@lenne.tech/cli 1.21.0 → 1.23.0

package/build/lib/dev-state.js

@@ -0,0 +1,152 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.paths = void 0;
+exports.allocateInternalPort = allocateInternalPort;
+exports.clearSession = clearSession;
+exports.isPidAlive = isPidAlive;
+exports.isValidPid = isValidPid;
+exports.loadRegistry = loadRegistry;
+exports.loadSession = loadSession;
+exports.saveRegistry = saveRegistry;
+exports.saveSession = saveSession;
+exports.takenInternalPorts = takenInternalPorts;
+/**
+ * State persistence for `lt dev`.
+ *
+ * Two stores:
+ * - Central registry at `~/.lenneTech/projects.json` — index of all
+ *   known projects, used by `lt dev status --all`, the Claude Code
+ *   plugin hook, and conflict detection.
+ * - Per-project state at `<root>/.lt-dev/state.json` — PIDs of the
+ *   currently running `lt dev up` session.
+ *
+ * Both files are JSON, atomically written, and schema-versioned.
+ */
+const fs_1 = require("fs");
+const os_1 = require("os");
+const path_1 = require("path");
+const REGISTRY_PATH = process.env.LT_DEV_REGISTRY_PATH || (0, path_1.join)((0, os_1.homedir)(), '.lenneTech', 'projects.json');
+const SESSION_DIR = '.lt-dev';
+const SESSION_FILE = 'state.json';
+/**
+ * Allocate a free internal port for a Caddy upstream.
+ *
+ * Strategy: try sequential ports starting from `start`, skipping any
+ * that are already in use. The range 4000-4999 is conventional for
+ * lt dev internal ports — well above the deprecated 3000/3001 range
+ * and safely below most reserved/system ranges.
+ */
+function allocateInternalPort(start, taken) {
+    for (let p = start; p < start + 1000; p++) {
+        if (!taken.has(p))
+            return p;
+    }
+    throw new Error(`No free internal port in range [${start}, ${start + 1000})`);
+}
+/** Remove session state file (called by `lt dev down`). */
+function clearSession(root) {
+    const file = (0, path_1.join)(root, SESSION_DIR, SESSION_FILE);
+    if ((0, fs_1.existsSync)(file)) {
+        try {
+            (0, fs_1.rmSync)(file);
+        }
+        catch (_a) {
+            /* best-effort */
+        }
+    }
+}
+/** Check whether a process with the given PID is currently alive. */
+function isPidAlive(pid) {
+    if (!isValidPid(pid))
+        return false;
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch (_a) {
+        return false;
+    }
+}
+/** Validate a PID — positive integer, within plausible range. */
+function isValidPid(pid) {
+    return typeof pid === 'number' && Number.isInteger(pid) && pid > 0 && pid < 4194304;
+}
+/** Load the central registry; returns an empty one if missing or unreadable. */
+function loadRegistry() {
+    if (!(0, fs_1.existsSync)(REGISTRY_PATH))
+        return { projects: {}, version: 1 };
+    try {
+        const parsed = JSON.parse((0, fs_1.readFileSync)(REGISTRY_PATH, 'utf8'));
+        if (parsed && typeof parsed === 'object' && parsed.version === 1 && typeof parsed.projects === 'object') {
+            return parsed;
+        }
+    }
+    catch (_a) {
+        /* fall through */
+    }
+    return { projects: {}, version: 1 };
+}
+/** Load session state for a project root. */
+function loadSession(root) {
+    const file = (0, path_1.join)(root, SESSION_DIR, SESSION_FILE);
+    if (!(0, fs_1.existsSync)(file))
+        return null;
+    try {
+        const parsed = JSON.parse((0, fs_1.readFileSync)(file, 'utf8'));
+        if (parsed &&
+            typeof parsed === 'object' &&
+            typeof parsed.pids === 'object' &&
+            typeof parsed.startedAt === 'string') {
+            // Validate PIDs
+            const pids = {};
+            if (isValidPid(parsed.pids.api))
+                pids.api = parsed.pids.api;
+            if (isValidPid(parsed.pids.app))
+                pids.app = parsed.pids.app;
+            return { pids, startedAt: parsed.startedAt };
+        }
+    }
+    catch (_a) {
+        /* fall through */
+    }
+    return null;
+}
+/** Atomically persist the registry. */
+function saveRegistry(reg) {
+    (0, fs_1.mkdirSync)((0, path_1.dirname)(REGISTRY_PATH), { recursive: true });
+    const tmp = `${REGISTRY_PATH}.tmp`;
+    (0, fs_1.writeFileSync)(tmp, JSON.stringify(reg, null, 2), 'utf8');
+    // rename is atomic on POSIX
+    (0, fs_1.writeFileSync)(REGISTRY_PATH, (0, fs_1.readFileSync)(tmp, 'utf8'), 'utf8');
+    try {
+        (0, fs_1.rmSync)(tmp);
+    }
+    catch (_a) {
+        /* best-effort */
+    }
+}
+/** Persist session state for a project root. */
+function saveSession(root, state) {
+    const dir = (0, path_1.join)(root, SESSION_DIR);
+    (0, fs_1.mkdirSync)(dir, { recursive: true });
+    (0, fs_1.writeFileSync)((0, path_1.join)(dir, SESSION_FILE), JSON.stringify(state, null, 2), 'utf8');
+}
+/** Collect all internal ports already claimed across the registry. */
+function takenInternalPorts(reg, excludeSlug) {
+    const ports = new Set();
+    for (const [slug, entry] of Object.entries(reg.projects)) {
+        if (slug === excludeSlug)
+            continue;
+        if (entry.internalPorts.api)
+            ports.add(entry.internalPorts.api);
+        if (entry.internalPorts.app)
+            ports.add(entry.internalPorts.app);
+    }
+    return ports;
+}
+/** Path constants exported for tests + status displays. */
+exports.paths = {
+    registry: REGISTRY_PATH,
+    sessionDir: SESSION_DIR,
+    sessionFile: SESSION_FILE,
+};

package/docs/commands.md

@@ -286,188 +286,261 @@ For mode-aware update workflows after conversion, use:
 
 ## Local Development Commands
 
-Orchestrate parallel lt projects on the same machine without port collisions. Each project gets a deterministic port slot derived from its slug; API/App ports are always slot-paired (`3000+slot*10` / `3001+slot*10`). Slot allocation is reproducible across machines (FNV-1a hash) and persisted in `~/.lenneTech/ports.json`.
+Run multiple lt projects in parallel without port collisions or cross-wiring.
+**URL-first**: every project gets stable HTTPS URLs (`<slug>.localhost`,
+`api.<slug>.localhost`) served by Caddy. Internal ports are opaque and
+auto-allocated. Cross-project state (database, storage, cookies) is
+namespaced by slug so projects cannot accidentally interfere.
 
-### `lt local`
+### `lt dev`
 
 Open the local-orchestration submenu.
 
 **Usage:**
 ```bash
-lt local
+lt dev
 ```
 
-**Alias:** `lt l`
+**Alias:** `lt d`
 
 ---
 
-### `lt local init`
+### `lt dev install`
 
-Register the current project in the central port registry, optionally patching legacy hardcoded ports to be env-aware.
+One-time per-machine setup. Idempotent — re-run anytime to diagnose what's missing. Owns the full Caddy lifecycle via a dedicated LaunchAgent (macOS) / systemd-user unit (Linux) — **does not** use `brew services caddy`, whose hardcoded `/opt/homebrew/etc/Caddyfile` path would crash-loop against our `~/.lenneTech/Caddyfile`.
 
 **Usage:**
 ```bash
-lt local init [options]
+lt dev install
 ```
 
-**Alias:** `lt l i`
-
-**Options:**
-| Option | Description |
-|--------|-------------|
-| `--slot <n>` | Force a specific slot index (0..89) instead of the deterministic slug hash |
-| `--patch` | Apply env-aware port patches non-interactively |
-| `--no-patch` | Skip the patch detection / prompt entirely |
-| `--noConfirm` | Skip confirmation prompts (without `--patch`, patches are skipped) |
+**Alias:** `lt d i`
 
 **What it does:**
-1. Detects the workspace layout (monorepo with `projects/api/` + `projects/app/`, or standalone API/App project).
-2. Looks up or allocates a slot via FNV-1a hash of the project slug. If the slot is taken, falls through linearly to the next free slot.
-3. Detects legacy hardcoded ports in `config.env.ts` (`port: 3000`), `nuxt.config.ts` (`port: 3001`, vite proxy `target: 'http://localhost:3000'`), and `playwright.config.ts` (`baseURL`/`host`/`url: 'http://localhost:3001'`). If `--patch` (or interactive confirm), rewrites them to env-overridable form (`Number(process.env.PORT) || 3000`, `process.env.NUXT_API_URL || …`, etc.) — defaults preserved, idempotent.
-4. Persists the entry to `~/.lenneTech/ports.json`.
-5. Adds `.lt-local/` to the project's `.gitignore`.
-6. Injects (or refreshes) a "Local Development (lt local)" port block into `CLAUDE.md` files at the workspace root and inside each subproject — bracketed by HTML comment markers so it can be replaced cleanly when ports change.
+1. Verifies `caddy` is on PATH (suggests `brew install caddy` if missing).
+2. Creates `~/.lenneTech/Caddyfile` stub if absent.
+3. Detects a conflicting `brew services caddy` registration and asks you to stop it.
+4. Writes + bootstraps a dedicated service:
+   - **macOS:** `~/Library/LaunchAgents/tech.lenne.lt-dev-caddy.plist` via `launchctl bootstrap gui/<uid>`.
+   - **Linux:** `~/.config/systemd/user/lt-dev-caddy.service` via `systemctl --user enable --now`.
+5. Waits up to 8s for Caddy's admin endpoint (`http://127.0.0.1:2019/config/`) to respond.
+6. Validates the Caddyfile.
+7. Reminds you to run the CA trust command **with HOME preserved**:
+   ```bash
+   sudo -E HOME="$HOME" caddy trust
+   ```
+   Without `-E HOME="$HOME"`, sudo switches HOME to `/var/root` and caddy cannot find its user-scoped CA — this was the bug that blocked the very first install attempt.
 
-**Examples:**
+**Logs:** `~/.lenneTech/caddy.log`, `~/.lenneTech/caddy.err.log`.
+
+---
+
+### `lt dev uninstall`
+
+Symmetric counterpart to `lt dev install`. Removes the LaunchAgent / systemd-user unit and stops the Caddy daemon. Does **not** remove the caddy binary itself.
+
+**Usage:**
 ```bash
-# Inside a workspace or standalone project
-lt local init
+lt dev uninstall              # interactive: asks whether to purge Caddyfile + logs
+lt dev uninstall --purge      # also remove ~/.lenneTech/Caddyfile + caddy logs
+lt dev uninstall --noConfirm  # skip the purge prompt (keep files)
+```
+
+**Alias:** `lt d un`
+
+**What it does NOT touch:**
+- the `caddy` binary (use `brew uninstall caddy` if you want to remove the tool too)
+- per-project state under `<project>/.lt-dev/` (use `lt dev down`)
+- the trusted CA in the system keychain (use `sudo -E HOME="$HOME" caddy untrust` if desired)
+
+---
 
-# Force slot 5 for predictable cross-team ports
-lt local init --slot 5 --noConfirm --patch
+### `lt dev migrate`
 
-# Register without touching any source files
-lt local init --no-patch --noConfirm
+Register an existing project with `lt dev` and apply idempotent env-aware patches. Safe to run multiple times; safe to run after `lt fullstack init`.
+
+**Usage:**
+```bash
+lt dev migrate
 ```
 
+**Alias:** `lt d m`
+
+**What it does:**
+1. Detects the workspace layout (monorepo `projects/api`+`projects/app`, or standalone).
+2. Builds the project identity (slug from `package.json` "name", subdomains).
+3. Patches legacy hardcoded ports in `config.env.ts` (`port: 3000`), `nuxt.config.ts` (`port: 3001`, vite proxy target), `playwright.config.ts` (`baseURL`/`host`/`url`) to env-overridable form. Defaults preserved, idempotent.
+4. Persists the entry to `~/.lenneTech/projects.json` (override path via `LT_DEV_REGISTRY_PATH`).
+5. Adds `.lt-dev/` to the project's `.gitignore`.
+6. Injects (or refreshes) a "Local Development (lt dev)" URL block into `CLAUDE.md` files at the workspace root and inside each subproject — bracketed by HTML comment markers.
+
 ---
 
-### `lt local up`
+### `lt dev up`
 
-Start the API + App with project-specific ports. Spawns `pnpm start` (api) and `pnpm dev` (app) detached; persists PIDs to `<root>/.lt-local/state.json`.
+Start API + App behind Caddy. Allocates internal ports (4000+), spawns processes detached, persists PIDs to `<root>/.lt-dev/state.json`.
 
 **Usage:**
 ```bash
-lt local up
+lt dev up
 ```
 
-**Alias:** `lt l u`
+**Alias:** `lt d u`
 
-**Environment variables injected into both children:**
+**Environment variables injected:**
 | Variable | Consumer | Example value |
 |----------|----------|---------------|
-| `PORT` | Nest (api) / Nuxt dev server (app) | slot-derived |
-| `BASE_URL` | nest-server config.env.ts (canonical API base) | `http://localhost:3030` |
-| `APP_URL` | nest-server config.env.ts (frontend origin for redirects/CORS) | `http://localhost:3031` |
-| `NUXT_API_URL` | Nuxt vite-proxy target for `/api`, `/iam`, … | `http://localhost:3030` |
-| `NUXT_PUBLIC_API_URL` | Nuxt `useRuntimeConfig().public.apiUrl` | `http://localhost:3030` |
-| `NUXT_PUBLIC_SITE_URL` | Nuxt `useRuntimeConfig().public.siteUrl` + Playwright | `http://localhost:3031` |
-| `NUXT_PUBLIC_STORAGE_PREFIX` | namespaces sessionStorage/localStorage so parallel projects don't share auth tokens | `crm-local` |
-| `NSC__MONGOOSE__URI` | nest-server-config Mongoose URI (only when `dbName` is known) | `mongodb://127.0.0.1/crm-local` |
-
-**Override the binary** used for both spawns by setting `LT_PNPM_BIN` (e.g. `LT_PNPM_BIN=/usr/local/bin/pnpm lt local up`).
+| `PORT` | Nest (api) / Nuxt (app) | auto-allocated 4000+ |
+| `BASE_URL` / `NSC__BASE_URL` | nest-server canonical API URL | `https://api.crm.localhost` |
+| `APP_URL` / `NSC__APP_URL` | nest-server frontend origin (CORS, BetterAuth) | `https://crm.localhost` |
+| `NUXT_API_URL` | Nuxt vite-proxy target for `/api`, `/iam`, … | `https://api.crm.localhost` |
+| `NUXT_PUBLIC_API_URL` | Nuxt `useRuntimeConfig().public.apiUrl` | `https://api.crm.localhost` |
+| `NUXT_PUBLIC_SITE_URL` | Nuxt `useRuntimeConfig().public.siteUrl` + Playwright | `https://crm.localhost` |
+| `NUXT_PUBLIC_STORAGE_PREFIX` | namespaces sessionStorage/localStorage | `crm` |
+| `NUXT_PUBLIC_API_PROXY` | always `false` — Caddy + cookie-domain make it obsolete | `false` |
+| `NSC__MONGOOSE__URI` | nest-server Mongoose URI | `mongodb://127.0.0.1/crm-local` |
+| `DATABASE_URL` | Postgres convenience URL (for nest-base-style projects) | `postgresql://crm-local:crm-local@localhost:5432/crm-local` |
+
+**Override the binary** for both spawns via `LT_PNPM_BIN` (e.g. `LT_PNPM_BIN=/usr/local/bin/pnpm lt dev up`).
 
 **Pre-flight guards (exit code 1 each):**
-- Project not registered (`lt local init` first)
-- Already running (run `lt local down` first)
-- Port already in use by another process
+- Caddy not installed (`lt dev install` first)
+- Caddy daemon not running (run `lt dev install` — it bootstraps the lt-dev service)
+- Already running for this project (`lt dev down` first)
+- Internal port already in use
 
-**Logs:** `<root>/.lt-local/api.log`, `<root>/.lt-local/app.log` (append-mode).
+**Logs:** `<root>/.lt-dev/api.log`, `<root>/.lt-dev/app.log` (append-mode).
 
 ---
 
-### `lt local down`
+### `lt dev down`
 
-Stop processes started by `lt local up`. Sends `SIGTERM` to the detached process group (negative PID) so descendants — Vite, the Nest watcher, etc. — receive the signal too. Falls back to single-PID kill if the process group send fails (`EPERM`).
+Stop processes started by `lt dev up` and remove the project's Caddy block.
 
 **Usage:**
 ```bash
-lt local down
+lt dev down
 ```
 
-**Alias:** `lt l d`
+**Alias:** `lt d d`
 
-PID values from `state.json` are validated (positive integer in `[100, 2^31)`) before any signal is sent, so a tampered state file cannot cause `lt local down` to signal arbitrary process groups.
+Sends `SIGTERM` to the detached process group (negative PID) so descendants — Vite, the Nest watcher, etc. — receive the signal too. PID values from `state.json` are validated before signaling. Best-effort: removes the project's Caddy block and reloads even if no session was active.
 
 ---
 
-### `lt local status`
+### `lt dev status`
 
-Show what is registered + running for the current project: slot, ports, db URI, PIDs (alive/dead), and live `lsof` state of the assigned ports.
+Show what is registered + running.
 
 **Usage:**
 ```bash
-lt local status
+lt dev status         # current project
+lt dev status --all   # every project in the registry
 ```
 
-**Alias:** `lt l s`
-
----
+**Alias:** `lt d s`
 
-## Ports Commands
+The current-project view shows subdomains → upstream ports, db URI, session PIDs (alive/dead), and live `lsof` state. The `--all` view lists every project, with a `●`/`○` indicator for running state.
 
-Inspect the port registry and currently-bound dev ports across all your lt projects. Useful for diagnosing collisions and rebuilding the registry from disk.
+---
 
-### `lt ports`
+### `lt dev tunnel`
 
-List all reserved registry entries side-by-side with the live `lsof` state. Issues a single `lsof` call internally for the entire slot range (3000–3899) instead of per port — runs in ~150ms regardless of how many projects are registered.
+Expose a running `lt dev up` project to the public internet via a Cloudflare Quick Tunnel. Foreground command — runs until Ctrl-C.
 
 **Usage:**
 ```bash
-lt ports
+lt dev tunnel              # tunnel the App
+lt dev tunnel --api        # tunnel the API instead
 ```
 
-**Alias:** `lt p`
+**Alias:** `lt d tun`
 
-**Output sections:**
-1. **Reserved ports (registry)** — every project entry with a `●` (bound) or `○` (free) indicator per port.
-2. **Currently bound dev ports (3000–3899)** — every port in the slot range that currently has a LISTEN socket, with command + PID + owning registry entry (if any).
+**What it does:**
+1. Checks `cloudflared` is on PATH (suggests `brew install cloudflared` otherwise).
+2. Confirms the Caddy daemon is up (`lt dev install` must have run).
+3. Spawns `cloudflared tunnel --url https://<slug>.localhost --http-host-header <slug>.localhost --no-tls-verify`. The host-header rewrite is required — without it Caddy would not match the project block for the random `*.trycloudflare.com` hostname.
+4. Waits for cloudflared to publish the public URL (usually 5-10s) and prints it prominently.
+
+**Caveats (also printed at runtime):**
+- Auth cookies on the localhost domain are NOT valid on the `*.trycloudflare.com` URL — users log in again on the tunnel URL.
+- Better-Auth's `trustedOrigins` won't include the random tunnel URL — login flows that validate the origin reject the request unless the URL is added explicitly to the API config.
+- Default tunnels expose ONLY the App. For full external usage (e.g. external client calling the API), start a second `lt dev tunnel --api` in another shell — the API will be reachable on its own `*.trycloudflare.com` URL.
+
+**Not yet supported (intentional scope limit):**
+- Named tunnels with a persistent URL (`cloudflared tunnel create`)
+- Multi-host tunneling in one process
+- Background/detached mode
 
 ---
 
-### `lt ports check <port>`
+### `lt dev doctor`
 
-Exit-coded port probe — useful in shell scripts.
+Diagnose Caddy / CA / DNS / port issues. Exit code 0 = all green, 1 = at least one FAIL.
 
 **Usage:**
 ```bash
-lt ports check <port>
+lt dev doctor
 ```
 
-**Exit codes:**
-| Code | Meaning |
-|------|---------|
-| `0` | Port is free |
-| `1` | Port is in use |
-| `2` | `lsof` not available, or `<port>` argument missing/invalid |
+**Alias:** `lt d doc`
 
-**Example:**
-```bash
-if lt ports check 3000; then
-  echo "API port free"
-else
-  echo "API port already bound"
-fi
-```
+**Checks:**
+1. `caddy` on PATH
+2. Caddy daemon running (admin endpoint `:2019` reachable)
+3. Caddyfile validates
+4. Ports 80 + 443 free or held by Caddy
+5. `*.localhost` resolves to `127.0.0.1` (RFC 6761)
+6. Registry status
 
 ---
 
-### `lt ports scan [dir]`
+### `lt dev test`
 
-Rebuild the registry from the filesystem. Walks the given directory (default: cwd) up to depth 3, looking for `lt.config.json` + `package.json` pairs or workspace markers (`pnpm-workspace.yaml`, `projects/`). Re-allocates a slot for new projects; preserves slots for existing entries (only refreshing the path if it moved). Writes only when the registry actually changed (no mtime churn for cloud-sync tools).
+One-shot E2E wrapper: ensure `up`, wait for the App URL, run `pnpm run test:e2e` with the `.lt-dev/.env` bridge loaded. Optional teardown after.
 
 **Usage:**
 ```bash
-lt ports scan [dir]
+lt dev test                      # App E2E (projects/app)
+lt dev test --api                # API E2E (projects/api) — no Caddy required
+lt dev test --teardown           # plus `lt dev down` after
+lt dev test --debug              # PWDEBUG=1 + HEADED=1
+lt dev test -- --ui spec.ts      # everything after `--` is forwarded to playwright
 ```
 
-**Examples:**
-```bash
-lt ports scan                       # scan from cwd
-lt ports scan ~/code/lenneTech      # scan a specific tree
-```
+**Alias:** `lt d t`
+
+**Behaviour:**
+1. Pre-flight: Caddy installed + daemon running (App mode only).
+2. If no `lt dev up` session is alive: invokes `lt dev up` first.
+3. Waits up to 30 s for the App URL to respond.
+4. Reads `<root>/.lt-dev/.env` and merges into the spawn env (existing process.env wins for keys it defines).
+5. Spawns `pnpm run test:e2e [forwarded args]` in `projects/api` (with `--api`) or `projects/app` (default).
+6. With `--teardown`, runs `lt dev down` after.
+
+**When to use this vs. `pnpm run test:e2e` directly:**
+- Use **`lt dev test`** for TDD loops, ad-hoc reproduction, or when you want a single-command "ensure-up + run + teardown" flow.
+- Use **direct `pnpm run test:e2e`** (or VS Code Playwright Extension, IDE test runners) for everyday work — the auto-injected `playwright.config.ts` bridge loads the `.lt-dev/.env` automatically, so the env is correct without the wrapper.
+
+---
+
+### ENV bridge for external test runners
+
+`lt dev up` writes a `<root>/.lt-dev/.env` file with the following keys:
+
+| Key | Source |
+|-----|--------|
+| `BASE_URL`, `APP_URL`, `NSC__BASE_URL`, `NSC__APP_URL` | Identity → `https://api.<slug>.localhost` / `https://<slug>.localhost` |
+| `NUXT_API_URL`, `NUXT_PUBLIC_API_URL`, `NUXT_PUBLIC_SITE_URL` | Same URLs for Nuxt |
+| `NUXT_PUBLIC_STORAGE_PREFIX` | Project slug |
+| `NUXT_PUBLIC_API_PROXY` | Always `false` under `lt dev` |
+| `NSC__MONGOOSE__URI`, `DATABASE_URL` | Project-namespaced DB URI (when `dbName` known) |
+| `LT_DEV_ACTIVE`, `LT_DEV_DB_NAME` | Marker keys for consumers |
+| `NODE_EXTRA_CA_CERTS` | Path to Caddy's root CA cert (auto-detected) |
+
+`lt dev migrate` injects a tiny `// >>> lt-dev:bridge >>>` block at the top of `playwright.config.ts` that loads this file at config-load time — making Playwright (CLI, IDE, VS Code extension) automatically use the `lt dev` URLs and trust the local CA, without inheriting the parent shell.
 
-Symlinks are skipped to avoid traversal loops; dotdirs and `node_modules` are not descended into.
+`lt dev down` removes the bridge file so subsequent runs without `lt dev up` fall back cleanly to the classic `localhost:3000`/`localhost:3001` defaults.
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/cli",
-  "version": "1.21.0",
+  "version": "1.23.0",
   "description": "lenne.Tech CLI: lt",
   "keywords": [
     "lenne.Tech",

package/build/commands/local/down.js

@@ -1,71 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const local_project_1 = require("../../lib/local-project");
-const port_registry_1 = require("../../lib/port-registry");
-/**
- * Stop processes started by `lt local up`. Sends SIGTERM to the
- * detached process group (negative PID) so descendants — Vite,
- * the Nest watcher etc. — receive the signal too.
- */
-const DownCommand = {
-    alias: ['d'],
-    description: 'Stop API + App',
-    hidden: false,
-    name: 'down',
-    run: (toolbox) => __awaiter(void 0, void 0, void 0, function* () {
-        const { filesystem, parameters, print: { colors, info, success, warning }, } = toolbox;
-        const layout = (0, local_project_1.resolveLayout)(filesystem.cwd(), filesystem);
-        const state = (0, port_registry_1.loadLocalState)(layout.root);
-        if (!state || (!state.pids.api && !state.pids.app)) {
-            info(colors.dim('No running processes registered for this project.'));
-            if (!parameters.options.fromGluegunMenu)
-                process.exit();
-            return 'local down: nothing to stop';
-        }
-        const stopped = [];
-        for (const [name, pid] of Object.entries(state.pids)) {
-            if (!pid)
-                continue;
-            // Defense-in-depth: refuse anything that loadLocalState's schema gate
-            // wouldn't have accepted. Prevents a tampered state.json from causing
-            // process.kill(-pid, …) to signal arbitrary process groups.
-            if (!(0, port_registry_1.isValidPid)(pid)) {
-                warning(`Refusing to signal suspicious pid ${pid} for ${name} (state.json tampered?)`);
-                continue;
-            }
-            if (!(0, port_registry_1.isPidAlive)(pid)) {
-                stopped.push(`${name} (pid ${pid}, already dead)`);
-                continue;
-            }
-            try {
-                // Negative PID kills the process group of a detached process.
-                process.kill(-pid, 'SIGTERM');
-                stopped.push(`${name} (pid ${pid})`);
-            }
-            catch (_a) {
-                try {
-                    process.kill(pid, 'SIGTERM');
-                    stopped.push(`${name} (pid ${pid}, single)`);
-                }
-                catch (_b) {
-                    warning(`Failed to stop ${name} (pid ${pid})`);
-                }
-            }
-        }
-        (0, port_registry_1.clearLocalState)(layout.root);
-        success(`Stopped: ${stopped.join(', ')}`);
-        if (!parameters.options.fromGluegunMenu)
-            process.exit();
-        return `local down: ${stopped.length} stopped`;
-    }),
-};
-module.exports = DownCommand;