wrangler 4.7.2 → 4.9.0

package/wrangler-dist/cli.js

@@ -77785,12 +77785,12 @@ var html_rewriter_exports = {};
 __export(html_rewriter_exports, {
   HTMLRewriter: () => HTMLRewriter2
 });
-var import_web2, import_miniflare24, HTMLRewriter2;
+var import_web2, import_miniflare26, HTMLRewriter2;
 var init_html_rewriter = __esm({
   "../pages-shared/environment-polyfills/html-rewriter.ts"() {
     init_import_meta_url();
     import_web2 = require("stream/web");
-    import_miniflare24 = require("miniflare");
+    import_miniflare26 = require("miniflare");
     HTMLRewriter2 = class {
       static {
         __name(this, "HTMLRewriter");
@@ -77808,9 +77808,9 @@ var init_html_rewriter = __esm({
       transform(response) {
         const body = response.body;
         if (body === null) {
-          return new import_miniflare24.Response(body, response);
+          return new import_miniflare26.Response(body, response);
         }
-        response = new import_miniflare24.Response(response.body, response);
+        response = new import_miniflare26.Response(response.body, response);
         let rewriter;
         const transformStream = new import_web2.TransformStream({
           start: /* @__PURE__ */ __name(async (controller) => {
@@ -77839,7 +77839,7 @@ var init_html_rewriter = __esm({
         const promise = body.pipeTo(transformStream.writable);
         promise.catch(() => {
         }).finally(() => rewriter.free());
-        const res = new import_miniflare24.Response(transformStream.readable, response);
+        const res = new import_miniflare26.Response(transformStream.readable, response);
         res.headers.delete("Content-Length");
         return res;
       }
@@ -78698,17 +78698,17 @@ async function generateASSETSBinding(options33) {
       try {
         const url4 = new URL(miniflareRequest.url);
         url4.host = `localhost:${options33.proxyPort}`;
-        const proxyRequest = new import_miniflare25.Request(url4, miniflareRequest);
+        const proxyRequest = new import_miniflare27.Request(url4, miniflareRequest);
         if (proxyRequest.headers.get("Upgrade") === "websocket") {
           proxyRequest.headers.delete("Sec-WebSocket-Accept");
           proxyRequest.headers.delete("Sec-WebSocket-Key");
         }
-        return await (0, import_miniflare25.fetch)(proxyRequest, {
+        return await (0, import_miniflare27.fetch)(proxyRequest, {
           dispatcher: new ProxyDispatcher(miniflareRequest.headers.get("Host"))
         });
       } catch (thrown) {
         options33.log.error(new Error(`Could not proxy request: ${thrown}`));
-        return new import_miniflare25.Response(`[wrangler] Could not proxy request: ${thrown}`, {
+        return new import_miniflare27.Response(`[wrangler] Could not proxy request: ${thrown}`, {
           status: 502
         });
       }
@@ -78717,7 +78717,7 @@ async function generateASSETSBinding(options33) {
         return await assetsFetch(miniflareRequest);
       } catch (thrown) {
         options33.log.error(new Error(`Could not serve static asset: ${thrown}`));
-        return new import_miniflare25.Response(
+        return new import_miniflare27.Response(
           `[wrangler] Could not serve static asset: ${thrown}`,
           { status: 502 }
         );
@@ -78829,11 +78829,11 @@ async function generateAssetsFetch(directory, log2) {
     });
   }, "generateResponse");
   return async (input, init2) => {
-    const request4 = new import_miniflare25.Request(input, init2);
+    const request4 = new import_miniflare27.Request(input, init2);
     return await generateResponse(request4);
   };
 }
-var import_node_assert25, import_node_fs33, import_node_path62, import_mime3, import_miniflare25, import_undici23, ProxyDispatcher, invalidAssetsFetch;
+var import_node_assert25, import_node_fs33, import_node_path62, import_mime3, import_miniflare27, import_undici23, ProxyDispatcher, invalidAssetsFetch;
 var init_assets = __esm({
   "src/miniflare-cli/assets.ts"() {
     init_import_meta_url();
@@ -78845,7 +78845,7 @@ var init_assets = __esm({
     init_parseRedirects();
     init_esm2();
     import_mime3 = __toESM(require_mime());
-    import_miniflare25 = require("miniflare");
+    import_miniflare27 = require("miniflare");
     import_undici23 = __toESM(require_undici());
     init_hash();
     __name(generateASSETSBinding, "generateASSETSBinding");
@@ -81185,7 +81185,7 @@ var import_undici3 = __toESM(require_undici());
 
 // package.json
 var name = "wrangler";
-var version = "4.7.2";
+var version = "4.9.0";
 
 // src/environment-variables/misc-variables.ts
 init_import_meta_url();
@@ -83843,6 +83843,7 @@ var friendlyBindingNames = {
   mtls_certificates: "mTLS Certificates",
   workflows: "Workflows",
   pipelines: "Pipelines",
+  secrets_store_secrets: "Secrets Store Secrets",
   assets: "Assets"
 };
 function printBindings(bindings, context2 = {}) {
@@ -83872,6 +83873,7 @@ function printBindings(bindings, context2 = {}) {
     hyperdrive: hyperdrive2,
     r2_buckets,
     logfwdr,
+    secrets_store_secrets,
     services,
     analytics_engine_datasets,
     text_blobs,
@@ -83956,16 +83958,17 @@ function printBindings(bindings, context2 = {}) {
   if (send_email !== void 0 && send_email.length > 0) {
     output.push({
       name: friendlyBindingNames.send_email,
-      entries: send_email.map(
-        ({ name: name2, destination_address, allowed_destination_addresses }) => {
-          return {
-            key: name2,
-            value: addSuffix(
-              destination_address || allowed_destination_addresses?.join(", ") || "unrestricted"
-            )
-          };
-        }
-      )
+      entries: send_email.map((emailBinding) => {
+        const destination_address = "destination_address" in emailBinding ? emailBinding.destination_address : void 0;
+        const allowed_destination_addresses = "allowed_destination_addresses" in emailBinding ? emailBinding.allowed_destination_addresses : void 0;
+        return {
+          key: emailBinding.name,
+          value: addSuffix(
+            destination_address || allowed_destination_addresses?.join(", ") || "unrestricted",
+            { isSimulatedLocally: true }
+          )
+        };
+      })
     });
   }
   if (queues2 !== void 0 && queues2.length > 0) {
@@ -84053,6 +84056,21 @@ function printBindings(bindings, context2 = {}) {
       })
     });
   }
+  if (secrets_store_secrets !== void 0 && secrets_store_secrets.length > 0) {
+    output.push({
+      name: friendlyBindingNames.secrets_store_secrets,
+      entries: secrets_store_secrets.map(
+        ({ binding, store_id, secret_name }) => {
+          return {
+            key: binding,
+            value: addSuffix(`${store_id}/${secret_name}`, {
+              isSimulatedLocally: true
+            })
+          };
+        }
+      )
+    });
+  }
   if (services !== void 0 && services.length > 0) {
     output.push({
       name: friendlyBindingNames.services,
@@ -84751,52 +84769,74 @@ function normalizeAndValidateConfig(rawConfig, configPath, userConfigPath, args)
     rawConfig,
     isDispatchNamespace
   );
+  const isRedirectedConfig = configPath && configPath !== userConfigPath;
+  const definedEnvironments = Object.keys(rawConfig.env ?? {});
+  if (isRedirectedConfig && definedEnvironments.length > 0) {
+    diagnostics.errors.push(
+      dedent`
+				Redirected configurations cannot include environments but the following have been found:\n${definedEnvironments.map((env6) => `	- ${env6}`).join("\n")}
+
+
+				Such configurations are generated by tools, meaning that one of the tools
+				your application is using is generating the incorrect configuration.
+				Report this issue to the tool's author so that this can be fixed there.
+				`
+    );
+  }
   const envName = args.env;
   (0, import_node_assert.default)(envName === void 0 || typeof envName === "string");
   let activeEnv = topLevelEnv;
   if (envName !== void 0) {
-    const envDiagnostics = new Diagnostics(
-      `"env.${envName}" environment configuration`
-    );
-    const rawEnv = rawConfig.env?.[envName];
-    if (rawEnv !== void 0) {
-      activeEnv = normalizeAndValidateEnvironment(
-        envDiagnostics,
-        configPath,
-        rawEnv,
-        isDispatchNamespace,
-        envName,
-        topLevelEnv,
-        isLegacyEnv2,
-        rawConfig
-      );
-      diagnostics.addChild(envDiagnostics);
-    } else if (!isPagesConfig(rawConfig)) {
-      activeEnv = normalizeAndValidateEnvironment(
-        envDiagnostics,
-        configPath,
-        topLevelEnv,
-        // in this case reuse the topLevelEnv to ensure that nonInherited fields are not removed
-        isDispatchNamespace,
-        envName,
-        topLevelEnv,
-        isLegacyEnv2,
-        rawConfig
+    if (isRedirectedConfig) {
+      diagnostics.errors.push(dedent`
+				You have specified the environment "${envName}", but are using a redirected configuration, produced by a build tool such as Vite.
+				You need to set the environment in your build tool, rather than via Wrangler.
+				For example, if you are using Vite, refer to these docs: https://developers.cloudflare.com/workers/vite-plugin/reference/cloudflare-environments/
+			`);
+    } else {
+      const envDiagnostics = new Diagnostics(
+        `"env.${envName}" environment configuration`
       );
-      const envNames = rawConfig.env ? `The available configured environment names are: ${JSON.stringify(
-        Object.keys(rawConfig.env)
-      )}
+      const rawEnv = rawConfig.env?.[envName];
+      if (rawEnv !== void 0) {
+        activeEnv = normalizeAndValidateEnvironment(
+          envDiagnostics,
+          configPath,
+          rawEnv,
+          isDispatchNamespace,
+          envName,
+          topLevelEnv,
+          isLegacyEnv2,
+          rawConfig
+        );
+        diagnostics.addChild(envDiagnostics);
+      } else if (!isPagesConfig(rawConfig)) {
+        activeEnv = normalizeAndValidateEnvironment(
+          envDiagnostics,
+          configPath,
+          topLevelEnv,
+          // in this case reuse the topLevelEnv to ensure that nonInherited fields are not removed
+          isDispatchNamespace,
+          envName,
+          topLevelEnv,
+          isLegacyEnv2,
+          rawConfig
+        );
+        const envNames = rawConfig.env ? `The available configured environment names are: ${JSON.stringify(
+          Object.keys(rawConfig.env)
+        )}
 ` : "";
-      const message = `No environment found in configuration with name "${envName}".
+        const message = `No environment found in configuration with name "${envName}".
 Before using \`--env=${envName}\` there should be an equivalent environment section in the configuration.
 ${envNames}
 Consider adding an environment configuration section to the ${configFileName(configPath)} file:
 \`\`\`
 [env.` + envName + "]\n```\n";
-      if (envNames.length > 0) {
-        diagnostics.errors.push(message);
-      } else {
-        diagnostics.warnings.push(message);
+        if (envNames.length > 0) {
+          diagnostics.errors.push(message);
+        } else {
+          diagnostics.warnings.push(message);
+        }
       }
     }
   }
@@ -85690,6 +85730,16 @@ function normalizeAndValidateEnvironment(diagnostics, configPath, rawEnv, isDisp
       validateBindingArray(envName, validatePipelineBinding),
       []
     ),
+    secrets_store_secrets: notInheritable(
+      diagnostics,
+      topLevelEnv,
+      rawConfig,
+      rawEnv,
+      envName,
+      "secrets_store_secrets",
+      validateBindingArray(envName, validateSecretsStoreSecretBinding),
+      []
+    ),
     version_metadata: notInheritable(
       diagnostics,
       topLevelEnv,
@@ -87097,6 +87147,45 @@ var validatePipelineBinding = /* @__PURE__ */ __name((diagnostics, field, value)
   ]);
   return isValid2;
 }, "validatePipelineBinding");
+var validateSecretsStoreSecretBinding = /* @__PURE__ */ __name((diagnostics, field, value) => {
+  if (typeof value !== "object" || value === null) {
+    diagnostics.errors.push(
+      `"secrets_store_secrets" bindings should be objects, but got ${JSON.stringify(value)}`
+    );
+    return false;
+  }
+  let isValid2 = true;
+  if (!isRequiredProperty(value, "binding", "string")) {
+    diagnostics.errors.push(
+      `"${field}" bindings must have a string "binding" field but got ${JSON.stringify(
+        value
+      )}.`
+    );
+    isValid2 = false;
+  }
+  if (!isRequiredProperty(value, "store_id", "string")) {
+    diagnostics.errors.push(
+      `"${field}" bindings must have a string "store_id" field but got ${JSON.stringify(
+        value
+      )}.`
+    );
+    isValid2 = false;
+  }
+  if (!isRequiredProperty(value, "secret_name", "string")) {
+    diagnostics.errors.push(
+      `"${field}" bindings must have a string "secret_name" field but got ${JSON.stringify(
+        value
+      )}.`
+    );
+    isValid2 = false;
+  }
+  validateAdditionalProperties(diagnostics, field, Object.keys(value), [
+    "binding",
+    "store_id",
+    "secret_name"
+  ]);
+  return isValid2;
+}, "validateSecretsStoreSecretBinding");
 function normalizeAndValidateLimits(diagnostics, topLevelEnv, rawEnv) {
   if (rawEnv.limits) {
     validateRequiredProperty(
@@ -87360,6 +87449,7 @@ var defaultWranglerConfig = {
   vectorize: [],
   hyperdrive: [],
   workflows: [],
+  secrets_store_secrets: [],
   services: [],
   analytics_engine_datasets: [],
   ai: void 0,
@@ -92514,11 +92604,10 @@ function castLogLevel(level) {
 }
 __name(castLogLevel, "castLogLevel");
 function buildLog() {
-  let level = castLogLevel(logger.loggerLevel);
-  if (level <= import_miniflare6.LogLevel.DEBUG) {
-    level = Math.min(level, import_miniflare6.LogLevel.WARN);
-  }
-  return new WranglerLog(level, { prefix: "wrangler-UserWorker" });
+  const level = castLogLevel(logger.loggerLevel);
+  return new WranglerLog(level, {
+    prefix: level === import_miniflare6.LogLevel.DEBUG ? "wrangler-UserWorker" : "wrangler"
+  });
 }
 __name(buildLog, "buildLog");
 async function buildSourceOptions(config) {
@@ -92850,6 +92939,15 @@ function buildMiniflareBindingOptions(config) {
       bindings.hyperdrive?.map(hyperdriveEntry) ?? []
     ),
     workflows: Object.fromEntries(bindings.workflows?.map(workflowEntry) ?? []),
+    secretsStoreSecrets: Object.fromEntries(
+      bindings.secrets_store_secrets?.map((binding) => [
+        binding.binding,
+        binding
+      ]) ?? []
+    ),
+    email: {
+      send_email: bindings.send_email
+    },
     durableObjects: Object.fromEntries([
       ...internalObjects.map(({ name: name2, class_name }) => {
         const useSQLite = classNameToUseSQLite.get(class_name);
@@ -92908,7 +93006,8 @@ function buildPersistOptions(localPersistencePath) {
       kvPersist: import_node_path15.default.join(v3Path, "kv"),
       r2Persist: import_node_path15.default.join(v3Path, "r2"),
       d1Persist: import_node_path15.default.join(v3Path, "d1"),
-      workflowsPersist: import_node_path15.default.join(v3Path, "workflows")
+      workflowsPersist: import_node_path15.default.join(v3Path, "workflows"),
+      secretsStorePersist: import_node_path15.default.join(v3Path, "secrets-store")
     };
   }
 }
@@ -93068,6 +93167,14 @@ async function buildMiniflareOptions(log2, config, proxyToUserWorkerAuthenticati
     liveReload: config.liveReload,
     upstream,
     unsafeProxySharedSecret: proxyToUserWorkerAuthenticationSecret,
+    unsafeTriggerHandlers: true,
+    // The way we run Miniflare instances with wrangler dev is that there are two:
+    //  - one holding the proxy worker,
+    //  - and one holding the user worker.
+    // The issue with that setup is that end users would see two sets of request logs from Miniflare!
+    // Instead of hiding all logs from this Miniflare instance, we specifically hide the request logs,
+    // allowing other logs to be shown to the user (such as details about emails being triggered)
+    logRequests: false,
     log: log2,
     verbose: logger.loggerLevel === "debug",
     handleRuntimeStdio,
@@ -93338,6 +93445,12 @@ function convertCfWorkerInitBindingstoBindings(inputBindings) {
         }
         break;
       }
+      case "secrets_store_secrets": {
+        for (const { binding, ...x6 } of info) {
+          output[binding] = { type: "secrets_store_secret", ...x6 };
+        }
+        break;
+      }
       default: {
         assertNever(type);
       }
@@ -93365,6 +93478,7 @@ async function convertBindingsToCfWorkerInitBindings(inputBindings) {
     d1_databases: void 0,
     vectorize: void 0,
     hyperdrive: void 0,
+    secrets_store_secrets: void 0,
     services: void 0,
     analytics_engine_datasets: void 0,
     dispatch_namespaces: void 0,
@@ -93452,6 +93566,9 @@ async function convertBindingsToCfWorkerInitBindings(inputBindings) {
     } else if (binding.type === "workflow") {
       bindings.workflows ??= [];
       bindings.workflows.push({ ...binding, binding: name2 });
+    } else if (binding.type === "secrets_store_secret") {
+      bindings.secrets_store_secrets ??= [];
+      bindings.secrets_store_secrets.push({ ...binding, binding: name2 });
     } else if (isUnsafeBindingType(binding.type)) {
       bindings.unsafe ??= {
         bindings: [],
@@ -102343,6 +102460,7 @@ function getBindings(config, options33) {
     d1_databases: config?.d1_databases,
     vectorize: config?.vectorize,
     hyperdrive: config?.hyperdrive,
+    secrets_store_secrets: config?.secrets_store_secrets,
     services: config?.services,
     analytics_engine_datasets: config?.analytics_engine_datasets,
     dispatch_namespaces: options33?.pages ? void 0 : config?.dispatch_namespaces,
@@ -103829,16 +103947,16 @@ function createWorkerUploadForm(worker) {
       });
     }
   });
-  bindings.send_email?.forEach(
-    ({ name: name2, destination_address, allowed_destination_addresses }) => {
-      metadataBindings.push({
-        name: name2,
-        type: "send_email",
-        destination_address,
-        allowed_destination_addresses
-      });
-    }
-  );
+  bindings.send_email?.forEach((emailBinding) => {
+    const destination_address = "destination_address" in emailBinding ? emailBinding.destination_address : void 0;
+    const allowed_destination_addresses = "allowed_destination_addresses" in emailBinding ? emailBinding.allowed_destination_addresses : void 0;
+    metadataBindings.push({
+      name: emailBinding.name,
+      type: "send_email",
+      destination_address,
+      allowed_destination_addresses
+    });
+  });
   bindings.durable_objects?.bindings.forEach(
     ({ name: name2, class_name, script_name, environment }) => {
       metadataBindings.push({
@@ -103923,6 +104041,16 @@ function createWorkerUploadForm(worker) {
       id
     });
   });
+  bindings.secrets_store_secrets?.forEach(
+    ({ binding, store_id, secret_name }) => {
+      metadataBindings.push({
+        name: binding,
+        type: "secrets_store_secret",
+        store_id,
+        secret_name
+      });
+    }
+  );
   bindings.services?.forEach(
     ({ binding, service, environment, entrypoint }) => {
       metadataBindings.push({
@@ -105232,7 +105360,7 @@ var import_promises34 = require("fs/promises");
 var import_node_events4 = __toESM(require("node:events"));
 var import_promises35 = require("node:fs/promises");
 var import_path23 = __toESM(require("path"));
-var import_miniflare22 = require("miniflare");
+var import_miniflare24 = require("miniflare");
 
 // src/index.ts
 init_import_meta_url();
@@ -118250,6 +118378,18 @@ async function mapBindings(accountId, bindings) {
           ];
         }
         break;
+      case "secrets_store_secret":
+        {
+          configObj.secrets_store_secrets = [
+            ...configObj.secrets_store_secrets ?? [],
+            {
+              binding: binding.name,
+              store_id: binding.store_id,
+              secret_name: binding.secret_name
+            }
+          ];
+        }
+        break;
       case "service":
         {
           configObj.services = [
@@ -120636,7 +120776,8 @@ function Options8(yargs) {
   }).options({
     outfile: {
       type: "string",
-      description: "The location of the output Worker script"
+      description: "The location of the output Worker script",
+      deprecated: true
     },
     outdir: {
       type: "string",
@@ -124302,6 +124443,7 @@ async function createDraftWorker({
           d1_databases: [],
           vectorize: [],
           hyperdrive: [],
+          secrets_store_secrets: [],
           services: [],
           analytics_engine_datasets: [],
           wasm_modules: {},
@@ -124981,20 +125123,20 @@ function pages(yargs, subHelp) {
     Handler14
   ).command(
     "functions",
-    false,
+    "Helpers related to Pages Functions",
     (args) => args.command(subHelp).command(
       "build [directory]",
-      "Compile a folder of Cloudflare Pages Functions into a single Worker",
+      "Compile a folder of Pages Functions into a single Worker",
       Options8,
       Handler8
     ).command(
       "build-env [projectDir]",
-      "Render a list of environment variables from the config file",
+      false,
       Options9,
       Handler9
     ).command(
       "optimize-routes [routesPath] [outputRoutesPath]",
-      "Consolidate and optimize the route paths declared in _routes.json",
+      false,
       OptimizeRoutesOptions,
       OptimizeRoutesHandler
     )
@@ -128921,6 +129063,14 @@ function validateCorsOrigins(values) {
   if (!values || !values.length) {
     return values;
   }
+  if (values.includes("none")) {
+    if (values.length > 1) {
+      throw new UserError(
+        "When specifying 'none', only one value is permitted."
+      );
+    }
+    return [];
+  }
   if (values.includes("*")) {
     if (values.length > 1) {
       throw new UserError("When specifying '*', only one value is permitted.");
@@ -128954,22 +129104,12 @@ function addCreateOptions(yargs) {
     type: "string",
     demandOption: true
   }).group(
-    [
-      "enable-worker-binding",
-      "enable-http",
-      "require-http-auth",
-      "cors-origins"
-    ],
+    ["source", "require-http-auth", "cors-origins"],
     `${source_default.bold("Source settings")}`
-  ).option("enable-worker-binding", {
-    type: "boolean",
-    describe: "Send data from a Worker to a Pipeline using a Binding",
-    default: true,
-    demandOption: false
-  }).option("enable-http", {
-    type: "boolean",
-    describe: "Generate an endpoint to ingest data via HTTP",
-    default: true,
+  ).option("source", {
+    type: "array",
+    describe: "Space separated list of allowed sources. Options are 'http' or 'worker'",
+    default: ["http", "worker"],
     demandOption: false
   }).option("require-http-auth", {
     type: "boolean",
@@ -128978,7 +129118,7 @@ function addCreateOptions(yargs) {
     demandOption: false
   }).option("cors-origins", {
     type: "array",
-    describe: "CORS origin allowlist for HTTP endpoint (use * for any origin)",
+    describe: "CORS origin allowlist for HTTP endpoint (use * for any origin). Defaults to an empty array",
     demandOption: false,
     coerce: validateCorsOrigins
   }).group(
@@ -128986,17 +129126,17 @@ function addCreateOptions(yargs) {
     `${source_default.bold("Batch hints")}`
   ).option("batch-max-mb", {
     type: "number",
-    describe: "Maximum batch size in megabytes before flushing",
+    describe: "Maximum batch size in megabytes before flushing. Defaults to 100 MB if unset. Minimum: 1, Maximum: 100",
     demandOption: false,
     coerce: validateInRange("batch-max-mb", 1, 100)
   }).option("batch-max-rows", {
     type: "number",
-    describe: "Maximum number of rows per batch before flushing",
+    describe: "Maximum number of rows per batch before flushing. Defaults to 10,000,000 if unset. Minimum: 100, Maximum: 10,000,000",
     demandOption: false,
-    coerce: validateInRange("batch-max-rows", 100, 1e6)
+    coerce: validateInRange("batch-max-rows", 100, 1e7)
   }).option("batch-max-seconds", {
     type: "number",
-    describe: "Maximum age of batch in seconds before flushing",
+    describe: "Maximum age of batch in seconds before flushing. Defaults to 300 if unset. Minimum: 1, Maximum: 300",
     demandOption: false,
     coerce: validateInRange("batch-max-seconds", 1, 300)
   }).group(["transform-worker"], `${source_default.bold("Transformations")}`).option("transform-worker", {
@@ -129011,9 +129151,7 @@ function addCreateOptions(yargs) {
       "r2-access-key-id",
       "r2-secret-access-key",
       "r2-prefix",
-      "compression",
-      "file-template",
-      "partition-template"
+      "compression"
     ],
     `${source_default.bold("Destination settings")}`
   ).option("r2-bucket", {
@@ -129037,7 +129175,7 @@ function addCreateOptions(yargs) {
     return true;
   }).option("r2-prefix", {
     type: "string",
-    describe: "Prefix for storing files in the destination bucket",
+    describe: "Prefix for storing files in the destination bucket. Default is no prefix",
     default: "",
     demandOption: false
   }).option("compression", {
@@ -129046,23 +129184,9 @@ function addCreateOptions(yargs) {
     choices: ["none", "gzip", "deflate"],
     default: "gzip",
     demandOption: false
-  }).option("partition-template", {
-    type: "string",
-    describe: "Path template for partitioned files in the bucket. If not specified, the default will be used",
-    demandOption: false
-  }).option("file-template", {
-    type: "string",
-    describe: `Template for individual file names (must include \${slug}). For example: "\${slug}.log.gz"`,
-    demandOption: false,
-    coerce: /* @__PURE__ */ __name((val2) => {
-      if (!val2.includes("${slug}")) {
-        throw new UserError("filename must contain ${slug}");
-      }
-      return val2;
-    }, "coerce")
   }).group(["shard-count"], `${source_default.bold("Pipeline settings")}`).option("shard-count", {
     type: "number",
-    describe: "Number of pipeline shards. More shards handle higher request volume; fewer shards produce larger output files",
+    describe: "Number of shards for the pipeline. More shards handle higher request volume; fewer shards produce larger output files. Defaults to 2 if unset. Minimum: 1, Maximum: 15",
     demandOption: false
   });
 }
@@ -129117,22 +129241,30 @@ async function createPipelineHandler(args) {
   if (!destination.credentials.secret_access_key) {
     throw new FatalError("Requires a r2 secret access key");
   }
-  if (args.enableWorkerBinding) {
-    pipelineConfig.source.push({
-      type: "binding",
-      format: "json"
-    });
-  }
-  if (args.enableHttp) {
-    const source = {
-      type: "http",
-      format: "json",
-      authentication: args.requireHttpAuth
+  if (args.source.length > 0) {
+    const sourceHandlers = {
+      http: /* @__PURE__ */ __name(() => {
+        const http5 = {
+          type: "http",
+          format: "json",
+          authentication: args.requireHttpAuth
+        };
+        if (args.corsOrigins && args.corsOrigins.length > 0) {
+          http5.cors = { origins: args.corsOrigins };
+        }
+        return http5;
+      }, "http"),
+      worker: /* @__PURE__ */ __name(() => ({
+        type: "binding",
+        format: "json"
+      }), "worker")
     };
-    if (args.corsOrigins && args.corsOrigins.length > 0) {
-      source.cors = { origins: args.corsOrigins };
+    for (const source of args.source) {
+      const handler32 = sourceHandlers[source];
+      if (handler32) {
+        pipelineConfig.source.push(handler32());
+      }
     }
-    pipelineConfig.source.push(source);
   }
   if (pipelineConfig.source.length === 0) {
     throw new UserError(
@@ -129145,25 +129277,21 @@ async function createPipelineHandler(args) {
   if (args.r2Prefix) {
     pipelineConfig.destination.path.prefix = args.r2Prefix;
   }
-  if (args.partitionTemplate) {
-    pipelineConfig.destination.path.filepath = args.partitionTemplate;
-  }
-  if (args.fileTemplate) {
-    pipelineConfig.destination.path.filename = args.fileTemplate;
-  }
   if (args.shardCount) {
     pipelineConfig.metadata.shards = args.shardCount;
   }
-  logger.log(`\u{1F300} Creating Pipeline named "${name2}"`);
+  logger.log(`\u{1F300} Creating pipeline named "${name2}"`);
   const pipeline = await createPipeline(accountId, pipelineConfig);
   logger.log(
-    `\u2705 Successfully created Pipeline "${pipeline.name}" with id ${pipeline.id}`
+    `\u2705 Successfully created pipeline "${pipeline.name}" with ID ${pipeline.id}
+`
   );
-  logger.log("\u{1F389} You can now send data to your Pipeline!");
-  if (args.enableWorkerBinding) {
+  logger.log(formatPipelinePretty(pipeline));
+  logger.log("\u{1F389} You can now send data to your pipeline!");
+  if (args.source.includes("worker")) {
     logger.log(
       `
-To start interacting with this Pipeline from a Worker, open your Worker\u2019s config file and add the following binding configuration:
+To send data to your pipeline from a Worker, add the following to your wrangler config file:
 `
     );
     logger.log(
@@ -129180,11 +129308,11 @@ To start interacting with this Pipeline from a Worker, open your Worker\u2019s c
       )
     );
   }
-  if (args.enableHttp) {
+  if (args.source.includes("http")) {
     logger.log(`
-Send data to your Pipeline's HTTP endpoint:
+Send data to your pipeline's HTTP endpoint:
 `);
-    logger.log(`	curl "${pipeline.endpoint}" -d '[{"foo": "bar"}]'
+    logger.log(`curl "${pipeline.endpoint}" -d '[{"foo": "bar"}]'
 `);
   }
 }
@@ -129195,7 +129323,7 @@ init_import_meta_url();
 function addDeleteOptions(yargs) {
   return yargs.positional("pipeline", {
     type: "string",
-    describe: "The name of the Pipeline to show",
+    describe: "The name of the pipeline to delete",
     demandOption: true
   });
 }
@@ -129206,12 +129334,52 @@ async function deletePipelineHandler(args) {
   const accountId = await requireAuth(config);
   const name2 = args.pipeline;
   validateName("pipeline name", name2);
-  logger.log(`Deleting Pipeline ${name2}.`);
+  logger.log(`Deleting pipeline ${name2}.`);
   await deletePipeline(accountId, name2);
-  logger.log(`Deleted Pipeline ${name2}.`);
+  logger.log(`Deleted pipeline ${name2}.`);
 }
 __name(deletePipelineHandler, "deletePipelineHandler");
 
+// src/pipelines/cli/get.ts
+init_import_meta_url();
+function addGetOptions(yargs) {
+  return yargs.positional("pipeline", {
+    type: "string",
+    describe: "The name of the pipeline to inspect",
+    demandOption: true
+  }).option("format", {
+    type: "string",
+    describe: "The output format for pipeline",
+    default: "pretty",
+    demandOption: false,
+    coerce: /* @__PURE__ */ __name((value) => {
+      const formats = ["pretty", "json"];
+      if (!formats.includes(value)) {
+        throw new UserError(`Unknown format value: ${value}`);
+      }
+      return value;
+    }, "coerce")
+  });
+}
+__name(addGetOptions, "addGetOptions");
+async function getPipelineHandler(args) {
+  await printWranglerBanner();
+  const config = readConfig(args);
+  const accountId = await requireAuth(config);
+  const name2 = args.pipeline;
+  validateName("pipeline name", name2);
+  const pipeline = await getPipeline(accountId, name2);
+  switch (args.format) {
+    case "json":
+      logger.log(JSON.stringify(pipeline, null, 2));
+      break;
+    case "pretty":
+      logger.log(formatPipelinePretty(pipeline));
+      break;
+  }
+}
+__name(getPipelineHandler, "getPipelineHandler");
+
 // src/pipelines/cli/list.ts
 init_import_meta_url();
 async function listPipelinesHandler(args) {
@@ -129229,33 +129397,11 @@ async function listPipelinesHandler(args) {
 }
 __name(listPipelinesHandler, "listPipelinesHandler");
 
-// src/pipelines/cli/show.ts
-init_import_meta_url();
-function addShowOptions(yargs) {
-  return yargs.positional("pipeline", {
-    type: "string",
-    describe: "The name of the Pipeline to show",
-    demandOption: true
-  });
-}
-__name(addShowOptions, "addShowOptions");
-async function showPipelineHandler(args) {
-  await printWranglerBanner();
-  const config = readConfig(args);
-  const accountId = await requireAuth(config);
-  const name2 = args.pipeline;
-  validateName("pipeline name", name2);
-  logger.log(`Retrieving config for Pipeline "${name2}".`);
-  const pipeline = await getPipeline(accountId, name2);
-  logger.log(JSON.stringify(pipeline, null, 2));
-}
-__name(showPipelineHandler, "showPipelineHandler");
-
 // src/pipelines/cli/update.ts
 init_import_meta_url();
 function addUpdateOptions(yargs) {
   return yargs.positional("pipeline", {
-    describe: "The name of the Pipeline to update",
+    describe: "The name of the pipeline to update",
     type: "string",
     demandOption: true
   }).option("r2-bucket", {
@@ -129264,20 +129410,11 @@ function addUpdateOptions(yargs) {
     demandOption: false
     // Not required for updates.
   }).group(
-    [
-      "enable-worker-binding",
-      "enable-http",
-      "require-http-auth",
-      "cors-origins"
-    ],
+    ["source", "require-http-auth", "cors-origins"],
     `${source_default.bold("Source settings")}`
-  ).option("enable-worker-binding", {
-    type: "boolean",
-    describe: "Send data from a Worker to a Pipeline using a Binding",
-    demandOption: false
-  }).option("enable-http", {
-    type: "boolean",
-    describe: "Generate an endpoint to ingest data via HTTP",
+  ).option("source", {
+    type: "array",
+    describe: "Space separated list of allowed sources. Options are 'http' or 'worker'",
     demandOption: false
   }).option("require-http-auth", {
     type: "boolean",
@@ -129293,17 +129430,17 @@ function addUpdateOptions(yargs) {
     `${source_default.bold("Batch hints")}`
   ).option("batch-max-mb", {
     type: "number",
-    describe: "Maximum batch size in megabytes before flushing",
+    describe: "Maximum batch size in megabytes before flushing. Minimum: 1, Maximum: 100",
     demandOption: false,
     coerce: validateInRange("batch-max-mb", 1, 100)
   }).option("batch-max-rows", {
     type: "number",
-    describe: "Maximum number of rows per batch before flushing",
+    describe: "Maximum number of rows per batch before flushing. Minimum: 100, Maximum: 10,000,000",
     demandOption: false,
-    coerce: validateInRange("batch-max-rows", 100, 1e6)
+    coerce: validateInRange("batch-max-rows", 100, 1e7)
   }).option("batch-max-seconds", {
     type: "number",
-    describe: "Maximum age of batch in seconds before flushing",
+    describe: "Maximum age of batch in seconds before flushing. Minimum: 1, Maximum: 300",
     demandOption: false,
     coerce: validateInRange("batch-max-seconds", 1, 300)
   }).group(["transform-worker"], `${source_default.bold("Transformations")}`).option("transform-worker", {
@@ -129318,9 +129455,7 @@ function addUpdateOptions(yargs) {
       "r2-access-key-id",
       "r2-secret-access-key",
       "r2-prefix",
-      "compression",
-      "file-template",
-      "partition-template"
+      "compression"
     ],
     `${source_default.bold("Destination settings")}`
   ).option("r2-access-key-id", {
@@ -129347,23 +129482,9 @@ function addUpdateOptions(yargs) {
     describe: "Compression format for output files",
     choices: ["none", "gzip", "deflate"],
     demandOption: false
-  }).option("partition-template", {
-    type: "string",
-    describe: "Path template for partitioned files in the bucket",
-    demandOption: false
-  }).option("file-template", {
-    type: "string",
-    describe: "Template for individual file names (must include ${slug})",
-    demandOption: false,
-    coerce: /* @__PURE__ */ __name((val2) => {
-      if (!val2.includes("${slug}")) {
-        throw new Error("filename must contain ${slug}");
-      }
-      return val2;
-    }, "coerce")
   }).group(["shard-count"], `${source_default.bold("Pipeline settings")}`).option("shard-count", {
     type: "number",
-    describe: "Number of pipeline shards. More shards handle higher request volume; fewer shards produce larger output files",
+    describe: "Number of shards for the pipeline. More shards handle higher request volume; fewer shards produce larger output files",
     demandOption: false
   });
 }
@@ -129415,45 +129536,44 @@ async function updatePipelineHandler(args) {
       throw new FatalError("Requires a r2 secret access key");
     }
   }
-  if (args.enableWorkerBinding !== void 0) {
-    const source = pipelineConfig.source.find(
-      (s5) => s5.type === "binding"
-    );
-    pipelineConfig.source = pipelineConfig.source.filter(
-      (s5) => s5.type !== "binding"
-    );
-    if (args.enableWorkerBinding) {
-      pipelineConfig.source.push({
-        ...source,
-        type: "binding",
-        format: "json"
-      });
+  if (args.source && args.source.length > 0) {
+    const existingSources = pipelineConfig.source;
+    pipelineConfig.source = [];
+    const sourceHandlers = {
+      http: /* @__PURE__ */ __name(() => {
+        const existing = existingSources.find((s5) => s5.type === "http");
+        return {
+          ...existing,
+          // Copy over existing properties for forwards compatibility
+          type: "http",
+          format: "json",
+          ...args.requireHttpAuth && { authentication: args.requireHttpAuth }
+          // Include only if defined
+        };
+      }, "http"),
+      worker: /* @__PURE__ */ __name(() => {
+        const existing = existingSources.find(
+          (s5) => s5.type === "binding"
+        );
+        return {
+          ...existing,
+          // Copy over existing properties for forwards compatibility
+          type: "binding",
+          format: "json"
+        };
+      }, "worker")
+    };
+    for (const source of args.source) {
+      const handler32 = sourceHandlers[source];
+      if (handler32) {
+        pipelineConfig.source.push(handler32());
+      }
     }
   }
-  if (args.enableHttp !== void 0) {
-    const source = pipelineConfig.source.find((s5) => s5.type === "http");
-    pipelineConfig.source = pipelineConfig.source.filter(
-      (s5) => s5.type !== "http"
+  if (pipelineConfig.source.length === 0) {
+    throw new UserError(
+      "No sources have been enabled. At least one source (HTTP or Worker Binding) should be enabled"
     );
-    if (args.enableHttp) {
-      const update = {
-        type: "http",
-        format: "json",
-        ...source
-      };
-      pipelineConfig.source.push(update);
-    }
-  }
-  const httpSource = pipelineConfig.source.find(
-    (s5) => s5.type === "http"
-  );
-  if (httpSource) {
-    if (args.requireHttpAuth) {
-      httpSource.authentication = args.requireHttpAuth;
-    }
-    if (args.corsOrigins && args.corsOrigins.length > 0) {
-      httpSource.cors = { origins: args.corsOrigins };
-    }
   }
   if (args.transformWorker) {
     if (args.transformWorker === "none") {
@@ -129465,19 +129585,24 @@ async function updatePipelineHandler(args) {
   if (args.r2Prefix) {
     pipelineConfig.destination.path.prefix = args.r2Prefix;
   }
-  if (args.partitionTemplate) {
-    pipelineConfig.destination.path.filepath = args.partitionTemplate;
-  }
-  if (args.fileTemplate) {
-    pipelineConfig.destination.path.filename = args.fileTemplate;
-  }
   if (args.shardCount) {
     pipelineConfig.metadata.shards = args.shardCount;
   }
-  logger.log(`\u{1F300} Updating Pipeline "${name2}"`);
+  const httpSource = pipelineConfig.source.find(
+    (s5) => s5.type === "http"
+  );
+  if (httpSource) {
+    if (args.requireHttpAuth) {
+      httpSource.authentication = args.requireHttpAuth;
+    }
+    if (args.corsOrigins) {
+      httpSource.cors = { origins: args.corsOrigins };
+    }
+  }
+  logger.log(`\u{1F300} Updating pipeline "${name2}"`);
   const pipeline = await updatePipeline(accountId, name2, pipelineConfig);
   logger.log(
-    `\u2705 Successfully updated Pipeline "${pipeline.name}" with ID ${pipeline.id}
+    `\u2705 Successfully updated pipeline "${pipeline.name}" with ID ${pipeline.id}
 `
   );
 }
@@ -129567,32 +129692,100 @@ __name(parseTransform, "parseTransform");
 function pipelines(pipelineYargs) {
   return pipelineYargs.command(
     "create <pipeline>",
-    "Create a new Pipeline",
+    "Create a new pipeline",
     addCreateOptions,
     createPipelineHandler
   ).command(
     "list",
-    "List current Pipelines",
+    "List all pipelines",
     (yargs) => yargs,
     listPipelinesHandler
   ).command(
-    "show <pipeline>",
-    "Show a Pipeline configuration",
-    addShowOptions,
-    showPipelineHandler
+    "get <pipeline>",
+    "Get a pipeline's configuration",
+    addGetOptions,
+    getPipelineHandler
   ).command(
     "update <pipeline>",
-    "Update a Pipeline",
+    "Update a pipeline",
     addUpdateOptions,
     updatePipelineHandler
   ).command(
     "delete <pipeline>",
-    "Delete a Pipeline",
+    "Delete a pipeline",
     addDeleteOptions,
     deletePipelineHandler
   );
 }
 __name(pipelines, "pipelines");
+function formatPipelinePretty(pipeline) {
+  let buffer = "";
+  const formatTypeLabels = {
+    json: "JSON"
+  };
+  buffer += `${formatLabelledValues({
+    Id: pipeline.id,
+    Name: pipeline.name
+  })}
+`;
+  buffer += "Sources:\n";
+  const httpSource = pipeline.source.find((s5) => s5.type === "http");
+  if (httpSource) {
+    const httpInfo = {
+      Endpoint: pipeline.endpoint,
+      Authentication: httpSource.authentication === true ? "on" : "off",
+      ...httpSource?.cors?.origins && {
+        "CORS Origins": httpSource.cors.origins.join(", ")
+      },
+      Format: formatTypeLabels[httpSource.format]
+    };
+    buffer += "  HTTP:\n";
+    buffer += `${formatLabelledValues(httpInfo, { indentationCount: 4 })}
+`;
+  }
+  const bindingSource = pipeline.source.find((s5) => s5.type === "binding");
+  if (bindingSource) {
+    const bindingInfo = {
+      Format: formatTypeLabels[bindingSource.format]
+    };
+    buffer += "  Worker:\n";
+    buffer += `${formatLabelledValues(bindingInfo, { indentationCount: 4 })}
+`;
+  }
+  const destinationInfo = {
+    Type: pipeline.destination.type.toUpperCase(),
+    Bucket: pipeline.destination.path.bucket,
+    Format: "newline-delimited JSON",
+    // TODO: Make dynamic once we support more output formats
+    ...pipeline.destination.path.prefix && {
+      Prefix: pipeline.destination.path.prefix
+    },
+    ...pipeline.destination.compression.type && {
+      Compression: pipeline.destination.compression.type.toUpperCase()
+    }
+  };
+  buffer += "Destination:\n";
+  buffer += `${formatLabelledValues(destinationInfo, { indentationCount: 2 })}
+`;
+  const batchHints = {
+    ...pipeline.destination.batch.max_bytes && {
+      "Max bytes": prettyBytes(pipeline.destination.batch.max_bytes)
+    },
+    ...pipeline.destination.batch.max_duration_s && {
+      "Max duration": `${pipeline.destination.batch.max_duration_s?.toLocaleString()} seconds`
+    },
+    ...pipeline.destination.batch.max_rows && {
+      "Max records": pipeline.destination.batch.max_rows?.toLocaleString()
+    }
+  };
+  if (Object.keys(batchHints).length > 0) {
+    buffer += "  Batch hints:\n";
+    buffer += `${formatLabelledValues(batchHints, { indentationCount: 4 })}
+`;
+  }
+  return buffer;
+}
+__name(formatPipelinePretty, "formatPipelinePretty");
 
 // src/pubsub/pubsub-commands.ts
 init_import_meta_url();
@@ -133375,6 +133568,7 @@ var secretsStoreSecretNamespace = createNamespace({
 
 // src/secrets-store/commands.ts
 init_import_meta_url();
+var import_miniflare20 = require("miniflare");
 
 // src/secrets-store/client.ts
 init_import_meta_url();
@@ -133464,6 +133658,27 @@ async function duplicateSecret(accountId, storeId, secretId, body) {
 __name(duplicateSecret, "duplicateSecret");
 
 // src/secrets-store/commands.ts
+async function usingLocalSecretsStoreSecretAPI(persistTo, config, storeId, secretName, closure) {
+  const persist = getLocalPersistencePath(persistTo, config);
+  const persistOptions = buildPersistOptions(persist);
+  const mf = new import_miniflare20.Miniflare({
+    script: 'addEventListener("fetch", (e) => e.respondWith(new Response(null, { status: 404 })))',
+    ...persistOptions,
+    secretsStoreSecrets: {
+      SECRET: {
+        store_id: storeId,
+        secret_name: secretName
+      }
+    }
+  });
+  const namespace = await mf.getSecretsStoreSecretAPI("SECRET");
+  try {
+    return await closure(namespace());
+  } finally {
+    await mf.dispose();
+  }
+}
+__name(usingLocalSecretsStoreSecretAPI, "usingLocalSecretsStoreSecretAPI");
 var secretsStoreStoreCreateCommand = createCommand({
   metadata: {
     description: "Create a store within an account",
@@ -133491,8 +133706,10 @@ var secretsStoreStoreCreateCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       store = await createStore(accountId, { name: args.name });
     } else {
-      logger.log(`Local mode enabled, this command is a no-op.`);
-      return;
+      throw new UserError(
+        "Local secrets stores are automatically created for you on use. To create a Secrets Store on your account, use the --remote flag.",
+        { telemetryMessage: true }
+      );
     }
     logger.log(`\u2705 Created store! (Name: ${args.name}, ID: ${store.id})`);
   }
@@ -133523,8 +133740,10 @@ var secretsStoreStoreDeleteCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       await deleteStore(accountId, args.storeId);
     } else {
-      logger.log(`Local mode enabled, this command is a no-op.`);
-      return;
+      throw new UserError(
+        "This command is not supported in local mode. Use `wrangler <cmd> --remote` to delete a Secrets Store from your account.",
+        { telemetryMessage: true }
+      );
     }
     logger.log(`\u2705 Deleted store! (ID: ${args.storeId})`);
   }
@@ -133563,7 +133782,7 @@ var secretsStoreStoreListCommand = createCommand({
       stores = await listStores(accountId, urlParams);
     } else {
       throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
+        "This command is not supported in local mode. Use `wrangler <cmd> --remote` to list Secrets Stores on your account.",
         { telemetryMessage: true }
       );
     }
@@ -133611,6 +133830,10 @@ var secretsStoreSecretListCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133625,10 +133848,23 @@ var secretsStoreSecretListCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       secrets = await listSecrets(accountId, args.storeId, urlParams);
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
-      );
+      secrets = (await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.list()
+      )).map((key) => ({
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: key.metadata.uuid,
+        store_id: args.storeId,
+        name: key.name,
+        comment: "",
+        scopes: [],
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "active"
+      }));
     }
     if (secrets.length === 0) {
       throw new FatalError("List request returned no secrets.", 1, {
@@ -133672,6 +133908,10 @@ var secretsStoreSecretGetCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133681,10 +133921,23 @@ var secretsStoreSecretGetCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       secret2 = await getSecret(accountId, args.storeId, args.secretId);
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
+      const name2 = await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.get(args.secretId)
       );
+      secret2 = {
+        id: args.secretId,
+        store_id: args.storeId,
+        name: name2,
+        comment: "",
+        scopes: [],
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "active"
+      };
     }
     const prettierSecret = [
       {
@@ -133739,6 +133992,10 @@ var secretsStoreSecretCreateCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133768,10 +134025,24 @@ var secretsStoreSecretCreateCommand = createCommand({
         comment: args.comment
       });
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
-      );
+      secrets = [
+        await usingLocalSecretsStoreSecretAPI(
+          args.persistTo,
+          config,
+          args.storeId,
+          args.name,
+          (api) => api.create(secretValue)
+        )
+      ].map((id) => ({
+        id,
+        store_id: args.storeId,
+        name: args.name,
+        comment: args.comment ?? "",
+        scopes: args.scopes.split(","),
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "pending"
+      }));
     }
     if (secrets.length === 0) {
       throw new FatalError("Failed to create a secret.", 1, {
@@ -133831,6 +134102,10 @@ var secretsStoreSecretUpdateCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133864,10 +134139,23 @@ var secretsStoreSecretUpdateCommand = createCommand({
         ...args.comment && { comment: args.comment }
       });
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
+      const name2 = await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.update(secretValue, args.secretId)
       );
+      secret2 = {
+        id: args.secretId,
+        store_id: args.storeId,
+        name: name2,
+        comment: "",
+        scopes: [],
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "active"
+      };
     }
     logger.log(`\u2705 Updated secret! (ID: ${secret2.id})`);
     const prettierSecret = [
@@ -133909,6 +134197,10 @@ var secretsStoreSecretDeleteCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133917,9 +134209,12 @@ var secretsStoreSecretDeleteCommand = createCommand({
       const accountId = config.account_id || await getAccountId();
       await deleteSecret(accountId, args.storeId, args.secretId);
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
+      await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.delete(args.secretId)
       );
     }
     logger.log(`\u2705 Deleted secret! (ID: ${args.secretId})`);
@@ -133965,6 +134260,10 @@ var secretsStoreSecretDuplicateCommand = createCommand({
       type: "boolean",
       description: "Execute command against remote Secrets Store",
       default: false
+    },
+    "persist-to": {
+      type: "string",
+      describe: "Directory for local persistence"
     }
   },
   async handler(args, { config }) {
@@ -133983,10 +134282,23 @@ var secretsStoreSecretDuplicateCommand = createCommand({
         }
       );
     } else {
-      throw new UserError(
-        "No local dev version of this command available, need to include --remote in command",
-        { telemetryMessage: true }
+      const duplicatedSecretId = await usingLocalSecretsStoreSecretAPI(
+        args.persistTo,
+        config,
+        args.storeId,
+        "",
+        (api) => api.duplicate(args.secretId, args.name)
       );
+      duplicatedSecret = {
+        id: duplicatedSecretId,
+        store_id: args.storeId,
+        name: args.name,
+        comment: "",
+        scopes: [],
+        created: (/* @__PURE__ */ new Date()).toISOString(),
+        modified: (/* @__PURE__ */ new Date()).toISOString(),
+        status: "active"
+      };
     }
     logger.log(`\u2705 Duplicated secret! (ID: ${duplicatedSecret.id})`);
     const prettierSecret = [
@@ -143450,7 +143762,7 @@ init_import_meta_url();
 var import_node_crypto13 = require("node:crypto");
 var fs22 = __toESM(require("node:fs"));
 var import_node_path56 = require("node:path");
-var import_miniflare21 = require("miniflare");
+var import_miniflare23 = require("miniflare");
 
 // src/dev/dev-vars.ts
 init_import_meta_url();
@@ -143496,7 +143808,7 @@ __name(isProcessEnvPopulated, "isProcessEnvPopulated");
 init_import_meta_url();
 var import_fs22 = require("fs");
 var import_promises32 = require("fs/promises");
-var import_miniflare20 = require("miniflare");
+var import_miniflare22 = require("miniflare");
 var import_workerd = require("workerd");
 var DEFAULT_OUTFILE_RELATIVE_PATH = "worker-configuration.d.ts";
 async function generateRuntimeTypes({
@@ -143542,7 +143854,7 @@ async function generate({
   compatibilityFlags = []
 }) {
   const worker = (0, import_fs22.readFileSync)(require.resolve("workerd/worker.mjs")).toString();
-  const mf = new import_miniflare20.Miniflare({
+  const mf = new import_miniflare22.Miniflare({
     compatibilityDate: "2024-01-01",
     compatibilityFlags: ["nodejs_compat", "rtti_api"],
     modules: true,
@@ -143764,7 +144076,7 @@ ${content.join("\n")}`,
     }
     const tsconfigPath = config.tsconfig ?? (0, import_node_path56.join)((0, import_node_path56.dirname)(config.configPath), "tsconfig.json");
     const tsconfigTypes = readTsconfigTypes(tsconfigPath);
-    const { mode } = (0, import_miniflare21.getNodeCompat)(
+    const { mode } = (0, import_miniflare23.getNodeCompat)(
       config.compatibility_date,
       config.compatibility_flags
     );
@@ -143849,7 +144161,8 @@ async function generateEnvTypes(config, args, envInterface, outputPath, entrypoi
     secrets,
     assets: config.assets,
     workflows: config.workflows,
-    pipelines: config.pipelines
+    pipelines: config.pipelines,
+    secrets_store_secrets: config.secrets_store_secrets
   };
   const entrypointFormat = entrypoint?.format ?? "modules";
   const fullOutputPath = (0, import_node_path56.resolve)(outputPath);
@@ -143911,6 +144224,14 @@ async function generateEnvTypes(config, args, envInterface, outputPath, entrypoi
       envTypeStructure.push([constructTypeKey(d12.binding), "D1Database"]);
     }
   }
+  if (configToDTS.secrets_store_secrets) {
+    for (const secretsStoreSecret of configToDTS.secrets_store_secrets) {
+      envTypeStructure.push([
+        constructTypeKey(secretsStoreSecret.binding),
+        "SecretsStoreSecret"
+      ]);
+    }
+  }
   if (configToDTS.services) {
     for (const service of configToDTS.services) {
       envTypeStructure.push([constructTypeKey(service.binding), "Fetcher"]);
@@ -150044,9 +150365,13 @@ function createCLIParser(argv) {
     }
   ]);
   registry.registerNamespace("workflows");
-  wrangler.command("pipelines", false, (pipelinesYargs) => {
-    return pipelines(pipelinesYargs.command(subHelp));
-  });
+  wrangler.command(
+    "pipelines",
+    `\u{1F6B0} Manage Cloudflare Pipelines ${source_default.hex(betaCmdColor)("[open beta]")}`,
+    (pipelinesYargs) => {
+      return pipelines(pipelinesYargs.command(subHelp));
+    }
+  );
   registry.define([
     {
       command: "wrangler login",
@@ -150425,7 +150750,7 @@ async function analyseBundle(workerBundle) {
       "`wrangler check startup` does not support service-worker format Workers. Refer to https://developers.cloudflare.com/workers/reference/migrate-to-module-workers/ for migration guidance."
     );
   }
-  const mf = new import_miniflare22.Miniflare({
+  const mf = new import_miniflare24.Miniflare({
     name: "profiler",
     compatibilityDate: metadata.compatibility_date,
     compatibilityFlags: metadata.compatibility_flags,
@@ -151905,7 +152230,7 @@ init_import_meta_url();
 // src/cli-hotkeys.ts
 init_import_meta_url();
 var import_readline = __toESM(require("readline"));
-var import_miniflare23 = require("miniflare");
+var import_miniflare25 = require("miniflare");
 
 // src/utils/onKeyPress.ts
 init_import_meta_url();
@@ -151999,16 +152324,16 @@ function cli_hotkeys_default(options33) {
   __name(printInstructions, "printInstructions");
   Logger.registerBeforeLogHook(clearPreviousInstructions);
   Logger.registerAfterLogHook(printInstructions);
-  import_miniflare23.Log.unstable_registerBeforeLogHook(clearPreviousInstructions);
-  import_miniflare23.Log.unstable_registerAfterLogHook(printInstructions);
+  import_miniflare25.Log.unstable_registerBeforeLogHook(clearPreviousInstructions);
+  import_miniflare25.Log.unstable_registerAfterLogHook(printInstructions);
   printInstructions();
   return () => {
     unregisterKeyPress();
     clearPreviousInstructions();
     Logger.registerBeforeLogHook(void 0);
     Logger.registerAfterLogHook(void 0);
-    import_miniflare23.Log.unstable_registerBeforeLogHook(void 0);
-    import_miniflare23.Log.unstable_registerAfterLogHook(void 0);
+    import_miniflare25.Log.unstable_registerBeforeLogHook(void 0);
+    import_miniflare25.Log.unstable_registerAfterLogHook(void 0);
   };
 }
 __name(cli_hotkeys_default, "default");
@@ -152474,6 +152799,7 @@ async function setupDevEnv(devEnv, configPath, auth, args) {
           d1_databases: args.d1Databases,
           vectorize: void 0,
           hyperdrive: void 0,
+          secrets_store_secrets: void 0,
           services: args.services,
           analytics_engine_datasets: void 0,
           dispatch_namespaces: void 0,
@@ -152833,6 +153159,7 @@ function getBindings2(configParam, env6, local, args) {
     d1_databases: mergedD1Bindings,
     vectorize: configParam.vectorize,
     hyperdrive: hyperdriveBindings,
+    secrets_store_secrets: configParam.secrets_store_secrets,
     services: mergedServiceBindings,
     analytics_engine_datasets: configParam.analytics_engine_datasets,
     browser: configParam.browser,
@@ -154042,7 +154369,7 @@ var ConfigController = class extends Controller {
 
 // src/api/startDevWorker/RemoteRuntimeController.ts
 init_import_meta_url();
-var import_miniflare26 = require("miniflare");
+var import_miniflare28 = require("miniflare");
 
 // src/dev/create-worker-preview.ts
 init_import_meta_url();
@@ -154399,7 +154726,7 @@ var RemoteRuntimeController = class extends RuntimeController {
   }
   #abortController = new AbortController();
   #currentBundleId = 0;
-  #mutex = new import_miniflare26.Mutex();
+  #mutex = new import_miniflare28.Mutex();
   #session;
   async #previewSession(props) {
     try {
@@ -154794,7 +155121,7 @@ init_import_meta_url();
 
 // src/api/integrations/platform/index.ts
 init_import_meta_url();
-var import_miniflare28 = require("miniflare");
+var import_miniflare30 = require("miniflare");
 
 // src/api/integrations/platform/caches.ts
 init_import_meta_url();
@@ -154861,7 +155188,7 @@ var ExecutionContext = class _ExecutionContext {
 
 // src/api/integrations/platform/services.ts
 init_import_meta_url();
-var import_miniflare27 = require("miniflare");
+var import_miniflare29 = require("miniflare");
 var import_undici26 = __toESM(require_undici());
 async function getServiceBindings(services = []) {
   if (services.length === 0) {
@@ -154913,9 +155240,9 @@ function getServiceBindingProxyFetch({
     try {
       const resp = await (0, import_undici26.fetch)(newUrl, request4);
       const respBody = await resp.arrayBuffer();
-      return new import_miniflare27.Response(respBody, resp);
+      return new import_miniflare29.Response(respBody, resp);
     } catch {
-      return new import_miniflare27.Response(
+      return new import_miniflare29.Response(
         `Error: Unable to fetch from external service (${serviceName} bound with ${bindingName} binding), please make sure that the service is still running with \`wrangler dev\``,
         { status: 500 }
       );
@@ -154946,7 +155273,7 @@ async function getPlatformProxy(options33 = {}) {
     },
     () => getMiniflareOptionsFromConfig(rawConfig, env6, options33)
   );
-  const mf = new import_miniflare28.Miniflare({
+  const mf = new import_miniflare30.Miniflare({
     script: "",
     modules: true,
     ...miniflareOptions
@@ -155065,7 +155392,7 @@ function unstable_getMiniflareWorkerOptions(configOrConfigPath, env6, options33)
   if (bindings.services !== void 0) {
     bindingOptions.serviceBindings = Object.fromEntries(
       bindings.services.map((binding) => {
-        const name2 = binding.service === config.name ? import_miniflare28.kCurrentWorker : binding.service;
+        const name2 = binding.service === config.name ? import_miniflare30.kCurrentWorker : binding.service;
         return [binding.binding, { name: name2, entrypoint: binding.entrypoint }];
       })
     );