Replace HTTP dev-registry proxy with native workerd debug port RPC#12600
Merged
Replace HTTP dev-registry proxy with native workerd debug port RPC#12600
Conversation
🦋 Changeset detectedLatest commit: a076a5f The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
penalosa
force-pushed
the
penalosa/native-registry
branch
2 times, most recently
from
b2f8d24 to
5fb825a
Compare
create-cloudflare
@cloudflare/kv-asset-handler
miniflare
@cloudflare/pages-shared
@cloudflare/unenv-preset
@cloudflare/vite-plugin
@cloudflare/vitest-pool-workers
@cloudflare/workers-editor-shared
wrangler
commit: |
penalosa
force-pushed
the
penalosa/native-registry
branch
from
d3a87ad to
4c37d41
Compare
penalosa
force-pushed
the
penalosa/native-registry
branch
2 times, most recently
from
66bfe5c to
0f5c3fd
Compare
Contributor
|
Claude encountered an error —— View job I'll analyze this and get back to you. |
penalosa
commented
Feb 23, 2026
penalosa
commented
Feb 27, 2026
Replace HTTP-based dev registry proxy with native workerd debug port: - Use WorkerdDebugPort binding for direct Cap'n Proto RPC to remote workers - Service bindings and DOs now route through debug port instead of HTTP proxy - Support RPC method calls, fetch, and tail handlers through debug port - Add HTTP fallback for WebSocket upgrades (debug port RPC doesn't support them) - Remove old dev-registry.worker.ts HTTP proxy implementation - Simplify external-service.ts by removing HTTP proxy infrastructure All 17 dev-registry tests pass including WebSocket upgrades.
The vite dev <-> vite dev tail handler test was missing the waitForTimeout parameter on one of its waitFor calls, causing it to use the default (shorter) timeout which could flake in CI.
…port RPC Remove the HTTP fallback, eager body buffering, _client GC hack, and WebSocket special-casing from the dev-registry proxy workers. These workarounds existed because the workerd debug port would close connections prematurely when the initial subrequest completed. With the refcounted DebugPortConnectionState fix in workerd (cloudflare/workerd#6100), connections now survive as long as any response body or WebSocket is in use. Key changes: - Replace hasAssets/entryAddress with defaultEntrypointService and userWorkerService fields in WorkerDefinition/RegistryEntry - Route DOs and named entrypoints through userWorkerService (bypassing assets/vite proxy layer) instead of hardcoding core:user: prefix - Validate required registry fields in resolveTarget() to handle stale entries - Inline and delete getWorkerdServiceName() helper - Remove dead entryAddress field and fetchViaHttp code path - Remove DO WebSocket 501 error and DO body buffering workarounds
…uting Vite workers with assets were incorrectly routing through assets:rpc-proxy in the dev registry, but in vite dev mode assets are served by the vite proxy worker, not workerd's asset pipeline. This caused cross-service fetch to vite workers with assets to fail (timeout). Add unsafeOverrideDefaultEntrypoint to miniflare's core options schema so the vite plugin can explicitly specify which workerd service handles the default entrypoint. This replaces the brittle inference from unsafeDirectSockets[].serviceName.
…nd tests After the debug port RPC refactor, unsafeDirectSockets in the user worker config, vite plugin, and dev-registry tests no longer serve a functional purpose — nobody reads the socket URLs. The only remaining use is in wrangler's ProxyController for InspectorProxyWorker (not touched here).
… cross-worker dev registry
The Reflect.has check already handles keys that exist on the target. For keys not on the target, the runtime doesn't probe handler properties through the proxy get trap in a way that requires suppression — confirmed by tests passing without it.
…ndings instead Instead of mutating workerOpts with symbol-tagged designators before plugin processing (requiring every consumer to special-case them), we now let the plugin system process all bindings normally, then rewrite external service bindings and tails to point at the dev registry proxy afterward. This follows the same post-processing pattern already used for assets at line 1673. Removes kResolvedServiceDesignator, ResolvedServiceDesignator, the zod validator, and checks in getCustomServiceDesignator, maybeGetCustomServiceService, and normaliseServiceDesignator.
The proxy's get trap now returns values that are both callable (for env.SERVICE.method()) and thenable (for await env.SERVICE.property), matching workerd's JsRpcProperty behavior. Without the .then property, awaiting a proxy-intercepted property would resolve to the function itself rather than triggering remote resolution.
Debug port RPC fetchers don't support lifecycle event dispatch (fetcher.scheduled()), so scheduled events need special handling: - ExternalServiceProxy: forward scheduled via HTTP to the entry worker's /cdn-cgi/handler/scheduled endpoint, which dispatches internally - RPCProxyWorker (assets proxy): forward scheduled to USER_WORKER via Fetcher.scheduled() - Add service_binding_extra_handlers compat flag to assets proxy service config so Fetcher.scheduled() is available on the USER_WORKER binding
Refactors the to be more generic, efficient, and readable. - Introduces a private method that handles resolving and connecting to the remote service. - Caches the remote fetcher promise for 1s to avoid re-connecting on every single RPC call or property access. - Simplifies the Proxy trap by using the new helper, removing duplicated code and making the logic much clearer.
…, thenable DO RPC
…N, fix stale cache clear
workers-devprod
approved these changes
Apr 2, 2026
Contributor
workers-devprod
left a comment
workers-devprod
left a comment
There was a problem hiding this comment.
Codeowners reviews satisfied
edmundhung
reviewed
Apr 2, 2026
Member
edmundhung
left a comment
edmundhung
left a comment
There was a problem hiding this comment.
Great to see the http proxy being removed 😄
I think this will also resolve #11712?
- Bump changeset to minor for wrangler and vite-plugin - Backtick-format `vite dev` in DEV_REGISTRY.md - Remove durableObjects field from WorkerDefinition; simplify print-bindings DO connection check to match service bindings - Replace OUTBOUND_DO_PROXY_SERVICE_NAME with SERVICE_DEV_REGISTRY_PROXY - Rename unsafeOverrideDefaultEntrypoint to unsafeOverrideFetchWorker - Add comments explaining kVoid and #pushRegistryUpdate callback - Use consistent 'Worker' wording in proxy error messages - Remove .catch() wrapper on fetch — let workerd errors propagate - Add error handling tests: non-existent DO (fetch + RPC), non-existent entrypoint (fetch + RPC), stale registry entry
Contributor
|
Codeowners approval required for this PR:
Show detailed file reviewers |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
workerd probes DO properties (fetch, alarm, etc.) via the Proxy get trap. Throwing immediately crashes those internal checks. The function-that-throws pattern is correct: it lets property probes succeed while erroring when the property is actually called as RPC.
This was referenced Apr 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The dev registry proxy — responsible for forwarding service binding calls between separate wrangler dev / vite dev sessions — has been rewritten to use workerd's native debug port RPC instead of routing everything through a Node.js HTTP proxy thread.
The old approach had a lot of moving parts: a separate Node.js worker thread running an HTTP server, per-service socket allocations in workerd, special-casing for WebSocket upgrades and streamed bodies, and a growing list of edge cases. The new approach runs an ExternalServiceProxy WorkerEntrypoint directly inside workerd and uses the debug port to forward calls natively — less code, fewer layers, and far fewer things that can go wrong.
As a bonus, Durable Object RPC now works across dev sessions — something that was previously blocked behind a "not yet supported" error.
Fixes #11712
Fixes #11944
Fixes #9445