wrangler 4.92.0 → 4.93.1

package/wrangler-dist/cli.js

@@ -9760,7 +9760,7 @@ var require_formdata = __commonJS({
     var { kEnumerableProperty } = require_util();
     var { webidl } = require_webidl();
     var nodeUtil = __require("util");
-    var FormData13 = class _FormData {
+    var FormData12 = class _FormData {
       static {
         __name(this, "FormData");
       }
@@ -9880,11 +9880,11 @@ var require_formdata = __commonJS({
         formData.#state = newState;
       }
     };
-    var { getFormDataState, setFormDataState } = FormData13;
-    Reflect.deleteProperty(FormData13, "getFormDataState");
-    Reflect.deleteProperty(FormData13, "setFormDataState");
-    iteratorMixin("FormData", FormData13, getFormDataState, "name", "value");
-    Object.defineProperties(FormData13.prototype, {
+    var { getFormDataState, setFormDataState } = FormData12;
+    Reflect.deleteProperty(FormData12, "getFormDataState");
+    Reflect.deleteProperty(FormData12, "setFormDataState");
+    iteratorMixin("FormData", FormData12, getFormDataState, "name", "value");
+    Object.defineProperties(FormData12.prototype, {
       append: kEnumerableProperty,
       delete: kEnumerableProperty,
       get: kEnumerableProperty,
@@ -9912,8 +9912,8 @@ var require_formdata = __commonJS({
       return { name: name2, value };
     }
     __name(makeEntry, "makeEntry");
-    webidl.is.FormData = webidl.util.MakeTypeAssertion(FormData13);
-    module2.exports = { FormData: FormData13, makeEntry, setFormDataState };
+    webidl.is.FormData = webidl.util.MakeTypeAssertion(FormData12);
+    module2.exports = { FormData: FormData12, makeEntry, setFormDataState };
   }
 });
 
@@ -10284,7 +10284,7 @@ var require_body = __commonJS({
       fullyReadBody,
       extractMimeType
     } = require_util2();
-    var { FormData: FormData13, setFormDataState } = require_formdata();
+    var { FormData: FormData12, setFormDataState } = require_formdata();
     var { webidl } = require_webidl();
     var assert63 = __require("assert");
     var { isErrored, isDisturbed } = __require("stream");
@@ -10480,13 +10480,13 @@ Content-Type: ${value.type || "application/octet-stream"}\r
               switch (mimeType.essence) {
                 case "multipart/form-data": {
                   const parsed = multipartFormDataParser(value, mimeType);
-                  const fd = new FormData13();
+                  const fd = new FormData12();
                   setFormDataState(fd, parsed);
                   return fd;
                 }
                 case "application/x-www-form-urlencoded": {
                   const entries2 = new URLSearchParams(value.toString());
-                  const fd = new FormData13();
+                  const fd = new FormData12();
                   for (const [name2, value2] of entries2) {
                     fd.append(name2, value2);
                   }
@@ -27170,7 +27170,7 @@ var require_permessage_deflate = __commonJS({
     var kBuffer = Symbol("kBuffer");
     var kLength = Symbol("kLength");
     var kDefaultMaxDecompressedSize = 4 * 1024 * 1024;
-    var PerMessageDeflate = class {
+    var PerMessageDeflate2 = class {
       static {
         __name(this, "PerMessageDeflate");
       }
@@ -27251,7 +27251,7 @@ var require_permessage_deflate = __commonJS({
         });
       }
     };
-    module2.exports = { PerMessageDeflate };
+    module2.exports = { PerMessageDeflate: PerMessageDeflate2 };
   }
 });
 
@@ -27273,7 +27273,7 @@ var require_receiver = __commonJS({
     } = require_util5();
     var { failWebsocketConnection } = require_connection();
     var { WebsocketFrameSend } = require_frame();
-    var { PerMessageDeflate } = require_permessage_deflate();
+    var { PerMessageDeflate: PerMessageDeflate2 } = require_permessage_deflate();
     var { MessageSizeExceededError } = require_errors();
     var ByteParser = class extends Writable5 {
       static {
@@ -27299,7 +27299,7 @@ var require_receiver = __commonJS({
         this.#handler = handler;
         this.#extensions = extensions == null ? /* @__PURE__ */ new Map() : extensions;
         if (this.#extensions.has("permessage-deflate")) {
-          this.#extensions.set("permessage-deflate", new PerMessageDeflate(extensions));
+          this.#extensions.set("permessage-deflate", new PerMessageDeflate2(extensions));
         }
       }
       /**
@@ -32704,19 +32704,19 @@ var init_dist = __esm({
               }
               __name(XDG, "XDG");
               __name2(XDG, "XDG");
-              var extension = isMacOS ? macos() : isWinOS ? windows() : linux();
-              XDG.cache = extension.cache;
-              XDG.config = extension.config;
-              XDG.data = extension.data;
-              XDG.runtime = extension.runtime;
-              XDG.state = extension.state;
+              var extension2 = isMacOS ? macos() : isWinOS ? windows() : linux();
+              XDG.cache = extension2.cache;
+              XDG.config = extension2.config;
+              XDG.data = extension2.data;
+              XDG.runtime = extension2.runtime;
+              XDG.state = extension2.state;
               XDG.configDirs = /* @__PURE__ */ __name2(/* @__PURE__ */ __name(function configDirs() {
                 var pathList = env6.get("XDG_CONFIG_DIRS");
-                return __spreadArray2([extension.config()], pathList ? pathList.split(path410.delimiter) : []);
+                return __spreadArray2([extension2.config()], pathList ? pathList.split(path410.delimiter) : []);
               }, "configDirs"), "configDirs");
               XDG.dataDirs = /* @__PURE__ */ __name2(/* @__PURE__ */ __name(function dataDirs() {
                 var pathList = env6.get("XDG_DATA_DIRS");
-                return __spreadArray2([extension.data()], pathList ? pathList.split(path410.delimiter) : []);
+                return __spreadArray2([extension2.data()], pathList ? pathList.split(path410.delimiter) : []);
               }, "dataDirs"), "dataDirs");
               return XDG;
             }
@@ -45233,6 +45233,36 @@ var init_inspect = __esm({
     __name(dockerImageInspect, "dockerImageInspect");
   }
 });
+function getFailedToRunDockerErrorMessage({
+  numberOfContainers,
+  isDev,
+  isDryRun
+}) {
+  const operation = isDev ? "running dev" : `deploying${isDryRun ? " (even in dry-run mode)" : ""}`;
+  const headline = `The Docker CLI is needed to build the configured ${numberOfContainers !== 1 ? "images" : "image"} before ${operation} but could not be launched.`;
+  let daemonHint;
+  if (process.platform === "darwin") {
+    daemonHint = "open the Docker Desktop app or run `open -a Docker`";
+  } else if (process.platform === "win32") {
+    daemonHint = "open the Docker Desktop app";
+  } else {
+    daemonHint = "run `sudo systemctl start docker`";
+  }
+  const steps = `To fix this, try the following:
+  - If Docker is not installed, download it from https://docs.docker.com/get-started/get-docker/
+  - If Docker is installed but the daemon is not running,
+    ${daemonHint}.
+  - If you use an alternative Docker-compatible CLI (e.g. Podman),
+    set the WRANGLER_DOCKER_BIN environment variable to its path and DOCKER_HOST to its socket.`;
+  const alternatives = "Note: Other container tooling that is compatible with the Docker CLI and engine may work, but is not yet guaranteed to do so.";
+  const hint = isDev ? "To suppress this error if you do not intend on triggering any container instances, set dev.enable_containers to false in your Wrangler config or pass --enable-containers=false." : "If you cannot run Docker locally, you can still deploy your Worker by passing --containers-rollout=none. This will not deploy or update your Container.";
+  return `${headline}
+${steps}
+
+${alternatives}
+
+${hint}`;
+}
 function getContainerIdsByImageTags(dockerPath, imageTags) {
   const ids = /* @__PURE__ */ new Set();
   for (const imageTag of imageTags) {
@@ -45306,8 +45336,9 @@ async function getImageRepoTags(dockerPath, imageTag) {
 async function cleanupDuplicateImageTags(dockerPath, imageTag) {
   try {
     const repoTags = await getImageRepoTags(dockerPath, imageTag);
+    const currentBuildId = getImageTag(imageTag);
     const tagsToRemove = repoTags.filter(
-      (tag) => tag !== imageTag && tag.startsWith("cloudflare-dev")
+      (tag) => tag.startsWith("cloudflare-dev") && getImageTag(tag) !== currentBuildId
     );
     if (tagsToRemove.length > 0) {
       runDockerCmdWithOutput(dockerPath, ["rmi", ...tagsToRemove]);
@@ -45315,6 +45346,10 @@ async function cleanupDuplicateImageTags(dockerPath, imageTag) {
   } catch {
   }
 }
+function getImageTag(imageTag) {
+  const tagSeparatorIndex = imageTag.lastIndexOf(":");
+  return tagSeparatorIndex === -1 ? void 0 : imageTag.slice(tagSeparatorIndex + 1);
+}
 var runDockerCmd, runDockerCmdWithOutput, isDockerRunning, verifyDockerInstalled, cleanupContainers, getContainerIdsFromImage;
 var init_utils = __esm({
   "../containers-shared/src/utils.ts"() {
@@ -45399,16 +45434,27 @@ var init_utils = __esm({
       }
       return true;
     }, "isDockerRunning");
-    verifyDockerInstalled = /* @__PURE__ */ __name(async (dockerPath, isDev = true) => {
+    verifyDockerInstalled = /* @__PURE__ */ __name(async ({
+      dockerPath,
+      numberOfContainers,
+      isDev = true,
+      isDryRun = false
+    }) => {
       const dockerIsRunning = await isDockerRunning(dockerPath);
       if (!dockerIsRunning) {
         throw new UserError(
-          `The Docker CLI could not be launched. Please ensure that the Docker CLI is installed and the daemon is running.
-Other container tooling that is compatible with the Docker CLI and engine may work, but is not yet guaranteed to do so. You can specify an executable with the environment variable WRANGLER_DOCKER_BIN and a socket with DOCKER_HOST.${isDev ? "\nTo suppress this error if you do not intend on triggering any container instances, set dev.enable_containers to false in your Wrangler config or passing in --enable-containers=false." : ""}`,
-          { telemetryMessage: false }
+          getFailedToRunDockerErrorMessage({
+            numberOfContainers,
+            isDev,
+            isDryRun
+          }),
+          {
+            telemetryMessage: false
+          }
         );
       }
     }, "verifyDockerInstalled");
+    __name(getFailedToRunDockerErrorMessage, "getFailedToRunDockerErrorMessage");
     cleanupContainers = /* @__PURE__ */ __name((dockerPath, imageTags) => {
       try {
         const containerIds = getContainerIdsByImageTags(dockerPath, imageTags);
@@ -45439,6 +45485,7 @@ Other container tooling that is compatible with the Docker CLI and engine may wo
     __name(resolveDockerHost, "resolveDockerHost");
     __name(getImageRepoTags, "getImageRepoTags");
     __name(cleanupDuplicateImageTags, "cleanupDuplicateImageTags");
+    __name(getImageTag, "getImageTag");
   }
 });
 
@@ -45507,7 +45554,10 @@ async function prepareContainerImagesForDev(args) {
       { telemetryMessage: false }
     );
   }
-  await verifyDockerInstalled(dockerPath);
+  await verifyDockerInstalled({
+    dockerPath,
+    numberOfContainers: containerOptions.length
+  });
   for (const options of containerOptions) {
     if ("dockerfile" in options) {
       const build5 = await buildImage(dockerPath, options);
@@ -49983,9 +50033,35 @@ function getWranglerHiddenDirPath(projectRoot) {
   projectRoot ??= process.cwd();
   return path3__namespace.default.join(projectRoot, ".wrangler");
 }
+function sweepStaleWranglerTmpDirs(tmpRoot) {
+  if (sweptTmpRoots.has(tmpRoot)) {
+    return;
+  }
+  sweptTmpRoots.add(tmpRoot);
+  let entries2;
+  try {
+    entries2 = fs27__namespace.default.readdirSync(tmpRoot, { withFileTypes: true });
+  } catch {
+    return;
+  }
+  const cutoff = Date.now() - STALE_WRANGLER_TMP_DIR_MS;
+  for (const entry of entries2) {
+    if (!entry.isDirectory()) {
+      continue;
+    }
+    const entryPath = path3__namespace.default.join(tmpRoot, entry.name);
+    try {
+      if (fs27__namespace.default.statSync(entryPath).mtimeMs < cutoff) {
+        removeDirSync(entryPath);
+      }
+    } catch {
+    }
+  }
+}
 function getWranglerTmpDir(projectRoot, prefix, cleanup = true) {
   const tmpRoot = path3__namespace.default.join(getWranglerHiddenDirPath(projectRoot), "tmp");
   fs27__namespace.default.mkdirSync(tmpRoot, { recursive: true });
+  sweepStaleWranglerTmpDirs(tmpRoot);
   const tmpPrefix = path3__namespace.default.join(tmpRoot, `${prefix}-`);
   const tmpDir = fs27__namespace.default.realpathSync(fs27__namespace.default.mkdtempSync(tmpPrefix));
   const cleanupDir = /* @__PURE__ */ __name(() => {
@@ -50005,7 +50081,7 @@ function getWranglerTmpDir(projectRoot, prefix, cleanup = true) {
     }
   };
 }
-var import_signal_exit2;
+var import_signal_exit2, STALE_WRANGLER_TMP_DIR_MS, sweptTmpRoots;
 var init_paths = __esm({
   "src/paths.ts"() {
     init_import_meta_url();
@@ -50015,6 +50091,9 @@ var init_paths = __esm({
     __name(readableRelative, "readableRelative");
     __name(getBasePath, "getBasePath");
     __name(getWranglerHiddenDirPath, "getWranglerHiddenDirPath");
+    STALE_WRANGLER_TMP_DIR_MS = 24 * 60 * 60 * 1e3;
+    sweptTmpRoots = /* @__PURE__ */ new Set();
+    __name(sweepStaleWranglerTmpDirs, "sweepStaleWranglerTmpDirs");
     __name(getWranglerTmpDir, "getWranglerTmpDir");
   }
 });
@@ -55872,7 +55951,7 @@ var name, version;
 var init_package = __esm({
   "package.json"() {
     name = "wrangler";
-    version = "4.92.0";
+    version = "4.93.1";
   }
 });
 function getWranglerVersion() {
@@ -62091,21 +62170,21 @@ var init_Mime = __esm({
           }
           const allExtensions = __classPrivateFieldGet(this, _Mime_typeToExtensions, "f").get(type);
           let first = true;
-          for (let extension of extensions) {
-            const starred = extension.startsWith("*");
-            extension = starred ? extension.slice(1) : extension;
-            allExtensions?.add(extension);
+          for (let extension2 of extensions) {
+            const starred = extension2.startsWith("*");
+            extension2 = starred ? extension2.slice(1) : extension2;
+            allExtensions?.add(extension2);
             if (first) {
-              __classPrivateFieldGet(this, _Mime_typeToExtension, "f").set(type, extension);
+              __classPrivateFieldGet(this, _Mime_typeToExtension, "f").set(type, extension2);
             }
             first = false;
             if (starred)
               continue;
-            const currentType = __classPrivateFieldGet(this, _Mime_extensionToType, "f").get(extension);
+            const currentType = __classPrivateFieldGet(this, _Mime_extensionToType, "f").get(extension2);
             if (currentType && currentType != type && !force) {
-              throw new Error(`"${type} -> ${extension}" conflicts with "${currentType} -> ${extension}". Pass \`force=true\` to override this definition.`);
+              throw new Error(`"${type} -> ${extension2}" conflicts with "${currentType} -> ${extension2}". Pass \`force=true\` to override this definition.`);
             }
-            __classPrivateFieldGet(this, _Mime_extensionToType, "f").set(extension, type);
+            __classPrivateFieldGet(this, _Mime_extensionToType, "f").set(extension2, type);
           }
         }
         return this;
@@ -133195,8 +133274,11 @@ var init_cfetch = __esm({
 });
 
 // src/user/fetch-accounts.ts
+function getErrorCode(err) {
+  return err?.code;
+}
 function isMembershipsInaccessible(err) {
-  const code = err?.code;
+  const code = getErrorCode(err);
   return code !== void 0 && MEMBERSHIPS_INACCESSIBLE_CODES.includes(code);
 }
 async function fetchAllAccounts(complianceConfig, options = {}) {
@@ -133216,6 +133298,16 @@ async function fetchAllAccounts(complianceConfig, options = {}) {
       if (accountsRes.status === "fulfilled" && accountsRes.value.length > 0) {
         return accountsRes.value;
       }
+      const errCode = getErrorCode(membershipsRes.reason);
+      if (errCode === 9106) {
+        throw new UserError(
+          `Failed to automatically retrieve account IDs for the logged in user.
+You may have incorrect permissions on your API token, or an environment variable such as CLOUDFLARE_API_TOKEN, CLOUDFLARE_API_KEY, or CLOUDFLARE_EMAIL may be set to an invalid value.
+Check your environment and unset or correct any Cloudflare credential variables, or run \`wrangler logout\` followed by \`wrangler login\` to re-authenticate.
+You can also skip this account check by adding an \`account_id\` in your ${configFileName(void 0)} file, or by setting the value of CLOUDFLARE_ACCOUNT_ID`,
+          { telemetryMessage: "user account fetch permission denied" }
+        );
+      }
       throw new UserError(
         `Failed to automatically retrieve account IDs for the logged in user.
 You may have incorrect permissions on your API token. You can skip this account check by adding an \`account_id\` in your ${configFileName(void 0)} file, or by setting the value of CLOUDFLARE_ACCOUNT_ID`,
@@ -133245,6 +133337,7 @@ var init_fetch_accounts = __esm({
     init_dist();
     init_cfetch();
     MEMBERSHIPS_INACCESSIBLE_CODES = [9106, 1e4];
+    __name(getErrorCode, "getErrorCode");
     __name(isMembershipsInaccessible, "isMembershipsInaccessible");
     __name(fetchAllAccounts, "fetchAllAccounts");
   }
@@ -133292,51 +133385,50 @@ function getAuthFromEnv() {
 function validateScopeKeys(scopes) {
   return scopes.every((scope) => scope in DefaultScopes);
 }
-function getAuthTokens(config) {
+function readStoredAuthState(config) {
+  let parsed;
   try {
-    if (getAuthFromEnv()) {
-      return;
-    }
-    const { oauth_token, refresh_token, expiration_time, scopes, api_token } = config || readAuthConfigFile();
-    if (oauth_token) {
-      return {
-        accessToken: {
-          value: oauth_token,
-          // If there is no `expiration_time` field then set it to an old date, to cause it to expire immediately.
-          expiry: expiration_time ?? "2000-01-01:00:00:00+00:00"
-        },
-        refreshToken: { value: refresh_token ?? "" },
-        scopes
-      };
-    } else if (api_token) {
+    parsed = config ?? readAuthConfigFile();
+  } catch {
+    return {};
+  }
+  const { oauth_token, refresh_token, expiration_time, scopes, api_token } = parsed;
+  if (oauth_token) {
+    return {
+      accessToken: {
+        value: oauth_token,
+        // If there is no `expiration_time` field then set it to an old date, to cause it to expire immediately.
+        expiry: expiration_time ?? "2000-01-01:00:00:00+00:00"
+      },
+      refreshToken: { value: refresh_token ?? "" },
+      scopes
+    };
+  }
+  if (api_token) {
+    if (!hasWarnedAboutDeprecatedV1ApiToken) {
+      hasWarnedAboutDeprecatedV1ApiToken = true;
       logger.warn(
         `It looks like you have used Wrangler v1's \`config\` command to login with an API token
 from ${config === void 0 ? getAuthConfigFilePath() : "in-memory config"}.
 This is no longer supported in the current version of Wrangler.
 If you wish to authenticate via an API token then please set the \`CLOUDFLARE_API_TOKEN\` environment variable.`
       );
-      return { apiToken: api_token };
     }
-  } catch {
-    return void 0;
+    return { deprecatedApiToken: api_token };
   }
-}
-function reinitialiseAuthTokens(config) {
-  localState = {
-    ...getAuthTokens(config)
-  };
+  return {};
 }
 function getAPIToken() {
-  if (localState.apiToken) {
-    return { apiToken: localState.apiToken };
+  const envAuth = getAuthFromEnv();
+  if (envAuth) {
+    return envAuth;
   }
-  const localAPIToken = getAuthFromEnv();
-  if (localAPIToken) {
-    return localAPIToken;
+  const stored = readStoredAuthState();
+  if (stored.deprecatedApiToken) {
+    return { apiToken: stored.deprecatedApiToken };
   }
-  const storedAccessToken = localState.accessToken?.value;
-  if (storedAccessToken) {
-    return { apiToken: storedAccessToken };
+  if (stored.accessToken?.value) {
+    return { apiToken: stored.accessToken.value };
   }
   return void 0;
 }
@@ -133407,9 +133499,8 @@ function isReturningFromAuthServer(query) {
   if (!code) {
     return false;
   }
-  const state2 = localState;
   const stateQueryParam = query.state;
-  if (stateQueryParam !== state2.stateQueryParam) {
+  if (stateQueryParam !== oauthFlowState.stateQueryParam) {
     logger.warn(
       "Received query string parameter doesn't match the one sent! Possible malicious activity somewhere."
     );
@@ -133418,14 +133509,14 @@ function isReturningFromAuthServer(query) {
     });
   }
   assert54__default.default(!Array.isArray(code));
-  state2.authorizationCode = code;
-  state2.hasAuthCodeBeenExchangedForAccessToken = false;
+  oauthFlowState.authorizationCode = code;
+  oauthFlowState.hasAuthCodeBeenExchangedForAccessToken = false;
   return true;
 }
 async function getAuthURL(scopes, clientId) {
   const { codeChallenge, codeVerifier } = await generatePKCECodes();
   const stateQueryParam = generateRandomState(RECOMMENDED_STATE_LENGTH);
-  Object.assign(localState, {
+  Object.assign(oauthFlowState, {
     codeChallenge,
     codeVerifier,
     stateQueryParam
@@ -133439,12 +133530,13 @@ async function getAuthURL(scopes, clientId) {
   });
 }
 async function exchangeRefreshTokenForAccessToken() {
-  if (!localState.refreshToken) {
+  const storedRefreshToken = readStoredAuthState().refreshToken;
+  if (!storedRefreshToken) {
     logger.warn("No refresh token is present.");
   }
   const params = new URLSearchParams({
     grant_type: "refresh_token",
-    refresh_token: localState.refreshToken?.value ?? "",
+    refresh_token: storedRefreshToken?.value ?? "",
     client_id: getClientIdFromEnv()
   });
   const response = await fetchAuthToken(params);
@@ -133470,25 +133562,15 @@ async function exchangeRefreshTokenForAccessToken() {
         throw json.error;
       }
       const { access_token, expires_in, refresh_token, scope } = json;
-      let scopes = [];
       const accessToken = {
         value: access_token,
         expiry: new Date(Date.now() + expires_in * 1e3).toISOString()
       };
-      localState.accessToken = accessToken;
-      if (refresh_token) {
-        localState.refreshToken = {
-          value: refresh_token
-        };
-      }
-      if (scope) {
-        scopes = scope.split(" ");
-        localState.scopes = scopes;
-      }
+      const scopes = scope ? scope.split(" ") : [];
       const accessContext = {
         token: accessToken,
         scopes,
-        refreshToken: localState.refreshToken
+        refreshToken: refresh_token ? { value: refresh_token } : storedRefreshToken
       };
       return accessContext;
     } catch (error2) {
@@ -133501,7 +133583,7 @@ async function exchangeRefreshTokenForAccessToken() {
   }
 }
 async function exchangeAuthCodeForAccessToken() {
-  const { authorizationCode, codeVerifier = "" } = localState;
+  const { authorizationCode, codeVerifier = "" } = oauthFlowState;
   if (!codeVerifier) {
     logger.warn("No code verifier is being sent.");
   } else if (!authorizationCode) {
@@ -133527,27 +133609,17 @@ async function exchangeAuthCodeForAccessToken() {
     throw new Error(json.error);
   }
   const { access_token, expires_in, refresh_token, scope } = json;
-  let scopes = [];
-  localState.hasAuthCodeBeenExchangedForAccessToken = true;
+  oauthFlowState.hasAuthCodeBeenExchangedForAccessToken = true;
   const expiryDate = new Date(Date.now() + expires_in * 1e3);
   const accessToken = {
     value: access_token,
     expiry: expiryDate.toISOString()
   };
-  localState.accessToken = accessToken;
-  if (refresh_token) {
-    localState.refreshToken = {
-      value: refresh_token
-    };
-  }
-  if (scope) {
-    scopes = scope.split(" ");
-    localState.scopes = scopes;
-  }
+  const scopes = scope ? scope.split(" ") : [];
   const accessContext = {
     token: accessToken,
     scopes,
-    refreshToken: localState.refreshToken
+    refreshToken: refresh_token ? { value: refresh_token } : void 0
   };
   return accessContext;
 }
@@ -133590,7 +133662,6 @@ function writeAuthConfigFile(config) {
   fs27.writeFileSync(path3__namespace.default.join(configPath), dist_default4.stringify(config), {
     encoding: "utf-8"
   });
-  reinitialiseAuthTokens();
 }
 function readAuthConfigFile() {
   return parseTOML(readFileSync(getAuthConfigFilePath()));
@@ -133598,7 +133669,7 @@ function readAuthConfigFile() {
 async function loginOrRefreshIfRequired(complianceConfig, props) {
   if (!getAPIToken()) {
     return !isNonInteractiveOrCI() && await login(complianceConfig, props);
-  } else if (isAccessTokenExpired()) {
+  } else if (isRefreshNeeded()) {
     const didRefresh = await refreshToken();
     if (didRefresh) {
       return true;
@@ -133610,16 +133681,18 @@ async function loginOrRefreshIfRequired(complianceConfig, props) {
   }
 }
 async function getOAuthTokenFromLocalState() {
-  if (!localState.accessToken) {
+  let stored = readStoredAuthState();
+  if (!stored.accessToken) {
     return void 0;
   }
-  if (isAccessTokenExpired()) {
+  if (isRefreshNeeded()) {
     const didRefresh = await refreshToken();
     if (!didRefresh) {
       return void 0;
     }
+    stored = readStoredAuthState();
   }
-  return localState.accessToken?.value;
+  return stored.accessToken?.value;
 }
 async function getOauthToken(options) {
   const urlToOpen = await getAuthURL(options.scopes, options.clientId);
@@ -133769,12 +133842,14 @@ async function login(complianceConfig, props = {
   purgeConfigCaches();
   return true;
 }
-function isAccessTokenExpired() {
-  const { accessToken } = localState;
+function isRefreshNeeded() {
+  if (getAuthFromEnv()) {
+    return false;
+  }
+  const { accessToken } = readStoredAuthState();
   return Boolean(accessToken && /* @__PURE__ */ new Date() >= new Date(accessToken.expiry));
 }
 async function refreshToken() {
-  reinitialiseAuthTokens();
   try {
     const {
       token: { value: oauth_token, expiry: expiration_time } = {
@@ -133806,25 +133881,12 @@ async function logout() {
     );
     return;
   }
-  if (!localState.accessToken) {
-    if (!localState.refreshToken) {
-      logger.log("Not logged in, exiting...");
-      return;
-    }
-    const body2 = `client_id=${encodeURIComponent(getClientIdFromEnv())}&token_type_hint=refresh_token&token=${encodeURIComponent(localState.refreshToken?.value || "")}`;
-    const response2 = await (0, import_undici5.fetch)(getRevokeUrlFromEnv(), {
-      method: "POST",
-      body: body2,
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
-      }
-    });
-    await response2.text();
-    logger.log(
-      "\u{1F481}  Wrangler is configured with an OAuth token. The token has been successfully revoked"
-    );
+  const storedRefreshToken = readStoredAuthState().refreshToken;
+  if (!storedRefreshToken) {
+    logger.log("Not logged in, exiting...");
+    return;
   }
-  const body = `client_id=${encodeURIComponent(getClientIdFromEnv())}&token_type_hint=refresh_token&token=${encodeURIComponent(localState.refreshToken?.value || "")}`;
+  const body = `client_id=${encodeURIComponent(getClientIdFromEnv())}&token_type_hint=refresh_token&token=${encodeURIComponent(storedRefreshToken.value || "")}`;
   const response = await (0, import_undici5.fetch)(getRevokeUrlFromEnv(), {
     method: "POST",
     body,
@@ -133919,17 +133981,13 @@ function requireApiToken() {
   return credentials;
 }
 function saveAccountToCache(account) {
-  localState.account = account;
   saveToConfigCache("wrangler-account.json", { account });
 }
 function getAccountFromCache() {
-  if (localState.account) {
-    return localState.account;
-  }
   return getConfigCache("wrangler-account.json").account;
 }
 function getScopes() {
-  return localState.scopes;
+  return readStoredAuthState().scopes;
 }
 function printScopes(scopes) {
   const data = scopes.map((scope) => ({
@@ -133992,7 +134050,7 @@ async function getJSONFromResponse(response) {
     );
   }
 }
-var import_ci_info4, import_undici5, USER_AUTH_CONFIG_PATH, DefaultScopes, DefaultScopeKeys, localState, ErrorOAuth2, ErrorUnknown, ErrorNoAuthCode, ErrorInvalidReturnedStateParam, ErrorInvalidJson, ErrorInvalidScope, ErrorInvalidRequest, ErrorInvalidToken, ErrorAuthenticationGrant, ErrorUnauthorizedClient, ErrorAccessDenied, ErrorUnsupportedResponseType, ErrorServerError, ErrorTemporarilyUnavailable, ErrorAccessTokenResponse, ErrorInvalidClient, ErrorInvalidGrant, ErrorUnsupportedGrantType, RECOMMENDED_CODE_VERIFIER_LENGTH, RECOMMENDED_STATE_LENGTH, PKCE_CHARSET;
+var import_ci_info4, import_undici5, USER_AUTH_CONFIG_PATH, DefaultScopes, DefaultScopeKeys, oauthFlowState, hasWarnedAboutDeprecatedV1ApiToken, ErrorOAuth2, ErrorUnknown, ErrorNoAuthCode, ErrorInvalidReturnedStateParam, ErrorInvalidJson, ErrorInvalidScope, ErrorInvalidRequest, ErrorInvalidToken, ErrorAuthenticationGrant, ErrorUnauthorizedClient, ErrorAccessDenied, ErrorUnsupportedResponseType, ErrorServerError, ErrorTemporarilyUnavailable, ErrorAccessTokenResponse, ErrorInvalidClient, ErrorInvalidGrant, ErrorUnsupportedGrantType, RECOMMENDED_CODE_VERIFIER_LENGTH, RECOMMENDED_STATE_LENGTH, PKCE_CHARSET;
 var init_user2 = __esm({
   "src/user/user.ts"() {
     init_import_meta_url();
@@ -134042,11 +134100,9 @@ var init_user2 = __esm({
     };
     DefaultScopeKeys = Object.keys(DefaultScopes);
     __name(validateScopeKeys, "validateScopeKeys");
-    localState = {
-      ...getAuthTokens()
-    };
-    __name(getAuthTokens, "getAuthTokens");
-    __name(reinitialiseAuthTokens, "reinitialiseAuthTokens");
+    oauthFlowState = {};
+    hasWarnedAboutDeprecatedV1ApiToken = false;
+    __name(readStoredAuthState, "readStoredAuthState");
     __name(getAPIToken, "getAPIToken");
     ErrorOAuth2 = class extends UserError {
       static {
@@ -134209,7 +134265,7 @@ var init_user2 = __esm({
     __name(getOAuthTokenFromLocalState, "getOAuthTokenFromLocalState");
     __name(getOauthToken, "getOauthToken");
     __name(login, "login");
-    __name(isAccessTokenExpired, "isAccessTokenExpired");
+    __name(isRefreshNeeded, "isRefreshNeeded");
     __name(refreshToken, "refreshToken");
     __name(logout, "logout");
     __name(listScopes, "listScopes");
@@ -137033,8 +137089,8 @@ function getMissingEntryPointMessage(absoluteEntryPointPath, relativeEntryPointP
       "index",
       "dist/index"
     ]) {
-      for (const extension of [".ts", ".tsx", ".js", ".jsx"]) {
-        const filePath = basenamePath + extension;
+      for (const extension2 of [".ts", ".tsx", ".js", ".jsx"]) {
+        const filePath = basenamePath + extension2;
         if (fileExists(path3__namespace.default.resolve(absoluteEntryPointPath, filePath))) {
           possiblePaths.push(path3__namespace.default.join(relativeEntryPointPath, filePath));
         }
@@ -148194,116 +148250,16 @@ var init_instances2 = __esm({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/stream.js
-var require_stream = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/stream.js"(exports, module2) {
-    init_import_meta_url();
-    var { Duplex: Duplex2 } = __require("stream");
-    function emitClose(stream2) {
-      stream2.emit("close");
-    }
-    __name(emitClose, "emitClose");
-    function duplexOnEnd() {
-      if (!this.destroyed && this._writableState.finished) {
-        this.destroy();
-      }
-    }
-    __name(duplexOnEnd, "duplexOnEnd");
-    function duplexOnError(err) {
-      this.removeListener("error", duplexOnError);
-      this.destroy();
-      if (this.listenerCount("error") === 0) {
-        this.emit("error", err);
-      }
-    }
-    __name(duplexOnError, "duplexOnError");
-    function createWebSocketStream2(ws, options) {
-      let terminateOnDestroy = true;
-      const duplex = new Duplex2({
-        ...options,
-        autoDestroy: false,
-        emitClose: false,
-        objectMode: false,
-        writableObjectMode: false
-      });
-      ws.on("message", /* @__PURE__ */ __name(function message(msg, isBinary) {
-        const data = !isBinary && duplex._readableState.objectMode ? msg.toString() : msg;
-        if (!duplex.push(data)) ws.pause();
-      }, "message"));
-      ws.once("error", /* @__PURE__ */ __name(function error2(err) {
-        if (duplex.destroyed) return;
-        terminateOnDestroy = false;
-        duplex.destroy(err);
-      }, "error"));
-      ws.once("close", /* @__PURE__ */ __name(function close2() {
-        if (duplex.destroyed) return;
-        duplex.push(null);
-      }, "close"));
-      duplex._destroy = function(err, callback) {
-        if (ws.readyState === ws.CLOSED) {
-          callback(err);
-          process.nextTick(emitClose, duplex);
-          return;
-        }
-        let called = false;
-        ws.once("error", /* @__PURE__ */ __name(function error2(err2) {
-          called = true;
-          callback(err2);
-        }, "error"));
-        ws.once("close", /* @__PURE__ */ __name(function close2() {
-          if (!called) callback(err);
-          process.nextTick(emitClose, duplex);
-        }, "close"));
-        if (terminateOnDestroy) ws.terminate();
-      };
-      duplex._final = function(callback) {
-        if (ws.readyState === ws.CONNECTING) {
-          ws.once("open", /* @__PURE__ */ __name(function open3() {
-            duplex._final(callback);
-          }, "open"));
-          return;
-        }
-        if (ws._socket === null) return;
-        if (ws._socket._writableState.finished) {
-          callback();
-          if (duplex._readableState.endEmitted) duplex.destroy();
-        } else {
-          ws._socket.once("finish", /* @__PURE__ */ __name(function finish() {
-            callback();
-          }, "finish"));
-          ws.close();
-        }
-      };
-      duplex._read = function() {
-        if (ws.isPaused) ws.resume();
-      };
-      duplex._write = function(chunk, encoding, callback) {
-        if (ws.readyState === ws.CONNECTING) {
-          ws.once("open", /* @__PURE__ */ __name(function open3() {
-            duplex._write(chunk, encoding, callback);
-          }, "open"));
-          return;
-        }
-        ws.send(chunk, callback);
-      };
-      duplex.on("end", duplexOnEnd);
-      duplex.on("error", duplexOnError);
-      return duplex;
-    }
-    __name(createWebSocketStream2, "createWebSocketStream");
-    module2.exports = createWebSocketStream2;
-  }
-});
-
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/constants.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/constants.js
 var require_constants7 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/constants.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/constants.js"(exports, module2) {
     init_import_meta_url();
     var BINARY_TYPES = ["nodebuffer", "arraybuffer", "fragments"];
     var hasBlob = typeof Blob !== "undefined";
     if (hasBlob) BINARY_TYPES.push("blob");
     module2.exports = {
       BINARY_TYPES,
+      CLOSE_TIMEOUT: 3e4,
       EMPTY_BUFFER: Buffer.alloc(0),
       GUID: "258EAFA5-E914-47DA-95CA-C5AB0DC85B11",
       hasBlob,
@@ -148317,9 +148273,9 @@ var require_constants7 = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/buffer-util.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/buffer-util.js
 var require_buffer_util = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/buffer-util.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/buffer-util.js"(exports, module2) {
     init_import_meta_url();
     var { EMPTY_BUFFER } = require_constants7();
     var FastBuffer = Buffer[Symbol.species];
@@ -148397,9 +148353,9 @@ var require_buffer_util = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/limiter.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/limiter.js
 var require_limiter = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/limiter.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/limiter.js"(exports, module2) {
     init_import_meta_url();
     var kDone = Symbol("kDone");
     var kRun = Symbol("kRun");
@@ -148450,9 +148406,9 @@ var require_limiter = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/permessage-deflate.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/permessage-deflate.js
 var require_permessage_deflate2 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/permessage-deflate.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/permessage-deflate.js"(exports, module2) {
     init_import_meta_url();
     var zlib3 = __require("zlib");
     var bufferUtil = require_buffer_util();
@@ -148466,7 +148422,7 @@ var require_permessage_deflate2 = __commonJS({
     var kBuffers = Symbol("buffers");
     var kError = Symbol("error");
     var zlibLimiter;
-    var PerMessageDeflate = class {
+    var PerMessageDeflate2 = class {
       static {
         __name(this, "PerMessageDeflate");
       }
@@ -148480,6 +148436,9 @@ var require_permessage_deflate2 = __commonJS({
        *     acknowledge disabling of client context takeover
        * @param {Number} [options.concurrencyLimit=10] The number of concurrent
        *     calls to zlib
+       * @param {Boolean} [options.isServer=false] Create the instance in either
+       *     server or client mode
+       * @param {Number} [options.maxPayload=0] The maximum allowed message length
        * @param {(Boolean|Number)} [options.serverMaxWindowBits] Request/confirm the
        *     use of a custom server window size
        * @param {Boolean} [options.serverNoContextTakeover=false] Request/accept
@@ -148490,15 +148449,12 @@ var require_permessage_deflate2 = __commonJS({
        *     deflate
        * @param {Object} [options.zlibInflateOptions] Options to pass to zlib on
        *     inflate
-       * @param {Boolean} [isServer=false] Create the instance in either server or
-       *     client mode
-       * @param {Number} [maxPayload=0] The maximum allowed message length
        */
-      constructor(options, isServer, maxPayload) {
-        this._maxPayload = maxPayload | 0;
+      constructor(options) {
         this._options = options || {};
         this._threshold = this._options.threshold !== void 0 ? this._options.threshold : 1024;
-        this._isServer = !!isServer;
+        this._maxPayload = this._options.maxPayload | 0;
+        this._isServer = !!this._options.isServer;
         this._deflate = null;
         this._inflate = null;
         this.params = null;
@@ -148807,7 +148763,7 @@ var require_permessage_deflate2 = __commonJS({
         });
       }
     };
-    module2.exports = PerMessageDeflate;
+    module2.exports = PerMessageDeflate2;
     function deflateOnData(chunk) {
       this[kBuffers].push(chunk);
       this[kTotalLength] += chunk.length;
@@ -148828,6 +148784,10 @@ var require_permessage_deflate2 = __commonJS({
     __name(inflateOnData, "inflateOnData");
     function inflateOnError(err) {
       this[kPerMessageDeflate]._inflate = null;
+      if (this[kError]) {
+        this[kCallback](this[kError]);
+        return;
+      }
       err[kStatusCode] = 1007;
       this[kCallback](err);
     }
@@ -148835,9 +148795,9 @@ var require_permessage_deflate2 = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/validation.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/validation.js
 var require_validation = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/validation.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/validation.js"(exports, module2) {
     init_import_meta_url();
     var { isUtf8 } = __require("buffer");
     var { hasBlob } = require_constants7();
@@ -149039,12 +148999,12 @@ var require_validation = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/receiver.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/receiver.js
 var require_receiver2 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/receiver.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/receiver.js"(exports, module2) {
     init_import_meta_url();
     var { Writable: Writable5 } = __require("stream");
-    var PerMessageDeflate = require_permessage_deflate2();
+    var PerMessageDeflate2 = require_permessage_deflate2();
     var {
       BINARY_TYPES,
       EMPTY_BUFFER,
@@ -149214,7 +149174,7 @@ var require_receiver2 = __commonJS({
           return;
         }
         const compressed = (buf[0] & 64) === 64;
-        if (compressed && !this._extensions[PerMessageDeflate.extensionName]) {
+        if (compressed && !this._extensions[PerMessageDeflate2.extensionName]) {
           const error2 = this.createError(
             RangeError,
             "RSV1 must be clear",
@@ -149458,7 +149418,7 @@ var require_receiver2 = __commonJS({
        * @private
        */
       decompress(data, cb2) {
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         perMessageDeflate.decompress(data, this._fin, (err, buf) => {
           if (err) return cb2(err);
           if (buf.length) {
@@ -149634,13 +149594,16 @@ var require_receiver2 = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/sender.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/sender.js
 var require_sender2 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/sender.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/sender.js"(exports, module2) {
     init_import_meta_url();
     var { Duplex: Duplex2 } = __require("stream");
     var { randomFillSync } = __require("crypto");
-    var PerMessageDeflate = require_permessage_deflate2();
+    var {
+      types: { isUint8Array }
+    } = __require("util");
+    var PerMessageDeflate2 = require_permessage_deflate2();
     var { EMPTY_BUFFER, kWebSocket, NOOP } = require_constants7();
     var { isBlob: isBlob5, isValidStatusCode } = require_validation();
     var { mask: applyMask, toBuffer } = require_buffer_util();
@@ -149796,8 +149759,10 @@ var require_sender2 = __commonJS({
           buf.writeUInt16BE(code, 0);
           if (typeof data === "string") {
             buf.write(data, 2);
-          } else {
+          } else if (isUint8Array(data)) {
             buf.set(data, 2);
+          } else {
+            throw new TypeError("Second argument must be a string or a Uint8Array");
           }
         }
         const options = {
@@ -149927,7 +149892,7 @@ var require_sender2 = __commonJS({
        * @public
        */
       send(data, options, cb2) {
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         let opcode = options.binary ? 2 : 1;
         let rsv1 = options.compress;
         let byteLength;
@@ -150051,7 +150016,7 @@ var require_sender2 = __commonJS({
           this.sendFrame(_Sender.frame(data, options), cb2);
           return;
         }
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         this._bufferedBytes += options[kByteLength];
         this._state = DEFLATING;
         perMessageDeflate.compress(data, options.fin, (_4, buf) => {
@@ -150094,7 +150059,7 @@ var require_sender2 = __commonJS({
       /**
        * Sends a frame.
        *
-       * @param {Buffer[]} list The frame to send
+       * @param {(Buffer | String)[]} list The frame to send
        * @param {Function} [cb] Callback
        * @private
        */
@@ -150127,9 +150092,9 @@ var require_sender2 = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/event-target.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/event-target.js
 var require_event_target = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/event-target.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/event-target.js"(exports, module2) {
     init_import_meta_url();
     var { kForOnEventAttribute, kListener } = require_constants7();
     var kCode = Symbol("kCode");
@@ -150369,9 +150334,9 @@ var require_event_target = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/extension.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/extension.js
 var require_extension = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/extension.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/extension.js"(exports, module2) {
     init_import_meta_url();
     var { tokenChars } = require_validation();
     function push2(dest, name2, elem) {
@@ -150506,11 +150471,11 @@ var require_extension = __commonJS({
     }
     __name(parse15, "parse");
     function format9(extensions) {
-      return Object.keys(extensions).map((extension) => {
-        let configurations = extensions[extension];
+      return Object.keys(extensions).map((extension2) => {
+        let configurations = extensions[extension2];
         if (!Array.isArray(configurations)) configurations = [configurations];
         return configurations.map((params) => {
-          return [extension].concat(
+          return [extension2].concat(
             Object.keys(params).map((k6) => {
               let values = params[k6];
               if (!Array.isArray(values)) values = [values];
@@ -150525,9 +150490,9 @@ var require_extension = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/websocket.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/websocket.js
 var require_websocket2 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/websocket.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/websocket.js"(exports, module2) {
     init_import_meta_url();
     var EventEmitter5 = __require("events");
     var https3 = __require("https");
@@ -150537,12 +150502,13 @@ var require_websocket2 = __commonJS({
     var { randomBytes: randomBytes2, createHash: createHash9 } = __require("crypto");
     var { Duplex: Duplex2, Readable: Readable11 } = __require("stream");
     var { URL: URL8 } = __require("url");
-    var PerMessageDeflate = require_permessage_deflate2();
+    var PerMessageDeflate2 = require_permessage_deflate2();
     var Receiver2 = require_receiver2();
     var Sender2 = require_sender2();
     var { isBlob: isBlob5 } = require_validation();
     var {
       BINARY_TYPES,
+      CLOSE_TIMEOUT,
       EMPTY_BUFFER,
       GUID,
       kForOnEventAttribute,
@@ -150556,7 +150522,6 @@ var require_websocket2 = __commonJS({
     } = require_event_target();
     var { format: format9, parse: parse15 } = require_extension();
     var { toBuffer } = require_buffer_util();
-    var closeTimeout = 30 * 1e3;
     var kAborted = Symbol("kAborted");
     var protocolVersions = [8, 13];
     var readyStates = ["CONNECTING", "OPEN", "CLOSING", "CLOSED"];
@@ -150605,6 +150570,7 @@ var require_websocket2 = __commonJS({
           initAsClient(this, address, protocols, options);
         } else {
           this._autoPong = options.autoPong;
+          this._closeTimeout = options.closeTimeout;
           this._isServer = true;
         }
       }
@@ -150747,8 +150713,8 @@ var require_websocket2 = __commonJS({
           this.emit("close", this._closeCode, this._closeMessage);
           return;
         }
-        if (this._extensions[PerMessageDeflate.extensionName]) {
-          this._extensions[PerMessageDeflate.extensionName].cleanup();
+        if (this._extensions[PerMessageDeflate2.extensionName]) {
+          this._extensions[PerMessageDeflate2.extensionName].cleanup();
         }
         this._receiver.removeAllListeners();
         this._readyState = _WebSocket.CLOSED;
@@ -150910,7 +150876,7 @@ var require_websocket2 = __commonJS({
           fin: true,
           ...options
         };
-        if (!this._extensions[PerMessageDeflate.extensionName]) {
+        if (!this._extensions[PerMessageDeflate2.extensionName]) {
           opts.compress = false;
         }
         this._sender.send(data || EMPTY_BUFFER, opts, cb2);
@@ -151006,6 +150972,7 @@ var require_websocket2 = __commonJS({
       const opts = {
         allowSynchronousEvents: true,
         autoPong: true,
+        closeTimeout: CLOSE_TIMEOUT,
         protocolVersion: protocolVersions[1],
         maxPayload: 100 * 1024 * 1024,
         skipUTF8Validation: false,
@@ -151023,6 +150990,7 @@ var require_websocket2 = __commonJS({
         port: void 0
       };
       websocket._autoPong = opts.autoPong;
+      websocket._closeTimeout = opts.closeTimeout;
       if (!protocolVersions.includes(opts.protocolVersion)) {
         throw new RangeError(
           `Unsupported protocol version: ${opts.protocolVersion} (supported versions: ${protocolVersions.join(", ")})`
@@ -151034,7 +151002,7 @@ var require_websocket2 = __commonJS({
       } else {
         try {
           parsedUrl = new URL8(address);
-        } catch (e9) {
+        } catch {
           throw new SyntaxError(`Invalid URL: ${address}`);
         }
       }
@@ -151048,7 +151016,7 @@ var require_websocket2 = __commonJS({
       const isIpcUrl = parsedUrl.protocol === "ws+unix:";
       let invalidUrlMessage;
       if (parsedUrl.protocol !== "ws:" && !isSecure && !isIpcUrl) {
-        invalidUrlMessage = `The URL's protocol must be one of "ws:", "wss:", "http:", "https", or "ws+unix:"`;
+        invalidUrlMessage = `The URL's protocol must be one of "ws:", "wss:", "http:", "https:", or "ws+unix:"`;
       } else if (isIpcUrl && !parsedUrl.pathname) {
         invalidUrlMessage = "The URL's pathname is empty";
       } else if (parsedUrl.hash) {
@@ -151082,13 +151050,13 @@ var require_websocket2 = __commonJS({
       opts.path = parsedUrl.pathname + parsedUrl.search;
       opts.timeout = opts.handshakeTimeout;
       if (opts.perMessageDeflate) {
-        perMessageDeflate = new PerMessageDeflate(
-          opts.perMessageDeflate !== true ? opts.perMessageDeflate : {},
-          false,
-          opts.maxPayload
-        );
+        perMessageDeflate = new PerMessageDeflate2({
+          ...opts.perMessageDeflate,
+          isServer: false,
+          maxPayload: opts.maxPayload
+        });
         opts.headers["Sec-WebSocket-Extensions"] = format9({
-          [PerMessageDeflate.extensionName]: perMessageDeflate.offer()
+          [PerMessageDeflate2.extensionName]: perMessageDeflate.offer()
         });
       }
       if (protocols.length) {
@@ -151231,19 +151199,19 @@ var require_websocket2 = __commonJS({
             return;
           }
           const extensionNames = Object.keys(extensions);
-          if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate.extensionName) {
+          if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate2.extensionName) {
             const message = "Server indicated an extension that was not requested";
             abortHandshake(websocket, socket, message);
             return;
           }
           try {
-            perMessageDeflate.accept(extensions[PerMessageDeflate.extensionName]);
+            perMessageDeflate.accept(extensions[PerMessageDeflate2.extensionName]);
           } catch (err) {
             const message = "Invalid Sec-WebSocket-Extensions header";
             abortHandshake(websocket, socket, message);
             return;
           }
-          websocket._extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
+          websocket._extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
         }
         websocket.setSocket(socket, head, {
           allowSynchronousEvents: opts.allowSynchronousEvents,
@@ -151380,7 +151348,7 @@ var require_websocket2 = __commonJS({
     function setCloseTimer(websocket) {
       websocket._closeTimer = setTimeout(
         websocket._socket.destroy.bind(websocket._socket),
-        closeTimeout
+        websocket._closeTimeout
       );
     }
     __name(setCloseTimer, "setCloseTimer");
@@ -151390,8 +151358,8 @@ var require_websocket2 = __commonJS({
       this.removeListener("data", socketOnData);
       this.removeListener("end", socketOnEnd);
       websocket._readyState = WebSocket2.CLOSING;
-      let chunk;
-      if (!this._readableState.endEmitted && !websocket._closeFrameReceived && !websocket._receiver._writableState.errorEmitted && (chunk = websocket._socket.read()) !== null) {
+      if (!this._readableState.endEmitted && !websocket._closeFrameReceived && !websocket._receiver._writableState.errorEmitted && this._readableState.length !== 0) {
+        const chunk = this.read(this._readableState.length);
         websocket._receiver.write(chunk);
       }
       websocket._receiver.end();
@@ -151431,9 +151399,111 @@ var require_websocket2 = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/subprotocol.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/stream.js
+var require_stream = __commonJS({
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/stream.js"(exports, module2) {
+    init_import_meta_url();
+    require_websocket2();
+    var { Duplex: Duplex2 } = __require("stream");
+    function emitClose(stream2) {
+      stream2.emit("close");
+    }
+    __name(emitClose, "emitClose");
+    function duplexOnEnd() {
+      if (!this.destroyed && this._writableState.finished) {
+        this.destroy();
+      }
+    }
+    __name(duplexOnEnd, "duplexOnEnd");
+    function duplexOnError(err) {
+      this.removeListener("error", duplexOnError);
+      this.destroy();
+      if (this.listenerCount("error") === 0) {
+        this.emit("error", err);
+      }
+    }
+    __name(duplexOnError, "duplexOnError");
+    function createWebSocketStream2(ws, options) {
+      let terminateOnDestroy = true;
+      const duplex = new Duplex2({
+        ...options,
+        autoDestroy: false,
+        emitClose: false,
+        objectMode: false,
+        writableObjectMode: false
+      });
+      ws.on("message", /* @__PURE__ */ __name(function message(msg, isBinary) {
+        const data = !isBinary && duplex._readableState.objectMode ? msg.toString() : msg;
+        if (!duplex.push(data)) ws.pause();
+      }, "message"));
+      ws.once("error", /* @__PURE__ */ __name(function error2(err) {
+        if (duplex.destroyed) return;
+        terminateOnDestroy = false;
+        duplex.destroy(err);
+      }, "error"));
+      ws.once("close", /* @__PURE__ */ __name(function close2() {
+        if (duplex.destroyed) return;
+        duplex.push(null);
+      }, "close"));
+      duplex._destroy = function(err, callback) {
+        if (ws.readyState === ws.CLOSED) {
+          callback(err);
+          process.nextTick(emitClose, duplex);
+          return;
+        }
+        let called = false;
+        ws.once("error", /* @__PURE__ */ __name(function error2(err2) {
+          called = true;
+          callback(err2);
+        }, "error"));
+        ws.once("close", /* @__PURE__ */ __name(function close2() {
+          if (!called) callback(err);
+          process.nextTick(emitClose, duplex);
+        }, "close"));
+        if (terminateOnDestroy) ws.terminate();
+      };
+      duplex._final = function(callback) {
+        if (ws.readyState === ws.CONNECTING) {
+          ws.once("open", /* @__PURE__ */ __name(function open3() {
+            duplex._final(callback);
+          }, "open"));
+          return;
+        }
+        if (ws._socket === null) return;
+        if (ws._socket._writableState.finished) {
+          callback();
+          if (duplex._readableState.endEmitted) duplex.destroy();
+        } else {
+          ws._socket.once("finish", /* @__PURE__ */ __name(function finish() {
+            callback();
+          }, "finish"));
+          ws.close();
+        }
+      };
+      duplex._read = function() {
+        if (ws.isPaused) ws.resume();
+      };
+      duplex._write = function(chunk, encoding, callback) {
+        if (ws.readyState === ws.CONNECTING) {
+          ws.once("open", /* @__PURE__ */ __name(function open3() {
+            duplex._write(chunk, encoding, callback);
+          }, "open"));
+          return;
+        }
+        ws.send(chunk, callback);
+      };
+      duplex.on("end", duplexOnEnd);
+      duplex.on("error", duplexOnError);
+      return duplex;
+    }
+    __name(createWebSocketStream2, "createWebSocketStream");
+    module2.exports = createWebSocketStream2;
+  }
+});
+
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/subprotocol.js
 var require_subprotocol = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/subprotocol.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/subprotocol.js"(exports, module2) {
     init_import_meta_url();
     var { tokenChars } = require_validation();
     function parse15(header) {
@@ -151477,19 +151547,19 @@ var require_subprotocol = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/websocket-server.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/websocket-server.js
 var require_websocket_server = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/websocket-server.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/websocket-server.js"(exports, module2) {
     init_import_meta_url();
     var EventEmitter5 = __require("events");
     var http6 = __require("http");
     var { Duplex: Duplex2 } = __require("stream");
     var { createHash: createHash9 } = __require("crypto");
-    var extension = require_extension();
-    var PerMessageDeflate = require_permessage_deflate2();
-    var subprotocol = require_subprotocol();
+    var extension2 = require_extension();
+    var PerMessageDeflate2 = require_permessage_deflate2();
+    var subprotocol2 = require_subprotocol();
     var WebSocket2 = require_websocket2();
-    var { GUID, kWebSocket } = require_constants7();
+    var { CLOSE_TIMEOUT, GUID, kWebSocket } = require_constants7();
     var keyRegex = /^[+/0-9A-Za-z]{22}==$/;
     var RUNNING = 0;
     var CLOSING = 1;
@@ -151511,6 +151581,9 @@ var require_websocket_server = __commonJS({
        *     pending connections
        * @param {Boolean} [options.clientTracking=true] Specifies whether or not to
        *     track clients
+       * @param {Number} [options.closeTimeout=30000] Duration in milliseconds to
+       *     wait for the closing handshake to finish after `websocket.close()` is
+       *     called
        * @param {Function} [options.handleProtocols] A hook to handle protocols
        * @param {String} [options.host] The hostname where to bind the server
        * @param {Number} [options.maxPayload=104857600] The maximum allowed message
@@ -151539,6 +151612,7 @@ var require_websocket_server = __commonJS({
           perMessageDeflate: false,
           handleProtocols: null,
           clientTracking: true,
+          closeTimeout: CLOSE_TIMEOUT,
           verifyClient: null,
           noServer: false,
           backlog: null,
@@ -151694,9 +151768,11 @@ var require_websocket_server = __commonJS({
           abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
           return;
         }
-        if (version5 !== 8 && version5 !== 13) {
+        if (version5 !== 13 && version5 !== 8) {
           const message = "Missing or invalid Sec-WebSocket-Version header";
-          abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
+          abortHandshakeOrEmitwsClientError(this, req, socket, 400, message, {
+            "Sec-WebSocket-Version": "13, 8"
+          });
           return;
         }
         if (!this.shouldHandle(req)) {
@@ -151707,7 +151783,7 @@ var require_websocket_server = __commonJS({
         let protocols = /* @__PURE__ */ new Set();
         if (secWebSocketProtocol !== void 0) {
           try {
-            protocols = subprotocol.parse(secWebSocketProtocol);
+            protocols = subprotocol2.parse(secWebSocketProtocol);
           } catch (err) {
             const message = "Invalid Sec-WebSocket-Protocol header";
             abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
@@ -151717,16 +151793,16 @@ var require_websocket_server = __commonJS({
         const secWebSocketExtensions = req.headers["sec-websocket-extensions"];
         const extensions = {};
         if (this.options.perMessageDeflate && secWebSocketExtensions !== void 0) {
-          const perMessageDeflate = new PerMessageDeflate(
-            this.options.perMessageDeflate,
-            true,
-            this.options.maxPayload
-          );
+          const perMessageDeflate = new PerMessageDeflate2({
+            ...this.options.perMessageDeflate,
+            isServer: true,
+            maxPayload: this.options.maxPayload
+          });
           try {
-            const offers = extension.parse(secWebSocketExtensions);
-            if (offers[PerMessageDeflate.extensionName]) {
-              perMessageDeflate.accept(offers[PerMessageDeflate.extensionName]);
-              extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
+            const offers = extension2.parse(secWebSocketExtensions);
+            if (offers[PerMessageDeflate2.extensionName]) {
+              perMessageDeflate.accept(offers[PerMessageDeflate2.extensionName]);
+              extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
             }
           } catch (err) {
             const message = "Invalid or unacceptable Sec-WebSocket-Extensions header";
@@ -151797,10 +151873,10 @@ var require_websocket_server = __commonJS({
             ws._protocol = protocol;
           }
         }
-        if (extensions[PerMessageDeflate.extensionName]) {
-          const params = extensions[PerMessageDeflate.extensionName].params;
-          const value = extension.format({
-            [PerMessageDeflate.extensionName]: [params]
+        if (extensions[PerMessageDeflate2.extensionName]) {
+          const params = extensions[PerMessageDeflate2.extensionName].params;
+          const value = extension2.format({
+            [PerMessageDeflate2.extensionName]: [params]
           });
           headers.push(`Sec-WebSocket-Extensions: ${value}`);
           ws._extensions = extensions;
@@ -151859,27 +151935,30 @@ var require_websocket_server = __commonJS({
       );
     }
     __name(abortHandshake, "abortHandshake");
-    function abortHandshakeOrEmitwsClientError(server, req, socket, code, message) {
+    function abortHandshakeOrEmitwsClientError(server, req, socket, code, message, headers) {
       if (server.listenerCount("wsClientError")) {
         const err = new Error(message);
         Error.captureStackTrace(err, abortHandshakeOrEmitwsClientError);
         server.emit("wsClientError", err, socket, req);
       } else {
-        abortHandshake(socket, code, message);
+        abortHandshake(socket, code, message, headers);
       }
     }
     __name(abortHandshakeOrEmitwsClientError, "abortHandshakeOrEmitwsClientError");
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/wrapper.mjs
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/wrapper.mjs
 var import_websocket, wrapper_default;
 var init_wrapper = __esm({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/wrapper.mjs"() {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/wrapper.mjs"() {
     init_import_meta_url();
     __toESM(require_stream(), 1);
+    __toESM(require_extension(), 1);
+    __toESM(require_permessage_deflate2(), 1);
     __toESM(require_receiver2(), 1);
     __toESM(require_sender2(), 1);
+    __toESM(require_subprotocol(), 1);
     import_websocket = __toESM(require_websocket2(), 1);
     __toESM(require_websocket_server(), 1);
     wrapper_default = import_websocket.default;
@@ -154982,7 +155061,7 @@ var init_config5 = __esm({
           },
           affinities: convertContainerAffinitiesForApi(container),
           rollout_step_percentage: args?.containersRollout === "immediate" ? 100 : container.rollout_step_percentage ?? rolloutStepPercentageFallback,
-          rollout_kind: container.rollout_kind ?? "full_auto",
+          rollout_kind: args?.containersRollout === "none" ? "none" : container.rollout_kind ?? "full_auto",
           rollout_active_grace_period: container.rollout_active_grace_period ?? 0,
           observability: {
             logs_enabled: config.observability?.logs?.enabled ?? config.observability?.enabled === true
@@ -160448,19 +160527,35 @@ function truncateDescription(description, alreadyUsed) {
   }
   return truncate2(description, process.stdout.columns - alreadyUsed);
 }
-async function aiCatalogList(complianceConfig, accountId, partialUrl) {
+async function aiCatalogList(complianceConfig, accountId, partialUrl, options = {}) {
   const pageSize = 50;
   let page = 1;
   const results = [];
   while (results.length % pageSize === 0) {
+    const queryParams = new URLSearchParams({
+      per_page: pageSize.toString(),
+      page: page.toString()
+    });
+    if (options.author !== void 0) {
+      queryParams.set("author", options.author);
+    }
+    if (options.hideExperimental) {
+      queryParams.set("hide_experimental", "true");
+    }
+    if (options.search !== void 0) {
+      queryParams.set("search", options.search);
+    }
+    if (options.source !== void 0) {
+      queryParams.set("source", options.source.toString());
+    }
+    if (options.task !== void 0) {
+      queryParams.set("task", options.task);
+    }
     const json = await fetchResult(
       complianceConfig,
       `/accounts/${accountId}/ai/${partialUrl}`,
       {},
-      new URLSearchParams({
-        per_page: pageSize.toString(),
-        page: page.toString()
-      })
+      queryParams
     );
     page++;
     results.push(...json);
@@ -160489,8 +160584,13 @@ var init_utils6 = __esm({
     __name(truncateDescription, "truncateDescription");
     __name(aiCatalogList, "aiCatalogList");
     __name(aiFinetuneList, "aiFinetuneList");
-    listCatalogEntries = /* @__PURE__ */ __name(async (complianceConfig, accountId) => {
-      return await aiCatalogList(complianceConfig, accountId, "models/search");
+    listCatalogEntries = /* @__PURE__ */ __name(async (complianceConfig, accountId, options = {}) => {
+      return await aiCatalogList(
+        complianceConfig,
+        accountId,
+        "models/search",
+        options
+      );
     }, "listCatalogEntries");
     listFinetuneEntries = /* @__PURE__ */ __name(async (complianceConfig, accountId) => {
       return await aiFinetuneList(complianceConfig, accountId);
@@ -160610,7 +160710,41 @@ var init_createFinetune = __esm({
 });
 
 // src/ai/listCatalog.ts
-var aiModelsCommand;
+async function listModels({
+  author,
+  hideExperimental,
+  json = false,
+  search,
+  source,
+  task
+}, config) {
+  const accountId = await requireAuth(config);
+  const entries2 = await listCatalogEntries(config, accountId, {
+    author,
+    hideExperimental,
+    search,
+    source,
+    task
+  });
+  if (json) {
+    logger.json(entries2);
+  } else if (entries2.length === 0) {
+    logger.log(`No models found.`);
+  } else {
+    logger.table(
+      entries2.map((entry) => ({
+        model: entry.id,
+        name: entry.name,
+        description: truncateDescription(
+          entry.description,
+          entry.id.length + entry.name.length + (entry.task ? entry.task.name.length : 0) + 10
+        ),
+        task: entry.task ? entry.task.name : ""
+      }))
+    );
+  }
+}
+var aiModelsCommand, aiModelsListCommand;
 var init_listCatalog = __esm({
   "src/ai/listCatalog.ts"() {
     init_import_meta_url();
@@ -160619,6 +160753,19 @@ var init_listCatalog = __esm({
     init_user3();
     init_utils6();
     aiModelsCommand = createCommand({
+      metadata: {
+        description: "Manage AI models",
+        status: "stable",
+        owner: "Product: AI"
+      },
+      behaviour: {
+        printBanner: true
+      },
+      async handler(_args, { config }) {
+        await listModels({}, config);
+      }
+    });
+    aiModelsListCommand = createCommand({
       metadata: {
         description: "List catalog models",
         status: "stable",
@@ -160632,32 +160779,37 @@ var init_listCatalog = __esm({
           type: "boolean",
           description: "Return output as JSON",
           default: false
+        },
+        search: {
+          type: "string",
+          description: "Search models by name or description"
+        },
+        task: {
+          type: "string",
+          description: "Filter by task name"
+        },
+        author: {
+          type: "string",
+          description: "Filter by author"
+        },
+        source: {
+          type: "number",
+          description: "Filter by source ID"
+        },
+        "hide-experimental": {
+          type: "boolean",
+          description: "Hide experimental models",
+          default: false
         }
       },
-      async handler({ json }, { config }) {
-        const accountId = await requireAuth(config);
-        const entries2 = await listCatalogEntries(config, accountId);
-        if (json) {
-          logger.log(JSON.stringify(entries2, null, 2));
-        } else {
-          if (entries2.length === 0) {
-            logger.log(`No models found.`);
-          } else {
-            logger.table(
-              entries2.map((entry) => ({
-                model: entry.id,
-                name: entry.name,
-                description: truncateDescription(
-                  entry.description,
-                  entry.id.length + entry.name.length + (entry.task ? entry.task.name.length : 0) + 10
-                ),
-                task: entry.task ? entry.task.name : ""
-              }))
-            );
-          }
-        }
+      async handler({ author, hideExperimental, json, search, source, task }, { config }) {
+        await listModels(
+          { author, hideExperimental, json, search, source, task },
+          config
+        );
       }
     });
+    __name(listModels, "listModels");
   }
 });
 
@@ -160711,6 +160863,43 @@ var init_listFinetune = __esm({
     });
   }
 });
+
+// src/ai/modelSchema.ts
+var aiModelsSchemaCommand;
+var init_modelSchema = __esm({
+  "src/ai/modelSchema.ts"() {
+    init_import_meta_url();
+    init_create_command();
+    init_logger();
+    init_user3();
+    aiModelsSchemaCommand = createCommand({
+      metadata: {
+        description: "Get model schema",
+        status: "stable",
+        owner: "Product: AI"
+      },
+      behaviour: {
+        printBanner: false
+      },
+      args: {
+        model: {
+          type: "string",
+          demandOption: true,
+          description: "The model to fetch a schema for"
+        }
+      },
+      positionalArgs: ["model"],
+      async handler({ model }, { config, sdk }) {
+        const accountId = await requireAuth(config);
+        const schema = await sdk.ai.models.schema.get({
+          account_id: accountId,
+          model
+        });
+        logger.json(schema);
+      }
+    });
+  }
+});
 function formatLabelledValues(view, {
   formatLabel = /* @__PURE__ */ __name((label) => white(label + ":"), "formatLabel"),
   formatValue = /* @__PURE__ */ __name((value) => gray(value), "formatValue"),
@@ -181270,7 +181459,10 @@ Your database may not be available to serve requests during the migration, conti
               preview
             });
             if (response === null) {
-              return;
+              throw new UserError(
+                `Migration "${migration.name}" was not applied \u2014 execution was cancelled.`,
+                { telemetryMessage: "d1 migrations apply execution cancelled" }
+              );
             }
             for (const result of response) {
               if (Array.isArray(result)) {
@@ -181286,6 +181478,9 @@ Your database may not be available to serve requests during the migration, conti
               }
             }
           } catch (e9) {
+            if (e9 instanceof UserError) {
+              throw e9;
+            }
             const err = e9;
             const maybeCause = err.cause ?? err;
             success2 = false;
@@ -230862,8 +231057,8 @@ var init_deploy2 = __esm({
           type: "string"
         },
         "containers-rollout": {
-          describe: "Rollout strategy for Containers changes. If set to immediate, it will override `rollout_percentage_steps` if configured and roll out to 100% of instances in one step. ",
-          choices: ["immediate", "gradual"]
+          describe: "Rollout strategy for Containers changes. If set to immediate, it will override `rollout_percentage_steps` if configured and roll out to 100% of instances in one step. If set to none, the Worker will be deployed without building or updating any Containers.",
+          choices: ["immediate", "gradual", "none"]
         },
         strict: {
           describe: "Enables strict mode for the deploy command, this prevents deployments to occur when there are even small potential risks.",
@@ -238393,8 +238588,8 @@ var init_hash = __esm({
     hashFile = /* @__PURE__ */ __name((filepath) => {
       const contents = fs27.readFileSync(filepath);
       const base64Contents = contents.toString("base64");
-      const extension = path3.extname(filepath).substring(1);
-      return blake3Wasm.hash(base64Contents + extension).toString("hex").slice(0, 32);
+      const extension2 = path3.extname(filepath).substring(1);
+      return blake3Wasm.hash(base64Contents + extension2).toString("hex").slice(0, 32);
     }, "hashFile");
   }
 });
@@ -242911,6 +243106,23 @@ async function createDraftWorker({
     }
   );
 }
+async function putBulkSecrets(config, accountId, scriptName, environment, content, options = {}) {
+  const isServiceEnv = options?.isServiceEnv;
+  const url4 = isServiceEnv ? `/accounts/${accountId}/workers/services/${scriptName}/environments/${environment}/secrets-bulk` : `/accounts/${accountId}/workers/scripts/${scriptName}/secrets-bulk`;
+  const secretEntries = Object.entries(content);
+  const secrets = {};
+  const toCreate = [];
+  for (const [key, value] of secretEntries) {
+    toCreate.push(key);
+    secrets[key] = { name: key, text: value, type: "secret_text" };
+  }
+  const resp = await fetchResult(config, url4, {
+    method: "PATCH",
+    headers: { "Content-Type": "application/merge-patch+json" },
+    body: JSON.stringify({ secrets })
+  });
+  return [resp, toCreate];
+}
 function validateFileSecrets(content, jsonFilePath) {
   if (content === null || typeof content !== "object") {
     throw new FatalError(
@@ -242973,13 +243185,12 @@ async function parseBulkInputToObject(input) {
   }
   return { content, secretSource, secretFormat };
 }
-var import_dotenv2, import_undici19, VERSION_NOT_DEPLOYED_ERR_CODE, secretNamespace, secretPutCommand, secretDeleteCommand, secretListCommand, secretBulkCommand;
+var import_dotenv2, VERSION_NOT_DEPLOYED_ERR_CODE, secretNamespace, secretPutCommand, secretDeleteCommand, secretListCommand, secretBulkCommand;
 var init_secret = __esm({
   "src/secret/index.ts"() {
     init_import_meta_url();
     init_dist();
     import_dotenv2 = __toESM(require_main());
-    import_undici19 = __toESM(require_undici());
     init_cfetch();
     init_create_command();
     init_create_worker_upload_form();
@@ -243241,6 +243452,7 @@ Otherwise, check that the Worker name is correct and you're logged into the righ
         });
       }
     });
+    __name(putBulkSecrets, "putBulkSecrets");
     secretBulkCommand = createCommand({
       metadata: {
         description: "Upload multiple secrets for a Worker at once",
@@ -243274,7 +243486,7 @@ Otherwise, check that the Worker name is correct and you're logged into the righ
             { telemetryMessage: "secret bulk pages project" }
           );
         }
-        const isServiceEnv = useServiceEnvironments(config) && args.env;
+        const isServiceEnv = useServiceEnvironments(config) && !!args.env;
         const scriptName = getLegacyScriptName(args, config);
         if (!scriptName) {
           const error2 = new UserError(
@@ -243293,27 +243505,21 @@ Otherwise, check that the Worker name is correct and you're logged into the righ
           return logger.error(`\u{1F6A8} No content found in file, or piped input.`);
         }
         const { content, secretSource, secretFormat } = result;
-        function getSettings3() {
-          const url4 = isServiceEnv ? `/accounts/${accountId}/workers/services/${scriptName}/environments/${args.env}/settings` : `/accounts/${accountId}/workers/scripts/${scriptName}/settings`;
-          return fetchResult(config, url4);
-        }
-        __name(getSettings3, "getSettings");
-        function putBindingsSettings(bindings) {
-          const url4 = isServiceEnv ? `/accounts/${accountId}/workers/services/${scriptName}/environments/${args.env}/settings` : `/accounts/${accountId}/workers/scripts/${scriptName}/settings`;
-          const data = new import_undici19.FormData();
-          data.set("settings", JSON.stringify({ bindings }));
-          return fetchResult(config, url4, {
-            method: "PATCH",
-            body: data
-          });
-        }
-        __name(putBindingsSettings, "putBindingsSettings");
-        let existingBindings;
+        let created = [];
         try {
-          const settings = await getSettings3();
-          existingBindings = settings.bindings;
-        } catch (e9) {
-          if (isWorkerNotFoundError(e9)) {
+          try {
+            [, created] = await putBulkSecrets(
+              config,
+              accountId,
+              scriptName,
+              args.env,
+              content,
+              { isServiceEnv }
+            );
+          } catch (e9) {
+            if (!isWorkerNotFoundError(e9)) {
+              throw e9;
+            }
             const draftWorkerResult = await createDraftWorker({
               config,
               args,
@@ -243323,50 +243529,38 @@ Otherwise, check that the Worker name is correct and you're logged into the righ
             if (draftWorkerResult === null) {
               return;
             }
-            existingBindings = [];
-          } else {
-            throw e9;
-          }
-        }
-        const inheritBindings = existingBindings.filter((binding) => {
-          return binding.type !== "secret_text" || content[binding.name] === void 0;
-        }).map((binding) => ({ type: binding.type, name: binding.name }));
-        const upsertBindings = Object.entries(
-          content
-        ).map(([key, value]) => {
-          return {
-            type: "secret_text",
-            name: key,
-            text: value
-          };
-        });
-        try {
-          await putBindingsSettings(inheritBindings.concat(upsertBindings));
-          for (const upsertedBinding of upsertBindings) {
-            logger.log(
-              `\u2728 Successfully created secret for key: ${upsertedBinding.name}`
+            [, created] = await putBulkSecrets(
+              config,
+              accountId,
+              scriptName,
+              args.env,
+              content,
+              { isServiceEnv }
             );
           }
-          logger.log("");
-          logger.log("Finished processing secrets file:");
-          logger.log(`\u2728 ${upsertBindings.length} secrets successfully uploaded`);
-          sendMetricsEvent(
-            "create encrypted variable",
-            {
-              secretOperation: "bulk",
-              secretSource,
-              secretFormat,
-              hasEnvironment: Boolean(args.env)
-            },
-            {
-              sendMetrics: config.send_metrics
-            }
-          );
-        } catch (err) {
+        } catch (e9) {
           logger.log("");
           logger.log(`\u{1F6A8} Secrets failed to upload`);
-          throw err;
+          throw e9;
+        }
+        for (const key of created) {
+          logger.log(`\u2728 Successfully created secret for key: ${key}`);
         }
+        logger.log("");
+        logger.log("Finished processing secrets file:");
+        logger.log(`\u2728 ${created.length} secrets successfully uploaded`);
+        sendMetricsEvent(
+          "create encrypted variable",
+          {
+            secretOperation: "bulk",
+            secretSource,
+            secretFormat,
+            hasEnvironment: Boolean(args.env)
+          },
+          {
+            sendMetrics: config.send_metrics
+          }
+        );
       }
     });
     __name(validateFileSecrets, "validateFileSecrets");
@@ -266547,7 +266741,7 @@ var init_runtimeExtensions = __esm({
         ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
         ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig))
       };
-      extensions.forEach((extension) => extension.configure(extensionConfiguration));
+      extensions.forEach((extension2) => extension2.configure(extensionConfiguration));
       return {
         ...runtimeConfig,
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
@@ -268141,7 +268335,7 @@ var init_runtimeExtensions2 = __esm({
         ...asPartial2(getHttpHandlerExtensionConfiguration(runtimeConfig)),
         ...asPartial2(getHttpAuthExtensionConfiguration2(runtimeConfig))
       };
-      extensions.forEach((extension) => extension.configure(extensionConfiguration));
+      extensions.forEach((extension2) => extension2.configure(extensionConfiguration));
       return {
         ...runtimeConfig,
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
@@ -269420,7 +269614,7 @@ var init_runtimeExtensions3 = __esm({
         ...asPartial3(getHttpHandlerExtensionConfiguration(runtimeConfig)),
         ...asPartial3(getHttpAuthExtensionConfiguration3(runtimeConfig))
       };
-      extensions.forEach((extension) => extension.configure(extensionConfiguration));
+      extensions.forEach((extension2) => extension2.configure(extensionConfiguration));
       return {
         ...runtimeConfig,
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
@@ -272595,7 +272789,7 @@ var init_runtimeExtensions4 = __esm({
         ...asPartial4(getHttpHandlerExtensionConfiguration(runtimeConfig)),
         ...asPartial4(getHttpAuthExtensionConfiguration4(runtimeConfig))
       };
-      extensions.forEach((extension) => extension.configure(extensionConfiguration));
+      extensions.forEach((extension2) => extension2.configure(extensionConfiguration));
       return {
         ...runtimeConfig,
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
@@ -277810,7 +278004,8 @@ var init_defaults = __esm({
       },
       rolling_policy: {
         file_size_bytes: void 0,
-        interval_seconds: 300
+        interval_seconds: 300,
+        min_interval_seconds: 60
       },
       r2: {
         path: "",
@@ -277935,7 +278130,8 @@ async function promptCompression() {
     fallbackOption: 3
   });
 }
-async function promptRollingPolicy() {
+async function promptRollingPolicy(options) {
+  const minInterval = options?.minIntervalSeconds ?? 10;
   const fileSizeMB = await promptWithRetry(
     () => "File size",
     () => prompt("Roll file when size reaches (MB, minimum 5):", {
@@ -277952,13 +278148,13 @@ async function promptRollingPolicy() {
   );
   const intervalSeconds = await promptWithRetry(
     () => "Interval",
-    () => prompt("Roll file when time reaches (seconds, minimum 10):", {
+    () => prompt(`Roll file when time reaches (seconds, minimum ${minInterval}):`, {
       defaultValue: String(SINK_DEFAULTS.rolling_policy.interval_seconds)
     }),
     (value) => {
       const num = parseInt(value, 10);
-      if (isNaN(num) || num < 10) {
-        throw new UserError("Interval must be a number >= 10", {
+      if (isNaN(num) || num < minInterval) {
+        throw new UserError(`Interval must be a number >= ${minInterval}`, {
           telemetryMessage: "pipelines setup invalid interval"
         });
       }
@@ -278535,7 +278731,9 @@ async function setupDataCatalogSink(config, accountId, setupConfig) {
   displayCatalogTokenInstructions(accountId);
   const token = await promptCatalogToken(config, accountId, bucket);
   const compression = await promptCompression();
-  const rollingPolicy = await promptRollingPolicy();
+  const rollingPolicy = await promptRollingPolicy({
+    minIntervalSeconds: SINK_DEFAULTS.rolling_policy.min_interval_seconds
+  });
   setupConfig.sinkConfig = {
     name: setupConfig.sinkName,
     type: "r2_data_catalog",
@@ -279110,6 +279308,14 @@ var init_create11 = __esm({
               { telemetryMessage: "pipelines sinks create invalid format" }
             );
           }
+          if (args.rollInterval !== void 0 && args.rollInterval < SINK_DEFAULTS.rolling_policy.min_interval_seconds) {
+            throw new CommandLineArgsError(
+              `Pipeline frequency must be at least ${SINK_DEFAULTS.rolling_policy.min_interval_seconds} seconds for R2 Data Catalog sinks to prevent compaction issues. Current value: ${args.rollInterval} seconds.`,
+              {
+                telemetryMessage: "pipelines r2 data catalog interval below minimum threshold"
+              }
+            );
+          }
         }
       }, "validateArgs"),
       async handler(args, { config }) {
@@ -290126,14 +290332,14 @@ function formatSqlResults(data, duration) {
     logger.log(`On average, ${prettyBytes(bytesPerSecond)} / s`);
   }
 }
-var import_undici20, r2SqlNamespace, r2SqlQueryCommand;
+var import_undici19, r2SqlNamespace, r2SqlQueryCommand;
 var init_sql = __esm({
   "src/r2/sql.ts"() {
     init_import_meta_url();
     init_interactive();
     init_dist();
     init_pretty_bytes();
-    import_undici20 = __toESM(require_undici());
+    import_undici19 = __toESM(require_undici());
     init_internal();
     init_create_command();
     init_logger();
@@ -290199,7 +290405,7 @@ var init_sql = __esm({
         let duration = null;
         try {
           const start = Date.now();
-          const response = await (0, import_undici20.fetch)(apiUrl, {
+          const response = await (0, import_undici19.fetch)(apiUrl, {
             method: "POST",
             headers: {
               Authorization: `Bearer ${token}`,
@@ -290415,6 +290621,12 @@ function getHostFromRoute(route) {
   }
   return host;
 }
+function getZoneFromRoute(route) {
+  if (typeof route === "object" && "zone_name" in route && route.zone_name) {
+    return route.zone_name;
+  }
+  return getHostFromRoute(route);
+}
 async function getZoneForRoute(complianceConfig, from, zoneIdCache = /* @__PURE__ */ new Map()) {
   const { route, accountId } = from;
   const host = getHostFromRoute(route);
@@ -290584,6 +290796,7 @@ var init_zones3 = __esm({
     init_cfetch();
     init_retry();
     __name(getHostFromRoute, "getHostFromRoute");
+    __name(getZoneFromRoute, "getZoneFromRoute");
     __name(getZoneForRoute, "getZoneForRoute");
     __name(getHostFromUrl, "getHostFromUrl");
     __name(getZoneIdForPreview, "getZoneIdForPreview");
@@ -290809,7 +291022,13 @@ var init_tail2 = __esm({
 });
 
 // src/routes.ts
-async function getWorkersDevSubdomain(complianceConfig, accountId, configPath, apiToken, abortSignal) {
+async function getWorkersDevSubdomain(complianceConfig, accountId, options = {}) {
+  const {
+    configPath,
+    apiToken,
+    abortSignal,
+    registrationContext = "workers_dev"
+  } = options;
   try {
     const { subdomain } = await fetchResult(
       complianceConfig,
@@ -290822,29 +291041,66 @@ async function getWorkersDevSubdomain(complianceConfig, accountId, configPath, a
     return `${subdomain}${getComplianceRegionSubdomain(complianceConfig)}.workers.dev`;
   } catch (e9) {
     const error2 = e9;
-    if (typeof error2 === "object" && !!error2 && error2.code === 10007) {
-      logger.warn(
-        "You need to register a workers.dev subdomain before publishing to workers.dev"
+    if (typeof error2 !== "object" || !error2 || error2.code !== 10007) {
+      throw e9;
+    }
+    logger.warn(getRegistrationWarning(registrationContext));
+    const wantsToRegister = await confirm(
+      "Would you like to register a workers.dev subdomain now?",
+      { fallbackValue: false }
+    );
+    if (!wantsToRegister) {
+      throw getRegistrationDeclinedError(
+        registrationContext,
+        accountId,
+        configPath
       );
-      const wantsToRegister = await confirm(
-        "Would you like to register a workers.dev subdomain now?",
-        { fallbackValue: false }
+    }
+    return await registerSubdomain(
+      complianceConfig,
+      accountId,
+      configPath,
+      registrationContext
+    );
+  }
+}
+function getRegistrationWarning(registrationContext) {
+  switch (registrationContext) {
+    case "workflows":
+      return "You need to register a workers.dev subdomain before deploying Workflows";
+    case "workers_dev":
+      return "You need to register a workers.dev subdomain before publishing to workers.dev";
+    default: {
+      const _exhaustive = registrationContext;
+      return _exhaustive;
+    }
+  }
+}
+function getRegistrationDeclinedError(registrationContext, accountId, configPath) {
+  const onboardingLink = `https://dash.cloudflare.com/${accountId}/workers/onboarding`;
+  switch (registrationContext) {
+    case "workflows":
+      return new UserError(
+        `Workflows require your account to have a workers.dev subdomain. Register a workers.dev subdomain here:
+${onboardingLink}`,
+        {
+          telemetryMessage: "workflows workers dev registration declined"
+        }
       );
-      if (!wantsToRegister) {
-        const solutionMessage = `You can either deploy your worker to one or more routes by specifying them in your ${configFileName(configPath)} file, or register a workers.dev subdomain here:`;
-        const onboardingLink = `https://dash.cloudflare.com/${accountId}/workers/onboarding`;
-        throw new UserError(`${solutionMessage}
+    case "workers_dev": {
+      const solutionMessage = `You can either deploy your worker to one or more routes by specifying them in your ${configFileName(configPath)} file, or register a workers.dev subdomain here:`;
+      return new UserError(`${solutionMessage}
 ${onboardingLink}`, {
-          telemetryMessage: "routes workers dev registration declined"
-        });
-      }
-      return await registerSubdomain(complianceConfig, accountId, configPath);
-    } else {
-      throw e9;
+        telemetryMessage: "routes workers dev registration declined"
+      });
+    }
+    default: {
+      const _exhaustive = registrationContext;
+      return _exhaustive;
     }
   }
 }
-async function registerSubdomain(complianceConfig, accountId, configPath) {
+async function registerSubdomain(complianceConfig, accountId, configPath, registrationContext) {
   let subdomain;
   while (subdomain === void 0) {
     const potentialName = await prompt(
@@ -290883,12 +291139,11 @@ async function registerSubdomain(complianceConfig, accountId, configPath) {
       )}. Ok to proceed?`
     );
     if (!ok) {
-      const solutionMessage = `You can either deploy your worker to one or more routes by specifying them in your ${configFileName(configPath)} file, or register a workers.dev subdomain here:`;
-      const onboardingLink = `https://dash.cloudflare.com/${accountId}/workers/onboarding`;
-      throw new UserError(`${solutionMessage}
-${onboardingLink}`, {
-        telemetryMessage: "routes workers dev registration declined"
-      });
+      throw getRegistrationDeclinedError(
+        registrationContext,
+        accountId,
+        configPath
+      );
     }
     try {
       const result = await fetchResult(
@@ -290935,6 +291190,8 @@ var init_routes6 = __esm({
     init_dialogs();
     init_logger();
     __name(getWorkersDevSubdomain, "getWorkersDevSubdomain");
+    __name(getRegistrationWarning, "getRegistrationWarning");
+    __name(getRegistrationDeclinedError, "getRegistrationDeclinedError");
     __name(registerSubdomain, "registerSubdomain");
   }
 });
@@ -290981,6 +291238,9 @@ async function triggersDeploy(props) {
   }
   const uploadMs = Date.now() - start;
   const deployments = [];
+  const hasWorkflowsDefinedInThisScript = config.workflows.some(
+    (workflow) => isWorkflowDefinedInThisScript(workflow, scriptName)
+  );
   const { wantWorkersDev, workersDevInSync } = await subdomainDeploy(
     props,
     accountId,
@@ -291050,6 +291310,12 @@ ${dashLink}`, {
       });
     }
   }
+  if (!wantWorkersDev && hasWorkflowsDefinedInThisScript) {
+    await getWorkersDevSubdomain(config, accountId, {
+      configPath: config.configPath,
+      registrationContext: "workflows"
+    });
+  }
   if (routesOnly.length > 0) {
     deployments.push(
       publishRoutes(config, routesOnly, {
@@ -291095,7 +291361,7 @@ ${dashLink}`, {
   }
   if (config.workflows?.length) {
     for (const workflow of config.workflows) {
-      if (workflow.script_name !== void 0 && workflow.script_name !== scriptName) {
+      if (!isWorkflowDefinedInThisScript(workflow, scriptName)) {
         if (workflow.limits) {
           throw new UserError(
             `Workflow "${workflow.name}" has "limits" configured but references external script "${workflow.script_name}". Configure limits on the worker that defines the workflow.`,
@@ -291179,11 +291445,9 @@ async function validateSubdomainMixedState(props, accountId, scriptName, before,
   if (after.workers_dev === after.preview_urls) {
     return after;
   }
-  const userSubdomain = await getWorkersDevSubdomain(
-    config,
-    accountId,
-    config.configPath
-  );
+  const userSubdomain = await getWorkersDevSubdomain(config, accountId, {
+    configPath: config.configPath
+  });
   const previewUrl = `https://<VERSION_PREFIX>-${scriptName}.${userSubdomain}`;
   if (!after.workers_dev && after.preview_urls) {
     logger.warn(
@@ -291212,14 +291476,12 @@ async function validateSubdomainMixedState(props, accountId, scriptName, before,
 async function subdomainDeploy(props, accountId, scriptName, envName, workerUrl, routes, deployments, firstDeploy) {
   const { config } = props;
   const { workers_dev: wantWorkersDev, preview_urls: wantPreviews } = getSubdomainValues(config.workers_dev, config.preview_urls, routes);
-  let workersDevURL;
   if (wantWorkersDev) {
-    const userSubdomain = await getWorkersDevSubdomain(
-      config,
-      accountId,
-      config.configPath
-    );
-    workersDevURL = !props.useServiceEnvironments || !props.env ? `${scriptName}.${userSubdomain}` : `${envName}.${scriptName}.${userSubdomain}`;
+    const userSubdomain = await getWorkersDevSubdomain(config, accountId, {
+      configPath: config.configPath
+    });
+    const workersDevURL = !props.useServiceEnvironments || !props.env ? `${scriptName}.${userSubdomain}` : `${envName}.${scriptName}.${userSubdomain}`;
+    deployments.push(Promise.resolve([workersDevURL]));
   }
   const before = await fetchResult(config, `${workerUrl}/subdomain`);
   const after = await retryOnAPIFailure(
@@ -291273,9 +291535,6 @@ async function subdomainDeploy(props, accountId, scriptName, envName, workerUrl,
     { workers_dev: after.enabled, preview_urls: after.previews_enabled },
     firstDeploy
   );
-  if (workersDevURL) {
-    deployments.push(Promise.resolve([workersDevURL]));
-  }
   return {
     wantWorkersDev,
     wantPreviews,
@@ -291283,6 +291542,9 @@ async function subdomainDeploy(props, accountId, scriptName, envName, workerUrl,
     previewsInSync: before.previews_enabled === after.previews_enabled
   };
 }
+function isWorkflowDefinedInThisScript(workflow, scriptName) {
+  return workflow.script_name === void 0 || workflow.script_name === scriptName;
+}
 var init_deploy5 = __esm({
   "src/triggers/deploy.ts"() {
     init_import_meta_url();
@@ -291302,6 +291564,7 @@ var init_deploy5 = __esm({
     __name(getSubdomainValuesAPIMock, "getSubdomainValuesAPIMock");
     __name(validateSubdomainMixedState, "validateSubdomainMixedState");
     __name(subdomainDeploy, "subdomainDeploy");
+    __name(isWorkflowDefinedInThisScript, "isWorkflowDefinedInThisScript");
   }
 });
 
@@ -296755,12 +297018,12 @@ var init_info5 = __esm({
     });
   }
 });
-var import_undici21, vectorizeInsertCommand;
+var import_undici20, vectorizeInsertCommand;
 var init_insert = __esm({
   "src/vectorize/insert.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici21 = __toESM(require_undici());
+    import_undici20 = __toESM(require_undici());
     init_create_command();
     init_logger();
     init_client14();
@@ -296823,7 +297086,7 @@ var init_insert = __esm({
         }
         let vectorInsertCount = 0;
         for await (const batch of getBatchFromFile(rl, args.batchSize)) {
-          const formData = new import_undici21.FormData();
+          const formData = new import_undici20.FormData();
           formData.append(
             "vectors",
             new File([batch.join(`
@@ -297284,12 +297547,12 @@ var init_query = __esm({
     __name(validateQueryFilter, "validateQueryFilter");
   }
 });
-var import_undici22, vectorizeUpsertCommand;
+var import_undici21, vectorizeUpsertCommand;
 var init_upsert = __esm({
   "src/vectorize/upsert.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici22 = __toESM(require_undici());
+    import_undici21 = __toESM(require_undici());
     init_create_command();
     init_logger();
     init_client14();
@@ -297342,7 +297605,7 @@ var init_upsert = __esm({
         }
         let vectorUpsertCount = 0;
         for await (const batch of getBatchFromFile(rl, args.batchSize)) {
-          const formData = new import_undici22.FormData();
+          const formData = new import_undici21.FormData();
           formData.append(
             "vectors",
             new File([batch.join(`
@@ -299769,7 +300032,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
     }
     if (props.outFile) {
       fs27.mkdirSync(path3__namespace.default.dirname(props.outFile), { recursive: true });
-      const serializedFormData = await new import_undici23.Response(workerBundle).arrayBuffer();
+      const serializedFormData = await new import_undici22.Response(workerBundle).arrayBuffer();
       fs27.writeFileSync(props.outFile, Buffer.from(serializedFormData));
     }
   } finally {
@@ -299794,11 +300057,9 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
   if (versionId && hasPreview) {
     const { previews_enabled: previews_available_on_subdomain } = await fetchResult(config, `${workerUrl}/subdomain`);
     if (previews_available_on_subdomain) {
-      const userSubdomain = await getWorkersDevSubdomain(
-        config,
-        accountId,
-        config.configPath
-      );
+      const userSubdomain = await getWorkersDevSubdomain(config, accountId, {
+        configPath: config.configPath
+      });
       const shortVersion = versionId.slice(0, 8);
       versionPreviewUrl = `https://${shortVersion}-${workerName}.${userSubdomain}`;
       logger.log(`Version Preview URL: ${versionPreviewUrl}`);
@@ -299875,13 +300136,13 @@ function generatePreviewAlias(scriptName) {
   );
   return truncatedAlias || warnAndExit();
 }
-var import_undici23, versionsUploadCommand, MAX_DNS_LABEL_LENGTH, HASH_LENGTH, ALIAS_VALIDATION_REGEX;
+var import_undici22, versionsUploadCommand, MAX_DNS_LABEL_LENGTH, HASH_LENGTH, ALIAS_VALIDATION_REGEX;
 var init_upload5 = __esm({
   "src/versions/upload.ts"() {
     init_import_meta_url();
     init_colors();
     init_dist();
-    import_undici23 = __toESM(require_undici());
+    import_undici22 = __toESM(require_undici());
     init_assets5();
     init_cfetch();
     init_create_command();
@@ -300841,7 +301102,7 @@ async function fetchLocalResult(port, path82, init4) {
   const url4 = `http://localhost:${port}${LOCAL_EXPLORER_BASE_PATH}${path82}`;
   let response;
   try {
-    response = await (0, import_undici24.fetch)(url4, {
+    response = await (0, import_undici23.fetch)(url4, {
       method: init4?.method ?? "GET",
       headers: init4?.headers,
       body: init4?.body
@@ -300898,12 +301159,12 @@ async function updateLocalInstanceStatus(port, workflowName, instanceId, action)
     }
   );
 }
-var import_undici24, LOCAL_EXPLORER_BASE_PATH, DEFAULT_LOCAL_PORT2, localWorkflowArgs;
+var import_undici23, LOCAL_EXPLORER_BASE_PATH, DEFAULT_LOCAL_PORT2, localWorkflowArgs;
 var init_local = __esm({
   "src/workflows/local.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici24 = __toESM(require_undici());
+    import_undici23 = __toESM(require_undici());
     init_logger();
     LOCAL_EXPLORER_BASE_PATH = "/cdn-cgi/explorer/api";
     DEFAULT_LOCAL_PORT2 = 8787;
@@ -306040,6 +306301,8 @@ function createCLIParser(argv) {
   registry.define([
     { command: "wrangler ai", definition: aiNamespace },
     { command: "wrangler ai models", definition: aiModelsCommand },
+    { command: "wrangler ai models list", definition: aiModelsListCommand },
+    { command: "wrangler ai models schema", definition: aiModelsSchemaCommand },
     { command: "wrangler ai finetune", definition: aiFineTuneNamespace },
     { command: "wrangler ai finetune list", definition: aiFineTuneListCommand },
     {
@@ -306558,14 +306821,14 @@ function dispatchGenericCommandErrorEvent(dispatcher, startTime, error2) {
     ...sanitizeError(error2)
   });
 }
-var import_undici25;
+var import_undici24;
 var init_src2 = __esm({
   "src/index.ts"() {
     init_import_meta_url();
     init_dist7();
     init_dist();
     init_source();
-    import_undici25 = __toESM(require_undici());
+    import_undici24 = __toESM(require_undici());
     init_yargs();
     init_package();
     init_ai3();
@@ -306586,6 +306849,7 @@ var init_src2 = __esm({
     init_createFinetune();
     init_listCatalog();
     init_listFinetune();
+    init_modelSchema();
     init_artifacts();
     init_browser_rendering2();
     init_build4();
@@ -306795,8 +307059,8 @@ var init_src2 = __esm({
     init_trigger();
     init_wrangler_banner();
     if (proxy) {
-      (0, import_undici25.setGlobalDispatcher)(
-        new import_undici25.EnvHttpProxyAgent({ noProxy: noProxy || "localhost,127.0.0.1,::1" })
+      (0, import_undici24.setGlobalDispatcher)(
+        new import_undici24.EnvHttpProxyAgent({ noProxy: noProxy || "localhost,127.0.0.1,::1" })
       );
       logger.warn(
         `Proxy environment variables detected. We'll use your proxy for fetch requests.`
@@ -308141,6 +308405,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
       { telemetryMessage: "[data_blobs] with an ES module worker" }
     );
   }
+  const isDryRun = props.dryRun;
   let sourceMapSize;
   const normalisedContainerConfig = await getNormalizedContainerOptions(
     config,
@@ -308230,21 +308495,21 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
     const content = fs27.readFileSync(resolvedEntryPointPath, {
       encoding: "utf-8"
     });
-    const migrations = !props.dryRun ? await getMigrationsToUpload(scriptName, {
+    const migrations = !isDryRun ? await getMigrationsToUpload(scriptName, {
       accountId,
       config,
       useServiceEnvironments: props.useServiceEnvironments,
       env: props.env,
       dispatchNamespace: props.dispatchNamespace
     }) : void 0;
-    const assetsJwt = props.assetsOptions && !props.dryRun ? await syncAssets(
+    const assetsJwt = props.assetsOptions && !isDryRun ? await syncAssets(
       config,
       accountId,
       props.assetsOptions.directory,
       scriptName,
       props.dispatchNamespace
     ) : void 0;
-    if (props.assetsOptions && props.dryRun) {
+    if (props.assetsOptions && isDryRun) {
       await buildAssetManifest(props.assetsOptions.directory);
     }
     const workersSitesAssets = await syncWorkersSite(
@@ -308257,7 +308522,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
       scriptName + (useServiceEnvironments2 ? `-${props.env}` : ""),
       props.legacyAssetPaths,
       false,
-      props.dryRun,
+      isDryRun,
       props.oldAssetTtl
     );
     const bindings = getBindings(config);
@@ -308343,22 +308608,27 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
     const canUseNewVersionsDeploymentsApi = workerExists && props.dispatchNamespace === void 0 && !useServiceEnvironments2 && format9 === "modules" && migrations === void 0 && !config.first_party_worker && config.containers === void 0;
     let workerBundle;
     const dockerPath = getDockerPath();
-    if (normalisedContainerConfig.length) {
-      const hasDockerfiles = normalisedContainerConfig.some(
+    if (normalisedContainerConfig.length && props.containersRollout !== "none") {
+      const containersWithDockerfile = normalisedContainerConfig.filter(
         (container) => "dockerfile" in container
       );
-      if (hasDockerfiles) {
-        await verifyDockerInstalled(dockerPath, false);
+      if (containersWithDockerfile.length > 0) {
+        await verifyDockerInstalled({
+          dockerPath,
+          isDev: false,
+          isDryRun,
+          numberOfContainers: containersWithDockerfile.length
+        });
       }
     }
-    if (props.dryRun) {
+    if (isDryRun) {
       if (normalisedContainerConfig.length) {
         for (const container of normalisedContainerConfig) {
-          if ("dockerfile" in container) {
+          if ("dockerfile" in container && props.containersRollout !== "none") {
             await buildContainer(
               container,
               workerTag ?? "worker-tag",
-              props.dryRun,
+              isDryRun,
               dockerPath
             );
           }
@@ -308582,7 +308852,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
     }
     if (props.outFile) {
       fs27.mkdirSync(path3__namespace.default.dirname(props.outFile), { recursive: true });
-      const serializedFormData = await new import_undici26.Response(workerBundle).arrayBuffer();
+      const serializedFormData = await new import_undici25.Response(workerBundle).arrayBuffer();
       fs27.writeFileSync(props.outFile, Buffer.from(serializedFormData));
     }
   } finally {
@@ -308590,13 +308860,13 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
       destination.remove();
     }
   }
-  if (props.dryRun) {
+  if (isDryRun) {
     logger.log(`--dry-run: exiting now.`);
     return { versionId, workerTag };
   }
   const uploadMs = Date.now() - start;
   logger.log("Uploaded", workerName, formatTime2(uploadMs));
-  if (normalisedContainerConfig.length) {
+  if (normalisedContainerConfig.length && props.containersRollout !== "none") {
     assert54__default.default(versionId && accountId);
     await deployContainers(config, normalisedContainerConfig, {
       versionId,
@@ -308816,7 +309086,7 @@ function getDeployConfirmFunction(strictMode = false) {
   }
   return confirm;
 }
-var import_undici26, validateRoutes3;
+var import_undici25, validateRoutes3;
 var init_deploy7 = __esm({
   "src/deploy/deploy.ts"() {
     init_import_meta_url();
@@ -308824,7 +309094,7 @@ var init_deploy7 = __esm({
     init_containers_shared();
     init_dist();
     init_dist9();
-    import_undici26 = __toESM(require_undici());
+    import_undici25 = __toESM(require_undici());
     init_assets5();
     init_cfetch();
     init_build3();
@@ -309087,7 +309357,7 @@ function errorOnLegacyPagesWorkerJSAsset(file3, hasAssetsIgnoreFile) {
     }
   }
 }
-var import_undici27, BULK_UPLOAD_CONCURRENCY2, MAX_UPLOAD_ATTEMPTS2, MAX_UPLOAD_GATEWAY_ERRORS2, MAX_DIFF_LINES2, syncAssets, buildAssetManifest, NonExistentAssetsDirError, NonDirectoryAssetsDirError, WORKER_JS_FILENAME;
+var import_undici26, BULK_UPLOAD_CONCURRENCY2, MAX_UPLOAD_ATTEMPTS2, MAX_UPLOAD_GATEWAY_ERRORS2, MAX_DIFF_LINES2, syncAssets, buildAssetManifest, NonExistentAssetsDirError, NonDirectoryAssetsDirError, WORKER_JS_FILENAME;
 var init_assets5 = __esm({
   "src/assets.ts"() {
     init_import_meta_url();
@@ -309098,7 +309368,7 @@ var init_assets5 = __esm({
     init_source();
     init_dist9();
     init_pretty_bytes();
-    import_undici27 = __toESM(require_undici());
+    import_undici26 = __toESM(require_undici());
     init_cfetch();
     init_deploy7();
     init_logger();
@@ -309173,7 +309443,7 @@ var init_assets5 = __esm({
         attempts = 0;
         let gatewayErrors = 0;
         const doUpload = /* @__PURE__ */ __name(async () => {
-          const payload = new import_undici27.FormData();
+          const payload = new import_undici26.FormData();
           const uploadedFiles = [];
           for (const manifestEntry of bucket) {
             const absFilePath = path3__namespace.join(assetDirectory, manifestEntry[0]);
@@ -309215,8 +309485,13 @@ var init_assets5 = __esm({
             return res;
           } catch (e9) {
             if (attempts < MAX_UPLOAD_ATTEMPTS2) {
-              logger.info(source_default.dim(`Asset upload failed. Retrying...
-`, e9));
+              logger.info(
+                source_default.dim(
+                  `Asset upload failed. Retrying... ${attempts + 1} of ${MAX_UPLOAD_ATTEMPTS2} attempts.
+`
+                )
+              );
+              logger.debug(e9);
               await new Promise(
                 (resolvePromise) => setTimeout(resolvePromise, Math.pow(2, attempts) * 1e3)
               );
@@ -311796,7 +312071,7 @@ async function tryExpandToken(exchangeUrl, ctx, abortSignal) {
       ` GET ${switchedExchangeUrl.href}`
     );
     logger.debug("-- END EXCHANGE API REQUEST");
-    const exchangeResponse = await (0, import_undici28.fetch)(switchedExchangeUrl, {
+    const exchangeResponse = await (0, import_undici27.fetch)(switchedExchangeUrl, {
       signal: abortSignal,
       headers
     });
@@ -311842,9 +312117,10 @@ async function createPreviewSession(complianceConfig, account, ctx, abortSignal,
       const subdomain = await getWorkersDevSubdomain(
         complianceConfig,
         account.accountId,
-        void 0,
-        apiToken,
-        withTimeout(abortSignal)
+        {
+          apiToken,
+          abortSignal: withTimeout(abortSignal)
+        }
       );
       host = `${name2 ?? crypto2__default.default.randomUUID()}.${subdomain}`;
     }
@@ -311919,12 +312195,12 @@ async function createWorkerPreview(complianceConfig, init4, account, ctx, sessio
   );
   return token;
 }
-var import_undici28, PREVIEW_API_TIMEOUT_MS;
+var import_undici27, PREVIEW_API_TIMEOUT_MS;
 var init_create_worker_preview = __esm({
   "src/dev/create-worker-preview.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici28 = __toESM(require_undici());
+    import_undici27 = __toESM(require_undici());
     init_cfetch();
     init_create_worker_upload_form();
     init_logger();
@@ -312759,6 +313035,32 @@ var init_ProxyServerWorker = __esm({
     ProxyServerWorker_default = scriptPath3;
   }
 });
+function isErrorEvent3(error2) {
+  return typeof error2 === "object" && error2 !== null && "type" in error2 && error2.type === "error" && "reason" in error2 && "cause" in error2;
+}
+function getErrorMessage3(error2) {
+  if (error2 instanceof Error) {
+    return getErrorMessage3(error2.cause) ?? error2.message;
+  }
+  if (typeof error2 === "string") {
+    return error2;
+  }
+  if (typeof error2 === "object" && error2 !== null) {
+    const maybeMessage = error2.message;
+    if (typeof maybeMessage === "string") {
+      const maybeCause = error2.cause;
+      return getErrorMessage3(maybeCause) ?? maybeMessage;
+    }
+  }
+  return void 0;
+}
+function formatRemoteProxySessionError(error2) {
+  if (isErrorEvent3(error2)) {
+    const causeMessage = getErrorMessage3(error2.cause);
+    return causeMessage ? `${error2.reason}: ${causeMessage}` : error2.reason;
+  }
+  return getErrorMessage3(error2);
+}
 async function startRemoteProxySession(bindings, options) {
   logger.log(source_default.dim("\u2394 Establishing remote connection..."));
   const rawBindings = Object.fromEntries(
@@ -312811,8 +313113,9 @@ ${errorMessage}`
     worker.raw.proxy.localServerReady.promise
   ]);
   if (maybeError && maybeError.error) {
+    const details = formatRemoteProxySessionError(maybeError.error);
     throw new Error(
-      "Failed to start the remote proxy session. There is likely additional logging output above.",
+      details ? `Failed to start the remote proxy session. ${details}` : "Failed to start the remote proxy session. There is likely additional logging output above.",
       {
         cause: maybeError.error
       }
@@ -312863,6 +313166,9 @@ var init_start_remote_proxy_session = __esm({
     init_logger();
     init_paths();
     init_startDevWorker();
+    __name(isErrorEvent3, "isErrorEvent");
+    __name(getErrorMessage3, "getErrorMessage");
+    __name(formatRemoteProxySessionError, "formatRemoteProxySessionError");
     __name(startRemoteProxySession, "startRemoteProxySession");
     __name(getStartWorkerLogLevel, "getStartWorkerLogLevel");
   }
@@ -313035,6 +313341,15 @@ function getUserWorkerInnerUrlOverrides(config) {
     };
   }
 }
+function getZoneForCfWorkerHeader(config) {
+  const firstRouteTrigger = config.triggers?.find(
+    (t12) => t12.type === "route"
+  );
+  if (firstRouteTrigger && "zone_name" in firstRouteTrigger && firstRouteTrigger.zone_name) {
+    return firstRouteTrigger.zone_name;
+  }
+  return config.dev?.origin?.hostname;
+}
 async function convertToConfigBundle(event) {
   const bindings = { ...event.config.bindings };
   const crons = [];
@@ -313126,8 +313441,7 @@ async function convertToConfigBundle(event) {
     containerBuildId: event.config.dev?.containerBuildId,
     containerEngine: event.config.dev.containerEngine,
     enableContainers: event.config.dev.enableContainers ?? true,
-    // Zone for CF-Worker header - extracted from routes/host configuration
-    zone: event.config.dev?.origin?.hostname,
+    zone: getZoneForCfWorkerHeader(event.config),
     sendMetrics: event.config.sendMetrics,
     publicUrl: event.config.dev?.server?.port ? miniflare.buildPublicUrl({
       hostname: event.config.dev.server.hostname,
@@ -313178,6 +313492,7 @@ var init_LocalRuntimeController = __esm({
     __name(getTextFileContents, "getTextFileContents");
     __name(getName3, "getName");
     __name(getUserWorkerInnerUrlOverrides, "getUserWorkerInnerUrlOverrides");
+    __name(getZoneForCfWorkerHeader, "getZoneForCfWorkerHeader");
     __name(convertToConfigBundle, "convertToConfigBundle");
     LocalRuntimeController = class extends RuntimeController {
       static {
@@ -315739,7 +316054,18 @@ async function generateHandler({
             (async () => {
               try {
                 const links = [];
-                const transformedResponse = new HTMLRewriter().on(
+                let baseHref;
+                const transformedResponse = new HTMLRewriter().on("base[href]", {
+                  element(element) {
+                    if (baseHref !== void 0) {
+                      return;
+                    }
+                    const href = element.getAttribute("href");
+                    if (href !== null) {
+                      baseHref = href;
+                    }
+                  }
+                }).on(
                   "link[rel~=preconnect],link[rel~=preload],link[rel~=modulepreload]",
                   {
                     element(element) {
@@ -315761,7 +316087,17 @@ async function generateHandler({
                 ).transform(clonedResponse);
                 await transformedResponse.text();
                 links.forEach(({ href, rel, as: as2 }) => {
-                  let link = `<${href}>; rel="${rel}"`;
+                  let resolvedHref = href;
+                  if (baseHref !== void 0) {
+                    try {
+                      resolvedHref = new URL(
+                        href,
+                        new URL(baseHref, request4.url)
+                      ).href;
+                    } catch {
+                    }
+                  }
+                  let link = `<${resolvedHref}>; rel="${rel}"`;
                   if (as2) {
                     link += `; as=${as2}`;
                   }
@@ -316257,7 +316593,7 @@ async function generateAssetsFetch(directory, log2, signal) {
     return await generateResponse(request4);
   };
 }
-var import_mime3, import_undici29, ProxyDispatcher, invalidAssetsFetch;
+var import_mime3, import_undici28, ProxyDispatcher, invalidAssetsFetch;
 var init_assets6 = __esm({
   "src/miniflare-cli/assets.ts"() {
     init_import_meta_url();
@@ -316265,11 +316601,11 @@ var init_assets6 = __esm({
     init_workers_shared();
     init_esm6();
     import_mime3 = __toESM(require_mime());
-    import_undici29 = __toESM(require_undici());
+    import_undici28 = __toESM(require_undici());
     init_logger();
     init_hash();
     __name(generateASSETSBinding, "generateASSETSBinding");
-    ProxyDispatcher = class _ProxyDispatcher extends import_undici29.Dispatcher {
+    ProxyDispatcher = class _ProxyDispatcher extends import_undici28.Dispatcher {
       constructor(host) {
         super();
         this.host = host;
@@ -316277,7 +316613,7 @@ var init_assets6 = __esm({
       static {
         __name(this, "ProxyDispatcher");
       }
-      dispatcher = (0, import_undici29.getGlobalDispatcher)();
+      dispatcher = (0, import_undici28.getGlobalDispatcher)();
       dispatch(options, handler) {
         if (this.host !== null) {
           _ProxyDispatcher.reinstateHostHeader(options.headers, this.host);
@@ -316739,7 +317075,7 @@ unstable_dev()'s behaviour will likely change in future releases`
       devServer.unregisterHotKeys?.();
     }, "stop"),
     fetch: /* @__PURE__ */ __name(async (input, init4) => {
-      return await (0, import_undici30.fetch)(
+      return await (0, import_undici29.fetch)(
         ...parseRequestInput(address, port, input, init4, options?.localProtocol)
       );
     }, "fetch"),
@@ -316752,7 +317088,7 @@ function parseRequestInput(readyAddress, readyPort, input = "/", init4, protocol
   if (typeof input === "string") {
     input = new URL(input, "http://placeholder");
   }
-  const forward = new import_undici30.Request(input, init4);
+  const forward = new import_undici29.Request(input, init4);
   const url4 = new URL(forward.url);
   forward.headers.set("MF-Original-URL", url4.toString());
   forward.headers.set("MF-Disable-Pretty-Error", "true");
@@ -316764,12 +317100,12 @@ function parseRequestInput(readyAddress, readyPort, input = "/", init4, protocol
   }
   return [url4, forward];
 }
-var import_undici30;
+var import_undici29;
 var init_dev4 = __esm({
   "src/api/dev.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici30 = __toESM(require_undici());
+    import_undici29 = __toESM(require_undici());
     init_start_dev();
     init_experimental_flags();
     init_logger();
@@ -316885,6 +317221,13 @@ var init_executionContext = __esm({
 function unstable_getDevCompatibilityDate() {
   return getTodaysCompatDate();
 }
+function getZoneFromConfig(config) {
+  const firstRoute = config.route ?? config.routes?.[0];
+  if (firstRoute) {
+    return getZoneFromRoute(firstRoute);
+  }
+  return void 0;
+}
 async function getPlatformProxy(options = {}) {
   const env6 = options.environment;
   const config = readConfig({
@@ -316988,6 +317331,7 @@ async function getMiniflareOptionsFromConfig(args) {
         script: "",
         modules: true,
         name: config.name,
+        zone: getZoneFromConfig(config),
         ...bindingOptions,
         ...assetOptions
       },
@@ -317071,6 +317415,7 @@ function unstable_getMiniflareWorkerOptions(configOrConfigPath, env6, options) {
     compatibilityFlags: config.compatibility_flags,
     modulesRules,
     containerEngine: useContainers ? config.dev.container_engine ?? resolveDockerHost(getDockerPath()) : void 0,
+    zone: getZoneFromConfig(config),
     ...bindingOptions,
     ...sitesOptions,
     ...assetOptions
@@ -317097,6 +317442,7 @@ var init_platform = __esm({
     init_logger();
     init_sites2();
     init_dedent();
+    init_zones3();
     init_remoteBindings();
     init_utils2();
     init_caches();
@@ -317104,6 +317450,7 @@ var init_platform = __esm({
     init_dev_vars();
     init_details2();
     __name(unstable_getDevCompatibilityDate, "unstable_getDevCompatibilityDate");
+    __name(getZoneFromConfig, "getZoneFromConfig");
     __name(getPlatformProxy, "getPlatformProxy");
     __name(getMiniflareOptionsFromConfig, "getMiniflareOptionsFromConfig");
     __name(getMiniflarePersistRoot, "getMiniflarePersistRoot");