fix: Support dev.plugin on typed services bindings

[mattjohnsonpint]

Wrangler previously only honored dev.plugin on unsafe.bindings entries, so users authoring a service binding via services[] could not wire it to a local Miniflare plugin during wrangler dev — they had to fall back to unsafe.bindings and accept a warning such as:

The binding type "service" is directly supported by wrangler.
Consider migrating this unsafe binding to a format for 'service' bindings that is supported by wrangler for optimal support.

The typed services[] form now accepts the same dev: { plugin, options? } shape, routes the binding through Miniflare's external-plugin pathway in wrangler dev, and strips the field at deploy time. Validation rejects malformed dev shapes.

Needed as a prerequisite to fixing https://jira.cfdata.org/browse/CC-7944

---

• Tests
  • Tests included/updated
  • Automated tests not possible - manual testing has been completed as follows:
  • Additional testing not necessary because:
• Public documentation
  • Cloudflare docs PR(s):
  • Documentation not necessary because: services bindings are already documented. This is just a fix for the equivalent of CfUnsafeBinding.dev.plugin to work without requiring an unsafe binding.

A picture of a cute animal (not mandatory, but encouraged)

---

[changeset-bot]

🦋 Changeset detected

Latest commit: a747dab

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 7 packages

Name	Type
wrangler	Patch
@cloudflare/workers-utils	Patch
@cloudflare/deploy-helpers	Patch
@cloudflare/vite-plugin	Patch
@cloudflare/vitest-pool-workers	Patch
@cloudflare/cli-shared-helpers	Patch
@cloudflare/workers-auth	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[workers-devprod]

Codeowners approval required for this PR:

• @cloudflare/wrangler

Show detailed file reviewers

• .changeset/typed-service-binding-dev-plugin.md: [@cloudflare/wrangler]
• packages/deploy-helpers/src/deploy/helpers/print-bindings.ts: [@cloudflare/wrangler]
• packages/workers-utils/src/config/validation.ts: [@cloudflare/wrangler]
• packages/workers-utils/src/worker.ts: [@cloudflare/wrangler]
• packages/workers-utils/tests/config/validation/normalize-and-validate-config.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/deploy/bindings.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/tests/unstable-get-miniflare-worker-options.test.ts: [@cloudflare/wrangler]
• packages/wrangler/src/dev/miniflare/index.ts: [@cloudflare/wrangler]

[github-actions]

✅ All changesets look good

[ask-bonk]

There's no validation that remote and dev are mutually exclusive, but that's a minor concern since the dev path takes precedence and remote is only relevant for deploy/remote mode anyway. Not a blocking issue.

I've completed a thorough review. The change is well-structured, well-tested, and the logic is correct:

• services loop correctly skips dev-plugin services (line 614-618)
• The typed-service plugin path correctly strips dev, remote, props and keeps production options
• Validation is thorough (actually more thorough than the existing unsafe path)
• Deploy-time stripping happens implicitly via the explicit field selection in the upload form, verified by test
• print-bindings.ts shows the correct local mode

I considered potential issues (type prefix handling, options serializability, remote+dev conflict, unknown property leakage) and none are actionable bugs. The remote/dev mutual-exclusion is a minor edge case but the precedence is sensible and not a correctness bug.

LGTM

github run

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@14269

@cloudflare/deploy-helpers

npm i https://pkg.pr.new/@cloudflare/deploy-helpers@14269

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@14269

miniflare

npm i https://pkg.pr.new/miniflare@14269

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@14269

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@14269

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@14269

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@14269

@cloudflare/workers-auth

npm i https://pkg.pr.new/@cloudflare/workers-auth@14269

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@14269

@cloudflare/workers-utils

npm i https://pkg.pr.new/@cloudflare/workers-utils@14269

wrangler

npm i https://pkg.pr.new/wrangler@14269

commit: a747dab

[petebacondarwin]

Given that this is an internal only feature, hence no public documentation, I think we should name it something like unstable_dev to indicate that it is not to be relied upon.

[mattjohnsonpint]

Given that this is an internal only feature, hence no public documentation, I think we should name it something like unstable_dev to indicate that it is not to be relied upon.

Hmm... it sits on CfService right next to cross_account_grant which is also internal/undocumented if I understand correctly. It might feel strange to have one labeled unstable and not the other. But it's easy enough to change. LMK what you would like here. Thanks.

[petebacondarwin]

OK. Thanks for iterating. I agree we may as well leave the naming as it is.
I left one nit about the structure of the code in miniflare/index.ts, but we could always do a follow up to tidy that up if you want.

[workers-devprod]

Codeowners approval required for this PR:

• ✅ @cloudflare/wrangler

Show detailed file reviewers

[workers-devprod]

Codeowners reviews satisfied