Replace HTTP dev-registry proxy with native workerd debug port RPC#12600
Open
Replace HTTP dev-registry proxy with native workerd debug port RPC#12600
Conversation
🦋 Changeset detectedLatest commit: 811a12b The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
penalosa
force-pushed
the
penalosa/native-registry
branch
2 times, most recently
from
b2f8d24 to
5fb825a
Compare
create-cloudflare
@cloudflare/kv-asset-handler
miniflare
@cloudflare/pages-shared
@cloudflare/unenv-preset
@cloudflare/vite-plugin
@cloudflare/vitest-pool-workers
@cloudflare/workers-editor-shared
wrangler
commit: |
penalosa
force-pushed
the
penalosa/native-registry
branch
from
d3a87ad to
4c37d41
Compare
penalosa
force-pushed
the
penalosa/native-registry
branch
2 times, most recently
from
66bfe5c to
0f5c3fd
Compare
Contributor
|
Claude encountered an error —— View job I'll analyze this and get back to you. |
penalosa
commented
Feb 23, 2026
packages/miniflare/src/workers/core/dev-registry-proxy-shared.worker.ts
Outdated
Show resolved
Hide resolved
packages/miniflare/src/workers/core/dev-registry-proxy.worker.ts
Outdated
Show resolved
Hide resolved
packages/miniflare/src/workers/core/dev-registry-proxy.worker.ts
Outdated
Show resolved
Hide resolved
penalosa
commented
Feb 27, 2026
| name: `${RPC_PROXY_SERVICE_NAME}:${id}`, | ||
| worker: { | ||
| compatibilityDate: "2024-08-01", | ||
| compatibilityFlags: ["service_binding_extra_handlers"], |
Contributor
Author
There was a problem hiding this comment.
Is this definitely still needed?
packages/miniflare/src/workers/core/dev-registry-proxy-shared.worker.ts
Outdated
Show resolved
Hide resolved
Replace HTTP-based dev registry proxy with native workerd debug port: - Use WorkerdDebugPort binding for direct Cap'n Proto RPC to remote workers - Service bindings and DOs now route through debug port instead of HTTP proxy - Support RPC method calls, fetch, and tail handlers through debug port - Add HTTP fallback for WebSocket upgrades (debug port RPC doesn't support them) - Remove old dev-registry.worker.ts HTTP proxy implementation - Simplify external-service.ts by removing HTTP proxy infrastructure All 17 dev-registry tests pass including WebSocket upgrades.
The vite dev <-> vite dev tail handler test was missing the waitForTimeout parameter on one of its waitFor calls, causing it to use the default (shorter) timeout which could flake in CI.
…port RPC Remove the HTTP fallback, eager body buffering, _client GC hack, and WebSocket special-casing from the dev-registry proxy workers. These workarounds existed because the workerd debug port would close connections prematurely when the initial subrequest completed. With the refcounted DebugPortConnectionState fix in workerd (cloudflare/workerd#6100), connections now survive as long as any response body or WebSocket is in use. Key changes: - Replace hasAssets/entryAddress with defaultEntrypointService and userWorkerService fields in WorkerDefinition/RegistryEntry - Route DOs and named entrypoints through userWorkerService (bypassing assets/vite proxy layer) instead of hardcoding core:user: prefix - Validate required registry fields in resolveTarget() to handle stale entries - Inline and delete getWorkerdServiceName() helper - Remove dead entryAddress field and fetchViaHttp code path - Remove DO WebSocket 501 error and DO body buffering workarounds
…uting Vite workers with assets were incorrectly routing through assets:rpc-proxy in the dev registry, but in vite dev mode assets are served by the vite proxy worker, not workerd's asset pipeline. This caused cross-service fetch to vite workers with assets to fail (timeout). Add unsafeOverrideDefaultEntrypoint to miniflare's core options schema so the vite plugin can explicitly specify which workerd service handles the default entrypoint. This replaces the brittle inference from unsafeDirectSockets[].serviceName.
…nd tests After the debug port RPC refactor, unsafeDirectSockets in the user worker config, vite plugin, and dev-registry tests no longer serve a functional purpose — nobody reads the socket URLs. The only remaining use is in wrangler's ProxyController for InspectorProxyWorker (not touched here).
… cross-worker dev registry
The Reflect.has check already handles keys that exist on the target. For keys not on the target, the runtime doesn't probe handler properties through the proxy get trap in a way that requires suppression — confirmed by tests passing without it.
…ndings instead Instead of mutating workerOpts with symbol-tagged designators before plugin processing (requiring every consumer to special-case them), we now let the plugin system process all bindings normally, then rewrite external service bindings and tails to point at the dev registry proxy afterward. This follows the same post-processing pattern already used for assets at line 1673. Removes kResolvedServiceDesignator, ResolvedServiceDesignator, the zod validator, and checks in getCustomServiceDesignator, maybeGetCustomServiceService, and normaliseServiceDesignator.
The proxy's get trap now returns values that are both callable (for env.SERVICE.method()) and thenable (for await env.SERVICE.property), matching workerd's JsRpcProperty behavior. Without the .then property, awaiting a proxy-intercepted property would resolve to the function itself rather than triggering remote resolution.
Debug port RPC fetchers don't support lifecycle event dispatch (fetcher.scheduled()), so scheduled events need special handling: - ExternalServiceProxy: forward scheduled via HTTP to the entry worker's /cdn-cgi/handler/scheduled endpoint, which dispatches internally - RPCProxyWorker (assets proxy): forward scheduled to USER_WORKER via Fetcher.scheduled() - Add service_binding_extra_handlers compat flag to assets proxy service config so Fetcher.scheduled() is available on the USER_WORKER binding
Refactors the to be more generic, efficient, and readable. - Introduces a private method that handles resolving and connecting to the remote service. - Caches the remote fetcher promise for 1s to avoid re-connecting on every single RPC call or property access. - Simplifies the Proxy trap by using the new helper, removing duplicated code and making the logic much clearer.
…, thenable DO RPC
…N, fix stale cache clear
penalosa
commented
Mar 4, 2026
Contributor
|
Codeowners approval required for this PR:
Show detailed file reviewers
|
Contributor
|
Codeowners approval required for this PR:
Show detailed file reviewers
|
Contributor
|
Codeowners approval required for this PR:
Show detailed file reviewers
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
…dd connect to HANDLER_RESERVED_KEYS
…ocket On Windows, the internal Cap'n Proto service-to-service forwarding from the entry worker to the dev-registry-proxy service can break with WSARecv error 64 (ERROR_NETNAME_DELETED), causing the registry push to silently fail and leaving the proxy worker with an empty registry. Give the dev-registry-proxy service its own HTTP socket (SOCKET_DEV_REGISTRY) and have #pushRegistryUpdate POST directly to it, bypassing the entry worker entirely. Also incorporates review fixes: reset previousJSON on restart, guard generated identifiers, check dispose signal on retry, read fresh registry on retry, shallow-copy workerOpts before mutation, use real entry port for loopbackAddress, and guard malformed loopbackAddress parsing.
# Conflicts: # packages/miniflare/src/plugins/core/explorer.ts
…are/workers-sdk into penalosa/native-registry
Contributor
|
Codeowners approval required for this PR:
Show detailed file reviewers |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
petebacondarwin
approved these changes
Apr 1, 2026
Contributor
petebacondarwin
left a comment
petebacondarwin
left a comment
There was a problem hiding this comment.
This looks great. I have not yet pulled it down and played with it locally.
But a code read through didn't bring up any red flags that I can find.
| let text = await response.text(); | ||
| if (response.status !== 200) | ||
| throw new Error(`Got ${response.status}: ${text}`); | ||
| expect(response.status).toBe(200); |
Contributor
There was a problem hiding this comment.
Not needed given the above statement.
Or was the throw just there for debugging?
| name: `${RPC_PROXY_SERVICE_NAME}:${id}`, | ||
| worker: { | ||
| compatibilityDate: "2024-08-01", | ||
| compatibilityFlags: ["service_binding_extra_handlers"], |
| import { Log } from "./log"; | ||
| import { getGlobalWranglerConfigPath } from "./wrangler"; | ||
| import type { WorkerDefinition, WorkerRegistry } from "./dev-registry-types"; | ||
| export type { WorkerDefinition, WorkerRegistry } from "./dev-registry-types"; |
Contributor
There was a problem hiding this comment.
duplicate of line above?
| break; | ||
| } | ||
| } | ||
| const registry = getWorkerRegistry(this.registryPath!); |
Contributor
There was a problem hiding this comment.
perhaps just add an asser?
Suggested change
| const registry = getWorkerRegistry(this.registryPath!); | |
| assert(this.registryPath); | |
| const registry = getWorkerRegistry(this.registryPath); |
Comment on lines
+73
to
+79
| this.watcher | ||
| ?.close() | ||
| .then(() => {}) | ||
| .finally(() => { | ||
| this.watcher = undefined; | ||
| }) ?? Promise.resolve() | ||
| ); |
Contributor
There was a problem hiding this comment.
I assume that if the .then and .finally are not breaking type check then this.watcher cannot be undefined here? If so, then the ?. can be removed as well as the ?? Promise.resolve().
Suggested change
| this.watcher | |
| ?.close() | |
| .then(() => {}) | |
| .finally(() => { | |
| this.watcher = undefined; | |
| }) ?? Promise.resolve() | |
| ); | |
| this.watcher | |
| .close() | |
| .then(() => {}) | |
| .finally(() => { | |
| this.watcher = undefined; | |
| }) | |
| ); |
If it can be undefined, then I assume what you actually need here is:
Suggested change
| this.watcher | |
| ?.close() | |
| .then(() => {}) | |
| .finally(() => { | |
| this.watcher = undefined; | |
| }) ?? Promise.resolve() | |
| ); | |
| (this.watcher?.close() ?? Promise.resolve()) | |
| .then(() => {}) | |
| .finally(() => { | |
| this.watcher = undefined; | |
| }); |
| "editor.formatOnSave": true | ||
| "editor.formatOnSave": true, | ||
| "[typescript]": { | ||
| "editor.defaultFormatter": "oxc.oxc-vscode" |
| import { DurableObject } from "cloudflare:workers"; | ||
|
|
||
| // These interfaces mirror the workerd debug port RPC API. | ||
| // See https://github.com/cloudflare/workerd/blob/main/src/workerd/server/server.c++ |
Contributor
There was a problem hiding this comment.
TIL - I didn't know this even existed. Nice
Contributor
There was a problem hiding this comment.
NIT: All the exported interfaces, classes and functions in this file would benefit from JSDocs explaining their purpose.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The dev registry proxy — responsible for forwarding service binding calls between separate wrangler dev / vite dev sessions — has been rewritten to use workerd's native debug port RPC instead of routing everything through a Node.js HTTP proxy thread.
The old approach had a lot of moving parts: a separate Node.js worker thread running an HTTP server, per-service socket allocations in workerd, special-casing for WebSocket upgrades and streamed bodies, and a growing list of edge cases. The new approach runs an ExternalServiceProxy WorkerEntrypoint directly inside workerd and uses the debug port to forward calls natively — less code, fewer layers, and far fewer things that can go wrong.
As a bonus, Durable Object RPC now works across dev sessions — something that was previously blocked behind a "not yet supported" error.