragment count, edge count,

package/assets/skill/references/verify.md

@@ -63,6 +63,18 @@ only).
   them; the server rejects partial rounds.
 - Criteria added during review (`REVIEW_ADDED`) appear in the contract and
   are picked up automatically by the next round.
+- **Session bound to a different task (LUM-459)** → the server returns 409,
+  which the command surfaces as an error. No advisory is printed; the verify
+  round is rejected outright.
+- **Provably-unbound session** → the server includes `bindingAdvisory: 'unbound'`
+  in the round response, and the command prints:
+  `⚠ Working unbound — this verify ran from a Claude Code session not attached to the task.`
+  The run is recorded as a `SESSION_BINDING_MISSING` boundary crossing visible in
+  `lumo task status` open crossings. Run `lumo session attach <LUM-N>` before the
+  next verify to bind the session.
+- **Unconfirmed session binding** → `bindingAdvisory: 'unconfirmed'` causes a
+  softer advisory: `⚠ Could not confirm this session is attached to the task.`
+  Same remediation: `lumo session attach <LUM-N>`.
 
 ## Round discipline
 
@@ -125,10 +137,23 @@ what's unmet and why (the exact failure tails), and how many rounds are left.
 
 - Header: task identifier/title/status + `verification round N/3` (round 0 =
   never verified) + an escalation warning when the machine loop is exhausted.
+- **Machine verification rollup** (LUM-470) — directly under the `Criteria`
+  header, one line `Machine verification: N machine-verified / M human override
+(of T MACHINE criteria)` over the active MACHINE criteria, aligned with the web
+  read model (LUM-456). Printed whenever the contract has ≥1 MACHINE criterion,
+  so the terminal rollup never reads as all-human when a checkpointer actually
+  verified the work.
 - **Criteria** — every criterion as `<glyph> <id>  [TYPE]  SOURCE@rN
 statement` (✓ latest verdict passed / ✗ failed / ○ no verdict yet) with its
   checkpointer and latest verdict line (evidence pointer on pass, failure
   tail on fail). `REVIEW_ADDED@rN` provenance is visible per row.
+  - A passing **MACHINE** criterion's verdict line carries a machine-state tag
+    derived from the read model's `machinePassed` flag, NOT the latest verdict
+    (LUM-470): `· machine-verified` when a checkpointer actually passed it (even
+    after a human later signs the task off), or `· human override (no machine
+pass)` when it passes only on a human sign-off with no machine run underneath.
+    This keeps the terminal honest with web — a machine-verified criterion that
+    a human co-signed no longer reads as a plain human pass.
   - A pass can carry a **`⚠ pre-edit version`** note (LUM-457): the criterion
     was changed after that verdict (reworded, or its checkpointer was swapped so
     the recorded evidence ran a different command). The pass still counts as met
@@ -154,19 +179,31 @@ statement` (✓ latest verdict passed / ✗ failed / ○ no verdict yet) with it
   **Read-only awareness** — this surfaces crossings detected elsewhere
   (LUM-426/435/442); there is no CLI path to disposition or clear one.
   Disposition stays web + human-only (LUM-426/435/422): an agent/CLI bearer
-  cannot clear its own crossing from the terminal.
+  cannot clear its own crossing from the terminal. **The check fails closed
+  (LUM-480):** if the crossings read itself errors (network / server / parse),
+  the block prints `⚠ Boundary-crossing check failed (network/server error) —
+could not confirm whether any are undispositioned` instead of staying silent.
+  Silence means a successful read with zero open crossings, never a failed
+  check — a hiccup can no longer masquerade as "all clear".
 
 ### --json contract
 
 `--json` emits the full read model with a top-level `version` field
 (currently `1`). The schema is versioned: breaking shape changes bump the
 major; additive fields don't. Pin on `version` when scripting against it.
+Each criterion carries `machinePassed` (boolean — a checkpointer currently
+vouches for it; LUM-456/470), and the payload carries a top-level
+`machineVerification` aggregate `{ total, machineVerified, humanOverridden }`
+over the active MACHINE criteria — read these, not `latestVerdict` alone, to
+tell a machine-verified criterion from a human override.
 The open boundary crossings ride along as an additive top-level
-`openCrossings[]` (each `{ id, category, severity, detail, attribution }`,
+`openCrossings` (each entry `{ id, category, severity, detail, attribution }`,
 where `attribution` is `{ workspaceMemberId, sessionId, agent, worktreeBranch,
 model }` with every field nullable — null = unknown, never fabricated; LUM-469;
-the array length is the count; empty when none) — same read-only awareness, no
-write path.
+the array length is the count) — same read-only awareness, no write path.
+**`openCrossings` is `null` when the crossings check failed (LUM-480)** —
+distinct from `[]`, which is a successful read with zero open crossings. Script
+consumers must treat `null` as "unknown / could not confirm", not "safe".
 
 `status` reads; `verify` judges. Running status never starts a round, never
 escalates, and never changes task state — loop rules (cap 3, IN_REVIEW on

package/dist/cli/src/commands/session-wrap.js

@@ -3,7 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.sessionWrap = sessionWrap;
 const config_1 = require("../lib/config");
 const wrap_panel_1 = require("../lib/wrap-panel");
-const progress_comment_section_1 = require("./wrap/progress-comment-section");
 const memory_review_section_1 = require("./wrap/memory-review-section");
 const fragment_usage_section_1 = require("./wrap/fragment-usage-section");
 const blocked_prompt_section_1 = require("./wrap/blocked-prompt-section");
@@ -11,13 +10,12 @@ const crossings_reminder_1 = require("./wrap/crossings-reminder");
 /**
  * `lumo session wrap [--yes] [--dry-run]`
  *
- * Session-end wrap-up panel with four sections, run in order: (1) draft a
- * progress comment from this session's unposted turnSummaries and post it
- * (after y/e/s confirmation) to the bound task; (2) review the Layer1 memories
- * this session sedimented — keep/delete/promote, deduped by a per-session
- * watermark; (3) vote which injected context fragments were actually used
- * (LUM-300, via `--used`); (4) if the session repeatedly hit the same failure,
- * prompt whether to flag the bound task with a `blocked` tag (LUM-153).
+ * Session-end wrap-up panel with three sections, run in order: (1) review the
+ * Layer1 memories this session sedimented — keep/delete/promote, deduped by a
+ * per-session watermark; (2) vote which injected context fragments were
+ * actually used (LUM-300, via `--used`); (3) if the session repeatedly hit the
+ * same failure, prompt whether to flag the bound task with a `blocked` tag
+ * (LUM-153).
  */
 async function sessionWrap(options) {
     const sessionId = process.env.CLAUDE_CODE_SESSION_ID;
@@ -32,7 +30,6 @@ async function sessionWrap(options) {
         return 1;
     }
     const sections = [
-        new progress_comment_section_1.ProgressCommentSection({ creds, sessionId }),
         new memory_review_section_1.MemoryReviewSection({ creds, sessionId }),
         new fragment_usage_section_1.FragmentUsageSection({ creds, sessionId, used: options.used }),
         new blocked_prompt_section_1.BlockedPromptSection({ creds, sessionId }),

package/dist/cli/src/commands/task-lineage.js

@@ -141,7 +141,14 @@ function formatSignalHealth(h) {
     lines.push(`- Distribution: used ${h.distribution.used} · null ${h.distribution.abstained} · false ${h.distribution.unused}`);
     lines.push(`- Per-session variance: ${h.perSessionVariance.toFixed(2)} (${h.votedSessions} voted sessions)`);
     if (h.usedMergeRate !== null && h.baseMergeRate !== null) {
-        lines.push(`- Used × outcome: merge-rate(used) ${Math.round(h.usedMergeRate * 100)}% vs base ${Math.round(h.baseMergeRate * 100)}%`);
+        if (h.baseFailedTasks === 0) {
+            // No failure outcomes exist yet, so any rate is non-discriminating by
+            // construction — say so honestly instead of printing a misleading 100%.
+            lines.push('- Used × outcome: no failure outcomes yet — metric cannot discriminate');
+        }
+        else {
+            lines.push(`- Used × outcome: merge-rate(used) ${Math.round(h.usedMergeRate * 100)}% (${h.usedResolvedTasks} resolved, ${h.usedFailedTasks} failed) vs base ${Math.round(h.baseMergeRate * 100)}% (${h.baseResolvedTasks} resolved, ${h.baseFailedTasks} failed)`);
+        }
     }
     else {
         lines.push('- Used × outcome: insufficient resolved tasks');

package/dist/cli/src/commands/task-status.js

@@ -46,6 +46,13 @@ function formatTaskStatus(data, extras = {}) {
     }
     lines.push('');
     lines.push(`Criteria (${data.criteria.length} total, ${data.nextActions.length} unmet):`);
+    // LUM-470: honest machine-verification rollup over the active MACHINE criteria
+    // (same read model as web, LUM-456) — so the terminal rollup never reads as
+    // all-human when a checkpointer actually verified the work.
+    const mv = data.machineVerification;
+    if (mv.total > 0) {
+        lines.push(`Machine verification: ${mv.machineVerified} machine-verified / ${mv.humanOverridden} human override (of ${mv.total} MACHINE criteria)`);
+    }
     for (const c of data.criteria) {
         const glyph = c.latestVerdict == null
             ? '○'
@@ -81,7 +88,16 @@ function formatTaskStatus(data, extras = {}) {
             const evidencePart = v.evidencePointer
                 ? ` · ${(0, sanitize_1.sanitizeField)(v.evidencePointer)}`
                 : '';
-            lines.push(`      ✓ ${v.verdict}@r${v.round}${evidencePart}`);
+            // LUM-470: tag a passing MACHINE criterion by the read model's
+            // machinePassed flag, not the latest verdict — a criterion a checkpointer
+            // verified reads as machine-verified even after a human signs off, and a
+            // pass with no machine run underneath reads as a human override.
+            const machineTag = c.verifierType === 'MACHINE'
+                ? c.machinePassed
+                    ? ' · machine-verified'
+                    : ' · human override (no machine pass)'
+                : '';
+            lines.push(`      ✓ ${v.verdict}@r${v.round}${evidencePart}${machineTag}`);
             // LUM-457: a pass that vouches for a pre-edit version of the criterion —
             // render-only downgrade, the criterion still counts met.
             if (c.verdictStale || c.checkMismatch) {
@@ -146,7 +162,17 @@ function formatTaskStatus(data, extras = {}) {
  * a crossing from the terminal (LUM-426/435/422).
  */
 function pushOpenCrossings(lines, extras) {
-    const open = extras.openCrossings ?? [];
+    const result = extras.openCrossings;
+    if (!result)
+        return;
+    // LUM-480: a failed check is NOT "0 open / safe" — say so explicitly rather
+    // than rendering an empty (implicitly-clear) block.
+    if (result.status === 'error') {
+        lines.push('');
+        lines.push('⚠ Boundary-crossing check failed (network/server error) — could not confirm whether any are undispositioned.');
+        return;
+    }
+    const open = result.crossings;
     if (open.length === 0)
         return;
     lines.push('');
@@ -224,20 +250,24 @@ async function taskStatus(identifier, options = {}) {
     }
     const data = (await res.json());
     // Read-only awareness (LUM-448): surface the task's OPEN boundary crossings
-    // via the existing LUM-435 endpoint. Best-effort — fetchOpenCrossings already
-    // swallows failures to an empty list, so this supplementary safety signal can
-    // never block the primary acceptance status. The resolved taskId (the
-    // identifier the status was fetched for) is the key here.
-    const openCrossings = await (0, open_crossings_1.fetchOpenCrossings)(base, creds.token, taskId);
+    // via the existing LUM-435 endpoint. fetchOpenCrossings returns a result that
+    // distinguishes a check FAILURE from a genuine 0-open read (LUM-480), so this
+    // supplementary safety signal never masquerades a hiccup as "all clear" — yet
+    // it still never throws, so it can't block the primary acceptance status. The
+    // resolved taskId (the identifier the status was fetched for) is the key here.
+    const crossingsResult = await (0, open_crossings_1.fetchOpenCrossings)(base, creds.token, taskId);
     if (options.json) {
         // JSON.stringify escapes control chars (…), so the payload is safe
         // to emit raw — and consumers get byte-faithful server data.
-        // The open crossings ride alongside as an additive field (count = length).
+        // openCrossings rides alongside as an additive field: an array on success
+        // (count = length), or `null` when the check failed (LUM-480) — distinct
+        // from `[]`, which is a successful read with zero open crossings.
+        const openCrossings = crossingsResult.status === 'ok' ? crossingsResult.crossings : null;
         process.stdout.write(JSON.stringify({ ...data, openCrossings }, null, 2) + '\n');
         return;
     }
     process.stdout.write(formatTaskStatus(data, {
-        openCrossings,
+        openCrossings: crossingsResult,
         dispositionUrl: (0, open_crossings_1.dispositionUrl)(base, creds.workspaceSlug ?? 'lumo', data.task.identifier),
     }));
 }

package/dist/cli/src/commands/verify.js

@@ -181,6 +181,14 @@ async function verify(identifier, options = {}) {
     }
     const outcome = (await res.json());
     process.stdout.write(`\nRound ${outcome.round}/${outcome.maxRounds} recorded.\n`);
+    if (outcome.bindingAdvisory === 'unbound') {
+        process.stdout.write('⚠ Working unbound — this verify ran from a Claude Code session not attached to the task. ' +
+            'Run `lumo session attach <LUM-N>` to bind (recorded as a boundary crossing).\n');
+    }
+    else if (outcome.bindingAdvisory === 'unconfirmed') {
+        process.stdout.write('⚠ Could not confirm this session is attached to the task. ' +
+            'If you are working with Claude Code, run `lumo session attach <LUM-N>`.\n');
+    }
     if (outcome.allPassed) {
         process.stdout.write(`✓ All MACHINE criteria passed — task is now ${outcome.taskStatus}.\n` +
             `Stop here: human adjudication (and any HUMAN criteria) take over from this point.\n`);

package/dist/cli/src/commands/wrap/crossings-reminder.js

@@ -7,13 +7,20 @@ const sanitize_1 = require("../../lib/sanitize");
 const open_crossings_1 = require("../../lib/open-crossings");
 /**
  * Build the wrap-up reminder for a task's OPEN boundary crossings (LUM-448).
- * Returns the reminder string when there is ≥1 open crossing, and `null` when
- * there are none — the caller prints nothing on null, so a clean task makes NO
- * noise at wrap time. Read-only awareness: the reminder points at the
- * human-only web disposition panel and offers no way to clear a crossing from
- * the terminal (LUM-426/435/422).
+ * Returns the reminder string when there is ≥1 open crossing, and `null` only on
+ * a genuine empty read — the caller prints nothing on null, so a clean task
+ * makes NO noise at wrap time. A check FAILURE (LUM-480) is NOT silent: it
+ * returns a warning so a failed safety check never reads as "0 open / safe".
+ * Read-only awareness: the reminder points at the human-only web disposition
+ * panel and offers no way to clear a crossing from the terminal (LUM-426/435/422).
  */
-function formatCrossingReminder(taskIdentifier, open, url) {
+function formatCrossingReminder(taskIdentifier, result, url) {
+    if (result.status === 'error') {
+        return (`⚠ Could not check boundary crossings on ${taskIdentifier} ` +
+            `(network/server error) — unable to confirm whether any are still ` +
+            `undispositioned. Review in the web panel: ${url}\n`);
+    }
+    const open = result.crossings;
     if (open.length === 0)
         return null;
     const n = open.length;
@@ -28,14 +35,15 @@ function formatCrossingReminder(taskIdentifier, open, url) {
 }
 /**
  * Resolve the session's bound task and surface its OPEN boundary crossings as a
- * wrap-up reminder (LUM-448), or `null` when the session is unbound or nothing
- * is open. Pure read — `fetchOpenCrossings` hits only the LUM-435 GET endpoint
- * and there is no disposition write path here.
+ * wrap-up reminder (LUM-448), or `null` when the session is unbound or the read
+ * genuinely came back empty. A crossings-check failure yields a warning, not
+ * silence (LUM-480). Pure read — `fetchOpenCrossings` hits only the LUM-435 GET
+ * endpoint and there is no disposition write path here.
  */
 async function openCrossingReminder(creds) {
     const taskIdentifier = await (0, resolve_bound_task_1.resolveBoundTaskIdentifier)(creds.apiUrl, creds.token);
     if (!taskIdentifier)
         return null;
-    const open = await (0, open_crossings_1.fetchOpenCrossings)(creds.apiUrl, creds.token, taskIdentifier);
-    return formatCrossingReminder(taskIdentifier, open, (0, open_crossings_1.dispositionUrl)(creds.apiUrl, creds.workspaceSlug, taskIdentifier));
+    const result = await (0, open_crossings_1.fetchOpenCrossings)(creds.apiUrl, creds.token, taskIdentifier);
+    return formatCrossingReminder(taskIdentifier, result, (0, open_crossings_1.dispositionUrl)(creds.apiUrl, creds.workspaceSlug, taskIdentifier));
 }

package/dist/cli/src/index.js

@@ -247,9 +247,9 @@ session
     .action(wrap(() => (0, session_status_1.sessionStatus)()));
 session
     .command('wrap')
-    .description("Session-end wrap-up: draft a progress comment from this session's turn summaries and post it to the bound task after confirmation.")
-    .option('-y, --yes', 'Post the drafted comment without prompting (agent-friendly)')
-    .option('--dry-run', 'Print the draft but do not post or advance the watermark')
+    .description('Session-end wrap-up: review the memories sedimented this session, vote which injected context fragments were actually used, and optionally flag the bound task blocked.')
+    .option('-y, --yes', 'Keep all memories without prompting (agent-friendly); does not auto-apply the blocked tag')
+    .option('--dry-run', 'Print the section drafts but do not mutate memories/tags or advance watermarks')
     .option('--used <indices>', 'Mark which injected context fragments you actually used (1-based indices, comma/space separated; "none" for all-unused). Omit to skip recording.')
     .action(wrap(options => (0, session_wrap_1.sessionWrap)(options)));
 const task = program

package/dist/cli/src/lib/open-crossings.js

@@ -32,9 +32,13 @@ function normalizeSeverity(s) {
  * way to clear a crossing — disposition stays web + human-only
  * (LUM-426/435/422).
  *
- * Best-effort: any transport / HTTP / parse failure yields an empty list, so a
- * supplementary safety signal can never break the caller's primary output
- * (the acceptance status, the wrap-up panel).
+ * Fails *closed*, not open (LUM-480): any transport / non-ok HTTP / parse
+ * failure returns `{ status: 'error', reason }` so the caller can say "check
+ * failed — could not confirm" instead of mistaking a hiccup for "0 open / all
+ * clear". A successful read returns `{ status: 'ok', crossings }`; the list is
+ * empty only when the server genuinely reports no open crossings. Either way the
+ * supplementary safety signal never throws into the caller's primary output (the
+ * acceptance status, the wrap-up panel) — failure is a value, not an exception.
  */
 async function fetchOpenCrossings(apiUrl, token, taskIdentifier) {
     const url = `${(0, api_1.trimTrailingSlash)(apiUrl)}/api/tasks/${encodeURIComponent(taskIdentifier)}/boundary-crossings`;
@@ -42,20 +46,23 @@ async function fetchOpenCrossings(apiUrl, token, taskIdentifier) {
     try {
         res = await fetch(url, { headers: { Authorization: `Bearer ${token}` } });
     }
-    catch {
-        return [];
+    catch (err) {
+        return {
+            status: 'error',
+            reason: err instanceof Error ? err.message : 'network error',
+        };
     }
     if (!res.ok)
-        return [];
+        return { status: 'error', reason: `HTTP ${res.status}` };
     let data;
     try {
         data = (await res.json());
     }
     catch {
-        return [];
+        return { status: 'error', reason: 'invalid response body' };
     }
     const rows = Array.isArray(data.crossings) ? data.crossings : [];
-    return rows
+    const crossings = rows
         .filter(c => c.disposition == null)
         .map(c => ({
         id: c.id,
@@ -65,6 +72,7 @@ async function fetchOpenCrossings(apiUrl, token, taskIdentifier) {
         attribution: normalizeAttribution(c.attribution),
     }))
         .sort((a, b) => SEVERITY_RANK[b.severity] - SEVERITY_RANK[a.severity]);
+    return { status: 'ok', crossings };
 }
 /**
  * The web deep link where a HUMAN dispositions crossings. Disposition is

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lumoai/cli",
-  "version": "1.34.0",
+  "version": "1.36.0",
   "description": "Lumo CLI — manage tasks and sessions from the terminal",
   "license": "MIT",
   "author": "cli@uselumo.ai",

package/dist/cli/src/commands/wrap/progress-comment-section.js

@@ -1,81 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ProgressCommentSection = void 0;
-exports.formatProgressBody = formatProgressBody;
-const sanitize_1 = require("../../lib/sanitize");
-const line_prompt_1 = require("../../lib/line-prompt");
-const editor_1 = require("../../lib/editor");
-const progress_comment_api_1 = require("../../lib/progress-comment-api");
-const HEADER = 'Session progress';
-/** Join turn summaries into a bulleted progress comment body under a header. */
-function formatProgressBody(summaries) {
-    return [HEADER, ...summaries.map(s => `- ${s}`)].join('\n');
-}
-/**
- * Wrap-panel section that drafts a progress comment from the session's
- * unposted turnSummaries and posts it after y/e/s confirmation. Holds its own
- * draft + body state between prepare() and run().
- */
-class ProgressCommentSection {
-    deps;
-    title = 'Progress comment';
-    draft = null;
-    body = '';
-    constructor(deps) {
-        this.deps = deps;
-    }
-    async prepare() {
-        this.draft = await (0, progress_comment_api_1.fetchProgressDraft)(this.deps.creds, this.deps.sessionId);
-        if (!this.draft.taskIdentifier || this.draft.summaries.length === 0) {
-            return false;
-        }
-        this.body = formatProgressBody(this.draft.summaries.map(s => s.turnSummary));
-        return true;
-    }
-    async run(opts) {
-        const draft = this.draft;
-        if (!draft || !draft.watermark)
-            return;
-        // Preview: sanitize the server free-text before it hits the terminal.
-        process.stdout.write(`Will post to ${draft.taskIdentifier} "${(0, sanitize_1.sanitizeField)(draft.taskTitle ?? '')}":\n`);
-        process.stdout.write(`${(0, sanitize_1.sanitizeField)(this.body)}\n`);
-        if (opts.dryRun) {
-            process.stdout.write('(dry-run, not posted)\n');
-            return;
-        }
-        if (opts.yes) {
-            await this.post(draft.watermark, this.body);
-            return;
-        }
-        const choice = (await (0, line_prompt_1.promptLine)('[y] post  [e] edit  [s] skip > ')).toLowerCase();
-        if (choice === 's' || choice === '') {
-            process.stdout.write('Skipped.\n');
-            return;
-        }
-        if (choice === 'e') {
-            const edited = (await (0, editor_1.editInEditor)(this.body)).trim();
-            if (edited.length === 0) {
-                process.stdout.write('Empty body — skipped.\n');
-                return;
-            }
-            process.stdout.write(`${(0, sanitize_1.sanitizeField)(edited)}\n`);
-            const confirm = (await (0, line_prompt_1.promptLine)('[y] post  [s] skip > ')).toLowerCase();
-            if (confirm !== 'y') {
-                process.stdout.write('Skipped.\n');
-                return;
-            }
-            await this.post(draft.watermark, edited);
-            return;
-        }
-        if (choice === 'y') {
-            await this.post(draft.watermark, this.body);
-            return;
-        }
-        process.stdout.write('Unrecognized choice — skipped.\n');
-    }
-    async post(watermark, body) {
-        const { commentId } = await (0, progress_comment_api_1.postProgressComment)(this.deps.creds, this.deps.sessionId, { body, watermark });
-        process.stdout.write(`Posted progress comment (comment ${commentId})\n`);
-    }
-}
-exports.ProgressCommentSection = ProgressCommentSection;

package/dist/cli/src/lib/progress-comment-api.js

@@ -1,47 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.fetchProgressDraft = fetchProgressDraft;
-exports.postProgressComment = postProgressComment;
-const api_1 = require("./api");
-function base(creds) {
-    return (0, api_1.trimTrailingSlash)((0, api_1.resolveAuthedApiUrl)(creds.apiUrl));
-}
-/** GET the unposted progress draft for the session. Throws on transport / non-200. */
-async function fetchProgressDraft(creds, sessionId) {
-    const url = `${base(creds)}/api/sessions/${encodeURIComponent(sessionId)}/turn-summaries`;
-    const res = await fetch(url, {
-        headers: { Authorization: `Bearer ${creds.token}` },
-    });
-    if (res.status === 401)
-        throw new Error('API key invalid or revoked. Run `lumo auth login`.');
-    if (!res.ok)
-        throw new Error(`progress draft fetch failed (HTTP ${res.status})`);
-    return (await res.json());
-}
-/** POST the (possibly edited) body + watermark. Throws the server message on non-201. */
-async function postProgressComment(creds, sessionId, payload) {
-    const url = `${base(creds)}/api/sessions/${encodeURIComponent(sessionId)}/progress-comment`;
-    const res = await fetch(url, {
-        method: 'POST',
-        headers: {
-            Authorization: `Bearer ${creds.token}`,
-            'Content-Type': 'application/json',
-        },
-        body: JSON.stringify(payload),
-    });
-    if (res.status === 401)
-        throw new Error('API key invalid or revoked. Run `lumo auth login`.');
-    if (res.status !== 201) {
-        let serverMsg = null;
-        try {
-            const errBody = (await res.json());
-            if (typeof errBody.error === 'string')
-                serverMsg = errBody.error;
-        }
-        catch {
-            // body wasn't JSON
-        }
-        throw new Error(serverMsg ?? `progress comment failed (HTTP ${res.status})`);
-    }
-    return (await res.json());
-}