@lenne.tech/cli 1.30.0 → 1.32.0

package/build/commands/dev/status.js

@@ -39,13 +39,51 @@ const StatusCommand = {
                 warning('No projects registered. Run `lt dev init` in a project.');
             }
             else {
+                // One lsof over EVERY registered internal port, so liveness reflects
+                // what is actually bound — not just whether a supervisor PID survives a
+                // crashed ts-node. (See classifyComponentHealth.)
+                const allPorts = [];
+                for (const slug of slugs) {
+                    const e = reg.projects[slug];
+                    if (e.internalPorts.api)
+                        allPorts.push(e.internalPorts.api);
+                    if (e.internalPorts.app)
+                        allPorts.push(e.internalPorts.app);
+                }
+                const snap = yield (0, dev_process_1.listenSnapshot)(allPorts);
                 for (const slug of slugs) {
                     const e = reg.projects[slug];
                     const session = (0, dev_state_1.loadSession)(e.path);
-                    const apiAlive = (session === null || session === void 0 ? void 0 : session.pids.api) ? (0, dev_state_1.isPidAlive)(session.pids.api) : false;
-                    const appAlive = (session === null || session === void 0 ? void 0 : session.pids.app) ? (0, dev_state_1.isPidAlive)(session.pids.app) : false;
-                    const status = apiAlive || appAlive ? colors.green('●') : colors.dim('○');
-                    info(`  ${status} ${slug.padEnd(30)} ${colors.dim(e.path)}`);
+                    // Only components the project actually has (a registered internal
+                    // port) count toward the health summary.
+                    const comps = [];
+                    if (e.internalPorts.api) {
+                        comps.push((0, dev_state_1.classifyComponentHealth)({ pid: session === null || session === void 0 ? void 0 : session.pids.api, portBound: snap.has(e.internalPorts.api) }));
+                    }
+                    if (e.internalPorts.app) {
+                        comps.push((0, dev_state_1.classifyComponentHealth)({ pid: session === null || session === void 0 ? void 0 : session.pids.app, portBound: snap.has(e.internalPorts.app) }));
+                    }
+                    const allRunning = comps.length > 0 && comps.every((h) => h === 'running');
+                    const anyRunning = comps.some((h) => h === 'running');
+                    const anyCrashed = comps.some((h) => h === 'crashed');
+                    let status;
+                    let note = '';
+                    if (allRunning) {
+                        status = colors.green('●');
+                    }
+                    else if (anyRunning) {
+                        // Some up, some down — honest "partially up" rather than green.
+                        status = colors.yellow('◐');
+                        note = colors.yellow('  degraded — `lt dev up` to restart the down half');
+                    }
+                    else if (anyCrashed) {
+                        status = colors.yellow('◐');
+                        note = colors.yellow('  crashed — `lt dev up` to restart');
+                    }
+                    else {
+                        status = colors.dim('○');
+                    }
+                    info(`  ${status} ${slug.padEnd(30)} ${colors.dim(e.path)}${note}`);
                     for (const [sub, host] of Object.entries(e.subdomains))
                         info(`     ${sub.padEnd(6)} https://${host}`);
                 }
@@ -128,22 +166,56 @@ const StatusCommand = {
             info(colors.dim('  no `lt dev up` session active'));
         }
         else {
-            const apiAlive = session.pids.api ? (0, dev_state_1.isPidAlive)(session.pids.api) : false;
-            const appAlive = session.pids.app ? (0, dev_state_1.isPidAlive)(session.pids.app) : false;
-            info(`  api: ${apiAlive ? colors.green('running') : colors.red('dead')} (pid ${(_a = session.pids.api) !== null && _a !== void 0 ? _a : '-'})`);
-            info(`  app: ${appAlive ? colors.green('running') : colors.red('dead')} (pid ${(_b = session.pids.app) !== null && _b !== void 0 ? _b : '-'})`);
-            info(colors.dim(`  started: ${session.startedAt}`));
-            // Live port snapshot
+            // Probe the actual ports FIRST: a component is only truly "running" when
+            // its supervisor PID is alive AND its internal port is bound. A crashed
+            // ts-node leaves nodemon alive ("waiting for file changes"), so the
+            // wrapper PID alone reads as "running" while nothing serves the port.
             const ports = [entry.internalPorts.api, entry.internalPorts.app].filter((p) => typeof p === 'number');
+            const snap = yield (0, dev_process_1.listenSnapshot)(ports);
+            const apiHealth = (0, dev_state_1.classifyComponentHealth)({
+                pid: session.pids.api,
+                portBound: entry.internalPorts.api ? snap.has(entry.internalPorts.api) : false,
+            });
+            const appHealth = (0, dev_state_1.classifyComponentHealth)({
+                pid: session.pids.app,
+                portBound: entry.internalPorts.app ? snap.has(entry.internalPorts.app) : false,
+            });
+            const label = (health) => health === 'running'
+                ? colors.green('running')
+                : health === 'crashed'
+                    ? colors.yellow('crashed (supervisor up, port not listening)')
+                    : colors.red('dead');
+            if (session.pids.api !== undefined || entry.internalPorts.api) {
+                info(`  api: ${label(apiHealth)} (pid ${(_a = session.pids.api) !== null && _a !== void 0 ? _a : '-'})`);
+            }
+            if (session.pids.app !== undefined || entry.internalPorts.app) {
+                info(`  app: ${label(appHealth)} (pid ${(_b = session.pids.app) !== null && _b !== void 0 ? _b : '-'})`);
+            }
+            info(colors.dim(`  started: ${session.startedAt}`));
+            // Live port snapshot — the authoritative "what is actually bound" view.
             if (ports.length > 0) {
                 info('');
                 info(colors.bold('  Live upstream state'));
-                const snap = yield (0, dev_process_1.listenSnapshot)(ports);
                 for (const p of ports) {
                     const r = snap.get(p);
                     info(`    ${p}: ${r ? colors.green(`bound to ${r.command} (pid ${r.pid})`) : colors.dim('free')}`);
                 }
             }
+            // Surface any present-but-not-serving component (crashed OR dead) and
+            // point at the now-selective `lt dev up`, which restarts just the down
+            // half and leaves the healthy one running.
+            const apiPresent = session.pids.api !== undefined || !!entry.internalPorts.api;
+            const appPresent = session.pids.app !== undefined || !!entry.internalPorts.app;
+            const down = [
+                apiPresent && apiHealth !== 'running' ? 'api' : null,
+                appPresent && appHealth !== 'running' ? 'app' : null,
+            ].filter((c) => c !== null);
+            if (down.length > 0) {
+                const crashed = (apiPresent && apiHealth === 'crashed') || (appPresent && appHealth === 'crashed');
+                info('');
+                warning(`  ${down.join(' + ')} not serving${crashed ? ' (supervisor still up — crashed)' : ''}. ` +
+                    `Run \`lt dev up\` to restart ${down.length === 1 ? 'it' : 'them'}.`);
+            }
         }
         // Isolated test stack (`lt dev test`), if one is up / left with --keep.
         const testSession = (0, dev_state_1.loadSession)(layout.root, dev_state_1.TEST_SESSION_FILE);

package/build/commands/dev/up.js

@@ -124,9 +124,10 @@ const UpCommand = {
                 return 'dev up: slug in use by another checkout';
             }
         }
-        // Sanft auto-migrate sichere Operationen (ohne Code-Modifikation):
-        // CLAUDE.md-URL-Block einfügen + .gitignore ergänzen.
-        // Code-Patches (config.env.ts, nuxt.config.ts) bleiben explizit `lt dev init`.
+        // Auto-establish every prerequisite so the user never has to run `lt dev
+        // init` first: CLAUDE.md URL block (base only) + `.gitignore` + the code
+        // patches that make config.env.ts / nuxt.config.ts / playwright.config.ts
+        // honour the env `lt dev` injects (PORT, URLs).
         {
             // NEVER patch the git-tracked CLAUDE.md for a ticket worktree: it would
             // differ per worktree and risk committing ticket-specific URLs. The lt-dev
@@ -149,46 +150,41 @@ const UpCommand = {
                 info(colors.dim('added `.lt-dev/` to .gitignore'));
             }
         }
-        // Warnung bei Legacy-Code (hardcoded ports) — kein Auto-Patch.
+        // Self-heal legacy hardcoded ports instead of just warning. An unmigrated
+        // project hardcodes `port: 3000`/`3001` and ignores the injected `PORT`, so
+        // it binds the framework defaults and misses Caddy → the (ticket) URLs don't
+        // route and collide with parallel stacks. `autoPatch` is idempotent (no-op on
+        // an already-env-aware config) and only ever touches config.env.ts /
+        // nuxt.config.ts / playwright.config.ts — never CLAUDE.md — so it is safe in a
+        // ticket worktree. In a worktree these are uncommitted patches; `lt ticket
+        // stop` recognises a pristine lt-dev patch and tears down without `--force`.
         {
-            const legacyFiles = [];
+            const filesToPatch = [];
             if (layout.apiDir) {
-                const f = (0, dev_project_1.apiNeedsPortPatch)(layout.apiDir);
-                if (f)
-                    legacyFiles.push(f);
+                const apiCfg = (0, path_1.join)(layout.apiDir, 'src', 'config.env.ts');
+                if ((0, fs_1.existsSync)(apiCfg))
+                    filesToPatch.push(apiCfg);
             }
-            if (layout.appDir)
-                legacyFiles.push(...(0, dev_project_1.appNeedsPortPatch)(layout.appDir));
-            if (legacyFiles.length > 0) {
-                warning('Legacy hardcoded ports detected — Caddy will proxy correctly only after running `lt dev init`:');
-                legacyFiles.forEach((f) => info(colors.dim(`  - ${f}`)));
-                info(colors.dim('  (Continuing — env-aware files will work; legacy files may bind on 3000/3001 and miss Caddy.)'));
+            if (layout.appDir) {
+                for (const rel of ['nuxt.config.ts', 'playwright.config.ts']) {
+                    const f = (0, path_1.join)(layout.appDir, rel);
+                    if ((0, fs_1.existsSync)(f))
+                        filesToPatch.push(f);
+                }
             }
-        }
-        // Already running?
-        const existingSession = (0, dev_state_1.loadSession)(layout.root);
-        if (existingSession) {
-            const apiUp = existingSession.pids.api ? (0, dev_state_1.isPidAlive)(existingSession.pids.api) : false;
-            const appUp = existingSession.pids.app ? (0, dev_state_1.isPidAlive)(existingSession.pids.app) : false;
-            if (apiUp || appUp) {
-                warning(`Already running (api pid ${(_a = existingSession.pids.api) !== null && _a !== void 0 ? _a : '-'}, app pid ${(_b = existingSession.pids.app) !== null && _b !== void 0 ? _b : '-'}).`);
-                // Surface the bound URLs so the user can copy them out without having
-                // to look up `lt dev status` separately. Falls back to the in-process
-                // identity/registry data — both sources stay in sync via saveRegistry.
-                const existingEntry = (0, dev_state_1.loadRegistry)().projects[identity.slug];
-                printProjectUrls(info, {
-                    apiHostname: (_c = identity.subdomains.api) === null || _c === void 0 ? void 0 : _c.hostname,
-                    apiUpstreamPort: existingEntry === null || existingEntry === void 0 ? void 0 : existingEntry.internalPorts.api,
-                    appHostname: (_d = identity.subdomains.app) === null || _d === void 0 ? void 0 : _d.hostname,
-                    appUpstreamPort: existingEntry === null || existingEntry === void 0 ? void 0 : existingEntry.internalPorts.app,
-                    dbName: (_e = existingEntry === null || existingEntry === void 0 ? void 0 : existingEntry.dbName) !== null && _e !== void 0 ? _e : dbName,
-                });
-                info('Run `lt dev down` first.');
-                if (!parameters.options.fromGluegunMenu)
-                    process.exit(1);
-                return 'dev up: already running';
+            const patched = filesToPatch.map((f) => (0, dev_patches_1.autoPatch)(f)).filter((r) => r.patched);
+            if (patched.length > 0) {
+                patched.forEach((r) => success(`patched ${r.replacements}× in ${r.file} (env-aware ports for lt dev)`));
+                if (ticket) {
+                    info(colors.dim('  (worktree config self-healed — auto-discarded on `lt ticket stop`, or commit it to migrate the project)'));
+                }
             }
         }
+        // Load any existing session up-front. The "is it already running?" decision
+        // is deliberately deferred until AFTER port allocation: a recorded wrapper
+        // PID being alive is NOT proof a component serves (a crashed ts-node leaves
+        // nodemon alive), so we probe the actual internal ports once we know them.
+        const existingSession = (0, dev_state_1.loadSession)(layout.root);
         // Allocate internal ports (reuse existing if registered), verify they are
         // free, AND reserve them in the registry — all ATOMICALLY under a cross-
         // process lock, so two simultaneous `lt ticket start` (each → `lt dev up`)
@@ -197,15 +193,34 @@ const UpCommand = {
         let appPort;
         try {
             yield (0, dev_state_1.withRegistryLock)(() => __awaiter(void 0, void 0, void 0, function* () {
-                var _a, _b;
                 const reg = (0, dev_state_1.loadRegistry)();
                 const entry = reg.projects[identity.slug];
                 const taken = (0, dev_state_1.takenInternalPorts)(reg, identity.slug);
-                apiPort = (_a = entry === null || entry === void 0 ? void 0 : entry.internalPorts.api) !== null && _a !== void 0 ? _a : (layout.apiDir ? (0, dev_state_1.allocateInternalPort)(4000, taken) : undefined);
+                let apiPortReused = false;
+                let appPortReused = false;
+                if (entry === null || entry === void 0 ? void 0 : entry.internalPorts.api) {
+                    apiPort = entry.internalPorts.api;
+                    apiPortReused = true;
+                }
+                else if (layout.apiDir) {
+                    apiPort = (0, dev_state_1.allocateInternalPort)(4000, taken);
+                }
                 if (apiPort)
                     taken.add(apiPort);
-                appPort = (_b = entry === null || entry === void 0 ? void 0 : entry.internalPorts.app) !== null && _b !== void 0 ? _b : (layout.appDir ? (0, dev_state_1.allocateInternalPort)(4000, taken) : undefined);
-                const portsToCheck = [apiPort, appPort].filter((p) => typeof p === 'number');
+                if (entry === null || entry === void 0 ? void 0 : entry.internalPorts.app) {
+                    appPort = entry.internalPorts.app;
+                    appPortReused = true;
+                }
+                else if (layout.appDir) {
+                    appPort = (0, dev_state_1.allocateInternalPort)(4000, taken);
+                }
+                // Only FRESHLY allocated ports must be verified free here. A reused
+                // (registered) port may legitimately be bound by our own still-healthy
+                // component; the spawn phase below decides per-component whether to keep
+                // or restart it (and reclaims a reused port held by a crashed/orphaned
+                // process). Free-checking a reused port would falsely abort a partial
+                // restart of just the crashed half.
+                const portsToCheck = [apiPortReused ? undefined : apiPort, appPortReused ? undefined : appPort].filter((p) => typeof p === 'number');
                 const snap = yield (0, dev_process_1.listenSnapshot)(portsToCheck);
                 for (const p of portsToCheck) {
                     const r = snap.get(p);
@@ -232,6 +247,49 @@ const UpCommand = {
                 process.exit(1);
             return 'dev up: port in use';
         }
+        // ── Health-aware (re)start decision ──────────────────────────────────────
+        // Probe the just-resolved ports so we can tell a still-serving component
+        // from a crashed one (supervisor PID alive, port free). Only dead/crashed
+        // components get (re)started; a healthy one keeps running untouched.
+        const hasApi = Boolean(layout.apiDir && (0, fs_1.existsSync)((0, path_1.join)(layout.apiDir, 'package.json')) && apiPort);
+        const hasApp = Boolean(layout.appDir && (0, fs_1.existsSync)((0, path_1.join)(layout.appDir, 'package.json')) && appPort);
+        const healthSnap = yield (0, dev_process_1.listenSnapshot)([apiPort, appPort].filter((p) => typeof p === 'number'));
+        const apiHealth = hasApi
+            ? (0, dev_state_1.classifyComponentHealth)({ pid: existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.api, portBound: !!apiPort && healthSnap.has(apiPort) })
+            : undefined;
+        const appHealth = hasApp
+            ? (0, dev_state_1.classifyComponentHealth)({ pid: existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.app, portBound: !!appPort && healthSnap.has(appPort) })
+            : undefined;
+        // All present components already serving → nothing to do.
+        const presentHealth = [apiHealth, appHealth].filter((h) => h !== undefined);
+        if (presentHealth.length > 0 && presentHealth.every((h) => h === 'running')) {
+            warning(`Already running (api pid ${(_a = existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.api) !== null && _a !== void 0 ? _a : '-'}, app pid ${(_b = existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.app) !== null && _b !== void 0 ? _b : '-'}) — all components healthy.`);
+            const existingEntry = (0, dev_state_1.loadRegistry)().projects[identity.slug];
+            printProjectUrls(info, {
+                apiHostname: (_c = identity.subdomains.api) === null || _c === void 0 ? void 0 : _c.hostname,
+                apiUpstreamPort: existingEntry === null || existingEntry === void 0 ? void 0 : existingEntry.internalPorts.api,
+                appHostname: (_d = identity.subdomains.app) === null || _d === void 0 ? void 0 : _d.hostname,
+                appUpstreamPort: existingEntry === null || existingEntry === void 0 ? void 0 : existingEntry.internalPorts.app,
+                dbName: (_e = existingEntry === null || existingEntry === void 0 ? void 0 : existingEntry.dbName) !== null && _e !== void 0 ? _e : dbName,
+            });
+            info('Run `lt dev down` first to force a full restart.');
+            if (!parameters.options.fromGluegunMenu)
+                process.exit();
+            return 'dev up: already running';
+        }
+        // Partial restart — at least one component is healthy and at least one is
+        // down. Announce what we keep vs. restart so the user sees the honest state.
+        const partialRestart = presentHealth.some((h) => h === 'running');
+        if (partialRestart) {
+            if (apiHealth === 'running')
+                info(colors.dim(`api healthy (pid ${existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.api}) → keeping`));
+            else if (apiHealth)
+                warning(`api ${apiHealth} (port ${apiPort} not serving) → restarting`);
+            if (appHealth === 'running')
+                info(colors.dim(`app healthy (pid ${existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.app}) → keeping`));
+            else if (appHealth)
+                warning(`app ${appHealth} (port ${appPort} not serving) → restarting`);
+        }
         // Caddy block + reload.
         const routes = [];
         if (identity.subdomains.api && apiPort)
@@ -271,40 +329,77 @@ const UpCommand = {
         const pnpmBin = process.env.LT_PNPM_BIN || 'pnpm';
         const pids = {};
         const rotationNotes = [];
-        if (layout.apiDir && (0, fs_1.existsSync)((0, path_1.join)(layout.apiDir, 'package.json')) && apiPort) {
-            const apiResult = (0, dev_process_1.spawnDetached)(pnpmBin, ['start'], {
-                cwd: layout.apiDir,
-                env: devEnv.api.env,
-                logFile: (0, path_1.join)(layout.root, '.lt-dev', 'api.log'),
-            });
-            if (apiResult) {
-                pids.api = apiResult.pid;
-                if (apiResult.rotated.rotated && apiResult.rotated.archivePath !== undefined) {
-                    rotationNotes.push(formatRotationNote('api', apiResult.rotated.archivePath, (_f = apiResult.rotated.previousSize) !== null && _f !== void 0 ? _f : 0));
+        const started = [];
+        const kept = [];
+        // Free a reused internal port before respawning: stop a CRASHED component's
+        // still-alive supervisor group (otherwise its idle nodemon leaks and a
+        // second one stacks on top), and kill any orphaned listener squatting the
+        // port (e.g. a ts-node whose supervisor already died). No-op on a clean
+        // first start (no prev PID, port free).
+        const reclaimPort = (prevPid, port, health) => __awaiter(void 0, void 0, void 0, function* () {
+            if (health === 'crashed' && prevPid)
+                yield (0, dev_process_1.terminateProcessGroup)(prevPid);
+            const bound = port ? healthSnap.get(port) : undefined;
+            if (bound === null || bound === void 0 ? void 0 : bound.pid)
+                yield (0, dev_process_1.terminateProcessGroup)(bound.pid);
+        });
+        if (hasApi && layout.apiDir && apiPort) {
+            if (apiHealth === 'running') {
+                pids.api = existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.api;
+                kept.push('api');
+            }
+            else {
+                yield reclaimPort(existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.api, apiPort, apiHealth !== null && apiHealth !== void 0 ? apiHealth : 'dead');
+                const apiResult = (0, dev_process_1.spawnDetached)(pnpmBin, ['start'], {
+                    cwd: layout.apiDir,
+                    env: devEnv.api.env,
+                    logFile: (0, path_1.join)(layout.root, '.lt-dev', 'api.log'),
+                });
+                if (apiResult) {
+                    pids.api = apiResult.pid;
+                    started.push('api');
+                    if (apiResult.rotated.rotated && apiResult.rotated.archivePath !== undefined) {
+                        rotationNotes.push(formatRotationNote('api', apiResult.rotated.archivePath, (_f = apiResult.rotated.previousSize) !== null && _f !== void 0 ? _f : 0));
+                    }
                 }
             }
         }
-        if (layout.appDir && (0, fs_1.existsSync)((0, path_1.join)(layout.appDir, 'package.json')) && appPort) {
-            const appResult = (0, dev_process_1.spawnDetached)(pnpmBin, ['dev'], {
-                cwd: layout.appDir,
-                env: devEnv.app.env,
-                logFile: (0, path_1.join)(layout.root, '.lt-dev', 'app.log'),
-            });
-            if (appResult) {
-                pids.app = appResult.pid;
-                if (appResult.rotated.rotated && appResult.rotated.archivePath !== undefined) {
-                    rotationNotes.push(formatRotationNote('app', appResult.rotated.archivePath, (_g = appResult.rotated.previousSize) !== null && _g !== void 0 ? _g : 0));
+        if (hasApp && layout.appDir && appPort) {
+            if (appHealth === 'running') {
+                pids.app = existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.app;
+                kept.push('app');
+            }
+            else {
+                yield reclaimPort(existingSession === null || existingSession === void 0 ? void 0 : existingSession.pids.app, appPort, appHealth !== null && appHealth !== void 0 ? appHealth : 'dead');
+                const appResult = (0, dev_process_1.spawnDetached)(pnpmBin, ['dev'], {
+                    cwd: layout.appDir,
+                    env: devEnv.app.env,
+                    logFile: (0, path_1.join)(layout.root, '.lt-dev', 'app.log'),
+                });
+                if (appResult) {
+                    pids.app = appResult.pid;
+                    started.push('app');
+                    if (appResult.rotated.rotated && appResult.rotated.archivePath !== undefined) {
+                        rotationNotes.push(formatRotationNote('app', appResult.rotated.archivePath, (_g = appResult.rotated.previousSize) !== null && _g !== void 0 ? _g : 0));
+                    }
                 }
             }
         }
-        // Persist the session (PIDs). The registry entry (ports) was already reserved
-        // atomically before the spawn, above.
-        (0, dev_state_1.saveSession)(layout.root, { pids, startedAt: new Date().toISOString() });
+        // Persist the session (PIDs) — merging kept (healthy) + freshly started PIDs.
+        // The registry entry (ports) was already reserved atomically above. On a
+        // partial restart we preserve the original session start time.
+        const startedAt = existingSession && kept.length > 0 ? existingSession.startedAt : new Date().toISOString();
+        (0, dev_state_1.saveSession)(layout.root, { pids, startedAt });
         // Write the ENV bridge so external tools (Playwright, IDE test runners,
         // custom shell scripts) can pick up the URLs without inheriting our shell.
         const bridgePath = (0, dev_env_bridge_1.writeEnvBridge)(layout.root, devEnv, dbName);
         info(colors.dim(`ENV bridge: ${bridgePath}`));
-        success(`Started: api pid=${(_h = pids.api) !== null && _h !== void 0 ? _h : '-'}, app pid=${(_j = pids.app) !== null && _j !== void 0 ? _j : '-'}`);
+        const summary = started.length === 0
+            ? 'Nothing restarted'
+            : kept.length > 0
+                ? `Restarted ${started.join('+')} (kept ${kept.join('+')})`
+                : `Started ${started.join('+')}`;
+        success(`${summary}: api pid=${(_h = pids.api) !== null && _h !== void 0 ? _h : '-'}, app pid=${(_j = pids.app) !== null && _j !== void 0 ? _j : '-'}`);
         // Echo the bound URLs next to the PIDs as well — the "Starting" block
         // prints them before the spawn, but on a long boot log they scroll out
         // of view, so repeating them here keeps PID + URL visually grouped.

package/build/commands/ticket/stop.js

@@ -116,13 +116,15 @@ const StopCommand = {
             }
         }
         // 3. Remove the worktree (branch is kept). Auto-force when the ONLY dirty
-        //    files are framework-generated (e.g. `nuxt dev` rewrites the tracked
-        //    `.nuxtrc` on boot), which would otherwise block the remove — but NEVER
+        //    files are auto-discardable — framework-generated (e.g. `nuxt dev`
+        //    rewrites the tracked `.nuxtrc` on boot) OR pristine lt-dev self-heal
+        //    patches (config.env.ts/nuxt.config.ts/playwright.config.ts that
+        //    `lt dev up` env-aware'd) — which would otherwise block the remove. NEVER
         //    discard real source edits (those keep the non-forced remove, which
         //    errors with a hint so unsaved work is never lost).
-        const force = parameters.options.force === true || (0, dev_ticket_1.worktreeDirtyOnlyGenerated)(wt.path);
+        const force = parameters.options.force === true || (0, dev_ticket_1.worktreeDirtyOnlyAutoDiscardable)(wt.path);
         if (force && parameters.options.force !== true) {
-            info(colors.dim('  (worktree had only generated files dirty, e.g. .nuxtrc — removing)'));
+            info(colors.dim('  (worktree had only generated / lt-dev-patched files dirty — removing)'));
         }
         try {
             (0, dev_ticket_1.worktreeRemove)(mainRepoRoot, wt.path, force);

package/build/lib/dev-identity.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.buildIdentity = buildIdentity;
 exports.buildTestIdentity = buildTestIdentity;
 exports.buildTicketIdentity = buildTicketIdentity;
+exports.isUnmodifiedTemplateName = isUnmodifiedTemplateName;
 exports.projectSlug = projectSlug;
 exports.slugify = slugify;
 /**
@@ -19,6 +20,7 @@ exports.slugify = slugify;
  * The internal port behind each subdomain is opaque — Caddy proxies
  * arbitrary local ports. Developers and Claude only ever see the URL.
  */
+const child_process_1 = require("child_process");
 const fs_1 = require("fs");
 const path_1 = require("path");
 /**
@@ -104,13 +106,44 @@ function buildTicketIdentity(base, id) {
     return buildTestIdentity(base, `-${id}`);
 }
 /**
- * Read the bare project name from package.json (scope stripped).
- * Falls back to directory basename if no package.json or no `name`.
+ * package.json `name` values that are unchanged starter-template defaults.
+ *
+ * A project scaffolded by cloning a template (`git clone lenneTech/lt-monorepo
+ * my-project`) instead of running `lt fullstack init`, or one that predates the
+ * rename-on-init logic, keeps the template's default `name`. That value is not
+ * project-identifying, so {@link projectSlug} ignores it and falls back to the
+ * project directory name; `renameUnmodifiedTemplatePackage` (in package-name.ts)
+ * rewrites the field on the next `lt dev init`.
+ */
+const UNMODIFIED_TEMPLATE_NAMES = new Set(['lt-monorepo']);
+/**
+ * True when `name` matches a known unmodified starter-template default.
+ *
+ * Such names (e.g. `lt-monorepo`) are NOT project-identifying — see
+ * {@link UNMODIFIED_TEMPLATE_NAMES} — so {@link projectSlug} ignores them and
+ * derives the slug from the project directory instead.
+ */
+function isUnmodifiedTemplateName(name) {
+    return typeof name === 'string' && UNMODIFIED_TEMPLATE_NAMES.has(name);
+}
+/**
+ * Read the bare project name from package.json (scope stripped) and slugify it.
+ *
+ * Falls back to the PROJECT directory name when there is no usable name — i.e.
+ * no package.json, no `name`, or an unmodified starter-template default (e.g.
+ * `lt-monorepo`, left over from a project scaffolded before rename-on-init
+ * existed). The fallback is anchored on the MAIN git worktree, so a linked
+ * `lt ticket` worktree (`imo-2314/`) inherits the base project name (`imo`)
+ * rather than slugging to its own folder — otherwise {@link buildTicketIdentity}
+ * would double-suffix it to `imo-2314-2314`.
  */
 function projectSlug(root) {
+    var _a;
     const fromPkg = readPackageName(root);
-    const raw = fromPkg || (0, path_1.basename)(root);
-    return slugify(raw);
+    if (fromPkg && !isUnmodifiedTemplateName(fromPkg)) {
+        return slugify(fromPkg);
+    }
+    return slugify((0, path_1.basename)((_a = mainWorktreeDir(root)) !== null && _a !== void 0 ? _a : root));
 }
 /** Lowercase, alphanumerics + dashes only, trimmed dashes. */
 function slugify(input) {
@@ -119,6 +152,28 @@ function slugify(input) {
         .replace(/[^a-z0-9]+/g, '-')
         .replace(/^-+|-+$/g, '');
 }
+/**
+ * Best-effort directory of the MAIN git worktree containing `root`.
+ *
+ * For a linked worktree (e.g. an `lt ticket` worktree `imo-2314/`) this resolves
+ * to the primary checkout (`imo/`), NOT the worktree folder: `--git-common-dir`
+ * is the shared `.git`, identical for every worktree, and its parent is the main
+ * repo root. Used only by {@link projectSlug}'s fallback so every worktree
+ * inherits the same base project name. Returns null when `root` is outside a git
+ * repo or git is unavailable.
+ */
+function mainWorktreeDir(root) {
+    try {
+        const commonDir = (0, child_process_1.execFileSync)('git', ['-C', root, 'rev-parse', '--path-format=absolute', '--git-common-dir'], {
+            encoding: 'utf8',
+            stdio: ['ignore', 'pipe', 'ignore'],
+        }).trim();
+        return commonDir ? (0, path_1.dirname)(commonDir) : null;
+    }
+    catch (_a) {
+        return null;
+    }
+}
 /** Read `name` from package.json, scope-stripped (e.g. `@lenne.tech/foo` → `foo`). */
 function readPackageName(dir) {
     const pkgPath = (0, path_1.join)(dir, 'package.json');

package/build/lib/dev-state.js

@@ -10,6 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.paths = exports.TEST_SESSION_FILE = void 0;
+exports.classifyComponentHealth = classifyComponentHealth;
 exports.allocateInternalPort = allocateInternalPort;
 exports.clearSession = clearSession;
 exports.detectSlugConflict = detectSlugConflict;
@@ -36,6 +37,17 @@ exports.withRegistryLock = withRegistryLock;
 const fs_1 = require("fs");
 const os_1 = require("os");
 const path_1 = require("path");
+/**
+ * Classify a component's true health from its recorded wrapper PID plus whether
+ * its internal port is actually bound (caller provides the port probe result,
+ * typically from a single {@link import('./dev-process').listenSnapshot} call).
+ */
+function classifyComponentHealth(opts) {
+    const wrapperAlive = typeof opts.pid === 'number' && isPidAlive(opts.pid);
+    if (!wrapperAlive)
+        return 'dead';
+    return opts.portBound ? 'running' : 'crashed';
+}
 const REGISTRY_PATH = process.env.LT_DEV_REGISTRY_PATH || (0, path_1.join)((0, os_1.homedir)(), '.lenneTech', 'projects.json');
 const SESSION_DIR = '.lt-dev';
 const SESSION_FILE = 'state.json';

package/build/lib/dev-test-session.js

@@ -47,6 +47,7 @@ const caddy_1 = require("./caddy");
 const dev_env_1 = require("./dev-env");
 const dev_env_bridge_1 = require("./dev-env-bridge");
 const dev_identity_1 = require("./dev-identity");
+const dev_patches_1 = require("./dev-patches");
 const dev_process_1 = require("./dev-process");
 const dev_project_1 = require("./dev-project");
 const dev_state_1 = require("./dev-state");
@@ -96,6 +97,31 @@ function bringUpTestSession(layout_1, baseIdentity_1, log_1) {
         const { dbName, testIdentity } = resolveTestSession(layout, baseIdentity, shardIndex, devDbName);
         // Always start from a clean slate — reclaim a stale/crashed test session.
         yield tearDownTestSession(layout, baseIdentity, log, { shardIndex, silent: true });
+        // Self-heal legacy hardcoded ports BEFORE the build below — the test API runs
+        // COMPILED (`node dist/...`), so config.env.ts must already honour the injected
+        // `PORT` or the compiled bundle binds 3000 and misses Caddy. Belt-and-suspenders
+        // for a project that never ran `lt dev up` first; idempotent and only ever
+        // touches the three configs (never CLAUDE.md), so it is ticket-safe. Mirrors the
+        // self-heal in `lt dev up` (see commands/dev/up.ts).
+        {
+            const filesToPatch = [];
+            if (layout.apiDir) {
+                const apiCfg = (0, path_1.join)(layout.apiDir, 'src', 'config.env.ts');
+                if ((0, fs_1.existsSync)(apiCfg))
+                    filesToPatch.push(apiCfg);
+            }
+            if (layout.appDir) {
+                for (const rel of ['nuxt.config.ts', 'playwright.config.ts']) {
+                    const f = (0, path_1.join)(layout.appDir, rel);
+                    if ((0, fs_1.existsSync)(f))
+                        filesToPatch.push(f);
+                }
+            }
+            for (const r of filesToPatch.map((f) => (0, dev_patches_1.autoPatch)(f))) {
+                if (r.patched)
+                    log.info(`patched ${r.replacements}× in ${r.file} (env-aware ports for lt dev test)`);
+            }
+        }
         // Allocate internal ports AND reserve them in the registry ATOMICALLY, under a
         // cross-process lock — so two parallel `lt dev test` runs (different ticket
         // worktrees) can never read the registry, pick the same free ports, and both

package/build/lib/dev-ticket.js

@@ -13,6 +13,7 @@ exports.pnpmInstall = pnpmInstall;
 exports.readTicketMarker = readTicketMarker;
 exports.resolveDevIdentity = resolveDevIdentity;
 exports.worktreeAdd = worktreeAdd;
+exports.worktreeDirtyOnlyAutoDiscardable = worktreeDirtyOnlyAutoDiscardable;
 exports.worktreeDirtyOnlyGenerated = worktreeDirtyOnlyGenerated;
 exports.worktreePathFor = worktreePathFor;
 exports.worktreeRemove = worktreeRemove;
@@ -39,8 +40,10 @@ exports.writeTicketMarker = writeTicketMarker;
  */
 const child_process_1 = require("child_process");
 const fs_1 = require("fs");
+const os_1 = require("os");
 const path_1 = require("path");
 const dev_identity_1 = require("./dev-identity");
+const dev_patches_1 = require("./dev-patches");
 const dev_project_1 = require("./dev-project");
 const dev_state_1 = require("./dev-state");
 /** Marker file (under `.lt-dev/`) that tags a worktree with its ticket id. */
@@ -261,6 +264,19 @@ function worktreeAdd(repoDir, worktreePath, branch, baseRef) {
 }
 /** Framework-generated / ephemeral paths a dev/build run dirties (never real work). */
 const GENERATED_PATHS = /(^|\/)(\.nuxtrc|\.nuxt|\.nitro|\.output|dist|\.turbo|\.cache|\.eslintcache)(\/|$)|\.tsbuildinfo$/;
+/** The three git-tracked configs `lt dev up` self-heals to be env-aware. */
+const LT_DEV_MANAGED_CONFIG = /(?:^|\/)(?:config\.env\.ts|nuxt\.config\.ts|playwright\.config\.ts)$/;
+/**
+ * True when a worktree has uncommitted changes AND every one is auto-discardable
+ * (framework-generated OR a pristine lt-dev self-heal patch). Lets `lt ticket
+ * stop` force-remove a provisioning-only worktree — e.g. an unmigrated project
+ * whose configs `lt dev up` env-aware'd — without `--force` and without ever
+ * discarding real developer work.
+ */
+function worktreeDirtyOnlyAutoDiscardable(worktreePath) {
+    const { autoDiscardable, realDirty } = classifyWorktreeDirt(worktreePath);
+    return realDirty.length === 0 && autoDiscardable.length > 0;
+}
 /**
  * True ONLY when a worktree has uncommitted changes AND every one is a
  * framework-generated / ephemeral file (`.nuxtrc`, `.nuxt`, `.output`, …).
@@ -268,14 +284,7 @@ const GENERATED_PATHS = /(^|\/)(\.nuxtrc|\.nuxt|\.nitro|\.output|dist|\.turbo|\.
  * `git worktree remove`; this lets `lt ticket stop` auto-clean those safely.
  */
 function worktreeDirtyOnlyGenerated(worktreePath) {
-    let out = '';
-    try {
-        out = git(worktreePath, ['status', '--porcelain', '--untracked-files=all']);
-    }
-    catch (_a) {
-        return false;
-    }
-    const lines = out.split(/\r?\n/).filter((l) => l.trim());
+    const lines = gitStatusPorcelain(worktreePath);
     if (lines.length === 0)
         return false; // clean → no force needed
     return lines.every((line) => GENERATED_PATHS.test(porcelainPath(line)));
@@ -301,25 +310,19 @@ function worktreeRemove(repoDir, worktreePath, force = false) {
  * the branch not on any remote (the branch is kept on stop, but local-only).
  */
 function worktreeSafetyReport(worktreePath) {
-    let status = '';
-    try {
-        status = git(worktreePath, ['status', '--porcelain', '--untracked-files=all']);
-    }
-    catch (_a) {
-        return { dirtySource: [], unpushed: 0 };
-    }
-    const dirtySource = status
-        .split(/\r?\n/)
-        .filter((l) => l.trim())
-        .filter((l) => !GENERATED_PATHS.test(porcelainPath(l)));
+    // Only REAL developer work counts as dirtySource — framework-generated files
+    // AND pristine lt-dev self-heal patches (config.env.ts/nuxt.config.ts/
+    // playwright.config.ts that `lt dev up` env-aware'd) are auto-discardable, so
+    // `lt ticket stop` never refuses over them.
+    const { realDirty } = classifyWorktreeDirt(worktreePath);
     let unpushed = 0;
     try {
         unpushed = Number(git(worktreePath, ['rev-list', '--count', 'HEAD', '--not', '--remotes'])) || 0;
     }
-    catch (_b) {
+    catch (_a) {
         /* no remotes / detached HEAD → cannot determine; treat as 0 */
     }
-    return { dirtySource, unpushed };
+    return { dirtySource: realDirty, unpushed };
 }
 /** Write the ticket marker that tags a worktree (created by `lt ticket start`). */
 function writeTicketMarker(root, id) {
@@ -327,6 +330,24 @@ function writeTicketMarker(root, id) {
     (0, fs_1.mkdirSync)(dir, { recursive: true });
     (0, fs_1.writeFileSync)((0, path_1.join)(dir, TICKET_MARKER), `${id}\n`, 'utf8');
 }
+/**
+ * Split a worktree's uncommitted changes into "auto-discardable" (framework-
+ * generated files + pristine lt-dev self-heal patches) and "real" developer work.
+ * `lt ticket stop` may force-remove a worktree whose changes are ALL
+ * auto-discardable; anything in `realDirty` blocks removal (work could be lost).
+ */
+function classifyWorktreeDirt(worktreePath) {
+    const autoDiscardable = [];
+    const realDirty = [];
+    for (const line of gitStatusPorcelain(worktreePath)) {
+        const p = porcelainPath(line);
+        if (GENERATED_PATHS.test(p) || isPristineLtDevPatch(worktreePath, p))
+            autoDiscardable.push(p);
+        else
+            realDirty.push(p);
+    }
+    return { autoDiscardable, realDirty };
+}
 function finalizeWorktree(partial) {
     var _a, _b;
     const path = (_a = partial.path) !== null && _a !== void 0 ? _a : '';
@@ -336,6 +357,73 @@ function finalizeWorktree(partial) {
 function git(cwd, args) {
     return (0, child_process_1.execFileSync)('git', args, { cwd, encoding: 'utf8' }).trim();
 }
+/**
+ * `git status --porcelain` lines, each kept VERBATIM (not trimmed).
+ *
+ * Crucial: a tracked-but-modified file's porcelain prefix begins with a space
+ * (` M path`), so trimming the blob (as the generic `git()` helper does) would
+ * eat that leading space and shift `porcelainPath`'s `slice(3)` by one,
+ * corrupting the path (`projects/…` → `rojects/…`). Returns [] on error.
+ */
+function gitStatusPorcelain(cwd) {
+    let out = '';
+    try {
+        out = (0, child_process_1.execFileSync)('git', ['-C', cwd, 'status', '--porcelain', '--untracked-files=all'], { encoding: 'utf8' });
+    }
+    catch (_a) {
+        return [];
+    }
+    return out.split(/\r?\n/).filter((l) => l.trim() !== '');
+}
+/**
+ * True when the dirty tracked file at `relPath` (relative to the worktree root)
+ * differs from its committed (HEAD) version by EXACTLY the lt-dev self-heal
+ * patch — i.e. `lt dev up` env-aware'd a legacy config and the developer made no
+ * other edit. Verified by re-deriving: apply the same `autoPatch` to the HEAD
+ * blob and compare to the working-tree content. Any extra developer edit makes
+ * the two differ → treated as real work (never auto-discarded).
+ *
+ * Only the three lt-dev-managed configs qualify; everything else returns false.
+ */
+function isPristineLtDevPatch(worktreePath, relPath) {
+    if (!LT_DEV_MANAGED_CONFIG.test(relPath))
+        return false;
+    let head;
+    try {
+        // NOT the trimming `git()` helper — the trailing newline must survive so the
+        // comparison against the (untrimmed) working-tree content is exact.
+        head = (0, child_process_1.execFileSync)('git', ['-C', worktreePath, 'show', `HEAD:${relPath}`], { encoding: 'utf8' });
+    }
+    catch (_a) {
+        return false; // not tracked at HEAD (e.g. a brand-new file) → never auto-discard
+    }
+    let current;
+    try {
+        current = (0, fs_1.readFileSync)((0, path_1.join)(worktreePath, relPath), 'utf8');
+    }
+    catch (_b) {
+        return false;
+    }
+    // Re-derive what `lt dev up`'s autoPatch produced from the HEAD blob. autoPatch
+    // dispatches by filename suffix, so the temp file must keep the basename.
+    const tmp = (0, path_1.join)((0, os_1.tmpdir)(), `lt-dev-verify-${process.pid}-${(0, path_1.basename)(relPath)}`);
+    try {
+        (0, fs_1.writeFileSync)(tmp, head, 'utf8');
+        (0, dev_patches_1.autoPatch)(tmp);
+        return (0, fs_1.readFileSync)(tmp, 'utf8') === current;
+    }
+    catch (_c) {
+        return false;
+    }
+    finally {
+        try {
+            (0, fs_1.unlinkSync)(tmp);
+        }
+        catch (_d) {
+            /* best-effort cleanup */
+        }
+    }
+}
 /** Path from a `git status --porcelain` line ("XY <path>" / "XY <old> -> <new>"). */
 function porcelainPath(line) {
     var _a;

package/build/lib/package-name.js

@@ -1,29 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isUnmodifiedTemplateName = isUnmodifiedTemplateName;
+exports.isUnmodifiedTemplateName = void 0;
 exports.renameUnmodifiedTemplatePackage = renameUnmodifiedTemplatePackage;
 exports.setPackageName = setPackageName;
 const path_1 = require("path");
 const dev_identity_1 = require("./dev-identity");
-/**
- * package.json `name` values that are unchanged starter-template defaults.
- *
- * When a user clones a template manually (`git clone lenneTech/lt-monorepo
- * my-project`) instead of running `lt fullstack init`, the `name` field
- * stays at the template's default. That field is what
- * `dev-identity#projectSlug` reads to derive `<slug>.localhost`, so every
- * cloned project would collide on `https://lt-monorepo.localhost`.
- *
- * `lt fullstack init` rewrites this field already (see `setPackageName`);
- * the detection here is the safety net for projects that bypassed init.
- */
-const UNMODIFIED_TEMPLATE_NAMES = new Set(['lt-monorepo']);
-/**
- * True when `name` matches a known unmodified starter template default.
- */
-function isUnmodifiedTemplateName(name) {
-    return typeof name === 'string' && UNMODIFIED_TEMPLATE_NAMES.has(name);
-}
+// `isUnmodifiedTemplateName` and the template-name detection now live in
+// `dev-identity.ts` (the slug owner — `projectSlug` needs the same check to
+// ignore an unmodified `lt-monorepo` name). Re-exported here so existing
+// importers / tests of the package-name surface keep working unchanged.
+var dev_identity_2 = require("./dev-identity");
+Object.defineProperty(exports, "isUnmodifiedTemplateName", { enumerable: true, get: function () { return dev_identity_2.isUnmodifiedTemplateName; } });
 /**
  * If the package.json at `<projectRoot>/package.json` still carries an
  * unmodified starter-template `name` (e.g. `lt-monorepo` from a raw
@@ -47,7 +34,7 @@ function renameUnmodifiedTemplatePackage(options) {
     if (!pkg || typeof pkg !== 'object' || Array.isArray(pkg))
         return null;
     const currentName = typeof pkg.name === 'string' ? pkg.name : null;
-    if (!isUnmodifiedTemplateName(currentName))
+    if (!(0, dev_identity_1.isUnmodifiedTemplateName)(currentName))
         return null;
     // Slugify the directory basename: npm names must be lowercase and
     // URL-safe, and this keeps the rewritten value consistent with what
@@ -56,7 +43,7 @@ function renameUnmodifiedTemplatePackage(options) {
     // back). Anything else would produce a slug mismatch between
     // package.json and `<slug>.localhost`.
     const derived = (0, dev_identity_1.slugify)((0, path_1.basename)(projectRoot));
-    if (!derived || isUnmodifiedTemplateName(derived))
+    if (!derived || (0, dev_identity_1.isUnmodifiedTemplateName)(derived))
         return null;
     const written = setPackageName({ filesystem, name: derived, packageJsonPath });
     return written ? derived : null;

package/docs/commands.md

@@ -451,8 +451,23 @@ lt dev up
 **Pre-flight guards (exit code 1 each):**
 - Caddy not installed (`lt dev install` first)
 - Caddy daemon not running (run `lt dev install` — it bootstraps the lt-dev service)
-- Already running for this project (`lt dev down` first)
-- Internal port already in use
+- A FRESHLY allocated internal port is already in use by a foreign process
+
+**Health-aware (re)start (idempotent):** `lt dev up` is safe to re-run. It probes
+the actual internal ports — not just the recorded supervisor PID — so it can tell
+a still-serving component from a *crashed* one (the supervisor / nodemon survives a
+ts-node crash and the recorded PID stays alive while nothing listens on the port).
+Behaviour:
+- **All present components truly serving** → no-op, exits 0 with "already running".
+- **Some serving, some down** → restarts ONLY the down component(s); a healthy one
+  keeps running untouched and its PID is preserved in the session.
+- Before respawning a crashed component it terminates that supervisor's whole
+  process group (so its idle `nodemon` doesn't leak / stack a second one) and
+  reclaims any orphaned listener still squatting the reused port.
+
+This is the fix for the "`status` says api running but no data loads" case: a
+crashed ts-node dev API is healed by simply re-running `lt dev up` (it does not
+fall back to compiled `node dist` — ts-node is kept so code edits hot-reload).
 
 **Logs:** `<root>/.lt-dev/api.log`, `<root>/.lt-dev/app.log` (append-mode).
 
@@ -485,7 +500,19 @@ lt dev status --all   # every project in the registry
 
 **Alias:** `lt d s`
 
-The current-project view shows subdomains → upstream ports, db URI, session PIDs (alive/dead), and live `lsof` state. The `--all` view lists every project, with a `●`/`○` indicator for running state.
+The current-project view shows subdomains → upstream ports, db URI, per-component
+health, and live `lsof` state. **Health is honest:** a component is reported
+`running` only when its supervisor PID is alive AND its internal port is actually
+bound. A supervisor that survived a ts-node crash (PID alive, port free) is shown
+as `crashed (supervisor up, port not listening)` instead of the old misleading
+`running`, with a hint to run `lt dev up` to restart just that one.
+
+The `--all` view lists every project with a single indicator:
+- `●` (green) — all present components serving
+- `◐` (yellow) — `degraded` (some up, some down) or `crashed` (supervisor up, port free)
+- `○` (dim) — stopped
+
+A single `lsof` snapshot covers every registered port, so `--all` stays fast.
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lenne.tech/cli",
-  "version": "1.30.0",
+  "version": "1.32.0",
   "description": "lenne.Tech CLI: lt",
   "keywords": [
     "lenne.Tech",
@@ -20,7 +20,8 @@
   "scripts": {
     "c": "npm run check",
     "cf": "npm run check:fix",
-    "check": "npm install && npm run format && npm run build && npm run check:start",
+    "check": "bash scripts/check.sh",
+    "check:audit": "bash scripts/check.sh --audit-only",
     "check:fix": "npm install && npm audit fix && npm run format && npm run lint:fix && npm run build && npm run check:start",
     "check:start": "bash scripts/check-cli-start.sh",
     "postinstall": "node bin/postinstall.js 2>/dev/null || true",
@@ -68,7 +69,7 @@
     "glob": "13.0.6",
     "gluegun": "5.2.2",
     "js-sha256": "0.11.1",
-    "js-yaml": "4.1.1",
+    "js-yaml": "4.2.0",
     "jsdom": "29.1.1",
     "lodash": "4.18.1",
     "open": "11.0.0",
@@ -100,10 +101,16 @@
   },
   "//overrides": {
     "brace-expansion@5.0.2 - 5.0.5": "Security fix: GHSA-jxxr-4gwj-5jf2 (large numeric range defeats max DoS protection) in brace-expansion 5.0.2-5.0.5 - transitive via minimatch under glob, @ts-morph/common, @typescript-eslint/typescript-estree. Remove once those parents resolve minimatch to a brace-expansion >=5.0.6.",
-    "semver@*": "Force latest semver 7.x across all sub-deps; gluegun@5.2.2 pins semver@7.7.0 which is stale - remove once gluegun updates its dep."
+    "semver@*": "Force latest semver 7.x across all sub-deps; gluegun@5.2.2 pins semver@7.7.0 which is stale - remove once gluegun updates its dep.",
+    "js-yaml": "Security fix: GHSA-h67p-54hq-rp68 (quadratic-complexity DoS in merge-key handling) in js-yaml <=4.1.1. Forces 4.2.0 everywhere, incl. the 3.14.2 pulled transitively by @istanbuljs/load-nyc-config under babel-plugin-istanbul (jest coverage); that loader only runs js-yaml when reading a YAML nyc config, which this project does not use. Remove once the jest toolchain resolves js-yaml >=4.2.0 itself.",
+    "form-data": "Security fix: GHSA-hmw2-7cc7-3qxx (CRLF injection via unescaped multipart field names) in form-data 4.0.0-4.0.5 - transitive via axios. Remove once axios pins form-data >=4.0.6.",
+    "@babel/core": "Security fix: GHSA-4x5r-pxfx-6jf8 (arbitrary file read via sourceMappingURL) in @babel/core <=7.29.0 - transitive via the jest toolchain. Remove once jest resolves @babel/core >=7.29.6."
   },
   "overrides": {
+    "@babel/core": "7.29.7",
     "brace-expansion@5.0.2 - 5.0.5": "5.0.6",
+    "form-data": "4.0.6",
+    "js-yaml": "4.2.0",
     "semver@*": "7.8.1"
   },
   "jest": {