gtapps/dev-down
plugins/claude-code-dev-hermit/skills/dev-down/SKILL.md
Stop the session-scoped dev server registered by /dev-up. Runs commands.dev_stop if configured (e.g., docker compose down); otherwise stops the Monitor entry directly. Verifies ports return to free-or-allowlisted state.
$ install --global
skillsauthnpx skillsauth add gtapps/claude-code-hermit dev-downInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 6:52 AM123.2s1 file scanned
SKILL.md
- name:
- dev-down
- description:
- Stop the session-scoped dev server registered by /dev-up. Runs commands.dev_stop if configured (e.g., docker compose down); otherwise stops the Monitor entry directly. Verifies ports return to free-or-allowlisted state.
/dev-down
Stop the dev-server Monitor entry that /dev-up registered. Use at task close, or before switching to work that doesn't need the server.
Prerequisites
- Verify
.claude-code-hermit/sessions/exists. - Read
.claude-code-hermit/config.jsononce. Cacheclaude-code-dev-hermit.commands.dev_stop,dev_required_ports, anddev_expected_listeners.
Plan
Gate 0 — dev-server registered
Read .claude-code-hermit/state/monitors.runtime.json. If no entry with id: "dev-server":
dev-down
monitor: no dev-server registered
status: already down
PASS-with-noop, exit.
Gate 1 — stop
If commands.dev_stop is set (e.g., docker compose down, bin/dev stop, supervisorctl stop devstack):
-
Run via
bash -c "$dev_stop"and capture exit code. -
On non-zero exit, FAIL with stdout+stderr tail and the recovery hint:
commands.dev_stop exited <code>: <tail> recovery: investigate the failed teardown; the Monitor registry entry was NOT cleared -
On success, also remove the
dev-serverentry fromstate/monitors.runtime.json(do not call TaskStop — the dev_stop command teardown supersedes the Monitor lifecycle for this case).
Otherwise (no commands.dev_stop):
- Look up the
task_idfor thedev-serverentry instate/monitors.runtime.json. - Call
TaskStopwith thattask_id. The Monitor tool's contract is SIGTERM → 10s drain → SIGKILL. - Remove the
dev-serverentry from the registry. PerwatchSKILL.md:108–110, ifTaskStopreturns an error (the watch already died), remove the entry anyway — a stale entry is worse than no entry. - Update SHELL.md
## Monitoring: change[ACTIVE] dev-server→[STOPPED] dev-server (HH:MM).
We invoke TaskStop directly rather than /claude-code-hermit:watch stop dev-server because the watch skill's stop path is functionally identical (steps 99–110 of its plan) and saves the round-trip through another skill.
Gate 2 — ports clear
If dev_required_ports is empty: skip with PASS ports: not configured.
Otherwise, re-probe via the same helper as /dev-up Gate 3:
node "${CLAUDE_PLUGIN_ROOT}/scripts/lib/port-check.js" "$(jq -nc --argjson ports "$ports_json" --argjson exp "$expected_json" '{ports:$ports,expected:$exp}')"
For each port:
-
free→ expected, record. -
allowed→ also expected (e.g., Encore daemon still owns 4000), record. -
held→ WARN (do not FAIL — the dev server has stopped from our side, but a different process now holds the port; surface so the operator can investigate):WARN port <port> still held by <process> (pid <pid>) — was something else listening?
Output
dev-down
monitor: dev-server stopped (after 1850ms)
ports: 3000 free, 4000 held by encore (allowed)
status: down
On Gate 0 short-circuit:
dev-down
monitor: no dev-server registered
status: already down
Rules
- Never
--forceor SIGKILL ad-hoc. Defer to the watch skill's drain+kill semantics. If those fail, surface to the operator with the registry entry intact. - Custom
commands.dev_stopsupersedes Monitor signals. docker-compose, supervisord, foreman all manage their own process trees — the Monitor only knows about the parent. Trust the configured stop command. - Stale registry entries (where the Monitor process already exited externally) are removed even if
watch stopreturns an error. A dead entry is worse than no entry.
Related Skills
gtapps/session-start
data-ai
VerifiedTrustedCommunity
Initializes or resumes a work session. Loads context from OPERATOR.md and SHELL.md, orients the agent, and establishes what to work on. Use at the beginning of every work session.
62SKILL.mdUpdated Apr 27, 2026
gtapps/hermit-evolve
tools
VerifiedTrustedCommunity
Evolves hermit configuration and templates after a plugin update. Detects version gaps, presents new features, walks through new settings. Run after updating the plugin.
62SKILL.mdUpdated Apr 27, 2026
gtapps/hatch
testing
VerifiedTrustedCommunity
Initializes the autonomous agent in the current project. Creates the state directory, templates, OPERATOR.md, and config.json. Appends session discipline to CLAUDE.md. Detects installed hermits. Run once per project, like git init.
62SKILL.mdUpdated Apr 27, 2026
gtapps/docker-setup
tools
VerifiedTrustedCommunity
Generates Docker scaffolding and walks the operator through the full deployment — token setup, build, start, MCP plugin configuration, workspace trust, and verification. Offers to back up and overwrite existing Docker files. Run after /hatch.
62SKILL.mdUpdated Apr 27, 2026