Minor Changes
-
#14474
aa5d580Thanks @WillTaylorDev! - Add cache options for WorkerEntrypoint exportsYou can now set cache options on
WorkerEntrypointexports and configure cross-version cache behavior globally:Wrangler sends the
exportsconfig to the deploy and version upload APIs alongside the globalcache.enabledandcache.cross_version_cachesettings. The platform resolves those global settings plus cache overrides on exports and validates which entrypoint names are cacheable. -
#14382
fd92d56Thanks @petebacondarwin! - Add support for declarative Durable Object exportswrangler deploynow accepts anexportsmap inwrangler.jsonas a declarative alternative to the legacymigrationsarray.Each entry in
exportsis keyed by Durable Object class name.typecarries the export kind (currently always"durable-object"); thestatefield carries the lifecycle and defaults to"created"(live) when omitted:{ "exports": { // Provision a new Durable Object class (`MyDO`) "MyDO": { "type": "durable-object", "storage": "sqlite" }, // Delete Durable Object class (`OldGone`) "OldGone": { "type": "durable-object", "state": "deleted" }, // Rename a Durable Object class (from `OldName` to `NewName`) "OldName": { "type": "durable-object", "state": "renamed", "renamed_to": "NewName" }, "NewName": { "type": "durable-object", "storage": "sqlite" }, // Transfer a Durable Object (`Outgoing`) to a new Worker (`target-worker`) "Outgoing": { "type": "durable-object", "state": "transferred", "transferred_to": "target-worker" }, // Prepare to receive the transfer of a Durable Object (`Incoming`) from another Worker (`source-worker`) "Incoming": { "type": "durable-object", "state": "expecting-transfer", "storage": "sqlite", "transfer_from": "source-worker" } } }When a Worker declares Durable Object class bindings but no lifecycle for them (neither a
migrationsarray nor anexportsmap), wrangler warns and now suggests a declarativeexportsentry for each class (previously it suggested a legacymigrationsblock).The deployment response now surfaces the server's reconciliation result — created namespaces, applied tombstones, structured per-scenario info entries, and a
removable_entrieshint for stale tombstones that are safe to delete from the config. Blocking errors return the structured per-class detail with scenario tags, suggested remediation, and any referencing-script context.wrangler versions uploadalso forwardsexports. Declarativeexportslifecycle changes are reconciled when the version is deployed (wrangler versions deployorwrangler deploy), so aversions uploadpayload can declare new classes inexportswithout immediately provisioning them. An actor binding (durable_objects.bindings) to a class declared only inexportson the sameversions uploadis rejected with a clear error (code 100406) — the binding cannot be resolved until the namespace is provisioned. Either stage the new class viactx.exports.X(no binding required) onversions uploadand add the binding at deploy time, or usewrangler deployto provision and bind in one step (the same constraint applies to themigrationsflow).Multi-version deploys (
wrangler versions deploy A@50% B@50%) where the selected versions disagree on declarativeexportsare rejected server-side with a clear message: deploy the version that changesexportsat 100% first, then run the percentage-split deploy. This prevents traffic on one branch routing to code that references unprovisioned or just-deleted DO namespaces. Single-version (100%) deploys are unaffected.Local development (
wrangler dev,vite devandunstable_startWorker) reads Durable Object SQLite storage settings from the newexportsfield, so applications using the declarative flow get correct local-dev storage without needing to also declare amigrationsblock.@cloudflare/vitest-pool-workersalso picks up Durable Object configuration fromexports, so tests against anexports-only Worker run with the correct local SQLite storage and can reach unbound Durable Object classes viactx.exports.X.wrangler typesis also aware ofexports. Live entries (includingexpecting-transfer, the receiving side of a two-phase transfer) are added toCloudflare.GlobalProps.durableNamespaces, which typesctx.exports.Xfor unbound Durable Objects declared only viaexports. -
#14423
be3f792Thanks @akshitsinha! - Addwrangler flagshipcommands for managing Flagship apps and feature flags.The new
wrangler flagship appsandwrangler flagship flagscommand groups let you create, list, get, inspect, update, set, split, rollout, enable, disable, evaluate, and delete Flagship apps and flags from the CLI, including targeting rules, variations, percentage rollouts, evaluation context, and flag changelogs. -
#14156
e1532ebThanks @petebacondarwin! - Add opt-in OS keychain storage for OAuth credentialsBy default
wranglerstores your OAuth tokens in a plaintext file, and that is unchanged. You can now opt in to encrypting them at rest instead:wrangler login --use-keyringwrites the tokens to an AES-256-GCM-encrypted file whose key is held in your OS keyring (macOS Keychain, libsecret on Linux, or Windows Credential Manager). Existing plaintext credentials are migrated automatically on first use.Toggle it with any of:
wrangler login --use-keyring/--no-use-keyringwrangler auth keyring enable/disable(orwrangler auth keyringto print the current setting) — useful if you only use named profiles and never run the globalwrangler loginCLOUDFLARE_AUTH_USE_KEYRING=true|falseto override the saved preference for a single command
Opting out deletes the encrypted credentials rather than decrypting them back to disk, so you re-authenticate afterwards. The preference applies to every auth profile, and each named profile gets its own encrypted file and key.
Per-platform requirements: macOS uses the built-in
securitytool (nothing to install); Linux usessecret-toolfromlibsecret-tools(wrangler prints an install hint if it is missing); Windows lazily installs@napi-rs/keyring(~1.9 MB) on first opt-in, and errors with instructions in non-interactive/CI contexts.CLOUDFLARE_API_TOKENandCLOUDFLARE_API_KEY/CLOUDFLARE_EMAILcontinue to take priority over any stored OAuth credentials.
Patch Changes
-
#14502
6b0ce98Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"The following dependency versions have been updated:
Dependency From To workerd 1.20260630.1 1.20260701.1 -
#14306
bfe48dbThanks @matingathani! - Remove deprecated--experimental-vm-modulesflag and prevent silent exit on unexpected errorswranglerwas silently exiting with code 1 on Node.js v26 with no error message shown. This release fixes two independent issues that caused this behaviour:-
A stale Node.js flag that caused unexpected behaviour on Node.js v26 has been removed.
-
If an error occurs in a situation where the normal error reporting path itself fails,
wranglernow always prints the original error to stderr so the cause is visible rather than silently disappearing.
-
-
#14481
0277bfaThanks @dario-piotrowicz! - Improve error message when deploying to a non-existent Pages project in non-interactive modePreviously, running
wrangler pages deploywith a--project-namethat doesn't exist in a non-interactive context (e.g. CI, piped input) would fail with a generic "project not found" or "This command cannot be run in a non-interactive context" error. Now it provides a specific error message explaining that the project doesn't exist and suggests how to create it. The error also suggests usingwrangler deployto deploy a Worker instead. -
#14305
98793d8Thanks @jbwcloudflare! - Improve asset upload performance with single-file uploadsAsset uploads now use a more efficient per-file upload path when the platform enables it. This is rolled out server-side and requires no configuration changes. Existing upload behavior is unchanged when the new path is not enabled.
-
Updated dependencies [
6b0ce98]:- miniflare@4.20260701.0