@cloudflare/vite-plugin 1.36.3 → 1.37.0

package/dist/index.mjs

@@ -3,7 +3,7 @@ import assert from "node:assert";
 import { CoreHeaders, CorePaths, Log, LogLevel, Miniflare, Request as Request$1, Response as Response$1, buildPublicUrl, coupleWebSocket, getDefaultDevRegistryPath, getNodeCompat, getWorkerRegistry, kUnsafeEphemeralUniqueKey, parseModuleFallbackRequest } from "miniflare";
 import * as wrangler from "wrangler";
 import * as nodePath from "node:path";
-import path, { dirname, isAbsolute, join, relative, resolve } from "node:path";
+import path3, { dirname, isAbsolute, join, relative, resolve } from "node:path";
 import * as util$1 from "node:util";
 import { format, inspect, promisify } from "node:util";
 import * as vite from "vite";
@@ -24,7 +24,7 @@ import v8 from "node:v8";
 import { defineEnv } from "unenv";
 import * as nativeFs$1 from "fs";
 import nativeFs from "fs";
-import path$1, { basename, dirname as dirname$1, normalize, posix, relative as relative$1, resolve as resolve$1, sep } from "path";
+import path, { basename, dirname as dirname$1, normalize, posix, relative as relative$1, resolve as resolve$1, sep } from "path";
 import { fileURLToPath as fileURLToPath$1 } from "url";
 import { createRequire as createRequire$1 } from "module";
 import { WebSocketServer } from "ws";
@@ -1503,7 +1503,7 @@ async function assertWranglerVersion() {
 * The default compatibility date to use when the user omits one.
 * This value is injected at build time and remains fixed for each release.
 */
-const DEFAULT_COMPAT_DATE = "2026-05-07";
+const DEFAULT_COMPAT_DATE = "2026-05-14";
 
 //#endregion
 //#region ../../node_modules/.pnpm/@remix-run+node-fetch-server@0.8.0/node_modules/@remix-run/node-fetch-server/dist/node-fetch-server.js
@@ -4330,7 +4330,7 @@ function resolveWranglerConfigPath({ config, script }, options) {
 		deployConfigPath: void 0,
 		redirected: false
 	};
-	return findWranglerConfig$1(script !== void 0 ? path.dirname(script) : process.cwd(), options);
+	return findWranglerConfig$1(script !== void 0 ? path3.dirname(script) : process.cwd(), options);
 }
 __name(resolveWranglerConfigPath, "resolveWranglerConfigPath");
 function findWranglerConfig$1(referencePath = process.cwd(), { useRedirectIfAvailable = false } = {}) {
@@ -4361,15 +4361,15 @@ function findRedirectedWranglerConfig(cwd, userConfigPath) {
 	const deployConfigFile = readFileSync$1(deployConfigPath);
 	try {
 		const deployConfig = parseJSONC(deployConfigFile, deployConfigPath);
-		redirectedConfigPath = deployConfig.configPath && path.resolve(path.dirname(deployConfigPath), deployConfig.configPath);
+		redirectedConfigPath = deployConfig.configPath && path3.resolve(path3.dirname(deployConfigPath), deployConfig.configPath);
 	} catch (e) {
-		throw new UserError(`Failed to parse the deploy configuration file at ${path.relative(".", deployConfigPath)}`, {
+		throw new UserError(`Failed to parse the deploy configuration file at ${path3.relative(".", deployConfigPath)}`, {
 			cause: e,
 			telemetryMessage: false
 		});
 	}
 	if (!redirectedConfigPath) throw new UserError(esm_default`
-			A deploy configuration file was found at "${path.relative(".", deployConfigPath)}".
+			A deploy configuration file was found at "${path3.relative(".", deployConfigPath)}".
 			But this is not valid - the required "configPath" property was not found.
 			Instead this file contains:
 			\`\`\`
@@ -4377,13 +4377,13 @@ function findRedirectedWranglerConfig(cwd, userConfigPath) {
 			\`\`\`
 		`, { telemetryMessage: false });
 	if (!existsSync(redirectedConfigPath)) throw new UserError(esm_default`
-				There is a deploy configuration at "${path.relative(".", deployConfigPath)}".
-				But the redirected configuration path it points to, "${path.relative(".", redirectedConfigPath)}", does not exist.
+				There is a deploy configuration at "${path3.relative(".", deployConfigPath)}".
+				But the redirected configuration path it points to, "${path3.relative(".", redirectedConfigPath)}", does not exist.
 			`, { telemetryMessage: false });
 	if (userConfigPath) {
-		if (path.join(path.dirname(userConfigPath), PATH_TO_DEPLOY_CONFIG) !== deployConfigPath) throw new UserError(esm_default`
-					Found both a user configuration file at "${path.relative(".", userConfigPath)}"
-					and a deploy configuration file at "${path.relative(".", deployConfigPath)}".
+		if (path3.join(path3.dirname(userConfigPath), PATH_TO_DEPLOY_CONFIG) !== deployConfigPath) throw new UserError(esm_default`
+					Found both a user configuration file at "${path3.relative(".", userConfigPath)}"
+					and a deploy configuration file at "${path3.relative(".", deployConfigPath)}".
 					But these do not share the same base path so it is not clear which should be used.
 				`, { telemetryMessage: false });
 	}
@@ -5592,10 +5592,10 @@ var require_util$5 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/un
 			if (!isHttpOrHttpsPrefixed(url.origin || url.protocol)) throw new InvalidArgumentError$36("Invalid URL protocol: the URL must start with `http:` or `https:`.");
 			const port = url.port != null ? url.port : url.protocol === "https:" ? 443 : 80;
 			let origin = url.origin != null ? url.origin : `${url.protocol || ""}//${url.hostname || ""}:${port}`;
-			let path$2 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`;
+			let path$1 = url.path != null ? url.path : `${url.pathname || ""}${url.search || ""}`;
 			if (origin[origin.length - 1] === "/") origin = origin.slice(0, origin.length - 1);
-			if (path$2 && path$2[0] !== "/") path$2 = `/${path$2}`;
-			return new URL(`${origin}${path$2}`);
+			if (path$1 && path$1[0] !== "/") path$1 = `/${path$1}`;
+			return new URL(`${origin}${path$1}`);
 		}
 		if (!isHttpOrHttpsPrefixed(url.origin || url.protocol)) throw new InvalidArgumentError$36("Invalid URL protocol: the URL must start with `http:` or `https:`.");
 		return url;
@@ -6470,8 +6470,8 @@ var require_diagnostics = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pn
 			debugLog("connection to %s%s using %s%s errored - %s", host, port ? `:${port}` : "", protocol, version$2, error.message);
 		});
 		diagnosticsChannel$1.subscribe("undici:client:sendHeaders", (evt) => {
-			const { request: { method, path: path$2, origin } } = evt;
-			debugLog("sending request to %s %s%s", method, origin, path$2);
+			const { request: { method, path: path$1, origin } } = evt;
+			debugLog("sending request to %s %s%s", method, origin, path$1);
 		});
 	}
 	let isTrackingRequestEvents = false;
@@ -6483,16 +6483,16 @@ var require_diagnostics = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pn
 		}
 		isTrackingRequestEvents = true;
 		diagnosticsChannel$1.subscribe("undici:request:headers", (evt) => {
-			const { request: { method, path: path$2, origin }, response: { statusCode } } = evt;
-			debugLog("received response to %s %s%s - HTTP %d", method, origin, path$2, statusCode);
+			const { request: { method, path: path$1, origin }, response: { statusCode } } = evt;
+			debugLog("received response to %s %s%s - HTTP %d", method, origin, path$1, statusCode);
 		});
 		diagnosticsChannel$1.subscribe("undici:request:trailers", (evt) => {
-			const { request: { method, path: path$2, origin } } = evt;
-			debugLog("trailers received from %s %s%s", method, origin, path$2);
+			const { request: { method, path: path$1, origin } } = evt;
+			debugLog("trailers received from %s %s%s", method, origin, path$1);
 		});
 		diagnosticsChannel$1.subscribe("undici:request:error", (evt) => {
-			const { request: { method, path: path$2, origin }, error } = evt;
-			debugLog("request to %s %s%s errored - %s", method, origin, path$2, error.message);
+			const { request: { method, path: path$1, origin }, error } = evt;
+			debugLog("request to %s %s%s errored - %s", method, origin, path$1, error.message);
 		});
 	}
 	let isTrackingWebSocketEvents = false;
@@ -6545,10 +6545,10 @@ var require_request$1 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm
 	const invalidPathRegex = /[^\u0021-\u00ff]/;
 	const kHandler = Symbol("handler");
 	var Request$6 = class {
-		constructor(origin, { path: path$2, method, body, headers, query, idempotent, blocking, upgrade: upgrade$1, headersTimeout, bodyTimeout, reset, expectContinue, servername, throwOnError, maxRedirections, typeOfService }, handler) {
-			if (typeof path$2 !== "string") throw new InvalidArgumentError$35("path must be a string");
-			else if (path$2[0] !== "/" && !(path$2.startsWith("http://") || path$2.startsWith("https://")) && method !== "CONNECT") throw new InvalidArgumentError$35("path must be an absolute URL or start with a slash");
-			else if (invalidPathRegex.test(path$2)) throw new InvalidArgumentError$35("invalid request path");
+		constructor(origin, { path: path$1, method, body, headers, query, idempotent, blocking, upgrade: upgrade$1, headersTimeout, bodyTimeout, reset, expectContinue, servername, throwOnError, maxRedirections, typeOfService }, handler) {
+			if (typeof path$1 !== "string") throw new InvalidArgumentError$35("path must be a string");
+			else if (path$1[0] !== "/" && !(path$1.startsWith("http://") || path$1.startsWith("https://")) && method !== "CONNECT") throw new InvalidArgumentError$35("path must be an absolute URL or start with a slash");
+			else if (invalidPathRegex.test(path$1)) throw new InvalidArgumentError$35("invalid request path");
 			if (typeof method !== "string") throw new InvalidArgumentError$35("method must be a string");
 			else if (normalizedMethodRecords$1[method] === void 0 && !isValidHTTPToken$2(method)) throw new InvalidArgumentError$35("invalid request method");
 			if (upgrade$1 && typeof upgrade$1 !== "string") throw new InvalidArgumentError$35("upgrade must be a string");
@@ -6589,7 +6589,7 @@ var require_request$1 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm
 			this.completed = false;
 			this.aborted = false;
 			this.upgrade = upgrade$1 || null;
-			this.path = query ? serializePathWithQuery$3(path$2, query) : path$2;
+			this.path = query ? serializePathWithQuery$3(path$1, query) : path$1;
 			this.origin = origin;
 			this.protocol = getProtocolFromUrlString(origin);
 			this.idempotent = idempotent == null ? method === "HEAD" || method === "GET" : idempotent;
@@ -11072,7 +11072,7 @@ var require_client_h1 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm
 	* @returns
 	*/
 	function writeH1(client, request$2) {
-		const { method, path: path$2, host, upgrade: upgrade$1, blocking, reset } = request$2;
+		const { method, path: path$1, host, upgrade: upgrade$1, blocking, reset } = request$2;
 		let { body, headers, contentLength } = request$2;
 		const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH" || method === "QUERY" || method === "PROPFIND" || method === "PROPPATCH";
 		if (util$23.isFormDataLike(body)) {
@@ -11117,7 +11117,7 @@ var require_client_h1 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm
 		if (client[kMaxRequests$1] && socket[kCounter$1]++ >= client[kMaxRequests$1]) socket[kReset$1] = true;
 		if (blocking) socket[kBlocking] = true;
 		if (socket.setTypeOfService) socket.setTypeOfService(request$2.typeOfService);
-		let header = `${method} ${path$2} HTTP/1.1\r\n`;
+		let header = `${method} ${path$1} HTTP/1.1\r\n`;
 		if (typeof host === "string") header += `host: ${host}\r\n`;
 		else header += client[kHostHeader$1];
 		if (upgrade$1) header += `connection: upgrade\r\nupgrade: ${upgrade$1}\r\n`;
@@ -11653,7 +11653,7 @@ var require_client_h2 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm
 	function writeH2(client, request$2) {
 		const requestTimeout = request$2.bodyTimeout ?? client[kBodyTimeout$1];
 		const session = client[kHTTP2Session];
-		const { method, path: path$2, host, upgrade: upgrade$1, expectContinue, signal, protocol, headers: reqHeaders } = request$2;
+		const { method, path: path$1, host, upgrade: upgrade$1, expectContinue, signal, protocol, headers: reqHeaders } = request$2;
 		let { body } = request$2;
 		if (upgrade$1 != null && upgrade$1 !== "websocket") {
 			util$22.errorRequest(client, request$2, new InvalidArgumentError$30(`Custom upgrade "${upgrade$1}" not supported over HTTP/2`));
@@ -11706,7 +11706,7 @@ var require_client_h2 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm
 				}
 				headers[HTTP2_HEADER_METHOD] = "CONNECT";
 				headers[HTTP2_HEADER_PROTOCOL] = "websocket";
-				headers[HTTP2_HEADER_PATH] = path$2;
+				headers[HTTP2_HEADER_PATH] = path$1;
 				if (protocol === "ws:" || protocol === "wss:") headers[HTTP2_HEADER_SCHEME] = protocol === "ws:" ? "http" : "https";
 				else headers[HTTP2_HEADER_SCHEME] = protocol === "http:" ? "http" : "https";
 				stream$2 = session.request(headers, {
@@ -11748,7 +11748,7 @@ var require_client_h2 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm
 			stream$2.setTimeout(requestTimeout);
 			return true;
 		}
-		headers[HTTP2_HEADER_PATH] = path$2;
+		headers[HTTP2_HEADER_PATH] = path$1;
 		headers[HTTP2_HEADER_SCHEME] = protocol === "http:" ? "http" : "https";
 		const expectsPayload = method === "PUT" || method === "POST" || method === "PATCH";
 		if (body && typeof body.read === "function") body.read(0);
@@ -13574,8 +13574,8 @@ var require_proxy_agent = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pn
 				}
 				if (onHeaders) onHeaders.call(this, statusCode, data$1, resume$1);
 			};
-			const { origin, path: path$2 = "/", headers = {} } = opts;
-			opts.path = origin + path$2;
+			const { origin, path: path$1 = "/", headers = {} } = opts;
+			opts.path = origin + path$1;
 			if (!("host" in headers) && !("Host" in headers)) {
 				const { host } = new URL(origin);
 				headers.host = host;
@@ -15359,16 +15359,16 @@ var require_mock_utils = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnp
 		}
 		return normalizedQp;
 	}
-	function safeUrl(path$2) {
-		if (typeof path$2 !== "string") return path$2;
-		const pathSegments = path$2.split("?", 3);
-		if (pathSegments.length !== 2) return path$2;
+	function safeUrl(path$1) {
+		if (typeof path$1 !== "string") return path$1;
+		const pathSegments = path$1.split("?", 3);
+		if (pathSegments.length !== 2) return path$1;
 		const qp = new URLSearchParams(pathSegments.pop());
 		qp.sort();
 		return [...pathSegments, qp.toString()].join("?");
 	}
-	function matchKey(mockDispatch$1, { path: path$2, method, body, headers }) {
-		const pathMatch = matchValue$1(mockDispatch$1.path, path$2);
+	function matchKey(mockDispatch$1, { path: path$1, method, body, headers }) {
+		const pathMatch = matchValue$1(mockDispatch$1.path, path$1);
 		const methodMatch = matchValue$1(mockDispatch$1.method, method);
 		const bodyMatch = typeof mockDispatch$1.body !== "undefined" ? matchValue$1(mockDispatch$1.body, body) : true;
 		const headersMatch = matchHeaders(mockDispatch$1, headers);
@@ -15386,8 +15386,8 @@ var require_mock_utils = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnp
 		const basePath = key.query ? serializePathWithQuery$2(key.path, key.query) : key.path;
 		const resolvedPath = typeof basePath === "string" ? safeUrl(basePath) : basePath;
 		const resolvedPathWithoutTrailingSlash = removeTrailingSlash(resolvedPath);
-		let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path$2, ignoreTrailingSlash }) => {
-			return ignoreTrailingSlash ? matchValue$1(removeTrailingSlash(safeUrl(path$2)), resolvedPathWithoutTrailingSlash) : matchValue$1(safeUrl(path$2), resolvedPath);
+		let matchedMockDispatches = mockDispatches.filter(({ consumed }) => !consumed).filter(({ path: path$1, ignoreTrailingSlash }) => {
+			return ignoreTrailingSlash ? matchValue$1(removeTrailingSlash(safeUrl(path$1)), resolvedPathWithoutTrailingSlash) : matchValue$1(safeUrl(path$1), resolvedPath);
 		});
 		if (matchedMockDispatches.length === 0) throw new MockNotMatchedError(`Mock dispatch not matched for path '${resolvedPath}'`);
 		matchedMockDispatches = matchedMockDispatches.filter(({ method }) => matchValue$1(method, key.method));
@@ -15430,15 +15430,15 @@ var require_mock_utils = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnp
 	/**
 	* @param {string} path Path to remove trailing slash from
 	*/
-	function removeTrailingSlash(path$2) {
-		while (path$2.endsWith("/")) path$2 = path$2.slice(0, -1);
-		if (path$2.length === 0) path$2 = "/";
-		return path$2;
+	function removeTrailingSlash(path$1) {
+		while (path$1.endsWith("/")) path$1 = path$1.slice(0, -1);
+		if (path$1.length === 0) path$1 = "/";
+		return path$1;
 	}
 	function buildKey$1(opts) {
-		const { path: path$2, method, body, headers, query } = opts;
+		const { path: path$1, method, body, headers, query } = opts;
 		return {
-			path: path$2,
+			path: path$1,
 			method,
 			body,
 			headers,
@@ -16005,10 +16005,10 @@ var require_pending_interceptors_formatter = /* @__PURE__ */ __commonJS$1({ "../
 			});
 		}
 		format(pendingInterceptors) {
-			const withPrettyHeaders = pendingInterceptors.map(({ method, path: path$2, data: { statusCode }, persist, times, timesInvoked, origin }) => ({
+			const withPrettyHeaders = pendingInterceptors.map(({ method, path: path$1, data: { statusCode }, persist, times, timesInvoked, origin }) => ({
 				Method: method,
 				Origin: origin,
-				Path: path$2,
+				Path: path$1,
 				"Status code": statusCode,
 				Persistent: persist ? PERSISTENT : NOT_PERSISTENT,
 				Invocations: timesInvoked,
@@ -16066,8 +16066,8 @@ var require_mock_agent = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnp
 			const acceptNonStandardSearchParameters = this[kMockAgentAcceptsNonStandardSearchParameters];
 			const dispatchOpts = { ...opts };
 			if (acceptNonStandardSearchParameters && dispatchOpts.path) {
-				const [path$2, searchParams] = dispatchOpts.path.split("?");
-				dispatchOpts.path = `${path$2}?${normalizeSearchParams(searchParams, acceptNonStandardSearchParameters)}`;
+				const [path$1, searchParams] = dispatchOpts.path.split("?");
+				dispatchOpts.path = `${path$1}?${normalizeSearchParams(searchParams, acceptNonStandardSearchParameters)}`;
 			}
 			return this[kAgent].dispatch(dispatchOpts, handler);
 		}
@@ -16544,10 +16544,10 @@ var require_snapshot_recorder = /* @__PURE__ */ __commonJS$1({ "../../node_modul
 		* @return {Promise<void>} - Resolves when snapshots are loaded
 		*/
 		async loadSnapshots(filePath) {
-			const path$2 = filePath || this.#snapshotPath;
-			if (!path$2) throw new InvalidArgumentError$6("Snapshot path is required");
+			const path$1 = filePath || this.#snapshotPath;
+			if (!path$1) throw new InvalidArgumentError$6("Snapshot path is required");
 			try {
-				const data$1 = await readFile(resolve$3(path$2), "utf8");
+				const data$1 = await readFile(resolve$3(path$1), "utf8");
 				const parsed = JSON.parse(data$1);
 				if (Array.isArray(parsed)) {
 					this.#snapshots.clear();
@@ -16555,7 +16555,7 @@ var require_snapshot_recorder = /* @__PURE__ */ __commonJS$1({ "../../node_modul
 				} else this.#snapshots = new Map(Object.entries(parsed));
 			} catch (error) {
 				if (error.code === "ENOENT") this.#snapshots.clear();
-				else throw new UndiciError$1(`Failed to load snapshots from ${path$2}`, { cause: error });
+				else throw new UndiciError$1(`Failed to load snapshots from ${path$1}`, { cause: error });
 			}
 		}
 		/**
@@ -16565,9 +16565,9 @@ var require_snapshot_recorder = /* @__PURE__ */ __commonJS$1({ "../../node_modul
 		* @returns {Promise<void>} - Resolves when snapshots are saved
 		*/
 		async saveSnapshots(filePath) {
-			const path$2 = filePath || this.#snapshotPath;
-			if (!path$2) throw new InvalidArgumentError$6("Snapshot path is required");
-			const resolvedPath = resolve$3(path$2);
+			const path$1 = filePath || this.#snapshotPath;
+			if (!path$1) throw new InvalidArgumentError$6("Snapshot path is required");
+			const resolvedPath = resolve$3(path$1);
 			await mkdir(dirname$2(resolvedPath), { recursive: true });
 			const data$1 = Array.from(this.#snapshots.entries()).map(([hash, snapshot]) => ({
 				hash,
@@ -17134,11 +17134,11 @@ var require_redirect_handler = /* @__PURE__ */ __commonJS$1({ "../../node_module
 				return;
 			}
 			const { origin, pathname, search } = util$10.parseURL(new URL(this.location, this.opts.origin && new URL(this.opts.path, this.opts.origin)));
-			const path$2 = search ? `${pathname}${search}` : pathname;
-			const redirectUrlString = `${origin}${path$2}`;
+			const path$1 = search ? `${pathname}${search}` : pathname;
+			const redirectUrlString = `${origin}${path$1}`;
 			for (const historyUrl of this.history) if (historyUrl.toString() === redirectUrlString) throw new InvalidArgumentError$3(`Redirect loop detected. Cannot redirect to ${origin}. This typically happens when using a Client or Pool with cross-origin redirects. Use an Agent for cross-origin redirects.`);
 			this.opts.headers = cleanRequestHeaders(this.opts.headers, statusCode === 303, this.opts.origin !== origin);
-			this.opts.path = path$2;
+			this.opts.path = path$1;
 			this.opts.origin = origin;
 			this.opts.query = null;
 		}
@@ -22096,10 +22096,10 @@ var require_fetch = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/und
 			const url = requestCurrentURL(request$2);
 			/** @type {import('../../..').Agent} */
 			const agent = fetchParams.controller.dispatcher;
-			const path$2 = url.pathname + url.search;
+			const path$1 = url.pathname + url.search;
 			const hasTrailingQuestionMark = url.search.length === 0 && url.href[url.href.length - url.hash.length - 1] === "?";
 			return new Promise((resolve$4, reject) => agent.dispatch({
-				path: hasTrailingQuestionMark ? `${path$2}?` : path$2,
+				path: hasTrailingQuestionMark ? `${path$1}?` : path$1,
 				origin: url.origin,
 				method: request$2.method,
 				body: agent.isMockActive ? request$2.body && (request$2.body.source || request$2.body.stream) : body,
@@ -22881,9 +22881,9 @@ var require_util$2 = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/un
 	* path-value        = <any CHAR except CTLs or ";">
 	* @param {string} path
 	*/
-	function validateCookiePath(path$2) {
-		for (let i$1 = 0; i$1 < path$2.length; ++i$1) {
-			const code = path$2.charCodeAt(i$1);
+	function validateCookiePath(path$1) {
+		for (let i$1 = 0; i$1 < path$1.length; ++i$1) {
+			const code = path$1.charCodeAt(i$1);
 			if (code < 32 || code === 127 || code === 59) throw new Error("Invalid cookie path");
 		}
 	}
@@ -25991,9 +25991,9 @@ var require_undici = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/un
 			if (opts != null && typeof opts !== "object") throw new InvalidArgumentError("invalid opts");
 			if (opts && opts.path != null) {
 				if (typeof opts.path !== "string") throw new InvalidArgumentError("invalid opts.path");
-				let path$2 = opts.path;
-				if (!opts.path.startsWith("/")) path$2 = `/${path$2}`;
-				url = new URL(util$3.parseOrigin(url).origin + path$2);
+				let path$1 = opts.path;
+				if (!opts.path.startsWith("/")) path$1 = `/${path$1}`;
+				url = new URL(util$3.parseOrigin(url).origin + path$1);
 			} else {
 				if (!opts) opts = typeof url === "object" ? url : {};
 				url = util$3.parseURL(url);
@@ -30369,7 +30369,7 @@ __reExport(mod_esm_exports, __toESM(require_mod_cjs3(), 1));
 var mod_esm_default = import_mod_cjs.default;
 function getGlobalWranglerConfigPath() {
 	const configDir = mod_esm_default(".wrangler").config();
-	const legacyConfigDir = path.join(os.homedir(), ".wrangler");
+	const legacyConfigDir = path3.join(os.homedir(), ".wrangler");
 	if (isDirectory(legacyConfigDir)) return legacyConfigDir;
 	else return configDir;
 }
@@ -30465,7 +30465,7 @@ var getBuildPlatformFromEnv = getEnvironmentVariableFactory({ variableName: "WRA
 var getRegistryPath = getEnvironmentVariableFactory({
 	variableName: "WRANGLER_REGISTRY_PATH",
 	defaultValue() {
-		return path.join(getGlobalWranglerConfigPath(), "registry");
+		return path3.join(getGlobalWranglerConfigPath(), "registry");
 	}
 });
 var getD1ExtraLocationChoices = getEnvironmentVariableFactory({ variableName: "WRANGLER_D1_EXTRA_LOCATION_CHOICES" });
@@ -30877,7 +30877,7 @@ function isPagesConfig(rawConfig) {
 }
 __name(isPagesConfig, "isPagesConfig");
 function normalizeAndValidateConfig(rawConfig, configPath, userConfigPath, args, preserveOriginalMain = false) {
-	const diagnostics = new Diagnostics(`Processing ${configPath ? path.relative(process.cwd(), configPath) : "wrangler"} configuration:`);
+	const diagnostics = new Diagnostics(`Processing ${configPath ? path3.relative(process.cwd(), configPath) : "wrangler"} configuration:`);
 	validateOptionalProperty(diagnostics, "", "legacy_env", rawConfig.legacy_env, "boolean");
 	validateOptionalProperty(diagnostics, "", "send_metrics", rawConfig.send_metrics, "boolean");
 	validateOptionalProperty(diagnostics, "", "keep_vars", rawConfig.keep_vars, "boolean");
@@ -30981,34 +30981,34 @@ function normalizeAndValidateBuild(diagnostics, rawEnv, rawBuild, configPath) {
 	else validateOptionalProperty(diagnostics, "build", "watch_dir", watch_dir, "string");
 	return {
 		command,
-		watch_dir: command && configPath ? Array.isArray(watch_dir) ? watch_dir.map((dir) => path.relative(process.cwd(), path.join(path.dirname(configPath), `${dir}`))) : path.relative(process.cwd(), path.join(path.dirname(configPath), `${watch_dir}`)) : watch_dir,
+		watch_dir: command && configPath ? Array.isArray(watch_dir) ? watch_dir.map((dir) => path3.relative(process.cwd(), path3.join(path3.dirname(configPath), `${dir}`))) : path3.relative(process.cwd(), path3.join(path3.dirname(configPath), `${watch_dir}`)) : watch_dir,
 		cwd
 	};
 }
 __name(normalizeAndValidateBuild, "normalizeAndValidateBuild");
 function normalizeAndValidateMainField(configPath, rawMain) {
-	const configDir = path.dirname(configPath ?? "wrangler.toml");
+	const configDir = path3.dirname(configPath ?? "wrangler.toml");
 	if (rawMain !== void 0) if (typeof rawMain === "string") {
-		const directory = path.resolve(configDir);
-		return path.resolve(directory, rawMain);
+		const directory = path3.resolve(configDir);
+		return path3.resolve(directory, rawMain);
 	} else return rawMain;
 	else return;
 }
 __name(normalizeAndValidateMainField, "normalizeAndValidateMainField");
 function normalizeAndValidateBaseDirField(configPath, rawDir) {
-	const configDir = path.dirname(configPath ?? "wrangler.toml");
+	const configDir = path3.dirname(configPath ?? "wrangler.toml");
 	if (rawDir !== void 0) if (typeof rawDir === "string") {
-		const directory = path.resolve(configDir);
-		return path.resolve(directory, rawDir);
+		const directory = path3.resolve(configDir);
+		return path3.resolve(directory, rawDir);
 	} else return rawDir;
 	else return;
 }
 __name(normalizeAndValidateBaseDirField, "normalizeAndValidateBaseDirField");
 function normalizeAndValidatePagesBuildOutputDir(configPath, rawPagesDir) {
-	const configDir = path.dirname(configPath ?? "wrangler.toml");
+	const configDir = path3.dirname(configPath ?? "wrangler.toml");
 	if (rawPagesDir !== void 0) if (typeof rawPagesDir === "string") {
-		const directory = path.resolve(configDir);
-		return path.resolve(directory, rawPagesDir);
+		const directory = path3.resolve(configDir);
+		return path3.resolve(directory, rawPagesDir);
 	} else return rawPagesDir;
 	else return;
 }
@@ -31061,7 +31061,7 @@ function normalizeAndValidateSite(diagnostics, configPath, rawConfig, mainEntryP
 		validateOptionalProperty(diagnostics, "site", "entry-point", rawConfig.site["entry-point"], "string");
 		deprecated(diagnostics, rawConfig, `site.entry-point`, `Delete the \`site.entry-point\` field, then add the top level \`main\` field to your configuration file:
 \`\`\`
-main = "${path.join(String(rawConfig.site["entry-point"]) || "workers-site", path.extname(String(rawConfig.site["entry-point"]) || "workers-site") ? "" : "index.js")}"
+main = "${path3.join(String(rawConfig.site["entry-point"]) || "workers-site", path3.extname(String(rawConfig.site["entry-point"]) || "workers-site") ? "" : "index.js")}"
 \`\`\``, false, void 0, "warning");
 		let siteEntryPoint = rawConfig.site["entry-point"];
 		if (!mainEntryPoint && !siteEntryPoint) {
@@ -31074,7 +31074,7 @@ main = "workers-site/index.js"
 		} else if (mainEntryPoint && siteEntryPoint) diagnostics.errors.push(`Don't define both the \`main\` and \`site.entry-point\` fields in your configuration.
 They serve the same purpose: to point to the entry-point of your worker.
 Delete the deprecated \`site.entry-point\` field from your config.`);
-		if (configPath && siteEntryPoint) siteEntryPoint = path.relative(process.cwd(), path.join(path.dirname(configPath), siteEntryPoint));
+		if (configPath && siteEntryPoint) siteEntryPoint = path3.relative(process.cwd(), path3.join(path3.dirname(configPath), siteEntryPoint));
 		return {
 			bucket,
 			"entry-point": siteEntryPoint,
@@ -31106,7 +31106,7 @@ function normalizeAndValidateModulePaths(diagnostics, configPath, field, rawMapp
 	if (rawMapping === void 0) return;
 	const mapping = {};
 	for (const [name, filePath] of Object.entries(rawMapping)) if (isString$2(diagnostics, `${field}['${name}']`, filePath, void 0)) {
-		if (configPath) mapping[name] = configPath ? path.relative(process.cwd(), path.join(path.dirname(configPath), filePath)) : filePath;
+		if (configPath) mapping[name] = configPath ? path3.relative(process.cwd(), path3.join(path3.dirname(configPath), filePath)) : filePath;
 	}
 	return mapping;
 }
@@ -31263,7 +31263,7 @@ var validateStreamingTailConsumers = /* @__PURE__ */ __name((diagnostics, field,
 }, "validateStreamingTailConsumers");
 function normalizeAndValidateEnvironment(diagnostics, configPath, rawEnv, isDispatchNamespace, preserveOriginalMain, envName = "top level", topLevelEnv, useServiceEnvironments, rawConfig) {
 	deprecated(diagnostics, rawEnv, "node_compat", `The "node_compat" field is no longer supported as of Wrangler v4. Instead, use the \`nodejs_compat\` compatibility flag. This includes the functionality from legacy \`node_compat\` polyfills and natively implemented Node.js APIs. See https://developers.cloudflare.com/workers/runtime-apis/nodejs for more information.`, true, "Removed", "error");
-	experimental(diagnostics, rawEnv, "unsafe");
+	if (topLevelEnv === void 0 || rawConfig?.unsafe === void 0) experimental(diagnostics, rawEnv, "unsafe");
 	const route = normalizeAndValidateRoute(diagnostics, topLevelEnv, rawEnv);
 	const account_id = inheritableInWranglerEnvironments(diagnostics, useServiceEnvironments, topLevelEnv, mutateEmptyStringAccountIDValue(diagnostics, rawEnv), "account_id", isString$2, void 0, void 0);
 	const routes = validateRoutes(diagnostics, topLevelEnv, rawEnv);
@@ -31354,7 +31354,7 @@ function normalizeAndValidateEnvironment(diagnostics, configPath, rawEnv, isDisp
 __name(normalizeAndValidateEnvironment, "normalizeAndValidateEnvironment");
 function validateAndNormalizeTsconfig(diagnostics, topLevelEnv, rawEnv, configPath) {
 	const tsconfig = inheritable(diagnostics, topLevelEnv, rawEnv, "tsconfig", isString$2, void 0);
-	return configPath && tsconfig ? path.relative(process.cwd(), path.join(path.dirname(configPath), tsconfig)) : tsconfig;
+	return configPath && tsconfig ? path3.relative(process.cwd(), path3.join(path3.dirname(configPath), tsconfig)) : tsconfig;
 }
 __name(validateAndNormalizeTsconfig, "validateAndNormalizeTsconfig");
 var validateAndNormalizeRules = /* @__PURE__ */ __name((diagnostics, topLevelEnv, rawEnv, envName) => {
@@ -31426,9 +31426,11 @@ var validateDefines = /* @__PURE__ */ __name((envName) => (diagnostics, field, v
 	if (configDefines.length > 0) {
 		if (typeof value === "object" && value !== null) {
 			const configEnvDefines = config === void 0 ? [] : Object.keys(value);
-			for (const varName of configDefines) if (!(varName in value)) diagnostics.warnings.push(`"define.${varName}" exists at the top level, but not on "${fieldPath}".
-This is not what you probably want, since "define" configuration is not inherited by environments.
-Please add "define.${varName}" to "env.${envName}".`);
+			const missingDefines = configDefines.filter((varName) => !(varName in value));
+			if (missingDefines.length > 0) diagnostics.warnings.push(`The following define entries exist at the top level, but not on "${fieldPath}".
+This is probably not what you want, since "define" configuration is not inherited by environments.
+Please add these entries to "env.${envName}.define":
+` + missingDefines.map((varName) => `- ${varName}`).join("\n"));
 			for (const varName of configEnvDefines) if (!configDefines.includes(varName)) diagnostics.warnings.push(`"${varName}" exists on "env.${envName}", but not on the top level.
 This is not what you probably want, since "define" configuration within environments can only override existing top level "define" configuration
 Please remove "${fieldPath}.${varName}", or add "define.${varName}".`);
@@ -31452,9 +31454,11 @@ var validateVars = /* @__PURE__ */ __name((envName) => (diagnostics, field, valu
 	const configVars = Object.keys(config?.vars ?? {});
 	if (configVars.length > 0) {
 		if (typeof value === "object" && value !== null) {
-			for (const varName of configVars) if (!(varName in value)) diagnostics.warnings.push(`"vars.${varName}" exists at the top level, but not on "${fieldPath}".
-This is not what you probably want, since "vars" configuration is not inherited by environments.
-Please add "vars.${varName}" to "env.${envName}".`);
+			const missingVars = configVars.filter((varName) => !(varName in value));
+			if (missingVars.length > 0) diagnostics.warnings.push(`The following vars exist at the top level, but not on "${fieldPath}".
+This is probably not what you want, since "vars" configuration is not inherited by environments.
+Please add these vars to "env.${envName}.vars":
+` + missingVars.map((varName) => `- ${varName}`).join("\n"));
 		}
 	}
 	return isValid2;
@@ -31827,9 +31831,9 @@ function validateContainerApp(envName, topLevelName, configPath) {
 			let resolvedBuildContextPath = void 0;
 			try {
 				if (isDockerfile(resolvedImage, configPath)) {
-					const baseDir = configPath ? path.dirname(configPath) : process.cwd();
-					resolvedImage = path.resolve(baseDir, resolvedImage);
-					resolvedBuildContextPath = containerAppOptional.image_build_context ? path.resolve(baseDir, containerAppOptional.image_build_context) : path.dirname(resolvedImage);
+					const baseDir = configPath ? path3.dirname(configPath) : process.cwd();
+					resolvedImage = path3.resolve(baseDir, resolvedImage);
+					resolvedBuildContextPath = containerAppOptional.image_build_context ? path3.resolve(baseDir, containerAppOptional.image_build_context) : path3.dirname(resolvedImage);
 				}
 			} catch (err) {
 				if (err instanceof Error && err.message) diagnostics.errors.push(err.message);
@@ -32968,8 +32972,8 @@ function isRemoteValid(targetObject, fieldPath, diagnostics) {
 }
 __name(isRemoteValid, "isRemoteValid");
 function isDockerfile(imagePath, configPath) {
-	const baseDir = configPath ? path.dirname(configPath) : process.cwd();
-	const maybeDockerfile = path.resolve(baseDir, imagePath);
+	const baseDir = configPath ? path3.dirname(configPath) : process.cwd();
+	const maybeDockerfile = path3.resolve(baseDir, imagePath);
 	if (fs.existsSync(maybeDockerfile)) {
 		if (isDirectory(maybeDockerfile)) throw new UserError(`${imagePath} is a directory, you should specify a path to the Dockerfile`, { telemetryMessage: false });
 		return true;
@@ -33475,27 +33479,36 @@ function startTunnel(options) {
 	const timeoutMs = options.timeoutMs ?? TUNNEL_STARTUP_TIMEOUT_MS;
 	const reminderIntervalMs = options.reminderIntervalMs ?? DEFAULT_TUNNEL_REMINDER_INTERVAL_MS;
 	const defaultExpiryMs = options.expiryMs ?? DEFAULT_TUNNEL_EXPIRY_MS;
+	const isNamedTunnel = options.token !== void 0;
 	const timeFormatter = new Intl.DateTimeFormat(void 0, { timeStyle: "short" });
-	const readyPromise = spawnCloudflared([
+	const readyPromise = spawnCloudflared(isNamedTunnel ? [
+		"tunnel",
+		"--no-autoupdate",
+		"run"
+	] : [
 		"tunnel",
 		"--no-autoupdate",
 		"--url",
 		options.origin.href
 	], {
 		stdio: "pipe",
+		env: options.token ? { TUNNEL_TOKEN: options.token } : void 0,
 		skipVersionCheck: true,
 		logger
 	}).then((process2) => {
 		cloudflaredProcess = process2;
 		if (disposed) terminateCloudflared(process2);
 		return process2;
-	}).then((process2) => waitForQuickTunnelReady(process2, timeoutMs, {
-		logger,
-		origin: options.origin
-	})).then((result) => {
+	}).then((process2) => {
+		if (isNamedTunnel) return { mode: "named" };
+		return waitForQuickTunnelReady(process2, timeoutMs, {
+			logger,
+			origin: options.origin
+		});
+	}).then((result) => {
 		expiresAt = Date.now() + defaultExpiryMs;
 		scheduleExpiryTimeout();
-		scheduleReminder(result.publicUrl.origin);
+		scheduleReminder(result.mode === "quick" ? result.publicUrl.origin : void 0);
 		return result;
 	});
 	function disposeTunnel() {
@@ -33521,7 +33534,7 @@ function startTunnel(options) {
 				if (disposed) return;
 				const remainingMs = expiresAt - Date.now();
 				if (remainingMs <= 0) return;
-				logger?.log(`The tunnel is still open at ${publicURL}. It expires in ${formatTunnelDuration(remainingMs)}. ${options.extendHint ?? ""}`);
+				logger?.log(`${publicURL ? `The tunnel is still open at ${publicURL}.` : "The tunnel is still open."} It expires in ${formatTunnelDuration(remainingMs)}. ${options.extendHint ?? ""}`);
 			}, reminderIntervalMs);
 			reminderInterval.unref?.();
 		}
@@ -33555,6 +33568,7 @@ function startTunnel(options) {
 	__name(extendExpiry, "extendExpiry");
 	return {
 		ready: /* @__PURE__ */ __name(() => readyPromise, "ready"),
+		isOpen: /* @__PURE__ */ __name(() => !disposed, "isOpen"),
 		dispose: disposeTunnel,
 		extendExpiry
 	};
@@ -33600,7 +33614,10 @@ function waitForQuickTunnelReady(cloudflared, timeoutMs, options) {
 			if (match && !resolved) {
 				resolved = true;
 				clearTimeout(timeoutId);
-				resolve$4({ publicUrl: new URL(match[0]) });
+				resolve$4({
+					mode: "quick",
+					publicUrl: new URL(match[0])
+				});
 			}
 		});
 		cloudflared.on("error", (error) => {
@@ -33808,53 +33825,84 @@ var require_picocolors = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnp
 //#endregion
 //#region src/plugins/tunnel.ts
 var import_picocolors$5 = /* @__PURE__ */ __toESM$1(require_picocolors(), 1);
-const COMMON_PUBLIC_EXPOSURE_CONCERNS = [
-	"Call ungated endpoints",
-	"Trigger logic that uses remote bindings",
-	"Reach internal services if your Worker proxies requests"
-];
-const COMMON_PUBLIC_EXPOSURE_GUIDANCE = "Consider using a named tunnel with Cloudflare Access to restrict access.";
-function createPublicExposureWarning(concerns, guidance) {
-	return [
-		"",
-		`     ${import_picocolors$5.default.dim("This URL is ")}publicly accessible${import_picocolors$5.default.dim(". Anyone with it can:")}`,
-		...concerns.map((concern) => import_picocolors$5.default.dim(`     • ${concern}`)),
+function createPublicExposureWarning(mode, name, shortcutPressed) {
+	const intro = name === void 0 ? import_picocolors$5.default.dim("Once connected, this tunnel will be ") + "publicly accessible" + import_picocolors$5.default.dim(". Anyone who can reach it can:") : import_picocolors$5.default.dim("Once connected, this tunnel may be reachable from the Internet. Anyone who can reach it can:");
+	const concerns = [
+		"Call ungated endpoints",
+		"Trigger logic that uses remote bindings",
+		"Reach internal services if your Worker proxies requests"
+	];
+	const hints = [name === void 0 ? "Consider using a named tunnel with Cloudflare Access to restrict access." : "Consider using Cloudflare Access to restrict access."];
+	if (mode === "dev") {
+		concerns.push("Request module source and other dev-server assets", "Access HMR messages, including absolute file system paths", "Observe file-change cadence and parts of the live module graph");
+		hints.unshift("If you only need to share a running build, use vite preview to avoid HMR and other dev-server exposure.");
+	}
+	const lines = [
+		intro,
+		...concerns.map((concern) => import_picocolors$5.default.dim(`• ${concern}`)),
 		"",
-		import_picocolors$5.default.dim(`     ${guidance}`),
+		...hints.map((guidance) => import_picocolors$5.default.dim(guidance)),
 		""
-	].join("\n");
+	];
+	if (shortcutPressed) lines.push("Press t + enter again to close the tunnel.", "");
+	const spacing = "     ";
+	return lines.map((line) => spacing + line).join("\n");
 }
-const DEV_PUBLIC_EXPOSURE_WARNING = createPublicExposureWarning([
-	...COMMON_PUBLIC_EXPOSURE_CONCERNS,
-	"Request module source and other dev-server assets",
-	"Access HMR messages, including absolute file system paths",
-	"Observe file-change cadence and parts of the live module graph"
-], `If you only need to share a running build, use vite preview to avoid HMR and other dev-server exposure. ${COMMON_PUBLIC_EXPOSURE_GUIDANCE}`);
-const PREVIEW_PUBLIC_EXPOSURE_WARNING = createPublicExposureWarning(COMMON_PUBLIC_EXPOSURE_CONCERNS, COMMON_PUBLIC_EXPOSURE_GUIDANCE);
 const QUICK_TUNNEL_SSE_WARNING = "Quick tunnels do not support Server-Sent Events (SSE). Use a named Cloudflare Tunnel if you need SSE over a public URL.";
 const QUICK_TUNNEL_ALLOWED_HOST = ".trycloudflare.com";
 var TunnelManager = class {
 	#logger;
 	#origin;
-	#publicUrl;
+	#publicUrls;
+	#requestedTunnel;
 	#tunnel;
+	#abortController;
 	#hasWarnedAboutSse = false;
 	constructor(logger) {
 		this.#logger = logger;
 	}
-	isStarted(origin) {
-		return this.#origin === origin && this.#tunnel !== void 0;
+	isStarted(origin, name) {
+		return this.#origin === origin && this.#requestedTunnel === name;
 	}
-	async startTunnel(origin) {
+	isOpen() {
+		if (!this.#tunnel) return this.#origin !== void 0;
+		const isOpen = this.#tunnel.isOpen();
+		if (!isOpen) {
+			this.#tunnel = void 0;
+			this.dispose();
+		}
+		return isOpen;
+	}
+	async startTunnel(options) {
 		try {
-			if (this.#origin === origin && this.#tunnel) return await this.#waitForPublicUrl(this.#tunnel);
-			this.#logger.info(import_picocolors$5.default.dim("\n  ➜  Starting tunnel (usually takes a few seconds)...\n"));
 			if (this.#tunnel) this.dispose();
-			this.#origin = origin;
-			this.#publicUrl = void 0;
+			const abortController = new AbortController();
+			this.#abortController = abortController;
+			this.#origin = options.origin;
+			this.#requestedTunnel = options.name;
+			this.#logger.info(import_picocolors$5.default.dim("\n  ➜  Starting tunnel (usually takes a few seconds)...\n"));
+			this.#logger.warn(createPublicExposureWarning(options.mode, options.name, options.shortcutPressed ?? false));
+			const namedTunnel = options.name !== void 0 ? await wrangler.unstable_resolveNamedTunnel(options.name, new URL(options.origin), {
+				accountId: options.accountId,
+				complianceRegion: options.complianceRegion
+			}) : void 0;
+			if (abortController.signal.aborted) return null;
+			if (namedTunnel) this.#publicUrls = namedTunnel.hostnames.map((hostname) => `https://${hostname}`);
+			if (options.mode === "preview") {
+				if (namedTunnel) {
+					const allowedUrls = getAllowedTunnelUrls(this.#publicUrls ?? [], options.allowedHosts);
+					if (allowedUrls.length === 0) {
+						const suggestedAllowedHosts = getSuggestedAllowedHosts(namedTunnel.hostnames);
+						throw new Error("The resolved tunnel hostnames are not allowed by Vite preview host validation.\n\nAdd at least one of these hosts to `preview.allowedHosts` in your Vite config.\nYou can use exact hostnames or a domain suffix:\n" + suggestedAllowedHosts.map((hostname) => `  - ${hostname}`).join("\n") + "\n");
+					}
+					this.#publicUrls = allowedUrls;
+				} else if (!isQuickTunnelAllowed(options.allowedHosts)) throw new Error(`Quick tunnel hostnames are not allowed by Vite preview host validation.
+Add \`${QUICK_TUNNEL_ALLOWED_HOST}\` to \`preview.allowedHosts\` in your Vite config.\n`);
+			}
 			const tunnel = startTunnel({
-				origin: new URL(origin),
-				extendHint: "Press t + enter to extend by 1 hour.",
+				origin: new URL(options.origin),
+				token: namedTunnel?.token,
+				extendHint: "Press a + enter to extend by 1 hour.",
 				logger: {
 					log: (message) => this.#logger.info(message),
 					warn: (message) => this.#logger.warn(message),
@@ -33862,47 +33910,54 @@ var TunnelManager = class {
 				}
 			});
 			this.#tunnel = tunnel;
-			return await this.#waitForPublicUrl(tunnel);
+			return await this.#waitForPublicUrls(tunnel);
 		} catch (error) {
-			throw new Error(`Failed to start tunnel: ${error instanceof Error ? error.message : String(error)}`, { cause: error });
+			this.#origin = void 0;
+			this.#publicUrls = void 0;
+			this.#requestedTunnel = void 0;
+			throw error;
 		}
 	}
-	async #waitForPublicUrl(tunnel) {
+	async #waitForPublicUrls(tunnel) {
 		try {
-			const { publicUrl } = await tunnel.ready();
+			const result = await tunnel.ready();
 			if (this.#tunnel !== tunnel) {
-				debuglog("Tunnel was restarted before it finished starting. Ignoring this tunnel's public URL:", publicUrl);
+				debuglog("Tunnel was restarted before it finished starting. Ignoring this tunnel's public URL:", result.mode === "quick" ? result.publicUrl : this.#publicUrls);
 				return null;
 			}
+			if (result.mode === "named") return this.#publicUrls ?? null;
+			const { publicUrl } = result;
 			debuglog("Tunnel is ready with public URL:", publicUrl);
-			this.#publicUrl = publicUrl.toString();
-			return publicUrl.toString();
+			this.#publicUrls = [publicUrl.toString()];
+			return this.#publicUrls;
 		} catch (error) {
 			if (this.#tunnel !== tunnel) return null;
-			this.#publicUrl = void 0;
 			this.#tunnel = void 0;
 			throw error;
 		}
 	}
-	get publicUrl() {
-		return this.#publicUrl;
+	get publicUrls() {
+		return this.#publicUrls;
 	}
 	extendExpiry() {
 		this.#tunnel?.extendExpiry();
 	}
 	warnIfQuickTunnelSseResponse(contentType) {
-		if (this.#hasWarnedAboutSse || !this.#tunnel || contentType === null || !contentType.toLowerCase().startsWith("text/event-stream")) return;
+		if (this.#hasWarnedAboutSse || this.#requestedTunnel !== void 0 || !this.#tunnel || contentType === null || !contentType.toLowerCase().startsWith("text/event-stream")) return;
 		this.#hasWarnedAboutSse = true;
 		this.#logger.warn(QUICK_TUNNEL_SSE_WARNING);
 	}
 	dispose() {
 		const tunnel = this.#tunnel;
+		this.#abortController?.abort();
 		this.#origin = void 0;
-		this.#publicUrl = void 0;
+		this.#publicUrls = void 0;
+		this.#requestedTunnel = void 0;
 		this.#tunnel = void 0;
 		this.#hasWarnedAboutSse = false;
 		debuglog("Disposing tunnel...");
 		if (tunnel) tunnel.dispose();
+		this.#logger.info("  ➜  Tunnel closed");
 	}
 	disposeOnExit() {
 		try {
@@ -33922,6 +33977,16 @@ function warnIfQuickTunnelSseResponse(contentType) {
 function extendTunnelExpiry() {
 	tunnelManager?.extendExpiry();
 }
+async function toggleTunnel(server, ctx) {
+	if (!tunnelManager) return;
+	if (tunnelManager.isOpen()) {
+		ctx.clearTunnelHostnames();
+		tunnelManager.dispose();
+		return;
+	}
+	if ("restart" in server) await setupDevTunnel(server, ctx, tunnelManager, true);
+	else await setupPreviewTunnel(server, ctx, tunnelManager, true);
+}
 /**
 * Resolve the dev tunnel origin from the running server.
 *
@@ -33952,8 +34017,8 @@ async function resolveDevTunnelOrigin(server) {
 async function resolvePreviewTunnelOrigin(server) {
 	const { preview } = server.config;
 	const host = typeof preview.host === "string" ? preview.host : void 0;
-	let resolvedPort;
-	if (preview.port === 0) resolvedPort = await getPorts({
+	let resolvedPort = preview.port;
+	if (!server.httpServer.listening) if (preview.port === 0) resolvedPort = await getPorts({
 		port: 0,
 		host
 	});
@@ -33978,18 +34043,28 @@ async function resolvePreviewTunnelOrigin(server) {
 		secure: !!preview.https
 	}));
 }
-async function setupDevTunnel(server, ctx, manager) {
+async function setupDevTunnel(server, ctx, manager, shortcutPressed) {
 	const origin = await resolveDevTunnelOrigin(server);
-	if (manager.isStarted(origin)) {
+	const tunnel = ctx.resolvedPluginConfig.tunnel;
+	if (manager.isStarted(origin, tunnel.name)) {
 		debuglog("Tunnel is already started on", origin);
 		return;
 	}
-	const publicUrl = await manager.startTunnel(origin);
-	if (!publicUrl) return;
+	const publicUrls = await manager.startTunnel({
+		mode: "dev",
+		origin,
+		shortcutPressed,
+		name: tunnel.name,
+		accountId: ctx.entryWorkerConfig?.account_id,
+		complianceRegion: ctx.entryWorkerConfig?.compliance_region,
+		allowedHosts: true
+	});
+	if (!publicUrls) return;
 	const allowedHosts = server.config.server.allowedHosts;
-	const tunnelHostnames = [new URL(publicUrl).hostname];
+	const tunnelHostnames = publicUrls.map((url) => new URL(url).hostname);
 	ctx.replaceTunnelHostnames(tunnelHostnames);
 	if (allowedHosts !== true && tunnelHostnames.some((hostname) => !allowedHosts.includes(hostname))) await server.restart();
+	if (shortcutPressed) server.printUrls();
 }
 /**
 * Start a preview tunnel on the resolved preview origin.
@@ -33997,7 +34072,7 @@ async function setupDevTunnel(server, ctx, manager) {
 * We write the resolved port back to preview config so the server binds the
 * same port that the tunnel is sharing.
 */
-async function setupPreviewTunnel(server, manager) {
+async function setupPreviewTunnel(server, ctx, manager, shortcutPressed) {
 	const { preview } = server.config;
 	const originalPort = preview.port;
 	const resolvedOrigin = await resolvePreviewTunnelOrigin(server);
@@ -34005,17 +34080,58 @@ async function setupPreviewTunnel(server, manager) {
 	preview.port = resolvedPort;
 	preview.strictPort = true;
 	if (originalPort !== 0 && resolvedPort !== originalPort) server.config.logger.info(import_picocolors$5.default.dim(`Port ${originalPort} is in use, using ${resolvedPort} instead for preview tunnel sharing.\n`));
-	await manager.startTunnel(resolvedOrigin.toString());
-}
-function patchPrintUrls(server, warning) {
+	const tunnel = ctx.resolvedPluginConfig.tunnel;
+	const origin = resolvedOrigin.toString();
+	if (manager.isStarted(origin, tunnel.name)) {
+		debuglog("Tunnel is already started on", origin);
+		return;
+	}
+	if (!await manager.startTunnel({
+		mode: "preview",
+		origin,
+		shortcutPressed,
+		name: tunnel.name,
+		allowedHosts: preview?.allowedHosts,
+		accountId: ctx.allWorkerConfigs[0]?.account_id,
+		complianceRegion: ctx.allWorkerConfigs[0]?.compliance_region
+	})) return;
+	if (shortcutPressed) server.printUrls();
+}
+function patchPrintUrls(server) {
 	const serverPrintUrls = server.printUrls.bind(server);
 	server.printUrls = () => {
 		serverPrintUrls();
-		const publicUrl = tunnelManager?.publicUrl;
-		if (!publicUrl) return;
-		server.config.logger.info(`${import_picocolors$5.default.green("  ➜")}  ${import_picocolors$5.default.bold("Tunnel:")}  ${import_picocolors$5.default.cyan(publicUrl)}`);
-		server.config.logger.warnOnce(warning);
-	};
+		const publicUrls = tunnelManager?.publicUrls;
+		if (!publicUrls || publicUrls.length === 0) return;
+		for (let i$1 = 0; i$1 < publicUrls.length; i$1++) if (i$1 === 0) server.config.logger.info(`${import_picocolors$5.default.green("  ➜")}  ${import_picocolors$5.default.bold("Tunnel:")}  ${import_picocolors$5.default.cyan(publicUrls[i$1])}`);
+		else server.config.logger.info(`              ${import_picocolors$5.default.cyan(publicUrls[i$1])}`);
+		server.config.logger.info("");
+	};
+}
+function isQuickTunnelAllowed(allowedHosts) {
+	if (allowedHosts === void 0) return false;
+	if (allowedHosts === true) return true;
+	return allowedHosts.some((allowedHost) => allowedHost.toLowerCase() === QUICK_TUNNEL_ALLOWED_HOST);
+}
+function getAllowedTunnelUrls(publicUrls, allowedHosts) {
+	if (allowedHosts === void 0) return [];
+	if (allowedHosts === true) return publicUrls;
+	return publicUrls.filter((publicUrl) => {
+		const hostname = new URL(publicUrl).hostname.toLowerCase();
+		return allowedHosts.some((allowedHost) => {
+			const normalizedAllowedHost = allowedHost.toLowerCase();
+			if (normalizedAllowedHost.startsWith(".")) return hostname === normalizedAllowedHost.slice(1) || hostname.endsWith(normalizedAllowedHost);
+			return hostname === normalizedAllowedHost;
+		});
+	});
+}
+function getSuggestedAllowedHosts(hostnames) {
+	const suggestions = new Set(hostnames);
+	for (const hostname of hostnames) {
+		const segments = hostname.split(".");
+		if (segments.length > 2) suggestions.add(`.${segments.slice(1).join(".")}`);
+	}
+	return Array.from(suggestions);
 }
 const tunnelPlugin = createPlugin("tunnel", (ctx) => {
 	function stopTunnel() {
@@ -34028,12 +34144,9 @@ const tunnelPlugin = createPlugin("tunnel", (ctx) => {
 		},
 		configureServer(server) {
 			assertIsNotPreview(ctx);
-			if (!ctx.resolvedPluginConfig.tunnel) {
-				stopTunnel();
-				return;
-			}
 			tunnelManager ??= new TunnelManager(server.config.logger);
-			patchPrintUrls(server, DEV_PUBLIC_EXPOSURE_WARNING);
+			patchPrintUrls(server);
+			if (!ctx.resolvedPluginConfig.tunnel.autoStart) return;
 			const serverListen = server.listen.bind(server);
 			server.listen = async (...args) => {
 				const result = await serverListen(...args);
@@ -34050,13 +34163,9 @@ const tunnelPlugin = createPlugin("tunnel", (ctx) => {
 		},
 		async configurePreviewServer(server) {
 			assertIsPreview(ctx);
-			if (!ctx.resolvedPluginConfig.tunnel) {
-				stopTunnel();
-				return;
-			}
 			tunnelManager ??= new TunnelManager(server.config.logger);
-			patchPrintUrls(server, PREVIEW_PUBLIC_EXPOSURE_WARNING);
-			await setupPreviewTunnel(server, tunnelManager);
+			patchPrintUrls(server);
+			if (ctx.resolvedPluginConfig.tunnel.autoStart) await setupPreviewTunnel(server, ctx, tunnelManager);
 			const closePreviewServer = server.close.bind(server);
 			server.close = async () => {
 				const closePromise = closePreviewServer();
@@ -34094,8 +34203,8 @@ const postfixRE = /[?#].*$/;
 function cleanUrl(url) {
 	return url.replace(postfixRE, "");
 }
-function withTrailingSlash(path$2) {
-	return path$2.endsWith("/") ? path$2 : `${path$2}/`;
+function withTrailingSlash(path$1) {
+	return path$1.endsWith("/") ? path$1 : `${path$1}/`;
 }
 function createRequestHandler(handler) {
 	return async (req, res, next) => {
@@ -39492,15 +39601,15 @@ function hasTrailingSlash(input = "", respectQueryAndFragment) {
 function withTrailingSlash$1(input = "", respectQueryAndFragment) {
 	if (!respectQueryAndFragment) return input.endsWith("/") ? input : input + "/";
 	if (hasTrailingSlash(input, true)) return input || "/";
-	let path$2 = input;
+	let path$1 = input;
 	let fragment = "";
 	const fragmentIndex = input.indexOf("#");
 	if (fragmentIndex >= 0) {
-		path$2 = input.slice(0, fragmentIndex);
+		path$1 = input.slice(0, fragmentIndex);
 		fragment = input.slice(fragmentIndex);
-		if (!path$2) return fragment;
+		if (!path$1) return fragment;
 	}
-	const [s0, ...s] = path$2.split("?");
+	const [s0, ...s] = path$1.split("?");
 	return s0 + "/" + (s.length > 0 ? `?${s.join("?")}` : "") + fragment;
 }
 function isNonEmptyURL(url) {
@@ -39526,8 +39635,8 @@ const isAbsolute$1 = function(p$1) {
 //#endregion
 //#region ../../node_modules/.pnpm/mlly@1.7.4/node_modules/mlly/dist/index.mjs
 const BUILTIN_MODULES = new Set(builtinModules);
-function normalizeSlash(path$2) {
-	return path$2.replace(/\\/g, "/");
+function normalizeSlash(path$1) {
+	return path$1.replace(/\\/g, "/");
 }
 /**
 * @typedef ErrnoExceptionFields
@@ -39647,8 +39756,8 @@ codes.ERR_INVALID_PACKAGE_CONFIG = createError(
 	* @param {string} [base]
 	* @param {string} [message]
 	*/
-	(path$2, base, message) => {
-		return `Invalid package config ${path$2}${base ? ` while importing ${base}` : ""}${message ? `. ${message}` : ""}`;
+	(path$1, base, message) => {
+		return `Invalid package config ${path$1}${base ? ` while importing ${base}` : ""}${message ? `. ${message}` : ""}`;
 	},
 	Error
 );
@@ -39678,8 +39787,8 @@ codes.ERR_MODULE_NOT_FOUND = createError(
 	* @param {string} base
 	* @param {boolean} [exactUrl]
 	*/
-	(path$2, base, exactUrl = false) => {
-		return `Cannot find ${exactUrl ? "module" : "package"} '${path$2}' imported from ${base}`;
+	(path$1, base, exactUrl = false) => {
+		return `Cannot find ${exactUrl ? "module" : "package"} '${path$1}' imported from ${base}`;
 	},
 	Error
 );
@@ -39717,8 +39826,8 @@ codes.ERR_UNKNOWN_FILE_EXTENSION = createError(
 	* @param {string} extension
 	* @param {string} path
 	*/
-	(extension, path$2) => {
-		return `Unknown file extension "${extension}" for ${path$2}`;
+	(extension, path$1) => {
+		return `Unknown file extension "${extension}" for ${path$1}`;
 	},
 	TypeError
 );
@@ -39875,7 +39984,7 @@ function read(jsonPath, { base, specifier }) {
 	/** @type {string | undefined} */
 	let string;
 	try {
-		string = fs.readFileSync(path.toNamespacedPath(jsonPath), "utf8");
+		string = fs.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");
 	} catch (error) {
 		const exception = error;
 		if (exception.code !== "ENOENT") throw exception;
@@ -40081,15 +40190,15 @@ function emitLegacyIndexDeprecation(url, packageJsonUrl, base, main) {
 	const packagePath = fileURLToPath(new URL$1(".", packageJsonUrl));
 	const basePath = fileURLToPath(base);
 	if (!main) process$1.emitWarning(`No "main" or "exports" field defined in the package.json for ${packagePath} resolving the main entry point "${urlPath.slice(packagePath.length)}", imported from ${basePath}.\nDefault "index" lookups for the main are deprecated for ES modules.`, "DeprecationWarning", "DEP0151");
-	else if (path.resolve(packagePath, main) !== urlPath) process$1.emitWarning(`Package ${packagePath} has a "main" field set to "${main}", excluding the full filename and extension to the resolved file at "${urlPath.slice(packagePath.length)}", imported from ${basePath}.\n Automatic extension resolution of the "main" field is deprecated for ES modules.`, "DeprecationWarning", "DEP0151");
+	else if (path3.resolve(packagePath, main) !== urlPath) process$1.emitWarning(`Package ${packagePath} has a "main" field set to "${main}", excluding the full filename and extension to the resolved file at "${urlPath.slice(packagePath.length)}", imported from ${basePath}.\n Automatic extension resolution of the "main" field is deprecated for ES modules.`, "DeprecationWarning", "DEP0151");
 }
 /**
 * @param {string} path
 * @returns {Stats | undefined}
 */
-function tryStatSync(path$2) {
+function tryStatSync(path$1) {
 	try {
-		return statSync(path$2);
+		return statSync(path$1);
 	} catch {}
 }
 /**
@@ -40188,7 +40297,7 @@ function finalizeResolution(resolved, base, preserveSymlinks) {
 	{
 		const real = realpathSync(filePath);
 		const { search, hash } = resolved;
-		resolved = pathToFileURL(real + (filePath.endsWith(path.sep) ? "/" : ""));
+		resolved = pathToFileURL(real + (filePath.endsWith(path3.sep) ? "/" : ""));
 		resolved.search = search;
 		resolved.hash = hash;
 	}
@@ -41274,7 +41383,10 @@ function resolvePluginConfig(pluginConfig, userConfig, viteEnv) {
 	const shared = {
 		persistState: pluginConfig.persistState ?? true,
 		inspectorPort: pluginConfig.inspectorPort,
-		tunnel: pluginConfig.tunnel ?? false,
+		tunnel: typeof pluginConfig.tunnel === "boolean" ? { autoStart: pluginConfig.tunnel } : {
+			autoStart: pluginConfig.tunnel?.autoStart ?? false,
+			name: pluginConfig.tunnel?.name
+		},
 		experimental: { headersAndRedirectsDevModeSupport: pluginConfig.experimental?.headersAndRedirectsDevModeSupport }
 	};
 	const root = userConfig.root ? nodePath.resolve(userConfig.root) : process.cwd();
@@ -42565,9 +42677,9 @@ function constructHeaders({ headers, headersFile, logger }) {
 
 //#endregion
 //#region ../workers-shared/utils/configuration/validateURL.ts
-const extractPathname = (path$2 = "/", includeSearch, includeHash) => {
-	if (!path$2.startsWith("/")) path$2 = `/${path$2}`;
-	const url = new URL(`//${path$2}`, "relative://");
+const extractPathname = (path$1 = "/", includeSearch, includeHash) => {
+	if (!path$1.startsWith("/")) path$1 = `/${path$1}`;
+	const url = new URL(`//${path$1}`, "relative://");
 	return `${url.pathname}${includeSearch ? url.search : ""}${includeHash ? url.hash : ""}`;
 };
 const URL_REGEX = /^https:\/\/+(?<host>[^/]+)\/?(?<path>.*)/;
@@ -42626,7 +42738,7 @@ function parseHeaders(input, { maxRules = MAX_HEADER_RULES, maxLineLength = MAX_
 				lineNumber: i$1 + 1,
 				message: "No headers specified"
 			});
-			const [path$2, pathError] = validateUrl(line, false, true);
+			const [path$1, pathError] = validateUrl(line, false, true);
 			if (pathError) {
 				invalid.push({
 					line,
@@ -42637,7 +42749,7 @@ function parseHeaders(input, { maxRules = MAX_HEADER_RULES, maxLineLength = MAX_
 				skipUntilNextPath = true;
 				continue;
 			}
-			const wildcardError = validateNoMultipleWildcards(path$2);
+			const wildcardError = validateNoMultipleWildcards(path$1);
 			if (wildcardError) {
 				invalid.push({
 					line,
@@ -42649,7 +42761,7 @@ function parseHeaders(input, { maxRules = MAX_HEADER_RULES, maxLineLength = MAX_
 				continue;
 			}
 			rule = {
-				path: path$2,
+				path: path$1,
 				line,
 				headers: {},
 				unsetHeaders: []
@@ -42732,11 +42844,11 @@ function isValidRule(rule) {
 * `:splat` placeholder, would result in duplicate `:splat` parameters which is
 * unsupported.
 */
-function validateNoMultipleWildcards(path$2) {
-	const wildcardCount = (path$2.match(SPLAT_REGEX) ?? []).length;
-	const hasSplatPlaceholder = /:splat(?!\w)/.test(path$2);
-	if (wildcardCount > 1) return `Only one wildcard is allowed per rule. Use a named placeholder (e.g. :project) instead. Skipping ${path$2}.`;
-	if (wildcardCount > 0 && hasSplatPlaceholder) return `Cannot combine a wildcard * with a :splat placeholder because wildcards are converted to :splat at runtime. Skipping ${path$2}.`;
+function validateNoMultipleWildcards(path$1) {
+	const wildcardCount = (path$1.match(SPLAT_REGEX) ?? []).length;
+	const hasSplatPlaceholder = /:splat(?!\w)/.test(path$1);
+	if (wildcardCount > 1) return `Only one wildcard is allowed per rule. Use a named placeholder (e.g. :project) instead. Skipping ${path$1}.`;
+	if (wildcardCount > 0 && hasSplatPlaceholder) return `Cannot combine a wildcard * with a :splat placeholder because wildcards are converted to :splat at runtime. Skipping ${path$1}.`;
 }
 
 //#endregion
@@ -42953,13 +43065,13 @@ var require_ignore = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/ig
 	const throwError = (message, Ctor) => {
 		throw new Ctor(message);
 	};
-	const checkPath = (path$2, originalPath, doThrow) => {
-		if (!isString$1(path$2)) return doThrow(`path must be a string, but got \`${originalPath}\``, TypeError);
-		if (!path$2) return doThrow(`path must not be empty`, TypeError);
-		if (checkPath.isNotRelative(path$2)) return doThrow(`path should be a \`path.relative()\`d string, but got "${originalPath}"`, RangeError);
+	const checkPath = (path$1, originalPath, doThrow) => {
+		if (!isString$1(path$1)) return doThrow(`path must be a string, but got \`${originalPath}\``, TypeError);
+		if (!path$1) return doThrow(`path must not be empty`, TypeError);
+		if (checkPath.isNotRelative(path$1)) return doThrow(`path should be a \`path.relative()\`d string, but got "${originalPath}"`, RangeError);
 		return true;
 	};
-	const isNotRelative = (path$2) => REGEX_TEST_INVALID_PATH.test(path$2);
+	const isNotRelative = (path$1) => REGEX_TEST_INVALID_PATH.test(path$1);
 	checkPath.isNotRelative = isNotRelative;
 	checkPath.convert = (p$1) => p$1;
 	var Ignore = class {
@@ -42995,13 +43107,13 @@ var require_ignore = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/ig
 		addPattern(pattern) {
 			return this.add(pattern);
 		}
-		_testOne(path$2, checkUnignored) {
+		_testOne(path$1, checkUnignored) {
 			let ignored = false;
 			let unignored = false;
 			this._rules.forEach((rule) => {
 				const { negative } = rule;
 				if (unignored === negative && ignored !== unignored || negative && !ignored && !unignored && !checkUnignored) return;
-				if (rule.regex.test(path$2)) {
+				if (rule.regex.test(path$1)) {
 					ignored = !negative;
 					unignored = negative;
 				}
@@ -43012,33 +43124,33 @@ var require_ignore = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/ig
 			};
 		}
 		_test(originalPath, cache$2, checkUnignored, slices) {
-			const path$2 = originalPath && checkPath.convert(originalPath);
-			checkPath(path$2, originalPath, this._allowRelativePaths ? RETURN_FALSE : throwError);
-			return this._t(path$2, cache$2, checkUnignored, slices);
+			const path$1 = originalPath && checkPath.convert(originalPath);
+			checkPath(path$1, originalPath, this._allowRelativePaths ? RETURN_FALSE : throwError);
+			return this._t(path$1, cache$2, checkUnignored, slices);
 		}
-		_t(path$2, cache$2, checkUnignored, slices) {
-			if (path$2 in cache$2) return cache$2[path$2];
-			if (!slices) slices = path$2.split(SLASH);
+		_t(path$1, cache$2, checkUnignored, slices) {
+			if (path$1 in cache$2) return cache$2[path$1];
+			if (!slices) slices = path$1.split(SLASH);
 			slices.pop();
-			if (!slices.length) return cache$2[path$2] = this._testOne(path$2, checkUnignored);
+			if (!slices.length) return cache$2[path$1] = this._testOne(path$1, checkUnignored);
 			const parent = this._t(slices.join(SLASH) + SLASH, cache$2, checkUnignored, slices);
-			return cache$2[path$2] = parent.ignored ? parent : this._testOne(path$2, checkUnignored);
+			return cache$2[path$1] = parent.ignored ? parent : this._testOne(path$1, checkUnignored);
 		}
-		ignores(path$2) {
-			return this._test(path$2, this._ignoreCache, false).ignored;
+		ignores(path$1) {
+			return this._test(path$1, this._ignoreCache, false).ignored;
 		}
 		createFilter() {
-			return (path$2) => !this.ignores(path$2);
+			return (path$1) => !this.ignores(path$1);
 		}
 		filter(paths) {
 			return makeArray(paths).filter(this.createFilter());
 		}
-		test(path$2) {
-			return this._test(path$2, this._testCache, true);
+		test(path$1) {
+			return this._test(path$1, this._testCache, true);
 		}
 	};
 	const factory = (options) => new Ignore(options);
-	const isPathValid = (path$2) => checkPath(path$2 && checkPath.convert(path$2), path$2, RETURN_FALSE);
+	const isPathValid = (path$1) => checkPath(path$1 && checkPath.convert(path$1), path$1, RETURN_FALSE);
 	factory.isPathValid = isPathValid;
 	factory.default = factory;
 	module.exports = factory;
@@ -43047,7 +43159,7 @@ var require_ignore = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/ig
 		const makePosix = (str) => /^\\\\\?\\/.test(str) || /["<>|\u0000-\u001F]+/u.test(str) ? str : str.replace(/\\/g, "/");
 		checkPath.convert = makePosix;
 		const REGIX_IS_WINDOWS_PATH_ABSOLUTE = /^[a-z]:\//i;
-		checkPath.isNotRelative = (path$2) => REGIX_IS_WINDOWS_PATH_ABSOLUTE.test(path$2) || isNotRelative(path$2);
+		checkPath.isNotRelative = (path$1) => REGIX_IS_WINDOWS_PATH_ABSOLUTE.test(path$1) || isNotRelative(path$1);
 	}
 }) });
 
@@ -44402,11 +44514,11 @@ var Mime = class {
 		}
 		return this;
 	}
-	getType(path$2) {
-		if (typeof path$2 !== "string") return null;
-		const last = path$2.replace(/^.*[/\\]/s, "").toLowerCase();
+	getType(path$1) {
+		if (typeof path$1 !== "string") return null;
+		const last = path$1.replace(/^.*[/\\]/s, "").toLowerCase();
 		const ext = last.replace(/^.*\./s, "").toLowerCase();
-		const hasPath = last.length < path$2.length;
+		const hasPath = last.length < path$1.length;
 		if (!(ext.length < last.length - 1) && hasPath) return null;
 		return __classPrivateFieldGet(this, _Mime_extensionToType, "f").get(ext) ?? null;
 	}
@@ -44740,8 +44852,8 @@ function getErrorMap() {
 //#endregion
 //#region ../../node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/helpers/parseUtil.js
 const makeIssue = (params) => {
-	const { data: data$1, path: path$2, errorMaps, issueData } = params;
-	const fullPath = [...path$2, ...issueData.path || []];
+	const { data: data$1, path: path$1, errorMaps, issueData } = params;
+	const fullPath = [...path$1, ...issueData.path || []];
 	const fullIssue = {
 		...issueData,
 		path: fullPath
@@ -44853,11 +44965,11 @@ var errorUtil;
 //#endregion
 //#region ../../node_modules/.pnpm/zod@3.25.76/node_modules/zod/v3/types.js
 var ParseInputLazyPath = class {
-	constructor(parent, value, path$2, key) {
+	constructor(parent, value, path$1, key) {
 		this._cachedPath = [];
 		this.parent = parent;
 		this.data = value;
-		this._path = path$2;
+		this._path = path$1;
 		this._key = key;
 	}
 	get path() {
@@ -48520,10 +48632,7 @@ function validateWorkerEnvironmentOptions(resolvedPluginConfig, resolvedViteConf
 const configPlugin = createPlugin("config", (ctx) => {
 	return {
 		config(userConfig, env$1) {
-			if (ctx.resolvedPluginConfig.type === "preview") return {
-				appType: "custom",
-				preview: { allowedHosts: getAllowedHosts(ctx.resolvedPluginConfig.tunnel ? [QUICK_TUNNEL_ALLOWED_HOST] : [], userConfig.preview?.allowedHosts ?? userConfig.server?.allowedHosts) }
-			};
+			if (ctx.resolvedPluginConfig.type === "preview") return { appType: "custom" };
 			if (!ctx.hasShownWorkerConfigWarnings) {
 				ctx.setHasShownWorkerConfigWarnings(true);
 				const workerConfigWarnings = getWarningForWorkersConfigs(ctx.resolvedPluginConfig.rawConfigs);
@@ -48892,11 +49001,11 @@ const getQueryString = (params) => {
 };
 const getUrl = (config, options) => {
 	const encoder$1 = config.ENCODE_PATH || encodeURI;
-	const path$2 = options.url.replace("{api-version}", config.VERSION).replace(/{(.*?)}/g, (substring, group) => {
+	const path$1 = options.url.replace("{api-version}", config.VERSION).replace(/{(.*?)}/g, (substring, group) => {
 		if (options.path?.hasOwnProperty(group)) return encoder$1(String(options.path[group]));
 		return substring;
 	});
-	const url = `${config.BASE}${path$2}`;
+	const url = `${config.BASE}${path$1}`;
 	if (options.query) return `${url}${getQueryString(options.query)}`;
 	return url;
 };
@@ -49911,7 +50020,7 @@ function getContainerOptions(options) {
 	return containersConfig.map((container) => {
 		if (isDockerfile(container.image, configPath)) return {
 			dockerfile: container.image,
-			image_build_context: container.image_build_context ?? path.dirname(container.image),
+			image_build_context: container.image_build_context ?? path3.dirname(container.image),
 			image_vars: container.image_vars,
 			class_name: container.class_name,
 			image_tag: getDevContainerImageName(container.class_name, containerBuildId)
@@ -49927,26 +50036,26 @@ function getContainerOptions(options) {
 //#endregion
 //#region ../../node_modules/.pnpm/fdir@6.5.0_picomatch@4.0.3/node_modules/fdir/dist/index.mjs
 var __require = /* @__PURE__ */ createRequire$1(import.meta.url);
-function cleanPath(path$2) {
-	let normalized = normalize(path$2);
+function cleanPath(path$1) {
+	let normalized = normalize(path$1);
 	if (normalized.length > 1 && normalized[normalized.length - 1] === sep) normalized = normalized.substring(0, normalized.length - 1);
 	return normalized;
 }
 const SLASHES_REGEX = /[\\/]/g;
-function convertSlashes(path$2, separator) {
-	return path$2.replace(SLASHES_REGEX, separator);
+function convertSlashes(path$1, separator) {
+	return path$1.replace(SLASHES_REGEX, separator);
 }
 const WINDOWS_ROOT_DIR_REGEX = /^[a-z]:[\\/]$/i;
-function isRootDirectory(path$2) {
-	return path$2 === "/" || WINDOWS_ROOT_DIR_REGEX.test(path$2);
+function isRootDirectory(path$1) {
+	return path$1 === "/" || WINDOWS_ROOT_DIR_REGEX.test(path$1);
 }
-function normalizePath$1(path$2, options) {
+function normalizePath$1(path$1, options) {
 	const { resolvePaths, normalizePath: normalizePath$1$1, pathSeparator } = options;
-	const pathNeedsCleaning = process.platform === "win32" && path$2.includes("/") || path$2.startsWith(".");
-	if (resolvePaths) path$2 = resolve$1(path$2);
-	if (normalizePath$1$1 || pathNeedsCleaning) path$2 = cleanPath(path$2);
-	if (path$2 === ".") return "";
-	return convertSlashes(path$2[path$2.length - 1] !== pathSeparator ? path$2 + pathSeparator : path$2, pathSeparator);
+	const pathNeedsCleaning = process.platform === "win32" && path$1.includes("/") || path$1.startsWith(".");
+	if (resolvePaths) path$1 = resolve$1(path$1);
+	if (normalizePath$1$1 || pathNeedsCleaning) path$1 = cleanPath(path$1);
+	if (path$1 === ".") return "";
+	return convertSlashes(path$1[path$1.length - 1] !== pathSeparator ? path$1 + pathSeparator : path$1, pathSeparator);
 }
 function joinPathWithBasePath(filename, directoryPath) {
 	return directoryPath + filename;
@@ -49982,8 +50091,8 @@ const pushDirectory = (directoryPath, paths) => {
 	paths.push(directoryPath || ".");
 };
 const pushDirectoryFilter = (directoryPath, paths, filters) => {
-	const path$2 = directoryPath || ".";
-	if (filters.every((filter) => filter(path$2, true))) paths.push(path$2);
+	const path$1 = directoryPath || ".";
+	if (filters.every((filter) => filter(path$1, true))) paths.push(path$1);
 };
 const empty$2 = () => {};
 function build$6(root, options) {
@@ -50032,26 +50141,26 @@ const empty = () => {};
 function build$3(options) {
 	return options.group ? groupFiles : empty;
 }
-const resolveSymlinksAsync = function(path$2, state, callback$1) {
+const resolveSymlinksAsync = function(path$1, state, callback$1) {
 	const { queue, fs: fs$3, options: { suppressErrors } } = state;
 	queue.enqueue();
-	fs$3.realpath(path$2, (error, resolvedPath) => {
+	fs$3.realpath(path$1, (error, resolvedPath) => {
 		if (error) return queue.dequeue(suppressErrors ? null : error, state);
 		fs$3.stat(resolvedPath, (error$1, stat) => {
 			if (error$1) return queue.dequeue(suppressErrors ? null : error$1, state);
-			if (stat.isDirectory() && isRecursive(path$2, resolvedPath, state)) return queue.dequeue(null, state);
+			if (stat.isDirectory() && isRecursive(path$1, resolvedPath, state)) return queue.dequeue(null, state);
 			callback$1(stat, resolvedPath);
 			queue.dequeue(null, state);
 		});
 	});
 };
-const resolveSymlinks = function(path$2, state, callback$1) {
+const resolveSymlinks = function(path$1, state, callback$1) {
 	const { queue, fs: fs$3, options: { suppressErrors } } = state;
 	queue.enqueue();
 	try {
-		const resolvedPath = fs$3.realpathSync(path$2);
+		const resolvedPath = fs$3.realpathSync(path$1);
 		const stat = fs$3.statSync(resolvedPath);
-		if (stat.isDirectory() && isRecursive(path$2, resolvedPath, state)) return;
+		if (stat.isDirectory() && isRecursive(path$1, resolvedPath, state)) return;
 		callback$1(stat, resolvedPath);
 	} catch (e) {
 		if (!suppressErrors) throw e;
@@ -50061,16 +50170,16 @@ function build$2(options, isSynchronous) {
 	if (!options.resolveSymlinks || options.excludeSymlinks) return null;
 	return isSynchronous ? resolveSymlinks : resolveSymlinksAsync;
 }
-function isRecursive(path$2, resolved, state) {
+function isRecursive(path$1, resolved, state) {
 	if (state.options.useRealPaths) return isRecursiveUsingRealPaths(resolved, state);
-	let parent = dirname$1(path$2);
+	let parent = dirname$1(path$1);
 	let depth$1 = 1;
 	while (parent !== state.root && depth$1 < 2) {
 		const resolvedPath = state.symlinks.get(parent);
 		if (!!resolvedPath && (resolvedPath === resolved || resolvedPath.startsWith(resolved) || resolved.startsWith(resolvedPath))) depth$1++;
 		else parent = dirname$1(parent);
 	}
-	state.symlinks.set(path$2, resolved);
+	state.symlinks.set(path$1, resolved);
 	return depth$1 > 1;
 }
 function isRecursiveUsingRealPaths(resolved, state) {
@@ -50251,19 +50360,19 @@ var Walker = class {
 				const filename = this.joinPath(entry.name, directoryPath);
 				this.pushFile(filename, files, this.state.counts, filters);
 			} else if (entry.isDirectory()) {
-				let path$2 = joinDirectoryPath(entry.name, directoryPath, this.state.options.pathSeparator);
-				if (exclude && exclude(entry.name, path$2)) continue;
-				this.pushDirectory(path$2, paths, filters);
-				this.walkDirectory(this.state, path$2, path$2, depth$1 - 1, this.walk);
+				let path$1 = joinDirectoryPath(entry.name, directoryPath, this.state.options.pathSeparator);
+				if (exclude && exclude(entry.name, path$1)) continue;
+				this.pushDirectory(path$1, paths, filters);
+				this.walkDirectory(this.state, path$1, path$1, depth$1 - 1, this.walk);
 			} else if (this.resolveSymlink && entry.isSymbolicLink()) {
-				let path$2 = joinPathWithBasePath(entry.name, directoryPath);
-				this.resolveSymlink(path$2, this.state, (stat, resolvedPath) => {
+				let path$1 = joinPathWithBasePath(entry.name, directoryPath);
+				this.resolveSymlink(path$1, this.state, (stat, resolvedPath) => {
 					if (stat.isDirectory()) {
 						resolvedPath = normalizePath$1(resolvedPath, this.state.options);
-						if (exclude && exclude(entry.name, useRealPaths ? resolvedPath : path$2 + pathSeparator)) return;
-						this.walkDirectory(this.state, resolvedPath, useRealPaths ? resolvedPath : path$2 + pathSeparator, depth$1 - 1, this.walk);
+						if (exclude && exclude(entry.name, useRealPaths ? resolvedPath : path$1 + pathSeparator)) return;
+						this.walkDirectory(this.state, resolvedPath, useRealPaths ? resolvedPath : path$1 + pathSeparator, depth$1 - 1, this.walk);
 					} else {
-						resolvedPath = useRealPaths ? resolvedPath : path$2;
+						resolvedPath = useRealPaths ? resolvedPath : path$1;
 						const filename = basename(resolvedPath);
 						const directoryPath$1 = normalizePath$1(dirname$1(resolvedPath), this.state.options);
 						resolvedPath = this.joinPath(filename, directoryPath$1);
@@ -50428,7 +50537,7 @@ var Builder = class {
 			isMatch = globFn(patterns, ...options);
 			this.globCache[patterns.join("\0")] = isMatch;
 		}
-		this.options.filters.push((path$2) => isMatch(path$2));
+		this.options.filters.push((path$1) => isMatch(path$1));
 		return this;
 	}
 };
@@ -50639,8 +50748,8 @@ var require_utils = /* @__PURE__ */ __commonJS$1({ "../../node_modules/.pnpm/pic
 		if (state.negated === true) output = `(?:^(?!${output}).*$)`;
 		return output;
 	};
-	exports.basename = (path$2, { windows } = {}) => {
-		const segs = path$2.split(windows ? /[\\/]/ : "/");
+	exports.basename = (path$1, { windows } = {}) => {
+		const segs = path$1.split(windows ? /[\\/]/ : "/");
 		const last = segs[segs.length - 1];
 		if (last === "") return segs[segs.length - 2];
 		return last;
@@ -52175,15 +52284,15 @@ function buildRelative(cwd, root) {
 	};
 }
 const splitPatternOptions = { parts: true };
-function splitPattern(path$1$1) {
+function splitPattern(path$1) {
 	var _result$parts;
-	const result = import_picomatch.default.scan(path$1$1, splitPatternOptions);
-	return ((_result$parts = result.parts) === null || _result$parts === void 0 ? void 0 : _result$parts.length) ? result.parts : [path$1$1];
+	const result = import_picomatch.default.scan(path$1, splitPatternOptions);
+	return ((_result$parts = result.parts) === null || _result$parts === void 0 ? void 0 : _result$parts.length) ? result.parts : [path$1];
 }
 const POSIX_UNESCAPED_GLOB_SYMBOLS = /(?<!\\)([()[\]{}*?|]|^!|[!+@](?=\()|\\(?![()[\]{}!*+?@|]))/g;
 const WIN32_UNESCAPED_GLOB_SYMBOLS = /(?<!\\)([()[\]{}]|^!|[!+@](?=\())/g;
-const escapePosixPath = (path$1$1) => path$1$1.replace(POSIX_UNESCAPED_GLOB_SYMBOLS, "\\$&");
-const escapeWin32Path = (path$1$1) => path$1$1.replace(WIN32_UNESCAPED_GLOB_SYMBOLS, "\\$&");
+const escapePosixPath = (path$1) => path$1.replace(POSIX_UNESCAPED_GLOB_SYMBOLS, "\\$&");
+const escapeWin32Path = (path$1) => path$1.replace(WIN32_UNESCAPED_GLOB_SYMBOLS, "\\$&");
 /**
 * Escapes a path's special characters depending on the platform.
 * @see {@link https://superchupu.dev/tinyglobby/documentation#escapePath}
@@ -52218,7 +52327,7 @@ function normalizePattern(pattern, expandDirectories, cwd, props, isIgnore) {
 	if (pattern.endsWith("/")) result = pattern.slice(0, -1);
 	if (!result.endsWith("*") && expandDirectories) result += "/**";
 	const escapedCwd = escapePath(cwd);
-	if (path$1.isAbsolute(result.replace(ESCAPING_BACKSLASHES, ""))) result = posix.relative(escapedCwd, result);
+	if (path.isAbsolute(result.replace(ESCAPING_BACKSLASHES, ""))) result = posix.relative(escapedCwd, result);
 	else result = posix.normalize(result);
 	const parentDirectoryMatch = PARENT_DIRECTORY.exec(result);
 	const parts = splitPattern(result);
@@ -52277,15 +52386,15 @@ function processPatterns({ patterns = ["**/*"], ignore: ignore$1 = [], expandDir
 }
 function formatPaths(paths, relative$2) {
 	for (let i$1 = paths.length - 1; i$1 >= 0; i$1--) {
-		const path$1$1 = paths[i$1];
-		paths[i$1] = relative$2(path$1$1);
+		const path$1 = paths[i$1];
+		paths[i$1] = relative$2(path$1);
 	}
 	return paths;
 }
 function normalizeCwd(cwd) {
 	if (!cwd) return process.cwd().replace(BACKSLASHES, "/");
 	if (cwd instanceof URL) return fileURLToPath$1(cwd).replace(BACKSLASHES, "/");
-	return path$1.resolve(cwd).replace(BACKSLASHES, "/");
+	return path.resolve(cwd).replace(BACKSLASHES, "/");
 }
 function getCrawler(patterns, inputOptions = {}) {
 	const options = process.env.TINYGLOBBY_DEBUG ? {
@@ -52330,9 +52439,9 @@ function getCrawler(patterns, inputOptions = {}) {
 	const formatExclude = options.absolute ? format$2 : buildFormat(cwd, props.root, true);
 	const fdirOptions = {
 		filters: [options.debug ? (p$1, isDirectory$1) => {
-			const path$1$1 = format$2(p$1, isDirectory$1);
-			const matches = matcher(path$1$1);
-			if (matches) log(`matched ${path$1$1}`);
+			const path$1 = format$2(p$1, isDirectory$1);
+			const matches = matcher(path$1);
+			if (matches) log(`matched ${path$1}`);
 			return matches;
 		} : (p$1, isDirectory$1) => matcher(format$2(p$1, isDirectory$1))],
 		exclude: options.debug ? (_, p$1) => {
@@ -53324,13 +53433,13 @@ const wslDefaultBrowser = async () => {
 	const { stdout } = await executePowerShell(String.raw`(Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice").ProgId`, { powerShellPath: psPath });
 	return stdout.trim();
 };
-const convertWslPathToWindows = async (path$2) => {
-	if (/^[a-z]+:\/\//i.test(path$2)) return path$2;
+const convertWslPathToWindows = async (path$1) => {
+	if (/^[a-z]+:\/\//i.test(path$1)) return path$1;
 	try {
-		const { stdout } = await execFile$1("wslpath", ["-aw", path$2], { encoding: "utf8" });
+		const { stdout } = await execFile$1("wslpath", ["-aw", path$1], { encoding: "utf8" });
 		return stdout.trim();
 	} catch {
-		return path$2;
+		return path$1;
 	}
 };
 
@@ -53516,8 +53625,8 @@ var is_in_ssh_default = isInSsh;
 //#endregion
 //#region ../../node_modules/.pnpm/open@11.0.0/node_modules/open/index.js
 const fallbackAttemptSymbol = Symbol("fallbackAttempt");
-const __dirname = import.meta.url ? path.dirname(fileURLToPath(import.meta.url)) : "";
-const localXdgOpenPath = path.join(__dirname, "xdg-open");
+const __dirname = import.meta.url ? path3.dirname(fileURLToPath(import.meta.url)) : "";
+const localXdgOpenPath = path3.join(__dirname, "xdg-open");
 const { platform, arch: arch$1 } = process$1;
 const tryEachApp = async (apps$1, opener) => {
 	if (apps$1.length === 0) return;
@@ -53742,14 +53851,14 @@ const shortcutsPlugin = createPlugin("shortcuts", (ctx) => {
 			assertIsNotPreview(ctx);
 			addBindingsShortcut(viteDevServer, ctx);
 			addExplorerShortcut(viteDevServer);
-			if (ctx.resolvedPluginConfig.tunnel) addTunnelShortcut(viteDevServer);
+			addTunnelShortcut(viteDevServer, ctx);
 		},
 		async configurePreviewServer(vitePreviewServer) {
 			if (!isCustomShortcutsSupported) return;
 			assertIsPreview(ctx);
 			addBindingsShortcut(vitePreviewServer, ctx);
 			addExplorerShortcut(vitePreviewServer);
-			if (ctx.resolvedPluginConfig.tunnel) addTunnelShortcut(vitePreviewServer);
+			addTunnelShortcut(vitePreviewServer, ctx);
 		}
 	};
 });
@@ -53806,10 +53915,19 @@ function addExplorerShortcut(server) {
 	};
 	server.bindCLIShortcuts({ customShortcuts: [openExplorerShortcut] });
 }
-function addTunnelShortcut(server) {
+function addTunnelShortcut(server, ctx) {
 	if (!process.stdin.isTTY) return;
 	server.bindCLIShortcuts({ customShortcuts: [{
 		key: "t",
+		description: "start or close tunnel",
+		action: () => {
+			toggleTunnel(server, ctx).catch((error) => {
+				const message = error instanceof Error ? error.message : String(error);
+				server.config.logger.error(import_picocolors.default.red(`Error: ${message}`));
+			});
+		}
+	}, {
+		key: "a",
 		description: "extend tunnel by 1 hour",
 		action: () => {
 			extendTunnelExpiry();