[miniflare] Restart workerd process on crash after successful startup

[hoodmane]

If workerd crashes while starting up, exit as before. If workerd crash happens in a handler, try to restart workerd.
I'm not really sure whether the added logic is correct if restarting workerd fails. On the other hand, starting it the first time worked so hopefully restarting it will work?
The added tests require cloudflare/workerd#6382 for abortIsolate().

cc @penalosa

• Tests
  • Tests included/updated
  • Automated tests not possible - manual testing has been completed as follows:
  • Additional testing not necessary because:
• Public documentation
  • Cloudflare docs PR(s):
  • Documentation not necessary because: I don't think it's necessary?

---

[changeset-bot]

🦋 Changeset detected

Latest commit: 4a4048f

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[workers-devprod]

Codeowners approval required for this PR:

• @cloudflare/wrangler

Show detailed file reviewers

• packages/miniflare/src/index.ts: [@cloudflare/wrangler]
• packages/miniflare/src/runtime/index.ts: [@cloudflare/wrangler]
• packages/miniflare/test/index.spec.ts: [@cloudflare/wrangler]

[ask-bonk]

I'm Bonk, and I've done a quick review of your PR.

This PR restarts the workerd process when it crashes after a successful startup, while preserving the existing fail-fast behavior for startup crashes.

Issues (ranked by severity):

1. Unhandled promise rejection on restart failure — The .catch() handler re-throws the error, but the promise is voided (void this.#runtimeMutex...). This means a failed restart will produce an unhandled promise rejection, which crashes Node.js by default (since Node 15). You should either log the error instead of re-throwing, or store the promise somewhere it can be observed.

2. TODO(NOW) left in code — This looks like a development reminder that should be resolved before merging.

3. Flaky restart test — setTimeout(resolve, 0) is almost certainly not enough time for the full restart cycle (mutex acquisition → config assembly → workerd spawn → port ready). This will likely be flaky in CI. Consider polling mf.ready or mf.dispatchFetch with retries instead.

4. Typo — "goit" → "got".

[ask-bonk]

Re-throwing inside .catch() on a voided promise creates an unhandled promise rejection, which crashes Node.js by default. Consider logging the error instead, or not re-throwing:

Suggested change

	throw e;
	this.#log.error(e);

[ask-bonk]

This TODO(NOW) should be resolved before merging — it looks like a development note.

[ask-bonk]

setTimeout(resolve, 0) is unlikely to be enough for the full restart cycle (mutex + config assembly + workerd spawn + port listening). This will probably be flaky in CI. Consider awaiting mf.ready instead, which should resolve once the restart completes, or polling dispatchFetch with retries.

[ask-bonk]

I'm Bonk, and I've done a quick review of your PR.

This PR restarts the workerd process when it crashes after a successful startup, while preserving the existing fail-fast behavior for startup crashes.

I posted a review with 4 issues (ranked by severity):

1. Unhandled promise rejection on restart failure — The .catch() re-throws on a voided promise, which will crash Node.js. Suggested logging the error instead.
2. TODO(NOW) left in code — Should be resolved before merging.
3. Flaky restart test — setTimeout(resolve, 0) is almost certainly not enough time for the full restart cycle. Suggested awaiting mf.ready or polling with retries.
4. Typo — "goit" → "got" (with suggestion).

github run

[github-actions]

✅ All changesets look good

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13045

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13045

miniflare

npm i https://pkg.pr.new/miniflare@13045

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13045

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13045

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13045

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13045

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13045

wrangler

npm i https://pkg.pr.new/wrangler@13045

commit: 4a4048f

[devin-ai-integration]

Devin Review found 2 potential issues.

View 5 additional findings in Devin Review.

[devin-ai-integration]

🔴 Unhandled promise rejection when crash restart fails

The onWorkerdCrashRestart callback copies the error-handling pattern from the constructor (line 1081-1090) but applies it incorrectly. In the constructor, the promise chain (including the throw e in .catch()) is assigned to this.#initPromise, which is later await-ed in #waitForReady, so the rejection is handled. In the crash restart callback, the same .catch((e) => { throw e }) is used, but the resulting promise is void-ed — no handler is ever attached to it. When the restart fails (e.g., workerd crashes again at startup), the throw e produces a rejected promise with no rejection handler, triggering an unhandledRejection event in Node.js, which by default crashes the process (Node.js 15+). The throw e should be removed or replaced with error logging, since there is no consumer to propagate the error to.

Suggested change

	void this.#runtimeMutex
	.runWith(() => this.#assembleAndUpdateConfig())
	.catch((e) => {
	// If initialisation failed, attempting to `dispose()` this instance
	// will too. Therefore, remove from the instance registry now, so we
	// can still test async initialisation failures, without test failures
	// telling us to `dispose()` the instance.
	maybeInstanceRegistry?.delete(this);
	throw e;
	});
	void this.#runtimeMutex
	.runWith(() => this.#assembleAndUpdateConfig())
	.catch((e) => {
	// If initialisation failed, attempting to `dispose()` this instance
	// will too. Therefore, remove from the instance registry now, so we
	// can still test async initialisation failures, without test failures
	// telling us to `dispose()` the instance.
	maybeInstanceRegistry?.delete(this);
	this.#log.error("Failed to restart workerd after crash:", e);
	});

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🟡 Early return in VSCode inspector path skips crash handler registration

When running inside a VSCode Debug Terminal with an inspector socket enabled, if the bootloader path is not found, updateConfig returns early at packages/miniflare/src/runtime/index.ts:279 (return ports). This bypasses the crash handler registration at lines 313-329, meaning workerd crashes after startup will not trigger automatic restarts in this scenario. The exit handler registration should be moved before the VSCode inspector block, or the early return should be refactored to fall through to the exit handler registration.

Prompt for agents

In packages/miniflare/src/runtime/index.ts, the crash handler registration (lines 313-330) is placed after the VSCode inspector block which has an early return at line 279. Move the crash handler registration block (the else clause at lines 313-330) to before the VSCode inspector block (line 270) so that the exit handler is always registered when ports are defined, regardless of the early return. The condition should be: if ports is defined and abortSignal is not aborted, register the exit handler. This ensures crash restarts work even when running in a VSCode Debug Terminal.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[petebacondarwin]

Could we just get dispose to remove this handler instead?

[hoodmane]

I'll try that.