portless 0.9.4 → 0.9.6

package/README.md

@@ -166,7 +166,7 @@ portless proxy stop              # Stop the proxy
 --tld <tld>                      Use a custom TLD instead of .localhost (e.g. test)
 --wildcard                       Allow unregistered subdomains to fall back to parent route
 --app-port <number>              Use a fixed port for the app (skip auto-assignment)
---force                          Override a route registered by another process
+--force                          Kill the existing process and take over its route
 --name <name>                    Use <name> as the app name
 ```
 

package/dist/{chunk-63BOQNMU.js → chunk-OPTRASOS.js}

@@ -477,8 +477,16 @@ function createProxyServer(options) {
       }
       proxySocket.pipe(socket);
       socket.pipe(proxySocket);
-      proxySocket.on("error", () => socket.destroy());
-      socket.on("error", () => proxySocket.destroy());
+      const cleanup = () => {
+        proxySocket.destroy();
+        socket.destroy();
+      };
+      proxySocket.on("error", cleanup);
+      socket.on("error", cleanup);
+      proxySocket.on("close", cleanup);
+      socket.on("close", cleanup);
+      proxySocket.on("end", cleanup);
+      socket.on("end", cleanup);
     });
     proxyReq.on("error", (err) => {
       onError(`WebSocket proxy error for ${getRequestHost(req)}: ${err.message}`);
@@ -505,7 +513,7 @@ function createProxyServer(options) {
   };
   if (tls) {
     const h2Server = http2.createSecureServer({
-      cert: tls.cert,
+      cert: tls.ca ? Buffer.concat([tls.cert, tls.ca]) : tls.cert,
       key: tls.key,
       allowHTTP1: true,
       ...tls.SNICallback ? { SNICallback: tls.SNICallback } : {}
@@ -1297,16 +1305,30 @@ var RouteStore = class _RouteStore {
     fs4.writeFileSync(this.routesPath, JSON.stringify(routes, null, 2), { mode: this.fileMode });
     fixOwnership(this.routesPath);
   }
+  /**
+   * Register a route. When `force` is true and the hostname is already claimed
+   * by another live process, that process is sent SIGTERM before the route is
+   * replaced. Returns the PID of the killed process (if any) so the caller can
+   * log it.
+   */
   addRoute(hostname, port, pid, force = false) {
     this.ensureDir();
     if (!this.acquireLock()) {
       throw new Error("Failed to acquire route lock");
     }
+    let killedPid;
     try {
       const routes = this.loadRoutes(true);
       const existing = routes.find((r) => r.hostname === hostname);
-      if (existing && existing.pid !== pid && this.isProcessAlive(existing.pid) && !force) {
-        throw new RouteConflictError(hostname, existing.pid);
+      if (existing && existing.pid !== pid && this.isProcessAlive(existing.pid)) {
+        if (!force) {
+          throw new RouteConflictError(hostname, existing.pid);
+        }
+        try {
+          process.kill(existing.pid, "SIGTERM");
+          killedPid = existing.pid;
+        } catch {
+        }
       }
       const filtered = routes.filter((r) => r.hostname !== hostname);
       filtered.push({ hostname, port, pid });
@@ -1314,6 +1336,7 @@ var RouteStore = class _RouteStore {
     } finally {
       this.releaseLock();
     }
+    return killedPid;
   }
   removeRoute(hostname) {
     this.ensureDir();

package/dist/cli.js

@@ -35,7 +35,7 @@ import {
   waitForProxy,
   writeTldFile,
   writeTlsMarker
-} from "./chunk-63BOQNMU.js";
+} from "./chunk-OPTRASOS.js";
 
 // src/colors.ts
 function supportsColor() {
@@ -471,10 +471,13 @@ async function generateHostCertAsync(stateDir, hostname) {
   fixOwnership(keyPath, certPath);
   return { certPath, keyPath };
 }
-function createSNICallback(stateDir, defaultCert, defaultKey, tld = "localhost") {
+function createSNICallback(stateDir, defaultCert, defaultKey, tld = "localhost", caCert) {
   const cache = /* @__PURE__ */ new Map();
   const pending = /* @__PURE__ */ new Map();
-  const defaultCtx = tls.createSecureContext({ cert: defaultCert, key: defaultKey });
+  const defaultCtx = tls.createSecureContext({
+    cert: caCert ? Buffer.concat([defaultCert, caCert]) : defaultCert,
+    key: defaultKey
+  });
   return (servername, cb) => {
     if (servername === tld) {
       cb(null, defaultCtx);
@@ -490,8 +493,9 @@ function createSNICallback(stateDir, defaultCert, defaultKey, tld = "localhost")
     const keyPath = path.join(hostDir, `${safeName}-key.pem`);
     if (fileExists(certPath) && fileExists(keyPath) && isCertValid(certPath) && isCertSignatureStrong(certPath)) {
       try {
+        const hostCert = fs.readFileSync(certPath);
         const ctx = tls.createSecureContext({
-          cert: fs.readFileSync(certPath),
+          cert: caCert ? Buffer.concat([hostCert, caCert]) : hostCert,
           key: fs.readFileSync(keyPath)
         });
         cache.set(servername, ctx);
@@ -505,11 +509,14 @@ function createSNICallback(stateDir, defaultCert, defaultKey, tld = "localhost")
       return;
     }
     const promise = generateHostCertAsync(stateDir, servername).then(async (generated) => {
-      const [cert, key] = await Promise.all([
+      const [hostCert, key] = await Promise.all([
         fs.promises.readFile(generated.certPath),
         fs.promises.readFile(generated.keyPath)
       ]);
-      return tls.createSecureContext({ cert, key });
+      return tls.createSecureContext({
+        cert: caCert ? Buffer.concat([hostCert, caCert]) : hostCert,
+        key
+      });
     });
     pending.set(servername, promise);
     promise.then((ctx) => {
@@ -1157,8 +1164,9 @@ portless
   } else {
     console.log(colors_default.green(`-- Using port ${port}`));
   }
+  let killedPid;
   try {
-    store.addRoute(hostname, port, process.pid, force);
+    killedPid = store.addRoute(hostname, port, process.pid, force);
   } catch (err) {
     if (err instanceof RouteConflictError) {
       console.error(colors_default.red(`Error: ${err.message}`));
@@ -1166,6 +1174,9 @@ portless
     }
     throw err;
   }
+  if (killedPid !== void 0) {
+    console.log(colors_default.yellow(`Killed existing process (PID ${killedPid})`));
+  }
   const finalUrl = formatUrl(hostname, proxyPort, tls2);
   console.log(colors_default.cyan.bold(`
   -> ${finalUrl}
@@ -1233,7 +1244,7 @@ ${colors_default.bold("Usage:")}
 
 ${colors_default.bold("Options:")}
   --name <name>          Override the inferred base name (worktree prefix still applies)
-  --force                Override an existing route registered by another process
+  --force                Kill the existing process and take over its route
   --app-port <number>    Use a fixed port for the app (skip auto-assignment)
   --help, -h             Show this help
 
@@ -1388,7 +1399,7 @@ ${colors_default.bold("Options:")}
   --tld <tld>                   Use a custom TLD instead of .localhost (e.g. test, dev)
   --wildcard                    Allow unregistered subdomains to fall back to parent route
   --app-port <number>           Use a fixed port for the app (skip auto-assignment)
-  --force                       Override an existing route registered by another process
+  --force                       Kill the existing process and take over its route
   --name <name>                 Use <name> as the app name (bypasses subcommand dispatch)
   --                            Stop flag parsing; everything after is passed to the child
 
@@ -1427,7 +1438,7 @@ ${colors_default.bold("Reserved names:")}
   process.exit(0);
 }
 function printVersion() {
-  console.log("0.9.4");
+  console.log("0.9.6");
   process.exit(0);
 }
 async function handleTrust() {
@@ -1954,10 +1965,12 @@ ${colors_default.bold("Usage:")}
       }
       const cert = fs3.readFileSync(certs.certPath);
       const key = fs3.readFileSync(certs.keyPath);
+      const ca = fs3.readFileSync(certs.caPath);
       tlsOptions = {
         cert,
         key,
-        SNICallback: createSNICallback(stateDir, cert, key, tld)
+        ca,
+        SNICallback: createSNICallback(stateDir, cert, key, tld, ca)
       };
     }
   }

package/dist/index.d.ts

@@ -26,6 +26,8 @@ interface ProxyServerOptions {
     tls?: {
         cert: Buffer;
         key: Buffer;
+        /** CA certificate to include in the chain so clients can verify the leaf. */
+        ca?: Buffer;
         /** SNI callback for per-hostname certificate selection. */
         SNICallback?: (servername: string, cb: (err: Error | null, ctx?: node_tls.SecureContext) => void) => void;
     };
@@ -65,8 +67,8 @@ interface RouteMapping extends RouteInfo {
     pid: number;
 }
 /**
- * Thrown when a route is already registered by a live process and --force
- * was not specified.
+ * Thrown when a route is already registered by a live process and --force was
+ * not specified. With --force, the existing process is killed instead.
  */
 declare class RouteConflictError extends Error {
     readonly hostname: string;
@@ -106,7 +108,13 @@ declare class RouteStore {
      */
     loadRoutes(persistCleanup?: boolean): RouteMapping[];
     private saveRoutes;
-    addRoute(hostname: string, port: number, pid: number, force?: boolean): void;
+    /**
+     * Register a route. When `force` is true and the hostname is already claimed
+     * by another live process, that process is sent SIGTERM before the route is
+     * replaced. Returns the PID of the killed process (if any) so the caller can
+     * log it.
+     */
+    addRoute(hostname: string, port: number, pid: number, force?: boolean): number | undefined;
     removeRoute(hostname: string): void;
 }
 

package/dist/index.js

@@ -20,7 +20,7 @@ import {
   parseHostname,
   removeBlock,
   syncHostsFile
-} from "./chunk-63BOQNMU.js";
+} from "./chunk-OPTRASOS.js";
 export {
   DIR_MODE,
   FILE_MODE,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "portless",
-  "version": "0.9.4",
+  "version": "0.9.6",
   "description": "Replace port numbers with stable, named .localhost URLs. For humans and agents.",
   "type": "module",
   "main": "./dist/index.js",