[pull] main from cloudflare:main

.changeset/c3-frameworks-update-14205.md

@@ -0,0 +1,11 @@
+---
+"create-cloudflare": patch
+---
+
+Update dependencies of "create-cloudflare"
+
+The following dependency versions have been updated:
+
+| Dependency          | From   | To     |
+| ------------------- | ------ | ------ |
+| create-react-router | 7.16.0 | 7.17.0 |

.changeset/c3-frameworks-update-14206.md

@@ -0,0 +1,11 @@
+---
+"create-cloudflare": patch
+---
+
+Update dependencies of "create-cloudflare"
+
+The following dependency versions have been updated:
+
+| Dependency | From   | To     |
+| ---------- | ------ | ------ |
+| sv         | 0.15.3 | 0.15.4 |

.changeset/c3-frameworks-update-14207.md

@@ -0,0 +1,11 @@
+---
+"create-cloudflare": patch
+---
+
+Update dependencies of "create-cloudflare"
+
+The following dependency versions have been updated:
+
+| Dependency    | From  | To    |
+| ------------- | ----- | ----- |
+| create-analog | 2.5.2 | 2.6.0 |

.changeset/c3-frameworks-update-14208.md

@@ -0,0 +1,11 @@
+---
+"create-cloudflare": patch
+---
+
+Update dependencies of "create-cloudflare"
+
+The following dependency versions have been updated:
+
+| Dependency      | From   | To     |
+| --------------- | ------ | ------ |
+| create-next-app | 16.2.6 | 16.2.7 |

.github/actions/check-remote-tests/action.yml

@@ -2,7 +2,7 @@ name: "Check Remote Tests"
 description: >
   Determines whether E2E tests should be given Cloudflare API credentials.
   Returns true for merge-queue runs, Version Packages PRs, or when the
-  "run-remote-tests" label is present on a pull request.
+  "ci:run-remote-tests" label is present on a pull request.
 outputs:
   run-remote:
     description: "'true' when remote tests should run, 'false' otherwise"
@@ -26,7 +26,7 @@ runs:
         elif [ "$EVENT_NAME" = "pull_request" ]; then
           HAS_LABEL=$(gh pr view "$PR_NUMBER" \
             --repo "$REPO" --json labels \
-            --jq '[.labels[].name] | any(. == "run-remote-tests")')
+            --jq '[.labels[].name] | any(. == "ci:run-remote-tests")')
           echo "run_remote=${HAS_LABEL}" >> "$GITHUB_OUTPUT"
         else
           echo "run_remote=false" >> "$GITHUB_OUTPUT"

.github/dependabot.yml

@@ -20,9 +20,9 @@ updates:
     commit-message:
       prefix: "[C3] "
     labels:
-      - "c3"
+      - "package:c3"
       - "dependencies"
-      - "skip-pr-description-validation"
+      - "ci:skip-pr-description-validation"
 
   # Check for workerd & workers-types updates for Miniflare
   - package-ecosystem: "npm"

.github/holopin.yml

@@ -1,7 +1,7 @@
 organization: cloudflare
 stickers:
   - id: cltg4w6r612040fl2r7vweuvv
-    alias: "[automation] outstanding contribution"
+    alias: "ci:outstanding-contribution"
 
 holobytes:
   - evolvingStickerId: cltg4rlqc39020fl51scnguhb

.github/workflows/README.md

@@ -40,7 +40,7 @@ Workflow changes should avoid unsuppressed `zizmor` findings. In particular:
   - PRs in the merge queue.
 - Actions
   - Runs the E2E tests for Wrangler.
-  - Cloudflare API credentials are only passed on Version Packages PRs (`changeset-release/main`), in the merge queue, or when the `run-remote-tests` label is applied. Other PRs run the E2E suite without remote tests.
+  - Cloudflare API credentials are only passed on Version Packages PRs (`changeset-release/main`), in the merge queue, or when the `ci:run-remote-tests` label is applied. Other PRs run the E2E suite without remote tests.
 
 ### Vite Plugin E2E tests (e2e-vite.yml)
 
@@ -49,7 +49,7 @@ Workflow changes should avoid unsuppressed `zizmor` findings. In particular:
   - PRs in the merge queue.
 - Actions
   - Runs the E2E tests for the Vite plugin.
-  - Cloudflare API credentials are only passed on Version Packages PRs (`changeset-release/main`), in the merge queue, or when the `run-remote-tests` label is applied. Other PRs run the E2E suite without remote tests.
+  - Cloudflare API credentials are only passed on Version Packages PRs (`changeset-release/main`), in the merge queue, or when the `ci:run-remote-tests` label is applied. Other PRs run the E2E suite without remote tests.
 
 ## Deploy Pages Previews (deploy-pages-preview.yml)
 
@@ -119,7 +119,7 @@ Workflow changes should avoid unsuppressed `zizmor` findings. In particular:
   - Updates to PRs.
 - Actions
   - Runs the E2E tests for C3.
-  - Cloudflare API credentials are only passed on Version Packages PRs (`changeset-release/main`), in the merge queue, or when the `run-remote-tests` label is applied. Other PRs run the E2E suite without remote tests.
+  - Cloudflare API credentials are only passed on Version Packages PRs (`changeset-release/main`), in the merge queue, or when the `ci:run-remote-tests` label is applied. Other PRs run the E2E suite without remote tests.
 
 ### Rerun Code Owners (rerun-codeowners.yml + rerun-codeowners-privileged.yml)
 
@@ -132,8 +132,8 @@ Workflow changes should avoid unsuppressed `zizmor` findings. In particular:
 ### Rerun Remote Tests (rerun-remote-tests.yml)
 
 - Triggers
-  - The `run-remote-tests` or `run-c3-frameworks-tests` label is added to or removed from a PR.
+  - The `ci:run-remote-tests` or `run-c3-frameworks-tests` label is added to or removed from a PR.
 - Actions
   - Re-runs the E2E workflows for the PR so they pick up the label change and pass (or withhold) API credentials to the test steps.
-  - `run-remote-tests` re-runs Wrangler, Vite, and C3 E2E workflows; `run-c3-frameworks-tests` re-runs only C3 E2E.
+  - `ci:run-remote-tests` re-runs Wrangler, Vite, and C3 E2E workflows; `run-c3-frameworks-tests` re-runs only C3 E2E.
   - Uses `pull_request_target` to get a privileged token even for fork PRs (safe because no untrusted code is checked out).

.github/workflows/issues.yml

@@ -23,19 +23,19 @@ jobs:
         with:
           project-url: https://github.com/orgs/cloudflare/projects/2
           github-token: ${{ secrets.GH_ACCESS_TOKEN }}
-          labeled: pages
+          labeled: product:pages
       - uses: actions/add-to-project@a9f041ddd462ed185893ea1024cec954f50dbe42 # v0.3.0
         with:
           project-url: https://github.com/orgs/cloudflare/projects/6
           github-token: ${{ secrets.GH_ACCESS_TOKEN }}
-          labeled: d1
+          labeled: product:d1
       - uses: actions/add-to-project@a9f041ddd462ed185893ea1024cec954f50dbe42 # v0.3.0
         with:
           project-url: https://github.com/orgs/cloudflare/projects/12
           github-token: ${{ secrets.GH_ACCESS_TOKEN }}
-          labeled: c3
+          labeled: product:c3
       - uses: actions/add-to-project@a9f041ddd462ed185893ea1024cec954f50dbe42 # v0.3.0
         with:
           project-url: https://github.com/orgs/cloudflare/projects/8
           github-token: ${{ secrets.GH_ACCESS_TOKEN }}
-          labeled: queues
+          labeled: product:queues

.github/workflows/rerun-remote-tests.yml

@@ -22,7 +22,7 @@ permissions: {}
 jobs:
   rerun-e2e:
     name: "Rerun E2E Tests"
-    if: github.event.label.name == 'run-remote-tests' || github.event.label.name == 'run-c3-frameworks-tests'
+    if: github.event.label.name == 'ci:run-remote-tests' || github.event.label.name == 'run-c3-frameworks-tests'
     runs-on: ubuntu-latest
     permissions:
       actions: write
@@ -35,7 +35,7 @@ jobs:
           REPO: ${{ github.repository }}
         run: |
           # Determine which workflows to re-run based on the label.
-          if [ "$LABEL_NAME" = "run-remote-tests" ]; then
+          if [ "$LABEL_NAME" = "ci:run-remote-tests" ]; then
             WORKFLOWS="e2e-wrangler.yml e2e-vite.yml c3-e2e.yml"
           else
             WORKFLOWS="c3-e2e.yml"

.github/workflows/run-ci-for-external-forks.yml

@@ -71,16 +71,16 @@ jobs:
 
           if [ -n "$existing_pr" ]; then
             gh pr edit "$existing_pr" \
-              --add-label "e2e" \
-              --add-label "run-remote-tests" \
+              --add-label "ci:e2e" \
+              --add-label "ci:run-remote-tests" \
               --title "$TITLE" \
               --body "$BODY"
           else
             gh pr create \
               --head "run-ci-on-behalf-of-$PR_NUM" \
               --draft \
-              --label "e2e" \
-              --label "run-remote-tests" \
+              --label "ci:e2e" \
+              --label "ci:run-remote-tests" \
               --title "$TITLE" \
               --body "$BODY"
           fi

.github/workflows/test-and-check-other-node.yml

@@ -22,7 +22,7 @@ jobs:
       matrix:
         # expected_to_fail: if true, tests may fail on this Node version.
         # These versions are skipped on normal PRs but run on Version Packages PRs
-        # (changeset-release/main) or when the 'test all node versions' label is added.
+        # (changeset-release/main) or when the 'ci:test-all-node-versions' label is added.
         include:
           - { node_version: 24, description: "Node 24", expected_to_fail: true }
           - { node_version: 25, description: "Node 25", expected_to_fail: true }
@@ -47,7 +47,7 @@ jobs:
         env:
           CHANGES_EVERYTHING_BUT_MARKDOWN: ${{ steps.changes.outputs.everything_but_markdown }}
           EXPECTED_TO_FAIL: ${{ matrix.expected_to_fail }}
-          HAS_TEST_ALL_NODE_VERSIONS_LABEL: ${{ contains(github.event.pull_request.labels.*.name, 'test all node versions') }}
+          HAS_TEST_ALL_NODE_VERSIONS_LABEL: ${{ contains(github.event.pull_request.labels.*.name, 'ci:test-all-node-versions') }}
           HEAD_REF: ${{ github.event.pull_request.head.ref }}
         run: |
           if [[ "$CHANGES_EVERYTHING_BUT_MARKDOWN" == "true" ]] && \

.github/workflows/worker-playground-preview-testing-env-deploy-and-test.yml

@@ -24,7 +24,7 @@ permissions:
 
 jobs:
   e2e-test:
-    if: github.repository_owner == 'cloudflare' && (github.event_name != 'pull_request' || contains(github.event.*.labels.*.name, 'playground-worker'))
+    if: github.repository_owner == 'cloudflare' && (github.event_name != 'pull_request' || contains(github.event.*.labels.*.name, 'feature:playground-worker'))
     name: "Deploy Playground Preview Worker (testing)"
     runs-on: ubuntu-latest
 

CONTRIBUTING.md

@@ -360,10 +360,10 @@ Remote E2E tests run automatically in these cases:
 - **Version Packages PRs** (branch `changeset-release/main`) — acts as a pre-release safety net, catching remote-test failures before packages are published.
 - **Merge queue** — final check before code lands on `main`.
 
-If you need remote E2E tests on your PR (e.g. you're changing deployment logic or binding behavior), apply the **`run-remote-tests`** label. This triggers a re-run of the E2E workflows with API credentials enabled.
+If you need remote E2E tests on your PR (e.g. you're changing deployment logic or binding behavior), apply the **`ci:run-remote-tests`** label. This triggers a re-run of the E2E workflows with API credentials enabled.
 
 > [!NOTE]
-> The `run-remote-tests` label has no effect on PRs from forks, because GitHub does not expose repository secrets to fork PRs.
+> The `ci:run-remote-tests` label has no effect on PRs from forks, because GitHub does not expose repository secrets to fork PRs.
 
 ## Running E2E tests locally
 

packages/create-cloudflare/src/frameworks/package.json

@@ -3,13 +3,13 @@
 	"dependencies": {
 		"@angular/create": "21.2.13",
 		"@tanstack/cli": "0.68.0",
-		"create-analog": "2.5.2",
+		"create-analog": "2.6.0",
 		"create-astro": "5.0.6",
 		"create-docusaurus": "3.10.1",
 		"create-hono": "0.19.4",
-		"create-next-app": "16.2.6",
+		"create-next-app": "16.2.7",
 		"create-qwik": "1.20.0",
-		"create-react-router": "7.16.0",
+		"create-react-router": "7.17.0",
 		"create-rwsdk": "3.1.3",
 		"create-solid": "0.7.0",
 		"create-vike": "0.0.627",
@@ -18,7 +18,7 @@
 		"create-waku": "0.12.5-1.0.0-alpha.10-0",
 		"gatsby": "5.16.1",
 		"nuxi": "3.35.2",
-		"sv": "0.15.3"
+		"sv": "0.15.4"
 	},
 	"info": [
 		"This package.json is only used to keep track of the frameworks cli dependencies",

packages/wrangler/e2e/remote-binding/remote-bindings-api.test.ts

@@ -105,7 +105,13 @@ describe.skipIf(!CLOUDFLARE_ACCOUNT_ID)(
 					error = e;
 				}
 				expect(normalizeOutput(`${error}`)).toMatchInlineSnapshot(
-					`"Error: Failed to start the remote proxy session. Error reloading remote server: A request to the Cloudflare API (/accounts/00000000000000000000000000000000/workers/subdomain/edge-preview) failed."`
+					`
+					"Error: Failed to establish remote session due to an authentication issue.
+					It looks like you are authenticating via a custom API token (\`CLOUDFLARE_API_TOKEN\`) set in an environment variable.
+					The token may be invalid or lack the required permissions for this operation.
+					To fix this, verify that your token is valid and has the correct permissions.
+					You can also run \`wrangler whoami\` to check your current authentication status."
+				`
 				);
 			});
 		});
@@ -166,7 +172,13 @@ describe.skipIf(!CLOUDFLARE_ACCOUNT_ID)(
 					error = e;
 				}
 				expect(normalizeOutput(`${error}`)).toMatchInlineSnapshot(
-					`"Error: Failed to start the remote proxy session. Error reloading remote server: A request to the Cloudflare API (/accounts/00000000000000000000000000000000/workers/subdomain/edge-preview) failed."`
+					`
+					"Error: Failed to establish remote session due to an authentication issue.
+					It looks like you are authenticating via a custom API token (\`CLOUDFLARE_API_TOKEN\`) set in an environment variable.
+					The token may be invalid or lack the required permissions for this operation.
+					To fix this, verify that your token is valid and has the correct permissions.
+					You can also run \`wrangler whoami\` to check your current authentication status."
+				`
 				);
 			});
 		});