@stacksjs/rpx 0.4.1 → 0.5.1

package/dist/index.js

@@ -17,11 +17,10 @@ var __toESM = (mod, isNodeMode, target) => {
 };
 
 // src/start.ts
-import * as fs5 from "fs";
 import * as http from "http";
 import * as https from "https";
 import * as net from "net";
-import process20 from "process";
+import process9 from "process";
 
 // node_modules/@stacksjs/cli/dist/index.js
 import { formatWithOptions } from "util";
@@ -20468,18 +20467,255 @@ var quotes = collect([
 ]);
 var export_prompts = import_prompts.default;
 // package.json
-var version = "0.4.1";
+var version = "0.5.1";
+
+// src/config.ts
+import { homedir } from "os";
+import { join as join2 } from "path";
+
+// node_modules/bun-config/dist/index.js
+import { resolve } from "path";
+import process2 from "process";
+function deepMerge(target, source) {
+  if (Array.isArray(source) && !Array.isArray(target)) {
+    return source;
+  }
+  if (Array.isArray(source) && Array.isArray(target)) {
+    return source.map((sourceItem, index) => {
+      const targetItem = target[index];
+      if (isObject3(sourceItem) && isObject3(targetItem)) {
+        return deepMerge(targetItem, sourceItem);
+      }
+      return sourceItem;
+    });
+  }
+  if (!isObject3(source) || !isObject3(target)) {
+    return source;
+  }
+  const merged = { ...target };
+  for (const key in source) {
+    if (Object.prototype.hasOwnProperty.call(source, key)) {
+      const sourceValue = source[key];
+      const targetValue = merged[key];
+      if (sourceValue === null || sourceValue === undefined) {
+        merged[key] = sourceValue;
+      } else if (isObject3(sourceValue) && isObject3(targetValue)) {
+        merged[key] = deepMerge(targetValue, sourceValue);
+      } else {
+        merged[key] = sourceValue;
+      }
+    }
+  }
+  return merged;
+}
+function isObject3(item) {
+  return Boolean(item && typeof item === "object" && !Array.isArray(item));
+}
+async function loadConfig({ name, cwd, defaultConfig }) {
+  const configPath = resolve(cwd || process2.cwd(), `${name}.config`);
+  try {
+    const importedConfig = await import(configPath);
+    const loadedConfig = importedConfig.default || importedConfig;
+    return deepMerge(defaultConfig, loadedConfig);
+  } catch (error) {
+    return defaultConfig;
+  }
+}
+
+// src/config.ts
+var defaultConfig = {
+  from: "localhost:5173",
+  to: "stacks.localhost",
+  https: {
+    basePath: "",
+    caCertPath: join2(homedir(), ".stacks", "ssl", `stacks.localhost.ca.crt`),
+    certPath: join2(homedir(), ".stacks", "ssl", `stacks.localhost.crt`),
+    keyPath: join2(homedir(), ".stacks", "ssl", `stacks.localhost.crt.key`)
+  },
+  etcHostsCleanup: true,
+  verbose: true
+};
+var config4 = await loadConfig({
+  name: "reverse-proxy",
+  defaultConfig
+});
 
 // src/hosts.ts
-import { spawn } from "child_process";
-import fs3 from "fs";
-import os7 from "os";
-import path7 from "path";
-import process9 from "process";
+import { exec } from "child_process";
+import fs from "fs";
+import os2 from "os";
+import path from "path";
+import process3 from "process";
+import { promisify } from "util";
+
+// src/utils.ts
+function debugLog(category, message, verbose) {
+  if (verbose) {
+    console.debug(`[rpx:${category}] ${message}`);
+  }
+}
+function extractHostname(options2) {
+  if (isMultiProxyOptions(options2)) {
+    return options2.proxies.map((proxy) => {
+      const domain = proxy.to || "stacks.localhost";
+      return domain.startsWith("http") ? new URL(domain).hostname : domain;
+    });
+  }
+  if (isSingleProxyOptions(options2)) {
+    const domain = options2.to || "stacks.localhost";
+    return [domain.startsWith("http") ? new URL(domain).hostname : domain];
+  }
+  return ["stacks.localhost"];
+}
+function isValidRootCA(value) {
+  return typeof value === "object" && value !== null && "certificate" in value && "privateKey" in value && typeof value.certificate === "string" && typeof value.privateKey === "string";
+}
+function getPrimaryDomain(options2) {
+  if (!options2)
+    return "stacks.localhost";
+  if (isMultiProxyOptions(options2) && options2.proxies.length > 0)
+    return options2.proxies[0].to || "stacks.localhost";
+  if (isSingleProxyOptions(options2))
+    return options2.to || "stacks.localhost";
+  return "stacks.localhost";
+}
+function isMultiProxyConfig(options2) {
+  return "proxies" in options2 && Array.isArray(options2.proxies);
+}
+function isMultiProxyOptions(options2) {
+  return "proxies" in options2 && Array.isArray(options2.proxies);
+}
+function isSingleProxyOptions(options2) {
+  return "to" in options2 && typeof options2.to === "string";
+}
+
+// src/hosts.ts
+var execAsync = promisify(exec);
+var hostsFilePath = process3.platform === "win32" ? path.join(process3.env.windir || "C:\\Windows", "System32", "drivers", "etc", "hosts") : "/etc/hosts";
+async function execSudo(command) {
+  if (process3.platform === "win32")
+    throw new Error("Administrator privileges required on Windows");
+  try {
+    await execAsync(`sudo ${command}`);
+  } catch (error) {
+    throw new Error(`Failed to execute sudo command: ${error.message}`);
+  }
+}
+async function addHosts(hosts, verbose) {
+  debugLog("hosts", `Adding hosts: ${hosts.join(", ")}`, verbose);
+  debugLog("hosts", `Using hosts file at: ${hostsFilePath}`, verbose);
+  try {
+    const existingContent = await fs.promises.readFile(hostsFilePath, "utf-8");
+    const newEntries = hosts.filter((host) => {
+      const ipv4Entry = `127.0.0.1 ${host}`;
+      const ipv6Entry = `::1 ${host}`;
+      return !existingContent.includes(ipv4Entry) && !existingContent.includes(ipv6Entry);
+    });
+    if (newEntries.length === 0) {
+      debugLog("hosts", "All hosts already exist in hosts file", verbose);
+      log.info("All hosts are already in the hosts file");
+      return;
+    }
+    const hostEntries = newEntries.map((host) => `
+# Added by rpx
+127.0.0.1 ${host}
+::1 ${host}`).join(`
+`);
+    const tmpFile = path.join(os2.tmpdir(), "hosts.tmp");
+    await fs.promises.writeFile(tmpFile, existingContent + hostEntries, "utf8");
+    try {
+      await execSudo(`cp "${tmpFile}" "${hostsFilePath}"`);
+      log.success(`Added new hosts: ${newEntries.join(", ")}`);
+    } catch (error) {
+      log.error("Failed to modify hosts file automatically");
+      log.warn("Please add these entries to your hosts file manually:");
+      hostEntries.split(`
+`).forEach((entry) => log.warn(entry));
+      if (process3.platform === "win32") {
+        log.warn(`
+On Windows:`);
+        log.warn("1. Run notepad as administrator");
+        log.warn("2. Open C:\\Windows\\System32\\drivers\\etc\\hosts");
+      } else {
+        log.warn(`
+On Unix systems:`);
+        log.warn(`sudo nano ${hostsFilePath}`);
+      }
+      throw new Error("Failed to modify hosts file: manual intervention required");
+    } finally {
+      fs.unlinkSync(tmpFile);
+    }
+  } catch (err2) {
+    const error = err2;
+    log.error(`Failed to manage hosts file: ${error.message}`);
+    throw error;
+  }
+}
+async function removeHosts(hosts, verbose) {
+  debugLog("hosts", `Removing hosts: ${hosts.join(", ")}`, verbose);
+  try {
+    const content = await fs.promises.readFile(hostsFilePath, "utf-8");
+    const lines = content.split(`
+`);
+    const filteredLines = lines.filter((line, index) => {
+      if (line.trim() === "# Added by rpx") {
+        lines.splice(index + 1, 2);
+        return false;
+      }
+      return true;
+    });
+    while (filteredLines[filteredLines.length - 1]?.trim() === "")
+      filteredLines.pop();
+    const newContent = `${filteredLines.join(`
+`)}
+`;
+    const tmpFile = path.join(os2.tmpdir(), "hosts.tmp");
+    await fs.promises.writeFile(tmpFile, newContent, "utf8");
+    try {
+      await execSudo(`cp "${tmpFile}" "${hostsFilePath}"`);
+      log.success("Hosts removed successfully");
+    } catch (error) {
+      log.error("Failed to modify hosts file automatically");
+      log.warn("Please remove these entries from your hosts file manually:");
+      hosts.forEach((host) => {
+        log.warn("# Added by rpx");
+        log.warn(`127.0.0.1 ${host}`);
+        log.warn(`::1 ${host}`);
+      });
+      if (process3.platform === "win32") {
+        log.warn(`
+On Windows:`);
+        log.warn("1. Run notepad as administrator");
+        log.warn("2. Open C:\\Windows\\System32\\drivers\\etc\\hosts");
+      } else {
+        log.warn(`
+On Unix systems:`);
+        log.warn(`sudo nano ${hostsFilePath}`);
+      }
+      throw new Error("Failed to modify hosts file: manual intervention required");
+    } finally {
+      fs.unlinkSync(tmpFile);
+    }
+  } catch (err2) {
+    const error = err2;
+    log.error(`Failed to remove hosts: ${error.message}`);
+    throw error;
+  }
+}
+async function checkHosts(hosts, verbose) {
+  debugLog("hosts", `Checking hosts: ${hosts}`, verbose);
+  const content = await fs.promises.readFile(hostsFilePath, "utf-8");
+  return hosts.map((host) => {
+    const ipv4Entry = `127.0.0.1 ${host}`;
+    const ipv6Entry = `::1 ${host}`;
+    return content.includes(ipv4Entry) || content.includes(ipv6Entry);
+  });
+}
 
 // src/https.ts
-import os5 from "os";
-import path6 from "path";
+import fs5 from "fs/promises";
+import { homedir as homedir2 } from "os";
+import { join as join4 } from "path";
 
 // node_modules/@stacksjs/tlsx/dist/index.js
 import fs2 from "fs";
@@ -20503,7 +20739,7 @@ import {
   dirname as dirname3,
   extname as extname2,
   isAbsolute as isAbsolute2,
-  join as join2,
+  join as join3,
   normalize as normalize2,
   parse as parse2,
   relative as relative2,
@@ -20518,7 +20754,7 @@ import process8 from "process";
 import process102 from "process";
 import process182 from "process";
 import process112 from "process";
-import os2 from "os";
+import os3 from "os";
 import tty32 from "tty";
 import process142 from "process";
 import process132 from "process";
@@ -20527,11 +20763,11 @@ import process162 from "process";
 import process172 from "process";
 import process192 from "process";
 import os22 from "os";
-import path from "path";
-import { resolve } from "path";
-import process2 from "process";
-import fs from "fs";
 import path2 from "path";
+import { resolve as resolve3 } from "path";
+import process22 from "process";
+import fs3 from "fs";
+import path22 from "path";
 var __create3 = Object.create;
 var __getProtoOf3 = Object.getPrototypeOf;
 var __defProp3 = Object.defineProperty;
@@ -36874,11 +37110,11 @@ var __export3 = (target, all) => {
     });
 };
 var __esm2 = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
-function isObject3(value) {
+function isObject5(value) {
   return value !== null && typeof value === "object";
 }
 function _defu2(baseObject, defaults, namespace = ".", merger) {
-  if (!isObject3(defaults)) {
+  if (!isObject5(defaults)) {
     return _defu2(baseObject, {}, namespace, merger);
   }
   const object = Object.assign({}, defaults);
@@ -36895,7 +37131,7 @@ function _defu2(baseObject, defaults, namespace = ".", merger) {
     }
     if (Array.isArray(value) && Array.isArray(object[key])) {
       object[key] = [...value, ...object[key]];
-    } else if (isObject3(value) && isObject3(object[key])) {
+    } else if (isObject5(value) && isObject5(object[key])) {
       object[key] = _defu2(value, object[key], (namespace ? `${namespace}.` : "") + key.toString(), merger);
     } else {
       object[key] = value;
@@ -41302,7 +41538,7 @@ var require_prompt3 = __commonJS22((exports, module) => {
   module.exports = Prompt;
 });
 var require_text3 = __commonJS22((exports, module) => {
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -41311,7 +41547,7 @@ var require_text3 = __commonJS22((exports, module) => {
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -41319,13 +41555,13 @@ var require_text3 = __commonJS22((exports, module) => {
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -42017,7 +42253,7 @@ var require_dateparts3 = __commonJS22((exports, module) => {
   };
 });
 var require_date3 = __commonJS22((exports, module) => {
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -42026,7 +42262,7 @@ var require_date3 = __commonJS22((exports, module) => {
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -42034,13 +42270,13 @@ var require_date3 = __commonJS22((exports, module) => {
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -42242,7 +42478,7 @@ ${i ? ` ` : figures.pointerSmall} ${color.red().italic(l3)}`, ``);
   module.exports = DatePrompt;
 });
 var require_number3 = __commonJS22((exports, module) => {
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -42251,7 +42487,7 @@ var require_number3 = __commonJS22((exports, module) => {
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -42259,13 +42495,13 @@ var require_number3 = __commonJS22((exports, module) => {
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -42697,7 +42933,7 @@ Instructions:
   module.exports = MultiselectPrompt;
 });
 var require_autocomplete3 = __commonJS22((exports, module) => {
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -42706,7 +42942,7 @@ var require_autocomplete3 = __commonJS22((exports, module) => {
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -42714,13 +42950,13 @@ var require_autocomplete3 = __commonJS22((exports, module) => {
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -43369,7 +43605,7 @@ In order to be iterable, non-array objects must have a [Symbol.iterator]() metho
       arr2[i] = arr[i];
     return arr2;
   }
-  function asyncGeneratorStep(gen, resolve3, reject, _next, _throw, key, arg) {
+  function asyncGeneratorStep(gen, resolve32, reject, _next, _throw, key, arg) {
     try {
       var info = gen[key](arg);
       var value = info.value;
@@ -43378,7 +43614,7 @@ In order to be iterable, non-array objects must have a [Symbol.iterator]() metho
       return;
     }
     if (info.done) {
-      resolve3(value);
+      resolve32(value);
     } else {
       Promise.resolve(value).then(_next, _throw);
     }
@@ -43386,13 +43622,13 @@ In order to be iterable, non-array objects must have a [Symbol.iterator]() metho
   function _asyncToGenerator(fn) {
     return function() {
       var self2 = this, args = arguments;
-      return new Promise(function(resolve3, reject) {
+      return new Promise(function(resolve32, reject) {
         var gen = fn.apply(self2, args);
         function _next(value) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "next", value);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "next", value);
         }
         function _throw(err2) {
-          asyncGeneratorStep(gen, resolve3, reject, _next, _throw, "throw", err2);
+          asyncGeneratorStep(gen, resolve32, reject, _next, _throw, "throw", err2);
         }
         _next(undefined);
       });
@@ -48055,31 +48291,31 @@ var log2 = {
   },
   echo: (...args) => console.log(...args)
 };
-function userDatabasePath2(path22) {
-  return projectPath2(`database/${path22 || ""}`);
+function userDatabasePath2(path23) {
+  return projectPath2(`database/${path23 || ""}`);
 }
-function appPath2(path22) {
-  return projectPath2(`app/${path22 || ""}`);
+function appPath2(path23) {
+  return projectPath2(`app/${path23 || ""}`);
 }
-function commandsPath2(path22) {
-  return appPath2(`Commands/${path22 || ""}`);
+function commandsPath2(path23) {
+  return appPath2(`Commands/${path23 || ""}`);
 }
-function logsPath2(path22) {
-  return storagePath2(`logs/${path22 || ""}`);
+function logsPath2(path23) {
+  return storagePath2(`logs/${path23 || ""}`);
 }
 function projectPath2(filePath = "", options2) {
-  let path22 = process52.cwd();
-  while (path22.includes("storage"))
-    path22 = resolve22(path22, "..");
-  const finalPath = resolve22(path22, filePath);
+  let path23 = process52.cwd();
+  while (path23.includes("storage"))
+    path23 = resolve22(path23, "..");
+  const finalPath = resolve22(path23, filePath);
   if (options2?.relative)
     return relative2(process52.cwd(), finalPath);
   return finalPath;
 }
-function storagePath2(path22) {
-  return projectPath2(`storage/${path22 || ""}`);
+function storagePath2(path23) {
+  return projectPath2(`storage/${path23 || ""}`);
 }
-var config4 = {
+var config6 = {
   ai: {
     deploy: false,
     models: [
@@ -48656,7 +48892,7 @@ var config4 = {
     }
   }
 };
-var defaults_default2 = config4;
+var defaults_default2 = config6;
 var ai_default2 = {
   default: "meta.llama2-70b-chat-v1",
   models: [
@@ -53276,11 +53512,11 @@ var createNeverThrowError2 = (message, result, config5 = defaultErrorConfig2) =>
 };
 function __awaiter2(thisArg, _arguments, P22, generator) {
   function adopt(value) {
-    return value instanceof P22 ? value : new P22(function(resolve3) {
-      resolve3(value);
+    return value instanceof P22 ? value : new P22(function(resolve32) {
+      resolve32(value);
     });
   }
-  return new (P22 || (P22 = Promise))(function(resolve3, reject) {
+  return new (P22 || (P22 = Promise))(function(resolve32, reject) {
     function fulfilled(value) {
       try {
         step(generator.next(value));
@@ -53296,7 +53532,7 @@ function __awaiter2(thisArg, _arguments, P22, generator) {
       }
     }
     function step(result) {
-      result.done ? resolve3(result.value) : adopt(result.value).then(fulfilled, rejected);
+      result.done ? resolve32(result.value) : adopt(result.value).then(fulfilled, rejected);
     }
     step((generator = generator.apply(thisArg, _arguments || [])).next());
   });
@@ -53384,14 +53620,14 @@ function __asyncValues2(o) {
   }, i);
   function verb(n) {
     i[n] = o[n] && function(v22) {
-      return new Promise(function(resolve3, reject) {
-        v22 = o[n](v22), settle(resolve3, reject, v22.done, v22.value);
+      return new Promise(function(resolve32, reject) {
+        v22 = o[n](v22), settle(resolve32, reject, v22.done, v22.value);
       });
     };
   }
-  function settle(resolve3, reject, d, v22) {
+  function settle(resolve32, reject, d, v22) {
     Promise.resolve(v22).then(function(v3) {
-      resolve3({ value: v3, done: d });
+      resolve32({ value: v3, done: d });
     }, reject);
   }
 }
@@ -53692,7 +53928,7 @@ class Err2 {
 }
 var fromThrowable2 = Result2.fromThrowable;
 var import_prompts2 = __toESM22(require_prompts32(), 1);
-async function exec(command, options2) {
+async function exec2(command, options2) {
   const cmd = Array.isArray(command) ? command : command.match(/(?:[^\s"]|"[^"]*")+/g);
   log2.debug("exec:", Array.isArray(command) ? command.join(" ") : command, options2);
   log2.debug("cmd:", cmd);
@@ -53738,7 +53974,7 @@ async function runCommand(command, options2) {
     stdio: options2?.stdio ?? [options2?.stdin ?? "inherit", "pipe", "pipe"],
     verbose: options2?.verbose ?? false
   };
-  return await exec(command, opts);
+  return await exec2(command, opts);
 }
 var exports_esm2 = {};
 __export3(exports_esm2, {
@@ -54164,7 +54400,7 @@ function _supportsColor2(haveStream, { streamIsTTY, sniffFlags = true } = {}) {
     return min;
   }
   if (process112.platform === "win32") {
-    const osRelease = os2.release().split(".");
+    const osRelease = os3.release().split(".");
     if (Number(osRelease[0]) >= 10 && Number(osRelease[2]) >= 10586) {
       return Number(osRelease[2]) >= 14931 ? 3 : 2;
     }
@@ -56703,7 +56939,7 @@ var quotes2 = collect2([
 ]);
 var export_prompts2 = import_prompts2.default;
 var import_node_forge2 = __toESM3(require_lib2(), 1);
-function deepMerge(target, source) {
+function deepMerge2(target, source) {
   if (Array.isArray(source) && !Array.isArray(target)) {
     return source;
   }
@@ -56711,7 +56947,7 @@ function deepMerge(target, source) {
     return source.map((sourceItem, index) => {
       const targetItem = target[index];
       if (isObject32(sourceItem) && isObject32(targetItem)) {
-        return deepMerge(targetItem, sourceItem);
+        return deepMerge2(targetItem, sourceItem);
       }
       return sourceItem;
     });
@@ -56727,7 +56963,7 @@ function deepMerge(target, source) {
       if (sourceValue === null || sourceValue === undefined) {
         merged[key] = sourceValue;
       } else if (isObject32(sourceValue) && isObject32(targetValue)) {
-        merged[key] = deepMerge(targetValue, sourceValue);
+        merged[key] = deepMerge2(targetValue, sourceValue);
       } else {
         merged[key] = sourceValue;
       }
@@ -56738,35 +56974,37 @@ function deepMerge(target, source) {
 function isObject32(item) {
   return Boolean(item && typeof item === "object" && !Array.isArray(item));
 }
-async function loadConfig({ name, cwd, defaultConfig }) {
-  const configPath = resolve(cwd || process2.cwd(), `${name}.config`);
+async function loadConfig2({ name, cwd, defaultConfig: defaultConfig2 }) {
+  const configPath = resolve3(cwd || process22.cwd(), `${name}.config`);
   try {
     const importedConfig = await import(configPath);
     const loadedConfig = importedConfig.default || importedConfig;
-    return deepMerge(defaultConfig, loadedConfig);
+    return deepMerge2(defaultConfig2, loadedConfig);
   } catch (error) {
-    return defaultConfig;
-  }
-}
-var config42 = await loadConfig({
+    return defaultConfig2;
+  }
+}
+var defaultConfig2 = {
+  altNameIPs: ["127.0.0.1"],
+  altNameURIs: ["localhost"],
+  organizationName: "Local Development",
+  countryName: "US",
+  stateName: "California",
+  localityName: "Playa Vista",
+  commonName: "stacks.localhost",
+  validityDays: 825,
+  hostCertCN: "stacks.localhost",
+  domain: "stacks.localhost",
+  rootCA: { certificate: "", privateKey: "" },
+  basePath: "",
+  caCertPath: path2.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.ca.crt`),
+  certPath: path2.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.crt`),
+  keyPath: path2.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.crt.key`),
+  verbose: false
+};
+var config42 = await loadConfig2({
   name: "tls",
-  defaultConfig: {
-    altNameIPs: ["127.0.0.1"],
-    altNameURIs: ["localhost"],
-    organizationName: "Local Development",
-    countryName: "US",
-    stateName: "California",
-    localityName: "Playa Vista",
-    commonName: "stacks.localhost",
-    validityDays: 825,
-    hostCertCN: "stacks.localhost",
-    domain: "stacks.localhost",
-    rootCAObject: { certificate: "", privateKey: "" },
-    caCertPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.ca.crt`),
-    certPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.crt`),
-    keyPath: path.join(os22.homedir(), ".stacks", "ssl", `stacks.localhost.crt.key`),
-    verbose: false
-  }
+  defaultConfig: defaultConfig2
 });
 var import_node_forge = __toESM3(require_lib2(), 1);
 function makeNumberPositive(hexString) {
@@ -56780,10 +57018,10 @@ function findFoldersWithFile(rootDir, fileName) {
   const result = [];
   function search(dir) {
     try {
-      const files = fs.readdirSync(dir);
+      const files = fs3.readdirSync(dir);
       for (const file of files) {
-        const filePath = path2.join(dir, file);
-        const stats = fs.lstatSync(filePath);
+        const filePath = path22.join(dir, file);
+        const stats = fs3.lstatSync(filePath);
         if (stats.isDirectory()) {
           search(filePath);
         } else if (file === fileName) {
@@ -56797,26 +57035,26 @@ function findFoldersWithFile(rootDir, fileName) {
   search(rootDir);
   return result;
 }
-function debugLog(category, message, verbose) {
+function debugLog2(category, message, verbose) {
   if (verbose || config42.verbose) {
     console.debug(`[tlsx:${category}] ${message}`);
   }
 }
 function generateRandomSerial(verbose) {
-  debugLog("cert", "Generating random serial number", verbose);
+  debugLog2("cert", "Generating random serial number", verbose);
   const serialNumber = makeNumberPositive(import_node_forge2.default.util.bytesToHex(import_node_forge2.default.random.getBytesSync(20)));
-  debugLog("cert", `Generated serial number: ${serialNumber}`, verbose);
+  debugLog2("cert", `Generated serial number: ${serialNumber}`, verbose);
   return serialNumber;
 }
 function calculateValidityDates(options22) {
   const notBeforeDays = options22.notBeforeDays ?? 2;
   const validityDays = options22.validityDays ?? (options22.validityYears ? options22.validityYears * 365 : 180);
-  debugLog("cert", "Calculating certificate validity dates", options22.verbose);
+  debugLog2("cert", "Calculating certificate validity dates", options22.verbose);
   const notBefore = new Date(Date.now() - 86400 * notBeforeDays * 1000);
   const notAfter = new Date(notBefore.getTime() + validityDays * 24 * 60 * 60 * 1000);
   notBefore.setUTCHours(0, 0, 0, 0);
   notAfter.setUTCHours(23, 59, 59, 999);
-  debugLog("cert", `Validity period: ${notBefore.toISOString()} to ${notAfter.toISOString()}`, options22.verbose);
+  debugLog2("cert", `Validity period: ${notBefore.toISOString()} to ${notAfter.toISOString()}`, options22.verbose);
   return { notBefore, notAfter };
 }
 function generateCertificateExtensions(options22) {
@@ -56849,9 +57087,9 @@ function generateCertificateExtensions(options22) {
   return extensions;
 }
 async function createRootCA(options22 = {}) {
-  debugLog("ca", "Creating new Root CA Certificate", options22.verbose);
+  debugLog2("ca", "Creating new Root CA Certificate", options22.verbose);
   const keySize = options22.keySize || 2048;
-  debugLog("ca", `Generating ${keySize}-bit RSA key pair`, options22.verbose);
+  debugLog2("ca", `Generating ${keySize}-bit RSA key pair`, options22.verbose);
   const { privateKey, publicKey } = import_node_forge2.pki.rsa.generateKeyPair(keySize);
   const attributes = [
     { shortName: "C", value: options22.countryName || config42.countryName },
@@ -56898,14 +57136,14 @@ async function createRootCA(options22 = {}) {
   };
 }
 async function generateCertificate(options22) {
-  debugLog("cert", "Generating new certificate", options22.verbose);
-  debugLog("cert", `Options: ${JSON.stringify(options22)}`, options22.verbose);
-  if (!options22.rootCAObject?.certificate || !options22.rootCAObject?.privateKey) {
+  debugLog2("cert", "Generating new certificate", options22.verbose);
+  debugLog2("cert", `Options: ${JSON.stringify(options22)}`, options22.verbose);
+  if (!options22.rootCA?.certificate || !options22.rootCA?.privateKey) {
     throw new Error("Root CA certificate and private key are required");
   }
-  const caCert = import_node_forge2.pki.certificateFromPem(options22.rootCAObject.certificate);
-  const caKey = import_node_forge2.pki.privateKeyFromPem(options22.rootCAObject.privateKey);
-  debugLog("cert", "Generating 2048-bit RSA key pair for host certificate", options22?.verbose);
+  const caCert = import_node_forge2.pki.certificateFromPem(options22.rootCA.certificate);
+  const caKey = import_node_forge2.pki.privateKeyFromPem(options22.rootCA.privateKey);
+  debugLog2("cert", "Generating 2048-bit RSA key pair for host certificate", options22.verbose);
   const keySize = 2048;
   const { privateKey, publicKey } = import_node_forge2.pki.rsa.generateKeyPair(keySize);
   const attributes = options22.certificateAttributes || [
@@ -56936,253 +57174,217 @@ async function generateCertificate(options22) {
   };
 }
 async function addCertToSystemTrustStoreAndSaveCert(cert, caCert, options22) {
-  debugLog("trust", `Adding certificate to system trust store with options: ${JSON.stringify(options22)}`, options22?.verbose);
-  debugLog("trust", "Storing certificate and private key", options22?.verbose);
+  debugLog2("trust", `Adding certificate to system trust store with options: ${JSON.stringify(options22)}`, options22?.verbose);
+  debugLog2("trust", "Storing certificate and private key", options22?.verbose);
   const certPath = storeCertificate(cert, options22);
-  debugLog("trust", "Storing CA certificate", options22?.verbose);
+  debugLog2("trust", "Storing CA certificate", options22?.verbose);
   const caCertPath = storeCACertificate(caCert, options22);
   const platform22 = os4.platform();
-  debugLog("trust", `Detected platform: ${platform22}`, options22?.verbose);
+  debugLog2("trust", `Detected platform: ${platform22}`, options22?.verbose);
   const args = "TC, C, C";
   if (platform22 === "darwin") {
-    debugLog("trust", "Adding certificate to macOS keychain", options22?.verbose);
+    debugLog2("trust", "Adding certificate to macOS keychain", options22?.verbose);
     await runCommand(`sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${caCertPath}`);
   } else if (platform22 === "win32") {
-    debugLog("trust", "Adding certificate to Windows certificate store", options22?.verbose);
+    debugLog2("trust", "Adding certificate to Windows certificate store", options22?.verbose);
     await runCommand(`certutil -f -v -addstore -enterprise Root ${caCertPath}`);
   } else if (platform22 === "linux") {
-    debugLog("trust", "Adding certificate to Linux certificate store", options22?.verbose);
+    debugLog2("trust", "Adding certificate to Linux certificate store", options22?.verbose);
     const rootDirectory = os4.homedir();
     const targetFileName = "cert9.db";
-    debugLog("trust", `Searching for certificate databases in ${rootDirectory}`, options22?.verbose);
+    debugLog2("trust", `Searching for certificate databases in ${rootDirectory}`, options22?.verbose);
     const foldersWithFile = findFoldersWithFile(rootDirectory, targetFileName);
     for (const folder of foldersWithFile) {
-      debugLog("trust", `Processing certificate database in ${folder}`, options22?.verbose);
+      debugLog2("trust", `Processing certificate database in ${folder}`, options22?.verbose);
       try {
-        debugLog("trust", `Attempting to delete existing cert for ${config42.commonName}`, options22?.verbose);
+        debugLog2("trust", `Attempting to delete existing cert for ${config42.commonName}`, options22?.verbose);
         await runCommand(`certutil -d sql:${folder} -D -n ${config42.commonName}`);
       } catch (error) {
-        debugLog("trust", `Warning: Error deleting existing cert: ${error}`, options22?.verbose);
+        debugLog2("trust", `Warning: Error deleting existing cert: ${error}`, options22?.verbose);
         console.warn(`Error deleting existing cert: ${error}`);
       }
-      debugLog("trust", `Adding new certificate to ${folder}`, options22?.verbose);
+      debugLog2("trust", `Adding new certificate to ${folder}`, options22?.verbose);
       await runCommand(`certutil -d sql:${folder} -A -t ${args} -n ${config42.commonName} -i ${caCertPath}`);
       log2.info(`Cert added to ${folder}`);
     }
   } else {
-    debugLog("trust", `Error: Unsupported platform ${platform22}`, options22?.verbose);
+    debugLog2("trust", `Error: Unsupported platform ${platform22}`, options22?.verbose);
     throw new Error(`Unsupported platform: ${platform22}`);
   }
-  debugLog("trust", "Certificate successfully added to system trust store", options22?.verbose);
+  debugLog2("trust", "Certificate successfully added to system trust store", options22?.verbose);
   return certPath;
 }
 function storeCertificate(cert, options22) {
-  debugLog("storage", `Storing certificate and private key with options: ${JSON.stringify(options22)}`, options22?.verbose);
-  const certPath = options22?.certPath || config42.certPath;
-  const certKeyPath = options22?.keyPath || config42.keyPath;
-  debugLog("storage", `Certificate path: ${certPath}`, options22?.verbose);
-  debugLog("storage", `Private key path: ${certKeyPath}`, options22?.verbose);
+  debugLog2("storage", `Storing certificate and private key with options: ${JSON.stringify(options22)}`, options22?.verbose);
+  const certPath = path3.join(options22?.basePath || config42.basePath, options22?.certPath || config42.certPath);
+  const certKeyPath = path3.join(options22?.basePath || config42.basePath, options22?.keyPath || config42.keyPath);
+  debugLog2("storage", `Certificate path: ${certPath}`, options22?.verbose);
+  debugLog2("storage", `Private key path: ${certKeyPath}`, options22?.verbose);
   const certDir = path3.dirname(certPath);
   if (!fs2.existsSync(certDir)) {
-    debugLog("storage", `Creating certificate directory: ${certDir}`, options22?.verbose);
+    debugLog2("storage", `Creating certificate directory: ${certDir}`, options22?.verbose);
     fs2.mkdirSync(certDir, { recursive: true });
   }
-  debugLog("storage", "Writing certificate file", options22?.verbose);
+  debugLog2("storage", "Writing certificate file", options22?.verbose);
   fs2.writeFileSync(certPath, cert.certificate);
   const certKeyDir = path3.dirname(certKeyPath);
   if (!fs2.existsSync(certKeyDir)) {
-    debugLog("storage", `Creating private key directory: ${certKeyDir}`, options22?.verbose);
+    debugLog2("storage", `Creating private key directory: ${certKeyDir}`, options22?.verbose);
     fs2.mkdirSync(certKeyDir, { recursive: true });
   }
-  debugLog("storage", "Writing private key file", options22?.verbose);
+  debugLog2("storage", "Writing private key file", options22?.verbose);
   fs2.writeFileSync(certKeyPath, cert.privateKey);
-  debugLog("storage", "Certificate and private key stored successfully", options22?.verbose);
+  debugLog2("storage", "Certificate and private key stored successfully", options22?.verbose);
   return certPath;
 }
 function storeCACertificate(caCert, options22) {
-  debugLog("storage", "Storing CA certificate", options22?.verbose);
-  const caCertPath = options22?.caCertPath || config42.caCertPath;
-  debugLog("storage", `CA certificate path: ${caCertPath}`, options22?.verbose);
+  debugLog2("storage", "Storing CA certificate", options22?.verbose);
+  const caCertPath = path3.join(options22?.basePath || config42.basePath, options22?.caCertPath || config42.caCertPath);
+  debugLog2("storage", `CA certificate path: ${caCertPath}`, options22?.verbose);
   const caCertDir = path3.dirname(caCertPath);
   if (!fs2.existsSync(caCertDir)) {
-    debugLog("storage", `Creating CA certificate directory: ${caCertDir}`, options22?.verbose);
+    debugLog2("storage", `Creating CA certificate directory: ${caCertDir}`, options22?.verbose);
     fs2.mkdirSync(caCertDir, { recursive: true });
   }
-  debugLog("storage", "Writing CA certificate file", options22?.verbose);
+  debugLog2("storage", "Writing CA certificate file", options22?.verbose);
   fs2.writeFileSync(caCertPath, caCert);
-  debugLog("storage", "CA certificate stored successfully", options22?.verbose);
+  debugLog2("storage", "CA certificate stored successfully", options22?.verbose);
   return caCertPath;
 }
 var export_tls = import_node_forge2.tls;
 var export_pki = import_node_forge2.pki;
 var export_forge = import_node_forge2.default;
 
-// src/config.ts
-import os3 from "os";
-import path4 from "path";
-
-// node_modules/bun-config/dist/index.js
-import { resolve as resolve3 } from "path";
-import process3 from "process";
-function deepMerge2(target, source) {
-  if (Array.isArray(source) && !Array.isArray(target)) {
-    return source;
-  }
-  if (Array.isArray(source) && Array.isArray(target)) {
-    return source.map((sourceItem, index) => {
-      const targetItem = target[index];
-      if (isObject5(sourceItem) && isObject5(targetItem)) {
-        return deepMerge2(targetItem, sourceItem);
-      }
-      return sourceItem;
-    });
-  }
-  if (!isObject5(source) || !isObject5(target)) {
-    return source;
-  }
-  const merged = { ...target };
-  for (const key in source) {
-    if (Object.prototype.hasOwnProperty.call(source, key)) {
-      const sourceValue = source[key];
-      const targetValue = merged[key];
-      if (sourceValue === null || sourceValue === undefined) {
-        merged[key] = sourceValue;
-      } else if (isObject5(sourceValue) && isObject5(targetValue)) {
-        merged[key] = deepMerge2(targetValue, sourceValue);
-      } else {
-        merged[key] = sourceValue;
-      }
-    }
-  }
-  return merged;
-}
-function isObject5(item) {
-  return Boolean(item && typeof item === "object" && !Array.isArray(item));
-}
-async function loadConfig2({ name, cwd, defaultConfig }) {
-  const configPath = resolve3(cwd || process3.cwd(), `${name}.config`);
-  try {
-    const importedConfig = await import(configPath);
-    const loadedConfig = importedConfig.default || importedConfig;
-    return deepMerge2(defaultConfig, loadedConfig);
-  } catch (error) {
-    return defaultConfig;
-  }
-}
-
-// src/config.ts
-var config6 = await loadConfig2({
-  name: "reverse-proxy",
-  defaultConfig: {
-    from: "localhost:5173",
-    to: "stacks.localhost",
-    https: {
-      caCertPath: path4.join(os3.homedir(), ".stacks", "ssl", `stacks.localhost.ca.crt`),
-      certPath: path4.join(os3.homedir(), ".stacks", "ssl", `stacks.localhost.crt`),
-      keyPath: path4.join(os3.homedir(), ".stacks", "ssl", `stacks.localhost.crt.key`)
-    },
-    etcHostsCleanup: true,
-    verbose: false
-  }
-});
-
 // src/https.ts
 var cachedSSLConfig = null;
-function isMultiProxyConfig(options3) {
-  return "proxies" in options3;
+function resolveSSLPaths(options3, defaultConfig3) {
+  const domain = isMultiProxyConfig(options3) ? options3.proxies[0].to || "stacks.localhost" : options3.to || "stacks.localhost";
+  if (typeof options3.https === "object" && typeof defaultConfig3.https === "object") {
+    const hasAllPaths = options3.https.caCertPath && options3.https.certPath && options3.https.keyPath;
+    if (hasAllPaths) {
+      const baseConfig = httpsConfig({
+        ...options3,
+        to: domain,
+        https: defaultConfig3.https
+      });
+      const altNameIPs = options3.https.altNameIPs?.filter((ip) => ip !== undefined) || baseConfig.altNameIPs;
+      const altNameURIs = options3.https.altNameURIs?.filter((uri) => uri !== undefined) || baseConfig.altNameURIs;
+      return {
+        ...baseConfig,
+        caCertPath: options3.https.caCertPath || baseConfig.caCertPath,
+        certPath: options3.https.certPath || baseConfig.certPath,
+        keyPath: options3.https.keyPath || baseConfig.keyPath,
+        basePath: options3.https.basePath || baseConfig.basePath,
+        commonName: options3.https.commonName || baseConfig.commonName,
+        organizationName: options3.https.organizationName || baseConfig.organizationName,
+        countryName: options3.https.countryName || baseConfig.countryName,
+        stateName: options3.https.stateName || baseConfig.stateName,
+        localityName: options3.https.localityName || baseConfig.localityName,
+        validityDays: options3.https.validityDays || baseConfig.validityDays,
+        altNameIPs,
+        altNameURIs,
+        verbose: options3.verbose || baseConfig.verbose
+      };
+    }
+  }
+  return httpsConfig({
+    ...options3,
+    to: domain
+  });
 }
 function generateWildcardPatterns(domain) {
   const patterns = new Set;
   patterns.add(domain);
   const parts = domain.split(".");
-  if (parts.length >= 2) {
+  if (parts.length >= 2)
     patterns.add(`*.${parts.slice(1).join(".")}`);
-  }
   return Array.from(patterns);
 }
-function generateBaseConfig(options3, verbose) {
-  const domains = extractDomains(options3);
-  const sslBase = path6.join(os5.homedir(), ".stacks", "ssl");
-  const httpsConfig = options3.https === true ? {
-    caCertPath: path6.join(sslBase, "rpx-ca.crt"),
-    certPath: path6.join(sslBase, "rpx.crt"),
-    keyPath: path6.join(sslBase, "rpx.key")
-  } : typeof config6.https === "object" ? {
-    ...options3.https,
-    ...config6.https
-  } : {};
-  debugLog2("ssl", `Extracted domains: ${domains.join(", ")}`, verbose);
-  debugLog2("ssl", `Using SSL base path: ${sslBase}`, verbose);
-  debugLog2("ssl", `Using HTTPS config: ${JSON.stringify(httpsConfig)}`, verbose);
-  const allPatterns = new Set;
-  domains.forEach((domain) => {
-    allPatterns.add(domain);
-    generateWildcardPatterns(domain).forEach((pattern) => allPatterns.add(pattern));
-  });
-  allPatterns.add("localhost");
-  allPatterns.add("*.localhost");
-  const uniqueDomains = Array.from(allPatterns);
-  debugLog2("ssl", `Generated domain patterns: ${uniqueDomains.join(", ")}`, verbose);
+function generateSSLPaths(options3) {
+  const domain = getPrimaryDomain(options3);
+  let basePath = "";
+  if (typeof options3?.https === "object") {
+    basePath = options3.https.basePath || "";
+    return {
+      caCertPath: options3.https.caCertPath || join4(basePath, `${domain}.ca.crt`),
+      certPath: options3.https.certPath || join4(basePath, `${domain}.crt`),
+      keyPath: options3.https.keyPath || join4(basePath, `${domain}.key`)
+    };
+  }
+  const sslBase = basePath || join4(homedir2(), ".stacks", "ssl");
+  const sanitizedDomain = domain.replace(/\*/g, "wildcard");
   return {
-    domain: domains[0],
-    hostCertCN: domains[0],
-    caCertPath: httpsConfig?.caCertPath ?? path6.join(sslBase, "rpx-ca.crt"),
-    certPath: httpsConfig?.certPath ?? path6.join(sslBase, "rpx.crt"),
-    keyPath: httpsConfig?.keyPath ?? path6.join(sslBase, "rpx.key"),
-    altNameIPs: httpsConfig?.altNameIPs ?? ["127.0.0.1", "::1"],
-    altNameURIs: httpsConfig?.altNameURIs ?? [],
-    commonName: httpsConfig?.commonName ?? domains[0],
-    organizationName: httpsConfig?.organizationName ?? "Local Development",
-    countryName: httpsConfig?.countryName ?? "US",
-    stateName: httpsConfig?.stateName ?? "California",
-    localityName: httpsConfig?.localityName ?? "Playa Vista",
-    validityDays: httpsConfig?.validityDays ?? 825,
-    verbose: verbose ?? false,
-    subjectAltNames: uniqueDomains.map((domain) => ({
-      type: 2,
-      value: domain
-    }))
+    caCertPath: join4(sslBase, `${sanitizedDomain}.ca.crt`),
+    certPath: join4(sslBase, `${sanitizedDomain}.crt`),
+    keyPath: join4(sslBase, `${sanitizedDomain}.key`)
   };
 }
-function generateRootCAConfig(verbose = false) {
-  const sslBase = path6.join(os5.homedir(), ".stacks", "ssl");
-  return {
-    domain: "stacks.localhost",
-    hostCertCN: "stacks.localhost",
-    caCertPath: path6.join(sslBase, "rpx-root-ca.crt"),
-    certPath: path6.join(sslBase, "rpx-certificate.crt"),
-    keyPath: path6.join(sslBase, "rpx-certificate.key"),
-    altNameIPs: ["127.0.0.1", "::1"],
-    altNameURIs: [],
-    organizationName: "Stacks Local Development",
-    countryName: "US",
-    stateName: "California",
-    localityName: "Playa Vista",
-    commonName: "stacks.localhost",
-    validityDays: 3650,
-    verbose
-  };
+function getAllDomains(options3) {
+  const domains = new Set;
+  if (isMultiProxyOptions(options3)) {
+    options3.proxies.forEach((proxy) => {
+      const domain = proxy.to || "stacks.localhost";
+      generateWildcardPatterns(domain).forEach((pattern) => domains.add(pattern));
+    });
+  } else if (isSingleProxyOptions(options3)) {
+    const domain = options3.to || "stacks.localhost";
+    generateWildcardPatterns(domain).forEach((pattern) => domains.add(pattern));
+  } else {
+    domains.add("stacks.localhost");
+  }
+  domains.add("localhost");
+  domains.add("*.localhost");
+  return domains;
 }
-function httpsConfig(options3) {
-  return generateBaseConfig(options3, options3.verbose);
+async function loadSSLConfig(options3) {
+  debugLog("ssl", `Loading SSL configuration`, options3.verbose);
+  const mergedOptions = {
+    ...config4,
+    ...options3
+  };
+  options3.https = httpsConfig(mergedOptions);
+  if (!options3.https?.keyPath && !options3.https?.certPath) {
+    debugLog("ssl", "No SSL configuration provided", options3.verbose);
+    return null;
+  }
+  if (options3.https?.keyPath && !options3.https?.certPath || !options3.https?.keyPath && options3.https?.certPath) {
+    const missing = !options3.https?.keyPath ? "keyPath" : "certPath";
+    debugLog("ssl", `Invalid SSL configuration - missing ${missing}`, options3.verbose);
+    throw new Error(`SSL Configuration requires both keyPath and certPath. Missing: ${missing}`);
+  }
+  try {
+    if (!options3.https?.keyPath || !options3.https?.certPath)
+      return null;
+    try {
+      debugLog("ssl", "Reading SSL certificate files", options3.verbose);
+      const key = await fs5.readFile(options3.https?.keyPath, "utf8");
+      const cert = await fs5.readFile(options3.https?.certPath, "utf8");
+      debugLog("ssl", "SSL configuration loaded successfully", options3.verbose);
+      return { key, cert };
+    } catch (error) {
+      debugLog("ssl", `Failed to read certificates: ${error}`, options3.verbose);
+      return null;
+    }
+  } catch (err3) {
+    debugLog("ssl", `SSL configuration error: ${err3}`, options3.verbose);
+    throw err3;
+  }
 }
 async function generateCertificate2(options3) {
   if (cachedSSLConfig) {
-    const verbose2 = isMultiProxyConfig(options3) ? options3.verbose : options3.verbose;
-    debugLog2("ssl", "Using cached SSL configuration", verbose2);
+    debugLog("ssl", "Using cached SSL configuration", options3.verbose);
     return;
   }
-  const domains = isMultiProxyConfig(options3) ? [options3.proxies[0].to, ...options3.proxies.map((proxy) => proxy.to)] : [options3.to];
-  const verbose = isMultiProxyConfig(options3) ? options3.verbose : options3.verbose;
-  debugLog2("ssl", `Generating certificate for domains: ${domains.join(", ")}`, verbose);
-  const rootCAConfig = generateRootCAConfig(verbose);
+  const domains = isMultiProxyOptions(options3) ? options3.proxies.map((proxy) => proxy.to) : [options3.to];
+  debugLog("ssl", `Generating certificate for domains: ${domains.join(", ")}`, options3.verbose);
+  const rootCAConfig = httpsConfig(options3, options3.verbose);
   log.info("Generating Root CA certificate...");
   const caCert = await createRootCA(rootCAConfig);
-  const hostConfig = generateBaseConfig(options3, verbose);
+  const hostConfig = httpsConfig(options3, options3.verbose);
   log.info(`Generating host certificate for: ${domains.join(", ")}`);
   const hostCert = await generateCertificate({
     ...hostConfig,
-    rootCAObject: {
+    rootCA: {
       certificate: caCert.certificate,
       privateKey: caCert.privateKey
     }
@@ -57194,283 +57396,145 @@ async function generateCertificate2(options3) {
     ca: caCert.certificate
   };
   log.success(`Certificate generated successfully for ${domains.length} domain${domains.length > 1 ? "s" : ""}`);
-  debugLog2("ssl", `Certificate includes domains: ${domains.join(", ")}`, verbose);
+  debugLog("ssl", `Certificate includes domains: ${domains.join(", ")}`, options3.verbose);
 }
 function getSSLConfig() {
   return cachedSSLConfig;
 }
-
-// src/utils.ts
-function debugLog2(category, message, verbose) {
-  if (verbose) {
-    console.debug(`[rpx:${category}] ${message}`);
-  }
-}
-function extractDomains(options3) {
-  if (isMultiProxyConfig(options3)) {
-    return options3.proxies.map((proxy) => {
-      const domain2 = proxy.to || "stacks.localhost";
-      return domain2.startsWith("http") ? new URL(domain2).hostname : domain2;
-    });
-  }
-  const domain = options3.to || "stacks.localhost";
-  return [domain.startsWith("http") ? new URL(domain).hostname : domain];
-}
-
-// src/hosts.ts
-var hostsFilePath = process9.platform === "win32" ? path7.join(process9.env.windir || "C:\\Windows", "System32", "drivers", "etc", "hosts") : "/etc/hosts";
-async function sudoWrite(operation, content) {
-  return new Promise((resolve4, reject) => {
-    if (process9.platform === "win32") {
-      reject(new Error("Administrator privileges required on Windows"));
-      return;
-    }
-    const tmpFile = path7.join(os7.tmpdir(), "hosts.tmp");
-    try {
-      if (operation === "append") {
-        const currentContent = fs3.readFileSync(hostsFilePath, "utf8");
-        fs3.writeFileSync(tmpFile, currentContent + content, "utf8");
-      } else {
-        fs3.writeFileSync(tmpFile, content, "utf8");
-      }
-      const sudo = spawn("sudo", ["cp", tmpFile, hostsFilePath]);
-      sudo.on("close", (code) => {
-        try {
-          fs3.unlinkSync(tmpFile);
-          if (code === 0)
-            resolve4();
-          else
-            reject(new Error(`sudo process exited with code ${code}`));
-        } catch (err3) {
-          reject(err3);
-        }
-      });
-      sudo.on("error", (err3) => {
-        try {
-          fs3.unlinkSync(tmpFile);
-        } catch {
-        }
-        reject(err3);
-      });
-    } catch (err3) {
-      reject(err3);
-    }
-  });
-}
-async function addHosts(hosts, verbose) {
-  debugLog2("hosts", `Adding hosts: ${hosts.join(", ")}`, verbose);
-  debugLog2("hosts", `Using hosts file at: ${hostsFilePath}`, verbose);
+async function checkExistingCertificates(options3) {
+  const name = getPrimaryDomain(options3);
+  const paths = generateSSLPaths(options3);
   try {
-    const existingContent = await fs3.promises.readFile(hostsFilePath, "utf-8");
-    const newEntries = hosts.filter((host) => {
-      const ipv4Entry = `127.0.0.1 ${host}`;
-      const ipv6Entry = `::1 ${host}`;
-      return !existingContent.includes(ipv4Entry) && !existingContent.includes(ipv6Entry);
-    });
-    if (newEntries.length === 0) {
-      debugLog2("hosts", "All hosts already exist in hosts file", verbose);
-      log.info("All hosts are already in the hosts file");
-      return;
-    }
-    const hostEntries = newEntries.map((host) => `
-# Added by rpx
-127.0.0.1 ${host}
-::1 ${host}`).join(`
-`);
-    try {
-      await fs3.promises.appendFile(hostsFilePath, hostEntries, { flag: "a" });
-      log.success(`Added new hosts: ${newEntries.join(", ")}`);
-    } catch (writeErr) {
-      if (writeErr.code === "EACCES") {
-        debugLog2("hosts", "Permission denied, attempting with sudo", verbose);
-        try {
-          await sudoWrite("append", hostEntries);
-          log.success(`Added new hosts with sudo: ${newEntries.join(", ")}`);
-        } catch (sudoErr) {
-          log.error("Failed to modify hosts file automatically");
-          log.warn("Please add these entries to your hosts file manually:");
-          hostEntries.split(`
-`).forEach((entry) => log.warn(entry));
-          if (process9.platform === "win32") {
-            log.warn(`
-On Windows:`);
-            log.warn("1. Run notepad as administrator");
-            log.warn("2. Open C:\\Windows\\System32\\drivers\\etc\\hosts");
-          } else {
-            log.warn(`
-On Unix systems:`);
-            log.warn(`sudo nano ${hostsFilePath}`);
-          }
-          throw new Error("Failed to modify hosts file: manual intervention required");
-        }
-      } else {
-        throw writeErr;
+    debugLog("ssl", `Checking certificates for ${name} at paths:`, options3?.verbose);
+    debugLog("ssl", `CA: ${paths.caCertPath}`, options3?.verbose);
+    debugLog("ssl", `Cert: ${paths.certPath}`, options3?.verbose);
+    debugLog("ssl", `Key: ${paths.keyPath}`, options3?.verbose);
+    const key = await fs5.readFile(paths.keyPath, "utf8");
+    const cert = await fs5.readFile(paths.certPath, "utf8");
+    let ca;
+    if (paths.caCertPath) {
+      try {
+        ca = await fs5.readFile(paths.caCertPath, "utf8");
+      } catch (err3) {
+        debugLog("ssl", `Failed to read CA cert: ${err3}`, options3?.verbose);
       }
     }
+    return { key, cert, ca };
   } catch (err3) {
-    const error = err3;
-    log.error(`Failed to manage hosts file: ${error.message}`);
-    throw error;
+    debugLog("ssl", `Failed to read certificates: ${err3}`, options3?.verbose);
+    return null;
   }
 }
-async function removeHosts(hosts, verbose) {
-  debugLog2("hosts", `Removing hosts: ${hosts.join(", ")}`, verbose);
-  try {
-    const content = await fs3.promises.readFile(hostsFilePath, "utf-8");
-    const lines = content.split(`
-`);
-    const filteredLines = lines.filter((line, index) => {
-      if (line.trim() === "# Added by rpx") {
-        lines.splice(index + 1, 2);
-        return false;
-      }
-      return true;
-    });
-    while (filteredLines[filteredLines.length - 1]?.trim() === "")
-      filteredLines.pop();
-    const newContent = `${filteredLines.join(`
-`)}
-`;
-    try {
-      await fs3.promises.writeFile(hostsFilePath, newContent);
-      log.success("Hosts removed successfully");
-    } catch (writeErr) {
-      if (writeErr.code === "EACCES") {
-        debugLog2("hosts", "Permission denied, attempting with sudo", verbose);
-        try {
-          await sudoWrite("write", newContent);
-          log.success("Hosts removed successfully with sudo");
-        } catch (sudoErr) {
-          log.error("Failed to modify hosts file automatically");
-          log.warn("Please remove these entries from your hosts file manually:");
-          hosts.forEach((host) => {
-            log.warn("# Added by rpx");
-            log.warn(`127.0.0.1 ${host}`);
-            log.warn(`::1 ${host}`);
-          });
-          if (process9.platform === "win32") {
-            log.warn(`
-On Windows:`);
-            log.warn("1. Run notepad as administrator");
-            log.warn("2. Open C:\\Windows\\System32\\drivers\\etc\\hosts");
-          } else {
-            log.warn(`
-On Unix systems:`);
-            log.warn(`sudo nano ${hostsFilePath}`);
-          }
-          throw new Error("Failed to modify hosts file: manual intervention required");
-        }
-      } else {
-        throw writeErr;
-      }
-    }
-  } catch (err3) {
-    const error = err3;
-    log.error(`Failed to remove hosts: ${error.message}`);
-    throw error;
+function httpsConfig(options3, verbose) {
+  const primaryDomain = getPrimaryDomain(options3);
+  debugLog("ssl", `Primary domain: ${primaryDomain}`, verbose);
+  const defaultPaths = generateSSLPaths(options3);
+  if (typeof options3.https === "object") {
+    const config5 = {
+      domain: primaryDomain,
+      hostCertCN: primaryDomain,
+      basePath: options3.https.basePath || "",
+      caCertPath: options3.https.caCertPath || defaultPaths.caCertPath,
+      certPath: options3.https.certPath || defaultPaths.certPath,
+      keyPath: options3.https.keyPath || defaultPaths.keyPath,
+      altNameIPs: ["127.0.0.1", "::1"],
+      altNameURIs: [],
+      commonName: options3.https.commonName || primaryDomain,
+      organizationName: options3.https.organizationName || "Local Development",
+      countryName: options3.https.countryName || "US",
+      stateName: options3.https.stateName || "California",
+      localityName: options3.https.localityName || "Playa Vista",
+      validityDays: options3.https.validityDays || 825,
+      verbose: verbose || false,
+      subjectAltNames: Array.from(getAllDomains(options3)).map((domain) => ({
+        type: 2,
+        value: domain
+      }))
+    };
+    if (isValidRootCA(options3.https.rootCA)) {
+      config5.rootCA = options3.https.rootCA;
+    }
+    return config5;
   }
-}
-async function checkHosts(hosts, verbose) {
-  debugLog2("hosts", `Checking hosts: ${hosts}`, verbose);
-  const content = await fs3.promises.readFile(hostsFilePath, "utf-8");
-  return hosts.map((host) => {
-    const ipv4Entry = `127.0.0.1 ${host}`;
-    const ipv6Entry = `::1 ${host}`;
-    return content.includes(ipv4Entry) || content.includes(ipv6Entry);
-  });
+  return {
+    domain: primaryDomain,
+    hostCertCN: primaryDomain,
+    basePath: "",
+    ...defaultPaths,
+    altNameIPs: ["127.0.0.1", "::1"],
+    altNameURIs: [],
+    commonName: primaryDomain,
+    organizationName: "Local Development",
+    countryName: "US",
+    stateName: "California",
+    localityName: "Playa Vista",
+    validityDays: 825,
+    verbose: verbose || false,
+    subjectAltNames: Array.from(getAllDomains(options3)).map((domain) => ({
+      type: 2,
+      value: domain
+    }))
+  };
 }
 
 // src/start.ts
 var activeServers = new Set;
 async function cleanup(options3) {
-  debugLog2("cleanup", "Starting cleanup process", options3?.verbose);
+  debugLog("cleanup", "Starting cleanup process", options3?.verbose);
   console.log(`
 `);
   log.info("Shutting down proxy servers...");
   const cleanupPromises = [];
   const serverClosePromises = Array.from(activeServers).map((server) => new Promise((resolve4) => {
     server.close(() => {
-      debugLog2("cleanup", "Server closed successfully", options3?.verbose);
+      debugLog("cleanup", "Server closed successfully", options3?.verbose);
       resolve4();
     });
   }));
   cleanupPromises.push(...serverClosePromises);
   if (options3?.etcHostsCleanup && options3.domains?.length) {
-    debugLog2("cleanup", "Cleaning up hosts file entries", options3?.verbose);
+    debugLog("cleanup", "Cleaning up hosts file entries", options3?.verbose);
     const domainsToClean = options3.domains.filter((domain) => !domain.includes("localhost"));
     if (domainsToClean.length > 0) {
       log.info("Cleaning up hosts file entries...");
       cleanupPromises.push(removeHosts(domainsToClean, options3?.verbose).then(() => {
-        debugLog2("cleanup", `Removed hosts entries for ${domainsToClean.join(", ")}`, options3?.verbose);
+        debugLog("cleanup", `Removed hosts entries for ${domainsToClean.join(", ")}`, options3?.verbose);
       }).catch((err3) => {
-        debugLog2("cleanup", `Failed to remove hosts entries: ${err3}`, options3?.verbose);
+        debugLog("cleanup", `Failed to remove hosts entries: ${err3}`, options3?.verbose);
         log.warn(`Failed to clean up hosts file entries for ${domainsToClean.join(", ")}:`, err3);
       }));
     }
   }
   try {
     await Promise.all(cleanupPromises);
-    debugLog2("cleanup", "All cleanup tasks completed successfully", options3?.verbose);
+    debugLog("cleanup", "All cleanup tasks completed successfully", options3?.verbose);
     log.success("All cleanup tasks completed successfully");
-    process20.exit(0);
+    process9.exit(0);
   } catch (err3) {
-    debugLog2("cleanup", `Error during cleanup: ${err3}`, options3?.verbose);
+    debugLog("cleanup", `Error during cleanup: ${err3}`, options3?.verbose);
     log.error("Error during cleanup:", err3);
-    process20.exit(1);
+    process9.exit(1);
   }
 }
-process20.on("SIGINT", cleanup);
-process20.on("SIGTERM", cleanup);
-process20.on("uncaughtException", (err3) => {
-  debugLog2("process", `Uncaught exception: ${err3}`, true);
+process9.on("SIGINT", cleanup);
+process9.on("SIGTERM", cleanup);
+process9.on("uncaughtException", (err3) => {
+  debugLog("process", `Uncaught exception: ${err3}`, true);
   log.error("Uncaught exception:", err3);
   cleanup();
 });
-async function loadSSLConfig(options3) {
-  debugLog2("ssl", `Loading SSL configuration`, options3.verbose);
-  if (options3.https === true)
-    options3.https = httpsConfig(options3);
-  else if (options3.https === false)
-    return null;
-  if (!options3.https?.keyPath && !options3.https?.certPath) {
-    debugLog2("ssl", "No SSL configuration provided", options3.verbose);
-    return null;
-  }
-  if (options3.https?.keyPath && !options3.https?.certPath || !options3.https?.keyPath && options3.https?.certPath) {
-    const missing = !options3.https?.keyPath ? "keyPath" : "certPath";
-    debugLog2("ssl", `Invalid SSL configuration - missing ${missing}`, options3.verbose);
-    throw new Error(`SSL Configuration requires both keyPath and certPath. Missing: ${missing}`);
-  }
-  try {
-    if (!options3.https?.keyPath || !options3.https?.certPath)
-      return null;
-    try {
-      debugLog2("ssl", "Reading SSL certificate files", options3.verbose);
-      const key = await fs5.promises.readFile(options3.https?.keyPath, "utf8");
-      const cert = await fs5.promises.readFile(options3.https?.certPath, "utf8");
-      debugLog2("ssl", "SSL configuration loaded successfully", options3.verbose);
-      return { key, cert };
-    } catch (error) {
-      debugLog2("ssl", `Failed to read certificates: ${error}`, options3.verbose);
-      return null;
-    }
-  } catch (err3) {
-    debugLog2("ssl", `SSL configuration error: ${err3}`, options3.verbose);
-    throw err3;
-  }
-}
 function isPortInUse(port, hostname, verbose) {
-  debugLog2("port", `Checking if port ${port} is in use on ${hostname}`, verbose);
+  debugLog("port", `Checking if port ${port} is in use on ${hostname}`, verbose);
   return new Promise((resolve4) => {
     const server = net.createServer();
     server.once("error", (err3) => {
       if (err3.code === "EADDRINUSE") {
-        debugLog2("port", `Port ${port} is in use`, verbose);
+        debugLog("port", `Port ${port} is in use`, verbose);
         resolve4(true);
       }
     });
     server.once("listening", () => {
-      debugLog2("port", `Port ${port} is available`, verbose);
+      debugLog("port", `Port ${port} is available`, verbose);
       server.close();
       resolve4(false);
     });
@@ -57478,17 +57542,17 @@ function isPortInUse(port, hostname, verbose) {
   });
 }
 async function findAvailablePort(startPort, hostname, verbose) {
-  debugLog2("port", `Finding available port starting from ${startPort}`, verbose);
+  debugLog("port", `Finding available port starting from ${startPort}`, verbose);
   let port = startPort;
   while (await isPortInUse(port, hostname, verbose)) {
-    debugLog2("port", `Port ${port} is in use, trying ${port + 1}`, verbose);
+    debugLog("port", `Port ${port} is in use, trying ${port + 1}`, verbose);
     port++;
   }
-  debugLog2("port", `Found available port: ${port}`, verbose);
+  debugLog("port", `Found available port: ${port}`, verbose);
   return port;
 }
 async function testConnection(hostname, port, verbose) {
-  debugLog2("connection", `Testing connection to ${hostname}:${port}`, verbose);
+  debugLog("connection", `Testing connection to ${hostname}:${port}`, verbose);
   return new Promise((resolve4, reject) => {
     const socket = net.connect({
       host: hostname,
@@ -57496,30 +57560,30 @@ async function testConnection(hostname, port, verbose) {
       timeout: 5000
     });
     socket.once("connect", () => {
-      debugLog2("connection", `Successfully connected to ${hostname}:${port}`, verbose);
+      debugLog("connection", `Successfully connected to ${hostname}:${port}`, verbose);
       socket.end();
       resolve4();
     });
     socket.once("timeout", () => {
-      debugLog2("connection", `Connection to ${hostname}:${port} timed out`, verbose);
+      debugLog("connection", `Connection to ${hostname}:${port} timed out`, verbose);
       socket.destroy();
       reject(new Error(`Connection to ${hostname}:${port} timed out`));
     });
     socket.once("error", (err3) => {
-      debugLog2("connection", `Failed to connect to ${hostname}:${port}: ${err3}`, verbose);
+      debugLog("connection", `Failed to connect to ${hostname}:${port}: ${err3}`, verbose);
       socket.destroy();
       reject(new Error(`Failed to connect to ${hostname}:${port}: ${err3.message}`));
     });
   });
 }
 async function startServer(options3) {
-  debugLog2("server", `Starting server with options: ${JSON.stringify(options3)}`, options3.verbose);
-  const fromUrl = new URL(options3.from.startsWith("http") ? options3.from : `http://${options3.from}`);
-  const toUrl = new URL(options3.to.startsWith("http") ? options3.to : `http://${options3.to}`);
+  debugLog("server", `Starting server with options: ${JSON.stringify(options3)}`, options3.verbose);
+  const fromUrl = new URL((options3.from?.startsWith("http") ? options3.from : `http://${options3.from}`) || "localhost:5173");
+  const toUrl = new URL((options3.to?.startsWith("http") ? options3.to : `http://${options3.to}`) || "stacks.localhost");
   const fromPort = Number.parseInt(fromUrl.port) || (fromUrl.protocol.includes("https:") ? 443 : 80);
   const hostsToCheck = [toUrl.hostname];
   if (!toUrl.hostname.includes("localhost") && !toUrl.hostname.includes("127.0.0.1")) {
-    debugLog2("hosts", `Checking if hosts file entry exists for: ${toUrl.hostname}`, options3?.verbose);
+    debugLog("hosts", `Checking if hosts file entry exists for: ${toUrl.hostname}`, options3?.verbose);
     try {
       const hostsExist = await checkHosts(hostsToCheck, options3.verbose);
       if (!hostsExist[0]) {
@@ -57532,7 +57596,7 @@ async function startServer(options3) {
           log.warn("You can manually add this entry to your hosts file:");
           log.warn(`127.0.0.1 ${toUrl.hostname}`);
           log.warn(`::1 ${toUrl.hostname}`);
-          if (process20.platform === "win32") {
+          if (process9.platform === "win32") {
             log.warn("On Windows:");
             log.warn("1. Run notepad as administrator");
             log.warn("2. Open C:\\Windows\\System32\\drivers\\etc\\hosts");
@@ -57542,7 +57606,7 @@ async function startServer(options3) {
           }
         }
       } else {
-        debugLog2("hosts", `Host entry already exists for ${toUrl.hostname}`, options3.verbose);
+        debugLog("hosts", `Host entry already exists for ${toUrl.hostname}`, options3.verbose);
       }
     } catch (checkError) {
       log.error("Failed to check hosts file:", checkError.message);
@@ -57551,9 +57615,9 @@ async function startServer(options3) {
   try {
     await testConnection(fromUrl.hostname, fromPort, options3.verbose);
   } catch (err3) {
-    debugLog2("server", `Connection test failed: ${err3}`, options3.verbose);
+    debugLog("server", `Connection test failed: ${err3}`, options3.verbose);
     log.error(err3.message);
-    process20.exit(1);
+    process9.exit(1);
   }
   let sslConfig = options3._cachedSSLConfig || null;
   if (options3.https) {
@@ -57565,17 +57629,17 @@ async function startServer(options3) {
         });
       }
       try {
-        debugLog2("ssl", `Attempting to load SSL configuration for ${toUrl.hostname}`, options3.verbose);
+        debugLog("ssl", `Attempting to load SSL configuration for ${toUrl.hostname}`, options3.verbose);
         sslConfig = await loadSSLConfig({
           ...options3,
           to: toUrl.hostname,
           https: options3.https
         });
       } catch (loadError) {
-        debugLog2("ssl", `Failed to load certificates, will generate new ones: ${loadError}`, options3.verbose);
+        debugLog("ssl", `Failed to load certificates, will generate new ones: ${loadError}`, options3.verbose);
       }
       if (!sslConfig) {
-        debugLog2("ssl", `Generating new certificates for ${toUrl.hostname}`, options3.verbose);
+        debugLog("ssl", `Generating new certificates for ${toUrl.hostname}`, options3.verbose);
         await generateCertificate2({
           ...options3,
           from: fromUrl.toString(),
@@ -57592,14 +57656,14 @@ async function startServer(options3) {
         }
       }
     } catch (err3) {
-      debugLog2("server", `SSL setup failed: ${err3}`, options3.verbose);
+      debugLog("server", `SSL setup failed: ${err3}`, options3.verbose);
       throw err3;
     }
   }
-  debugLog2("server", `Setting up reverse proxy with SSL config for ${toUrl.hostname}`, options3.verbose);
+  debugLog("server", `Setting up reverse proxy with SSL config for ${toUrl.hostname}`, options3.verbose);
   await setupReverseProxy({
     ...options3,
-    from: options3.from,
+    from: options3.from || "localhost:5173",
     to: toUrl.hostname,
     fromPort,
     sourceUrl: {
@@ -57610,9 +57674,9 @@ async function startServer(options3) {
   });
 }
 async function createProxyServer(from, to, fromPort, listenPort, hostname, sourceUrl, ssl, verbose) {
-  debugLog2("proxy", `Creating proxy server ${from} -> ${to}`, verbose);
+  debugLog("proxy", `Creating proxy server ${from} -> ${to}`, verbose);
   const requestHandler = (req, res) => {
-    debugLog2("request", `Incoming request: ${req.method} ${req.url}`, verbose);
+    debugLog("request", `Incoming request: ${req.method} ${req.url}`, verbose);
     const proxyOptions = {
       hostname: sourceUrl.hostname,
       port: fromPort,
@@ -57623,9 +57687,9 @@ async function createProxyServer(from, to, fromPort, listenPort, hostname, sourc
         host: sourceUrl.host
       }
     };
-    debugLog2("request", `Proxy request options: ${JSON.stringify(proxyOptions)}`, verbose);
+    debugLog("request", `Proxy request options: ${JSON.stringify(proxyOptions)}`, verbose);
     const proxyReq = http.request(proxyOptions, (proxyRes) => {
-      debugLog2("response", `Proxy response received with status ${proxyRes.statusCode}`, verbose);
+      debugLog("response", `Proxy response received with status ${proxyRes.statusCode}`, verbose);
       const headers = {
         ...proxyRes.headers,
         "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload",
@@ -57635,7 +57699,7 @@ async function createProxyServer(from, to, fromPort, listenPort, hostname, sourc
       proxyRes.pipe(res);
     });
     proxyReq.on("error", (err3) => {
-      debugLog2("request", `Proxy request failed: ${err3}`, verbose);
+      debugLog("request", `Proxy request failed: ${err3}`, verbose);
       log.error("Proxy request failed:", err3);
       res.writeHead(502);
       res.end(`Proxy Error: ${err3.message}`);
@@ -57662,11 +57726,11 @@ async function createProxyServer(from, to, fromPort, listenPort, hostname, sourc
     allowHTTP1: true,
     ALPNProtocols: ["h2", "http/1.1"]
   } : undefined;
-  debugLog2("server", `Creating server with SSL config: ${!!ssl}`, verbose);
+  debugLog("server", `Creating server with SSL config: ${!!ssl}`, verbose);
   const server = ssl && serverOptions ? https.createServer(serverOptions, requestHandler) : http.createServer(requestHandler);
   if (ssl) {
     server.on("secureConnection", (tlsSocket) => {
-      debugLog2("tls", `TLS Connection established: ${JSON.stringify({
+      debugLog("tls", `TLS Connection established: ${JSON.stringify({
         protocol: tlsSocket.getProtocol?.(),
         cipher: tlsSocket.getCipher?.(),
         authorized: tlsSocket.authorized,
@@ -57677,7 +57741,7 @@ async function createProxyServer(from, to, fromPort, listenPort, hostname, sourc
   activeServers.add(server);
   return new Promise((resolve4, reject) => {
     server.listen(listenPort, hostname, () => {
-      debugLog2("server", `Server listening on port ${listenPort}`, verbose);
+      debugLog("server", `Server listening on port ${listenPort}`, verbose);
       console.log("");
       console.log(`  ${green(bold("reverse-proxy"))} ${green(`v${version}`)}`);
       console.log("");
@@ -57694,13 +57758,13 @@ async function createProxyServer(from, to, fromPort, listenPort, hostname, sourc
       resolve4();
     });
     server.on("error", (err3) => {
-      debugLog2("server", `Server error: ${err3}`, verbose);
+      debugLog("server", `Server error: ${err3}`, verbose);
       reject(err3);
     });
   });
 }
 async function setupReverseProxy(options3) {
-  debugLog2("setup", `Setting up reverse proxy: ${JSON.stringify(options3)}`, options3.verbose);
+  debugLog("setup", `Setting up reverse proxy: ${JSON.stringify(options3)}`, options3.verbose);
   const { from, to, fromPort, sourceUrl, ssl, verbose, etcHostsCleanup, portManager } = options3;
   const httpPort = 80;
   const httpsPort = 443;
@@ -57709,11 +57773,11 @@ async function setupReverseProxy(options3) {
     if (ssl && !portManager?.usedPorts.has(httpPort)) {
       const isHttpPortBusy = await isPortInUse(httpPort, hostname, verbose);
       if (!isHttpPortBusy) {
-        debugLog2("setup", "Starting HTTP redirect server", verbose);
+        debugLog("setup", "Starting HTTP redirect server", verbose);
         startHttpRedirectServer(verbose);
         portManager?.usedPorts.add(httpPort);
       } else {
-        debugLog2("setup", "Port 80 is in use, skipping HTTP redirect", verbose);
+        debugLog("setup", "Port 80 is in use, skipping HTTP redirect", verbose);
         log.warn("Port 80 is in use, HTTP to HTTPS redirect will not be available");
       }
     }
@@ -57731,7 +57795,7 @@ async function setupReverseProxy(options3) {
     }
     await createProxyServer(from, to, fromPort, finalPort, hostname, sourceUrl, ssl, verbose);
   } catch (err3) {
-    debugLog2("setup", `Setup failed: ${err3}`, verbose);
+    debugLog("setup", `Setup failed: ${err3}`, verbose);
     log.error(`Failed to setup reverse proxy: ${err3.message}`);
     cleanup({
       domains: [to],
@@ -57741,70 +57805,96 @@ async function setupReverseProxy(options3) {
   }
 }
 function startHttpRedirectServer(verbose) {
-  debugLog2("redirect", "Starting HTTP redirect server", verbose);
+  debugLog("redirect", "Starting HTTP redirect server", verbose);
   const server = http.createServer((req, res) => {
     const host = req.headers.host || "";
-    debugLog2("redirect", `Redirecting request from ${host}${req.url} to HTTPS`, verbose);
+    debugLog("redirect", `Redirecting request from ${host}${req.url} to HTTPS`, verbose);
     res.writeHead(301, {
       Location: `https://${host}${req.url}`
     });
     res.end();
   }).listen(80);
   activeServers.add(server);
-  debugLog2("redirect", "HTTP redirect server started", verbose);
+  debugLog("redirect", "HTTP redirect server started", verbose);
 }
 function startProxy(options3) {
-  debugLog2("proxy", `Starting proxy with options: ${JSON.stringify(options3)}`, options3?.verbose);
+  const mergedOptions = {
+    ...config4,
+    ...options3
+  };
+  debugLog("proxy", `Starting proxy with options: ${JSON.stringify(mergedOptions)}`, mergedOptions?.verbose);
   const serverOptions = {
-    from: options3?.from || "localhost:5173",
-    to: options3?.to || "stacks.localhost",
-    https: httpsConfig(options3),
-    etcHostsCleanup: options3?.etcHostsCleanup || false,
-    verbose: options3?.verbose || false
+    from: mergedOptions.from,
+    to: mergedOptions.to,
+    https: httpsConfig(mergedOptions),
+    etcHostsCleanup: mergedOptions.etcHostsCleanup,
+    verbose: mergedOptions.verbose
   };
   console.log("serverOptions", serverOptions);
   startServer(serverOptions).catch((err3) => {
-    debugLog2("proxy", `Failed to start proxy: ${err3}`, options3.verbose);
+    debugLog("proxy", `Failed to start proxy: ${err3}`, mergedOptions.verbose);
     log.error(`Failed to start proxy: ${err3.message}`);
     cleanup({
-      domains: [options3.to],
-      etcHostsCleanup: options3.etcHostsCleanup,
-      verbose: options3.verbose
+      domains: [mergedOptions.to],
+      etcHostsCleanup: mergedOptions.etcHostsCleanup,
+      verbose: mergedOptions.verbose
     });
   });
 }
 async function startProxies(options3) {
-  if (!options3)
-    return;
-  debugLog2("proxies", "Starting proxies setup", isMultiProxyConfig2(options3) ? options3.verbose : options3.verbose);
-  if (options3.https) {
-    await generateCertificate2(options3);
+  debugLog("proxies", "Starting proxy setup", options3?.verbose);
+  const mergedOptions = {
+    ...config4,
+    ...options3
+  };
+  const primaryDomain = isMultiProxyConfig(mergedOptions) ? mergedOptions.proxies[0].to || "stacks.localhost" : mergedOptions.to || "stacks.localhost";
+  if (mergedOptions.https) {
+    const existingSSLConfig = await checkExistingCertificates(mergedOptions);
+    if (existingSSLConfig) {
+      debugLog("ssl", `Using existing certificates for ${primaryDomain}`, mergedOptions.verbose);
+      mergedOptions._cachedSSLConfig = existingSSLConfig;
+    } else {
+      debugLog("ssl", `No valid certificates found for ${primaryDomain}, generating new ones`, mergedOptions.verbose);
+      await generateCertificate2(mergedOptions);
+      const sslConfig2 = await checkExistingCertificates(mergedOptions);
+      if (!sslConfig2) {
+        throw new Error(`Failed to load SSL certificates after generation for ${primaryDomain}. Please check file permissions and paths.`);
+      }
+      mergedOptions._cachedSSLConfig = sslConfig2;
+    }
   }
-  const proxyOptions = isMultiProxyConfig2(options3) ? options3.proxies.map((proxy) => ({
+  const proxyOptions = isMultiProxyConfig(mergedOptions) ? mergedOptions.proxies.map((proxy) => ({
     ...proxy,
-    https: options3.https,
-    etcHostsCleanup: options3.etcHostsCleanup,
-    verbose: options3.verbose,
-    _cachedSSLConfig: options3._cachedSSLConfig
-  })) : [options3];
-  const domains = extractDomains(options3);
-  const sslConfig = options3.https ? getSSLConfig() : null;
+    https: mergedOptions.https,
+    etcHostsCleanup: mergedOptions.etcHostsCleanup,
+    verbose: mergedOptions.verbose,
+    _cachedSSLConfig: mergedOptions._cachedSSLConfig
+  })) : [{
+    from: mergedOptions.from || "localhost:5173",
+    to: mergedOptions.to || "stacks.localhost",
+    https: mergedOptions.https,
+    etcHostsCleanup: mergedOptions.etcHostsCleanup,
+    verbose: mergedOptions.verbose,
+    _cachedSSLConfig: mergedOptions._cachedSSLConfig
+  }];
+  const domains = proxyOptions.map((opt) => opt.to || "stacks.localhost");
+  const sslConfig = mergedOptions._cachedSSLConfig;
   const cleanupHandler = () => cleanup({
     domains,
-    etcHostsCleanup: isMultiProxyConfig2(options3) ? options3.etcHostsCleanup : options3.etcHostsCleanup || false,
-    verbose: isMultiProxyConfig2(options3) ? options3.verbose : options3.verbose || false
+    etcHostsCleanup: mergedOptions.etcHostsCleanup || false,
+    verbose: mergedOptions.verbose || false
   });
-  process20.on("SIGINT", cleanupHandler);
-  process20.on("SIGTERM", cleanupHandler);
-  process20.on("uncaughtException", (err3) => {
-    debugLog2("process", `Uncaught exception: ${err3}`, true);
-    log.error("Uncaught exception:", err3);
+  process9.on("SIGINT", cleanupHandler);
+  process9.on("SIGTERM", cleanupHandler);
+  process9.on("uncaughtException", (err3) => {
+    debugLog("process", `Uncaught exception: ${err3}`, true);
+    console.error("Uncaught exception:", err3);
     cleanupHandler();
   });
   for (const option of proxyOptions) {
     try {
       const domain = option.to || "stacks.localhost";
-      debugLog2("proxy", `Starting proxy for ${domain} with SSL config: ${!!sslConfig}`, option.verbose);
+      debugLog("proxy", `Starting proxy for ${domain} with SSL config: ${!!sslConfig}`, option.verbose);
       await startServer({
         from: option.from || "localhost:5173",
         to: domain,
@@ -57814,15 +57904,12 @@ async function startProxies(options3) {
         _cachedSSLConfig: sslConfig
       });
     } catch (err3) {
-      debugLog2("proxies", `Failed to start proxy for ${option.to}: ${err3}`, option.verbose);
-      log.error(`Failed to start proxy for ${option.to}:`, err3);
+      debugLog("proxies", `Failed to start proxy for ${option.to}: ${err3}`, option.verbose);
+      console.error(`Failed to start proxy for ${option.to}:`, err3);
       cleanupHandler();
     }
   }
 }
-function isMultiProxyConfig2(options3) {
-  return "proxies" in options3;
-}
 
 // src/index.ts
 var src_default = startProxies;
@@ -57832,17 +57919,27 @@ export {
   startProxies,
   startHttpRedirectServer,
   setupReverseProxy,
+  resolveSSLPaths,
   removeHosts,
+  loadSSLConfig,
+  isValidRootCA,
+  isSingleProxyOptions,
+  isMultiProxyOptions,
   isMultiProxyConfig,
   httpsConfig,
   hostsFilePath,
   getSSLConfig,
+  getPrimaryDomain,
+  getAllDomains,
+  generateWildcardPatterns,
+  generateSSLPaths,
   generateCertificate2 as generateCertificate,
-  extractDomains,
+  extractHostname,
   src_default as default,
-  debugLog2 as debugLog,
-  config6 as config,
+  debugLog,
+  config4 as config,
   cleanup,
   checkHosts,
+  checkExistingCertificates,
   addHosts
 };