wrangler 4.69.0 → 4.71.0

package/wrangler-dist/cli.js

@@ -1,6 +1,6 @@
 'use strict';
 
-var assert50 = require('assert');
+var assert51 = require('assert');
 var module2 = require('module');
 var path3 = require('path');
 var fs23 = require('fs');
@@ -52,7 +52,7 @@ function _interopNamespace(e) {
   return Object.freeze(n);
 }
 
-var assert50__default = /*#__PURE__*/_interopDefault(assert50);
+var assert51__default = /*#__PURE__*/_interopDefault(assert51);
 var module2__default = /*#__PURE__*/_interopDefault(module2);
 var path3__namespace = /*#__PURE__*/_interopNamespace(path3);
 var fs23__namespace = /*#__PURE__*/_interopNamespace(fs23);
@@ -266,7 +266,7 @@ function isCompatDate(str) {
 }
 function formatCompatibilityDate(date) {
   const compatDate = date.toISOString().slice(0, 10);
-  assert50__default.default(isCompatDate(compatDate));
+  assert51__default.default(isCompatDate(compatDate));
   return compatDate;
 }
 function assertNever(_value) {
@@ -3949,7 +3949,7 @@ function normalizeAndValidateConfig(rawConfig, configPath, userConfigPath, args,
     );
   }
   const envName = args.env ?? getCloudflareEnv();
-  assert50__default.default(envName === void 0 || typeof envName === "string");
+  assert51__default.default(envName === void 0 || typeof envName === "string");
   let activeEnv = topLevelEnv;
   if (envName) {
     if (isRedirectedConfig) {
@@ -4153,7 +4153,7 @@ function normalizeAndValidatePagesBuildOutputDir(configPath, rawPagesDir) {
   }
 }
 function normalizeAndValidateDev(diagnostics, rawDev, args) {
-  assert50__default.default(typeof args === "object" && args !== null && !Array.isArray(args));
+  assert51__default.default(typeof args === "object" && args !== null && !Array.isArray(args));
   const {
     localProtocol: localProtocolArg,
     upstreamProtocol: upstreamProtocolArg,
@@ -4161,17 +4161,17 @@ function normalizeAndValidateDev(diagnostics, rawDev, args) {
     enableContainers: enableContainersArg,
     generateTypes: generateTypesArg
   } = args;
-  assert50__default.default(
+  assert51__default.default(
     localProtocolArg === void 0 || localProtocolArg === "http" || localProtocolArg === "https"
   );
-  assert50__default.default(
+  assert51__default.default(
     upstreamProtocolArg === void 0 || upstreamProtocolArg === "http" || upstreamProtocolArg === "https"
   );
-  assert50__default.default(remoteArg === void 0 || typeof remoteArg === "boolean");
-  assert50__default.default(
+  assert51__default.default(remoteArg === void 0 || typeof remoteArg === "boolean");
+  assert51__default.default(
     enableContainersArg === void 0 || typeof enableContainersArg === "boolean"
   );
-  assert50__default.default(
+  assert51__default.default(
     generateTypesArg === void 0 || typeof generateTypesArg === "boolean"
   );
   const {
@@ -7675,12 +7675,45 @@ Please add a binding for each to "${fieldPath}.bindings":
         );
         isValid2 = false;
       }
+      if (hasProperty(value, "limits") && value.limits !== void 0) {
+        if (typeof value.limits !== "object" || value.limits === null || Array.isArray(value.limits)) {
+          diagnostics.errors.push(
+            `"${field}" bindings should, optionally, have an object "limits" field but got ${JSON.stringify(
+              value
+            )}.`
+          );
+          isValid2 = false;
+        } else {
+          const limits = value.limits;
+          if (limits.steps !== void 0) {
+            if (typeof limits.steps !== "number" || !Number.isInteger(limits.steps) || limits.steps < 1) {
+              diagnostics.errors.push(
+                `"${field}" bindings "limits.steps" field must be a positive integer but got ${JSON.stringify(
+                  limits.steps
+                )}.`
+              );
+              isValid2 = false;
+            } else if (limits.steps > 25e3) {
+              diagnostics.warnings.push(
+                `"${field}" has a step limit of ${limits.steps}, which exceeds the production maximum of 25,000. This configuration may not work when deployed.`
+              );
+            }
+          }
+          validateAdditionalProperties(
+            diagnostics,
+            `${field}.limits`,
+            Object.keys(limits),
+            ["steps"]
+          );
+        }
+      }
       validateAdditionalProperties(diagnostics, field, Object.keys(value), [
         "binding",
         "name",
         "class_name",
         "script_name",
-        "remote"
+        "remote",
+        "limits"
       ]);
       return isValid2;
     }, "validateWorkflowBinding");
@@ -10879,8 +10912,8 @@ var init_esm = __esm({
     mainFilename = __dirname2.substring(0, __dirname2.lastIndexOf("node_modules"));
     esm_default2 = {
       assert: {
-        notStrictEqual: assert50.notStrictEqual,
-        strictEqual: assert50.strictEqual
+        notStrictEqual: assert51.notStrictEqual,
+        strictEqual: assert51.strictEqual
       },
       cliui: ui,
       findUp: sync_default,
@@ -11972,7 +12005,7 @@ var require_tree = __commonJS({
 var require_util = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/core/util.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { kDestroyed, kBodyUsed, kListeners, kBody } = require_symbols();
     var { IncomingMessage } = __require("http");
     var stream2 = __require("stream");
@@ -11993,7 +12026,7 @@ var require_util = __commonJS({
         this[kBodyUsed] = false;
       }
       async *[Symbol.asyncIterator]() {
-        assert58(!this[kBodyUsed], "disturbed");
+        assert59(!this[kBodyUsed], "disturbed");
         this[kBodyUsed] = true;
         yield* this[kBody];
       }
@@ -12005,7 +12038,7 @@ var require_util = __commonJS({
       if (isStream2(body)) {
         if (bodyLength(body) === 0) {
           body.on("data", function() {
-            assert58(false);
+            assert59(false);
           });
         }
         if (typeof body.readableDidRead !== "boolean") {
@@ -12123,7 +12156,7 @@ var require_util = __commonJS({
     function getHostname(host) {
       if (host[0] === "[") {
         const idx2 = host.indexOf("]");
-        assert58(idx2 !== -1);
+        assert59(idx2 !== -1);
         return host.substring(1, idx2);
       }
       const idx = host.indexOf(":");
@@ -12135,7 +12168,7 @@ var require_util = __commonJS({
       if (!host) {
         return null;
       }
-      assert58(typeof host === "string");
+      assert59(typeof host === "string");
       const servername = getHostname(host);
       if (net2.isIP(servername)) {
         return "";
@@ -12692,7 +12725,7 @@ var require_util = __commonJS({
     function errorRequest(client, request4, err) {
       try {
         request4.onError(err);
-        assert58(request4.aborted);
+        assert59(request4.aborted);
       } catch (err2) {
         client.emit("error", err2);
       }
@@ -13095,7 +13128,7 @@ var require_request = __commonJS({
       InvalidArgumentError,
       NotSupportedError
     } = require_errors();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var {
       isValidHTTPToken,
       isValidHeaderValue,
@@ -13275,8 +13308,8 @@ var require_request = __commonJS({
         }
       }
       onConnect(abort) {
-        assert58(!this.aborted);
-        assert58(!this.completed);
+        assert59(!this.aborted);
+        assert59(!this.completed);
         if (this.error) {
           abort(this.error);
         } else {
@@ -13288,8 +13321,8 @@ var require_request = __commonJS({
         return this[kHandler].onResponseStarted?.();
       }
       onHeaders(statusCode, headers, resume, statusText) {
-        assert58(!this.aborted);
-        assert58(!this.completed);
+        assert59(!this.aborted);
+        assert59(!this.completed);
         if (channels.headers.hasSubscribers) {
           channels.headers.publish({ request: this, response: { statusCode, headers, statusText } });
         }
@@ -13300,8 +13333,8 @@ var require_request = __commonJS({
         }
       }
       onData(chunk) {
-        assert58(!this.aborted);
-        assert58(!this.completed);
+        assert59(!this.aborted);
+        assert59(!this.completed);
         if (channels.bodyChunkReceived.hasSubscribers) {
           channels.bodyChunkReceived.publish({ request: this, chunk });
         }
@@ -13313,14 +13346,14 @@ var require_request = __commonJS({
         }
       }
       onUpgrade(statusCode, headers, socket) {
-        assert58(!this.aborted);
-        assert58(!this.completed);
+        assert59(!this.aborted);
+        assert59(!this.completed);
         return this[kHandler].onUpgrade(statusCode, headers, socket);
       }
       onComplete(trailers) {
         this.onFinally();
-        assert58(!this.aborted);
-        assert58(!this.completed);
+        assert59(!this.aborted);
+        assert59(!this.completed);
         this.completed = true;
         if (channels.trailers.hasSubscribers) {
           channels.trailers.publish({ request: this, trailers });
@@ -13783,7 +13816,7 @@ var require_connect = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/core/connect.js"(exports, module4) {
     init_import_meta_url();
     var net2 = __require("net");
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var util3 = require_util();
     var { InvalidArgumentError } = require_errors();
     var tls;
@@ -13832,7 +13865,7 @@ var require_connect = __commonJS({
           }
           servername = servername || options.servername || util3.getServerName(host) || null;
           const sessionKey = servername || hostname2;
-          assert58(sessionKey);
+          assert59(sessionKey);
           const session = customSession || sessionCache.get(sessionKey) || null;
           port = port || 443;
           socket = tls.connect({
@@ -13852,7 +13885,7 @@ var require_connect = __commonJS({
             sessionCache.set(sessionKey, session2);
           });
         } else {
-          assert58(!httpSocket, "httpSocket can only be sent on TLS update");
+          assert59(!httpSocket, "httpSocket can only be sent on TLS update");
           port = port || 80;
           socket = net2.connect({
             highWaterMark: 64 * 1024,
@@ -14852,7 +14885,7 @@ var require_encoding = __commonJS({
 var require_infra = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/web/infra/index.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { utf8DecodeBytes } = require_encoding();
     function collectASequenceOfCodePoints(condition, input, position) {
       let result = "";
@@ -14923,7 +14956,7 @@ var require_infra = __commonJS({
     __name(isomorphicDecode, "isomorphicDecode");
     var invalidIsomorphicEncodeValueRegex = /[^\x00-\xFF]/;
     function isomorphicEncode(input) {
-      assert58(!invalidIsomorphicEncodeValueRegex.test(input));
+      assert59(!invalidIsomorphicEncodeValueRegex.test(input));
       return input;
     }
     __name(isomorphicEncode, "isomorphicEncode");
@@ -14952,7 +14985,7 @@ var require_infra = __commonJS({
       if (result === void 0) {
         throw new TypeError("Value is not JSON serializable");
       }
-      assert58(typeof result === "string");
+      assert59(typeof result === "string");
       return result;
     }
     __name(serializeJavascriptValueToJSONString, "serializeJavascriptValueToJSONString");
@@ -14975,14 +15008,14 @@ var require_infra = __commonJS({
 var require_data_url = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/web/fetch/data-url.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { forgivingBase64, collectASequenceOfCodePoints, collectASequenceOfCodePointsFast, isomorphicDecode, removeASCIIWhitespace, removeChars } = require_infra();
     var encoder = new TextEncoder();
     var HTTP_TOKEN_CODEPOINTS = /^[-!#$%&'*+.^_|~A-Za-z0-9]+$/u;
     var HTTP_WHITESPACE_REGEX = /[\u000A\u000D\u0009\u0020]/u;
     var HTTP_QUOTED_STRING_TOKENS = /^[\u0009\u0020-\u007E\u0080-\u00FF]+$/u;
     function dataURLProcessor(dataURL) {
-      assert58(dataURL.protocol === "data:");
+      assert59(dataURL.protocol === "data:");
       let input = URLSerializer(dataURL, true);
       input = input.slice(5);
       const position = { position: 0 };
@@ -15154,7 +15187,7 @@ var require_data_url = __commonJS({
     function collectAnHTTPQuotedString(input, position, extractValue3 = false) {
       const positionStart = position.position;
       let value = "";
-      assert58(input[position.position] === '"');
+      assert59(input[position.position] === '"');
       position.position++;
       while (true) {
         value += collectASequenceOfCodePoints(
@@ -15175,7 +15208,7 @@ var require_data_url = __commonJS({
           value += input[position.position];
           position.position++;
         } else {
-          assert58(quoteOrBackslash === '"');
+          assert59(quoteOrBackslash === '"');
           break;
         }
       }
@@ -15186,7 +15219,7 @@ var require_data_url = __commonJS({
     }
     __name(collectAnHTTPQuotedString, "collectAnHTTPQuotedString");
     function serializeAMimeType(mimeType) {
-      assert58(mimeType !== "failure");
+      assert59(mimeType !== "failure");
       const { parameters, essence } = mimeType;
       let serialization = essence;
       for (let [name2, value] of parameters.entries()) {
@@ -15960,7 +15993,7 @@ var require_util2 = __commonJS({
     var { collectAnHTTPQuotedString, parseMIMEType } = require_data_url();
     var { performance: performance2 } = __require("perf_hooks");
     var { ReadableStreamFrom, isValidHTTPToken, normalizedMethodRecordsBase } = require_util();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { isUint8Array } = __require("util/types");
     var { webidl } = require_webidl();
     var { isomorphicEncode, collectASequenceOfCodePoints, removeChars } = require_infra();
@@ -16163,7 +16196,7 @@ var require_util2 = __commonJS({
     __name(clonePolicyContainer, "clonePolicyContainer");
     function determineRequestsReferrer(request4) {
       const policy = request4.referrerPolicy;
-      assert58(policy);
+      assert59(policy);
       let referrerSource = null;
       if (request4.referrer === "client") {
         const globalOrigin = getGlobalOrigin();
@@ -16227,7 +16260,7 @@ var require_util2 = __commonJS({
     }
     __name(determineRequestsReferrer, "determineRequestsReferrer");
     function stripURLForReferrer(url4, originOnly = false) {
-      assert58(webidl.is.URL(url4));
+      assert59(webidl.is.URL(url4));
       url4 = new URL(url4);
       if (urlIsLocal(url4)) {
         return "no-referrer";
@@ -16491,7 +16524,7 @@ var require_util2 = __commonJS({
     }
     __name(readAllBytes, "readAllBytes");
     function urlIsLocal(url4) {
-      assert58("protocol" in url4);
+      assert59("protocol" in url4);
       const protocol = url4.protocol;
       return protocol === "about:" || protocol === "blob:" || protocol === "data:";
     }
@@ -16501,7 +16534,7 @@ var require_util2 = __commonJS({
     }
     __name(urlHasHttpsScheme, "urlHasHttpsScheme");
     function urlIsHttpHttpsScheme(url4) {
-      assert58("protocol" in url4);
+      assert59("protocol" in url4);
       const protocol = url4.protocol;
       return protocol === "http:" || protocol === "https:";
     }
@@ -16674,7 +16707,7 @@ var require_util2 = __commonJS({
               continue;
             }
           } else {
-            assert58(input.charCodeAt(position.position) === 44);
+            assert59(input.charCodeAt(position.position) === 44);
             position.position++;
           }
         }
@@ -16934,7 +16967,7 @@ var require_formdata_parser = __commonJS({
     var { HTTP_TOKEN_CODEPOINTS } = require_data_url();
     var { makeEntry } = require_formdata();
     var { webidl } = require_webidl();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { isomorphicDecode } = require_infra();
     var { utf8DecodeBytes } = require_encoding();
     var dd = Buffer.from("--");
@@ -16963,7 +16996,7 @@ var require_formdata_parser = __commonJS({
     }
     __name(validateBoundary, "validateBoundary");
     function multipartFormDataParser(input, mimeType) {
-      assert58(mimeType !== "failure" && mimeType.essence === "multipart/form-data");
+      assert59(mimeType !== "failure" && mimeType.essence === "multipart/form-data");
       const boundaryString = mimeType.parameters.get("boundary");
       if (boundaryString === void 0) {
         throw parsingError("missing boundary in content-type header");
@@ -17019,8 +17052,8 @@ var require_formdata_parser = __commonJS({
         } else {
           value = utf8DecodeBytes(Buffer.from(body));
         }
-        assert58(webidl.is.USVString(name2));
-        assert58(typeof value === "string" && webidl.is.USVString(value) || webidl.is.File(value));
+        assert59(webidl.is.USVString(name2));
+        assert59(typeof value === "string" && webidl.is.USVString(value) || webidl.is.File(value));
         entryList.push(makeEntry(name2, value, filename));
       }
     }
@@ -17295,7 +17328,7 @@ var require_body = __commonJS({
     } = require_util2();
     var { FormData: FormData13, setFormDataState } = require_formdata();
     var { webidl } = require_webidl();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { isErrored, isDisturbed } = __require("stream");
     var { isArrayBuffer: isArrayBuffer3 } = __require("util/types");
     var { serializeAMimeType } = require_data_url();
@@ -17335,7 +17368,7 @@ var require_body = __commonJS({
           type: "bytes"
         });
       }
-      assert58(webidl.is.ReadableStream(stream2));
+      assert59(webidl.is.ReadableStream(stream2));
       let action = null;
       let source = null;
       let length = null;
@@ -17453,8 +17486,8 @@ Content-Type: ${value.type || "application/octet-stream"}\r
     __name(extractBody, "extractBody");
     function safelyExtractBody(object, keepalive = false) {
       if (webidl.is.ReadableStream(object)) {
-        assert58(!util3.isDisturbed(object), "The body has already been consumed.");
-        assert58(!object.locked, "The stream is locked.");
+        assert59(!util3.isDisturbed(object), "The body has already been consumed.");
+        assert59(!object.locked, "The stream is locked.");
       }
       return extractBody(object, keepalive);
     }
@@ -17591,7 +17624,7 @@ Content-Type: ${value.type || "application/octet-stream"}\r
 var require_client_h1 = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/dispatcher/client-h1.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var util3 = require_util();
     var { channels } = require_diagnostics();
     var timers = require_timers();
@@ -17682,7 +17715,7 @@ var require_client_h1 = __commonJS({
            * @returns {number}
            */
           wasm_on_status: /* @__PURE__ */ __name((p7, at3, len) => {
-            assert58(currentParser.ptr === p7);
+            assert59(currentParser.ptr === p7);
             const start = at3 - currentBufferPtr + currentBufferRef.byteOffset;
             return currentParser.onStatus(new FastBuffer(currentBufferRef.buffer, start, len));
           }, "wasm_on_status"),
@@ -17691,7 +17724,7 @@ var require_client_h1 = __commonJS({
            * @returns {number}
            */
           wasm_on_message_begin: /* @__PURE__ */ __name((p7) => {
-            assert58(currentParser.ptr === p7);
+            assert59(currentParser.ptr === p7);
             return currentParser.onMessageBegin();
           }, "wasm_on_message_begin"),
           /**
@@ -17701,7 +17734,7 @@ var require_client_h1 = __commonJS({
            * @returns {number}
            */
           wasm_on_header_field: /* @__PURE__ */ __name((p7, at3, len) => {
-            assert58(currentParser.ptr === p7);
+            assert59(currentParser.ptr === p7);
             const start = at3 - currentBufferPtr + currentBufferRef.byteOffset;
             return currentParser.onHeaderField(new FastBuffer(currentBufferRef.buffer, start, len));
           }, "wasm_on_header_field"),
@@ -17712,7 +17745,7 @@ var require_client_h1 = __commonJS({
            * @returns {number}
            */
           wasm_on_header_value: /* @__PURE__ */ __name((p7, at3, len) => {
-            assert58(currentParser.ptr === p7);
+            assert59(currentParser.ptr === p7);
             const start = at3 - currentBufferPtr + currentBufferRef.byteOffset;
             return currentParser.onHeaderValue(new FastBuffer(currentBufferRef.buffer, start, len));
           }, "wasm_on_header_value"),
@@ -17724,7 +17757,7 @@ var require_client_h1 = __commonJS({
            * @returns {number}
            */
           wasm_on_headers_complete: /* @__PURE__ */ __name((p7, statusCode, upgrade, shouldKeepAlive) => {
-            assert58(currentParser.ptr === p7);
+            assert59(currentParser.ptr === p7);
             return currentParser.onHeadersComplete(statusCode, upgrade === 1, shouldKeepAlive === 1);
           }, "wasm_on_headers_complete"),
           /**
@@ -17734,7 +17767,7 @@ var require_client_h1 = __commonJS({
            * @returns {number}
            */
           wasm_on_body: /* @__PURE__ */ __name((p7, at3, len) => {
-            assert58(currentParser.ptr === p7);
+            assert59(currentParser.ptr === p7);
             const start = at3 - currentBufferPtr + currentBufferRef.byteOffset;
             return currentParser.onBody(new FastBuffer(currentBufferRef.buffer, start, len));
           }, "wasm_on_body"),
@@ -17743,7 +17776,7 @@ var require_client_h1 = __commonJS({
            * @returns {number}
            */
           wasm_on_message_complete: /* @__PURE__ */ __name((p7) => {
-            assert58(currentParser.ptr === p7);
+            assert59(currentParser.ptr === p7);
             return currentParser.onMessageComplete();
           }, "wasm_on_message_complete")
         }
@@ -17818,10 +17851,10 @@ var require_client_h1 = __commonJS({
         if (this.socket.destroyed || !this.paused) {
           return;
         }
-        assert58(this.ptr != null);
-        assert58(currentParser === null);
+        assert59(this.ptr != null);
+        assert59(currentParser === null);
         this.llhttp.llhttp_resume(this.ptr);
-        assert58(this.timeoutType === TIMEOUT_BODY);
+        assert59(this.timeoutType === TIMEOUT_BODY);
         if (this.timeout) {
           if (this.timeout.refresh) {
             this.timeout.refresh();
@@ -17844,9 +17877,9 @@ var require_client_h1 = __commonJS({
        * @param {Buffer} chunk
        */
       execute(chunk) {
-        assert58(currentParser === null);
-        assert58(this.ptr != null);
-        assert58(!this.paused);
+        assert59(currentParser === null);
+        assert59(this.ptr != null);
+        assert59(!this.paused);
         const { socket, llhttp } = this;
         if (chunk.length > currentBufferSize) {
           if (currentBufferPtr) {
@@ -17888,8 +17921,8 @@ var require_client_h1 = __commonJS({
         }
       }
       destroy() {
-        assert58(currentParser === null);
-        assert58(this.ptr != null);
+        assert59(currentParser === null);
+        assert59(this.ptr != null);
         this.llhttp.llhttp_free(this.ptr);
         this.ptr = null;
         this.timeout && timers.clearTimeout(this.timeout);
@@ -17975,14 +18008,14 @@ var require_client_h1 = __commonJS({
        */
       onUpgrade(head) {
         const { upgrade, client, socket, headers, statusCode } = this;
-        assert58(upgrade);
-        assert58(client[kSocket] === socket);
-        assert58(!socket.destroyed);
-        assert58(!this.paused);
-        assert58((headers.length & 1) === 0);
+        assert59(upgrade);
+        assert59(client[kSocket] === socket);
+        assert59(!socket.destroyed);
+        assert59(!this.paused);
+        assert59((headers.length & 1) === 0);
         const request4 = client[kQueue][client[kRunningIdx]];
-        assert58(request4);
-        assert58(request4.upgrade || request4.method === "CONNECT");
+        assert59(request4);
+        assert59(request4.upgrade || request4.method === "CONNECT");
         this.statusCode = 0;
         this.statusText = "";
         this.shouldKeepAlive = false;
@@ -18020,8 +18053,8 @@ var require_client_h1 = __commonJS({
         if (!request4) {
           return -1;
         }
-        assert58(!this.upgrade);
-        assert58(this.statusCode < 200);
+        assert59(!this.upgrade);
+        assert59(this.statusCode < 200);
         if (statusCode === 100) {
           util3.destroy(socket, new SocketError("bad response", util3.getSocketInfo(socket)));
           return -1;
@@ -18030,7 +18063,7 @@ var require_client_h1 = __commonJS({
           util3.destroy(socket, new SocketError("bad upgrade", util3.getSocketInfo(socket)));
           return -1;
         }
-        assert58(this.timeoutType === TIMEOUT_HEADERS);
+        assert59(this.timeoutType === TIMEOUT_HEADERS);
         this.statusCode = statusCode;
         this.shouldKeepAlive = shouldKeepAlive || // Override llhttp value which does not allow keepAlive for HEAD.
         request4.method === "HEAD" && !socket[kReset2] && this.connection.toLowerCase() === "keep-alive";
@@ -18043,16 +18076,16 @@ var require_client_h1 = __commonJS({
           }
         }
         if (request4.method === "CONNECT") {
-          assert58(client[kRunning] === 1);
+          assert59(client[kRunning] === 1);
           this.upgrade = true;
           return 2;
         }
         if (upgrade) {
-          assert58(client[kRunning] === 1);
+          assert59(client[kRunning] === 1);
           this.upgrade = true;
           return 2;
         }
-        assert58((this.headers.length & 1) === 0);
+        assert59((this.headers.length & 1) === 0);
         this.headers = [];
         this.headersSize = 0;
         if (this.shouldKeepAlive && client[kPipelining]) {
@@ -18099,14 +18132,14 @@ var require_client_h1 = __commonJS({
           return -1;
         }
         const request4 = client[kQueue][client[kRunningIdx]];
-        assert58(request4);
-        assert58(this.timeoutType === TIMEOUT_BODY);
+        assert59(request4);
+        assert59(this.timeoutType === TIMEOUT_BODY);
         if (this.timeout) {
           if (this.timeout.refresh) {
             this.timeout.refresh();
           }
         }
-        assert58(statusCode >= 200);
+        assert59(statusCode >= 200);
         if (maxResponseSize > -1 && this.bytesRead + buf.length > maxResponseSize) {
           util3.destroy(socket, new ResponseExceededMaxSizeError());
           return -1;
@@ -18128,10 +18161,10 @@ var require_client_h1 = __commonJS({
         if (upgrade) {
           return 0;
         }
-        assert58(statusCode >= 100);
-        assert58((this.headers.length & 1) === 0);
+        assert59(statusCode >= 100);
+        assert59((this.headers.length & 1) === 0);
         const request4 = client[kQueue][client[kRunningIdx]];
-        assert58(request4);
+        assert59(request4);
         this.statusCode = 0;
         this.statusText = "";
         this.bytesRead = 0;
@@ -18150,7 +18183,7 @@ var require_client_h1 = __commonJS({
         request4.onComplete(headers);
         client[kQueue][client[kRunningIdx]++] = null;
         if (socket[kWriting]) {
-          assert58(client[kRunning] === 0);
+          assert59(client[kRunning] === 0);
           util3.destroy(socket, new InformationalError("reset"));
           return constants4.ERROR.PAUSED;
         } else if (!shouldKeepAlive) {
@@ -18171,7 +18204,7 @@ var require_client_h1 = __commonJS({
       const { socket, timeoutType, client, paused } = parser2.deref();
       if (timeoutType === TIMEOUT_HEADERS) {
         if (!socket[kWriting] || socket.writableNeedDrain || client[kRunning] > 1) {
-          assert58(!paused, "cannot be paused while waiting for headers");
+          assert59(!paused, "cannot be paused while waiting for headers");
           util3.destroy(socket, new HeadersTimeoutError());
         }
       } else if (timeoutType === TIMEOUT_BODY) {
@@ -18179,7 +18212,7 @@ var require_client_h1 = __commonJS({
           util3.destroy(socket, new BodyTimeoutError());
         }
       } else if (timeoutType === TIMEOUT_KEEP_ALIVE) {
-        assert58(client[kRunning] === 0 && client[kKeepAliveTimeoutValue]);
+        assert59(client[kRunning] === 0 && client[kKeepAliveTimeoutValue]);
         util3.destroy(socket, new InformationalError("socket idle timeout"));
       }
     }
@@ -18258,7 +18291,7 @@ var require_client_h1 = __commonJS({
     }
     __name(connectH1, "connectH1");
     function onHttpSocketError(err) {
-      assert58(err.code !== "ERR_TLS_CERT_ALTNAME_INVALID");
+      assert59(err.code !== "ERR_TLS_CERT_ALTNAME_INVALID");
       const parser2 = this[kParser];
       if (err.code === "ECONNRESET" && parser2.statusCode && !parser2.shouldKeepAlive) {
         parser2.onMessageComplete();
@@ -18295,7 +18328,7 @@ var require_client_h1 = __commonJS({
       client[kSocket] = null;
       client[kHTTPContext] = null;
       if (client.destroyed) {
-        assert58(client[kPending] === 0);
+        assert59(client[kPending] === 0);
         const requests = client[kQueue].splice(client[kRunningIdx]);
         for (let i7 = 0; i7 < requests.length; i7++) {
           const request4 = requests[i7];
@@ -18307,7 +18340,7 @@ var require_client_h1 = __commonJS({
         util3.errorRequest(client, request4, err);
       }
       client[kPendingIdx] = client[kRunningIdx];
-      assert58(client[kRunning] === 0);
+      assert59(client[kRunning] === 0);
       client.emit("disconnect", client[kUrl], [client], err);
       client[kResume]();
     }
@@ -18463,13 +18496,13 @@ upgrade: ${upgrade}\r
       } else if (util3.isIterable(body)) {
         writeIterable(abort, body, client, request4, socket, contentLength, header, expectsPayload);
       } else {
-        assert58(false);
+        assert59(false);
       }
       return true;
     }
     __name(writeH1, "writeH1");
     function writeStream(abort, body, client, request4, socket, contentLength, header, expectsPayload) {
-      assert58(contentLength !== 0 || client[kRunning] === 0, "stream body cannot be pipelined");
+      assert59(contentLength !== 0 || client[kRunning] === 0, "stream body cannot be pipelined");
       let finished = false;
       const writer = new AsyncWriter({ abort, socket, request: request4, contentLength, client, expectsPayload, header });
       const onData = /* @__PURE__ */ __name(function(chunk) {
@@ -18506,7 +18539,7 @@ upgrade: ${upgrade}\r
           return;
         }
         finished = true;
-        assert58(socket.destroyed || socket[kWriting] && client[kRunning] <= 1);
+        assert59(socket.destroyed || socket[kWriting] && client[kRunning] <= 1);
         socket.off("drain", onDrain).off("error", onFinished);
         body.removeListener("data", onData).removeListener("end", onFinished).removeListener("close", onClose);
         if (!err) {
@@ -18546,12 +18579,12 @@ upgrade: ${upgrade}\r
 \r
 `, "latin1");
           } else {
-            assert58(contentLength === null, "no body must not have content length");
+            assert59(contentLength === null, "no body must not have content length");
             socket.write(`${header}\r
 `, "latin1");
           }
         } else if (util3.isBuffer(body)) {
-          assert58(contentLength === body.byteLength, "buffer body must have content length");
+          assert59(contentLength === body.byteLength, "buffer body must have content length");
           socket.cork();
           socket.write(`${header}content-length: ${contentLength}\r
 \r
@@ -18571,7 +18604,7 @@ upgrade: ${upgrade}\r
     }
     __name(writeBuffer, "writeBuffer");
     async function writeBlob(abort, body, client, request4, socket, contentLength, header, expectsPayload) {
-      assert58(contentLength === body.size, "blob body must have content length");
+      assert59(contentLength === body.size, "blob body must have content length");
       try {
         if (contentLength != null && contentLength !== body.size) {
           throw new RequestContentLengthMismatchError();
@@ -18595,7 +18628,7 @@ upgrade: ${upgrade}\r
     }
     __name(writeBlob, "writeBlob");
     async function writeIterable(abort, body, client, request4, socket, contentLength, header, expectsPayload) {
-      assert58(contentLength !== 0 || client[kRunning] === 0, "iterator body cannot be pipelined");
+      assert59(contentLength !== 0 || client[kRunning] === 0, "iterator body cannot be pipelined");
       let callback = null;
       function onDrain() {
         if (callback) {
@@ -18606,7 +18639,7 @@ upgrade: ${upgrade}\r
       }
       __name(onDrain, "onDrain");
       const waitForDrain = /* @__PURE__ */ __name(() => new Promise((resolve31, reject) => {
-        assert58(callback === null);
+        assert59(callback === null);
         if (socket[kError]) {
           reject(socket[kError]);
         } else {
@@ -18759,7 +18792,7 @@ ${len.toString(16)}\r
         const { socket, client, abort } = this;
         socket[kWriting] = false;
         if (err) {
-          assert58(client[kRunning] <= 1, "pipeline should only contain this request");
+          assert59(client[kRunning] <= 1, "pipeline should only contain this request");
           abort(err);
         }
       }
@@ -18772,7 +18805,7 @@ ${len.toString(16)}\r
 var require_client_h2 = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/dispatcher/client-h2.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { pipeline } = __require("stream");
     var util3 = require_util();
     var {
@@ -18952,7 +18985,7 @@ var require_client_h2 = __commonJS({
     }
     __name(onHttp2RemoteSettings, "onHttp2RemoteSettings");
     function onHttp2SessionError(err) {
-      assert58(err.code !== "ERR_TLS_CERT_ALTNAME_INVALID");
+      assert59(err.code !== "ERR_TLS_CERT_ALTNAME_INVALID");
       this[kSocket][kError] = err;
       this[kClient][kOnError](err);
     }
@@ -18985,7 +19018,7 @@ var require_client_h2 = __commonJS({
         util3.errorRequest(client, request4, err);
         client[kPendingIdx] = client[kRunningIdx];
       }
-      assert58(client[kRunning] === 0);
+      assert59(client[kRunning] === 0);
       client.emit("disconnect", client[kUrl], [client], err);
       client.emit("connectionError", client[kUrl], [client], err);
       client[kResume]();
@@ -18998,7 +19031,7 @@ var require_client_h2 = __commonJS({
       client[kSocket] = null;
       client[kHTTPContext] = null;
       if (client.destroyed) {
-        assert58(client[kPending] === 0);
+        assert59(client[kPending] === 0);
         const requests = client[kQueue].splice(client[kRunningIdx]);
         for (let i7 = 0; i7 < requests.length; i7++) {
           const request4 = requests[i7];
@@ -19016,13 +19049,13 @@ var require_client_h2 = __commonJS({
         this[kHTTP2Session].destroy(err);
       }
       client[kPendingIdx] = client[kRunningIdx];
-      assert58(client[kRunning] === 0);
+      assert59(client[kRunning] === 0);
       client.emit("disconnect", client[kUrl], [client], err);
       client[kResume]();
     }
     __name(onHttp2SocketClose, "onHttp2SocketClose");
     function onHttp2SocketError(err) {
-      assert58(err.code !== "ERR_TLS_CERT_ALTNAME_INVALID");
+      assert59(err.code !== "ERR_TLS_CERT_ALTNAME_INVALID");
       this[kError] = err;
       this[kClient][kOnError](err);
     }
@@ -19179,7 +19212,7 @@ var require_client_h2 = __commonJS({
         process.emitWarning(new RequestContentLengthMismatchError());
       }
       if (contentLength != null) {
-        assert58(body || contentLength === 0, "no body must not have content length");
+        assert59(body || contentLength === 0, "no body must not have content length");
         headers[HTTP2_HEADER_CONTENT_LENGTH] = `${contentLength}`;
       }
       session.ref();
@@ -19346,7 +19379,7 @@ var require_client_h2 = __commonJS({
             expectsPayload
           );
         } else {
-          assert58(false);
+          assert59(false);
         }
       }
     }
@@ -19354,7 +19387,7 @@ var require_client_h2 = __commonJS({
     function writeBuffer(abort, h2stream, body, client, request4, socket, contentLength, expectsPayload) {
       try {
         if (body != null && util3.isBuffer(body)) {
-          assert58(contentLength === body.byteLength, "buffer body must have content length");
+          assert59(contentLength === body.byteLength, "buffer body must have content length");
           h2stream.cork();
           h2stream.write(body);
           h2stream.uncork();
@@ -19372,7 +19405,7 @@ var require_client_h2 = __commonJS({
     }
     __name(writeBuffer, "writeBuffer");
     function writeStream(abort, socket, expectsPayload, h2stream, body, client, request4, contentLength) {
-      assert58(contentLength !== 0 || client[kRunning] === 0, "stream body cannot be pipelined");
+      assert59(contentLength !== 0 || client[kRunning] === 0, "stream body cannot be pipelined");
       const pipe = pipeline(
         body,
         h2stream,
@@ -19398,7 +19431,7 @@ var require_client_h2 = __commonJS({
     }
     __name(writeStream, "writeStream");
     async function writeBlob(abort, h2stream, body, client, request4, socket, contentLength, expectsPayload) {
-      assert58(contentLength === body.size, "blob body must have content length");
+      assert59(contentLength === body.size, "blob body must have content length");
       try {
         if (contentLength != null && contentLength !== body.size) {
           throw new RequestContentLengthMismatchError();
@@ -19420,7 +19453,7 @@ var require_client_h2 = __commonJS({
     }
     __name(writeBlob, "writeBlob");
     async function writeIterable(abort, h2stream, body, client, request4, socket, contentLength, expectsPayload) {
-      assert58(contentLength !== 0 || client[kRunning] === 0, "iterator body cannot be pipelined");
+      assert59(contentLength !== 0 || client[kRunning] === 0, "iterator body cannot be pipelined");
       let callback = null;
       function onDrain() {
         if (callback) {
@@ -19431,7 +19464,7 @@ var require_client_h2 = __commonJS({
       }
       __name(onDrain, "onDrain");
       const waitForDrain = /* @__PURE__ */ __name(() => new Promise((resolve31, reject) => {
-        assert58(callback === null);
+        assert59(callback === null);
         if (socket[kError]) {
           reject(socket[kError]);
         } else {
@@ -19471,7 +19504,7 @@ var require_client_h2 = __commonJS({
 var require_client = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/dispatcher/client.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var net2 = __require("net");
     var http6 = __require("http");
     var util3 = require_util();
@@ -19763,25 +19796,25 @@ var require_client = __commonJS({
     };
     function onError(client, err) {
       if (client[kRunning] === 0 && err.code !== "UND_ERR_INFO" && err.code !== "UND_ERR_SOCKET") {
-        assert58(client[kPendingIdx] === client[kRunningIdx]);
+        assert59(client[kPendingIdx] === client[kRunningIdx]);
         const requests = client[kQueue].splice(client[kRunningIdx]);
         for (let i7 = 0; i7 < requests.length; i7++) {
           const request4 = requests[i7];
           util3.errorRequest(client, request4, err);
         }
-        assert58(client[kSize] === 0);
+        assert59(client[kSize] === 0);
       }
     }
     __name(onError, "onError");
     function connect(client) {
-      assert58(!client[kConnecting]);
-      assert58(!client[kHTTPContext]);
+      assert59(!client[kConnecting]);
+      assert59(!client[kHTTPContext]);
       let { host, hostname: hostname2, protocol, port } = client[kUrl];
       if (hostname2[0] === "[") {
         const idx = hostname2.indexOf("]");
-        assert58(idx !== -1);
+        assert59(idx !== -1);
         const ip = hostname2.substring(1, idx);
-        assert58(net2.isIPv6(ip));
+        assert59(net2.isIPv6(ip));
         hostname2 = ip;
       }
       client[kConnecting] = true;
@@ -19817,7 +19850,7 @@ var require_client = __commonJS({
           client[kResume]();
           return;
         }
-        assert58(socket);
+        assert59(socket);
         try {
           client[kHTTPContext] = socket.alpnProtocol === "h2" ? connectH2(client, socket) : connectH1(client, socket);
         } catch (err2) {
@@ -19872,7 +19905,7 @@ var require_client = __commonJS({
         });
       }
       if (err.code === "ERR_TLS_CERT_ALTNAME_INVALID") {
-        assert58(client[kRunning] === 0);
+        assert59(client[kRunning] === 0);
         while (client[kPending] > 0 && client[kQueue][client[kPendingIdx]].servername === client[kServerName]) {
           const request4 = client[kQueue][client[kPendingIdx]++];
           util3.errorRequest(client, request4, err);
@@ -19905,7 +19938,7 @@ var require_client = __commonJS({
     function _resume(client, sync) {
       while (true) {
         if (client.destroyed) {
-          assert58(client[kPending] === 0);
+          assert59(client[kPending] === 0);
           return;
         }
         if (client[kClosedResolve] && !client[kSize]) {
@@ -21111,7 +21144,7 @@ var require_env_http_proxy_agent = __commonJS({
 var require_retry_handler = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/handler/retry-handler.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { kRetryHandlerDefaultRetry } = require_symbols();
     var { RequestRetryError } = require_errors();
     var WrapHandler = require_wrap_handler();
@@ -21298,8 +21331,8 @@ var require_retry_handler = __commonJS({
             });
           }
           const { start, size, end = size ? size - 1 : null } = contentRange;
-          assert58(this.start === start, "content-range mismatch");
-          assert58(this.end == null || this.end === end, "content-range mismatch");
+          assert59(this.start === start, "content-range mismatch");
+          assert59(this.end == null || this.end === end, "content-range mismatch");
           return;
         }
         if (this.end == null) {
@@ -21316,11 +21349,11 @@ var require_retry_handler = __commonJS({
               return;
             }
             const { start, size, end = size ? size - 1 : null } = range;
-            assert58(
+            assert59(
               start != null && Number.isFinite(start),
               "content-range mismatch"
             );
-            assert58(end != null && Number.isFinite(end), "invalid content-length");
+            assert59(end != null && Number.isFinite(end), "invalid content-length");
             this.start = start;
             this.end = end;
           }
@@ -21328,8 +21361,8 @@ var require_retry_handler = __commonJS({
             const contentLength = headers["content-length"];
             this.end = contentLength != null ? Number(contentLength) - 1 : null;
           }
-          assert58(Number.isFinite(this.start));
-          assert58(
+          assert59(Number.isFinite(this.start));
+          assert59(
             this.end == null || Number.isFinite(this.end),
             "invalid content-length"
           );
@@ -21510,7 +21543,7 @@ var require_h2c_client = __commonJS({
 var require_readable = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/api/readable.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { Readable: Readable11 } = __require("stream");
     var { RequestAbortedError, NotSupportedError, InvalidArgumentError, AbortError: AbortError2 } = require_errors();
     var util3 = require_util();
@@ -21707,7 +21740,7 @@ var require_readable = __commonJS({
           this[kBody] = ReadableStreamFrom(this);
           if (this[kConsume]) {
             this[kBody].getReader();
-            assert58(this[kBody].locked);
+            assert59(this[kBody].locked);
           }
         }
         return this[kBody];
@@ -21778,7 +21811,7 @@ var require_readable = __commonJS({
     }
     __name(isUnusable, "isUnusable");
     function consume(stream2, type) {
-      assert58(!stream2[kConsume]);
+      assert59(!stream2[kConsume]);
       return new Promise((resolve31, reject) => {
         if (isUnusable(stream2)) {
           const rState = stream2._readableState;
@@ -21924,7 +21957,7 @@ var require_readable = __commonJS({
 var require_api_request = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/api/api-request.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { AsyncResource } = __require("async_hooks");
     var { Readable: Readable11 } = require_readable();
     var { InvalidArgumentError, RequestAbortedError } = require_errors();
@@ -21995,7 +22028,7 @@ var require_api_request = __commonJS({
           abort(this.reason);
           return;
         }
-        assert58(this.callback);
+        assert59(this.callback);
         this.abort = abort;
         this.context = context2;
       }
@@ -22161,7 +22194,7 @@ var require_abort_signal = __commonJS({
 var require_api_stream = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/api/api-stream.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { finished } = __require("stream");
     var { AsyncResource } = __require("async_hooks");
     var { InvalidArgumentError, InvalidReturnValueError } = require_errors();
@@ -22224,7 +22257,7 @@ var require_api_stream = __commonJS({
           abort(this.reason);
           return;
         }
-        assert58(this.callback);
+        assert59(this.callback);
         this.abort = abort;
         this.context = context2;
       }
@@ -22332,7 +22365,7 @@ var require_api_pipeline = __commonJS({
       Duplex: Duplex2,
       PassThrough: PassThrough4
     } = __require("stream");
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { AsyncResource } = __require("async_hooks");
     var {
       InvalidArgumentError,
@@ -22456,7 +22489,7 @@ var require_api_pipeline = __commonJS({
           abort(this.reason);
           return;
         }
-        assert58(!res, "pipeline cannot be retried");
+        assert59(!res, "pipeline cannot be retried");
         this.abort = abort;
         this.context = context2;
       }
@@ -22541,7 +22574,7 @@ var require_api_upgrade = __commonJS({
     init_import_meta_url();
     var { InvalidArgumentError, SocketError } = require_errors();
     var { AsyncResource } = __require("async_hooks");
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var util3 = require_util();
     var { kHTTP2Stream } = require_symbols();
     var { addSignal, removeSignal } = require_abort_signal();
@@ -22573,7 +22606,7 @@ var require_api_upgrade = __commonJS({
           abort(this.reason);
           return;
         }
-        assert58(this.callback);
+        assert59(this.callback);
         this.abort = abort;
         this.context = null;
       }
@@ -22581,7 +22614,7 @@ var require_api_upgrade = __commonJS({
         throw new SocketError("bad upgrade", null);
       }
       onUpgrade(statusCode, rawHeaders, socket) {
-        assert58(socket[kHTTP2Stream] === true ? statusCode === 200 : statusCode === 101);
+        assert59(socket[kHTTP2Stream] === true ? statusCode === 200 : statusCode === 101);
         const { callback, opaque, context: context2 } = this;
         removeSignal(this);
         this.callback = null;
@@ -22637,7 +22670,7 @@ var require_api_upgrade = __commonJS({
 var require_api_connect = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/api/api-connect.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { AsyncResource } = __require("async_hooks");
     var { InvalidArgumentError, SocketError } = require_errors();
     var util3 = require_util();
@@ -22669,7 +22702,7 @@ var require_api_connect = __commonJS({
           abort(this.reason);
           return;
         }
-        assert58(this.callback);
+        assert59(this.callback);
         this.abort = abort;
         this.context = context2;
       }
@@ -24724,7 +24757,7 @@ var require_global2 = __commonJS({
 var require_decorator_handler = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/handler/decorator-handler.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var WrapHandler = require_wrap_handler();
     module4.exports = class DecoratorHandler {
       static {
@@ -24744,25 +24777,25 @@ var require_decorator_handler = __commonJS({
         this.#handler.onRequestStart?.(...args);
       }
       onRequestUpgrade(...args) {
-        assert58(!this.#onCompleteCalled);
-        assert58(!this.#onErrorCalled);
+        assert59(!this.#onCompleteCalled);
+        assert59(!this.#onErrorCalled);
         return this.#handler.onRequestUpgrade?.(...args);
       }
       onResponseStart(...args) {
-        assert58(!this.#onCompleteCalled);
-        assert58(!this.#onErrorCalled);
-        assert58(!this.#onResponseStartCalled);
+        assert59(!this.#onCompleteCalled);
+        assert59(!this.#onErrorCalled);
+        assert59(!this.#onResponseStartCalled);
         this.#onResponseStartCalled = true;
         return this.#handler.onResponseStart?.(...args);
       }
       onResponseData(...args) {
-        assert58(!this.#onCompleteCalled);
-        assert58(!this.#onErrorCalled);
+        assert59(!this.#onCompleteCalled);
+        assert59(!this.#onErrorCalled);
         return this.#handler.onResponseData?.(...args);
       }
       onResponseEnd(...args) {
-        assert58(!this.#onCompleteCalled);
-        assert58(!this.#onErrorCalled);
+        assert59(!this.#onCompleteCalled);
+        assert59(!this.#onErrorCalled);
         this.#onCompleteCalled = true;
         return this.#handler.onResponseEnd?.(...args);
       }
@@ -24785,7 +24818,7 @@ var require_redirect_handler = __commonJS({
     init_import_meta_url();
     var util3 = require_util();
     var { kBodyUsed } = require_symbols();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { InvalidArgumentError } = require_errors();
     var EE = __require("events");
     var redirectableStatusCodes = [300, 301, 302, 303, 307, 308];
@@ -24801,7 +24834,7 @@ var require_redirect_handler = __commonJS({
         this[kBodyUsed] = false;
       }
       async *[Symbol.asyncIterator]() {
-        assert58(!this[kBodyUsed], "disturbed");
+        assert59(!this[kBodyUsed], "disturbed");
         this[kBodyUsed] = true;
         yield* this[kBody];
       }
@@ -24831,7 +24864,7 @@ var require_redirect_handler = __commonJS({
         if (util3.isStream(this.opts.body)) {
           if (util3.bodyLength(this.opts.body) === 0) {
             this.opts.body.on("data", function() {
-              assert58(false);
+              assert59(false);
             });
           }
           if (typeof this.opts.body.readableDidRead !== "boolean") {
@@ -24937,7 +24970,7 @@ var require_redirect_handler = __commonJS({
           }
         }
       } else {
-        assert58(headers == null, "headers must be an object or an array");
+        assert59(headers == null, "headers must be an object or an array");
       }
       return ret;
     }
@@ -26857,7 +26890,7 @@ var require_memory_cache_store = __commonJS({
 var require_cache_revalidation_handler = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/handler/cache-revalidation-handler.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var CacheRevalidationHandler = class {
       static {
         __name(this, "CacheRevalidationHandler");
@@ -26897,7 +26930,7 @@ var require_cache_revalidation_handler = __commonJS({
         this.#handler.onRequestUpgrade?.(controller, statusCode, headers, socket);
       }
       onResponseStart(controller, statusCode, headers, statusMessage) {
-        assert58(this.#callback != null);
+        assert59(this.#callback != null);
         this.#successful = statusCode === 304 || this.#allowErrorStatusCodes && statusCode >= 500 && statusCode <= 504;
         this.#callback(this.#successful, this.#context);
         this.#callback = null;
@@ -26947,7 +26980,7 @@ var require_cache_revalidation_handler = __commonJS({
 var require_cache2 = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/interceptor/cache.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { Readable: Readable11 } = __require("stream");
     var util3 = require_util();
     var CacheHandler = require_cache_handler();
@@ -27030,8 +27063,8 @@ var require_cache2 = __commonJS({
     __name(handleUncachedResponse, "handleUncachedResponse");
     function sendCachedValue(handler, opts, result, age, context2, isStale2) {
       const stream2 = util3.isStream(result.body) ? result.body : Readable11.from(result.body ?? []);
-      assert58(!stream2.destroyed, "stream should not be destroyed");
-      assert58(!stream2.readableDidRead, "stream should not be readableDidRead");
+      assert59(!stream2.destroyed, "stream should not be destroyed");
+      assert59(!stream2.readableDidRead, "stream should not be readableDidRead");
       const controller = {
         resume() {
           stream2.resume();
@@ -28124,7 +28157,7 @@ var require_headers = __commonJS({
       isValidHeaderValue
     } = require_util2();
     var { webidl } = require_webidl();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var util3 = __require("util");
     function isHTTPWhiteSpaceCharCode(code) {
       return code === 10 || code === 13 || code === 9 || code === 32;
@@ -28349,11 +28382,11 @@ var require_headers = __commonJS({
           const iterator = this.headersMap[Symbol.iterator]();
           const firstValue = iterator.next().value;
           array[0] = [firstValue[0], firstValue[1].value];
-          assert58(firstValue[1].value !== null);
+          assert59(firstValue[1].value !== null);
           for (let i7 = 1, j7 = 0, right2 = 0, left2 = 0, pivot = 0, x7, value; i7 < size; ++i7) {
             value = iterator.next().value;
             x7 = array[i7] = [value[0], value[1].value];
-            assert58(x7[1] !== null);
+            assert59(x7[1] !== null);
             left2 = 0;
             right2 = i7;
             while (left2 < right2) {
@@ -28380,7 +28413,7 @@ var require_headers = __commonJS({
           let i7 = 0;
           for (const { 0: name2, 1: { value } } of this.headersMap) {
             array[i7++] = [name2, value];
-            assert58(value !== null);
+            assert59(value !== null);
           }
           return array.sort(compareHeaderName);
         }
@@ -28608,7 +28641,7 @@ var require_response = __commonJS({
     var { webidl } = require_webidl();
     var { URLSerializer } = require_data_url();
     var { kConstruct } = require_symbols();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { isomorphicEncode, serializeJavascriptValueToJSONString } = require_infra();
     var textEncoder = new TextEncoder("utf-8");
     var Response11 = class _Response {
@@ -28872,7 +28905,7 @@ var require_response = __commonJS({
           return p7 in state2 ? state2[p7] : target[p7];
         },
         set(target, p7, value) {
-          assert58(!(p7 in state2));
+          assert59(!(p7 in state2));
           target[p7] = value;
           return true;
         }
@@ -28907,12 +28940,12 @@ var require_response = __commonJS({
           body: null
         });
       } else {
-        assert58(false);
+        assert59(false);
       }
     }
     __name(filterResponse, "filterResponse");
     function makeAppropriateNetworkError(fetchParams, err = null) {
-      assert58(isCancelled(fetchParams));
+      assert59(isCancelled(fetchParams));
       return isAborted2(fetchParams) ? makeNetworkError(Object.assign(new DOMException("The operation was aborted.", "AbortError"), { cause: err })) : makeNetworkError(Object.assign(new DOMException("Request was cancelled."), { cause: err }));
     }
     __name(makeAppropriateNetworkError, "makeAppropriateNetworkError");
@@ -29046,7 +29079,7 @@ var require_request2 = __commonJS({
     var { webidl } = require_webidl();
     var { URLSerializer } = require_data_url();
     var { kConstruct } = require_symbols();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { getMaxListeners, setMaxListeners, defaultMaxListeners } = __require("events");
     var kAbortController = Symbol("abortController");
     var requestFinalizer = new FinalizationRegistry(({ signal, abort }) => {
@@ -29126,7 +29159,7 @@ var require_request2 = __commonJS({
           request4 = makeRequest({ urlList: [parsedURL] });
           fallbackMode = "cors";
         } else {
-          assert58(webidl.is.Request(input));
+          assert59(webidl.is.Request(input));
           request4 = input.#state;
           signal = input.#signal;
           this.#dispatcher = init4.dispatcher || input.#dispatcher;
@@ -29784,7 +29817,7 @@ var require_request2 = __commonJS({
 var require_subresource_integrity = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/web/subresource-integrity/subresource-integrity.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { runtimeFeatures } = require_runtime_features();
     var validSRIHashAlgorithmTokenSet = /* @__PURE__ */ new Map([["sha256", 0], ["sha384", 1], ["sha512", 2]]);
     var crypto9;
@@ -29832,7 +29865,7 @@ var require_subresource_integrity = __commonJS({
       const result = [];
       let strongest = null;
       for (const item of metadataList) {
-        assert58(isValidSRIHashAlgorithm(item.alg), "Invalid SRI hash algorithm token");
+        assert59(isValidSRIHashAlgorithm(item.alg), "Invalid SRI hash algorithm token");
         if (result.length === 0) {
           result.push(item);
           strongest = item;
@@ -29968,7 +30001,7 @@ var require_fetch = __commonJS({
       createInflate,
       extractMimeType
     } = require_util2();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { safelyExtractBody, extractBody } = require_body();
     var {
       redirectStatusSet,
@@ -30055,7 +30088,7 @@ var require_fetch = __commonJS({
         requestObject.signal,
         () => {
           locallyAborted = true;
-          assert58(controller != null);
+          assert59(controller != null);
           controller.abort(requestObject.signal.reason);
           const realResponse = responseObject?.deref();
           abortFetch(p7, request4, realResponse, requestObject.signal.reason);
@@ -30161,7 +30194,7 @@ var require_fetch = __commonJS({
       dispatcher = getGlobalDispatcher2()
       // undici
     }) {
-      assert58(dispatcher);
+      assert59(dispatcher);
       let taskDestination = null;
       let crossOriginIsolatedCapability = false;
       if (request4.client != null) {
@@ -30184,7 +30217,7 @@ var require_fetch = __commonJS({
         taskDestination,
         crossOriginIsolatedCapability
       };
-      assert58(!request4.body || request4.body.stream);
+      assert59(!request4.body || request4.body.stream);
       if (request4.window === "client") {
         request4.window = request4.client?.globalObject?.constructor?.name === "Window" ? request4.client : "no-window";
       }
@@ -30272,7 +30305,7 @@ var require_fetch = __commonJS({
           } else if (request4.responseTainting === "opaque") {
             response = filterResponse(response, "opaque");
           } else {
-            assert58(false);
+            assert59(false);
           }
         }
         let internalResponse = response.status === 0 ? response : response.internalResponse;
@@ -30505,7 +30538,7 @@ var require_fetch = __commonJS({
         } else if (request4.redirect === "follow") {
           response = await httpRedirectFetch(fetchParams, response);
         } else {
-          assert58(false);
+          assert59(false);
         }
       }
       response.timingInfo = timingInfo;
@@ -30559,7 +30592,7 @@ var require_fetch = __commonJS({
         request4.headersList.delete("host", true);
       }
       if (request4.body != null) {
-        assert58(request4.body.source != null);
+        assert59(request4.body.source != null);
         request4.body = safelyExtractBody(request4.body.source)[0];
       }
       const timingInfo = fetchParams.timingInfo;
@@ -30683,7 +30716,7 @@ var require_fetch = __commonJS({
     }
     __name(httpNetworkOrCacheFetch, "httpNetworkOrCacheFetch");
     async function httpNetworkFetch(fetchParams, includeCredentials = false, forceNewConnection = false) {
-      assert58(!fetchParams.controller.connection || fetchParams.controller.connection.destroyed);
+      assert59(!fetchParams.controller.connection || fetchParams.controller.connection.destroyed);
       fetchParams.controller.connection = {
         abort: null,
         destroyed: false,
@@ -30993,7 +31026,7 @@ var require_fetch = __commonJS({
 var require_util3 = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/web/cache/util.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { URLSerializer } = require_data_url();
     var { isValidHeaderName } = require_util2();
     function urlEquals(A4, B4, excludeFragment = false) {
@@ -31003,7 +31036,7 @@ var require_util3 = __commonJS({
     }
     __name(urlEquals, "urlEquals");
     function getFieldValues(header) {
-      assert58(header !== null);
+      assert59(header !== null);
       const values = [];
       for (let value of header.split(",")) {
         value = value.trim();
@@ -31025,7 +31058,7 @@ var require_util3 = __commonJS({
 var require_cache3 = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/web/cache/cache.js"(exports, module4) {
     init_import_meta_url();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { kConstruct } = require_symbols();
     var { urlEquals, getFieldValues } = require_util3();
     var { kEnumerableProperty, isDisturbed } = require_util();
@@ -31278,7 +31311,7 @@ var require_cache3 = __commonJS({
             return false;
           }
         } else {
-          assert58(typeof request4 === "string");
+          assert59(typeof request4 === "string");
           r9 = getRequestState(new Request7(request4));
         }
         const operations = [];
@@ -31389,7 +31422,7 @@ var require_cache3 = __commonJS({
               }
               for (const requestResponse of requestResponses) {
                 const idx = cache6.indexOf(requestResponse);
-                assert58(idx !== -1);
+                assert59(idx !== -1);
                 cache6.splice(idx, 1);
               }
             } else if (operation.type === "put") {
@@ -31421,7 +31454,7 @@ var require_cache3 = __commonJS({
               requestResponses = this.#queryCache(operation.request);
               for (const requestResponse of requestResponses) {
                 const idx = cache6.indexOf(requestResponse);
-                assert58(idx !== -1);
+                assert59(idx !== -1);
                 cache6.splice(idx, 1);
               }
               cache6.push([operation.request, operation.response]);
@@ -31884,7 +31917,7 @@ var require_parse = __commonJS({
     var { collectASequenceOfCodePointsFast } = require_infra();
     var { maxNameValuePairSize, maxAttributeValueSize } = require_constants4();
     var { isCTLExcludingHtab } = require_util4();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { unescape: qsUnescape } = __require("querystring");
     function parseSetCookie(header) {
       if (isCTLExcludingHtab(header)) {
@@ -31928,7 +31961,7 @@ var require_parse = __commonJS({
       if (unparsedAttributes.length === 0) {
         return cookieAttributeList;
       }
-      assert58(unparsedAttributes[0] === ";");
+      assert59(unparsedAttributes[0] === ";");
       unparsedAttributes = unparsedAttributes.slice(1);
       let cookieAv = "";
       if (unparsedAttributes.includes(";")) {
@@ -32803,7 +32836,7 @@ var require_connection = __commonJS({
     var { Headers: Headers5, getHeadersList } = require_headers();
     var { getDecodeSplit } = require_util2();
     var { WebsocketFrameSend } = require_frame();
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { runtimeFeatures } = require_runtime_features();
     var crypto9 = runtimeFeatures.has("crypto") ? __require("crypto") : null;
     var warningEmitted2 = false;
@@ -32908,7 +32941,7 @@ var require_connection = __commonJS({
         if (reason.length !== 0 && code === null) {
           code = 1e3;
         }
-        assert58(code === null || Number.isInteger(code));
+        assert59(code === null || Number.isInteger(code));
         if (code === null && reason.length === 0) {
           frame.frameData = emptyBuffer;
         } else if (code !== null && reason === null) {
@@ -33012,7 +33045,7 @@ var require_receiver = __commonJS({
   "../../node_modules/.pnpm/undici@7.18.2/node_modules/undici/lib/web/websocket/receiver.js"(exports, module4) {
     init_import_meta_url();
     var { Writable: Writable5 } = __require("stream");
-    var assert58 = __require("assert");
+    var assert59 = __require("assert");
     var { parserStates, opcodes, states, emptyBuffer, sentCloseFrameState } = require_constants5();
     var {
       isValidStatusCode,
@@ -33252,7 +33285,7 @@ var require_receiver = __commonJS({
         return output;
       }
       parseCloseBody(data) {
-        assert58(data.length !== 1);
+        assert59(data.length !== 1);
         let code;
         if (data.length >= 2) {
           code = data.readUInt16BE(0);
@@ -35933,6 +35966,19 @@ var init_EventType = __esm({
   }
 });
 
+// ../containers-shared/src/client/models/ExternalRegistryKind.ts
+var ExternalRegistryKind;
+var init_ExternalRegistryKind = __esm({
+  "../containers-shared/src/client/models/ExternalRegistryKind.ts"() {
+    init_import_meta_url();
+    ExternalRegistryKind = /* @__PURE__ */ ((ExternalRegistryKind2) => {
+      ExternalRegistryKind2["ECR"] = "ECR";
+      ExternalRegistryKind2["DOCKER_HUB"] = "DockerHub";
+      return ExternalRegistryKind2;
+    })(ExternalRegistryKind || {});
+  }
+});
+
 // ../containers-shared/src/client/models/HTTPMethod.ts
 var init_HTTPMethod = __esm({
   "../containers-shared/src/client/models/HTTPMethod.ts"() {
@@ -37762,6 +37808,7 @@ var init_client = __esm({
     init_DurableObjectStatusHealth();
     init_EventName();
     init_EventType();
+    init_ExternalRegistryKind();
     init_HTTPMethod();
     init_ImageRegistryAlreadyExistsError();
     init_ImageRegistryIsPublic();
@@ -38175,19 +38222,14 @@ var init_types = __esm({
   }
 });
 
-// ../containers-shared/src/client/models/ExternalRegistryKind.ts
-var ExternalRegistryKind;
-var init_ExternalRegistryKind = __esm({
-  "../containers-shared/src/client/models/ExternalRegistryKind.ts"() {
-    init_import_meta_url();
-    ExternalRegistryKind = /* @__PURE__ */ ((ExternalRegistryKind2) => {
-      ExternalRegistryKind2["ECR"] = "ECR";
-      return ExternalRegistryKind2;
-    })(ExternalRegistryKind || {});
-  }
-});
-
 // ../containers-shared/src/images.ts
+function getEgressInterceptorImage() {
+  return process.env.MINIFLARE_CONTAINER_EGRESS_IMAGE ?? DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE;
+}
+async function pullEgressInterceptorImage(dockerPath) {
+  const image = getEgressInterceptorImage();
+  await runDockerCmd(dockerPath, ["pull", image, "--platform", "linux/amd64"]);
+}
 async function pullImage(dockerPath, options, logger4, isVite) {
   const domain2 = new URL(`http://${options.image_uri}`).hostname;
   const isExternalRegistry = domain2 !== getCloudflareContainerRegistry();
@@ -38283,6 +38325,9 @@ async function prepareContainerImagesForDev(args) {
       await checkExposedPorts(dockerPath, options);
     }
   }
+  if (!aborted && args.compatibilityFlags?.includes("experimental")) {
+    await pullEgressInterceptorImage(dockerPath);
+  }
 }
 function resolveImageName(accountId, image) {
   let url4;
@@ -38314,7 +38359,7 @@ Current account: "${accountId}"`
   }
   return `${url4.hostname}/${accountId}${url4.pathname}`;
 }
-var getAndValidateRegistryType;
+var DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE, getAndValidateRegistryType;
 var init_images = __esm({
   "../containers-shared/src/images.ts"() {
     init_import_meta_url();
@@ -38325,6 +38370,9 @@ var init_images = __esm({
     init_login();
     init_registry2();
     init_utils();
+    DEFAULT_CONTAINER_EGRESS_INTERCEPTOR_IMAGE = "cloudflare/proxy-everything:4dc6c7f@sha256:9621ef445ef120409e5d95bbd845ab2fa0f613636b59a01d998f5704f4096ae2";
+    __name(getEgressInterceptorImage, "getEgressInterceptorImage");
+    __name(pullEgressInterceptorImage, "pullEgressInterceptorImage");
     __name(pullImage, "pullImage");
     __name(prepareContainerImagesForDev, "prepareContainerImagesForDev");
     __name(resolveImageName, "resolveImageName");
@@ -38352,6 +38400,12 @@ ${e9.message}`);
           name: "AWS ECR",
           secretType: "AWS Secret Access Key"
         },
+        {
+          type: "DockerHub" /* DOCKER_HUB */,
+          pattern: /^docker\.io$/,
+          name: "DockerHub",
+          secretType: "DockerHub PAT Token"
+        },
         {
           type: "cloudflare",
           // Make a regex based on the env var CLOUDFLARE_CONTAINER_REGISTRY
@@ -38448,8 +38502,8 @@ function createDeferred(previousDeferred) {
     resolve31 = _resolve;
     reject = _reject;
   });
-  assert50__default.default(resolve31);
-  assert50__default.default(reject);
+  assert51__default.default(resolve31);
+  assert51__default.default(reject);
   previousDeferred?.resolve(newPromise);
   return {
     promise: newPromise,
@@ -42170,7 +42224,7 @@ var require_signal_exit = __commonJS({
         };
       };
     } else {
-      assert58 = __require("assert");
+      assert59 = __require("assert");
       signals = require_signals();
       isWin = /^win/i.test(process12.platform);
       EE = __require("events");
@@ -42193,7 +42247,7 @@ var require_signal_exit = __commonJS({
           return function() {
           };
         }
-        assert58.equal(typeof cb2, "function", "a callback must be provided for exit handler");
+        assert59.equal(typeof cb2, "function", "a callback must be provided for exit handler");
         if (loaded === false) {
           load();
         }
@@ -42299,7 +42353,7 @@ var require_signal_exit = __commonJS({
         }
       }, "processEmit");
     }
-    var assert58;
+    var assert59;
     var signals;
     var isWin;
     var EE;
@@ -49836,7 +49890,7 @@ function getSourceMappingPrepareStackTrace(retrieveSourceMap) {
     }
   });
   sourceMappingPrepareStackTrace = Error.prepareStackTrace;
-  assert50__default.default(sourceMappingPrepareStackTrace !== void 0);
+  assert51__default.default(sourceMappingPrepareStackTrace !== void 0);
   Error.prepareStackTrace = originalPrepareStackTrace;
   return sourceMappingPrepareStackTrace;
 }
@@ -49879,7 +49933,7 @@ function getSourceMappedString(value, retrieveSourceMap) {
     }
     const callSiteLine = callSiteLines[i7][0];
     const callSiteAtIndex = callSiteLine.indexOf("at");
-    assert50__default.default(callSiteAtIndex !== -1);
+    assert51__default.default(callSiteAtIndex !== -1);
     const callSiteLineLeftPad = callSiteLine.substring(0, callSiteAtIndex);
     value = value.replace(
       callSiteLine,
@@ -51030,7 +51084,7 @@ var name, version;
 var init_package = __esm({
   "package.json"() {
     name = "wrangler";
-    version = "4.69.0";
+    version = "4.71.0";
   }
 });
 
@@ -51957,15 +52011,18 @@ function workflowEntry({
   name: name2,
   class_name: className,
   script_name: scriptName,
-  remote
+  remote,
+  limits
 }, remoteProxyConnectionString) {
+  const stepLimit = limits?.steps;
   if (!remoteProxyConnectionString || !remote) {
     return [
       binding,
       {
         name: name2,
         className,
-        scriptName
+        scriptName,
+        ...stepLimit !== void 0 && { stepLimit }
       }
     ];
   }
@@ -51975,7 +52032,8 @@ function workflowEntry({
       name: name2,
       className,
       scriptName,
-      remoteProxyConnectionString
+      remoteProxyConnectionString,
+      ...stepLimit !== void 0 && { stepLimit }
     }
   ];
 }
@@ -52130,7 +52188,7 @@ function buildMiniflareBindingOptions(config, remoteProxyConnectionString) {
     (b11) => isUnsafeServiceBindingWithDevCfg(b11[1])
   );
   for (const [name2, unsafeBinding] of unsafeBindingsWithLocalDev) {
-    assert50__default.default(isUnsafeServiceBindingWithDevCfg(unsafeBinding));
+    assert51__default.default(isUnsafeServiceBindingWithDevCfg(unsafeBinding));
     const {
       type,
       dev: {
@@ -52221,9 +52279,14 @@ function buildMiniflareBindingOptions(config, remoteProxyConnectionString) {
       ])
     ),
     workflows: Object.fromEntries(
-      workflows.map(
-        (workflow) => workflowEntry(workflow, remoteProxyConnectionString)
-      )
+      workflows.map((workflow) => {
+        if (workflow.script_name !== void 0 && workflow.script_name !== config.name && workflow.limits) {
+          throw new UserError(
+            `Workflow "${workflow.name}" has "limits" configured but references external script "${workflow.script_name}". Configure limits on the worker that defines the workflow.`
+          );
+        }
+        return workflowEntry(workflow, remoteProxyConnectionString);
+      })
     ),
     secretsStoreSecrets: Object.fromEntries(
       secretsStoreSecrets.map((binding) => [binding.binding, binding])
@@ -52419,7 +52482,7 @@ async function buildMiniflareOptions(log2, config, proxyToUserWorkerAuthenticati
   return options;
 }
 function getImageNameFromDOClassName(options) {
-  assert50__default.default(
+  assert51__default.default(
     options.containerBuildId,
     "Build ID should be set if containers are defined and enabled"
   );
@@ -52828,8 +52891,8 @@ function readConfig(args, options = {}) {
     redirected
   } = exports.experimental_readRawConfig(args, options);
   if (redirected) {
-    assert50__default.default(configPath, "Redirected config found without a configPath");
-    assert50__default.default(
+    assert51__default.default(configPath, "Redirected config found without a configPath");
+    assert51__default.default(
       deployConfigPath,
       "Redirected config found without a deployConfigPath"
     );
@@ -52864,8 +52927,8 @@ function readPagesConfig(args, options = {}) {
   try {
     ({ rawConfig, configPath, userConfigPath, deployConfigPath, redirected } = exports.experimental_readRawConfig(args, options));
     if (redirected) {
-      assert50__default.default(configPath, "Redirected config found without a configPath");
-      assert50__default.default(
+      assert51__default.default(configPath, "Redirected config found without a configPath");
+      assert51__default.default(
         deployConfigPath,
         "Redirected config found without a deployConfigPath"
       );
@@ -122092,7 +122155,7 @@ function createCloudflareClient(complianceConfig) {
 }
 async function performApiFetch(complianceConfig, resource, init4 = {}, queryParams, abortSignal, apiToken) {
   const method = init4.method ?? "GET";
-  assert50__default.default(
+  assert51__default.default(
     resource.startsWith("/"),
     `CF API fetch - resource path must start with a "/" but got "${resource}"`
   );
@@ -122669,7 +122732,7 @@ function isReturningFromAuthServer(query) {
     );
     throw new ErrorInvalidReturnedStateParam();
   }
-  assert50__default.default(!Array.isArray(code));
+  assert51__default.default(!Array.isArray(code));
   state2.authorizationCode = code;
   state2.hasAuthCodeBeenExchangedForAccessToken = false;
   return true;
@@ -122895,13 +122958,13 @@ async function getOauthToken(options) {
           if (error2 || closeErr) {
             reject(error2 || closeErr);
           } else {
-            assert50__default.default(token);
+            assert51__default.default(token);
             resolve31(token);
           }
         });
       }
       __name(finish, "finish");
-      assert50__default.default(req.url, "This request doesn't have a URL");
+      assert51__default.default(req.url, "This request doesn't have a URL");
       const { pathname, query } = Url__default.default.parse(req.url, true);
       if (req.method !== "GET") {
         return res.end("OK");
@@ -125146,7 +125209,7 @@ var init_esm6 = __esm({
 function dedent3(strings, ...values) {
   const raw = String.raw({ raw: strings }, ...values);
   let lines = raw.split("\n");
-  assert50__default.default(lines.length > 0);
+  assert51__default.default(lines.length > 0);
   if (lines[lines.length - 1].trim() === "") {
     lines = lines.slice(0, lines.length - 1);
   }
@@ -125326,12 +125389,12 @@ function getEntryPointFromMetafile(entryFile, metafile) {
   );
   if (entryPoints.length !== 1) {
     const entryPointList = entryPoints.map(([_input, output]) => output.entryPoint).join("\n");
-    assert50__default.default(
+    assert51__default.default(
       entryPoints.length > 0,
       `Cannot find entry-point "${entryFile}" in generated bundle.
 ${entryPointList}`
     );
-    assert50__default.default(
+    assert51__default.default(
       entryPoints.length < 2,
       `More than one entry-point found for generated bundle.
 ${entryPointList}`
@@ -125595,9 +125658,9 @@ function handleNodeJSGlobals(build5, inject, polyfill2) {
   }));
   build5.onLoad({ filter: UNENV_VIRTUAL_MODULE_RE }, ({ path: path82 }) => {
     const module4 = virtualModulePathToSpecifier.get(path82);
-    assert50__default.default(module4, `Expected ${path82} to be mapped to a module specifier`);
+    assert51__default.default(module4, `Expected ${path82} to be mapped to a module specifier`);
     const injects = injectsByModule.get(module4);
-    assert50__default.default(injects, `Expected ${module4} to inject values`);
+    assert51__default.default(injects, `Expected ${module4} to inject values`);
     const imports = injects.map(
       ({ exportName, importName }) => importName === exportName ? exportName : `${exportName} as ${importName}`
     );
@@ -129673,10 +129736,10 @@ var init_CommandRegistry = __esm({
        * console.log(subtree); // Output: empty Map if 'wrangler hello' has no further subcommands
        */
       #resolveDefinitionNode(node2) {
-        assert50__default.default(node2.definition);
+        assert51__default.default(node2.definition);
         const chain2 = this.#resolveDefinitionChain(node2.definition);
         const resolvedDef = chain2.find((def) => def.type !== "alias");
-        assert50__default.default(resolvedDef);
+        assert51__default.default(resolvedDef);
         const { subtree } = node2.definition.type !== "alias" ? node2 : this.#findNodeFor(resolvedDef.command) ?? node2;
         const definition = {
           // take all properties from the resolved alias
@@ -143975,7 +144038,7 @@ async function deployContainers(config, normalisedContainerConfig, { versionId,
           "Could not deploy container application as durable object was not found in list of bindings"
         );
       }
-      assert50__default.default(
+      assert51__default.default(
         targetDurableObject && targetDurableObject.namespace_id !== void 0
       );
       await apply(
@@ -143991,7 +144054,7 @@ async function deployContainers(config, normalisedContainerConfig, { versionId,
       const targetDurableObject = maybeAllDurableObjects.find(
         (durableObject) => durableObject.class === container.class_name && durableObject.script === scriptName
       );
-      assert50__default.default(targetDurableObject, "Durable Object not returned from list API");
+      assert51__default.default(targetDurableObject, "Durable Object not returned from list API");
       await apply(
         {
           imageRef,
@@ -144401,8 +144464,6 @@ ${formatError(err)}`
 async function registryConfigureCommand(configureArgs, config) {
   startSection("Configure a container registry");
   const registryType = getAndValidateRegistryType(configureArgs.DOMAIN);
-  log(`Configuring ${registryType.name} registry: ${configureArgs.DOMAIN}
-`);
   if (registryType.type === "cloudflare") {
     log(
       "You do not need to configure credentials for Cloudflare managed registries.\n"
@@ -144410,6 +144471,13 @@ async function registryConfigureCommand(configureArgs, config) {
     endSection("No configuration required");
     return;
   }
+  const publicCredential = configureArgs.awsAccessKeyId ?? configureArgs.dockerhubUsername ?? configureArgs.publicCredential;
+  if (!publicCredential) {
+    const arg = registryType.type === "DockerHub" /* DOCKER_HUB */ ? "dockerhub-username" : registryType.type === "ECR" /* ECR */ ? "aws-access-key-id" : "public-credential";
+    throw new UserError(`Missing required argument: ${arg}`);
+  }
+  log(`Configuring ${registryType.name} registry: ${configureArgs.DOMAIN}
+`);
   const isFedRAMPHigh = getCloudflareComplianceRegion(config) === "fedramp_high";
   if (isFedRAMPHigh) {
     if (!configureArgs.disableSecretsStore) {
@@ -144489,7 +144557,7 @@ async function registryConfigureCommand(configureArgs, config) {
         domain: configureArgs.DOMAIN,
         is_public: false,
         auth: {
-          public_credential: configureArgs.publicCredential,
+          public_credential: publicCredential,
           private_credential
         },
         kind: registryType.type
@@ -144692,7 +144760,33 @@ async function registryDeleteCommand(deleteArgs, config) {
     endSection(`Deleted secret ${res.secrets_store_ref}`);
   }
 }
-var containersRegistriesNamespace, containersRegistriesConfigureCommand, containersRegistriesListCommand, containersRegistriesDeleteCommand;
+async function registryCredentialsCommand(credentialsArgs) {
+  const cloudflareRegistry = getCloudflareContainerRegistry();
+  const domain2 = credentialsArgs.DOMAIN || cloudflareRegistry;
+  if (domain2 !== cloudflareRegistry) {
+    throw new UserError(
+      `The credentials command only accepts the Cloudflare managed registry (${cloudflareRegistry}).`
+    );
+  }
+  if (!credentialsArgs.pull && !credentialsArgs.push) {
+    throw new UserError(
+      "You have to specify either --push or --pull in the command."
+    );
+  }
+  const credentials = await ImageRegistriesService.generateImageRegistryCredentials(domain2, {
+    expiration_minutes: credentialsArgs.expirationMinutes,
+    permissions: [
+      ...credentialsArgs.push ? ["push"] : [],
+      ...credentialsArgs.pull ? ["pull"] : []
+    ]
+  });
+  if (credentialsArgs.json) {
+    logger.json(credentials);
+  } else {
+    logger.log(credentials.password);
+  }
+}
+var registryConfigureArgs, registryListArgs, registryDeleteArgs, containersRegistriesNamespace, containersRegistriesConfigureCommand, containersRegistriesListCommand, containersRegistriesDeleteCommand, containersRegistriesCredentialsCommand;
 var init_registries = __esm({
   "src/containers/registries.ts"() {
     init_import_meta_url();
@@ -144710,12 +144804,83 @@ var init_registries = __esm({
     init_std();
     init_deploy();
     init_containers2();
+    registryConfigureArgs = {
+      DOMAIN: {
+        describe: "Domain to configure for the registry",
+        type: "string",
+        demandOption: true
+      },
+      "public-credential": {
+        type: "string",
+        demandOption: false,
+        hidden: true,
+        deprecated: true,
+        conflicts: ["dockerhub-username", "aws-access-key-id"]
+      },
+      "aws-access-key-id": {
+        type: "string",
+        description: "When configuring Amazon ECR, `AWS_ACCESS_KEY_ID`",
+        demandOption: false,
+        conflicts: ["public-credential", "dockerhub-username"]
+      },
+      "dockerhub-username": {
+        type: "string",
+        description: "When configuring DockerHub, the DockerHub username",
+        demandOption: false,
+        conflicts: ["public-credential", "aws-access-key-id"]
+      },
+      "secret-store-id": {
+        type: "string",
+        description: "The ID of the secret store to use to store the registry credentials.",
+        demandOption: false,
+        conflicts: "disable-secrets-store"
+      },
+      "secret-name": {
+        type: "string",
+        description: "The name for the secret the private registry credentials should be stored under.",
+        demandOption: false,
+        conflicts: "disable-secrets-store"
+      },
+      "disable-secrets-store": {
+        type: "boolean",
+        description: "Whether to disable secrets store integration. This should be set iff the compliance region is FedRAMP High.",
+        demandOption: false,
+        conflicts: ["secret-store-id", "secret-name"]
+      },
+      "skip-confirmation": {
+        type: "boolean",
+        description: "Skip confirmation prompts",
+        alias: "y",
+        default: false
+      }
+    };
     __name(registryConfigureCommand, "registryConfigureCommand");
     __name(promptForSecretName, "promptForSecretName");
     __name(getOrCreateSecret, "getOrCreateSecret");
     __name(promptForRegistryPrivateCredential, "promptForRegistryPrivateCredential");
+    registryListArgs = {
+      json: {
+        type: "boolean",
+        description: "Format output as JSON",
+        default: false
+      }
+    };
     __name(registryListCommand, "registryListCommand");
+    registryDeleteArgs = {
+      DOMAIN: {
+        describe: "Domain of the registry to delete",
+        type: "string",
+        demandOption: true
+      },
+      "skip-confirmation": {
+        type: "boolean",
+        description: "Skip confirmation prompts for registry and secret deletion",
+        alias: "y",
+        default: false
+      }
+    };
     __name(registryDeleteCommand, "registryDeleteCommand");
+    __name(registryCredentialsCommand, "registryCredentialsCommand");
     containersRegistriesNamespace = createNamespace({
       metadata: {
         description: "Configure and manage non-Cloudflare registries",
@@ -144729,43 +144894,7 @@ var init_registries = __esm({
         status: "open beta",
         owner: "Product: Cloudchamber"
       },
-      args: {
-        DOMAIN: {
-          describe: "Domain to configure for the registry",
-          type: "string",
-          demandOption: true
-        },
-        "public-credential": {
-          type: "string",
-          description: "The public part of the registry credentials, e.g. `AWS_ACCESS_KEY_ID` for ECR",
-          demandOption: true,
-          alias: "aws-access-key-id"
-        },
-        "secret-store-id": {
-          type: "string",
-          description: "The ID of the secret store to use to store the registry credentials.",
-          demandOption: false,
-          conflicts: "disable-secrets-store"
-        },
-        "secret-name": {
-          type: "string",
-          description: "The name for the secret the private registry credentials should be stored under.",
-          demandOption: false,
-          conflicts: "disable-secrets-store"
-        },
-        "disable-secrets-store": {
-          type: "boolean",
-          description: "Whether to disable secrets store integration. This should be set iff the compliance region is FedRAMP High.",
-          demandOption: false,
-          conflicts: ["secret-store-id", "secret-name"]
-        },
-        "skip-confirmation": {
-          type: "boolean",
-          description: "Skip confirmation prompts",
-          alias: "y",
-          default: false
-        }
-      },
+      args: registryConfigureArgs,
       positionalArgs: ["DOMAIN"],
       validateArgs(args) {
         if (args.skipConfirmation && !args.secretName && !args.disableSecretsStore) {
@@ -144783,19 +144912,12 @@ var init_registries = __esm({
       metadata: {
         description: "List all configured container registries",
         status: "open beta",
-        owner: "Product: Cloudchamber",
-        hidden: true
+        owner: "Product: Cloudchamber"
       },
       behaviour: {
         printBanner: /* @__PURE__ */ __name((args) => !args.json && !isNonInteractiveOrCI(), "printBanner")
       },
-      args: {
-        json: {
-          type: "boolean",
-          description: "Format output as JSON",
-          default: false
-        }
-      },
+      args: registryListArgs,
       async handler(args, { config }) {
         await fillOpenAPIConfiguration(config, containersScope);
         await registryListCommand(args);
@@ -144805,26 +144927,52 @@ var init_registries = __esm({
       metadata: {
         description: "Delete a configured container registry",
         status: "open beta",
-        owner: "Product: Cloudchamber",
-        hidden: true
+        owner: "Product: Cloudchamber"
+      },
+      args: registryDeleteArgs,
+      positionalArgs: ["DOMAIN"],
+      async handler(args, { config }) {
+        await fillOpenAPIConfiguration(config, containersScope);
+        await registryDeleteCommand(args, config);
+      }
+    });
+    containersRegistriesCredentialsCommand = createCommand({
+      metadata: {
+        description: "Get a temporary password for a specific domain",
+        status: "open beta",
+        owner: "Product: Cloudchamber"
+      },
+      behaviour: {
+        printBanner: /* @__PURE__ */ __name((args) => !args.json && !isNonInteractiveOrCI(), "printBanner")
       },
       args: {
         DOMAIN: {
-          describe: "Domain of the registry to delete",
           type: "string",
-          demandOption: true
+          describe: "Domain to get credentials for"
         },
-        "skip-confirmation": {
+        "expiration-minutes": {
+          type: "number",
+          default: 15,
+          description: "How long the credentials should be valid for (in minutes)"
+        },
+        push: {
           type: "boolean",
-          description: "Skip confirmation prompts for registry and secret deletion",
-          alias: "y",
+          description: "If you want these credentials to be able to push"
+        },
+        pull: {
+          type: "boolean",
+          description: "If you want these credentials to be able to pull"
+        },
+        json: {
+          type: "boolean",
+          description: "Format output as JSON",
           default: false
         }
       },
       positionalArgs: ["DOMAIN"],
       async handler(args, { config }) {
         await fillOpenAPIConfiguration(config, containersScope);
-        await registryDeleteCommand(args, config);
+        await registryCredentialsCommand(args);
       }
     });
   }
@@ -145191,7 +145339,7 @@ var init_config5 = __esm({
       }
       const normalizedContainers = [];
       for (const container of config.containers) {
-        assert50__default.default(container.name, "container name should have been set by validation");
+        assert51__default.default(container.name, "container name should have been set by validation");
         const allDOs = getDurableObjectClassNameToUseSQLiteMap(config.migrations);
         if (!allDOs.has(container.class_name) && config.durable_objects.bindings.find(
           (doBinding) => doBinding.class_name === container.class_name
@@ -145270,12 +145418,12 @@ var init_config5 = __esm({
         }
         const maybeDockerfile = isDockerfile(container.image, config.configPath);
         if (maybeDockerfile) {
-          assert50__default.default(
+          assert51__default.default(
             path3__namespace.default.isAbsolute(container.image),
             "Dockerfile path should be absolute"
           );
           const imageBuildContext = container.image_build_context ?? path3.dirname(container.image);
-          assert50__default.default(
+          assert51__default.default(
             path3__namespace.default.isAbsolute(imageBuildContext),
             "resolved image_build_context should be defined"
           );
@@ -149960,7 +150108,7 @@ function createWorkerUploadForm(worker, bindings, options) {
   const manifestModuleName = "__STATIC_CONTENT_MANIFEST";
   const hasManifest = modules?.some(({ name: name2 }) => name2 === manifestModuleName);
   if (hasManifest && main2.type === "esm") {
-    assert50__default.default(modules !== void 0);
+    assert51__default.default(modules !== void 0);
     const subDirs = new Set(
       modules.map((module4) => path3__namespace.default.posix.dirname(module4.name))
     );
@@ -154314,7 +154462,7 @@ var init_t_DYl0qC9V = __esm({
         this.complete(n8);
       }
       setup(a7, o7, s7) {
-        switch (assert50__default.default(s7 === `zsh` || s7 === `bash` || s7 === `fish` || s7 === `powershell`, `Unsupported shell`), s7) {
+        switch (assert51__default.default(s7 === `zsh` || s7 === `bash` || s7 === `fish` || s7 === `powershell`, `Unsupported shell`), s7) {
           case `zsh`: {
             let e9 = t2(a7, o7);
             console.log(e9);
@@ -154948,14 +155096,14 @@ function loadDotEnv(envPaths, { includeProcessEnv, silent }) {
       }
     } else if (parsed && !silent) {
       const relativePath = path3__namespace.default.relative(process.cwd(), envPath);
-      logger.log(`Using vars defined in ${relativePath}`);
+      logger.log(`Using secrets defined in ${relativePath}`);
     }
   }
   const expandedEnv = isWindows3 ? caseInsensitiveEnv() : {};
   if (includeProcessEnv) {
     Object.assign(expandedEnv, process.env);
     if (!silent) {
-      logger.log("Using vars defined in process.env");
+      logger.log("Using secrets defined in process.env");
     }
   }
   const { error: error2 } = import_dotenv_expand.default.expand({
@@ -169886,7 +170034,7 @@ async function executeLocally({
   } finally {
     await mf.dispose();
   }
-  assert50__default.default(Array.isArray(results));
+  assert51__default.default(Array.isArray(results));
   const allResults = results.map((result) => ({
     results: (result.results ?? []).map(
       (row) => Object.fromEntries(
@@ -172161,7 +172309,7 @@ async function provisionBindings(bindings, accountId, scriptName, autoCreate, co
     requireRemote
   );
   if (pendingResources.length > 0) {
-    assert50__default.default(
+    assert51__default.default(
       configPath,
       "Provisioning resources is not possible without a config file"
     );
@@ -172451,7 +172599,7 @@ var init_bindings2 = __esm({
         );
       }
       async isConnectedToExistingResource() {
-        assert50__default.default(typeof this.binding.bucket_name !== "symbol");
+        assert51__default.default(typeof this.binding.bucket_name !== "symbol");
         if (!this.binding.bucket_name) {
           return false;
         }
@@ -172545,7 +172693,7 @@ var init_bindings2 = __esm({
         return false;
       }
       async isConnectedToExistingResource() {
-        assert50__default.default(typeof this.binding.database_name !== "symbol");
+        assert51__default.default(typeof this.binding.database_name !== "symbol");
         if (!this.binding.database_name) {
           return false;
         }
@@ -172908,7 +173056,7 @@ async function getKVNamespaceId({ namespace, preview, binding, "namespace-id": n
     return { namespaceId: nsId, displayName: formatDisplayName(nsId) };
   } else if (previewIsDefined) {
     if (getFlag("RESOURCES_PROVISION")) {
-      assert50__default.default(binding);
+      assert51__default.default(binding);
       const nsId = await getIdFromSettings(config, binding, isLocal2);
       return { namespaceId: nsId, displayName: formatDisplayName(nsId) };
     }
@@ -172919,10 +173067,10 @@ async function getKVNamespaceId({ namespace, preview, binding, "namespace-id": n
   const bindingHasOnlyOneId = configNamespace.id && !configNamespace.preview_id || !configNamespace.id && configNamespace.preview_id;
   if (bindingHasOnlyOneId) {
     const nsId = configNamespace.id || configNamespace.preview_id;
-    assert50__default.default(nsId);
+    assert51__default.default(nsId);
     return { namespaceId: nsId, displayName: formatDisplayName(nsId) };
   } else if (getFlag("RESOURCES_PROVISION") && !configNamespace.id && !configNamespace.preview_id) {
-    assert50__default.default(binding);
+    assert51__default.default(binding);
     const nsId = await getIdFromSettings(config, binding, isLocal2);
     return { namespaceId: nsId, displayName: formatDisplayName(nsId) };
   } else {
@@ -173173,7 +173321,7 @@ var init_delete3 = __esm({
           logger.log(`--dry-run: exiting now.`);
           return;
         }
-        assert50__default.default(accountId, "Missing accountId");
+        assert51__default.default(accountId, "Missing accountId");
         const confirmed = args.force || await confirm(
           `Are you sure you want to delete ${scriptName}? This action cannot be undone.`
         );
@@ -195565,13 +195713,13 @@ var require_esprima2 = __commonJS({
           /***/
           function(module5, exports2) {
             Object.defineProperty(exports2, "__esModule", { value: true });
-            function assert58(condition, message) {
+            function assert59(condition, message) {
               if (!condition) {
                 throw new Error("ASSERT: " + message);
               }
             }
-            __name(assert58, "assert");
-            exports2.assert = assert58;
+            __name(assert59, "assert");
+            exports2.assert = assert59;
           },
           /* 10 */
           /***/
@@ -209292,12 +209440,12 @@ var require_lib4 = __commonJS({
       return x7;
     }
     __name(nonNull, "nonNull");
-    function assert58(x7) {
+    function assert59(x7) {
       if (!x7) {
         throw new Error("Assert fail");
       }
     }
-    __name(assert58, "assert");
+    __name(assert59, "assert");
     var TSErrors = ParseErrorEnum`typescript`({
       AbstractMethodHasImplementation: /* @__PURE__ */ __name(({
         methodName
@@ -210325,7 +210473,7 @@ var require_lib4 = __commonJS({
         return this.finishNode(t12, "TSTypeAnnotation");
       }
       tsParseType() {
-        assert58(this.state.inType);
+        assert59(this.state.inType);
         const type = this.tsParseNonConditionalType();
         if (this.state.inDisallowConditionalTypesContext || this.hasPrecedingLineBreak() || !this.eat(81)) {
           return type;
@@ -211373,7 +211521,7 @@ var require_lib4 = __commonJS({
           return arrow.node;
         }
         if (!jsx2) {
-          assert58(!this.hasPlugin("jsx"));
+          assert59(!this.hasPlugin("jsx"));
           typeCast = this.tryParse(() => super.parseMaybeAssign(refExpressionErrors, afterLeftParse), state2);
           if (!typeCast.error) return typeCast.node;
         }
@@ -216178,7 +216326,7 @@ function checkMinimumAnalogVersion(projectPath) {
     "@analogjs/platform",
     projectPath
   );
-  assert50__default.default(
+  assert51__default.default(
     analogJsVersion,
     "Unable to discern the version of the `@analogjs/platform` package"
   );
@@ -216407,7 +216555,7 @@ var init_packages3 = __esm({
         const pkgJsonPath = path3__namespace.default.join(process.cwd(), "package.json");
         const pkgJson = parsePackageJSON(readFileSync(pkgJsonPath), pkgJsonPath);
         const deps = config.dev ? pkgJson.devDependencies : pkgJson.dependencies;
-        assert50__default.default(deps, "dependencies should be defined");
+        assert51__default.default(deps, "dependencies should be defined");
         for (const pkg of packages) {
           const versionMarker = pkg.lastIndexOf("@");
           if (versionMarker > 0) {
@@ -217131,13 +217279,13 @@ function transformReactRouterConfig(projectPath, viteEnvironmentKey) {
   }`
         );
       }
-      assert50__default.default(node2.type === "ObjectExpression");
+      assert51__default.default(node2.type === "ObjectExpression");
       const futureKey = node2.properties.findIndex(
         (p7) => p7.type === "ObjectProperty" && p7.key.type === "Identifier" && p7.key.name === "future" && p7.value.type === "ObjectExpression"
       );
       if (futureKey !== -1) {
         const future = node2.properties[futureKey];
-        assert50__default.default(
+        assert51__default.default(
           future.type === "ObjectProperty" && future.value.type === "ObjectExpression"
         );
         const viteEnvironment = future.value.properties.findIndex(
@@ -217145,7 +217293,7 @@ function transformReactRouterConfig(projectPath, viteEnvironmentKey) {
         );
         if (viteEnvironment !== -1) {
           const prop = future.value.properties[viteEnvironment];
-          assert50__default.default(
+          assert51__default.default(
             prop.type === "ObjectProperty" && prop.value.type === "BooleanLiteral"
           );
           prop.value.value = true;
@@ -217324,8 +217472,79 @@ var init_react_router2 = __esm({
     };
   }
 });
-
-// src/autoconfig/frameworks/solid-start.ts
+function updateViteConfigFile(projectPath) {
+  const filePath = `vite.config.${usesTypescript(projectPath) ? "ts" : "js"}`;
+  transformFile(filePath, {
+    visitCallExpression: /* @__PURE__ */ __name(function(n8) {
+      const callee = n8.node.callee;
+      if (callee.name !== "nitro") {
+        return this.traverse(n8);
+      }
+      const b11 = recast7.types.builders;
+      const presetProp = b11.objectProperty(
+        b11.identifier("preset"),
+        b11.stringLiteral("cloudflare-module")
+      );
+      if (n8.node.arguments.length === 0) {
+        n8.node.arguments.push(b11.objectExpression([presetProp]));
+      } else {
+        mergeObjectProperties(
+          n8.node.arguments[0],
+          [presetProp]
+        );
+      }
+      return false;
+    }, "visitCallExpression")
+  });
+}
+function updateAppConfigFile(projectPath) {
+  const filePath = `app.config.${usesTypescript(projectPath) ? "ts" : "js"}`;
+  const { date: compatDate } = getLocalWorkerdCompatibilityDate({
+    projectPath
+  });
+  updateStatus(`Updating configuration in ${blue(filePath)}`);
+  transformFile(filePath, {
+    visitCallExpression: /* @__PURE__ */ __name(function(n8) {
+      const callee = n8.node.callee;
+      if (callee.name !== "defineConfig") {
+        return this.traverse(n8);
+      }
+      const b11 = recast7.types.builders;
+      mergeObjectProperties(
+        n8.node.arguments[0],
+        [
+          b11.objectProperty(
+            b11.identifier("server"),
+            b11.objectExpression([
+              // preset: "cloudflare_module"
+              b11.objectProperty(
+                b11.identifier("preset"),
+                b11.stringLiteral("cloudflare_module")
+              ),
+              b11.objectProperty(
+                b11.identifier("compatibilityDate"),
+                b11.stringLiteral(compatDate)
+              )
+            ])
+          )
+        ]
+      );
+      return false;
+    }, "visitCallExpression")
+  });
+}
+function getSolidStartVersion(projectPath) {
+  const packageName = "@solidjs/start";
+  const solidStartVersion = getInstalledPackageVersion(
+    packageName,
+    projectPath
+  );
+  assert51__default.default(
+    solidStartVersion,
+    `Unable to discern the version of the \`${packageName}\` package`
+  );
+  return solidStartVersion;
+}
 var recast7, SolidStart2;
 var init_solid_start2 = __esm({
   "src/autoconfig/frameworks/solid-start.ts"() {
@@ -217334,8 +217553,10 @@ var init_solid_start2 = __esm({
     init_colors();
     init_dist();
     recast7 = __toESM(require_main4());
+    init_semiver();
     init_codemod();
     init_uses_typescript();
+    init_packages2();
     init_frameworks2();
     SolidStart2 = class extends exports.experimental_AutoConfigFramework {
       static {
@@ -217346,40 +217567,12 @@ var init_solid_start2 = __esm({
         dryRun
       }) {
         if (!dryRun) {
-          const filePath = `app.config.${usesTypescript(projectPath) ? "ts" : "js"}`;
-          const { date: compatDate } = getLocalWorkerdCompatibilityDate({
-            projectPath
-          });
-          updateStatus(`Updating configuration in ${blue(filePath)}`);
-          transformFile(filePath, {
-            visitCallExpression: /* @__PURE__ */ __name(function(n8) {
-              const callee = n8.node.callee;
-              if (callee.name !== "defineConfig") {
-                return this.traverse(n8);
-              }
-              const b11 = recast7.types.builders;
-              mergeObjectProperties(
-                n8.node.arguments[0],
-                [
-                  b11.objectProperty(
-                    b11.identifier("server"),
-                    b11.objectExpression([
-                      // preset: "cloudflare_module"
-                      b11.objectProperty(
-                        b11.identifier("preset"),
-                        b11.stringLiteral("cloudflare_module")
-                      ),
-                      b11.objectProperty(
-                        b11.identifier("compatibilityDate"),
-                        b11.stringLiteral(compatDate)
-                      )
-                    ])
-                  )
-                ]
-              );
-              return false;
-            }, "visitCallExpression")
-          });
+          const solidStartVersion = getSolidStartVersion(projectPath);
+          if (semiver_default(solidStartVersion, "2.0.0-alpha") < 0) {
+            updateAppConfigFile(projectPath);
+          } else {
+            updateViteConfigFile(projectPath);
+          }
         }
         return {
           wranglerConfig: {
@@ -217392,6 +217585,9 @@ var init_solid_start2 = __esm({
         };
       }
     };
+    __name(updateViteConfigFile, "updateViteConfigFile");
+    __name(updateAppConfigFile, "updateAppConfigFile");
+    __name(getSolidStartVersion, "getSolidStartVersion");
   }
 });
 
@@ -217534,7 +217730,7 @@ function addVikePhotonToVikeConfigExportObject(n8) {
     );
     configObject.properties.push(configTargetProp);
   }
-  assert50__default.default(configTargetProp && t4.ArrayExpression.check(configTargetProp.value));
+  assert51__default.default(configTargetProp && t4.ArrayExpression.check(configTargetProp.value));
   if (!configTargetProp.value.elements.some(
     (el) => el?.type === "CallExpression" && el.callee.type === "Identifier" && el.callee.name === vikeConfigExtendsPropName
   )) {
@@ -217752,15 +217948,15 @@ async function updateWakuConfig(projectPath) {
         return this.traverse(n8);
       }
       const config = n8.node.arguments[0];
-      assert50__default.default(t5.ObjectExpression.check(config));
+      assert51__default.default(t5.ObjectExpression.check(config));
       const viteConfig = config.properties.find(
         (prop) => isViteProp(prop)
       )?.value;
-      assert50__default.default(t5.ObjectExpression.check(viteConfig));
+      assert51__default.default(t5.ObjectExpression.check(viteConfig));
       const pluginsProp = viteConfig.properties.find(
         (prop) => isPluginsProp2(prop)
       );
-      assert50__default.default(pluginsProp && t5.ArrayExpression.check(pluginsProp.value));
+      assert51__default.default(pluginsProp && t5.ArrayExpression.check(pluginsProp.value));
       if (!pluginsProp.value.elements.some(
         (el) => el?.type === "CallExpression" && el.callee.type === "Identifier" && el.callee.name === "cloudflare"
       )) {
@@ -217986,7 +218182,7 @@ function convertDetectedPackageManager(pkgManager) {
   }
 }
 function assertNonConfigured(details) {
-  assert50__default.default(
+  assert51__default.default(
     details.configured === false,
     "Error: expected the current project not to be already configured"
   );
@@ -218624,7 +218820,7 @@ async function runAutoConfig(autoConfigDetails, autoConfigOptions = {}) {
         autoConfigDetails.framework.id === "cloudflare-pages" ? `The target project seems to be using Cloudflare Pages. Automatically migrating from a Pages project to a Workers one is not yet supported.` : `The detected framework ("${autoConfigDetails.framework.name}") cannot be automatically configured.`
       );
     }
-    assert50__default.default(
+    assert51__default.default(
       autoConfigDetails.outputDir,
       "The Output Directory is unexpectedly missing"
     );
@@ -219295,7 +219491,7 @@ async function syncWorkersSite(complianceConfig, accountId, scriptName, siteAsse
     logger.log("(Note: doing a dry run, not uploading or deleting anything.)");
     return { manifest: void 0, namespace: void 0 };
   }
-  assert50__default.default(accountId, "Missing accountId");
+  assert51__default.default(accountId, "Missing accountId");
   const title = `__${scriptName}-workers_sites_assets${preview ? "_preview" : ""}`;
   const { id: namespace } = await createKVNamespaceIfNotAlreadyExisting(
     complianceConfig,
@@ -219593,7 +219789,7 @@ async function maybeDelegateToOpenNextDeployCommand(projectRoot) {
         "OpenNext project detected, calling `opennextjs-cloudflare deploy`"
       );
       const deployArgIdx = process.argv.findIndex((arg) => arg === "deploy");
-      assert50__default.default(deployArgIdx !== -1, "Could not find `deploy` argument");
+      assert51__default.default(deployArgIdx !== -1, "Could not find `deploy` argument");
       const deployArguments = process.argv.slice(deployArgIdx + 1);
       const { npx } = await getPackageManager();
       await runCommand2(
@@ -220107,7 +220303,7 @@ var init_deploy2 = __esm({
           );
         }
         if (!args.dryRun) {
-          assert50__default.default(accountId, "Missing account ID");
+          assert51__default.default(accountId, "Missing account ID");
           await verifyWorkerMatchesCITag(
             config,
             accountId,
@@ -220388,8 +220584,8 @@ async function runSearch(searchTerm) {
     hitsPerPage: "1",
     getRankingInfo: "0"
   });
-  assert50__default.default(id, "Missing Algolia App ID");
-  assert50__default.default(key, "Missing Algolia Key");
+  assert51__default.default(id, "Missing Algolia App ID");
+  assert51__default.default(key, "Missing Algolia Key");
   const searchResp = await (0, import_undici15.fetch)(
     `https://${id}-dsn.algolia.net/1/indexes/${index}/query`,
     {
@@ -220655,11 +220851,14 @@ async function patchConfig(config, id, body) {
     }
   );
 }
+var PostgresSslmode, MySqlSslmode;
 var init_client4 = __esm({
   "src/hyperdrive/client.ts"() {
     init_import_meta_url();
     init_cfetch();
     init_user3();
+    PostgresSslmode = ["require", "verify-ca", "verify-full"];
+    MySqlSslmode = ["REQUIRED", "VERIFY_CA", "VERIFY_IDENTITY"];
     __name(createConfig, "createConfig");
     __name(deleteConfig, "deleteConfig");
     __name(getConfig, "getConfig");
@@ -220708,13 +220907,19 @@ var init_shared2 = __esm({
 });
 
 // src/hyperdrive/index.ts
+function normalizeMysqlSslmode(sslmode) {
+  const mysqlSslmode = MySqlSslmode.find(
+    (mode) => mode.toLowerCase() === sslmode.toLowerCase()
+  );
+  return mysqlSslmode ?? sslmode;
+}
 function getOriginFromArgs(allowPartialOrigin, args) {
   if (args.connectionString) {
     const url4 = new URL(args.connectionString);
     url4.protocol = url4.protocol.toLowerCase();
-    if (url4.port === "" && (url4.protocol == "postgresql:" || url4.protocol == "postgres:")) {
+    if (url4.port === "" && (url4.protocol == "postgresql:" || url4.protocol === "postgres:")) {
       url4.port = "5432";
-    } else if (url4.port === "" && url4.protocol == "mysql:") {
+    } else if (url4.port === "" && url4.protocol === "mysql:") {
       url4.port = "3306";
     }
     if (url4.protocol === "") {
@@ -220785,7 +220990,7 @@ function getOriginFromArgs(allowPartialOrigin, args) {
         "You must provide both an Access Client ID and Access Client Secret when configuring Hyperdrive-over-Access"
       );
     }
-    if (!args.originHost || args.originHost == "") {
+    if (!args.originHost || args.originHost === "") {
       throw new UserError(
         "You must provide an origin hostname for the database"
       );
@@ -220837,17 +221042,16 @@ function getMtlsFromArgs(args) {
   const mtls = {
     ca_certificate_id: args.caCertificateId,
     mtls_certificate_id: args.mtlsCertificateId,
-    sslmode: args.sslmode
+    sslmode: args.sslmode ? normalizeMysqlSslmode(args.sslmode) : void 0
   };
   if (JSON.stringify(mtls) === "{}") {
     return void 0;
   } else {
-    if (mtls.sslmode == "require" && mtls.ca_certificate_id?.trim()) {
-      throw new UserError("CA not allowed when sslmode = 'require' is set");
-    }
-    if ((mtls.sslmode == "verify-ca" || mtls.sslmode == "verify-full") && !mtls.ca_certificate_id?.trim()) {
+    if (mtls.sslmode && !PostgresSslmode.includes(mtls.sslmode) && !MySqlSslmode.includes(mtls.sslmode)) {
       throw new UserError(
-        "CA required when sslmode = 'verify-ca' or 'verify-full' is set"
+        `Invalid sslmode '${mtls.sslmode}'. Valid options are:
+- PostgreSQL: ${PostgresSslmode.join(", ")}
+- MySQL: ${MySqlSslmode.join(", ")}`
       );
     }
     return mtls;
@@ -220862,6 +221066,7 @@ var init_hyperdrive2 = __esm({
     init_import_meta_url();
     init_dist();
     init_create_command();
+    init_client4();
     hyperdriveNamespace = createNamespace({
       metadata: {
         description: "\u{1F680} Manage Hyperdrive databases",
@@ -220870,6 +221075,7 @@ var init_hyperdrive2 = __esm({
         category: "Storage & databases"
       }
     });
+    __name(normalizeMysqlSslmode, "normalizeMysqlSslmode");
     upsertOptions = /* @__PURE__ */ __name((defaultOriginScheme = void 0) => ({
       "connection-string": {
         type: "string",
@@ -220962,8 +221168,9 @@ var init_hyperdrive2 = __esm({
       },
       sslmode: {
         type: "string",
-        choices: ["require", "verify-ca", "verify-full"],
-        description: "Sets CA sslmode for connecting to database."
+        coerce: normalizeMysqlSslmode,
+        choices: [...PostgresSslmode, ...MySqlSslmode],
+        description: `Sets sslmode for connecting to database. For PostgreSQL: '${PostgresSslmode.join(", ")}'. For MySQL: '${MySqlSslmode.join(", ")}'.`
       },
       "origin-connection-limit": {
         type: "number",
@@ -222012,7 +222219,7 @@ This action is irreversible and will permanently delete all data in the KV names
           }
           namespaceId = namespace.id;
         }
-        assert50.strict(namespaceId, "namespaceId should be defined");
+        assert51.strict(namespaceId, "namespaceId should be defined");
         logger.log(`Renaming KV namespace ${namespaceId} to "${args.newName}".`);
         const updatedNamespace = await updateKVNamespace(
           config,
@@ -263264,7 +263471,7 @@ async function generateR2ServiceToken(accountId, bucketName, pipelineName) {
   const timeoutPromise = promises.setTimeout(12e4, "timeout", { signal });
   const serverPromise = new Promise((resolve31, reject) => {
     const server = http__namespace.default.createServer(async (request4, response) => {
-      assert50__default.default(request4.url, "This request doesn't have a URL");
+      assert51__default.default(request4.url, "This request doesn't have a URL");
       if (request4.method !== "GET") {
         response.writeHead(405);
         response.end("Method not allowed.");
@@ -264751,7 +264958,7 @@ async function ensureCatalogEnabled(config, accountId, bucketName) {
     const catalog = await getR2Catalog(config, accountId, bucketName);
     catalogEnabled = catalog.status === "active";
   } catch (err) {
-    if (err instanceof APIError && err.code === 10006) ; else {
+    if (err instanceof APIError && err.code === 40401) ; else {
       throw err;
     }
   }
@@ -273132,6 +273339,11 @@ ${dashLink}`);
   if (config.workflows?.length) {
     for (const workflow of config.workflows) {
       if (workflow.script_name !== void 0 && workflow.script_name !== scriptName) {
+        if (workflow.limits) {
+          throw new UserError(
+            `Workflow "${workflow.name}" has "limits" configured but references external script "${workflow.script_name}". Configure limits on the worker that defines the workflow.`
+          );
+        }
         continue;
       }
       deployments.push(
@@ -273142,7 +273354,8 @@ ${dashLink}`);
             method: "PUT",
             body: JSON.stringify({
               script_name: scriptName,
-              class_name: workflow.class_name
+              class_name: workflow.class_name,
+              ...workflow.limits && { limits: workflow.limits }
             }),
             headers: {
               "Content-Type": "application/json"
@@ -273414,38 +273627,56 @@ var init_triggers = __esm({
     });
   }
 });
-function getVarsForDev(configPath, envFiles, vars, env6, silent = false) {
+function getVarsForDev(configPath, envFiles, vars, env6, silent = false, secrets) {
   const result = {};
   for (const [key, value] of Object.entries(vars)) {
     result[key] = toVarBinding(value);
   }
   const configDir = path3__namespace.resolve(configPath ? path3__namespace.dirname(configPath) : ".");
+  let loadedSecrets;
   if (!envFiles?.length) {
     const devVarsPath = path3__namespace.resolve(configDir, ".dev.vars");
     const loaded = loadDotDevDotVars(devVarsPath, env6);
     if (loaded !== void 0) {
       const devVarsRelativePath = path3__namespace.relative(process.cwd(), loaded.path);
       if (!silent) {
-        logger.log(`Using vars defined in ${devVarsRelativePath}`);
+        logger.log(`Using secrets defined in ${devVarsRelativePath}`);
       }
-      for (const [key, value] of Object.entries(loaded.parsed)) {
-        result[key] = { type: "secret_text", value };
-      }
-      return result;
+      loadedSecrets = loaded.parsed;
     }
   }
-  if (getCloudflareLoadDevVarsFromDotEnv()) {
+  if (loadedSecrets === void 0 && getCloudflareLoadDevVarsFromDotEnv()) {
     const resolvedEnvFilePaths = (envFiles ?? getDefaultEnvFiles(env6)).map(
       (p7) => path3__namespace.resolve(configDir, p7)
     );
-    const dotEnvVars = loadDotEnv(resolvedEnvFilePaths, {
-      includeProcessEnv: getCloudflareIncludeProcessEnvFromEnv(),
+    loadedSecrets = loadDotEnv(resolvedEnvFilePaths, {
+      // When secrets is defined, always include `process.env`.
+      // Otherwise, respect the CLOUDFLARE_INCLUDE_PROCESS_ENV env var.
+      includeProcessEnv: !!secrets || getCloudflareIncludeProcessEnvFromEnv(),
       silent
     });
-    for (const [key, value] of Object.entries(dotEnvVars)) {
-      result[key] = { type: "secret_text", value: String(value) };
+  }
+  if (secrets) {
+    const requiredSecrets = secrets.required ?? [];
+    for (const key of requiredSecrets) {
+      if (loadedSecrets !== void 0 && key in loadedSecrets) {
+        result[key] = { type: "secret_text", value: loadedSecrets[key] };
+      }
+    }
+    if (!silent) {
+      const missing = requiredSecrets.filter(
+        (key) => loadedSecrets === void 0 || !(key in loadedSecrets)
+      );
+      if (missing.length > 0) {
+        logger.warn(
+          `Missing required secrets: ${missing.join(", ")}. Add them to .dev.vars, .env, or set as environment variables.`
+        );
+      }
+    }
+  } else if (loadedSecrets !== void 0) {
+    for (const [key, value] of Object.entries(loadedSecrets)) {
+      result[key] = { type: "secret_text", value };
     }
-    return result;
   }
   return result;
 }
@@ -274092,22 +274323,50 @@ function generateImportSpecifier(from, to) {
     return `./${relativePath}/${filename}`;
   }
 }
-async function generateEnvTypes(config, args, envInterface, outputPath, entrypoint, serviceEntries, log2 = true) {
-  const secretBindings = getVarsForDev(
-    config.userConfigPath,
-    args.envFile,
-    {},
-    args.env,
-    true
-  );
-  const secrets = {};
-  for (const key of Object.keys(secretBindings)) {
-    secrets[key] = "";
+function hasConfigSecrets(rawConfig) {
+  if (rawConfig.secrets !== void 0) {
+    return true;
   }
+  return Object.values(rawConfig.env ?? {}).some(
+    (env6) => env6.secrets !== void 0
+  );
+}
+async function generateEnvTypes(config, args, envInterface, outputPath, entrypoint, serviceEntries, log2 = true) {
   const collectionArgs = {
     ...args,
     config: config.configPath
   };
+  const { rawConfig } = exports.experimental_readRawConfig(collectionArgs);
+  let secrets = {};
+  let perEnvSecrets;
+  const useConfigSecrets = hasConfigSecrets(rawConfig);
+  if (useConfigSecrets) {
+    perEnvSecrets = /* @__PURE__ */ new Map();
+    const topLevelKeys = {};
+    for (const key of rawConfig.secrets?.required ?? []) {
+      topLevelKeys[key] = "";
+    }
+    perEnvSecrets.set(TOP_LEVEL_ENV_NAME, topLevelKeys);
+    for (const [envName, envConfig] of Object.entries(rawConfig.env ?? {})) {
+      const envKeys = {};
+      for (const key of envConfig.secrets?.required ?? []) {
+        envKeys[key] = "";
+      }
+      perEnvSecrets.set(envName, envKeys);
+    }
+    secrets = perEnvSecrets.get(args.env ?? TOP_LEVEL_ENV_NAME) ?? {};
+  } else {
+    const secretBindings = getVarsForDev(
+      config.userConfigPath,
+      args.envFile,
+      {},
+      args.env,
+      true
+    );
+    for (const key of Object.keys(secretBindings)) {
+      secrets[key] = "";
+    }
+  }
   const entrypointFormat = entrypoint?.format ?? "modules";
   const userProvidedEnvInterface = envInterface !== "Env";
   if (userProvidedEnvInterface && entrypointFormat === "service-worker") {
@@ -274115,7 +274374,6 @@ async function generateEnvTypes(config, args, envInterface, outputPath, entrypoi
       "An env-interface value has been provided but the worker uses the incompatible Service Worker syntax"
     );
   }
-  const { rawConfig } = exports.experimental_readRawConfig(collectionArgs);
   const hasEnvironments = !!rawConfig.env && Object.keys(rawConfig.env).length > 0;
   const shouldGeneratePerEnvTypes = hasEnvironments && !args.env;
   if (shouldGeneratePerEnvTypes) {
@@ -274127,6 +274385,7 @@ async function generateEnvTypes(config, args, envInterface, outputPath, entrypoi
       entrypoint,
       serviceEntries,
       secrets,
+      perEnvSecrets,
       log2
     );
   }
@@ -274351,7 +274610,7 @@ async function generateSimpleEnvTypes(config, collectionArgs, envInterface, outp
     };
   }
 }
-async function generatePerEnvironmentTypes(config, collectionArgs, envInterface, outputPath, entrypoint, serviceEntries, secrets = {}, log2 = true) {
+async function generatePerEnvironmentTypes(config, collectionArgs, envInterface, outputPath, entrypoint, serviceEntries, secrets = {}, perEnvSecrets, log2 = true) {
   const { rawConfig } = exports.experimental_readRawConfig(collectionArgs);
   const envNames = Object.keys(rawConfig.env ?? {});
   validateEnvInterfaceNames(envNames);
@@ -274433,6 +274692,7 @@ async function generatePerEnvironmentTypes(config, collectionArgs, envInterface,
   for (const envName of envNames) {
     const interfaceName = toEnvInterfaceName(envName);
     const envBindings = new Array();
+    const envSecrets = perEnvSecrets?.get(envName) ?? secrets;
     const bindings = bindingsPerEnv.get(envName) ?? [];
     for (const binding of bindings) {
       envBindings.push({
@@ -274443,7 +274703,7 @@ async function generatePerEnvironmentTypes(config, collectionArgs, envInterface,
     }
     const vars = varsPerEnv.get(envName) ?? {};
     for (const [varName, varValues] of Object.entries(vars)) {
-      if (varName in secrets) {
+      if (varName in envSecrets) {
         continue;
       }
       const varType = varValues.length === 1 ? varValues[0] : varValues.join(" | ");
@@ -274453,8 +274713,9 @@ async function generatePerEnvironmentTypes(config, collectionArgs, envInterface,
         stringKeys.push(varName);
       }
     }
-    for (const secretName in secrets) {
+    for (const secretName in envSecrets) {
       envBindings.push({ key: constructTypeKey(secretName), value: "string" });
+      trackBinding(secretName, "string", envName);
       if (!stringKeys.includes(secretName)) {
         stringKeys.push(secretName);
       }
@@ -274519,9 +274780,10 @@ ${bindingLines}
   for (const binding of topLevelBindings) {
     trackBinding(binding.name, binding.type, TOP_LEVEL_ENV_NAME);
   }
+  const topLevelSecrets = perEnvSecrets?.get(TOP_LEVEL_ENV_NAME) ?? secrets;
   const topLevelVars = varsPerEnv.get(TOP_LEVEL_ENV_NAME) ?? {};
   for (const [varName, varValues] of Object.entries(topLevelVars)) {
-    if (varName in secrets) {
+    if (varName in topLevelSecrets) {
       continue;
     }
     const varType = varValues.length === 1 ? varValues[0] : varValues.join(" | ");
@@ -274530,6 +274792,12 @@ ${bindingLines}
       stringKeys.push(varName);
     }
   }
+  for (const secretName in topLevelSecrets) {
+    trackBinding(secretName, "string", TOP_LEVEL_ENV_NAME);
+    if (!stringKeys.includes(secretName)) {
+      stringKeys.push(secretName);
+    }
+  }
   const topLevelDOs = durableObjectsPerEnv.get(TOP_LEVEL_ENV_NAME) ?? [];
   for (const durableObject of topLevelDOs) {
     const type = getDurableObjectType(durableObject);
@@ -274562,17 +274830,7 @@ ${bindingLines}
     }
   }
   const aggregatedEnvBindings = new Array();
-  for (const secretName in secrets) {
-    aggregatedEnvBindings.push({
-      key: constructTypeKey(secretName),
-      required: true,
-      type: "string"
-    });
-  }
   for (const [name2, types12] of aggregatedBindings.entries()) {
-    if (name2 in secrets) {
-      continue;
-    }
     const typeArray = Array.from(types12);
     const unionType2 = typeArray.length === 1 ? typeArray[0] : typeArray.join(" | ");
     const presence = bindingPresence.get(name2);
@@ -276197,6 +276455,7 @@ ${content.join("\n")}`,
     __name(constructTypeKey, "constructTypeKey");
     __name(constructTSModuleGlob, "constructTSModuleGlob");
     __name(generateImportSpecifier, "generateImportSpecifier");
+    __name(hasConfigSecrets, "hasConfigSecrets");
     __name(generateEnvTypes, "generateEnvTypes");
     __name(generateSimpleEnvTypes, "generateSimpleEnvTypes");
     __name(generatePerEnvironmentTypes, "generatePerEnvironmentTypes");
@@ -278220,13 +278479,13 @@ ${ZERO_WIDTH_SPACE}       Message:  ${version5.annotations?.["workers/message"]
     },
     renderers: {
       submit({ value: versionIds }) {
-        assert50__default.default(Array.isArray(versionIds));
+        assert51__default.default(Array.isArray(versionIds));
         const label = brandColor(
           `${versionIds.length} Worker Version(s) selected`
         );
         const versions2 = versionIds?.map((versionId, i7) => {
           const version5 = versionCache.get(versionId);
-          assert50__default.default(version5);
+          assert51__default.default(version5);
           return `${grayBar}
 ${leftT} ${white(`    Worker Version ${i7 + 1}: `, version5.id)}
 ${grayBar} ${gray("             Created: ", version5.metadata.created_on)}
@@ -278852,7 +279111,7 @@ var init_list12 = __esm({
         const formattedDeployments = deployments.map((deployment) => {
           const formattedVersions = deployment.versions.map((traffic) => {
             const version5 = versionCache.get(traffic.version_id);
-            assert50__default.default(version5);
+            assert51__default.default(version5);
             const percentage = brandColor(`(${traffic.percentage}%)`);
             const details = formatLabelledValues(
               {
@@ -278957,7 +279216,7 @@ var init_status3 = __esm({
         );
         const formattedVersions = latestDeployment.versions.map((traffic) => {
           const version5 = versionCache.get(traffic.version_id);
-          assert50__default.default(version5);
+          assert51__default.default(version5);
           const percentage = brandColor(`(${traffic.percentage}%)`);
           const details = formatLabelledValues(
             {
@@ -279865,7 +280124,7 @@ var init_log_build_output = __esm({
 });
 async function getMigrationsToUpload(scriptName, props) {
   const { config, accountId } = props;
-  assert50__default.default(accountId, "Missing accountId");
+  assert51__default.default(accountId, "Missing accountId");
   let migrations;
   if (config.migrations.length > 0) {
     let script;
@@ -280273,7 +280532,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
         { unsafeMetadata: config.unsafe?.metadata }
       );
     } else {
-      assert50__default.default(accountId, "Missing accountId");
+      assert51__default.default(accountId, "Missing accountId");
       if (getFlag("RESOURCES_PROVISION")) {
         await provisionBindings(
           bindings,
@@ -280735,7 +280994,7 @@ var init_upload5 = __esm({
         }
         const previewAlias = args.previewAlias ?? (getCIGeneratePreviewAlias() === "true" ? generatePreviewAlias(name2) : void 0);
         if (!args.dryRun) {
-          assert50__default.default(accountId, "Missing account ID");
+          assert51__default.default(accountId, "Missing account ID");
           await verifyWorkerMatchesCITag(
             config,
             accountId,
@@ -286180,6 +286439,10 @@ function createCLIParser(argv) {
       command: "wrangler containers registries delete",
       definition: containersRegistriesDeleteCommand
     },
+    {
+      command: "wrangler containers registries credentials",
+      definition: containersRegistriesCredentialsCommand
+    },
     {
       command: "wrangler containers images",
       definition: containersImagesNamespace
@@ -287091,7 +287354,7 @@ Error: ${errorMessage}
     if (e9.cause instanceof ApiError) {
       logger.error(e9.cause);
     } else {
-      assert50__default.default(isAuthenticationError(e9));
+      assert51__default.default(isAuthenticationError(e9));
       logger.error(e9);
     }
     const envAuth = getAuthFromEnv();
@@ -287675,10 +287938,10 @@ var require_difflib = __commonJS({
   "../../node_modules/.pnpm/@ewoudenberg+difflib@0.1.0/node_modules/@ewoudenberg/difflib/lib/difflib.js"(exports) {
     init_import_meta_url();
     (function() {
-      var Differ, Heap, IS_CHARACTER_JUNK, IS_LINE_JUNK, SequenceMatcher, _any, _arrayCmp, _calculateRatio, _countLeading, _formatRangeContext, _formatRangeUnified, _has, assert58, contextDiff, floor, getCloseMatches, max, min, ndiff, restore, unifiedDiff, indexOf = [].indexOf;
+      var Differ, Heap, IS_CHARACTER_JUNK, IS_LINE_JUNK, SequenceMatcher, _any, _arrayCmp, _calculateRatio, _countLeading, _formatRangeContext, _formatRangeUnified, _has, assert59, contextDiff, floor, getCloseMatches, max, min, ndiff, restore, unifiedDiff, indexOf = [].indexOf;
       ({ floor, max, min } = Math);
       Heap = require_heap2();
-      assert58 = __require("assert");
+      assert59 = __require("assert");
       _calculateRatio = /* @__PURE__ */ __name(function(matches, length) {
         if (length) {
           return 2 * matches / length;
@@ -288249,7 +288512,7 @@ var require_difflib = __commonJS({
         }
         _plainReplace(a7, alo, ahi, b11, blo, bhi) {
           var first, g7, l8, len, len1, line, lines, m7, ref, second;
-          assert58(alo < ahi && blo < bhi);
+          assert59(alo < ahi && blo < bhi);
           if (bhi - blo < ahi - alo) {
             first = this._dump("+", b11, blo, bhi);
             second = this._dump("-", a7, alo, ahi);
@@ -290068,10 +290331,10 @@ function populateConfigPatch(diff, patchObj, targetEnvironment) {
     return;
   }
   if (Array.isArray(diff)) {
-    assert50__default.default(Array.isArray(patchObj));
+    assert51__default.default(Array.isArray(patchObj));
     return populateConfigPatchArray(diff, patchObj);
   }
-  assert50__default.default(!Array.isArray(patchObj));
+  assert51__default.default(!Array.isArray(patchObj));
   return populateConfigPatchObject(diff, patchObj, targetEnvironment);
 }
 function populateConfigPatchArray(diff, patchArray) {
@@ -290451,7 +290714,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
     );
   }
   const scriptName = props.name;
-  assert50__default.default(
+  assert51__default.default(
     !config.site || config.site.bucket,
     "A [site] definition requires a `bucket` field with a path to the site's assets directory."
   );
@@ -290732,7 +290995,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
         { warnIfNoBindings: true, unsafeMetadata: config.unsafe?.metadata }
       );
     } else {
-      assert50__default.default(accountId, "Missing accountId");
+      assert51__default.default(accountId, "Missing accountId");
       if (getFlag("RESOURCES_PROVISION")) {
         await provisionBindings(
           bindings ?? {},
@@ -290942,7 +291205,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
     return { versionId, workerTag };
   }
   if (normalisedContainerConfig.length) {
-    assert50__default.default(versionId && accountId);
+    assert51__default.default(versionId && accountId);
     await deployContainers(config, normalisedContainerConfig, {
       versionId,
       accountId,
@@ -291462,7 +291725,7 @@ var init_assets5 = __esm({
     MAX_UPLOAD_GATEWAY_ERRORS2 = 5;
     MAX_DIFF_LINES2 = 100;
     syncAssets = /* @__PURE__ */ __name(async (complianceConfig, accountId, assetDirectory, scriptName, dispatchNamespace) => {
-      assert50__default.default(accountId, "Missing accountId");
+      assert51__default.default(accountId, "Missing accountId");
       logger.info("\u{1F300} Building list of assets...");
       const manifest = await buildAssetManifest(assetDirectory);
       const url4 = dispatchNamespace ? `/accounts/${accountId}/workers/dispatch/namespaces/${dispatchNamespace}/scripts/${scriptName}/assets-upload-session` : `/accounts/${accountId}/workers/scripts/${scriptName}/assets-upload-session`;
@@ -291770,7 +292033,9 @@ function getBindings2(configParam, env6, envFiles, local, inputBindings, default
     configParam.userConfigPath,
     envFiles,
     configParam.vars,
-    env6
+    env6,
+    false,
+    configParam.secrets
   );
   for (const [name2, binding] of Object.entries(vars)) {
     const existingBinding = bindings[name2];
@@ -292068,7 +292333,7 @@ var init_dev2 = __esm({
       },
       async handler(args) {
         const devInstance = await startDev(args);
-        assert50__default.default(devInstance.devEnv !== void 0);
+        assert51__default.default(devInstance.devEnv !== void 0);
         await events__default.default.once(devInstance.devEnv, "teardown");
         await Promise.all(devInstance.secondary.map((d8) => d8.teardown()));
         if (devInstance.teardownRegistryPromise) {
@@ -292140,7 +292405,7 @@ function runBuild({
   async function updateBundle() {
     const newAdditionalModules = await getAdditionalModules();
     setBundle((previousBundle) => {
-      assert50__default.default(
+      assert51__default.default(
         previousBundle,
         "Rebuild triggered with no previous build available"
       );
@@ -292291,7 +292556,7 @@ var init_BundlerController = __esm({
           if (buildAborter.signal.aborted) {
             return;
           }
-          assert50__default.default(this.#tmpDir);
+          assert51__default.default(this.#tmpDir);
           if (!config.build?.bundle) {
             const destinationDir = this.#tmpDir.path;
             fs23.writeFileSync(
@@ -292409,7 +292674,7 @@ var init_BundlerController = __esm({
           return;
         }
         const pathsToWatch = config.build.custom.watch;
-        assert50__default.default(pathsToWatch, "config.build.custom.watch");
+        assert51__default.default(pathsToWatch, "config.build.custom.watch");
         this.#customBuildWatcher = watch(pathsToWatch, {
           persistent: true,
           // The initial custom build is always done in getEntry()
@@ -292433,7 +292698,7 @@ var init_BundlerController = __esm({
         if (config.build?.custom?.command) {
           return;
         }
-        assert50__default.default(this.#tmpDir);
+        assert51__default.default(this.#tmpDir);
         const entry = {
           file: config.entrypoint,
           projectRoot: config.projectRoot,
@@ -292830,7 +293095,7 @@ async function resolveDevConfig(config, input) {
   );
   if (input.dev?.remote) {
     const { accountId } = await auth();
-    assert50__default.default(accountId, "Account ID must be provided for remote dev");
+    assert51__default.default(accountId, "Account ID must be provided for remote dev");
     await getZoneIdForPreview(config, { host, routes, accountId });
   }
   const initialIp = input.dev?.server?.hostname ?? config.dev.ip;
@@ -293146,7 +293411,7 @@ var init_ConfigController = __esm({
               return;
             }
             logger.debug(`${path3__namespace.default.basename(configPath)} changed...`);
-            assert50__default.default(
+            assert51__default.default(
               this.latestInput,
               "Cannot be watching config without having first set an input"
             );
@@ -293172,7 +293437,7 @@ var init_ConfigController = __esm({
       }
       patch(input) {
         logger.debug("patching config");
-        assert50__default.default(
+        assert51__default.default(
           this.latestInput,
           "Cannot call updateConfig without previously calling setConfig"
         );
@@ -293336,7 +293601,7 @@ function maybeGetSourceMappingURL(sourcePath) {
     return;
   }
   const sourceMappingURLMatch = source.substring(sourceMappingURLIndex).match(/^\/\/# sourceMappingURL=(.+)/);
-  assert50__default.default(sourceMappingURLMatch !== null);
+  assert51__default.default(sourceMappingURLMatch !== null);
   const sourceMappingURLSpecifier = sourceMappingURLMatch[1];
   const sourceURL = Url.pathToFileURL(sourcePath);
   try {
@@ -293654,7 +293919,7 @@ var init_ProxyController = __esm({
         if (this._torndown) {
           return;
         }
-        assert50__default.default(this.latestConfig !== void 0);
+        assert51__default.default(this.latestConfig !== void 0);
         const cert = this.latestConfig.dev?.server?.secure || this.inspectorEnabled && this.latestConfig.dev?.inspector && this.latestConfig.dev?.inspector?.secure ? validateHttpsOptions(
           this.latestConfig.dev.server?.httpsKeyPath,
           this.latestConfig.dev.server?.httpsCertPath
@@ -293714,7 +293979,7 @@ var init_ProxyController = __esm({
           liveReload: false
         };
         if (this.inspectorEnabled) {
-          assert50__default.default(this.latestConfig.dev?.inspector);
+          assert51__default.default(this.latestConfig.dev?.inspector);
           proxyWorkerOptions.workers.push({
             name: "InspectorProxyWorker",
             compatibilityDate: "2023-12-18",
@@ -293779,7 +294044,7 @@ var init_ProxyController = __esm({
               inspectorUrl
             ]);
           }).then(([url4, inspectorUrl]) => {
-            assert50__default.default(url4);
+            assert51__default.default(url4);
             this.emitReadyEvent(proxyWorker, url4, inspectorUrl);
           }).catch((error2) => {
             if (this._torndown) {
@@ -293796,7 +294061,7 @@ var init_ProxyController = __esm({
         if (this._torndown) {
           return;
         }
-        assert50__default.default(
+        assert51__default.default(
           this.latestConfig?.dev.inspector !== false,
           "Trying to reconnect with inspector proxy worker when inspector is disabled"
         );
@@ -293807,7 +294072,7 @@ var init_ProxyController = __esm({
         this.inspectorProxyWorkerWebSocket = createDeferred();
         let webSocket = null;
         try {
-          assert50__default.default(this.proxyWorker);
+          assert51__default.default(this.proxyWorker);
           const inspectorProxyWorkerUrl = await this.proxyWorker.unsafeGetDirectURL(
             "InspectorProxyWorker"
           );
@@ -293827,12 +294092,12 @@ var init_ProxyController = __esm({
           this.emitErrorEvent("Could not connect to InspectorProxyWorker", error2);
           return;
         }
-        assert50__default.default(
+        assert51__default.default(
           webSocket,
           "Expected webSocket on response from inspectorProxyWorker"
         );
         webSocket.addEventListener("message", (event) => {
-          assert50__default.default(typeof event.data === "string");
+          assert51__default.default(typeof event.data === "string");
           this.onInspectorProxyWorkerMessage(JSON.parse(event.data));
         });
         webSocket.addEventListener("close", () => {
@@ -293887,13 +294152,13 @@ var init_ProxyController = __esm({
         if (this._torndown) {
           return;
         }
-        assert50__default.default(
+        assert51__default.default(
           this.latestConfig?.dev.inspector !== false,
           "Trying to send message to inspector proxy worker when inspector is disabled"
         );
         try {
           const websocket = await this.reconnectInspectorProxyWorker();
-          assert50__default.default(websocket);
+          assert51__default.default(websocket);
           websocket.send(JSON.stringify(message));
         } catch (cause) {
           if (this._torndown) {
@@ -293967,7 +294232,7 @@ var init_ProxyController = __esm({
         }
       }
       onInspectorProxyWorkerMessage(message) {
-        assert50__default.default(
+        assert51__default.default(
           this.latestConfig?.dev.inspector !== false,
           "Trying to handle inspector message when inspector is disabled"
         );
@@ -293990,7 +294255,7 @@ var init_ProxyController = __esm({
         }
       }
       async onInspectorProxyWorkerRequest(message) {
-        assert50__default.default(
+        assert51__default.default(
           this.latestConfig?.dev.inspector !== false,
           "Trying to handle inspector request when inspector is disabled"
         );
@@ -294011,8 +294276,8 @@ var init_ProxyController = __esm({
             logger.debug("[InspectorProxyWorker]", ...message.args);
             break;
           case "load-network-resource": {
-            assert50__default.default(this.latestConfig !== void 0);
-            assert50__default.default(this.latestBundle !== void 0);
+            assert51__default.default(this.latestConfig !== void 0);
+            assert51__default.default(this.latestBundle !== void 0);
             let maybeContents;
             if (message.url.startsWith("wrangler-file:")) {
               maybeContents = maybeHandleNetworkLoadResource(
@@ -294275,7 +294540,7 @@ var init_create_worker_preview = __esm({
   }
 });
 function handlePreviewSessionUploadError(err, accountId) {
-  assert50__default.default(err && typeof err === "object");
+  assert51__default.default(err && typeof err === "object");
   if (!isAbortError(err)) {
     if ("code" in err && err.code === 10049) {
       logger.log("Preview token expired, fetching a new one");
@@ -294287,7 +294552,7 @@ function handlePreviewSessionUploadError(err, accountId) {
   return false;
 }
 function handlePreviewSessionCreationError(err, accountId) {
-  assert50__default.default(err && typeof err === "object");
+  assert51__default.default(err && typeof err === "object");
   if ("code" in err && err.code === 10063) {
     logger.error(
       `You need to register a workers.dev subdomain before running the dev command in remote mode. You can either enable local mode by pressing l, or register a workers.dev subdomain here: https://dash.cloudflare.com/${accountId}/workers/onboarding`
@@ -294830,7 +295095,7 @@ function createWorkerObject(devEnv) {
       return devEnv.proxy.ready.promise.then((ev) => ev.inspectorUrl);
     },
     get config() {
-      assert50__default.default(devEnv.config.latestConfig);
+      assert51__default.default(devEnv.config.latestConfig);
       return devEnv.config.latestConfig;
     },
     async setConfig(config, throwErrors) {
@@ -294845,7 +295110,7 @@ function createWorkerObject(devEnv) {
       return proxyWorker.dispatchFetch(...args);
     },
     async queue(...args) {
-      assert50__default.default(
+      assert51__default.default(
         this.config.name,
         "Worker name must be defined to use `Worker.queue()`"
       );
@@ -294854,7 +295119,7 @@ function createWorkerObject(devEnv) {
       return w7.queue(...args);
     },
     async scheduled(...args) {
-      assert50__default.default(
+      assert51__default.default(
         this.config.name,
         "Worker name must be defined to use `Worker.scheduled()`"
       );
@@ -295240,7 +295505,7 @@ function getAuthHook(auth, config) {
 }
 function deepStrictEqual(source, target) {
   try {
-    assert50__default.default.deepStrictEqual(source, target);
+    assert51__default.default.deepStrictEqual(source, target);
     return true;
   } catch {
     return false;
@@ -295468,7 +295733,7 @@ var init_LocalRuntimeController = __esm({
           }
           if (data.config.containers?.length && data.config.dev.enableContainers && this.#currentContainerBuildId !== data.config.dev.containerBuildId) {
             this.dockerPath = data.config.dev?.dockerPath ?? getDockerPath();
-            assert50__default.default(
+            assert51__default.default(
               data.config.dev.containerBuildId,
               "Build ID should be set if containers are enabled and defined"
             );
@@ -295502,7 +295767,8 @@ var init_LocalRuntimeController = __esm({
                 this.containerBeingBuilt = void 0;
               }, "onContainerImagePreparationEnd"),
               logger,
-              isVite: false
+              isVite: false,
+              compatibilityFlags: data.config.compatibilityFlags
             });
             if (this.containerBeingBuilt) {
               this.containerBeingBuilt.abortRequested = false;
@@ -295600,7 +295866,7 @@ var init_LocalRuntimeController = __esm({
         if (!this.containerImageTagsSeen.size) {
           return;
         }
-        assert50__default.default(
+        assert51__default.default(
           this.dockerPath,
           "Docker path should have been set if containers are enabled"
         );
@@ -295708,7 +295974,7 @@ var init_MultiworkerRuntimeController = __esm({
       }
       #mergedMfOptions() {
         const primary = [...this.#options.values()].find((o7) => o7.primary);
-        assert50__default.default(primary !== void 0);
+        assert51__default.default(primary !== void 0);
         const secondary = [...this.#options.values()].filter((o7) => !o7.primary);
         return {
           ...primary.options,
@@ -295743,7 +296009,7 @@ var init_MultiworkerRuntimeController = __esm({
           }
           if (data.config.containers?.length && this.#currentContainerBuildId !== data.config.dev.containerBuildId) {
             logger.log(source_default.dim("\u2394 Preparing container image(s)..."));
-            assert50__default.default(
+            assert51__default.default(
               data.config.dev.containerBuildId,
               "Build ID should be set if containers are enabled and defined"
             );
@@ -295768,7 +296034,8 @@ var init_MultiworkerRuntimeController = __esm({
                 this.containerBeingBuilt = void 0;
               }, "onContainerImagePreparationEnd"),
               logger,
-              isVite: false
+              isVite: false,
+              compatibilityFlags: data.config.compatibilityFlags
             });
             if (this.containerBeingBuilt) {
               this.containerBeingBuilt.abortRequested = false;
@@ -298394,12 +298661,12 @@ var init_assets6 = __esm({
        * by the `fetch()` function before calling `dispatcher.dispatch()`.
        */
       static reinstateHostHeader(headers, host) {
-        assert50__default.default(headers, "Expected all proxy requests to contain headers.");
-        assert50__default.default(
+        assert51__default.default(headers, "Expected all proxy requests to contain headers.");
+        assert51__default.default(
           !Array.isArray(headers),
           "Expected proxy request headers to be a hash object"
         );
-        assert50__default.default(
+        assert51__default.default(
           Object.keys(headers).every((h7) => h7.toLowerCase() !== "host"),
           "Expected Host header to have been deleted."
         );
@@ -298431,7 +298698,7 @@ async function startDev(args) {
         unregisterHotKeys?.();
         accountId = await requireAuth(config);
         if (hotkeysDisplayed) {
-          assert50__default.default(devEnv !== void 0);
+          assert51__default.default(devEnv !== void 0);
           unregisterHotKeys = registerDevHotKeys(
             Array.isArray(devEnv) ? devEnv : [devEnv],
             args,