unplugin-cloudflare-tunnel 0.0.4 → 0.1.0

package/dist/index.mjs

@@ -1,9 +1,9 @@
-import { a as number, c as string, i as nullish, l as unknown, n as array, o as object, r as boolean, s as optional, t as any } from "./schemas-CwcXCIyR.mjs";
+import { a as number, c as string, i as nullish, l as unknown, n as array, o as object, r as boolean, s as optional, t as any } from "./schemas-Cpk3vGGi.mjs";
 import { createUnplugin } from "unplugin";
 import NodeFS from "node:fs/promises";
 import { bin, install } from "cloudflared";
 import * as NodeChildProcess from "node:child_process";
-
+import * as NodeUtil from "node:util";
 //#region src/index.ts
 /**
 * @fileoverview Cloudflare Tunnel Unplugin
@@ -42,8 +42,7 @@ const ANSI = {
 	blue: "\x1B[34m",
 	yellow: "\x1B[33m"
 };
-const ANSI_ESCAPE = String.fromCharCode(27);
-const ANSI_STYLE_SEQUENCE_REGEX = new RegExp(`${ANSI_ESCAPE}\\[[0-9;]*m`, "g");
+const ANSI_STYLE_SEQUENCE_REGEX = new RegExp(`${String.fromCharCode(27)}\\[[0-9;]*m`, "g");
 function stripAnsi(text) {
 	return text.replace(ANSI_STYLE_SEQUENCE_REGEX, "");
 }
@@ -67,7 +66,8 @@ const AccountSchema = object({
 });
 const ZoneSchema = object({
 	id: string(),
-	name: string()
+	name: string(),
+	account: optional(object({ id: string() }))
 });
 const TunnelSchema = object({
 	id: string(),
@@ -107,7 +107,11 @@ const unpluginFactory = (options = {}) => {
 	globalThis[GLOBAL_STATE] = globalState;
 	let child = globalState.child;
 	const VIRTUAL_MODULE_ID = "virtual:unplugin-cloudflare-tunnel";
-	const isQuickMode = !("hostname" in options);
+	const requestedMode = options.mode;
+	if (requestedMode && !["quick", "named"].includes(requestedMode)) throw new Error("[unplugin-cloudflare-tunnel] mode must be one of: 'quick', 'named'");
+	const hasHostname = "hostname" in options && typeof options.hostname === "string";
+	const isQuickMode = requestedMode ? requestedMode === "quick" : !hasHostname;
+	if (requestedMode === "named" && !hasHostname) throw new Error("[unplugin-cloudflare-tunnel] hostname is required when mode is set to named");
 	if (isQuickMode) {
 		const invalidOptions = [
 			"apiToken",
@@ -118,7 +122,7 @@ const unpluginFactory = (options = {}) => {
 			"ssl",
 			"cleanup"
 		].filter((opt) => opt in options);
-		if (invalidOptions.length > 0) throw new Error(`[unplugin-cloudflare-tunnel] The following options are only supported in named tunnel mode (when hostname is provided): ${invalidOptions.join(", ")}. Either provide a hostname for named tunnel mode, or remove these options for quick tunnel mode.`);
+		if (invalidOptions.length > 0) throw new Error(`[unplugin-cloudflare-tunnel] The following options are only supported in named tunnel mode: ${invalidOptions.join(", ")}. Set mode to 'named' and provide a hostname, or remove these options for quick tunnel mode.`);
 	}
 	let providedApiToken;
 	let hostname;
@@ -142,11 +146,37 @@ const unpluginFactory = (options = {}) => {
 		sslOption = namedOptions.ssl;
 		cleanupConfig = namedOptions.cleanup || {};
 	}
-	const { port: userProvidedPort, logFile, logLevel, debug = false } = options;
+	const { port: userProvidedPort, logFile, logLevel, protocol = "http2", debug = false } = options;
 	const effectivePluginLogLevel = logLevel ?? (debug ? "debug" : "info");
+	const redactForDebug = (value) => {
+		if (typeof value === "string") {
+			if (value.startsWith("eyJ") && value.length > 40) return "[REDACTED_TOKEN]";
+			return value;
+		}
+		if (Array.isArray(value)) return value.map((item) => redactForDebug(item));
+		if (value && typeof value === "object") {
+			const entries = Object.entries(value).map(([key, nestedValue]) => {
+				if (/token|authorization|secret|password/i.test(key)) return [key, "[REDACTED]"];
+				return [key, redactForDebug(nestedValue)];
+			});
+			return Object.fromEntries(entries);
+		}
+		return value;
+	};
+	const formatDebugValue = (value) => {
+		const redactedValue = redactForDebug(value);
+		if (typeof redactedValue === "string") return redactedValue;
+		return NodeUtil.inspect(redactedValue, {
+			depth: null,
+			colors: supportsColor(),
+			compact: false,
+			breakLength: 120,
+			sorted: true
+		});
+	};
 	const pluginLog = {
 		debug: (...args) => {
-			if (debug || effectivePluginLogLevel === "debug") console.log("[cloudflare-tunnel:debug]", ...args);
+			if (debug || effectivePluginLogLevel === "debug") console.log("[cloudflare-tunnel:debug]", ...args.map((arg) => formatDebugValue(arg)));
 		},
 		info: (message) => {
 			if (shouldLog(effectivePluginLogLevel, "info")) console.log(`[unplugin-cloudflare-tunnel] ${message}`);
@@ -176,10 +206,7 @@ const unpluginFactory = (options = {}) => {
 		globalState.__lastAnnouncedTunnelKey = params.key;
 		const cols = process.stdout.columns ?? 80;
 		const maxWidth = Math.max(10, cols - 2);
-		const headerText = "unplugin-cloudflare-tunnel";
-		const header = (() => {
-			return `${colorize("[", ANSI.yellow)}${headerText}${colorize("]", ANSI.yellow)}`;
-		})();
+		const header = `${colorize("[", ANSI.yellow)}unplugin-cloudflare-tunnel${colorize("]", ANSI.yellow)}`;
 		const urlLine = colorize(params.url, ANSI.blue + ANSI.bold);
 		const localLine = params.localTarget ? makeLocalDisplay(params.localTarget) : "";
 		const headerPlainLen = stripAnsi(header).length;
@@ -192,12 +219,12 @@ const unpluginFactory = (options = {}) => {
 			return `${" ".repeat(pad)}${text}`;
 		};
 		if (cols < 70) {
-			const out$1 = [];
-			out$1.push("");
-			out$1.push(`${header} ${colorize("Tunnel URL", ANSI.bold)} ${urlLine}`);
-			if (localLine) out$1.push(`${header} ${colorize("Local", ANSI.dim + ANSI.bold)} ${localLine}`);
-			out$1.push("");
-			console.log(out$1.join("\n"));
+			const out = [];
+			out.push("");
+			out.push(`${header} ${colorize("Tunnel URL", ANSI.bold)} ${urlLine}`);
+			if (localLine) out.push(`${header} ${colorize("Local", ANSI.dim + ANSI.bold)} ${localLine}`);
+			out.push("");
+			console.log(out.join("\n"));
 			return;
 		}
 		const out = [];
@@ -206,8 +233,6 @@ const unpluginFactory = (options = {}) => {
 		out.push(rule);
 		out.push(center(colorize("Tunnel URL", ANSI.bold)));
 		out.push(center(urlLine));
-		out.push(center(urlLine));
-		out.push(center(urlLine));
 		if (localLine) {
 			out.push("");
 			out.push(center(colorize("Local", ANSI.dim + ANSI.bold)));
@@ -229,19 +254,23 @@ const unpluginFactory = (options = {}) => {
 		"fatal"
 	].includes(logLevel)) throw new Error("[unplugin-cloudflare-tunnel] logLevel must be one of: debug, info, warn, error, fatal");
 	const effectiveLogLevel = logLevel ?? (debug ? "info" : "warn");
-	debugLog("Effective cloudflared log level:", effectiveLogLevel);
+	const cloudflaredProcessLogLevel = effectiveLogLevel === "debug" ? "debug" : "info";
+	debugLog("Effective cloudflared log level filter:", effectiveLogLevel);
+	debugLog("Effective cloudflared process log level:", cloudflaredProcessLogLevel);
+	debugLog("Effective cloudflared protocol:", protocol);
 	if (dnsOption) {
 		if (!dnsOption.startsWith("*.") && dnsOption !== hostname) throw new Error("[unplugin-cloudflare-tunnel] dns option must either be a wildcard (e.g., '*.example.com') or exactly match the hostname");
 	}
 	if (sslOption) {
 		if (!sslOption.startsWith("*.") && sslOption !== hostname) throw new Error("[unplugin-cloudflare-tunnel] ssl option must either be a wildcard (e.g., '*.example.com') or exactly match the hostname");
 	}
-	const trackSslCertificate = (certificateId, hosts, tunnelName$1, timestamp = (/* @__PURE__ */ new Date()).toISOString()) => {
+	if (!["http2", "quic"].includes(protocol)) throw new Error("[unplugin-cloudflare-tunnel] protocol must be one of: 'http2', 'quic'");
+	const trackSslCertificate = (certificateId, hosts, tunnelName, timestamp = (/* @__PURE__ */ new Date()).toISOString()) => {
 		const trackingKey = `ssl-cert-${certificateId}`;
 		globalState[trackingKey] = {
 			id: certificateId,
 			hosts,
-			tunnelName: tunnelName$1,
+			tunnelName,
 			timestamp,
 			pluginVersion: "1.0.0"
 		};
@@ -365,13 +394,14 @@ const unpluginFactory = (options = {}) => {
 			await new Promise((resolve) => setTimeout(resolve, delay));
 		}
 	};
-	const spawnQuickTunnel = async (localTarget) => {
+	const spawnQuickTunnel = async (localTarget, protocol) => {
 		const cloudflaredArgs = ["tunnel"];
 		cloudflaredArgs.push("--loglevel", "info");
 		if (logFile) cloudflaredArgs.push("--logfile", logFile);
+		cloudflaredArgs.push("--protocol", protocol);
 		cloudflaredArgs.push("--url", localTarget);
 		debugLog("Spawning quick tunnel:", bin, cloudflaredArgs);
-		const child$1 = NodeChildProcess.spawn(bin, cloudflaredArgs, {
+		const child = NodeChildProcess.spawn(bin, cloudflaredArgs, {
 			stdio: [
 				"ignore",
 				"pipe",
@@ -381,27 +411,43 @@ const unpluginFactory = (options = {}) => {
 			windowsHide: true,
 			shell: process.platform === "win32"
 		});
-		debugLog(`[unplugin-cloudflare-tunnel] Quick tunnel process spawned with PID: ${child$1.pid}`);
+		debugLog(`[unplugin-cloudflare-tunnel] Quick tunnel process spawned with PID: ${child.pid}`);
 		return new Promise((resolve, reject) => {
 			let urlFound = false;
+			let settled = false;
+			const rejectOnce = (error) => {
+				if (settled) return;
+				settled = true;
+				reject(error);
+			};
+			const resolveOnce = (result) => {
+				if (settled) return;
+				settled = true;
+				resolve(result);
+			};
 			const timeout = setTimeout(() => {
-				if (!urlFound) reject(/* @__PURE__ */ new Error("Quick tunnel URL not found in output within 30 seconds"));
+				if (!urlFound) {
+					try {
+						child.kill("SIGTERM");
+					} catch {}
+					rejectOnce(/* @__PURE__ */ new Error("Quick tunnel URL not found in output within 30 seconds"));
+				}
 			}, 3e4);
-			child$1.stdout?.on("data", (data) => {
+			child.stdout?.on("data", (data) => {
 				const output = data.toString();
 				if (!globalState.shuttingDown || debug) {
 					if (effectiveLogLevel === "debug" || effectiveLogLevel === "info") console.log(`[cloudflared stdout] ${output.trim()}`);
 					else for (const line of output.split("\n")) if (!INFO_LOG_REGEX.test(line)) console.log(`[cloudflared stdout] ${line.trim()}`);
 				}
 			});
-			child$1.stderr?.on("data", (data) => {
+			child.stderr?.on("data", (data) => {
 				const error = data.toString().trim();
 				const urlMatch = error.match(/https:\/\/[a-zA-Z0-9-]+\.trycloudflare\.com/);
 				if (urlMatch && !urlFound) {
 					urlFound = true;
 					clearTimeout(timeout);
-					resolve({
-						child: child$1,
+					resolveOnce({
+						child,
 						url: urlMatch[0]
 					});
 				}
@@ -414,13 +460,13 @@ const unpluginFactory = (options = {}) => {
 					else for (const line of error.split("\n")) if (!INFO_LOG_REGEX.test(line)) console.error(`[cloudflared stderr] ${line.trim()}`);
 				}
 			});
-			child$1.on("error", (error) => {
+			child.on("error", (error) => {
 				clearTimeout(timeout);
-				reject(/* @__PURE__ */ new Error(`Failed to start quick tunnel process: ${error.message}`));
+				rejectOnce(/* @__PURE__ */ new Error(`Failed to start quick tunnel process: ${error.message}`));
 			});
-			child$1.on("exit", (code, signal) => {
+			child.on("exit", (code, signal) => {
 				clearTimeout(timeout);
-				if (!urlFound) reject(/* @__PURE__ */ new Error(`Quick tunnel process exited before URL was found (code: ${code}, signal: ${signal})`));
+				if (!urlFound) rejectOnce(/* @__PURE__ */ new Error(`Quick tunnel process exited before URL was found (code: ${code}, signal: ${signal})`));
 			});
 		});
 	};
@@ -527,14 +573,15 @@ const unpluginFactory = (options = {}) => {
 				debugLog("[unplugin-cloudflare-tunnel] Starting quick tunnel mode...");
 				debugLog("Quick tunnel mode - no API token or hostname required");
 				await ensureCloudflaredBinary(bin);
-				const localTarget$1 = getLocalTarget(serverHost, port);
-				debugLog("← Quick tunnel connecting to local target", localTarget$1);
+				const localTarget = getLocalTarget(serverHost, port);
+				debugLog("← Quick tunnel connecting to local target", localTarget);
 				try {
-					const { child: quickChild, url } = await spawnQuickTunnel(localTarget$1);
+					const { child: quickChild, url } = await spawnQuickTunnel(localTarget, protocol);
 					tunnelUrl = url;
 					child = quickChild;
 					globalState.child = child;
 					globalState.configHash = newConfigHash;
+					globalState.tunnelUrl = Promise.resolve(url);
 					registerExitHandler();
 					registerListeningHandler(() => {
 						const { host: actualServerHost, port: actualPort } = normalizeAddress(server.httpServer?.address());
@@ -554,10 +601,11 @@ const unpluginFactory = (options = {}) => {
 								killCloudflared("SIGTERM");
 								await new Promise((resolve) => setTimeout(resolve, 1e3));
 								const newLocalTarget = getLocalTarget(actualServerHost, actualPort ?? port);
-								const { child: newChild, url: newUrl } = await spawnQuickTunnel(newLocalTarget);
+								const { child: newChild, url: newUrl } = await spawnQuickTunnel(newLocalTarget, protocol);
 								tunnelUrl = newUrl;
 								child = newChild;
 								globalState.child = child;
+								globalState.tunnelUrl = Promise.resolve(newUrl);
 								announceTunnel({
 									key: `quick:${newUrl}:${actualPort ?? port}`,
 									url: newUrl,
@@ -586,17 +634,15 @@ const unpluginFactory = (options = {}) => {
 				}
 			}
 			debugLog("[unplugin-cloudflare-tunnel] Starting named tunnel mode...");
-			const apiToken = providedApiToken || process.env.CLOUDFLARE_API_KEY;
-			if (!apiToken) throw new Error("[unplugin-cloudflare-tunnel] API token is required. Provide it via 'apiToken' option or set the CLOUDFLARE_API_KEY environment variable. Get your token at: https://dash.cloudflare.com/profile/api-tokens");
+			const apiToken = providedApiToken || process.env.CLOUDFLARE_API_TOKEN;
+			if (!apiToken) throw new Error("[unplugin-cloudflare-tunnel] API token is required. Provide it via 'apiToken' option or set the CLOUDFLARE_API_TOKEN environment variable. Get your token at: https://dash.cloudflare.com/profile/api-tokens");
 			debugLog(`[unplugin-cloudflare-tunnel] Using port ${port}${userProvidedPort === port ? " (user-provided)" : " (from bundler config)"}`);
 			await ensureCloudflaredBinary(bin);
-			const accounts = await cf(apiToken, "GET", "/accounts", void 0, array(AccountSchema));
-			const accountId = forcedAccount || accounts[0]?.id;
-			if (!accountId) throw new Error("Unable to determine Cloudflare account ID");
 			const apexDomain = hostname.split(".").slice(-2).join(".");
 			const parentDomain = hostname.split(".").slice(1).join(".");
 			debugLog("← Apex domain", apexDomain);
 			debugLog("← Parent domain", parentDomain);
+			let resolvedZone;
 			let zoneId = forcedZone;
 			if (!zoneId) {
 				let zones = [];
@@ -606,8 +652,12 @@ const unpluginFactory = (options = {}) => {
 					debugLog("← Error fetching zone for parent domain", error);
 				}
 				if (zones.length === 0) zones = await cf(apiToken, "GET", `/zones?name=${apexDomain}`, void 0, array(ZoneSchema));
-				zoneId = zones[0]?.id;
+				resolvedZone = zones[0];
+				zoneId = resolvedZone?.id;
 			}
+			let accountId = forcedAccount || resolvedZone?.account?.id;
+			if (!accountId) accountId = (await cf(apiToken, "GET", "/accounts", void 0, array(AccountSchema)))[0]?.id;
+			if (!accountId) throw new Error("Unable to determine Cloudflare account ID");
 			if (!zoneId) throw new Error(`Zone ${apexDomain} not found in account ${accountId}`);
 			const { autoCleanup = true } = cleanupConfig;
 			let tunnel = (await cf(apiToken, "GET", `/accounts/${accountId}/cfd_tunnel?name=${tunnelName}`, void 0, array(TunnelSchema)))[0];
@@ -731,26 +781,17 @@ const unpluginFactory = (options = {}) => {
 				console.error(`[unplugin-cloudflare-tunnel] ⚠️  SSL management error: ${sslError.message}`);
 				throw sslError;
 			}
-			const cloudflaredArgs = ["tunnel"];
-			cloudflaredArgs.push("--loglevel", effectiveLogLevel);
-			if (logFile) cloudflaredArgs.push("--logfile", logFile);
-			debugLog("Spawning cloudflared", bin, cloudflaredArgs);
-			cloudflaredArgs.push("run", "--token", token);
-			child = NodeChildProcess.spawn(bin, cloudflaredArgs, {
-				stdio: [
-					"ignore",
-					"pipe",
-					"pipe"
-				],
-				detached: false,
-				windowsHide: true,
-				shell: process.platform === "win32"
-			});
-			debugLog(`[unplugin-cloudflare-tunnel] Process spawned with PID: ${child.pid}`);
-			globalState.child = child;
-			globalState.configHash = newConfigHash;
-			registerExitHandler();
 			let tunnelReady = false;
+			let localTargetForAnnouncement = localTarget;
+			let activeTunnelProtocol;
+			const announceNamedTunnelIfReady = () => {
+				if (!tunnelReady) return;
+				announceTunnel({
+					key: `named:${hostname}:${localTargetForAnnouncement}`,
+					url: `https://${hostname}`,
+					localTarget: localTargetForAnnouncement
+				});
+			};
 			const logCloudflaredLines = (kind, text) => {
 				if (globalState.shuttingDown && !debug) return;
 				const isVerbose = effectiveLogLevel === "debug" || effectiveLogLevel === "info";
@@ -770,42 +811,70 @@ const unpluginFactory = (options = {}) => {
 					else console.error(`${prefix} ${line}`);
 				}
 			};
-			child.stdout?.on("data", (data) => {
-				const output = data.toString();
-				logCloudflaredLines("stdout", output);
-				if (output.includes("Connection") && output.includes("registered")) {
-					if (!tunnelReady) {
-						tunnelReady = true;
-						pluginLog.info(`Tunnel connected for https://${hostname}`);
+			const spawnNamedTunnelProcess = (protocol) => {
+				const cloudflaredArgs = ["tunnel"];
+				cloudflaredArgs.push("--loglevel", cloudflaredProcessLogLevel);
+				if (logFile) cloudflaredArgs.push("--logfile", logFile);
+				cloudflaredArgs.push("--protocol", protocol);
+				debugLog("Spawning cloudflared", bin, cloudflaredArgs);
+				const spawnedChild = NodeChildProcess.spawn(bin, [
+					...cloudflaredArgs,
+					"run",
+					"--token",
+					token
+				], {
+					stdio: [
+						"ignore",
+						"pipe",
+						"pipe"
+					],
+					detached: false,
+					windowsHide: true,
+					shell: process.platform === "win32"
+				});
+				child = spawnedChild;
+				globalState.child = spawnedChild;
+				globalState.configHash = newConfigHash;
+				debugLog(`[unplugin-cloudflare-tunnel] Process spawned with PID: ${spawnedChild.pid}`);
+				const handleCloudflaredOutput = (kind, text) => {
+					if (text.includes("Failed to parse ICMP reply") || text.includes("unknow ip version 0")) {
+						if (logLevel === "debug") console.log(`[cloudflared debug] ${text.trim()}`);
+						return;
 					}
-				}
-			});
-			child.stderr?.on("data", (data) => {
-				const error = data.toString().trim();
-				if (error.includes("Failed to parse ICMP reply") || error.includes("unknow ip version 0")) {
-					if (logLevel === "debug") console.log(`[cloudflared debug] ${error}`);
-					return;
-				}
-				logCloudflaredLines("stderr", error);
-			});
-			child.on("error", (error) => {
-				console.error(`[unplugin-cloudflare-tunnel] ❌ Failed to start tunnel process: ${error.message}`);
-				if (error.message.includes("ENOENT")) console.error(`[unplugin-cloudflare-tunnel] Hint: cloudflared binary may not be installed correctly`);
-			});
-			child.on("exit", (code, signal) => {
-				if (code !== 0 && code !== null) {
-					console.error(`[unplugin-cloudflare-tunnel] ❌ Tunnel process exited with code ${code}`);
-					if (signal) console.error(`[unplugin-cloudflare-tunnel] Process terminated by signal: ${signal}`);
-				} else if (code === 0) console.log(`[unplugin-cloudflare-tunnel] ✅ Tunnel process exited cleanly`);
-			});
+					logCloudflaredLines(kind, text);
+					if (/registered tunnel connection|connection.*registered/i.test(text)) {
+						activeTunnelProtocol = protocol;
+						if (!tunnelReady) {
+							tunnelReady = true;
+							pluginLog.info(`Tunnel connected for https://${hostname} via ${protocol.toUpperCase()}`);
+						}
+						announceNamedTunnelIfReady();
+					}
+				};
+				spawnedChild.stdout?.on("data", (data) => {
+					handleCloudflaredOutput("stdout", data.toString());
+				});
+				spawnedChild.stderr?.on("data", (data) => {
+					handleCloudflaredOutput("stderr", data.toString());
+				});
+				spawnedChild.on("error", (error) => {
+					console.error(`[unplugin-cloudflare-tunnel] ❌ Failed to start tunnel process: ${error.message}`);
+					if (error.message.includes("ENOENT")) console.error(`[unplugin-cloudflare-tunnel] Hint: cloudflared binary may not be installed correctly`);
+				});
+				spawnedChild.on("exit", (code, signal) => {
+					if (globalState.child !== spawnedChild) return;
+					if (code !== 0 && code !== null) {
+						console.error(`[unplugin-cloudflare-tunnel] ❌ Tunnel process exited with code ${code}`);
+						if (signal) console.error(`[unplugin-cloudflare-tunnel] Process terminated by signal: ${signal}`);
+					} else if (code === 0) console.log(`[unplugin-cloudflare-tunnel] ✅ Tunnel process exited cleanly`);
+				});
+			};
+			spawnNamedTunnelProcess(protocol);
+			registerExitHandler();
 			registerListeningHandler(() => {
 				const { host: actualServerHost, port: actualPort } = normalizeAddress(server.httpServer?.address());
-				const actualLocalTarget = getLocalTarget(actualServerHost, actualPort ?? port);
-				announceTunnel({
-					key: `named:${hostname}:${actualPort ?? port}`,
-					url: `https://${hostname}`,
-					localTarget: actualLocalTarget
-				});
+				localTargetForAnnouncement = getLocalTarget(actualServerHost, actualPort ?? port);
+				announceNamedTunnelIfReady();
 			});
 			server.httpServer?.once("close", () => {
 				killCloudflared("SIGTERM");
@@ -817,6 +886,7 @@ const unpluginFactory = (options = {}) => {
 						pluginLog.warn(`Port conflict detected - server is using port ${actualPort} instead of ${port}`);
 						pluginLog.info("Updating tunnel configuration...");
 						const newLocalTarget = getLocalTarget(actualServerHost, actualPort ?? port);
+						localTargetForAnnouncement = newLocalTarget;
 						debugLog("← Updating local target to", newLocalTarget);
 						await cf(apiToken, "PUT", `/accounts/${accountId}/cfd_tunnel/${tunnelId}/configurations`, { config: { ingress: [{
 							hostname,
@@ -830,6 +900,8 @@ const unpluginFactory = (options = {}) => {
 							dnsOption,
 							sslOption
 						});
+						if (tunnelReady && activeTunnelProtocol) pluginLog.info(`Tunnel remains connected via ${activeTunnelProtocol.toUpperCase()} after port update`);
+						announceNamedTunnelIfReady();
 					}
 				} catch (error) {
 					console.error(`[unplugin-cloudflare-tunnel] ❌ Failed to update tunnel for port change: ${error.message}`);
@@ -876,6 +948,18 @@ const unpluginFactory = (options = {}) => {
 		}
 		if (modified) debugLog(`[unplugin-cloudflare-tunnel] Configured ${label} devServer.allowedHosts to include ${hostToAllow}`);
 	};
+	const ensureViteAllowedHosts = (serverConfig) => {
+		const hostToAllow = isQuickMode ? ".trycloudflare.com" : hostname;
+		if (!hostToAllow) return;
+		const current = serverConfig.allowedHosts;
+		if (current === true) return;
+		if (typeof current === "undefined") serverConfig.allowedHosts = [hostToAllow];
+		else if (typeof current === "string") {
+			if (current !== hostToAllow) serverConfig.allowedHosts = [current, hostToAllow];
+		} else if (Array.isArray(current)) {
+			if (!current.includes(hostToAllow)) current.push(hostToAllow);
+		}
+	};
 	const setupWebpackLikeDevServerIntegration = (compiler, bundler) => {
 		if ((compiler?.options?.mode ?? process.env.NODE_ENV) === "production") return;
 		const optionsContainer = compiler.options;
@@ -957,19 +1041,8 @@ const unpluginFactory = (options = {}) => {
 			config: (config) => {
 				announceConnecting();
 				if (!config.server) config.server = {};
-				if (isQuickMode) {
-					config.server.allowedHosts = [".trycloudflare.com"];
-					return;
-				}
-				if (!config.server.allowedHosts) {
-					config.server.allowedHosts = [hostname];
-					debugLog(`[unplugin-cloudflare-tunnel] Configured Vite to allow requests from ${hostname}`);
-				} else if (Array.isArray(config.server.allowedHosts)) {
-					if (!config.server.allowedHosts.includes(hostname)) {
-						config.server.allowedHosts.push(hostname);
-						debugLog(`[unplugin-cloudflare-tunnel] Added ${hostname} to allowed hosts`);
-					}
-				}
+				ensureViteAllowedHosts(config.server);
+				if (!isQuickMode) debugLog(`[unplugin-cloudflare-tunnel] Configured Vite to allow requests from ${hostname}`);
 			},
 			configureServer: (server) => {
 				const configuredPromise = configureServer(server);
@@ -1012,7 +1085,5 @@ function getLocalTarget(host, port) {
 	return `http://${host.includes(":") ? `[${host}]` : host}:${port}`;
 }
 const CloudflareTunnel = createUnplugin(unpluginFactory);
-var src_default = CloudflareTunnel;
-
 //#endregion
-export { CloudflareTunnel, src_default as default };
+export { CloudflareTunnel, CloudflareTunnel as default };