@stacksjs/rpx 0.4.1 → 0.5.0

package/dist/index.js

@@ -17,11 +17,10 @@ var __toESM = (mod, isNodeMode, target) => {
 };
 
 // src/start.ts
-import * as fs5 from "fs";
 import * as http from "http";
 import * as https from "https";
 import * as net from "net";
-import process20 from "process";
+import process9 from "process";
 
 // node_modules/@stacksjs/cli/dist/index.js
 import { formatWithOptions } from "util";
@@ -20468,18 +20467,90 @@ var quotes = collect([
 ]);
 var export_prompts = import_prompts.default;
 // package.json
-var version = "0.4.1";
+var version = "0.5.0";
+
+// src/config.ts
+import { homedir } from "os";
+import { join as join2 } from "path";
+
+// node_modules/bun-config/dist/index.js
+import { resolve } from "path";
+import process2 from "process";
+function deepMerge(target, source) {
+  if (Array.isArray(source) && !Array.isArray(target)) {
+    return source;
+  }
+  if (Array.isArray(source) && Array.isArray(target)) {
+    return source.map((sourceItem, index) => {
+      const targetItem = target[index];
+      if (isObject3(sourceItem) && isObject3(targetItem)) {
+        return deepMerge(targetItem, sourceItem);
+      }
+      return sourceItem;
+    });
+  }
+  if (!isObject3(source) || !isObject3(target)) {
+    return source;
+  }
+  const merged = { ...target };
+  for (const key in source) {
+    if (Object.prototype.hasOwnProperty.call(source, key)) {
+      const sourceValue = source[key];
+      const targetValue = merged[key];
+      if (sourceValue === null || sourceValue === undefined) {
+        merged[key] = sourceValue;
+      } else if (isObject3(sourceValue) && isObject3(targetValue)) {
+        merged[key] = deepMerge(targetValue, sourceValue);
+      } else {
+        merged[key] = sourceValue;
+      }
+    }
+  }
+  return merged;
+}
+function isObject3(item) {
+  return Boolean(item && typeof item === "object" && !Array.isArray(item));
+}
+async function loadConfig({ name, cwd, defaultConfig }) {
+  const configPath = resolve(cwd || process2.cwd(), `${name}.config`);
+  try {
+    const importedConfig = await import(configPath);
+    const loadedConfig = importedConfig.default || importedConfig;
+    return deepMerge(defaultConfig, loadedConfig);
+  } catch (error) {
+    return defaultConfig;
+  }
+}
+
+// src/config.ts
+var defaultConfig = {
+  from: "localhost:5173",
+  to: "stacks.localhost",
+  https: {
+    basePath: "",
+    caCertPath: join2(homedir(), ".stacks", "ssl", `stacks.localhost.ca.crt`),
+    certPath: join2(homedir(), ".stacks", "ssl", `stacks.localhost.crt`),
+    keyPath: join2(homedir(), ".stacks", "ssl", `stacks.localhost.crt.key`)
+  },
+  etcHostsCleanup: true,
+  verbose: true
+};
+var config4 = await loadConfig({
+  name: "reverse-proxy",
+  defaultConfig
+});
 
 // src/hosts.ts
 import { spawn } from "child_process";
-import fs3 from "fs";
-import os7 from "os";
-import path7 from "path";
-import process9 from "process";
+import fs5 from "fs";
+import os3 from "os";
+import path4 from "path";
+import process3 from "process";
 
 // src/https.ts
-import os5 from "os";
-import path6 from "path";
+import fs3 from "fs/promises";
+import { homedir as homedir2 } from "os";
+import { join as join4 } from "path";
 
 // node_modules/@stacksjs/tlsx/dist/index.js
 import fs2 from "fs";
@@ -20503,7 +20574,7 @@ import {
   dirname as dirname3,
   extname as extname2,
   isAbsolute as isAbsolute2,
-  join as join2,
+  join as join3,
   normalize as normalize2,
   parse as parse2,
   relative as relative2,
@@ -20528,8 +20599,8 @@ import process172 from "process";
 import process192 from "process";
 import os22 from "os";
 import path from "path";
-import { resolve } from "path";
-import process2 from "process";
+import { resolve as resolve3 } from "path";
+import process22 from "process";
 import fs from "fs";
 import path2 from "path";
 var __create3 = Object.create;
@@ -36874,11 +36945,11 @@ var __export3 = (target, all) => {
     });
 };
 var __esm2 = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
-function isObject3(value) {
+function isObject5(value) {
   return value !== null && typeof value === "object";
 }
 function _defu2(baseObject, defaults, namespace = ".", merger) {
-  if (!isObject3(defaults)) {
+  if (!isObject5(defaults)) {
     return _defu2(baseObject, {}, namespace, merger);
   }
   const object = Object.assign({}, defaults);
@@ -36895,7 +36966,7 @@ function _defu2(baseObject, defaults, namespace = ".", merger) {
     }
     if (Array.isArray(value) && Array.isArray(object[key])) {
       object[key] = [...value, ...object[key]];
-    } else if (isObject3(value) && isObject3(object[key])) {
+    } else if (isObject5(value) && isObject5(object[key])) {
       object[key] = _defu2(value, object[key], (namespace ? `${namespace}.` : "") + key.toString(), merger);
     } else {
       object[key] = value;
@@ -41302,7 +41373,7 @@ var require_prompt3 = __commonJS22((exports, module) => {
   module.exports = Prompt;
 });
 var require_text3 = __commonJS22((exports, module) => {
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -41311,7 +41382,7 @@ var require_text3 = __commonJS22((exports, module) => {
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -41319,13 +41390,13 @@ var require_text3 = __commonJS22((exports, module) => {
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -42017,7 +42088,7 @@ var require_dateparts3 = __commonJS22((exports, module) => {
   };
 });
 var require_date3 = __commonJS22((exports, module) => {
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -42026,7 +42097,7 @@ var require_date3 = __commonJS22((exports, module) => {
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -42034,13 +42105,13 @@ var require_date3 = __commonJS22((exports, module) => {
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -42242,7 +42313,7 @@ ${i ? ` ` : figures.pointerSmall} ${color.red().italic(l3)}`, ``);
   module.exports = DatePrompt;
 });
 var require_number3 = __commonJS22((exports, module) => {
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -42251,7 +42322,7 @@ var require_number3 = __commonJS22((exports, module) => {
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -42259,13 +42330,13 @@ var require_number3 = __commonJS22((exports, module) => {
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -42697,7 +42768,7 @@ Instructions:
   module.exports = MultiselectPrompt;
 });
 var require_autocomplete3 = __commonJS22((exports, module) => {
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -42706,7 +42777,7 @@ var require_autocomplete3 = __commonJS22((exports, module) => {
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -42714,13 +42785,13 @@ var require_autocomplete3 = __commonJS22((exports, module) => {
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -43369,7 +43440,7 @@ In order to be iterable, non-array objects must have a [Symbol.iterator]() metho
       arr2[i] = arr[i];
     return arr2;
   }
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -43378,7 +43449,7 @@ In order to be iterable, non-array objects must have a [Symbol.iterator]() metho
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -43386,13 +43457,13 @@ In order to be iterable, non-array objects must have a [Symbol.iterator]() metho
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -48079,7 +48150,7 @@ function projectPath2(filePath = "", options2) {
 function storagePath2(path22) {
   return projectPath2(`storage/${path22 || ""}`);
 }
-var config4 = {
+var config6 = {
   ai: {
     deploy: false,
     models: [
@@ -48656,7 +48727,7 @@ var config4 = {
     }
   }
 };
-var defaults_default2 = config4;
+var defaults_default2 = config6;
 var ai_default2 = {
   default: "meta.llama2-70b-chat-v1",
   models: [
@@ -53276,11 +53347,11 @@ var createNeverThrowError2 = (message, result, config5 = defaultErrorConfig2) =>
 };
 function __awaiter2(thisArg, _arguments, P22, generator) {
   function adopt(value) {
-    return value instanceof P22 ? value : new P22(function(resolve3) {
-      resolve3(value);
+    return value instanceof P22 ? value : new P22(function(resolve32) {
+      resolve32(value);
     });
   }
-  return new (P22 || (P22 = Promise))(function(resolve3, reject) {
+  return new (P22 || (P22 = Promise))(function(resolve32, reject) {
     function fulfilled(value) {
       try {
         step(generator.next(value));
@@ -53296,7 +53367,7 @@ function __awaiter2(thisArg, _arguments, P22, generator) {
       }
     }
     function step(result) {
-      result.done ? resolve3(result.value) : adopt(result.value).then(fulfilled, rejected);
+      result.done ? resolve32(result.value) : adopt(result.value).then(fulfilled, rejected);
     }
     step((generator = generator.apply(thisArg, _arguments || [])).next());
   });
@@ -53384,14 +53455,14 @@ function __asyncValues2(o) {
   }, i);
   function verb(n) {
     i[n] = o[n] && function(v22) {
-      return new Promise(function(resolve3, reject) {
-        v22 = o[n](v22), settle(resolve3, reject, v22.done, v22.value);
+      return new Promise(function(resolve32, reject) {
+        v22 = o[n](v22), settle(resolve32, reject, v22.done, v22.value);
       });
     };
   }
-  function settle(resolve3, reject, d, v22) {
+  function settle(resolve32, reject, d, v22) {
     Promise.resolve(v22).then(function(v3) {
-      resolve3({ value: v3, done: d });
+      resolve32({ value: v3, done: d });
     }, reject);
   }
 }
@@ -56703,7 +56774,7 @@ var quotes2 = collect2([
 ]);
 var export_prompts2 = import_prompts2.default;
 var import_node_forge2 = __toESM3(require_lib2(), 1);
-function deepMerge(target, source) {
+function deepMerge2(target, source) {
   if (Array.isArray(source) && !Array.isArray(target)) {
     return source;
   }
@@ -56711,7 +56782,7 @@ function deepMerge(target, source) {
     return source.map((sourceItem, index) => {
       const targetItem = target[index];
       if (isObject32(sourceItem) && isObject32(targetItem)) {
-        return deepMerge(targetItem, sourceItem);
+        return deepMerge2(targetItem, sourceItem);
       }
       return sourceItem;
     });
@@ -56727,7 +56798,7 @@ function deepMerge(target, source) {
       if (sourceValue === null || sourceValue === undefined) {
         merged[key] = sourceValue;
       } else if (isObject32(sourceValue) && isObject32(targetValue)) {
-        merged[key] = deepMerge(targetValue, sourceValue);
+        merged[key] = deepMerge2(targetValue, sourceValue);
       } else {
         merged[key] = sourceValue;
       }
@@ -56738,35 +56809,37 @@ function deepMerge(target, source) {
 function isObject32(item) {
   return Boolean(item && typeof item === "object" && !Array.isArray(item));
 }
-async function loadConfig({ name, cwd, defaultConfig }) {
-  const configPath = resolve(cwd || process2.cwd(), `${name}.config`);
+async function loadConfig2({ name, cwd, defaultConfig: defaultConfig2 }) {
+  const configPath = resolve3(cwd || process22.cwd(), `${name}.config`);
   try {
     const importedConfig = await import(configPath);
     const loadedConfig = importedConfig.default || importedConfig;
-    return deepMerge(defaultConfig, loadedConfig);
+    return deepMerge2(defaultConfig2, loadedConfig);
   } catch (error) {
-    return defaultConfig;
-  }
-}
-var config42 = await loadConfig({
+    return defaultConfig2;
+  }
+}
+var defaultConfig2 = {
+  altNameIPs: ["127.0.0.1"],
+  altNameURIs: ["localhost"],
+  organizationName: "Local Development",
+  countryName: "US",
+  stateName: "California",
+  localityName: "Playa Vista",
+  commonName: "stacks.localhost",
+  validityDays: 825,
+  hostCertCN: "stacks.localhost",
+  domain: "stacks.localhost",
+  rootCA: { certificate: "", privateKey: "" },
+  basePath: "",
+  caCertPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.ca.crt`),
+  certPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.crt`),
+  keyPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.crt.key`),
+  verbose: false
+};
+var config42 = await loadConfig2({
   name: "tls",
-  defaultConfig: {
-    altNameIPs: ["127.0.0.1"],
-    altNameURIs: ["localhost"],
-    organizationName: "Local Development",
-    countryName: "US",
-    stateName: "California",
-    localityName: "Playa Vista",
-    commonName: "stacks.localhost",
-    validityDays: 825,
-    hostCertCN: "stacks.localhost",
-    domain: "stacks.localhost",
-    rootCAObject: { certificate: "", privateKey: "" },
-    caCertPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.ca.crt`),
-    certPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.crt`),
-    keyPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.crt.key`),
-    verbose: false
-  }
+  defaultConfig: defaultConfig2
 });
 var import_node_forge = __toESM3(require_lib2(), 1);
 function makeNumberPositive(hexString) {
@@ -56900,12 +56973,12 @@ async function createRootCA(options22 = {}) {
 async function generateCertificate(options22) {
   debugLog("cert", "Generating new certificate", options22.verbose);
   debugLog("cert", `Options: ${JSON.stringify(options22)}`, options22.verbose);
-  if (!options22.rootCAObject?.certificate || !options22.rootCAObject?.privateKey) {
+  if (!options22.rootCA?.certificate || !options22.rootCA?.privateKey) {
     throw new Error("Root CA certificate and private key are required");
   }
-  const caCert = import_node_forge2.pki.certificateFromPem(options22.rootCAObject.certificate);
-  const caKey = import_node_forge2.pki.privateKeyFromPem(options22.rootCAObject.privateKey);
-  debugLog("cert", "Generating 2048-bit RSA key pair for host certificate", options22?.verbose);
+  const caCert = import_node_forge2.pki.certificateFromPem(options22.rootCA.certificate);
+  const caKey = import_node_forge2.pki.privateKeyFromPem(options22.rootCA.privateKey);
+  debugLog("cert", "Generating 2048-bit RSA key pair for host certificate", options22.verbose);
   const keySize = 2048;
   const { privateKey, publicKey } = import_node_forge2.pki.rsa.generateKeyPair(keySize);
   const attributes = options22.certificateAttributes || [
@@ -56978,8 +57051,8 @@ async function addCertToSystemTrustStoreAndSaveCert(cert, caCert, options22) {
 }
 function storeCertificate(cert, options22) {
   debugLog("storage", `Storing certificate and private key with options: ${JSON.stringify(options22)}`, options22?.verbose);
-  const certPath = options22?.certPath || config42.certPath;
-  const certKeyPath = options22?.keyPath || config42.keyPath;
+  const certPath = path3.join(options22?.basePath || config42.basePath, options22?.certPath || config42.certPath);
+  const certKeyPath = path3.join(options22?.basePath || config42.basePath, options22?.keyPath || config42.keyPath);
   debugLog("storage", `Certificate path: ${certPath}`, options22?.verbose);
   debugLog("storage", `Private key path: ${certKeyPath}`, options22?.verbose);
   const certDir = path3.dirname(certPath);
@@ -57001,7 +57074,7 @@ function storeCertificate(cert, options22) {
 }
 function storeCACertificate(caCert, options22) {
   debugLog("storage", "Storing CA certificate", options22?.verbose);
-  const caCertPath = options22?.caCertPath || config42.caCertPath;
+  const caCertPath = path3.join(options22?.basePath || config42.basePath, options22?.caCertPath || config42.caCertPath);
   debugLog("storage", `CA certificate path: ${caCertPath}`, options22?.verbose);
   const caCertDir = path3.dirname(caCertPath);
   if (!fs2.existsSync(caCertDir)) {
@@ -57017,172 +57090,155 @@ var export_tls = import_node_forge2.tls;
 var export_pki = import_node_forge2.pki;
 var export_forge = import_node_forge2.default;
 
-// src/config.ts
-import os3 from "os";
-import path4 from "path";
-
-// node_modules/bun-config/dist/index.js
-import { resolve as resolve3 } from "path";
-import process3 from "process";
-function deepMerge2(target, source) {
-  if (Array.isArray(source) && !Array.isArray(target)) {
-    return source;
-  }
-  if (Array.isArray(source) && Array.isArray(target)) {
-    return source.map((sourceItem, index) => {
-      const targetItem = target[index];
-      if (isObject5(sourceItem) && isObject5(targetItem)) {
-        return deepMerge2(targetItem, sourceItem);
-      }
-      return sourceItem;
-    });
-  }
-  if (!isObject5(source) || !isObject5(target)) {
-    return source;
-  }
-  const merged = { ...target };
-  for (const key in source) {
-    if (Object.prototype.hasOwnProperty.call(source, key)) {
-      const sourceValue = source[key];
-      const targetValue = merged[key];
-      if (sourceValue === null || sourceValue === undefined) {
-        merged[key] = sourceValue;
-      } else if (isObject5(sourceValue) && isObject5(targetValue)) {
-        merged[key] = deepMerge2(targetValue, sourceValue);
-      } else {
-        merged[key] = sourceValue;
-      }
-    }
-  }
-  return merged;
+// src/https.ts
+var cachedSSLConfig = null;
+function isMultiProxyConfig(options3) {
+  return "proxies" in options3 && Array.isArray(options3.proxies);
 }
-function isObject5(item) {
-  return Boolean(item && typeof item === "object" && !Array.isArray(item));
+function isMultiProxyOptions(options3) {
+  return "proxies" in options3 && Array.isArray(options3.proxies);
 }
-async function loadConfig2({ name, cwd, defaultConfig }) {
-  const configPath = resolve3(cwd || process3.cwd(), `${name}.config`);
-  try {
-    const importedConfig = await import(configPath);
-    const loadedConfig = importedConfig.default || importedConfig;
-    return deepMerge2(defaultConfig, loadedConfig);
-  } catch (error) {
-    return defaultConfig;
-  }
+function isSingleProxyOptions(options3) {
+  return "to" in options3 && typeof options3.to === "string";
 }
-
-// src/config.ts
-var config6 = await loadConfig2({
-  name: "reverse-proxy",
-  defaultConfig: {
-    from: "localhost:5173",
-    to: "stacks.localhost",
-    https: {
-      caCertPath: path4.join(os3.homedir(), ".stacks", "ssl", `stacks.localhost.ca.crt`),
-      certPath: path4.join(os3.homedir(), ".stacks", "ssl", `stacks.localhost.crt`),
-      keyPath: path4.join(os3.homedir(), ".stacks", "ssl", `stacks.localhost.crt.key`)
-    },
-    etcHostsCleanup: true,
-    verbose: false
+function resolveSSLPaths(options3, defaultConfig3) {
+  const domain = isMultiProxyConfig(options3) ? options3.proxies[0].to || "stacks.localhost" : options3.to || "stacks.localhost";
+  if (typeof options3.https === "object" && typeof defaultConfig3.https === "object") {
+    const hasAllPaths = options3.https.caCertPath && options3.https.certPath && options3.https.keyPath;
+    if (hasAllPaths) {
+      const baseConfig = httpsConfig({
+        ...options3,
+        to: domain,
+        https: defaultConfig3.https
+      });
+      const altNameIPs = options3.https.altNameIPs?.filter((ip) => ip !== undefined) || baseConfig.altNameIPs;
+      const altNameURIs = options3.https.altNameURIs?.filter((uri) => uri !== undefined) || baseConfig.altNameURIs;
+      return {
+        ...baseConfig,
+        caCertPath: options3.https.caCertPath || baseConfig.caCertPath,
+        certPath: options3.https.certPath || baseConfig.certPath,
+        keyPath: options3.https.keyPath || baseConfig.keyPath,
+        basePath: options3.https.basePath || baseConfig.basePath,
+        commonName: options3.https.commonName || baseConfig.commonName,
+        organizationName: options3.https.organizationName || baseConfig.organizationName,
+        countryName: options3.https.countryName || baseConfig.countryName,
+        stateName: options3.https.stateName || baseConfig.stateName,
+        localityName: options3.https.localityName || baseConfig.localityName,
+        validityDays: options3.https.validityDays || baseConfig.validityDays,
+        altNameIPs,
+        altNameURIs,
+        verbose: options3.verbose || baseConfig.verbose
+      };
+    }
   }
-});
-
-// src/https.ts
-var cachedSSLConfig = null;
-function isMultiProxyConfig(options3) {
-  return "proxies" in options3;
+  return httpsConfig({
+    ...options3,
+    to: domain
+  });
 }
 function generateWildcardPatterns(domain) {
   const patterns = new Set;
   patterns.add(domain);
   const parts = domain.split(".");
-  if (parts.length >= 2) {
+  if (parts.length >= 2)
     patterns.add(`*.${parts.slice(1).join(".")}`);
-  }
   return Array.from(patterns);
 }
-function generateBaseConfig(options3, verbose) {
-  const domains = extractDomains(options3);
-  const sslBase = path6.join(os5.homedir(), ".stacks", "ssl");
-  const httpsConfig = options3.https === true ? {
-    caCertPath: path6.join(sslBase, "rpx-ca.crt"),
-    certPath: path6.join(sslBase, "rpx.crt"),
-    keyPath: path6.join(sslBase, "rpx.key")
-  } : typeof config6.https === "object" ? {
-    ...options3.https,
-    ...config6.https
-  } : {};
-  debugLog2("ssl", `Extracted domains: ${domains.join(", ")}`, verbose);
-  debugLog2("ssl", `Using SSL base path: ${sslBase}`, verbose);
-  debugLog2("ssl", `Using HTTPS config: ${JSON.stringify(httpsConfig)}`, verbose);
-  const allPatterns = new Set;
-  domains.forEach((domain) => {
-    allPatterns.add(domain);
-    generateWildcardPatterns(domain).forEach((pattern) => allPatterns.add(pattern));
-  });
-  allPatterns.add("localhost");
-  allPatterns.add("*.localhost");
-  const uniqueDomains = Array.from(allPatterns);
-  debugLog2("ssl", `Generated domain patterns: ${uniqueDomains.join(", ")}`, verbose);
+function getPrimaryDomain(options3) {
+  if (!options3)
+    return "stacks.localhost";
+  if (isMultiProxyOptions(options3) && options3.proxies.length > 0)
+    return options3.proxies[0].to || "stacks.localhost";
+  if (isSingleProxyOptions(options3))
+    return options3.to || "stacks.localhost";
+  return "stacks.localhost";
+}
+function generateSSLPaths(options3) {
+  const domain = getPrimaryDomain(options3);
+  let basePath = "";
+  if (typeof options3?.https === "object") {
+    basePath = options3.https.basePath || "";
+    return {
+      caCertPath: options3.https.caCertPath || join4(basePath, `${domain}.ca.crt`),
+      certPath: options3.https.certPath || join4(basePath, `${domain}.crt`),
+      keyPath: options3.https.keyPath || join4(basePath, `${domain}.key`)
+    };
+  }
+  const sslBase = basePath || join4(homedir2(), ".stacks", "ssl");
+  const sanitizedDomain = domain.replace(/\*/g, "wildcard");
   return {
-    domain: domains[0],
-    hostCertCN: domains[0],
-    caCertPath: httpsConfig?.caCertPath ?? path6.join(sslBase, "rpx-ca.crt"),
-    certPath: httpsConfig?.certPath ?? path6.join(sslBase, "rpx.crt"),
-    keyPath: httpsConfig?.keyPath ?? path6.join(sslBase, "rpx.key"),
-    altNameIPs: httpsConfig?.altNameIPs ?? ["127.0.0.1", "::1"],
-    altNameURIs: httpsConfig?.altNameURIs ?? [],
-    commonName: httpsConfig?.commonName ?? domains[0],
-    organizationName: httpsConfig?.organizationName ?? "Local Development",
-    countryName: httpsConfig?.countryName ?? "US",
-    stateName: httpsConfig?.stateName ?? "California",
-    localityName: httpsConfig?.localityName ?? "Playa Vista",
-    validityDays: httpsConfig?.validityDays ?? 825,
-    verbose: verbose ?? false,
-    subjectAltNames: uniqueDomains.map((domain) => ({
-      type: 2,
-      value: domain
-    }))
+    caCertPath: join4(sslBase, `${sanitizedDomain}.ca.crt`),
+    certPath: join4(sslBase, `${sanitizedDomain}.crt`),
+    keyPath: join4(sslBase, `${sanitizedDomain}.key`)
   };
 }
-function generateRootCAConfig(verbose = false) {
-  const sslBase = path6.join(os5.homedir(), ".stacks", "ssl");
-  return {
-    domain: "stacks.localhost",
-    hostCertCN: "stacks.localhost",
-    caCertPath: path6.join(sslBase, "rpx-root-ca.crt"),
-    certPath: path6.join(sslBase, "rpx-certificate.crt"),
-    keyPath: path6.join(sslBase, "rpx-certificate.key"),
-    altNameIPs: ["127.0.0.1", "::1"],
-    altNameURIs: [],
-    organizationName: "Stacks Local Development",
-    countryName: "US",
-    stateName: "California",
-    localityName: "Playa Vista",
-    commonName: "stacks.localhost",
-    validityDays: 3650,
-    verbose
-  };
+function getAllDomains(options3) {
+  const domains = new Set;
+  if (isMultiProxyOptions(options3)) {
+    options3.proxies.forEach((proxy) => {
+      const domain = proxy.to || "stacks.localhost";
+      generateWildcardPatterns(domain).forEach((pattern) => domains.add(pattern));
+    });
+  } else if (isSingleProxyOptions(options3)) {
+    const domain = options3.to || "stacks.localhost";
+    generateWildcardPatterns(domain).forEach((pattern) => domains.add(pattern));
+  } else {
+    domains.add("stacks.localhost");
+  }
+  domains.add("localhost");
+  domains.add("*.localhost");
+  return domains;
 }
-function httpsConfig(options3) {
-  return generateBaseConfig(options3, options3.verbose);
+async function loadSSLConfig(options3) {
+  debugLog2("ssl", `Loading SSL configuration`, options3.verbose);
+  const mergedOptions = {
+    ...config4,
+    ...options3
+  };
+  options3.https = httpsConfig(mergedOptions);
+  if (!options3.https?.keyPath && !options3.https?.certPath) {
+    debugLog2("ssl", "No SSL configuration provided", options3.verbose);
+    return null;
+  }
+  if (options3.https?.keyPath && !options3.https?.certPath || !options3.https?.keyPath && options3.https?.certPath) {
+    const missing = !options3.https?.keyPath ? "keyPath" : "certPath";
+    debugLog2("ssl", `Invalid SSL configuration - missing ${missing}`, options3.verbose);
+    throw new Error(`SSL Configuration requires both keyPath and certPath. Missing: ${missing}`);
+  }
+  try {
+    if (!options3.https?.keyPath || !options3.https?.certPath)
+      return null;
+    try {
+      debugLog2("ssl", "Reading SSL certificate files", options3.verbose);
+      const key = await fs3.readFile(options3.https?.keyPath, "utf8");
+      const cert = await fs3.readFile(options3.https?.certPath, "utf8");
+      debugLog2("ssl", "SSL configuration loaded successfully", options3.verbose);
+      return { key, cert };
+    } catch (error) {
+      debugLog2("ssl", `Failed to read certificates: ${error}`, options3.verbose);
+      return null;
+    }
+  } catch (err3) {
+    debugLog2("ssl", `SSL configuration error: ${err3}`, options3.verbose);
+    throw err3;
+  }
 }
 async function generateCertificate2(options3) {
   if (cachedSSLConfig) {
-    const verbose2 = isMultiProxyConfig(options3) ? options3.verbose : options3.verbose;
-    debugLog2("ssl", "Using cached SSL configuration", verbose2);
+    debugLog2("ssl", "Using cached SSL configuration", options3.verbose);
     return;
   }
-  const domains = isMultiProxyConfig(options3) ? [options3.proxies[0].to, ...options3.proxies.map((proxy) => proxy.to)] : [options3.to];
-  const verbose = isMultiProxyConfig(options3) ? options3.verbose : options3.verbose;
-  debugLog2("ssl", `Generating certificate for domains: ${domains.join(", ")}`, verbose);
-  const rootCAConfig = generateRootCAConfig(verbose);
+  const domains = isMultiProxyOptions(options3) ? options3.proxies.map((proxy) => proxy.to) : [options3.to];
+  debugLog2("ssl", `Generating certificate for domains: ${domains.join(", ")}`, options3.verbose);
+  const rootCAConfig = httpsConfig(options3, options3.verbose);
   log.info("Generating Root CA certificate...");
   const caCert = await createRootCA(rootCAConfig);
-  const hostConfig = generateBaseConfig(options3, verbose);
+  const hostConfig = httpsConfig(options3, options3.verbose);
+  console.log("hostConfig", hostConfig);
   log.info(`Generating host certificate for: ${domains.join(", ")}`);
   const hostCert = await generateCertificate({
     ...hostConfig,
-    rootCAObject: {
+    rootCA: {
       certificate: caCert.certificate,
       privateKey: caCert.privateKey
     }
@@ -57194,11 +57250,86 @@ async function generateCertificate2(options3) {
     ca: caCert.certificate
   };
   log.success(`Certificate generated successfully for ${domains.length} domain${domains.length > 1 ? "s" : ""}`);
-  debugLog2("ssl", `Certificate includes domains: ${domains.join(", ")}`, verbose);
+  debugLog2("ssl", `Certificate includes domains: ${domains.join(", ")}`, options3.verbose);
 }
 function getSSLConfig() {
   return cachedSSLConfig;
 }
+async function checkExistingCertificates(options3) {
+  const name = getPrimaryDomain(options3);
+  const paths = generateSSLPaths(options3);
+  try {
+    debugLog2("ssl", `Checking certificates for ${name} at paths:`, options3?.verbose);
+    debugLog2("ssl", `CA: ${paths.caCertPath}`, options3?.verbose);
+    debugLog2("ssl", `Cert: ${paths.certPath}`, options3?.verbose);
+    debugLog2("ssl", `Key: ${paths.keyPath}`, options3?.verbose);
+    const key = await fs3.readFile(paths.keyPath, "utf8");
+    const cert = await fs3.readFile(paths.certPath, "utf8");
+    let ca;
+    if (paths.caCertPath) {
+      try {
+        ca = await fs3.readFile(paths.caCertPath, "utf8");
+      } catch (err3) {
+        debugLog2("ssl", `Failed to read CA cert: ${err3}`, options3?.verbose);
+      }
+    }
+    return { key, cert, ca };
+  } catch (err3) {
+    debugLog2("ssl", `Failed to read certificates: ${err3}`, options3?.verbose);
+    return null;
+  }
+}
+function httpsConfig(options3, verbose) {
+  const primaryDomain = getPrimaryDomain(options3);
+  debugLog2("ssl", `Primary domain: ${primaryDomain}`, verbose);
+  const defaultPaths = generateSSLPaths(options3);
+  if (typeof options3.https === "object") {
+    const config5 = {
+      domain: primaryDomain,
+      hostCertCN: primaryDomain,
+      basePath: options3.https.basePath || "",
+      caCertPath: options3.https.caCertPath || defaultPaths.caCertPath,
+      certPath: options3.https.certPath || defaultPaths.certPath,
+      keyPath: options3.https.keyPath || defaultPaths.keyPath,
+      altNameIPs: ["127.0.0.1", "::1"],
+      altNameURIs: [],
+      commonName: options3.https.commonName || primaryDomain,
+      organizationName: options3.https.organizationName || "Local Development",
+      countryName: options3.https.countryName || "US",
+      stateName: options3.https.stateName || "California",
+      localityName: options3.https.localityName || "Playa Vista",
+      validityDays: options3.https.validityDays || 825,
+      verbose: verbose || false,
+      subjectAltNames: Array.from(getAllDomains(options3)).map((domain) => ({
+        type: 2,
+        value: domain
+      }))
+    };
+    if (isValidRootCA(options3.https.rootCA)) {
+      config5.rootCA = options3.https.rootCA;
+    }
+    return config5;
+  }
+  return {
+    domain: primaryDomain,
+    hostCertCN: primaryDomain,
+    basePath: "",
+    ...defaultPaths,
+    altNameIPs: ["127.0.0.1", "::1"],
+    altNameURIs: [],
+    commonName: primaryDomain,
+    organizationName: "Local Development",
+    countryName: "US",
+    stateName: "California",
+    localityName: "Playa Vista",
+    validityDays: 825,
+    verbose: verbose || false,
+    subjectAltNames: Array.from(getAllDomains(options3)).map((domain) => ({
+      type: 2,
+      value: domain
+    }))
+  };
+}
 
 // src/utils.ts
 function debugLog2(category, message, verbose) {
@@ -57206,37 +57337,43 @@ function debugLog2(category, message, verbose) {
     console.debug(`[rpx:${category}] ${message}`);
   }
 }
-function extractDomains(options3) {
-  if (isMultiProxyConfig(options3)) {
+function extractHostname(options3) {
+  if (isMultiProxyOptions(options3)) {
     return options3.proxies.map((proxy) => {
-      const domain2 = proxy.to || "stacks.localhost";
-      return domain2.startsWith("http") ? new URL(domain2).hostname : domain2;
+      const domain = proxy.to || "stacks.localhost";
+      return domain.startsWith("http") ? new URL(domain).hostname : domain;
     });
   }
-  const domain = options3.to || "stacks.localhost";
-  return [domain.startsWith("http") ? new URL(domain).hostname : domain];
+  if (isSingleProxyOptions(options3)) {
+    const domain = options3.to || "stacks.localhost";
+    return [domain.startsWith("http") ? new URL(domain).hostname : domain];
+  }
+  return ["stacks.localhost"];
+}
+function isValidRootCA(value) {
+  return typeof value === "object" && value !== null && "certificate" in value && "privateKey" in value && typeof value.certificate === "string" && typeof value.privateKey === "string";
 }
 
 // src/hosts.ts
-var hostsFilePath = process9.platform === "win32" ? path7.join(process9.env.windir || "C:\\Windows", "System32", "drivers", "etc", "hosts") : "/etc/hosts";
+var hostsFilePath = process3.platform === "win32" ? path4.join(process3.env.windir || "C:\\Windows", "System32", "drivers", "etc", "hosts") : "/etc/hosts";
 async function sudoWrite(operation, content) {
   return new Promise((resolve4, reject) => {
-    if (process9.platform === "win32") {
+    if (process3.platform === "win32") {
       reject(new Error("Administrator privileges required on Windows"));
       return;
     }
-    const tmpFile = path7.join(os7.tmpdir(), "hosts.tmp");
+    const tmpFile = path4.join(os3.tmpdir(), "hosts.tmp");
     try {
       if (operation === "append") {
-        const currentContent = fs3.readFileSync(hostsFilePath, "utf8");
-        fs3.writeFileSync(tmpFile, currentContent + content, "utf8");
+        const currentContent = fs5.readFileSync(hostsFilePath, "utf8");
+        fs5.writeFileSync(tmpFile, currentContent + content, "utf8");
       } else {
-        fs3.writeFileSync(tmpFile, content, "utf8");
+        fs5.writeFileSync(tmpFile, content, "utf8");
       }
       const sudo = spawn("sudo", ["cp", tmpFile, hostsFilePath]);
       sudo.on("close", (code) => {
         try {
-          fs3.unlinkSync(tmpFile);
+          fs5.unlinkSync(tmpFile);
           if (code === 0)
             resolve4();
           else
@@ -57247,7 +57384,7 @@ async function sudoWrite(operation, content) {
       });
       sudo.on("error", (err3) => {
         try {
-          fs3.unlinkSync(tmpFile);
+          fs5.unlinkSync(tmpFile);
         } catch {
         }
         reject(err3);
@@ -57261,7 +57398,7 @@ async function addHosts(hosts, verbose) {
   debugLog2("hosts", `Adding hosts: ${hosts.join(", ")}`, verbose);
   debugLog2("hosts", `Using hosts file at: ${hostsFilePath}`, verbose);
   try {
-    const existingContent = await fs3.promises.readFile(hostsFilePath, "utf-8");
+    const existingContent = await fs5.promises.readFile(hostsFilePath, "utf-8");
     const newEntries = hosts.filter((host) => {
       const ipv4Entry = `127.0.0.1 ${host}`;
       const ipv6Entry = `::1 ${host}`;
@@ -57278,7 +57415,7 @@ async function addHosts(hosts, verbose) {
 ::1 ${host}`).join(`
 `);
     try {
-      await fs3.promises.appendFile(hostsFilePath, hostEntries, { flag: "a" });
+      await fs5.promises.appendFile(hostsFilePath, hostEntries, { flag: "a" });
       log.success(`Added new hosts: ${newEntries.join(", ")}`);
     } catch (writeErr) {
       if (writeErr.code === "EACCES") {
@@ -57291,7 +57428,7 @@ async function addHosts(hosts, verbose) {
           log.warn("Please add these entries to your hosts file manually:");
           hostEntries.split(`
 `).forEach((entry) => log.warn(entry));
-          if (process9.platform === "win32") {
+          if (process3.platform === "win32") {
             log.warn(`
 On Windows:`);
             log.warn("1. Run notepad as administrator");
@@ -57316,7 +57453,7 @@ On Unix systems:`);
 async function removeHosts(hosts, verbose) {
   debugLog2("hosts", `Removing hosts: ${hosts.join(", ")}`, verbose);
   try {
-    const content = await fs3.promises.readFile(hostsFilePath, "utf-8");
+    const content = await fs5.promises.readFile(hostsFilePath, "utf-8");
     const lines = content.split(`
 `);
     const filteredLines = lines.filter((line, index) => {
@@ -57332,7 +57469,7 @@ async function removeHosts(hosts, verbose) {
 `)}
 `;
     try {
-      await fs3.promises.writeFile(hostsFilePath, newContent);
+      await fs5.promises.writeFile(hostsFilePath, newContent);
       log.success("Hosts removed successfully");
     } catch (writeErr) {
       if (writeErr.code === "EACCES") {
@@ -57348,7 +57485,7 @@ async function removeHosts(hosts, verbose) {
             log.warn(`127.0.0.1 ${host}`);
             log.warn(`::1 ${host}`);
           });
-          if (process9.platform === "win32") {
+          if (process3.platform === "win32") {
             log.warn(`
 On Windows:`);
             log.warn("1. Run notepad as administrator");
@@ -57372,7 +57509,7 @@ On Unix systems:`);
 }
 async function checkHosts(hosts, verbose) {
   debugLog2("hosts", `Checking hosts: ${hosts}`, verbose);
-  const content = await fs3.promises.readFile(hostsFilePath, "utf-8");
+  const content = await fs5.promises.readFile(hostsFilePath, "utf-8");
   return hosts.map((host) => {
     const ipv4Entry = `127.0.0.1 ${host}`;
     const ipv6Entry = `::1 ${host}`;
@@ -57412,53 +57549,20 @@ async function cleanup(options3) {
     await Promise.all(cleanupPromises);
     debugLog2("cleanup", "All cleanup tasks completed successfully", options3?.verbose);
     log.success("All cleanup tasks completed successfully");
-    process20.exit(0);
+    process9.exit(0);
   } catch (err3) {
     debugLog2("cleanup", `Error during cleanup: ${err3}`, options3?.verbose);
     log.error("Error during cleanup:", err3);
-    process20.exit(1);
+    process9.exit(1);
   }
 }
-process20.on("SIGINT", cleanup);
-process20.on("SIGTERM", cleanup);
-process20.on("uncaughtException", (err3) => {
+process9.on("SIGINT", cleanup);
+process9.on("SIGTERM", cleanup);
+process9.on("uncaughtException", (err3) => {
   debugLog2("process", `Uncaught exception: ${err3}`, true);
   log.error("Uncaught exception:", err3);
   cleanup();
 });
-async function loadSSLConfig(options3) {
-  debugLog2("ssl", `Loading SSL configuration`, options3.verbose);
-  if (options3.https === true)
-    options3.https = httpsConfig(options3);
-  else if (options3.https === false)
-    return null;
-  if (!options3.https?.keyPath && !options3.https?.certPath) {
-    debugLog2("ssl", "No SSL configuration provided", options3.verbose);
-    return null;
-  }
-  if (options3.https?.keyPath && !options3.https?.certPath || !options3.https?.keyPath && options3.https?.certPath) {
-    const missing = !options3.https?.keyPath ? "keyPath" : "certPath";
-    debugLog2("ssl", `Invalid SSL configuration - missing ${missing}`, options3.verbose);
-    throw new Error(`SSL Configuration requires both keyPath and certPath. Missing: ${missing}`);
-  }
-  try {
-    if (!options3.https?.keyPath || !options3.https?.certPath)
-      return null;
-    try {
-      debugLog2("ssl", "Reading SSL certificate files", options3.verbose);
-      const key = await fs5.promises.readFile(options3.https?.keyPath, "utf8");
-      const cert = await fs5.promises.readFile(options3.https?.certPath, "utf8");
-      debugLog2("ssl", "SSL configuration loaded successfully", options3.verbose);
-      return { key, cert };
-    } catch (error) {
-      debugLog2("ssl", `Failed to read certificates: ${error}`, options3.verbose);
-      return null;
-    }
-  } catch (err3) {
-    debugLog2("ssl", `SSL configuration error: ${err3}`, options3.verbose);
-    throw err3;
-  }
-}
 function isPortInUse(port, hostname, verbose) {
   debugLog2("port", `Checking if port ${port} is in use on ${hostname}`, verbose);
   return new Promise((resolve4) => {
@@ -57514,8 +57618,8 @@ async function testConnection(hostname, port, verbose) {
 }
 async function startServer(options3) {
   debugLog2("server", `Starting server with options: ${JSON.stringify(options3)}`, options3.verbose);
-  const fromUrl = new URL(options3.from.startsWith("http") ? options3.from : `http://${options3.from}`);
-  const toUrl = new URL(options3.to.startsWith("http") ? options3.to : `http://${options3.to}`);
+  const fromUrl = new URL((options3.from?.startsWith("http") ? options3.from : `http://${options3.from}`) || "localhost:5173");
+  const toUrl = new URL((options3.to?.startsWith("http") ? options3.to : `http://${options3.to}`) || "stacks.localhost");
   const fromPort = Number.parseInt(fromUrl.port) || (fromUrl.protocol.includes("https:") ? 443 : 80);
   const hostsToCheck = [toUrl.hostname];
   if (!toUrl.hostname.includes("localhost") && !toUrl.hostname.includes("127.0.0.1")) {
@@ -57532,7 +57636,7 @@ async function startServer(options3) {
           log.warn("You can manually add this entry to your hosts file:");
           log.warn(`127.0.0.1 ${toUrl.hostname}`);
           log.warn(`::1 ${toUrl.hostname}`);
-          if (process20.platform === "win32") {
+          if (process9.platform === "win32") {
             log.warn("On Windows:");
             log.warn("1. Run notepad as administrator");
             log.warn("2. Open C:\\Windows\\System32\\drivers\\etc\\hosts");
@@ -57553,7 +57657,7 @@ async function startServer(options3) {
   } catch (err3) {
     debugLog2("server", `Connection test failed: ${err3}`, options3.verbose);
     log.error(err3.message);
-    process20.exit(1);
+    process9.exit(1);
   }
   let sslConfig = options3._cachedSSLConfig || null;
   if (options3.https) {
@@ -57599,7 +57703,7 @@ async function startServer(options3) {
   debugLog2("server", `Setting up reverse proxy with SSL config for ${toUrl.hostname}`, options3.verbose);
   await setupReverseProxy({
     ...options3,
-    from: options3.from,
+    from: options3.from || "localhost:5173",
     to: toUrl.hostname,
     fromPort,
     sourceUrl: {
@@ -57754,51 +57858,77 @@ function startHttpRedirectServer(verbose) {
   debugLog2("redirect", "HTTP redirect server started", verbose);
 }
 function startProxy(options3) {
-  debugLog2("proxy", `Starting proxy with options: ${JSON.stringify(options3)}`, options3?.verbose);
+  const mergedOptions = {
+    ...config4,
+    ...options3
+  };
+  debugLog2("proxy", `Starting proxy with options: ${JSON.stringify(mergedOptions)}`, mergedOptions?.verbose);
   const serverOptions = {
-    from: options3?.from || "localhost:5173",
-    to: options3?.to || "stacks.localhost",
-    https: httpsConfig(options3),
-    etcHostsCleanup: options3?.etcHostsCleanup || false,
-    verbose: options3?.verbose || false
+    from: mergedOptions.from,
+    to: mergedOptions.to,
+    https: httpsConfig(mergedOptions),
+    etcHostsCleanup: mergedOptions.etcHostsCleanup,
+    verbose: mergedOptions.verbose
   };
   console.log("serverOptions", serverOptions);
   startServer(serverOptions).catch((err3) => {
-    debugLog2("proxy", `Failed to start proxy: ${err3}`, options3.verbose);
+    debugLog2("proxy", `Failed to start proxy: ${err3}`, mergedOptions.verbose);
     log.error(`Failed to start proxy: ${err3.message}`);
     cleanup({
-      domains: [options3.to],
-      etcHostsCleanup: options3.etcHostsCleanup,
-      verbose: options3.verbose
+      domains: [mergedOptions.to],
+      etcHostsCleanup: mergedOptions.etcHostsCleanup,
+      verbose: mergedOptions.verbose
     });
   });
 }
 async function startProxies(options3) {
-  if (!options3)
-    return;
-  debugLog2("proxies", "Starting proxies setup", isMultiProxyConfig2(options3) ? options3.verbose : options3.verbose);
-  if (options3.https) {
-    await generateCertificate2(options3);
+  debugLog2("proxies", "Starting proxy setup", options3?.verbose);
+  const mergedOptions = {
+    ...config4,
+    ...options3
+  };
+  const primaryDomain = isMultiProxyConfig(mergedOptions) ? mergedOptions.proxies[0].to || "stacks.localhost" : mergedOptions.to || "stacks.localhost";
+  if (mergedOptions.https) {
+    const existingSSLConfig = await checkExistingCertificates(mergedOptions);
+    if (existingSSLConfig) {
+      debugLog2("ssl", `Using existing certificates for ${primaryDomain}`, mergedOptions.verbose);
+      mergedOptions._cachedSSLConfig = existingSSLConfig;
+    } else {
+      debugLog2("ssl", `No valid certificates found for ${primaryDomain}, generating new ones`, mergedOptions.verbose);
+      await generateCertificate2(mergedOptions);
+      const sslConfig2 = await checkExistingCertificates(mergedOptions);
+      if (!sslConfig2) {
+        throw new Error(`Failed to load SSL certificates after generation for ${primaryDomain}. Please check file permissions and paths.`);
+      }
+      mergedOptions._cachedSSLConfig = sslConfig2;
+    }
   }
-  const proxyOptions = isMultiProxyConfig2(options3) ? options3.proxies.map((proxy) => ({
+  const proxyOptions = isMultiProxyConfig(mergedOptions) ? mergedOptions.proxies.map((proxy) => ({
     ...proxy,
-    https: options3.https,
-    etcHostsCleanup: options3.etcHostsCleanup,
-    verbose: options3.verbose,
-    _cachedSSLConfig: options3._cachedSSLConfig
-  })) : [options3];
-  const domains = extractDomains(options3);
-  const sslConfig = options3.https ? getSSLConfig() : null;
+    https: mergedOptions.https,
+    etcHostsCleanup: mergedOptions.etcHostsCleanup,
+    verbose: mergedOptions.verbose,
+    _cachedSSLConfig: mergedOptions._cachedSSLConfig
+  })) : [{
+    from: mergedOptions.from || "localhost:5173",
+    to: mergedOptions.to || "stacks.localhost",
+    https: mergedOptions.https,
+    etcHostsCleanup: mergedOptions.etcHostsCleanup,
+    verbose: mergedOptions.verbose,
+    _cachedSSLConfig: mergedOptions._cachedSSLConfig
+  }];
+  const domains = proxyOptions.map((opt) => opt.to || "stacks.localhost");
+  const sslConfig = mergedOptions._cachedSSLConfig;
   const cleanupHandler = () => cleanup({
     domains,
-    etcHostsCleanup: isMultiProxyConfig2(options3) ? options3.etcHostsCleanup : options3.etcHostsCleanup || false,
-    verbose: isMultiProxyConfig2(options3) ? options3.verbose : options3.verbose || false
+    etcHostsCleanup: mergedOptions.etcHostsCleanup || false,
+    verbose: mergedOptions.verbose || false
   });
-  process20.on("SIGINT", cleanupHandler);
-  process20.on("SIGTERM", cleanupHandler);
-  process20.on("uncaughtException", (err3) => {
+  process9.on("SIGINT", cleanupHandler);
+  process9.on("SIGTERM", cleanupHandler);
+  process9.on("uncaughtException", (err3) => {
     debugLog2("process", `Uncaught exception: ${err3}`, true);
-    log.error("Uncaught exception:", err3);
+    console.error("Uncaught exception:", err3);
     cleanupHandler();
   });
   for (const option of proxyOptions) {
@@ -57815,14 +57945,11 @@ async function startProxies(options3) {
       });
     } catch (err3) {
       debugLog2("proxies", `Failed to start proxy for ${option.to}: ${err3}`, option.verbose);
-      log.error(`Failed to start proxy for ${option.to}:`, err3);
+      console.error(`Failed to start proxy for ${option.to}:`, err3);
       cleanupHandler();
     }
   }
 }
-function isMultiProxyConfig2(options3) {
-  return "proxies" in options3;
-}
 
 // src/index.ts
 var src_default = startProxies;
@@ -57832,17 +57959,27 @@ export {
   startProxies,
   startHttpRedirectServer,
   setupReverseProxy,
+  resolveSSLPaths,
   removeHosts,
+  loadSSLConfig,
+  isValidRootCA,
+  isSingleProxyOptions,
+  isMultiProxyOptions,
   isMultiProxyConfig,
   httpsConfig,
   hostsFilePath,
   getSSLConfig,
+  getPrimaryDomain,
+  getAllDomains,
+  generateWildcardPatterns,
+  generateSSLPaths,
   generateCertificate2 as generateCertificate,
-  extractDomains,
+  extractHostname,
   src_default as default,
   debugLog2 as debugLog,
-  config6 as config,
+  config4 as config,
   cleanup,
   checkHosts,
+  checkExistingCertificates,
   addHosts
 };