npm - wrangler - Versions diffs - 4.93.0 → 4.93.1 - Mend

wrangler 4.93.0 → 4.93.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json +11 -11
package/templates/pages-template-plugin.ts +1 -1
package/templates/pages-template-worker.ts +1 -1
package/templates/startDevWorker/InspectorProxyWorker.ts +1 -1
package/wrangler-dist/cli.js +512 -442
package/wrangler-dist/metafile-cjs.json +1 -1

package/wrangler-dist/cli.js CHANGED Viewed

@@ -9760,7 +9760,7 @@ var require_formdata = __commonJS({
     var { kEnumerableProperty } = require_util();
     var { webidl } = require_webidl();
     var nodeUtil = __require("util");
-    var FormData13 = class _FormData {
+    var FormData12 = class _FormData {
       static {
         __name(this, "FormData");
       }
@@ -9880,11 +9880,11 @@ var require_formdata = __commonJS({
         formData.#state = newState;
       }
     };
-    var { getFormDataState, setFormDataState } = FormData13;
-    Reflect.deleteProperty(FormData13, "getFormDataState");
-    Reflect.deleteProperty(FormData13, "setFormDataState");
-    iteratorMixin("FormData", FormData13, getFormDataState, "name", "value");
-    Object.defineProperties(FormData13.prototype, {
+    var { getFormDataState, setFormDataState } = FormData12;
+    Reflect.deleteProperty(FormData12, "getFormDataState");
+    Reflect.deleteProperty(FormData12, "setFormDataState");
+    iteratorMixin("FormData", FormData12, getFormDataState, "name", "value");
+    Object.defineProperties(FormData12.prototype, {
       append: kEnumerableProperty,
       delete: kEnumerableProperty,
       get: kEnumerableProperty,
@@ -9912,8 +9912,8 @@ var require_formdata = __commonJS({
       return { name: name2, value };
     }
     __name(makeEntry, "makeEntry");
-    webidl.is.FormData = webidl.util.MakeTypeAssertion(FormData13);
-    module2.exports = { FormData: FormData13, makeEntry, setFormDataState };
+    webidl.is.FormData = webidl.util.MakeTypeAssertion(FormData12);
+    module2.exports = { FormData: FormData12, makeEntry, setFormDataState };
   }
 });
@@ -10284,7 +10284,7 @@ var require_body = __commonJS({
       fullyReadBody,
       extractMimeType
     } = require_util2();
-    var { FormData: FormData13, setFormDataState } = require_formdata();
+    var { FormData: FormData12, setFormDataState } = require_formdata();
     var { webidl } = require_webidl();
     var assert63 = __require("assert");
     var { isErrored, isDisturbed } = __require("stream");
@@ -10480,13 +10480,13 @@ Content-Type: ${value.type || "application/octet-stream"}\r
               switch (mimeType.essence) {
                 case "multipart/form-data": {
                   const parsed = multipartFormDataParser(value, mimeType);
-                  const fd = new FormData13();
+                  const fd = new FormData12();
                   setFormDataState(fd, parsed);
                   return fd;
                 }
                 case "application/x-www-form-urlencoded": {
                   const entries2 = new URLSearchParams(value.toString());
-                  const fd = new FormData13();
+                  const fd = new FormData12();
                   for (const [name2, value2] of entries2) {
                     fd.append(name2, value2);
                   }
@@ -27170,7 +27170,7 @@ var require_permessage_deflate = __commonJS({
     var kBuffer = Symbol("kBuffer");
     var kLength = Symbol("kLength");
     var kDefaultMaxDecompressedSize = 4 * 1024 * 1024;
-    var PerMessageDeflate = class {
+    var PerMessageDeflate2 = class {
       static {
         __name(this, "PerMessageDeflate");
       }
@@ -27251,7 +27251,7 @@ var require_permessage_deflate = __commonJS({
         });
       }
     };
-    module2.exports = { PerMessageDeflate };
+    module2.exports = { PerMessageDeflate: PerMessageDeflate2 };
   }
 });
@@ -27273,7 +27273,7 @@ var require_receiver = __commonJS({
     } = require_util5();
     var { failWebsocketConnection } = require_connection();
     var { WebsocketFrameSend } = require_frame();
-    var { PerMessageDeflate } = require_permessage_deflate();
+    var { PerMessageDeflate: PerMessageDeflate2 } = require_permessage_deflate();
     var { MessageSizeExceededError } = require_errors();
     var ByteParser = class extends Writable5 {
       static {
@@ -27299,7 +27299,7 @@ var require_receiver = __commonJS({
         this.#handler = handler;
         this.#extensions = extensions == null ? /* @__PURE__ */ new Map() : extensions;
         if (this.#extensions.has("permessage-deflate")) {
-          this.#extensions.set("permessage-deflate", new PerMessageDeflate(extensions));
+          this.#extensions.set("permessage-deflate", new PerMessageDeflate2(extensions));
         }
       }
       /**
@@ -32704,19 +32704,19 @@ var init_dist = __esm({
               }
               __name(XDG, "XDG");
               __name2(XDG, "XDG");
-              var extension = isMacOS ? macos() : isWinOS ? windows() : linux();
-              XDG.cache = extension.cache;
-              XDG.config = extension.config;
-              XDG.data = extension.data;
-              XDG.runtime = extension.runtime;
-              XDG.state = extension.state;
+              var extension2 = isMacOS ? macos() : isWinOS ? windows() : linux();
+              XDG.cache = extension2.cache;
+              XDG.config = extension2.config;
+              XDG.data = extension2.data;
+              XDG.runtime = extension2.runtime;
+              XDG.state = extension2.state;
               XDG.configDirs = /* @__PURE__ */ __name2(/* @__PURE__ */ __name(function configDirs() {
                 var pathList = env6.get("XDG_CONFIG_DIRS");
-                return __spreadArray2([extension.config()], pathList ? pathList.split(path410.delimiter) : []);
+                return __spreadArray2([extension2.config()], pathList ? pathList.split(path410.delimiter) : []);
               }, "configDirs"), "configDirs");
               XDG.dataDirs = /* @__PURE__ */ __name2(/* @__PURE__ */ __name(function dataDirs() {
                 var pathList = env6.get("XDG_DATA_DIRS");
-                return __spreadArray2([extension.data()], pathList ? pathList.split(path410.delimiter) : []);
+                return __spreadArray2([extension2.data()], pathList ? pathList.split(path410.delimiter) : []);
               }, "dataDirs"), "dataDirs");
               return XDG;
             }
@@ -45336,8 +45336,9 @@ async function getImageRepoTags(dockerPath, imageTag) {
 async function cleanupDuplicateImageTags(dockerPath, imageTag) {
   try {
     const repoTags = await getImageRepoTags(dockerPath, imageTag);
+    const currentBuildId = getImageTag(imageTag);
     const tagsToRemove = repoTags.filter(
-      (tag) => tag !== imageTag && tag.startsWith("cloudflare-dev")
+      (tag) => tag.startsWith("cloudflare-dev") && getImageTag(tag) !== currentBuildId
     );
     if (tagsToRemove.length > 0) {
       runDockerCmdWithOutput(dockerPath, ["rmi", ...tagsToRemove]);
@@ -45345,6 +45346,10 @@ async function cleanupDuplicateImageTags(dockerPath, imageTag) {
   } catch {
   }
 }
+function getImageTag(imageTag) {
+  const tagSeparatorIndex = imageTag.lastIndexOf(":");
+  return tagSeparatorIndex === -1 ? void 0 : imageTag.slice(tagSeparatorIndex + 1);
+}
 var runDockerCmd, runDockerCmdWithOutput, isDockerRunning, verifyDockerInstalled, cleanupContainers, getContainerIdsFromImage;
 var init_utils = __esm({
   "../containers-shared/src/utils.ts"() {
@@ -45480,6 +45485,7 @@ var init_utils = __esm({
     __name(resolveDockerHost, "resolveDockerHost");
     __name(getImageRepoTags, "getImageRepoTags");
     __name(cleanupDuplicateImageTags, "cleanupDuplicateImageTags");
+    __name(getImageTag, "getImageTag");
   }
 });
@@ -55945,7 +55951,7 @@ var name, version;
 var init_package = __esm({
   "package.json"() {
     name = "wrangler";
-    version = "4.93.0";
+    version = "4.93.1";
   }
 });
 function getWranglerVersion() {
@@ -62164,21 +62170,21 @@ var init_Mime = __esm({
           }
           const allExtensions = __classPrivateFieldGet(this, _Mime_typeToExtensions, "f").get(type);
           let first = true;
-          for (let extension of extensions) {
-            const starred = extension.startsWith("*");
-            extension = starred ? extension.slice(1) : extension;
-            allExtensions?.add(extension);
+          for (let extension2 of extensions) {
+            const starred = extension2.startsWith("*");
+            extension2 = starred ? extension2.slice(1) : extension2;
+            allExtensions?.add(extension2);
             if (first) {
-              __classPrivateFieldGet(this, _Mime_typeToExtension, "f").set(type, extension);
+              __classPrivateFieldGet(this, _Mime_typeToExtension, "f").set(type, extension2);
             }
             first = false;
             if (starred)
               continue;
-            const currentType = __classPrivateFieldGet(this, _Mime_extensionToType, "f").get(extension);
+            const currentType = __classPrivateFieldGet(this, _Mime_extensionToType, "f").get(extension2);
             if (currentType && currentType != type && !force) {
-              throw new Error(`"${type} -> ${extension}" conflicts with "${currentType} -> ${extension}". Pass \`force=true\` to override this definition.`);
+              throw new Error(`"${type} -> ${extension2}" conflicts with "${currentType} -> ${extension2}". Pass \`force=true\` to override this definition.`);
             }
-            __classPrivateFieldGet(this, _Mime_extensionToType, "f").set(extension, type);
+            __classPrivateFieldGet(this, _Mime_extensionToType, "f").set(extension2, type);
           }
         }
         return this;
@@ -133268,8 +133274,11 @@ var init_cfetch = __esm({
 });
 // src/user/fetch-accounts.ts
+function getErrorCode(err) {
+  return err?.code;
+}
 function isMembershipsInaccessible(err) {
-  const code = err?.code;
+  const code = getErrorCode(err);
   return code !== void 0 && MEMBERSHIPS_INACCESSIBLE_CODES.includes(code);
 }
 async function fetchAllAccounts(complianceConfig, options = {}) {
@@ -133289,6 +133298,16 @@ async function fetchAllAccounts(complianceConfig, options = {}) {
       if (accountsRes.status === "fulfilled" && accountsRes.value.length > 0) {
         return accountsRes.value;
       }
+      const errCode = getErrorCode(membershipsRes.reason);
+      if (errCode === 9106) {
+        throw new UserError(
+          `Failed to automatically retrieve account IDs for the logged in user.
+You may have incorrect permissions on your API token, or an environment variable such as CLOUDFLARE_API_TOKEN, CLOUDFLARE_API_KEY, or CLOUDFLARE_EMAIL may be set to an invalid value.
+Check your environment and unset or correct any Cloudflare credential variables, or run \`wrangler logout\` followed by \`wrangler login\` to re-authenticate.
+You can also skip this account check by adding an \`account_id\` in your ${configFileName(void 0)} file, or by setting the value of CLOUDFLARE_ACCOUNT_ID`,
+          { telemetryMessage: "user account fetch permission denied" }
+        );
+      }
       throw new UserError(
         `Failed to automatically retrieve account IDs for the logged in user.
 You may have incorrect permissions on your API token. You can skip this account check by adding an \`account_id\` in your ${configFileName(void 0)} file, or by setting the value of CLOUDFLARE_ACCOUNT_ID`,
@@ -133318,6 +133337,7 @@ var init_fetch_accounts = __esm({
     init_dist();
     init_cfetch();
     MEMBERSHIPS_INACCESSIBLE_CODES = [9106, 1e4];
+    __name(getErrorCode, "getErrorCode");
     __name(isMembershipsInaccessible, "isMembershipsInaccessible");
     __name(fetchAllAccounts, "fetchAllAccounts");
   }
@@ -133365,51 +133385,50 @@ function getAuthFromEnv() {
 function validateScopeKeys(scopes) {
   return scopes.every((scope) => scope in DefaultScopes);
 }
-function getAuthTokens(config) {
+function readStoredAuthState(config) {
+  let parsed;
   try {
-    if (getAuthFromEnv()) {
-      return;
-    }
-    const { oauth_token, refresh_token, expiration_time, scopes, api_token } = config || readAuthConfigFile();
-    if (oauth_token) {
-      return {
-        accessToken: {
-          value: oauth_token,
-          // If there is no `expiration_time` field then set it to an old date, to cause it to expire immediately.
-          expiry: expiration_time ?? "2000-01-01:00:00:00+00:00"
-        },
-        refreshToken: { value: refresh_token ?? "" },
-        scopes
-      };
-    } else if (api_token) {
+    parsed = config ?? readAuthConfigFile();
+  } catch {
+    return {};
+  }
+  const { oauth_token, refresh_token, expiration_time, scopes, api_token } = parsed;
+  if (oauth_token) {
+    return {
+      accessToken: {
+        value: oauth_token,
+        // If there is no `expiration_time` field then set it to an old date, to cause it to expire immediately.
+        expiry: expiration_time ?? "2000-01-01:00:00:00+00:00"
+      },
+      refreshToken: { value: refresh_token ?? "" },
+      scopes
+    };
+  }
+  if (api_token) {
+    if (!hasWarnedAboutDeprecatedV1ApiToken) {
+      hasWarnedAboutDeprecatedV1ApiToken = true;
       logger.warn(
         `It looks like you have used Wrangler v1's \`config\` command to login with an API token
 from ${config === void 0 ? getAuthConfigFilePath() : "in-memory config"}.
 This is no longer supported in the current version of Wrangler.
 If you wish to authenticate via an API token then please set the \`CLOUDFLARE_API_TOKEN\` environment variable.`
       );
-      return { apiToken: api_token };
     }
-  } catch {
-    return void 0;
+    return { deprecatedApiToken: api_token };
   }
-}
-function reinitialiseAuthTokens(config) {
-  localState = {
-    ...getAuthTokens(config)
-  };
+  return {};
 }
 function getAPIToken() {
-  if (localState.apiToken) {
-    return { apiToken: localState.apiToken };
+  const envAuth = getAuthFromEnv();
+  if (envAuth) {
+    return envAuth;
   }
-  const localAPIToken = getAuthFromEnv();
-  if (localAPIToken) {
-    return localAPIToken;
+  const stored = readStoredAuthState();
+  if (stored.deprecatedApiToken) {
+    return { apiToken: stored.deprecatedApiToken };
   }
-  const storedAccessToken = localState.accessToken?.value;
-  if (storedAccessToken) {
-    return { apiToken: storedAccessToken };
+  if (stored.accessToken?.value) {
+    return { apiToken: stored.accessToken.value };
   }
   return void 0;
 }
@@ -133480,9 +133499,8 @@ function isReturningFromAuthServer(query) {
   if (!code) {
     return false;
   }
-  const state2 = localState;
   const stateQueryParam = query.state;
-  if (stateQueryParam !== state2.stateQueryParam) {
+  if (stateQueryParam !== oauthFlowState.stateQueryParam) {
     logger.warn(
       "Received query string parameter doesn't match the one sent! Possible malicious activity somewhere."
     );
@@ -133491,14 +133509,14 @@ function isReturningFromAuthServer(query) {
     });
   }
   assert54__default.default(!Array.isArray(code));
-  state2.authorizationCode = code;
-  state2.hasAuthCodeBeenExchangedForAccessToken = false;
+  oauthFlowState.authorizationCode = code;
+  oauthFlowState.hasAuthCodeBeenExchangedForAccessToken = false;
   return true;
 }
 async function getAuthURL(scopes, clientId) {
   const { codeChallenge, codeVerifier } = await generatePKCECodes();
   const stateQueryParam = generateRandomState(RECOMMENDED_STATE_LENGTH);
-  Object.assign(localState, {
+  Object.assign(oauthFlowState, {
     codeChallenge,
     codeVerifier,
     stateQueryParam
@@ -133512,12 +133530,13 @@ async function getAuthURL(scopes, clientId) {
   });
 }
 async function exchangeRefreshTokenForAccessToken() {
-  if (!localState.refreshToken) {
+  const storedRefreshToken = readStoredAuthState().refreshToken;
+  if (!storedRefreshToken) {
     logger.warn("No refresh token is present.");
   }
   const params = new URLSearchParams({
     grant_type: "refresh_token",
-    refresh_token: localState.refreshToken?.value ?? "",
+    refresh_token: storedRefreshToken?.value ?? "",
     client_id: getClientIdFromEnv()
   });
   const response = await fetchAuthToken(params);
@@ -133543,25 +133562,15 @@ async function exchangeRefreshTokenForAccessToken() {
         throw json.error;
       }
       const { access_token, expires_in, refresh_token, scope } = json;
-      let scopes = [];
       const accessToken = {
         value: access_token,
         expiry: new Date(Date.now() + expires_in * 1e3).toISOString()
       };
-      localState.accessToken = accessToken;
-      if (refresh_token) {
-        localState.refreshToken = {
-          value: refresh_token
-        };
-      }
-      if (scope) {
-        scopes = scope.split(" ");
-        localState.scopes = scopes;
-      }
+      const scopes = scope ? scope.split(" ") : [];
       const accessContext = {
         token: accessToken,
         scopes,
-        refreshToken: localState.refreshToken
+        refreshToken: refresh_token ? { value: refresh_token } : storedRefreshToken
       };
       return accessContext;
     } catch (error2) {
@@ -133574,7 +133583,7 @@ async function exchangeRefreshTokenForAccessToken() {
   }
 }
 async function exchangeAuthCodeForAccessToken() {
-  const { authorizationCode, codeVerifier = "" } = localState;
+  const { authorizationCode, codeVerifier = "" } = oauthFlowState;
   if (!codeVerifier) {
     logger.warn("No code verifier is being sent.");
   } else if (!authorizationCode) {
@@ -133600,27 +133609,17 @@ async function exchangeAuthCodeForAccessToken() {
     throw new Error(json.error);
   }
   const { access_token, expires_in, refresh_token, scope } = json;
-  let scopes = [];
-  localState.hasAuthCodeBeenExchangedForAccessToken = true;
+  oauthFlowState.hasAuthCodeBeenExchangedForAccessToken = true;
   const expiryDate = new Date(Date.now() + expires_in * 1e3);
   const accessToken = {
     value: access_token,
     expiry: expiryDate.toISOString()
   };
-  localState.accessToken = accessToken;
-  if (refresh_token) {
-    localState.refreshToken = {
-      value: refresh_token
-    };
-  }
-  if (scope) {
-    scopes = scope.split(" ");
-    localState.scopes = scopes;
-  }
+  const scopes = scope ? scope.split(" ") : [];
   const accessContext = {
     token: accessToken,
     scopes,
-    refreshToken: localState.refreshToken
+    refreshToken: refresh_token ? { value: refresh_token } : void 0
   };
   return accessContext;
 }
@@ -133663,7 +133662,6 @@ function writeAuthConfigFile(config) {
   fs27.writeFileSync(path3__namespace.default.join(configPath), dist_default4.stringify(config), {
     encoding: "utf-8"
   });
-  reinitialiseAuthTokens();
 }
 function readAuthConfigFile() {
   return parseTOML(readFileSync(getAuthConfigFilePath()));
@@ -133671,7 +133669,7 @@ function readAuthConfigFile() {
 async function loginOrRefreshIfRequired(complianceConfig, props) {
   if (!getAPIToken()) {
     return !isNonInteractiveOrCI() && await login(complianceConfig, props);
-  } else if (isAccessTokenExpired()) {
+  } else if (isRefreshNeeded()) {
     const didRefresh = await refreshToken();
     if (didRefresh) {
       return true;
@@ -133683,16 +133681,18 @@ async function loginOrRefreshIfRequired(complianceConfig, props) {
   }
 }
 async function getOAuthTokenFromLocalState() {
-  if (!localState.accessToken) {
+  let stored = readStoredAuthState();
+  if (!stored.accessToken) {
     return void 0;
   }
-  if (isAccessTokenExpired()) {
+  if (isRefreshNeeded()) {
     const didRefresh = await refreshToken();
     if (!didRefresh) {
       return void 0;
     }
+    stored = readStoredAuthState();
   }
-  return localState.accessToken?.value;
+  return stored.accessToken?.value;
 }
 async function getOauthToken(options) {
   const urlToOpen = await getAuthURL(options.scopes, options.clientId);
@@ -133842,12 +133842,14 @@ async function login(complianceConfig, props = {
   purgeConfigCaches();
   return true;
 }
-function isAccessTokenExpired() {
-  const { accessToken } = localState;
+function isRefreshNeeded() {
+  if (getAuthFromEnv()) {
+    return false;
+  }
+  const { accessToken } = readStoredAuthState();
   return Boolean(accessToken && /* @__PURE__ */ new Date() >= new Date(accessToken.expiry));
 }
 async function refreshToken() {
-  reinitialiseAuthTokens();
   try {
     const {
       token: { value: oauth_token, expiry: expiration_time } = {
@@ -133879,25 +133881,12 @@ async function logout() {
     );
     return;
   }
-  if (!localState.accessToken) {
-    if (!localState.refreshToken) {
-      logger.log("Not logged in, exiting...");
-      return;
-    }
-    const body2 = `client_id=${encodeURIComponent(getClientIdFromEnv())}&token_type_hint=refresh_token&token=${encodeURIComponent(localState.refreshToken?.value || "")}`;
-    const response2 = await (0, import_undici5.fetch)(getRevokeUrlFromEnv(), {
-      method: "POST",
-      body: body2,
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
-      }
-    });
-    await response2.text();
-    logger.log(
-      "\u{1F481}  Wrangler is configured with an OAuth token. The token has been successfully revoked"
-    );
+  const storedRefreshToken = readStoredAuthState().refreshToken;
+  if (!storedRefreshToken) {
+    logger.log("Not logged in, exiting...");
+    return;
   }
-  const body = `client_id=${encodeURIComponent(getClientIdFromEnv())}&token_type_hint=refresh_token&token=${encodeURIComponent(localState.refreshToken?.value || "")}`;
+  const body = `client_id=${encodeURIComponent(getClientIdFromEnv())}&token_type_hint=refresh_token&token=${encodeURIComponent(storedRefreshToken.value || "")}`;
   const response = await (0, import_undici5.fetch)(getRevokeUrlFromEnv(), {
     method: "POST",
     body,
@@ -133992,17 +133981,13 @@ function requireApiToken() {
   return credentials;
 }
 function saveAccountToCache(account) {
-  localState.account = account;
   saveToConfigCache("wrangler-account.json", { account });
 }
 function getAccountFromCache() {
-  if (localState.account) {
-    return localState.account;
-  }
   return getConfigCache("wrangler-account.json").account;
 }
 function getScopes() {
-  return localState.scopes;
+  return readStoredAuthState().scopes;
 }
 function printScopes(scopes) {
   const data = scopes.map((scope) => ({
@@ -134065,7 +134050,7 @@ async function getJSONFromResponse(response) {
     );
   }
 }
-var import_ci_info4, import_undici5, USER_AUTH_CONFIG_PATH, DefaultScopes, DefaultScopeKeys, localState, ErrorOAuth2, ErrorUnknown, ErrorNoAuthCode, ErrorInvalidReturnedStateParam, ErrorInvalidJson, ErrorInvalidScope, ErrorInvalidRequest, ErrorInvalidToken, ErrorAuthenticationGrant, ErrorUnauthorizedClient, ErrorAccessDenied, ErrorUnsupportedResponseType, ErrorServerError, ErrorTemporarilyUnavailable, ErrorAccessTokenResponse, ErrorInvalidClient, ErrorInvalidGrant, ErrorUnsupportedGrantType, RECOMMENDED_CODE_VERIFIER_LENGTH, RECOMMENDED_STATE_LENGTH, PKCE_CHARSET;
+var import_ci_info4, import_undici5, USER_AUTH_CONFIG_PATH, DefaultScopes, DefaultScopeKeys, oauthFlowState, hasWarnedAboutDeprecatedV1ApiToken, ErrorOAuth2, ErrorUnknown, ErrorNoAuthCode, ErrorInvalidReturnedStateParam, ErrorInvalidJson, ErrorInvalidScope, ErrorInvalidRequest, ErrorInvalidToken, ErrorAuthenticationGrant, ErrorUnauthorizedClient, ErrorAccessDenied, ErrorUnsupportedResponseType, ErrorServerError, ErrorTemporarilyUnavailable, ErrorAccessTokenResponse, ErrorInvalidClient, ErrorInvalidGrant, ErrorUnsupportedGrantType, RECOMMENDED_CODE_VERIFIER_LENGTH, RECOMMENDED_STATE_LENGTH, PKCE_CHARSET;
 var init_user2 = __esm({
   "src/user/user.ts"() {
     init_import_meta_url();
@@ -134115,11 +134100,9 @@ var init_user2 = __esm({
     };
     DefaultScopeKeys = Object.keys(DefaultScopes);
     __name(validateScopeKeys, "validateScopeKeys");
-    localState = {
-      ...getAuthTokens()
-    };
-    __name(getAuthTokens, "getAuthTokens");
-    __name(reinitialiseAuthTokens, "reinitialiseAuthTokens");
+    oauthFlowState = {};
+    hasWarnedAboutDeprecatedV1ApiToken = false;
+    __name(readStoredAuthState, "readStoredAuthState");
     __name(getAPIToken, "getAPIToken");
     ErrorOAuth2 = class extends UserError {
       static {
@@ -134282,7 +134265,7 @@ var init_user2 = __esm({
     __name(getOAuthTokenFromLocalState, "getOAuthTokenFromLocalState");
     __name(getOauthToken, "getOauthToken");
     __name(login, "login");
-    __name(isAccessTokenExpired, "isAccessTokenExpired");
+    __name(isRefreshNeeded, "isRefreshNeeded");
     __name(refreshToken, "refreshToken");
     __name(logout, "logout");
     __name(listScopes, "listScopes");
@@ -137106,8 +137089,8 @@ function getMissingEntryPointMessage(absoluteEntryPointPath, relativeEntryPointP
       "index",
       "dist/index"
     ]) {
-      for (const extension of [".ts", ".tsx", ".js", ".jsx"]) {
-        const filePath = basenamePath + extension;
+      for (const extension2 of [".ts", ".tsx", ".js", ".jsx"]) {
+        const filePath = basenamePath + extension2;
         if (fileExists(path3__namespace.default.resolve(absoluteEntryPointPath, filePath))) {
           possiblePaths.push(path3__namespace.default.join(relativeEntryPointPath, filePath));
         }
@@ -148267,116 +148250,16 @@ var init_instances2 = __esm({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/stream.js
-var require_stream = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/stream.js"(exports, module2) {
-    init_import_meta_url();
-    var { Duplex: Duplex2 } = __require("stream");
-    function emitClose(stream2) {
-      stream2.emit("close");
-    }
-    __name(emitClose, "emitClose");
-    function duplexOnEnd() {
-      if (!this.destroyed && this._writableState.finished) {
-        this.destroy();
-      }
-    }
-    __name(duplexOnEnd, "duplexOnEnd");
-    function duplexOnError(err) {
-      this.removeListener("error", duplexOnError);
-      this.destroy();
-      if (this.listenerCount("error") === 0) {
-        this.emit("error", err);
-      }
-    }
-    __name(duplexOnError, "duplexOnError");
-    function createWebSocketStream2(ws, options) {
-      let terminateOnDestroy = true;
-      const duplex = new Duplex2({
-        ...options,
-        autoDestroy: false,
-        emitClose: false,
-        objectMode: false,
-        writableObjectMode: false
-      });
-      ws.on("message", /* @__PURE__ */ __name(function message(msg, isBinary) {
-        const data = !isBinary && duplex._readableState.objectMode ? msg.toString() : msg;
-        if (!duplex.push(data)) ws.pause();
-      }, "message"));
-      ws.once("error", /* @__PURE__ */ __name(function error2(err) {
-        if (duplex.destroyed) return;
-        terminateOnDestroy = false;
-        duplex.destroy(err);
-      }, "error"));
-      ws.once("close", /* @__PURE__ */ __name(function close2() {
-        if (duplex.destroyed) return;
-        duplex.push(null);
-      }, "close"));
-      duplex._destroy = function(err, callback) {
-        if (ws.readyState === ws.CLOSED) {
-          callback(err);
-          process.nextTick(emitClose, duplex);
-          return;
-        }
-        let called = false;
-        ws.once("error", /* @__PURE__ */ __name(function error2(err2) {
-          called = true;
-          callback(err2);
-        }, "error"));
-        ws.once("close", /* @__PURE__ */ __name(function close2() {
-          if (!called) callback(err);
-          process.nextTick(emitClose, duplex);
-        }, "close"));
-        if (terminateOnDestroy) ws.terminate();
-      };
-      duplex._final = function(callback) {
-        if (ws.readyState === ws.CONNECTING) {
-          ws.once("open", /* @__PURE__ */ __name(function open3() {
-            duplex._final(callback);
-          }, "open"));
-          return;
-        }
-        if (ws._socket === null) return;
-        if (ws._socket._writableState.finished) {
-          callback();
-          if (duplex._readableState.endEmitted) duplex.destroy();
-        } else {
-          ws._socket.once("finish", /* @__PURE__ */ __name(function finish() {
-            callback();
-          }, "finish"));
-          ws.close();
-        }
-      };
-      duplex._read = function() {
-        if (ws.isPaused) ws.resume();
-      };
-      duplex._write = function(chunk, encoding, callback) {
-        if (ws.readyState === ws.CONNECTING) {
-          ws.once("open", /* @__PURE__ */ __name(function open3() {
-            duplex._write(chunk, encoding, callback);
-          }, "open"));
-          return;
-        }
-        ws.send(chunk, callback);
-      };
-      duplex.on("end", duplexOnEnd);
-      duplex.on("error", duplexOnError);
-      return duplex;
-    }
-    __name(createWebSocketStream2, "createWebSocketStream");
-    module2.exports = createWebSocketStream2;
-  }
-});
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/constants.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/constants.js
 var require_constants7 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/constants.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/constants.js"(exports, module2) {
     init_import_meta_url();
     var BINARY_TYPES = ["nodebuffer", "arraybuffer", "fragments"];
     var hasBlob = typeof Blob !== "undefined";
     if (hasBlob) BINARY_TYPES.push("blob");
     module2.exports = {
       BINARY_TYPES,
+      CLOSE_TIMEOUT: 3e4,
       EMPTY_BUFFER: Buffer.alloc(0),
       GUID: "258EAFA5-E914-47DA-95CA-C5AB0DC85B11",
       hasBlob,
@@ -148390,9 +148273,9 @@ var require_constants7 = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/buffer-util.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/buffer-util.js
 var require_buffer_util = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/buffer-util.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/buffer-util.js"(exports, module2) {
     init_import_meta_url();
     var { EMPTY_BUFFER } = require_constants7();
     var FastBuffer = Buffer[Symbol.species];
@@ -148470,9 +148353,9 @@ var require_buffer_util = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/limiter.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/limiter.js
 var require_limiter = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/limiter.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/limiter.js"(exports, module2) {
     init_import_meta_url();
     var kDone = Symbol("kDone");
     var kRun = Symbol("kRun");
@@ -148523,9 +148406,9 @@ var require_limiter = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/permessage-deflate.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/permessage-deflate.js
 var require_permessage_deflate2 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/permessage-deflate.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/permessage-deflate.js"(exports, module2) {
     init_import_meta_url();
     var zlib3 = __require("zlib");
     var bufferUtil = require_buffer_util();
@@ -148539,7 +148422,7 @@ var require_permessage_deflate2 = __commonJS({
     var kBuffers = Symbol("buffers");
     var kError = Symbol("error");
     var zlibLimiter;
-    var PerMessageDeflate = class {
+    var PerMessageDeflate2 = class {
       static {
         __name(this, "PerMessageDeflate");
       }
@@ -148553,6 +148436,9 @@ var require_permessage_deflate2 = __commonJS({
        *     acknowledge disabling of client context takeover
        * @param {Number} [options.concurrencyLimit=10] The number of concurrent
        *     calls to zlib
+       * @param {Boolean} [options.isServer=false] Create the instance in either
+       *     server or client mode
+       * @param {Number} [options.maxPayload=0] The maximum allowed message length
        * @param {(Boolean|Number)} [options.serverMaxWindowBits] Request/confirm the
        *     use of a custom server window size
        * @param {Boolean} [options.serverNoContextTakeover=false] Request/accept
@@ -148563,15 +148449,12 @@ var require_permessage_deflate2 = __commonJS({
        *     deflate
        * @param {Object} [options.zlibInflateOptions] Options to pass to zlib on
        *     inflate
-       * @param {Boolean} [isServer=false] Create the instance in either server or
-       *     client mode
-       * @param {Number} [maxPayload=0] The maximum allowed message length
        */
-      constructor(options, isServer, maxPayload) {
-        this._maxPayload = maxPayload | 0;
+      constructor(options) {
         this._options = options || {};
         this._threshold = this._options.threshold !== void 0 ? this._options.threshold : 1024;
-        this._isServer = !!isServer;
+        this._maxPayload = this._options.maxPayload | 0;
+        this._isServer = !!this._options.isServer;
         this._deflate = null;
         this._inflate = null;
         this.params = null;
@@ -148880,7 +148763,7 @@ var require_permessage_deflate2 = __commonJS({
         });
       }
     };
-    module2.exports = PerMessageDeflate;
+    module2.exports = PerMessageDeflate2;
     function deflateOnData(chunk) {
       this[kBuffers].push(chunk);
       this[kTotalLength] += chunk.length;
@@ -148901,6 +148784,10 @@ var require_permessage_deflate2 = __commonJS({
     __name(inflateOnData, "inflateOnData");
     function inflateOnError(err) {
       this[kPerMessageDeflate]._inflate = null;
+      if (this[kError]) {
+        this[kCallback](this[kError]);
+        return;
+      }
       err[kStatusCode] = 1007;
       this[kCallback](err);
     }
@@ -148908,9 +148795,9 @@ var require_permessage_deflate2 = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/validation.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/validation.js
 var require_validation = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/validation.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/validation.js"(exports, module2) {
     init_import_meta_url();
     var { isUtf8 } = __require("buffer");
     var { hasBlob } = require_constants7();
@@ -149112,12 +148999,12 @@ var require_validation = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/receiver.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/receiver.js
 var require_receiver2 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/receiver.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/receiver.js"(exports, module2) {
     init_import_meta_url();
     var { Writable: Writable5 } = __require("stream");
-    var PerMessageDeflate = require_permessage_deflate2();
+    var PerMessageDeflate2 = require_permessage_deflate2();
     var {
       BINARY_TYPES,
       EMPTY_BUFFER,
@@ -149287,7 +149174,7 @@ var require_receiver2 = __commonJS({
           return;
         }
         const compressed = (buf[0] & 64) === 64;
-        if (compressed && !this._extensions[PerMessageDeflate.extensionName]) {
+        if (compressed && !this._extensions[PerMessageDeflate2.extensionName]) {
           const error2 = this.createError(
             RangeError,
             "RSV1 must be clear",
@@ -149531,7 +149418,7 @@ var require_receiver2 = __commonJS({
        * @private
        */
       decompress(data, cb2) {
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         perMessageDeflate.decompress(data, this._fin, (err, buf) => {
           if (err) return cb2(err);
           if (buf.length) {
@@ -149707,13 +149594,16 @@ var require_receiver2 = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/sender.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/sender.js
 var require_sender2 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/sender.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/sender.js"(exports, module2) {
     init_import_meta_url();
     var { Duplex: Duplex2 } = __require("stream");
     var { randomFillSync } = __require("crypto");
-    var PerMessageDeflate = require_permessage_deflate2();
+    var {
+      types: { isUint8Array }
+    } = __require("util");
+    var PerMessageDeflate2 = require_permessage_deflate2();
     var { EMPTY_BUFFER, kWebSocket, NOOP } = require_constants7();
     var { isBlob: isBlob5, isValidStatusCode } = require_validation();
     var { mask: applyMask, toBuffer } = require_buffer_util();
@@ -149869,8 +149759,10 @@ var require_sender2 = __commonJS({
           buf.writeUInt16BE(code, 0);
           if (typeof data === "string") {
             buf.write(data, 2);
-          } else {
+          } else if (isUint8Array(data)) {
             buf.set(data, 2);
+          } else {
+            throw new TypeError("Second argument must be a string or a Uint8Array");
           }
         }
         const options = {
@@ -150000,7 +149892,7 @@ var require_sender2 = __commonJS({
        * @public
        */
       send(data, options, cb2) {
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         let opcode = options.binary ? 2 : 1;
         let rsv1 = options.compress;
         let byteLength;
@@ -150124,7 +150016,7 @@ var require_sender2 = __commonJS({
           this.sendFrame(_Sender.frame(data, options), cb2);
           return;
         }
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         this._bufferedBytes += options[kByteLength];
         this._state = DEFLATING;
         perMessageDeflate.compress(data, options.fin, (_4, buf) => {
@@ -150167,7 +150059,7 @@ var require_sender2 = __commonJS({
       /**
        * Sends a frame.
        *
-       * @param {Buffer[]} list The frame to send
+       * @param {(Buffer | String)[]} list The frame to send
        * @param {Function} [cb] Callback
        * @private
        */
@@ -150200,9 +150092,9 @@ var require_sender2 = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/event-target.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/event-target.js
 var require_event_target = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/event-target.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/event-target.js"(exports, module2) {
     init_import_meta_url();
     var { kForOnEventAttribute, kListener } = require_constants7();
     var kCode = Symbol("kCode");
@@ -150442,9 +150334,9 @@ var require_event_target = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/extension.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/extension.js
 var require_extension = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/extension.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/extension.js"(exports, module2) {
     init_import_meta_url();
     var { tokenChars } = require_validation();
     function push2(dest, name2, elem) {
@@ -150579,11 +150471,11 @@ var require_extension = __commonJS({
     }
     __name(parse15, "parse");
     function format9(extensions) {
-      return Object.keys(extensions).map((extension) => {
-        let configurations = extensions[extension];
+      return Object.keys(extensions).map((extension2) => {
+        let configurations = extensions[extension2];
         if (!Array.isArray(configurations)) configurations = [configurations];
         return configurations.map((params) => {
-          return [extension].concat(
+          return [extension2].concat(
             Object.keys(params).map((k6) => {
               let values = params[k6];
               if (!Array.isArray(values)) values = [values];
@@ -150598,9 +150490,9 @@ var require_extension = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/websocket.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/websocket.js
 var require_websocket2 = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/websocket.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/websocket.js"(exports, module2) {
     init_import_meta_url();
     var EventEmitter5 = __require("events");
     var https3 = __require("https");
@@ -150610,12 +150502,13 @@ var require_websocket2 = __commonJS({
     var { randomBytes: randomBytes2, createHash: createHash9 } = __require("crypto");
     var { Duplex: Duplex2, Readable: Readable11 } = __require("stream");
     var { URL: URL8 } = __require("url");
-    var PerMessageDeflate = require_permessage_deflate2();
+    var PerMessageDeflate2 = require_permessage_deflate2();
     var Receiver2 = require_receiver2();
     var Sender2 = require_sender2();
     var { isBlob: isBlob5 } = require_validation();
     var {
       BINARY_TYPES,
+      CLOSE_TIMEOUT,
       EMPTY_BUFFER,
       GUID,
       kForOnEventAttribute,
@@ -150629,7 +150522,6 @@ var require_websocket2 = __commonJS({
     } = require_event_target();
     var { format: format9, parse: parse15 } = require_extension();
     var { toBuffer } = require_buffer_util();
-    var closeTimeout = 30 * 1e3;
     var kAborted = Symbol("kAborted");
     var protocolVersions = [8, 13];
     var readyStates = ["CONNECTING", "OPEN", "CLOSING", "CLOSED"];
@@ -150678,6 +150570,7 @@ var require_websocket2 = __commonJS({
           initAsClient(this, address, protocols, options);
         } else {
           this._autoPong = options.autoPong;
+          this._closeTimeout = options.closeTimeout;
           this._isServer = true;
         }
       }
@@ -150820,8 +150713,8 @@ var require_websocket2 = __commonJS({
           this.emit("close", this._closeCode, this._closeMessage);
           return;
         }
-        if (this._extensions[PerMessageDeflate.extensionName]) {
-          this._extensions[PerMessageDeflate.extensionName].cleanup();
+        if (this._extensions[PerMessageDeflate2.extensionName]) {
+          this._extensions[PerMessageDeflate2.extensionName].cleanup();
         }
         this._receiver.removeAllListeners();
         this._readyState = _WebSocket.CLOSED;
@@ -150983,7 +150876,7 @@ var require_websocket2 = __commonJS({
           fin: true,
           ...options
         };
-        if (!this._extensions[PerMessageDeflate.extensionName]) {
+        if (!this._extensions[PerMessageDeflate2.extensionName]) {
           opts.compress = false;
         }
         this._sender.send(data || EMPTY_BUFFER, opts, cb2);
@@ -151079,6 +150972,7 @@ var require_websocket2 = __commonJS({
       const opts = {
         allowSynchronousEvents: true,
         autoPong: true,
+        closeTimeout: CLOSE_TIMEOUT,
         protocolVersion: protocolVersions[1],
         maxPayload: 100 * 1024 * 1024,
         skipUTF8Validation: false,
@@ -151096,6 +150990,7 @@ var require_websocket2 = __commonJS({
         port: void 0
       };
       websocket._autoPong = opts.autoPong;
+      websocket._closeTimeout = opts.closeTimeout;
       if (!protocolVersions.includes(opts.protocolVersion)) {
         throw new RangeError(
           `Unsupported protocol version: ${opts.protocolVersion} (supported versions: ${protocolVersions.join(", ")})`
@@ -151107,7 +151002,7 @@ var require_websocket2 = __commonJS({
       } else {
         try {
           parsedUrl = new URL8(address);
-        } catch (e9) {
+        } catch {
           throw new SyntaxError(`Invalid URL: ${address}`);
         }
       }
@@ -151121,7 +151016,7 @@ var require_websocket2 = __commonJS({
       const isIpcUrl = parsedUrl.protocol === "ws+unix:";
       let invalidUrlMessage;
       if (parsedUrl.protocol !== "ws:" && !isSecure && !isIpcUrl) {
-        invalidUrlMessage = `The URL's protocol must be one of "ws:", "wss:", "http:", "https", or "ws+unix:"`;
+        invalidUrlMessage = `The URL's protocol must be one of "ws:", "wss:", "http:", "https:", or "ws+unix:"`;
       } else if (isIpcUrl && !parsedUrl.pathname) {
         invalidUrlMessage = "The URL's pathname is empty";
       } else if (parsedUrl.hash) {
@@ -151155,13 +151050,13 @@ var require_websocket2 = __commonJS({
       opts.path = parsedUrl.pathname + parsedUrl.search;
       opts.timeout = opts.handshakeTimeout;
       if (opts.perMessageDeflate) {
-        perMessageDeflate = new PerMessageDeflate(
-          opts.perMessageDeflate !== true ? opts.perMessageDeflate : {},
-          false,
-          opts.maxPayload
-        );
+        perMessageDeflate = new PerMessageDeflate2({
+          ...opts.perMessageDeflate,
+          isServer: false,
+          maxPayload: opts.maxPayload
+        });
         opts.headers["Sec-WebSocket-Extensions"] = format9({
-          [PerMessageDeflate.extensionName]: perMessageDeflate.offer()
+          [PerMessageDeflate2.extensionName]: perMessageDeflate.offer()
         });
       }
       if (protocols.length) {
@@ -151304,19 +151199,19 @@ var require_websocket2 = __commonJS({
             return;
           }
           const extensionNames = Object.keys(extensions);
-          if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate.extensionName) {
+          if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate2.extensionName) {
             const message = "Server indicated an extension that was not requested";
             abortHandshake(websocket, socket, message);
             return;
           }
           try {
-            perMessageDeflate.accept(extensions[PerMessageDeflate.extensionName]);
+            perMessageDeflate.accept(extensions[PerMessageDeflate2.extensionName]);
           } catch (err) {
             const message = "Invalid Sec-WebSocket-Extensions header";
             abortHandshake(websocket, socket, message);
             return;
           }
-          websocket._extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
+          websocket._extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
         }
         websocket.setSocket(socket, head, {
           allowSynchronousEvents: opts.allowSynchronousEvents,
@@ -151453,7 +151348,7 @@ var require_websocket2 = __commonJS({
     function setCloseTimer(websocket) {
       websocket._closeTimer = setTimeout(
         websocket._socket.destroy.bind(websocket._socket),
-        closeTimeout
+        websocket._closeTimeout
       );
     }
     __name(setCloseTimer, "setCloseTimer");
@@ -151463,8 +151358,8 @@ var require_websocket2 = __commonJS({
       this.removeListener("data", socketOnData);
       this.removeListener("end", socketOnEnd);
       websocket._readyState = WebSocket2.CLOSING;
-      let chunk;
-      if (!this._readableState.endEmitted && !websocket._closeFrameReceived && !websocket._receiver._writableState.errorEmitted && (chunk = websocket._socket.read()) !== null) {
+      if (!this._readableState.endEmitted && !websocket._closeFrameReceived && !websocket._receiver._writableState.errorEmitted && this._readableState.length !== 0) {
+        const chunk = this.read(this._readableState.length);
         websocket._receiver.write(chunk);
       }
       websocket._receiver.end();
@@ -151504,9 +151399,111 @@ var require_websocket2 = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/subprotocol.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/stream.js
+var require_stream = __commonJS({
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/stream.js"(exports, module2) {
+    init_import_meta_url();
+    require_websocket2();
+    var { Duplex: Duplex2 } = __require("stream");
+    function emitClose(stream2) {
+      stream2.emit("close");
+    }
+    __name(emitClose, "emitClose");
+    function duplexOnEnd() {
+      if (!this.destroyed && this._writableState.finished) {
+        this.destroy();
+      }
+    }
+    __name(duplexOnEnd, "duplexOnEnd");
+    function duplexOnError(err) {
+      this.removeListener("error", duplexOnError);
+      this.destroy();
+      if (this.listenerCount("error") === 0) {
+        this.emit("error", err);
+      }
+    }
+    __name(duplexOnError, "duplexOnError");
+    function createWebSocketStream2(ws, options) {
+      let terminateOnDestroy = true;
+      const duplex = new Duplex2({
+        ...options,
+        autoDestroy: false,
+        emitClose: false,
+        objectMode: false,
+        writableObjectMode: false
+      });
+      ws.on("message", /* @__PURE__ */ __name(function message(msg, isBinary) {
+        const data = !isBinary && duplex._readableState.objectMode ? msg.toString() : msg;
+        if (!duplex.push(data)) ws.pause();
+      }, "message"));
+      ws.once("error", /* @__PURE__ */ __name(function error2(err) {
+        if (duplex.destroyed) return;
+        terminateOnDestroy = false;
+        duplex.destroy(err);
+      }, "error"));
+      ws.once("close", /* @__PURE__ */ __name(function close2() {
+        if (duplex.destroyed) return;
+        duplex.push(null);
+      }, "close"));
+      duplex._destroy = function(err, callback) {
+        if (ws.readyState === ws.CLOSED) {
+          callback(err);
+          process.nextTick(emitClose, duplex);
+          return;
+        }
+        let called = false;
+        ws.once("error", /* @__PURE__ */ __name(function error2(err2) {
+          called = true;
+          callback(err2);
+        }, "error"));
+        ws.once("close", /* @__PURE__ */ __name(function close2() {
+          if (!called) callback(err);
+          process.nextTick(emitClose, duplex);
+        }, "close"));
+        if (terminateOnDestroy) ws.terminate();
+      };
+      duplex._final = function(callback) {
+        if (ws.readyState === ws.CONNECTING) {
+          ws.once("open", /* @__PURE__ */ __name(function open3() {
+            duplex._final(callback);
+          }, "open"));
+          return;
+        }
+        if (ws._socket === null) return;
+        if (ws._socket._writableState.finished) {
+          callback();
+          if (duplex._readableState.endEmitted) duplex.destroy();
+        } else {
+          ws._socket.once("finish", /* @__PURE__ */ __name(function finish() {
+            callback();
+          }, "finish"));
+          ws.close();
+        }
+      };
+      duplex._read = function() {
+        if (ws.isPaused) ws.resume();
+      };
+      duplex._write = function(chunk, encoding, callback) {
+        if (ws.readyState === ws.CONNECTING) {
+          ws.once("open", /* @__PURE__ */ __name(function open3() {
+            duplex._write(chunk, encoding, callback);
+          }, "open"));
+          return;
+        }
+        ws.send(chunk, callback);
+      };
+      duplex.on("end", duplexOnEnd);
+      duplex.on("error", duplexOnError);
+      return duplex;
+    }
+    __name(createWebSocketStream2, "createWebSocketStream");
+    module2.exports = createWebSocketStream2;
+  }
+});
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/subprotocol.js
 var require_subprotocol = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/subprotocol.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/subprotocol.js"(exports, module2) {
     init_import_meta_url();
     var { tokenChars } = require_validation();
     function parse15(header) {
@@ -151550,19 +151547,19 @@ var require_subprotocol = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/websocket-server.js
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/websocket-server.js
 var require_websocket_server = __commonJS({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/lib/websocket-server.js"(exports, module2) {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/lib/websocket-server.js"(exports, module2) {
     init_import_meta_url();
     var EventEmitter5 = __require("events");
     var http6 = __require("http");
     var { Duplex: Duplex2 } = __require("stream");
     var { createHash: createHash9 } = __require("crypto");
-    var extension = require_extension();
-    var PerMessageDeflate = require_permessage_deflate2();
-    var subprotocol = require_subprotocol();
+    var extension2 = require_extension();
+    var PerMessageDeflate2 = require_permessage_deflate2();
+    var subprotocol2 = require_subprotocol();
     var WebSocket2 = require_websocket2();
-    var { GUID, kWebSocket } = require_constants7();
+    var { CLOSE_TIMEOUT, GUID, kWebSocket } = require_constants7();
     var keyRegex = /^[+/0-9A-Za-z]{22}==$/;
     var RUNNING = 0;
     var CLOSING = 1;
@@ -151584,6 +151581,9 @@ var require_websocket_server = __commonJS({
        *     pending connections
        * @param {Boolean} [options.clientTracking=true] Specifies whether or not to
        *     track clients
+       * @param {Number} [options.closeTimeout=30000] Duration in milliseconds to
+       *     wait for the closing handshake to finish after `websocket.close()` is
+       *     called
        * @param {Function} [options.handleProtocols] A hook to handle protocols
        * @param {String} [options.host] The hostname where to bind the server
        * @param {Number} [options.maxPayload=104857600] The maximum allowed message
@@ -151612,6 +151612,7 @@ var require_websocket_server = __commonJS({
           perMessageDeflate: false,
           handleProtocols: null,
           clientTracking: true,
+          closeTimeout: CLOSE_TIMEOUT,
           verifyClient: null,
           noServer: false,
           backlog: null,
@@ -151767,9 +151768,11 @@ var require_websocket_server = __commonJS({
           abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
           return;
         }
-        if (version5 !== 8 && version5 !== 13) {
+        if (version5 !== 13 && version5 !== 8) {
           const message = "Missing or invalid Sec-WebSocket-Version header";
-          abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
+          abortHandshakeOrEmitwsClientError(this, req, socket, 400, message, {
+            "Sec-WebSocket-Version": "13, 8"
+          });
           return;
         }
         if (!this.shouldHandle(req)) {
@@ -151780,7 +151783,7 @@ var require_websocket_server = __commonJS({
         let protocols = /* @__PURE__ */ new Set();
         if (secWebSocketProtocol !== void 0) {
           try {
-            protocols = subprotocol.parse(secWebSocketProtocol);
+            protocols = subprotocol2.parse(secWebSocketProtocol);
           } catch (err) {
             const message = "Invalid Sec-WebSocket-Protocol header";
             abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
@@ -151790,16 +151793,16 @@ var require_websocket_server = __commonJS({
         const secWebSocketExtensions = req.headers["sec-websocket-extensions"];
         const extensions = {};
         if (this.options.perMessageDeflate && secWebSocketExtensions !== void 0) {
-          const perMessageDeflate = new PerMessageDeflate(
-            this.options.perMessageDeflate,
-            true,
-            this.options.maxPayload
-          );
+          const perMessageDeflate = new PerMessageDeflate2({
+            ...this.options.perMessageDeflate,
+            isServer: true,
+            maxPayload: this.options.maxPayload
+          });
           try {
-            const offers = extension.parse(secWebSocketExtensions);
-            if (offers[PerMessageDeflate.extensionName]) {
-              perMessageDeflate.accept(offers[PerMessageDeflate.extensionName]);
-              extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
+            const offers = extension2.parse(secWebSocketExtensions);
+            if (offers[PerMessageDeflate2.extensionName]) {
+              perMessageDeflate.accept(offers[PerMessageDeflate2.extensionName]);
+              extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
             }
           } catch (err) {
             const message = "Invalid or unacceptable Sec-WebSocket-Extensions header";
@@ -151870,10 +151873,10 @@ var require_websocket_server = __commonJS({
             ws._protocol = protocol;
           }
         }
-        if (extensions[PerMessageDeflate.extensionName]) {
-          const params = extensions[PerMessageDeflate.extensionName].params;
-          const value = extension.format({
-            [PerMessageDeflate.extensionName]: [params]
+        if (extensions[PerMessageDeflate2.extensionName]) {
+          const params = extensions[PerMessageDeflate2.extensionName].params;
+          const value = extension2.format({
+            [PerMessageDeflate2.extensionName]: [params]
           });
           headers.push(`Sec-WebSocket-Extensions: ${value}`);
           ws._extensions = extensions;
@@ -151932,27 +151935,30 @@ var require_websocket_server = __commonJS({
       );
     }
     __name(abortHandshake, "abortHandshake");
-    function abortHandshakeOrEmitwsClientError(server, req, socket, code, message) {
+    function abortHandshakeOrEmitwsClientError(server, req, socket, code, message, headers) {
       if (server.listenerCount("wsClientError")) {
         const err = new Error(message);
         Error.captureStackTrace(err, abortHandshakeOrEmitwsClientError);
         server.emit("wsClientError", err, socket, req);
       } else {
-        abortHandshake(socket, code, message);
+        abortHandshake(socket, code, message, headers);
       }
     }
     __name(abortHandshakeOrEmitwsClientError, "abortHandshakeOrEmitwsClientError");
   }
 });
-// ../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/wrapper.mjs
+// ../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/wrapper.mjs
 var import_websocket, wrapper_default;
 var init_wrapper = __esm({
-  "../../node_modules/.pnpm/ws@8.18.0/node_modules/ws/wrapper.mjs"() {
+  "../../node_modules/.pnpm/ws@8.20.1/node_modules/ws/wrapper.mjs"() {
     init_import_meta_url();
     __toESM(require_stream(), 1);
+    __toESM(require_extension(), 1);
+    __toESM(require_permessage_deflate2(), 1);
     __toESM(require_receiver2(), 1);
     __toESM(require_sender2(), 1);
+    __toESM(require_subprotocol(), 1);
     import_websocket = __toESM(require_websocket2(), 1);
     __toESM(require_websocket_server(), 1);
     wrapper_default = import_websocket.default;
@@ -238582,8 +238588,8 @@ var init_hash = __esm({
     hashFile = /* @__PURE__ */ __name((filepath) => {
       const contents = fs27.readFileSync(filepath);
       const base64Contents = contents.toString("base64");
-      const extension = path3.extname(filepath).substring(1);
-      return blake3Wasm.hash(base64Contents + extension).toString("hex").slice(0, 32);
+      const extension2 = path3.extname(filepath).substring(1);
+      return blake3Wasm.hash(base64Contents + extension2).toString("hex").slice(0, 32);
     }, "hashFile");
   }
 });
@@ -243100,6 +243106,23 @@ async function createDraftWorker({
     }
   );
 }
+async function putBulkSecrets(config, accountId, scriptName, environment, content, options = {}) {
+  const isServiceEnv = options?.isServiceEnv;
+  const url4 = isServiceEnv ? `/accounts/${accountId}/workers/services/${scriptName}/environments/${environment}/secrets-bulk` : `/accounts/${accountId}/workers/scripts/${scriptName}/secrets-bulk`;
+  const secretEntries = Object.entries(content);
+  const secrets = {};
+  const toCreate = [];
+  for (const [key, value] of secretEntries) {
+    toCreate.push(key);
+    secrets[key] = { name: key, text: value, type: "secret_text" };
+  }
+  const resp = await fetchResult(config, url4, {
+    method: "PATCH",
+    headers: { "Content-Type": "application/merge-patch+json" },
+    body: JSON.stringify({ secrets })
+  });
+  return [resp, toCreate];
+}
 function validateFileSecrets(content, jsonFilePath) {
   if (content === null || typeof content !== "object") {
     throw new FatalError(
@@ -243162,13 +243185,12 @@ async function parseBulkInputToObject(input) {
   }
   return { content, secretSource, secretFormat };
 }
-var import_dotenv2, import_undici19, VERSION_NOT_DEPLOYED_ERR_CODE, secretNamespace, secretPutCommand, secretDeleteCommand, secretListCommand, secretBulkCommand;
+var import_dotenv2, VERSION_NOT_DEPLOYED_ERR_CODE, secretNamespace, secretPutCommand, secretDeleteCommand, secretListCommand, secretBulkCommand;
 var init_secret = __esm({
   "src/secret/index.ts"() {
     init_import_meta_url();
     init_dist();
     import_dotenv2 = __toESM(require_main());
-    import_undici19 = __toESM(require_undici());
     init_cfetch();
     init_create_command();
     init_create_worker_upload_form();
@@ -243430,6 +243452,7 @@ Otherwise, check that the Worker name is correct and you're logged into the righ
         });
       }
     });
+    __name(putBulkSecrets, "putBulkSecrets");
     secretBulkCommand = createCommand({
       metadata: {
         description: "Upload multiple secrets for a Worker at once",
@@ -243463,7 +243486,7 @@ Otherwise, check that the Worker name is correct and you're logged into the righ
             { telemetryMessage: "secret bulk pages project" }
           );
         }
-        const isServiceEnv = useServiceEnvironments(config) && args.env;
+        const isServiceEnv = useServiceEnvironments(config) && !!args.env;
         const scriptName = getLegacyScriptName(args, config);
         if (!scriptName) {
           const error2 = new UserError(
@@ -243482,27 +243505,21 @@ Otherwise, check that the Worker name is correct and you're logged into the righ
           return logger.error(`\u{1F6A8} No content found in file, or piped input.`);
         }
         const { content, secretSource, secretFormat } = result;
-        function getSettings3() {
-          const url4 = isServiceEnv ? `/accounts/${accountId}/workers/services/${scriptName}/environments/${args.env}/settings` : `/accounts/${accountId}/workers/scripts/${scriptName}/settings`;
-          return fetchResult(config, url4);
-        }
-        __name(getSettings3, "getSettings");
-        function putBindingsSettings(bindings) {
-          const url4 = isServiceEnv ? `/accounts/${accountId}/workers/services/${scriptName}/environments/${args.env}/settings` : `/accounts/${accountId}/workers/scripts/${scriptName}/settings`;
-          const data = new import_undici19.FormData();
-          data.set("settings", JSON.stringify({ bindings }));
-          return fetchResult(config, url4, {
-            method: "PATCH",
-            body: data
-          });
-        }
-        __name(putBindingsSettings, "putBindingsSettings");
-        let existingBindings;
+        let created = [];
         try {
-          const settings = await getSettings3();
-          existingBindings = settings.bindings;
-        } catch (e9) {
-          if (isWorkerNotFoundError(e9)) {
+          try {
+            [, created] = await putBulkSecrets(
+              config,
+              accountId,
+              scriptName,
+              args.env,
+              content,
+              { isServiceEnv }
+            );
+          } catch (e9) {
+            if (!isWorkerNotFoundError(e9)) {
+              throw e9;
+            }
             const draftWorkerResult = await createDraftWorker({
               config,
               args,
@@ -243512,50 +243529,38 @@ Otherwise, check that the Worker name is correct and you're logged into the righ
             if (draftWorkerResult === null) {
               return;
             }
-            existingBindings = [];
-          } else {
-            throw e9;
-          }
-        }
-        const inheritBindings = existingBindings.filter((binding) => {
-          return binding.type !== "secret_text" || content[binding.name] === void 0;
-        }).map((binding) => ({ type: binding.type, name: binding.name }));
-        const upsertBindings = Object.entries(
-          content
-        ).map(([key, value]) => {
-          return {
-            type: "secret_text",
-            name: key,
-            text: value
-          };
-        });
-        try {
-          await putBindingsSettings(inheritBindings.concat(upsertBindings));
-          for (const upsertedBinding of upsertBindings) {
-            logger.log(
-              `\u2728 Successfully created secret for key: ${upsertedBinding.name}`
+            [, created] = await putBulkSecrets(
+              config,
+              accountId,
+              scriptName,
+              args.env,
+              content,
+              { isServiceEnv }
             );
           }
-          logger.log("");
-          logger.log("Finished processing secrets file:");
-          logger.log(`\u2728 ${upsertBindings.length} secrets successfully uploaded`);
-          sendMetricsEvent(
-            "create encrypted variable",
-            {
-              secretOperation: "bulk",
-              secretSource,
-              secretFormat,
-              hasEnvironment: Boolean(args.env)
-            },
-            {
-              sendMetrics: config.send_metrics
-            }
-          );
-        } catch (err) {
+        } catch (e9) {
           logger.log("");
           logger.log(`\u{1F6A8} Secrets failed to upload`);
-          throw err;
+          throw e9;
+        }
+        for (const key of created) {
+          logger.log(`\u2728 Successfully created secret for key: ${key}`);
         }
+        logger.log("");
+        logger.log("Finished processing secrets file:");
+        logger.log(`\u2728 ${created.length} secrets successfully uploaded`);
+        sendMetricsEvent(
+          "create encrypted variable",
+          {
+            secretOperation: "bulk",
+            secretSource,
+            secretFormat,
+            hasEnvironment: Boolean(args.env)
+          },
+          {
+            sendMetrics: config.send_metrics
+          }
+        );
       }
     });
     __name(validateFileSecrets, "validateFileSecrets");
@@ -266736,7 +266741,7 @@ var init_runtimeExtensions = __esm({
         ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)),
         ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig))
       };
-      extensions.forEach((extension) => extension.configure(extensionConfiguration));
+      extensions.forEach((extension2) => extension2.configure(extensionConfiguration));
       return {
         ...runtimeConfig,
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
@@ -268330,7 +268335,7 @@ var init_runtimeExtensions2 = __esm({
         ...asPartial2(getHttpHandlerExtensionConfiguration(runtimeConfig)),
         ...asPartial2(getHttpAuthExtensionConfiguration2(runtimeConfig))
       };
-      extensions.forEach((extension) => extension.configure(extensionConfiguration));
+      extensions.forEach((extension2) => extension2.configure(extensionConfiguration));
       return {
         ...runtimeConfig,
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
@@ -269609,7 +269614,7 @@ var init_runtimeExtensions3 = __esm({
         ...asPartial3(getHttpHandlerExtensionConfiguration(runtimeConfig)),
         ...asPartial3(getHttpAuthExtensionConfiguration3(runtimeConfig))
       };
-      extensions.forEach((extension) => extension.configure(extensionConfiguration));
+      extensions.forEach((extension2) => extension2.configure(extensionConfiguration));
       return {
         ...runtimeConfig,
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
@@ -272784,7 +272789,7 @@ var init_runtimeExtensions4 = __esm({
         ...asPartial4(getHttpHandlerExtensionConfiguration(runtimeConfig)),
         ...asPartial4(getHttpAuthExtensionConfiguration4(runtimeConfig))
       };
-      extensions.forEach((extension) => extension.configure(extensionConfiguration));
+      extensions.forEach((extension2) => extension2.configure(extensionConfiguration));
       return {
         ...runtimeConfig,
         ...resolveAwsRegionExtensionConfiguration(extensionConfiguration),
@@ -277999,7 +278004,8 @@ var init_defaults = __esm({
       },
       rolling_policy: {
         file_size_bytes: void 0,
-        interval_seconds: 300
+        interval_seconds: 300,
+        min_interval_seconds: 60
       },
       r2: {
         path: "",
@@ -278124,7 +278130,8 @@ async function promptCompression() {
     fallbackOption: 3
   });
 }
-async function promptRollingPolicy() {
+async function promptRollingPolicy(options) {
+  const minInterval = options?.minIntervalSeconds ?? 10;
   const fileSizeMB = await promptWithRetry(
     () => "File size",
     () => prompt("Roll file when size reaches (MB, minimum 5):", {
@@ -278141,13 +278148,13 @@ async function promptRollingPolicy() {
   );
   const intervalSeconds = await promptWithRetry(
     () => "Interval",
-    () => prompt("Roll file when time reaches (seconds, minimum 10):", {
+    () => prompt(`Roll file when time reaches (seconds, minimum ${minInterval}):`, {
       defaultValue: String(SINK_DEFAULTS.rolling_policy.interval_seconds)
     }),
     (value) => {
       const num = parseInt(value, 10);
-      if (isNaN(num) || num < 10) {
-        throw new UserError("Interval must be a number >= 10", {
+      if (isNaN(num) || num < minInterval) {
+        throw new UserError(`Interval must be a number >= ${minInterval}`, {
           telemetryMessage: "pipelines setup invalid interval"
         });
       }
@@ -278724,7 +278731,9 @@ async function setupDataCatalogSink(config, accountId, setupConfig) {
   displayCatalogTokenInstructions(accountId);
   const token = await promptCatalogToken(config, accountId, bucket);
   const compression = await promptCompression();
-  const rollingPolicy = await promptRollingPolicy();
+  const rollingPolicy = await promptRollingPolicy({
+    minIntervalSeconds: SINK_DEFAULTS.rolling_policy.min_interval_seconds
+  });
   setupConfig.sinkConfig = {
     name: setupConfig.sinkName,
     type: "r2_data_catalog",
@@ -279299,6 +279308,14 @@ var init_create11 = __esm({
               { telemetryMessage: "pipelines sinks create invalid format" }
             );
           }
+          if (args.rollInterval !== void 0 && args.rollInterval < SINK_DEFAULTS.rolling_policy.min_interval_seconds) {
+            throw new CommandLineArgsError(
+              `Pipeline frequency must be at least ${SINK_DEFAULTS.rolling_policy.min_interval_seconds} seconds for R2 Data Catalog sinks to prevent compaction issues. Current value: ${args.rollInterval} seconds.`,
+              {
+                telemetryMessage: "pipelines r2 data catalog interval below minimum threshold"
+              }
+            );
+          }
         }
       }, "validateArgs"),
       async handler(args, { config }) {
@@ -290315,14 +290332,14 @@ function formatSqlResults(data, duration) {
     logger.log(`On average, ${prettyBytes(bytesPerSecond)} / s`);
   }
 }
-var import_undici20, r2SqlNamespace, r2SqlQueryCommand;
+var import_undici19, r2SqlNamespace, r2SqlQueryCommand;
 var init_sql = __esm({
   "src/r2/sql.ts"() {
     init_import_meta_url();
     init_interactive();
     init_dist();
     init_pretty_bytes();
-    import_undici20 = __toESM(require_undici());
+    import_undici19 = __toESM(require_undici());
     init_internal();
     init_create_command();
     init_logger();
@@ -290388,7 +290405,7 @@ var init_sql = __esm({
         let duration = null;
         try {
           const start = Date.now();
-          const response = await (0, import_undici20.fetch)(apiUrl, {
+          const response = await (0, import_undici19.fetch)(apiUrl, {
             method: "POST",
             headers: {
               Authorization: `Bearer ${token}`,
@@ -290604,6 +290621,12 @@ function getHostFromRoute(route) {
   }
   return host;
 }
+function getZoneFromRoute(route) {
+  if (typeof route === "object" && "zone_name" in route && route.zone_name) {
+    return route.zone_name;
+  }
+  return getHostFromRoute(route);
+}
 async function getZoneForRoute(complianceConfig, from, zoneIdCache = /* @__PURE__ */ new Map()) {
   const { route, accountId } = from;
   const host = getHostFromRoute(route);
@@ -290773,6 +290796,7 @@ var init_zones3 = __esm({
     init_cfetch();
     init_retry();
     __name(getHostFromRoute, "getHostFromRoute");
+    __name(getZoneFromRoute, "getZoneFromRoute");
     __name(getZoneForRoute, "getZoneForRoute");
     __name(getHostFromUrl, "getHostFromUrl");
     __name(getZoneIdForPreview, "getZoneIdForPreview");
@@ -296994,12 +297018,12 @@ var init_info5 = __esm({
     });
   }
 });
-var import_undici21, vectorizeInsertCommand;
+var import_undici20, vectorizeInsertCommand;
 var init_insert = __esm({
   "src/vectorize/insert.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici21 = __toESM(require_undici());
+    import_undici20 = __toESM(require_undici());
     init_create_command();
     init_logger();
     init_client14();
@@ -297062,7 +297086,7 @@ var init_insert = __esm({
         }
         let vectorInsertCount = 0;
         for await (const batch of getBatchFromFile(rl, args.batchSize)) {
-          const formData = new import_undici21.FormData();
+          const formData = new import_undici20.FormData();
           formData.append(
             "vectors",
             new File([batch.join(`
@@ -297523,12 +297547,12 @@ var init_query = __esm({
     __name(validateQueryFilter, "validateQueryFilter");
   }
 });
-var import_undici22, vectorizeUpsertCommand;
+var import_undici21, vectorizeUpsertCommand;
 var init_upsert = __esm({
   "src/vectorize/upsert.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici22 = __toESM(require_undici());
+    import_undici21 = __toESM(require_undici());
     init_create_command();
     init_logger();
     init_client14();
@@ -297581,7 +297605,7 @@ var init_upsert = __esm({
         }
         let vectorUpsertCount = 0;
         for await (const batch of getBatchFromFile(rl, args.batchSize)) {
-          const formData = new import_undici22.FormData();
+          const formData = new import_undici21.FormData();
           formData.append(
             "vectors",
             new File([batch.join(`
@@ -300008,7 +300032,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
     }
     if (props.outFile) {
       fs27.mkdirSync(path3__namespace.default.dirname(props.outFile), { recursive: true });
-      const serializedFormData = await new import_undici23.Response(workerBundle).arrayBuffer();
+      const serializedFormData = await new import_undici22.Response(workerBundle).arrayBuffer();
       fs27.writeFileSync(props.outFile, Buffer.from(serializedFormData));
     }
   } finally {
@@ -300112,13 +300136,13 @@ function generatePreviewAlias(scriptName) {
   );
   return truncatedAlias || warnAndExit();
 }
-var import_undici23, versionsUploadCommand, MAX_DNS_LABEL_LENGTH, HASH_LENGTH, ALIAS_VALIDATION_REGEX;
+var import_undici22, versionsUploadCommand, MAX_DNS_LABEL_LENGTH, HASH_LENGTH, ALIAS_VALIDATION_REGEX;
 var init_upload5 = __esm({
   "src/versions/upload.ts"() {
     init_import_meta_url();
     init_colors();
     init_dist();
-    import_undici23 = __toESM(require_undici());
+    import_undici22 = __toESM(require_undici());
     init_assets5();
     init_cfetch();
     init_create_command();
@@ -301078,7 +301102,7 @@ async function fetchLocalResult(port, path82, init4) {
   const url4 = `http://localhost:${port}${LOCAL_EXPLORER_BASE_PATH}${path82}`;
   let response;
   try {
-    response = await (0, import_undici24.fetch)(url4, {
+    response = await (0, import_undici23.fetch)(url4, {
       method: init4?.method ?? "GET",
       headers: init4?.headers,
       body: init4?.body
@@ -301135,12 +301159,12 @@ async function updateLocalInstanceStatus(port, workflowName, instanceId, action)
     }
   );
 }
-var import_undici24, LOCAL_EXPLORER_BASE_PATH, DEFAULT_LOCAL_PORT2, localWorkflowArgs;
+var import_undici23, LOCAL_EXPLORER_BASE_PATH, DEFAULT_LOCAL_PORT2, localWorkflowArgs;
 var init_local = __esm({
   "src/workflows/local.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici24 = __toESM(require_undici());
+    import_undici23 = __toESM(require_undici());
     init_logger();
     LOCAL_EXPLORER_BASE_PATH = "/cdn-cgi/explorer/api";
     DEFAULT_LOCAL_PORT2 = 8787;
@@ -306797,14 +306821,14 @@ function dispatchGenericCommandErrorEvent(dispatcher, startTime, error2) {
     ...sanitizeError(error2)
   });
 }
-var import_undici25;
+var import_undici24;
 var init_src2 = __esm({
   "src/index.ts"() {
     init_import_meta_url();
     init_dist7();
     init_dist();
     init_source();
-    import_undici25 = __toESM(require_undici());
+    import_undici24 = __toESM(require_undici());
     init_yargs();
     init_package();
     init_ai3();
@@ -307035,8 +307059,8 @@ var init_src2 = __esm({
     init_trigger();
     init_wrangler_banner();
     if (proxy) {
-      (0, import_undici25.setGlobalDispatcher)(
-        new import_undici25.EnvHttpProxyAgent({ noProxy: noProxy || "localhost,127.0.0.1,::1" })
+      (0, import_undici24.setGlobalDispatcher)(
+        new import_undici24.EnvHttpProxyAgent({ noProxy: noProxy || "localhost,127.0.0.1,::1" })
       );
       logger.warn(
         `Proxy environment variables detected. We'll use your proxy for fetch requests.`
@@ -308828,7 +308852,7 @@ See https://developers.cloudflare.com/workers/platform/compatibility-dates for m
     }
     if (props.outFile) {
       fs27.mkdirSync(path3__namespace.default.dirname(props.outFile), { recursive: true });
-      const serializedFormData = await new import_undici26.Response(workerBundle).arrayBuffer();
+      const serializedFormData = await new import_undici25.Response(workerBundle).arrayBuffer();
       fs27.writeFileSync(props.outFile, Buffer.from(serializedFormData));
     }
   } finally {
@@ -309062,7 +309086,7 @@ function getDeployConfirmFunction(strictMode = false) {
   }
   return confirm;
 }
-var import_undici26, validateRoutes3;
+var import_undici25, validateRoutes3;
 var init_deploy7 = __esm({
   "src/deploy/deploy.ts"() {
     init_import_meta_url();
@@ -309070,7 +309094,7 @@ var init_deploy7 = __esm({
     init_containers_shared();
     init_dist();
     init_dist9();
-    import_undici26 = __toESM(require_undici());
+    import_undici25 = __toESM(require_undici());
     init_assets5();
     init_cfetch();
     init_build3();
@@ -309333,7 +309357,7 @@ function errorOnLegacyPagesWorkerJSAsset(file3, hasAssetsIgnoreFile) {
     }
   }
 }
-var import_undici27, BULK_UPLOAD_CONCURRENCY2, MAX_UPLOAD_ATTEMPTS2, MAX_UPLOAD_GATEWAY_ERRORS2, MAX_DIFF_LINES2, syncAssets, buildAssetManifest, NonExistentAssetsDirError, NonDirectoryAssetsDirError, WORKER_JS_FILENAME;
+var import_undici26, BULK_UPLOAD_CONCURRENCY2, MAX_UPLOAD_ATTEMPTS2, MAX_UPLOAD_GATEWAY_ERRORS2, MAX_DIFF_LINES2, syncAssets, buildAssetManifest, NonExistentAssetsDirError, NonDirectoryAssetsDirError, WORKER_JS_FILENAME;
 var init_assets5 = __esm({
   "src/assets.ts"() {
     init_import_meta_url();
@@ -309344,7 +309368,7 @@ var init_assets5 = __esm({
     init_source();
     init_dist9();
     init_pretty_bytes();
-    import_undici27 = __toESM(require_undici());
+    import_undici26 = __toESM(require_undici());
     init_cfetch();
     init_deploy7();
     init_logger();
@@ -309419,7 +309443,7 @@ var init_assets5 = __esm({
         attempts = 0;
         let gatewayErrors = 0;
         const doUpload = /* @__PURE__ */ __name(async () => {
-          const payload = new import_undici27.FormData();
+          const payload = new import_undici26.FormData();
           const uploadedFiles = [];
           for (const manifestEntry of bucket) {
             const absFilePath = path3__namespace.join(assetDirectory, manifestEntry[0]);
@@ -309461,8 +309485,13 @@ var init_assets5 = __esm({
             return res;
           } catch (e9) {
             if (attempts < MAX_UPLOAD_ATTEMPTS2) {
-              logger.info(source_default.dim(`Asset upload failed. Retrying...
-`, e9));
+              logger.info(
+                source_default.dim(
+                  `Asset upload failed. Retrying... ${attempts + 1} of ${MAX_UPLOAD_ATTEMPTS2} attempts.
+`
+                )
+              );
+              logger.debug(e9);
               await new Promise(
                 (resolvePromise) => setTimeout(resolvePromise, Math.pow(2, attempts) * 1e3)
               );
@@ -312042,7 +312071,7 @@ async function tryExpandToken(exchangeUrl, ctx, abortSignal) {
       ` GET ${switchedExchangeUrl.href}`
     );
     logger.debug("-- END EXCHANGE API REQUEST");
-    const exchangeResponse = await (0, import_undici28.fetch)(switchedExchangeUrl, {
+    const exchangeResponse = await (0, import_undici27.fetch)(switchedExchangeUrl, {
       signal: abortSignal,
       headers
     });
@@ -312166,12 +312195,12 @@ async function createWorkerPreview(complianceConfig, init4, account, ctx, sessio
   );
   return token;
 }
-var import_undici28, PREVIEW_API_TIMEOUT_MS;
+var import_undici27, PREVIEW_API_TIMEOUT_MS;
 var init_create_worker_preview = __esm({
   "src/dev/create-worker-preview.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici28 = __toESM(require_undici());
+    import_undici27 = __toESM(require_undici());
     init_cfetch();
     init_create_worker_upload_form();
     init_logger();
@@ -313312,6 +313341,15 @@ function getUserWorkerInnerUrlOverrides(config) {
     };
   }
 }
+function getZoneForCfWorkerHeader(config) {
+  const firstRouteTrigger = config.triggers?.find(
+    (t12) => t12.type === "route"
+  );
+  if (firstRouteTrigger && "zone_name" in firstRouteTrigger && firstRouteTrigger.zone_name) {
+    return firstRouteTrigger.zone_name;
+  }
+  return config.dev?.origin?.hostname;
+}
 async function convertToConfigBundle(event) {
   const bindings = { ...event.config.bindings };
   const crons = [];
@@ -313403,8 +313441,7 @@ async function convertToConfigBundle(event) {
     containerBuildId: event.config.dev?.containerBuildId,
     containerEngine: event.config.dev.containerEngine,
     enableContainers: event.config.dev.enableContainers ?? true,
-    // Zone for CF-Worker header - extracted from routes/host configuration
-    zone: event.config.dev?.origin?.hostname,
+    zone: getZoneForCfWorkerHeader(event.config),
     sendMetrics: event.config.sendMetrics,
     publicUrl: event.config.dev?.server?.port ? miniflare.buildPublicUrl({
       hostname: event.config.dev.server.hostname,
@@ -313455,6 +313492,7 @@ var init_LocalRuntimeController = __esm({
     __name(getTextFileContents, "getTextFileContents");
     __name(getName3, "getName");
     __name(getUserWorkerInnerUrlOverrides, "getUserWorkerInnerUrlOverrides");
+    __name(getZoneForCfWorkerHeader, "getZoneForCfWorkerHeader");
     __name(convertToConfigBundle, "convertToConfigBundle");
     LocalRuntimeController = class extends RuntimeController {
       static {
@@ -316016,7 +316054,18 @@ async function generateHandler({
             (async () => {
               try {
                 const links = [];
-                const transformedResponse = new HTMLRewriter().on(
+                let baseHref;
+                const transformedResponse = new HTMLRewriter().on("base[href]", {
+                  element(element) {
+                    if (baseHref !== void 0) {
+                      return;
+                    }
+                    const href = element.getAttribute("href");
+                    if (href !== null) {
+                      baseHref = href;
+                    }
+                  }
+                }).on(
                   "link[rel~=preconnect],link[rel~=preload],link[rel~=modulepreload]",
                   {
                     element(element) {
@@ -316038,7 +316087,17 @@ async function generateHandler({
                 ).transform(clonedResponse);
                 await transformedResponse.text();
                 links.forEach(({ href, rel, as: as2 }) => {
-                  let link = `<${href}>; rel="${rel}"`;
+                  let resolvedHref = href;
+                  if (baseHref !== void 0) {
+                    try {
+                      resolvedHref = new URL(
+                        href,
+                        new URL(baseHref, request4.url)
+                      ).href;
+                    } catch {
+                    }
+                  }
+                  let link = `<${resolvedHref}>; rel="${rel}"`;
                   if (as2) {
                     link += `; as=${as2}`;
                   }
@@ -316534,7 +316593,7 @@ async function generateAssetsFetch(directory, log2, signal) {
     return await generateResponse(request4);
   };
 }
-var import_mime3, import_undici29, ProxyDispatcher, invalidAssetsFetch;
+var import_mime3, import_undici28, ProxyDispatcher, invalidAssetsFetch;
 var init_assets6 = __esm({
   "src/miniflare-cli/assets.ts"() {
     init_import_meta_url();
@@ -316542,11 +316601,11 @@ var init_assets6 = __esm({
     init_workers_shared();
     init_esm6();
     import_mime3 = __toESM(require_mime());
-    import_undici29 = __toESM(require_undici());
+    import_undici28 = __toESM(require_undici());
     init_logger();
     init_hash();
     __name(generateASSETSBinding, "generateASSETSBinding");
-    ProxyDispatcher = class _ProxyDispatcher extends import_undici29.Dispatcher {
+    ProxyDispatcher = class _ProxyDispatcher extends import_undici28.Dispatcher {
       constructor(host) {
         super();
         this.host = host;
@@ -316554,7 +316613,7 @@ var init_assets6 = __esm({
       static {
         __name(this, "ProxyDispatcher");
       }
-      dispatcher = (0, import_undici29.getGlobalDispatcher)();
+      dispatcher = (0, import_undici28.getGlobalDispatcher)();
       dispatch(options, handler) {
         if (this.host !== null) {
           _ProxyDispatcher.reinstateHostHeader(options.headers, this.host);
@@ -317016,7 +317075,7 @@ unstable_dev()'s behaviour will likely change in future releases`
       devServer.unregisterHotKeys?.();
     }, "stop"),
     fetch: /* @__PURE__ */ __name(async (input, init4) => {
-      return await (0, import_undici30.fetch)(
+      return await (0, import_undici29.fetch)(
         ...parseRequestInput(address, port, input, init4, options?.localProtocol)
       );
     }, "fetch"),
@@ -317029,7 +317088,7 @@ function parseRequestInput(readyAddress, readyPort, input = "/", init4, protocol
   if (typeof input === "string") {
     input = new URL(input, "http://placeholder");
   }
-  const forward = new import_undici30.Request(input, init4);
+  const forward = new import_undici29.Request(input, init4);
   const url4 = new URL(forward.url);
   forward.headers.set("MF-Original-URL", url4.toString());
   forward.headers.set("MF-Disable-Pretty-Error", "true");
@@ -317041,12 +317100,12 @@ function parseRequestInput(readyAddress, readyPort, input = "/", init4, protocol
   }
   return [url4, forward];
 }
-var import_undici30;
+var import_undici29;
 var init_dev4 = __esm({
   "src/api/dev.ts"() {
     init_import_meta_url();
     init_dist();
-    import_undici30 = __toESM(require_undici());
+    import_undici29 = __toESM(require_undici());
     init_start_dev();
     init_experimental_flags();
     init_logger();
@@ -317162,6 +317221,13 @@ var init_executionContext = __esm({
 function unstable_getDevCompatibilityDate() {
   return getTodaysCompatDate();
 }
+function getZoneFromConfig(config) {
+  const firstRoute = config.route ?? config.routes?.[0];
+  if (firstRoute) {
+    return getZoneFromRoute(firstRoute);
+  }
+  return void 0;
+}
 async function getPlatformProxy(options = {}) {
   const env6 = options.environment;
   const config = readConfig({
@@ -317265,6 +317331,7 @@ async function getMiniflareOptionsFromConfig(args) {
         script: "",
         modules: true,
         name: config.name,
+        zone: getZoneFromConfig(config),
         ...bindingOptions,
         ...assetOptions
       },
@@ -317348,6 +317415,7 @@ function unstable_getMiniflareWorkerOptions(configOrConfigPath, env6, options) {
     compatibilityFlags: config.compatibility_flags,
     modulesRules,
     containerEngine: useContainers ? config.dev.container_engine ?? resolveDockerHost(getDockerPath()) : void 0,
+    zone: getZoneFromConfig(config),
     ...bindingOptions,
     ...sitesOptions,
     ...assetOptions
@@ -317374,6 +317442,7 @@ var init_platform = __esm({
     init_logger();
     init_sites2();
     init_dedent();
+    init_zones3();
     init_remoteBindings();
     init_utils2();
     init_caches();
@@ -317381,6 +317450,7 @@ var init_platform = __esm({
     init_dev_vars();
     init_details2();
     __name(unstable_getDevCompatibilityDate, "unstable_getDevCompatibilityDate");
+    __name(getZoneFromConfig, "getZoneFromConfig");
     __name(getPlatformProxy, "getPlatformProxy");
     __name(getMiniflareOptionsFromConfig, "getMiniflareOptionsFromConfig");
     __name(getMiniflarePersistRoot, "getMiniflarePersistRoot");