wrangler 4.7.1 → 4.8.0

package/wrangler-dist/cli.js

@@ -77785,12 +77785,12 @@ var html_rewriter_exports = {};
 __export(html_rewriter_exports, {
   HTMLRewriter: () => HTMLRewriter2
 });
-var import_web2, import_miniflare24, HTMLRewriter2;
+var import_web2, import_miniflare26, HTMLRewriter2;
 var init_html_rewriter = __esm({
   "../pages-shared/environment-polyfills/html-rewriter.ts"() {
     init_import_meta_url();
     import_web2 = require("stream/web");
-    import_miniflare24 = require("miniflare");
+    import_miniflare26 = require("miniflare");
     HTMLRewriter2 = class {
       static {
         __name(this, "HTMLRewriter");
@@ -77808,9 +77808,9 @@ var init_html_rewriter = __esm({
       transform(response) {
         const body = response.body;
         if (body === null) {
-          return new import_miniflare24.Response(body, response);
+          return new import_miniflare26.Response(body, response);
         }
-        response = new import_miniflare24.Response(response.body, response);
+        response = new import_miniflare26.Response(response.body, response);
         let rewriter;
         const transformStream = new import_web2.TransformStream({
           start: /* @__PURE__ */ __name(async (controller) => {
@@ -77839,7 +77839,7 @@ var init_html_rewriter = __esm({
         const promise = body.pipeTo(transformStream.writable);
         promise.catch(() => {
         }).finally(() => rewriter.free());
-        const res = new import_miniflare24.Response(transformStream.readable, response);
+        const res = new import_miniflare26.Response(transformStream.readable, response);
         res.headers.delete("Content-Length");
         return res;
       }
@@ -78698,17 +78698,17 @@ async function generateASSETSBinding(options33) {
       try {
         const url4 = new URL(miniflareRequest.url);
         url4.host = `localhost:${options33.proxyPort}`;
-        const proxyRequest = new import_miniflare25.Request(url4, miniflareRequest);
+        const proxyRequest = new import_miniflare27.Request(url4, miniflareRequest);
         if (proxyRequest.headers.get("Upgrade") === "websocket") {
           proxyRequest.headers.delete("Sec-WebSocket-Accept");
           proxyRequest.headers.delete("Sec-WebSocket-Key");
         }
-        return await (0, import_miniflare25.fetch)(proxyRequest, {
+        return await (0, import_miniflare27.fetch)(proxyRequest, {
           dispatcher: new ProxyDispatcher(miniflareRequest.headers.get("Host"))
         });
       } catch (thrown) {
         options33.log.error(new Error(`Could not proxy request: ${thrown}`));
-        return new import_miniflare25.Response(`[wrangler] Could not proxy request: ${thrown}`, {
+        return new import_miniflare27.Response(`[wrangler] Could not proxy request: ${thrown}`, {
           status: 502
         });
       }
@@ -78717,7 +78717,7 @@ async function generateASSETSBinding(options33) {
         return await assetsFetch(miniflareRequest);
       } catch (thrown) {
         options33.log.error(new Error(`Could not serve static asset: ${thrown}`));
-        return new import_miniflare25.Response(
+        return new import_miniflare27.Response(
           `[wrangler] Could not serve static asset: ${thrown}`,
           { status: 502 }
         );
@@ -78829,11 +78829,11 @@ async function generateAssetsFetch(directory, log2) {
     });
   }, "generateResponse");
   return async (input, init2) => {
-    const request4 = new import_miniflare25.Request(input, init2);
+    const request4 = new import_miniflare27.Request(input, init2);
     return await generateResponse(request4);
   };
 }
-var import_node_assert25, import_node_fs33, import_node_path62, import_mime3, import_miniflare25, import_undici23, ProxyDispatcher, invalidAssetsFetch;
+var import_node_assert25, import_node_fs33, import_node_path62, import_mime3, import_miniflare27, import_undici23, ProxyDispatcher, invalidAssetsFetch;
 var init_assets = __esm({
   "src/miniflare-cli/assets.ts"() {
     init_import_meta_url();
@@ -78845,7 +78845,7 @@ var init_assets = __esm({
     init_parseRedirects();
     init_esm2();
     import_mime3 = __toESM(require_mime());
-    import_miniflare25 = require("miniflare");
+    import_miniflare27 = require("miniflare");
     import_undici23 = __toESM(require_undici());
     init_hash();
     __name(generateASSETSBinding, "generateASSETSBinding");
@@ -81185,7 +81185,7 @@ var import_undici3 = __toESM(require_undici());
 
 // package.json
 var name = "wrangler";
-var version = "4.7.1";
+var version = "4.8.0";
 
 // src/environment-variables/misc-variables.ts
 init_import_meta_url();
@@ -83843,6 +83843,7 @@ var friendlyBindingNames = {
   mtls_certificates: "mTLS Certificates",
   workflows: "Workflows",
   pipelines: "Pipelines",
+  secrets_store_secrets: "Secrets Store Secrets",
   assets: "Assets"
 };
 function printBindings(bindings, context2 = {}) {
@@ -83872,6 +83873,7 @@ function printBindings(bindings, context2 = {}) {
     hyperdrive: hyperdrive2,
     r2_buckets,
     logfwdr,
+    secrets_store_secrets,
     services,
     analytics_engine_datasets,
     text_blobs,
@@ -84053,6 +84055,21 @@ function printBindings(bindings, context2 = {}) {
       })
     });
   }
+  if (secrets_store_secrets !== void 0 && secrets_store_secrets.length > 0) {
+    output.push({
+      name: friendlyBindingNames.secrets_store_secrets,
+      entries: secrets_store_secrets.map(
+        ({ binding, store_id, secret_name }) => {
+          return {
+            key: binding,
+            value: addSuffix(`${store_id}/${secret_name}`, {
+              isSimulatedLocally: true
+            })
+          };
+        }
+      )
+    });
+  }
   if (services !== void 0 && services.length > 0) {
     output.push({
       name: friendlyBindingNames.services,
@@ -84751,52 +84768,67 @@ function normalizeAndValidateConfig(rawConfig, configPath, userConfigPath, args)
     rawConfig,
     isDispatchNamespace
   );
+  const isRedirectedConfig = configPath && configPath !== userConfigPath;
+  const definedEnvironments = Object.keys(rawConfig.env ?? {});
+  if (isRedirectedConfig && definedEnvironments.length > 0) {
+    diagnostics.errors.push(
+      `Redirected configurations cannot include environments but the following have been found: ${definedEnvironments.map((env6) => JSON.stringify(env6)).join(", ")}`
+    );
+  }
   const envName = args.env;
   (0, import_node_assert.default)(envName === void 0 || typeof envName === "string");
   let activeEnv = topLevelEnv;
   if (envName !== void 0) {
-    const envDiagnostics = new Diagnostics(
-      `"env.${envName}" environment configuration`
-    );
-    const rawEnv = rawConfig.env?.[envName];
-    if (rawEnv !== void 0) {
-      activeEnv = normalizeAndValidateEnvironment(
-        envDiagnostics,
-        configPath,
-        rawEnv,
-        isDispatchNamespace,
-        envName,
-        topLevelEnv,
-        isLegacyEnv2,
-        rawConfig
-      );
-      diagnostics.addChild(envDiagnostics);
-    } else if (!isPagesConfig(rawConfig)) {
-      activeEnv = normalizeAndValidateEnvironment(
-        envDiagnostics,
-        configPath,
-        topLevelEnv,
-        // in this case reuse the topLevelEnv to ensure that nonInherited fields are not removed
-        isDispatchNamespace,
-        envName,
-        topLevelEnv,
-        isLegacyEnv2,
-        rawConfig
+    if (isRedirectedConfig) {
+      diagnostics.errors.push(dedent`
+				You have specified the environment "${envName}", but are using a redirected configuration, produced by a build tool such as Vite.
+				You need to set the environment in your build tool, rather than via Wrangler.
+				For example, if you are using Vite, refer to these docs: https://developers.cloudflare.com/workers/vite-plugin/reference/cloudflare-environments/
+			`);
+    } else {
+      const envDiagnostics = new Diagnostics(
+        `"env.${envName}" environment configuration`
       );
-      const envNames = rawConfig.env ? `The available configured environment names are: ${JSON.stringify(
-        Object.keys(rawConfig.env)
-      )}
+      const rawEnv = rawConfig.env?.[envName];
+      if (rawEnv !== void 0) {
+        activeEnv = normalizeAndValidateEnvironment(
+          envDiagnostics,
+          configPath,
+          rawEnv,
+          isDispatchNamespace,
+          envName,
+          topLevelEnv,
+          isLegacyEnv2,
+          rawConfig
+        );
+        diagnostics.addChild(envDiagnostics);
+      } else if (!isPagesConfig(rawConfig)) {
+        activeEnv = normalizeAndValidateEnvironment(
+          envDiagnostics,
+          configPath,
+          topLevelEnv,
+          // in this case reuse the topLevelEnv to ensure that nonInherited fields are not removed
+          isDispatchNamespace,
+          envName,
+          topLevelEnv,
+          isLegacyEnv2,
+          rawConfig
+        );
+        const envNames = rawConfig.env ? `The available configured environment names are: ${JSON.stringify(
+          Object.keys(rawConfig.env)
+        )}
 ` : "";
-      const message = `No environment found in configuration with name "${envName}".
+        const message = `No environment found in configuration with name "${envName}".
 Before using \`--env=${envName}\` there should be an equivalent environment section in the configuration.
 ${envNames}
 Consider adding an environment configuration section to the ${configFileName(configPath)} file:
 \`\`\`
 [env.` + envName + "]\n```\n";
-      if (envNames.length > 0) {
-        diagnostics.errors.push(message);
-      } else {
-        diagnostics.warnings.push(message);
+        if (envNames.length > 0) {
+          diagnostics.errors.push(message);
+        } else {
+          diagnostics.warnings.push(message);
+        }
       }
     }
   }
@@ -85690,6 +85722,16 @@ function normalizeAndValidateEnvironment(diagnostics, configPath, rawEnv, isDisp
       validateBindingArray(envName, validatePipelineBinding),
       []
     ),
+    secrets_store_secrets: notInheritable(
+      diagnostics,
+      topLevelEnv,
+      rawConfig,
+      rawEnv,
+      envName,
+      "secrets_store_secrets",
+      validateBindingArray(envName, validateSecretsStoreSecretBinding),
+      []
+    ),
     version_metadata: notInheritable(
       diagnostics,
       topLevelEnv,
@@ -87097,6 +87139,45 @@ var validatePipelineBinding = /* @__PURE__ */ __name((diagnostics, field, value)
   ]);
   return isValid2;
 }, "validatePipelineBinding");
+var validateSecretsStoreSecretBinding = /* @__PURE__ */ __name((diagnostics, field, value) => {
+  if (typeof value !== "object" || value === null) {
+    diagnostics.errors.push(
+      `"secrets_store_secrets" bindings should be objects, but got ${JSON.stringify(value)}`
+    );
+    return false;
+  }
+  let isValid2 = true;
+  if (!isRequiredProperty(value, "binding", "string")) {
+    diagnostics.errors.push(
+      `"${field}" bindings must have a string "binding" field but got ${JSON.stringify(
+        value
+      )}.`
+    );
+    isValid2 = false;
+  }
+  if (!isRequiredProperty(value, "store_id", "string")) {
+    diagnostics.errors.push(
+      `"${field}" bindings must have a string "store_id" field but got ${JSON.stringify(
+        value
+      )}.`
+    );
+    isValid2 = false;
+  }
+  if (!isRequiredProperty(value, "secret_name", "string")) {
+    diagnostics.errors.push(
+      `"${field}" bindings must have a string "secret_name" field but got ${JSON.stringify(
+        value
+      )}.`
+    );
+    isValid2 = false;
+  }
+  validateAdditionalProperties(diagnostics, field, Object.keys(value), [
+    "binding",
+    "store_id",
+    "secret_name"
+  ]);
+  return isValid2;
+}, "validateSecretsStoreSecretBinding");
 function normalizeAndValidateLimits(diagnostics, topLevelEnv, rawEnv) {
   if (rawEnv.limits) {
     validateRequiredProperty(
@@ -87360,6 +87441,7 @@ var defaultWranglerConfig = {
   vectorize: [],
   hyperdrive: [],
   workflows: [],
+  secrets_store_secrets: [],
   services: [],
   analytics_engine_datasets: [],
   ai: void 0,
@@ -92850,6 +92932,12 @@ function buildMiniflareBindingOptions(config) {
       bindings.hyperdrive?.map(hyperdriveEntry) ?? []
     ),
     workflows: Object.fromEntries(bindings.workflows?.map(workflowEntry) ?? []),
+    secretsStoreSecrets: Object.fromEntries(
+      bindings.secrets_store_secrets?.map((binding) => [
+        binding.binding,
+        binding
+      ]) ?? []
+    ),
     durableObjects: Object.fromEntries([
       ...internalObjects.map(({ name: name2, class_name }) => {
         const useSQLite = classNameToUseSQLite.get(class_name);
@@ -92908,7 +92996,8 @@ function buildPersistOptions(localPersistencePath) {
       kvPersist: import_node_path15.default.join(v3Path, "kv"),
       r2Persist: import_node_path15.default.join(v3Path, "r2"),
       d1Persist: import_node_path15.default.join(v3Path, "d1"),
-      workflowsPersist: import_node_path15.default.join(v3Path, "workflows")
+      workflowsPersist: import_node_path15.default.join(v3Path, "workflows"),
+      secretsStorePersist: import_node_path15.default.join(v3Path, "secrets-store")
     };
   }
 }
@@ -93338,6 +93427,12 @@ function convertCfWorkerInitBindingstoBindings(inputBindings) {
         }
         break;
       }
+      case "secrets_store_secrets": {
+        for (const { binding, ...x6 } of info) {
+          output[binding] = { type: "secrets_store_secret", ...x6 };
+        }
+        break;
+      }
       default: {
         assertNever(type);
       }
@@ -93365,6 +93460,7 @@ async function convertBindingsToCfWorkerInitBindings(inputBindings) {
     d1_databases: void 0,
     vectorize: void 0,
     hyperdrive: void 0,
+    secrets_store_secrets: void 0,
     services: void 0,
     analytics_engine_datasets: void 0,
     dispatch_namespaces: void 0,
@@ -93452,6 +93548,9 @@ async function convertBindingsToCfWorkerInitBindings(inputBindings) {
     } else if (binding.type === "workflow") {
       bindings.workflows ??= [];
       bindings.workflows.push({ ...binding, binding: name2 });
+    } else if (binding.type === "secrets_store_secret") {
+      bindings.secrets_store_secrets ??= [];
+      bindings.secrets_store_secrets.push({ ...binding, binding: name2 });
     } else if (isUnsafeBindingType(binding.type)) {
       bindings.unsafe ??= {
         bindings: [],
@@ -100994,7 +101093,7 @@ __name(getDeviceId, "getDeviceId");
 // src/metrics/metrics-dispatcher.ts
 var SPARROW_URL = "https://sparrow.cloudflare.com";
 function getMetricsDispatcher(options33) {
-  const SPARROW_SOURCE_KEY = "50598e014ed44c739ec8074fdc16057c";
+  const SPARROW_SOURCE_KEY = "";
   const requests = [];
   const wranglerVersion = getWranglerVersion();
   const amplitude_session_id = Date.now();
@@ -102343,6 +102442,7 @@ function getBindings(config, options33) {
     d1_databases: config?.d1_databases,
     vectorize: config?.vectorize,
     hyperdrive: config?.hyperdrive,
+    secrets_store_secrets: config?.secrets_store_secrets,
     services: config?.services,
     analytics_engine_datasets: config?.analytics_engine_datasets,
     dispatch_namespaces: options33?.pages ? void 0 : config?.dispatch_namespaces,
@@ -103923,6 +104023,16 @@ function createWorkerUploadForm(worker) {
       id
     });
   });
+  bindings.secrets_store_secrets?.forEach(
+    ({ binding, store_id, secret_name }) => {
+      metadataBindings.push({
+        name: binding,
+        type: "secrets_store_secret",
+        store_id,
+        secret_name
+      });
+    }
+  );
   bindings.services?.forEach(
     ({ binding, service, environment, entrypoint }) => {
       metadataBindings.push({
@@ -105232,7 +105342,7 @@ var import_promises34 = require("fs/promises");
 var import_node_events4 = __toESM(require("node:events"));
 var import_promises35 = require("node:fs/promises");
 var import_path23 = __toESM(require("path"));
-var import_miniflare22 = require("miniflare");
+var import_miniflare24 = require("miniflare");
 
 // src/index.ts
 init_import_meta_url();
@@ -117371,9 +117481,9 @@ init_import_meta_url();
 var import_node_assert20 = __toESM(require("node:assert"));
 var import_undici11 = __toESM(require_undici());
 async function runSearch(searchTerm) {
-  const id = "8MU1G3QO9P";
+  const id = ALGOLIA_APP_ID;
   const index = "developers-cloudflare2";
-  const key = "045e8dbec8c137a52f0f56e196d7abe0";
+  const key = ALGOLIA_PUBLIC_KEY;
   const params = new URLSearchParams({
     query: searchTerm,
     hitsPerPage: "1",
@@ -118250,6 +118360,18 @@ async function mapBindings(accountId, bindings) {
           ];
         }
         break;
+      case "secrets_store_secret":
+        {
+          configObj.secrets_store_secrets = [
+            ...configObj.secrets_store_secrets ?? [],
+            {
+              binding: binding.name,
+              store_id: binding.store_id,
+              secret_name: binding.secret_name
+            }
+          ];
+        }
+        break;
       case "service":
         {
           configObj.services = [
@@ -120636,7 +120758,8 @@ function Options8(yargs) {
   }).options({
     outfile: {
       type: "string",
-      description: "The location of the output Worker script"
+      description: "The location of the output Worker script",
+      deprecated: true
     },
     outdir: {
       type: "string",
@@ -124302,6 +124425,7 @@ async function createDraftWorker({
           d1_databases: [],
           vectorize: [],
           hyperdrive: [],
+          secrets_store_secrets: [],
           services: [],
           analytics_engine_datasets: [],
           wasm_modules: {},
@@ -124981,20 +125105,20 @@ function pages(yargs, subHelp) {
     Handler14
   ).command(
     "functions",
-    false,
+    "Helpers related to Pages Functions",
     (args) => args.command(subHelp).command(
       "build [directory]",
-      "Compile a folder of Cloudflare Pages Functions into a single Worker",
+      "Compile a folder of Pages Functions into a single Worker",
       Options8,
       Handler8
     ).command(
       "build-env [projectDir]",
-      "Render a list of environment variables from the config file",
+      false,
       Options9,
       Handler9
     ).command(
       "optimize-routes [routesPath] [outputRoutesPath]",
-      "Consolidate and optimize the route paths declared in _routes.json",
+      false,
       OptimizeRoutesOptions,
       OptimizeRoutesHandler
     )
@@ -128954,22 +129078,12 @@ function addCreateOptions(yargs) {
     type: "string",
     demandOption: true
   }).group(
-    [
-      "enable-worker-binding",
-      "enable-http",
-      "require-http-auth",
-      "cors-origins"
-    ],
+    ["source", "require-http-auth", "cors-origins"],
     `${source_default.bold("Source settings")}`
-  ).option("enable-worker-binding", {
-    type: "boolean",
-    describe: "Send data from a Worker to a Pipeline using a Binding",
-    default: true,
-    demandOption: false
-  }).option("enable-http", {
-    type: "boolean",
-    describe: "Generate an endpoint to ingest data via HTTP",
-    default: true,
+  ).option("source", {
+    type: "array",
+    describe: "Space separated list of allowed sources. Options are 'http' or 'worker'",
+    default: ["http", "worker"],
     demandOption: false
   }).option("require-http-auth", {
     type: "boolean",
@@ -128978,7 +129092,7 @@ function addCreateOptions(yargs) {
     demandOption: false
   }).option("cors-origins", {
     type: "array",
-    describe: "CORS origin allowlist for HTTP endpoint (use * for any origin)",
+    describe: "CORS origin allowlist for HTTP endpoint (use * for any origin). Defaults to an empty array",
     demandOption: false,
     coerce: validateCorsOrigins
   }).group(
@@ -128986,17 +129100,17 @@ function addCreateOptions(yargs) {
     `${source_default.bold("Batch hints")}`
   ).option("batch-max-mb", {
     type: "number",
-    describe: "Maximum batch size in megabytes before flushing",
+    describe: "Maximum batch size in megabytes before flushing. Defaults to 100 MB if unset. Minimum: 1, Maximum: 100",
     demandOption: false,
     coerce: validateInRange("batch-max-mb", 1, 100)
   }).option("batch-max-rows", {
     type: "number",
-    describe: "Maximum number of rows per batch before flushing",
+    describe: "Maximum number of rows per batch before flushing. Defaults to 10,000,000 if unset. Minimum: 100, Maximum: 10,000,000",
     demandOption: false,
-    coerce: validateInRange("batch-max-rows", 100, 1e6)
+    coerce: validateInRange("batch-max-rows", 100, 1e7)
   }).option("batch-max-seconds", {
     type: "number",
-    describe: "Maximum age of batch in seconds before flushing",
+    describe: "Maximum age of batch in seconds before flushing. Defaults to 300 if unset. Minimum: 1, Maximum: 300",
     demandOption: false,
     coerce: validateInRange("batch-max-seconds", 1, 300)
   }).group(["transform-worker"], `${source_default.bold("Transformations")}`).option("transform-worker", {
@@ -129011,9 +129125,7 @@ function addCreateOptions(yargs) {
       "r2-access-key-id",
       "r2-secret-access-key",
       "r2-prefix",
-      "compression",
-      "file-template",
-      "partition-template"
+      "compression"
     ],
     `${source_default.bold("Destination settings")}`
   ).option("r2-bucket", {
@@ -129037,7 +129149,7 @@ function addCreateOptions(yargs) {
     return true;
   }).option("r2-prefix", {
     type: "string",
-    describe: "Prefix for storing files in the destination bucket",
+    describe: "Prefix for storing files in the destination bucket. Default is no prefix",
     default: "",
     demandOption: false
   }).option("compression", {
@@ -129046,23 +129158,9 @@ function addCreateOptions(yargs) {
     choices: ["none", "gzip", "deflate"],
     default: "gzip",
     demandOption: false
-  }).option("partition-template", {
-    type: "string",
-    describe: "Path template for partitioned files in the bucket. If not specified, the default will be used",
-    demandOption: false
-  }).option("file-template", {
-    type: "string",
-    describe: `Template for individual file names (must include \${slug}). For example: "\${slug}.log.gz"`,
-    demandOption: false,
-    coerce: /* @__PURE__ */ __name((val2) => {
-      if (!val2.includes("${slug}")) {
-        throw new UserError("filename must contain ${slug}");
-      }
-      return val2;
-    }, "coerce")
   }).group(["shard-count"], `${source_default.bold("Pipeline settings")}`).option("shard-count", {
     type: "number",
-    describe: "Number of pipeline shards. More shards handle higher request volume; fewer shards produce larger output files",
+    describe: "Number of pipeline shards. More shards handle higher request volume; fewer shards produce larger output files. Defaults to 2 if unset. Minimum: 1, Maximum: 15",
     demandOption: false
   });
 }
@@ -129117,22 +129215,30 @@ async function createPipelineHandler(args) {
   if (!destination.credentials.secret_access_key) {
     throw new FatalError("Requires a r2 secret access key");
   }
-  if (args.enableWorkerBinding) {
-    pipelineConfig.source.push({
-      type: "binding",
-      format: "json"
-    });
-  }
-  if (args.enableHttp) {
-    const source = {
-      type: "http",
-      format: "json",
-      authentication: args.requireHttpAuth
+  if (args.source.length > 0) {
+    const sourceHandlers = {
+      http: /* @__PURE__ */ __name(() => {
+        const http5 = {
+          type: "http",
+          format: "json",
+          authentication: args.requireHttpAuth
+        };
+        if (args.corsOrigins && args.corsOrigins.length > 0) {
+          http5.cors = { origins: args.corsOrigins };
+        }
+        return http5;
+      }, "http"),
+      worker: /* @__PURE__ */ __name(() => ({
+        type: "binding",
+        format: "json"
+      }), "worker")
     };
-    if (args.corsOrigins && args.corsOrigins.length > 0) {
-      source.cors = { origins: args.corsOrigins };
+    for (const source of args.source) {
+      const handler32 = sourceHandlers[source];
+      if (handler32) {
+        pipelineConfig.source.push(handler32());
+      }
     }
-    pipelineConfig.source.push(source);
   }
   if (pipelineConfig.source.length === 0) {
     throw new UserError(
@@ -129145,25 +129251,21 @@ async function createPipelineHandler(args) {
   if (args.r2Prefix) {
     pipelineConfig.destination.path.prefix = args.r2Prefix;
   }
-  if (args.partitionTemplate) {
-    pipelineConfig.destination.path.filepath = args.partitionTemplate;
-  }
-  if (args.fileTemplate) {
-    pipelineConfig.destination.path.filename = args.fileTemplate;
-  }
   if (args.shardCount) {
     pipelineConfig.metadata.shards = args.shardCount;
   }
   logger.log(`\u{1F300} Creating Pipeline named "${name2}"`);
   const pipeline = await createPipeline(accountId, pipelineConfig);
   logger.log(
-    `\u2705 Successfully created Pipeline "${pipeline.name}" with id ${pipeline.id}`
+    `\u2705 Successfully created Pipeline "${pipeline.name}" with ID ${pipeline.id}
+`
   );
+  logger.log(formatPipelinePretty(pipeline));
   logger.log("\u{1F389} You can now send data to your Pipeline!");
-  if (args.enableWorkerBinding) {
+  if (args.source.includes("worker")) {
     logger.log(
       `
-To start interacting with this Pipeline from a Worker, open your Worker\u2019s config file and add the following binding configuration:
+To send data to your pipeline from a Worker, add the following to your wrangler config file:
 `
     );
     logger.log(
@@ -129180,11 +129282,11 @@ To start interacting with this Pipeline from a Worker, open your Worker\u2019s c
       )
     );
   }
-  if (args.enableHttp) {
+  if (args.source.includes("http")) {
     logger.log(`
 Send data to your Pipeline's HTTP endpoint:
 `);
-    logger.log(`	curl "${pipeline.endpoint}" -d '[{"foo": "bar"}]'
+    logger.log(`curl "${pipeline.endpoint}" -d '[{"foo": "bar"}]'
 `);
   }
 }
@@ -129212,6 +129314,46 @@ async function deletePipelineHandler(args) {
 }
 __name(deletePipelineHandler, "deletePipelineHandler");
 
+// src/pipelines/cli/get.ts
+init_import_meta_url();
+function addGetOptions(yargs) {
+  return yargs.positional("pipeline", {
+    type: "string",
+    describe: "The name of the Pipeline to show",
+    demandOption: true
+  }).option("format", {
+    type: "string",
+    describe: "The output format for pipeline",
+    default: "pretty",
+    demandOption: false,
+    coerce: /* @__PURE__ */ __name((value) => {
+      const formats = ["pretty", "json"];
+      if (!formats.includes(value)) {
+        throw new UserError(`Unknown format value: ${value}`);
+      }
+      return value;
+    }, "coerce")
+  });
+}
+__name(addGetOptions, "addGetOptions");
+async function getPipelineHandler(args) {
+  await printWranglerBanner();
+  const config = readConfig(args);
+  const accountId = await requireAuth(config);
+  const name2 = args.pipeline;
+  validateName("pipeline name", name2);
+  const pipeline = await getPipeline(accountId, name2);
+  switch (args.format) {
+    case "json":
+      logger.log(JSON.stringify(pipeline, null, 2));
+      break;
+    case "pretty":
+      logger.log(formatPipelinePretty(pipeline));
+      break;
+  }
+}
+__name(getPipelineHandler, "getPipelineHandler");
+
 // src/pipelines/cli/list.ts
 init_import_meta_url();
 async function listPipelinesHandler(args) {
@@ -129229,28 +129371,6 @@ async function listPipelinesHandler(args) {
 }
 __name(listPipelinesHandler, "listPipelinesHandler");
 
-// src/pipelines/cli/show.ts
-init_import_meta_url();
-function addShowOptions(yargs) {
-  return yargs.positional("pipeline", {
-    type: "string",
-    describe: "The name of the Pipeline to show",
-    demandOption: true
-  });
-}
-__name(addShowOptions, "addShowOptions");
-async function showPipelineHandler(args) {
-  await printWranglerBanner();
-  const config = readConfig(args);
-  const accountId = await requireAuth(config);
-  const name2 = args.pipeline;
-  validateName("pipeline name", name2);
-  logger.log(`Retrieving config for Pipeline "${name2}".`);
-  const pipeline = await getPipeline(accountId, name2);
-  logger.log(JSON.stringify(pipeline, null, 2));
-}
-__name(showPipelineHandler, "showPipelineHandler");
-
 // src/pipelines/cli/update.ts
 init_import_meta_url();
 function addUpdateOptions(yargs) {
@@ -129264,20 +129384,11 @@ function addUpdateOptions(yargs) {
     demandOption: false
     // Not required for updates.
   }).group(
-    [
-      "enable-worker-binding",
-      "enable-http",
-      "require-http-auth",
-      "cors-origins"
-    ],
+    ["source", "require-http-auth", "cors-origins"],
     `${source_default.bold("Source settings")}`
-  ).option("enable-worker-binding", {
-    type: "boolean",
-    describe: "Send data from a Worker to a Pipeline using a Binding",
-    demandOption: false
-  }).option("enable-http", {
-    type: "boolean",
-    describe: "Generate an endpoint to ingest data via HTTP",
+  ).option("source", {
+    type: "array",
+    describe: "Space separated list of allowed sources. Options are 'http' or 'worker'. Setting this will remove all other existing sources.",
     demandOption: false
   }).option("require-http-auth", {
     type: "boolean",
@@ -129293,17 +129404,17 @@ function addUpdateOptions(yargs) {
     `${source_default.bold("Batch hints")}`
   ).option("batch-max-mb", {
     type: "number",
-    describe: "Maximum batch size in megabytes before flushing",
+    describe: "Maximum batch size in megabytes before flushing. Minimum: 1, Maximum: 100",
     demandOption: false,
     coerce: validateInRange("batch-max-mb", 1, 100)
   }).option("batch-max-rows", {
     type: "number",
-    describe: "Maximum number of rows per batch before flushing",
+    describe: "Maximum number of rows per batch before flushing. Minimum: 100, Maximum: 10,000,000",
     demandOption: false,
-    coerce: validateInRange("batch-max-rows", 100, 1e6)
+    coerce: validateInRange("batch-max-rows", 100, 1e7)
   }).option("batch-max-seconds", {
     type: "number",
-    describe: "Maximum age of batch in seconds before flushing",
+    describe: "Maximum age of batch in seconds before flushing. Minimum: 1, Maximum: 300",
     demandOption: false,
     coerce: validateInRange("batch-max-seconds", 1, 300)
   }).group(["transform-worker"], `${source_default.bold("Transformations")}`).option("transform-worker", {
@@ -129318,9 +129429,7 @@ function addUpdateOptions(yargs) {
       "r2-access-key-id",
       "r2-secret-access-key",
       "r2-prefix",
-      "compression",
-      "file-template",
-      "partition-template"
+      "compression"
     ],
     `${source_default.bold("Destination settings")}`
   ).option("r2-access-key-id", {
@@ -129347,20 +129456,6 @@ function addUpdateOptions(yargs) {
     describe: "Compression format for output files",
     choices: ["none", "gzip", "deflate"],
     demandOption: false
-  }).option("partition-template", {
-    type: "string",
-    describe: "Path template for partitioned files in the bucket",
-    demandOption: false
-  }).option("file-template", {
-    type: "string",
-    describe: "Template for individual file names (must include ${slug})",
-    demandOption: false,
-    coerce: /* @__PURE__ */ __name((val2) => {
-      if (!val2.includes("${slug}")) {
-        throw new Error("filename must contain ${slug}");
-      }
-      return val2;
-    }, "coerce")
   }).group(["shard-count"], `${source_default.bold("Pipeline settings")}`).option("shard-count", {
     type: "number",
     describe: "Number of pipeline shards. More shards handle higher request volume; fewer shards produce larger output files",
@@ -129415,45 +129510,48 @@ async function updatePipelineHandler(args) {
       throw new FatalError("Requires a r2 secret access key");
     }
   }
-  if (args.enableWorkerBinding !== void 0) {
-    const source = pipelineConfig.source.find(
-      (s5) => s5.type === "binding"
-    );
-    pipelineConfig.source = pipelineConfig.source.filter(
-      (s5) => s5.type !== "binding"
-    );
-    if (args.enableWorkerBinding) {
-      pipelineConfig.source.push({
-        ...source,
-        type: "binding",
-        format: "json"
-      });
+  if (args.source && args.source.length > 0) {
+    const existingSources = pipelineConfig.source;
+    pipelineConfig.source = [];
+    const sourceHandlers = {
+      http: /* @__PURE__ */ __name(() => {
+        const existing = existingSources.find((s5) => s5.type === "http");
+        const http5 = {
+          ...existing,
+          // Copy over existing properties for forwards compatibility
+          type: "http",
+          format: "json",
+          ...args.requireHttpAuth && { authentication: args.requireHttpAuth }
+          // Include only if defined
+        };
+        if (args.corsOrigins && args.corsOrigins.length > 0) {
+          http5.cors = { origins: args.corsOrigins };
+        }
+        return http5;
+      }, "http"),
+      worker: /* @__PURE__ */ __name(() => {
+        const existing = existingSources.find(
+          (s5) => s5.type === "binding"
+        );
+        return {
+          ...existing,
+          // Copy over existing properties for forwards compatibility
+          type: "binding",
+          format: "json"
+        };
+      }, "worker")
+    };
+    for (const source of args.source) {
+      const handler32 = sourceHandlers[source];
+      if (handler32) {
+        pipelineConfig.source.push(handler32());
+      }
     }
   }
-  if (args.enableHttp !== void 0) {
-    const source = pipelineConfig.source.find((s5) => s5.type === "http");
-    pipelineConfig.source = pipelineConfig.source.filter(
-      (s5) => s5.type !== "http"
+  if (pipelineConfig.source.length === 0) {
+    throw new UserError(
+      "No sources have been enabled. At least one source (HTTP or Worker Binding) should be enabled"
     );
-    if (args.enableHttp) {
-      const update = {
-        type: "http",
-        format: "json",
-        ...source
-      };
-      pipelineConfig.source.push(update);
-    }
-  }
-  const httpSource = pipelineConfig.source.find(
-    (s5) => s5.type === "http"
-  );
-  if (httpSource) {
-    if (args.requireHttpAuth) {
-      httpSource.authentication = args.requireHttpAuth;
-    }
-    if (args.corsOrigins && args.corsOrigins.length > 0) {
-      httpSource.cors = { origins: args.corsOrigins };
-    }
   }
   if (args.transformWorker) {
     if (args.transformWorker === "none") {
@@ -129465,15 +129563,20 @@ async function updatePipelineHandler(args) {
   if (args.r2Prefix) {
     pipelineConfig.destination.path.prefix = args.r2Prefix;
   }
-  if (args.partitionTemplate) {
-    pipelineConfig.destination.path.filepath = args.partitionTemplate;
-  }
-  if (args.fileTemplate) {
-    pipelineConfig.destination.path.filename = args.fileTemplate;
-  }
   if (args.shardCount) {
     pipelineConfig.metadata.shards = args.shardCount;
   }
+  const httpSource = pipelineConfig.source.find(
+    (s5) => s5.type === "http"
+  );
+  if (httpSource) {
+    if (args.requireHttpAuth) {
+      httpSource.authentication = args.requireHttpAuth;
+    }
+    if (args.corsOrigins && args.corsOrigins.length > 0) {
+      httpSource.cors = { origins: args.corsOrigins };
+    }
+  }
   logger.log(`\u{1F300} Updating Pipeline "${name2}"`);
   const pipeline = await updatePipeline(accountId, name2, pipelineConfig);
   logger.log(
@@ -129576,10 +129679,10 @@ function pipelines(pipelineYargs) {
     (yargs) => yargs,
     listPipelinesHandler
   ).command(
-    "show <pipeline>",
-    "Show a Pipeline configuration",
-    addShowOptions,
-    showPipelineHandler
+    "get <pipeline>",
+    "Get a Pipeline configuration",
+    addGetOptions,
+    getPipelineHandler
   ).command(
     "update <pipeline>",
     "Update a Pipeline",
@@ -129593,6 +129696,74 @@ function pipelines(pipelineYargs) {
   );
 }
 __name(pipelines, "pipelines");
+function formatPipelinePretty(pipeline) {
+  let buffer = "";
+  const formatTypeLabels = {
+    json: "JSON"
+  };
+  buffer += `${formatLabelledValues({
+    Id: pipeline.id,
+    Name: pipeline.name
+  })}
+`;
+  buffer += "Sources:\n";
+  const httpSource = pipeline.source.find((s5) => s5.type === "http");
+  if (httpSource) {
+    const httpInfo = {
+      Endpoint: pipeline.endpoint,
+      Authentication: httpSource.authentication === true ? "on" : "off",
+      ...httpSource?.cors?.origins && {
+        "CORS Origins": httpSource.cors.origins.join(", ")
+      },
+      Format: formatTypeLabels[httpSource.format]
+    };
+    buffer += "  HTTP:\n";
+    buffer += `${formatLabelledValues(httpInfo, { indentationCount: 4 })}
+`;
+  }
+  const bindingSource = pipeline.source.find((s5) => s5.type === "binding");
+  if (bindingSource) {
+    const bindingInfo = {
+      Format: formatTypeLabels[bindingSource.format]
+    };
+    buffer += "  Worker:\n";
+    buffer += `${formatLabelledValues(bindingInfo, { indentationCount: 4 })}
+`;
+  }
+  const destinationInfo = {
+    Type: pipeline.destination.type.toUpperCase(),
+    Bucket: pipeline.destination.path.bucket,
+    Format: "newline-delimited JSON",
+    // TODO: Make dynamic once we support more output formats
+    ...pipeline.destination.path.prefix && {
+      Prefix: pipeline.destination.path.prefix
+    },
+    ...pipeline.destination.compression.type && {
+      Compression: pipeline.destination.compression.type.toUpperCase()
+    }
+  };
+  buffer += "Destination:\n";
+  buffer += `${formatLabelledValues(destinationInfo, { indentationCount: 2 })}
+`;
+  const batchHints = {
+    ...pipeline.destination.batch.max_bytes && {
+      "Max bytes": prettyBytes(pipeline.destination.batch.max_bytes)
+    },
+    ...pipeline.destination.batch.max_duration_s && {
+      "Max duration": `${pipeline.destination.batch.max_duration_s?.toLocaleString()} seconds`
+    },
+    ...pipeline.destination.batch.max_rows && {
+      "Max records": pipeline.destination.batch.max_rows?.toLocaleString()
+    }
+  };
+  if (Object.keys(batchHints).length > 0) {
+    buffer += "  Batch hints:\n";
+    buffer += `${formatLabelledValues(batchHints, { indentationCount: 4 })}
+`;
+  }
+  return buffer;
+}
+__name(formatPipelinePretty, "formatPipelinePretty");
 
 // src/pubsub/pubsub-commands.ts
 init_import_meta_url();
@@ -131159,10 +131330,11 @@ var r2BucketCatalogEnableCommand = createCommand({
     const response = await enableR2Catalog(accountId, args.bucket);
     let catalogHost;
     const env6 = getCloudflareApiEnvironmentFromEnv();
+    const path69 = response.name.replace("_", "/");
     if (env6 === "staging") {
-      catalogHost = `https://catalog-staging.cloudflarestorage.com/${response.name}`;
+      catalogHost = `https://catalog-staging.cloudflarestorage.com/${path69}`;
     } else {
-      catalogHost = `https://catalog.cloudflarestorage.com/${response.name}`;
+      catalogHost = `https://catalog.cloudflarestorage.com/${path69}`;
     }
     logger.log(
       `\u2728 Successfully enabled data catalog on bucket '${args.bucket}'.
@@ -131237,10 +131409,11 @@ var r2BucketCatalogGetCommand = createCommand({
       const catalog = await getR2Catalog(accountId, args.bucket);
       const env6 = getCloudflareApiEnvironmentFromEnv();
       let catalogHost;
+      const path69 = catalog.name.replace("_", "/");
       if (env6 === "staging") {
-        catalogHost = `https://catalog-staging.cloudflarestorage.com/${catalog.name}`;
+        catalogHost = `https://catalog-staging.cloudflarestorage.com/${path69}`;
       } else {
-        catalogHost = `https://catalog.cloudflarestorage.com/${catalog.name}`;
+        catalogHost = `https://catalog.cloudflarestorage.com/${path69}`;
       }
       const output = {
         "Catalog URI": catalogHost,
@@ -133373,6 +133546,7 @@ var secretsStoreSecretNamespace = createNamespace({
 
 // src/secrets-store/commands.ts
 init_import_meta_url();
+var import_miniflare20 = require("miniflare");
 
 // src/secrets-store/client.ts
 init_import_meta_url();
@@ -133462,6 +133636,27 @@ async function duplicateSecret(accountId, storeId, secretId, body) {
 __name(duplicateSecret, "duplicateSecret");
 
 // src/secrets-store/commands.ts
+async function usingLocalSecretsStoreSecretAPI(persistTo, config, storeId, secretName, closure) {
+  const persist = getLocalPersistencePath(persistTo, config);
+  const persistOptions = buildPersistOptions(persist);
+  const mf = new import_miniflare20.Miniflare({
+    script: 'addEventListener("fetch", (e) => e.respondWith(new Response(null, { status: 404 })))',
+    ...persistOptions,
+    secretsStoreSecrets: {
+      SECRET: {
+        store_id: storeId,
+        secret_name: secretName
+      }
+    }
+  });
+  const namespace = await mf.getSecretsStoreSecretAPI("SECRET");
+  try {
+    return await closure(namespace());
+  } finally {
+    await mf.dispose();
+  }
+}
+__name(usingLocalSecretsStoreSecretAPI, "usingLocalSecretsStoreSecretAPI");
 var secretsStoreStoreCreateCommand = createCommand({
   metadata: {
     description: "Create a store within an account",
@@ -133489,8 +133684,10 @@ var secretsStoreStoreCreateCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       store = await createStore(accountId, { name: args.name });
     } else {
-      logger.log(`Local mode enabled, this command is a no-op.`);
-      return;
+      throw new UserError(
+        "Local secrets stores are automatically created for you on use. To create a Secrets Store on your account, use the --remote flag.",
+        { telemetryMessage: true }
+      );
     }
     logger.log(`\u2705 Created store! (Name: ${args.name}, ID: ${store.id})`);
   }
@@ -133521,8 +133718,10 @@ var secretsStoreStoreDeleteCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       await deleteStore(accountId, args.storeId);
     } else {
-      logger.log(`Local mode enabled, this command is a no-op.`);
-      return;
+      throw new UserError(
+        "This command is not supported in local mode. Use `wrangler <cmd> --remote` to delete a Secrets Store from your account.",
+        { telemetryMessage: true }
+      );
     }
     logger.log(`\u2705 Deleted store! (ID: ${args.storeId})`);
   }
@@ -133561,7 +133760,7 @@ var secretsStoreStoreListCommand = createCommand({
       stores = await listStores(accountId, urlParams);
     } else {
       throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
+        "This command is not supported in local mode. Use `wrangler <cmd> --remote` to list Secrets Stores on your account.",
         { telemetryMessage: true }
       );
     }
@@ -133609,6 +133808,10 @@ var secretsStoreSecretListCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133623,10 +133826,23 @@ var secretsStoreSecretListCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       secrets = await listSecrets(accountId, args.storeId, urlParams);
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
-      );
+      secrets = (await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.list()
+      )).map((key) => ({
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: key.metadata.uuid,
+        store_id: args.storeId,
+        name: key.name,
+        comment: "",
+        scopes: [],
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "active"
+      }));
     }
     if (secrets.length === 0) {
       throw new FatalError("List request returned no secrets.", 1, {
@@ -133670,6 +133886,10 @@ var secretsStoreSecretGetCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133679,10 +133899,23 @@ var secretsStoreSecretGetCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       secret2 = await getSecret(accountId, args.storeId, args.secretId);
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
+      const name2 = await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.get(args.secretId)
       );
+      secret2 = {
+        id: args.secretId,
+        store_id: args.storeId,
+        name: name2,
+        comment: "",
+        scopes: [],
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "active"
+      };
     }
     const prettierSecret = [
       {
@@ -133737,6 +133970,10 @@ var secretsStoreSecretCreateCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133766,10 +134003,24 @@ var secretsStoreSecretCreateCommand = createCommand({
         comment: args.comment
       });
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
-      );
+      secrets = [
+        await usingLocalSecretsStoreSecretAPI(
+          args.persistTo,
+          config,
+          args.storeId,
+          args.name,
+          (api) => api.create(secretValue)
+        )
+      ].map((id) => ({
+        id,
+        store_id: args.storeId,
+        name: args.name,
+        comment: args.comment ?? "",
+        scopes: args.scopes.split(","),
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "pending"
+      }));
     }
     if (secrets.length === 0) {
       throw new FatalError("Failed to create a secret.", 1, {
@@ -133829,6 +134080,10 @@ var secretsStoreSecretUpdateCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133862,10 +134117,23 @@ var secretsStoreSecretUpdateCommand = createCommand({
         ...args.comment && { comment: args.comment }
       });
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
+      const name2 = await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.update(secretValue, args.secretId)
       );
+      secret2 = {
+        id: args.secretId,
+        store_id: args.storeId,
+        name: name2,
+        comment: "",
+        scopes: [],
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "active"
+      };
     }
     logger.log(`\u2705 Updated secret! (ID: ${secret2.id})`);
     const prettierSecret = [
@@ -133907,6 +134175,10 @@ var secretsStoreSecretDeleteCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133915,9 +134187,12 @@ var secretsStoreSecretDeleteCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       await deleteSecret(accountId, args.storeId, args.secretId);
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
+      await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.delete(args.secretId)
       );
     }
     logger.log(`\u2705 Deleted secret! (ID: ${args.secretId})`);
@@ -133963,6 +134238,10 @@ var secretsStoreSecretDuplicateCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133981,10 +134260,23 @@ var secretsStoreSecretDuplicateCommand = createCommand({
         }
       );
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
+      const duplicatedSecretId = await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.duplicate(args.secretId, args.name)
       );
+      duplicatedSecret = {
+        id: duplicatedSecretId,
+        store_id: args.storeId,
+        name: args.name,
+        comment: "",
+        scopes: [],
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "active"
+      };
     }
     logger.log(`\u2705 Duplicated secret! (ID: ${duplicatedSecret.id})`);
     const prettierSecret = [
@@ -143122,10 +143414,10 @@ var disabledDefaultIntegrations = [
   // Request data to Wrangler's HTTP servers may contain PII
 ];
 function setupSentry() {
-  if (true) {
+  if (typeof SENTRY_DSN !== "undefined") {
     init({
       release: `wrangler@${version}`,
-      dsn: "https://9edbb8417b284aa2bbead9b4c318918b@sentry10.cfdata.org/583",
+      dsn: SENTRY_DSN,
       transport: makeSentry10Transport,
       integrations(defaultIntegrations2) {
         return defaultIntegrations2.filter(
@@ -143157,7 +143449,7 @@ function setupSentry() {
 }
 __name(setupSentry, "setupSentry");
 function addBreadcrumb2(message, level = "log") {
-  if (true) {
+  if (typeof SENTRY_DSN !== "undefined") {
     addBreadcrumb({
       message,
       level
@@ -143166,7 +143458,7 @@ function addBreadcrumb2(message, level = "log") {
 }
 __name(addBreadcrumb2, "addBreadcrumb");
 async function captureGlobalException(e7) {
-  if (true) {
+  if (typeof SENTRY_DSN !== "undefined") {
     sentryReportingAllowed = await confirm(
       "Would you like to report this error to Cloudflare? Wrangler's output and the error details will be shared with the Wrangler team to help us diagnose and fix the issue.",
       { fallbackValue: false }
@@ -143181,7 +143473,7 @@ async function captureGlobalException(e7) {
 }
 __name(captureGlobalException, "captureGlobalException");
 async function closeSentry() {
-  if (true) {
+  if (typeof SENTRY_DSN !== "undefined") {
     await close();
   }
 }
@@ -143448,7 +143740,7 @@ init_import_meta_url();
 var import_node_crypto13 = require("node:crypto");
 var fs22 = __toESM(require("node:fs"));
 var import_node_path56 = require("node:path");
-var import_miniflare21 = require("miniflare");
+var import_miniflare23 = require("miniflare");
 
 // src/dev/dev-vars.ts
 init_import_meta_url();
@@ -143494,7 +143786,7 @@ __name(isProcessEnvPopulated, "isProcessEnvPopulated");
 init_import_meta_url();
 var import_fs22 = require("fs");
 var import_promises32 = require("fs/promises");
-var import_miniflare20 = require("miniflare");
+var import_miniflare22 = require("miniflare");
 var import_workerd = require("workerd");
 var DEFAULT_OUTFILE_RELATIVE_PATH = "worker-configuration.d.ts";
 async function generateRuntimeTypes({
@@ -143540,7 +143832,7 @@ async function generate({
   compatibilityFlags = []
 }) {
   const worker = (0, import_fs22.readFileSync)(require.resolve("workerd/worker.mjs")).toString();
-  const mf = new import_miniflare20.Miniflare({
+  const mf = new import_miniflare22.Miniflare({
     compatibilityDate: "2024-01-01",
     compatibilityFlags: ["nodejs_compat", "rtti_api"],
     modules: true,
@@ -143762,7 +144054,7 @@ ${content.join("\n")}`,
     }
     const tsconfigPath = config.tsconfig ?? (0, import_node_path56.join)((0, import_node_path56.dirname)(config.configPath), "tsconfig.json");
     const tsconfigTypes = readTsconfigTypes(tsconfigPath);
-    const { mode } = (0, import_miniflare21.getNodeCompat)(
+    const { mode } = (0, import_miniflare23.getNodeCompat)(
       config.compatibility_date,
       config.compatibility_flags
     );
@@ -143847,7 +144139,8 @@ async function generateEnvTypes(config, args, envInterface, outputPath, entrypoi
     secrets,
     assets: config.assets,
     workflows: config.workflows,
-    pipelines: config.pipelines
+    pipelines: config.pipelines,
+    secrets_store_secrets: config.secrets_store_secrets
   };
   const entrypointFormat = entrypoint?.format ?? "modules";
   const fullOutputPath = (0, import_node_path56.resolve)(outputPath);
@@ -143909,6 +144202,14 @@ async function generateEnvTypes(config, args, envInterface, outputPath, entrypoi
       envTypeStructure.push([constructTypeKey(d12.binding), "D1Database"]);
     }
   }
+  if (configToDTS.secrets_store_secrets) {
+    for (const secretsStoreSecret of configToDTS.secrets_store_secrets) {
+      envTypeStructure.push([
+        constructTypeKey(secretsStoreSecret.binding),
+        "SecretsStoreSecret"
+      ]);
+    }
+  }
   if (configToDTS.services) {
     for (const service of configToDTS.services) {
       envTypeStructure.push([constructTypeKey(service.binding), "Fetcher"]);
@@ -144289,7 +144590,7 @@ async function printMembershipInfo(user, accountFilter) {
   } catch (e7) {
     if (isAuthenticationError(e7)) {
       logger.log(
-        `\u{1F3A2} Unable to get membership roles. Make sure you have permissions to read the account.`
+        `\u{1F3A2} Unable to get membership roles. Make sure you have permissions to read the account. Are you missing the \`User->Memberships->Read\` permission?`
       );
       return;
     } else {
@@ -150042,9 +150343,13 @@ function createCLIParser(argv) {
     }
   ]);
   registry.registerNamespace("workflows");
-  wrangler.command("pipelines", false, (pipelinesYargs) => {
-    return pipelines(pipelinesYargs.command(subHelp));
-  });
+  wrangler.command(
+    "pipelines",
+    `\u{1F6B0} Manage Worker Pipelines ${source_default.hex(betaCmdColor)("[open beta]")}`,
+    (pipelinesYargs) => {
+      return pipelines(pipelinesYargs.command(subHelp));
+    }
+  );
   registry.define([
     {
       command: "wrangler login",
@@ -150423,7 +150728,7 @@ async function analyseBundle(workerBundle) {
       "`wrangler check startup` does not support service-worker format Workers. Refer to https://developers.cloudflare.com/workers/reference/migrate-to-module-workers/ for migration guidance."
     );
   }
-  const mf = new import_miniflare22.Miniflare({
+  const mf = new import_miniflare24.Miniflare({
     name: "profiler",
     compatibilityDate: metadata.compatibility_date,
     compatibilityFlags: metadata.compatibility_flags,
@@ -151903,7 +152208,7 @@ init_import_meta_url();
 // src/cli-hotkeys.ts
 init_import_meta_url();
 var import_readline = __toESM(require("readline"));
-var import_miniflare23 = require("miniflare");
+var import_miniflare25 = require("miniflare");
 
 // src/utils/onKeyPress.ts
 init_import_meta_url();
@@ -151997,16 +152302,16 @@ function cli_hotkeys_default(options33) {
   __name(printInstructions, "printInstructions");
   Logger.registerBeforeLogHook(clearPreviousInstructions);
   Logger.registerAfterLogHook(printInstructions);
-  import_miniflare23.Log.unstable_registerBeforeLogHook(clearPreviousInstructions);
-  import_miniflare23.Log.unstable_registerAfterLogHook(printInstructions);
+  import_miniflare25.Log.unstable_registerBeforeLogHook(clearPreviousInstructions);
+  import_miniflare25.Log.unstable_registerAfterLogHook(printInstructions);
   printInstructions();
   return () => {
     unregisterKeyPress();
     clearPreviousInstructions();
     Logger.registerBeforeLogHook(void 0);
     Logger.registerAfterLogHook(void 0);
-    import_miniflare23.Log.unstable_registerBeforeLogHook(void 0);
-    import_miniflare23.Log.unstable_registerAfterLogHook(void 0);
+    import_miniflare25.Log.unstable_registerBeforeLogHook(void 0);
+    import_miniflare25.Log.unstable_registerAfterLogHook(void 0);
   };
 }
 __name(cli_hotkeys_default, "default");
@@ -152472,6 +152777,7 @@ async function setupDevEnv(devEnv, configPath, auth, args) {
           d1_databases: args.d1Databases,
           vectorize: void 0,
           hyperdrive: void 0,
+          secrets_store_secrets: void 0,
           services: args.services,
           analytics_engine_datasets: void 0,
           dispatch_namespaces: void 0,
@@ -152831,6 +153137,7 @@ function getBindings2(configParam, env6, local, args) {
     d1_databases: mergedD1Bindings,
     vectorize: configParam.vectorize,
     hyperdrive: hyperdriveBindings,
+    secrets_store_secrets: configParam.secrets_store_secrets,
     services: mergedServiceBindings,
     analytics_engine_datasets: configParam.analytics_engine_datasets,
     browser: configParam.browser,
@@ -154040,7 +154347,7 @@ var ConfigController = class extends Controller {
 
 // src/api/startDevWorker/RemoteRuntimeController.ts
 init_import_meta_url();
-var import_miniflare26 = require("miniflare");
+var import_miniflare28 = require("miniflare");
 
 // src/dev/create-worker-preview.ts
 init_import_meta_url();
@@ -154397,7 +154704,7 @@ var RemoteRuntimeController = class extends RuntimeController {
   }
   #abortController = new AbortController();
   #currentBundleId = 0;
-  #mutex = new import_miniflare26.Mutex();
+  #mutex = new import_miniflare28.Mutex();
   #session;
   async #previewSession(props) {
     try {
@@ -154792,7 +155099,7 @@ init_import_meta_url();
 
 // src/api/integrations/platform/index.ts
 init_import_meta_url();
-var import_miniflare28 = require("miniflare");
+var import_miniflare30 = require("miniflare");
 
 // src/api/integrations/platform/caches.ts
 init_import_meta_url();
@@ -154859,7 +155166,7 @@ var ExecutionContext = class _ExecutionContext {
 
 // src/api/integrations/platform/services.ts
 init_import_meta_url();
-var import_miniflare27 = require("miniflare");
+var import_miniflare29 = require("miniflare");
 var import_undici26 = __toESM(require_undici());
 async function getServiceBindings(services = []) {
   if (services.length === 0) {
@@ -154911,9 +155218,9 @@ function getServiceBindingProxyFetch({
     try {
       const resp = await (0, import_undici26.fetch)(newUrl, request4);
       const respBody = await resp.arrayBuffer();
-      return new import_miniflare27.Response(respBody, resp);
+      return new import_miniflare29.Response(respBody, resp);
     } catch {
-      return new import_miniflare27.Response(
+      return new import_miniflare29.Response(
         `Error: Unable to fetch from external service (${serviceName} bound with ${bindingName} binding), please make sure that the service is still running with \`wrangler dev\``,
         { status: 500 }
       );
@@ -154944,7 +155251,7 @@ async function getPlatformProxy(options33 = {}) {
     },
     () => getMiniflareOptionsFromConfig(rawConfig, env6, options33)
   );
-  const mf = new import_miniflare28.Miniflare({
+  const mf = new import_miniflare30.Miniflare({
     script: "",
     modules: true,
     ...miniflareOptions
@@ -155063,7 +155370,7 @@ function unstable_getMiniflareWorkerOptions(configOrConfigPath, env6, options33)
   if (bindings.services !== void 0) {
     bindingOptions.serviceBindings = Object.fromEntries(
       bindings.services.map((binding) => {
-        const name2 = binding.service === config.name ? import_miniflare28.kCurrentWorker : binding.service;
+        const name2 = binding.service === config.name ? import_miniflare30.kCurrentWorker : binding.service;
         return [binding.binding, { name: name2, entrypoint: binding.entrypoint }];
       })
     );