Validate app.bundlerOptions types in Bun.serve

[robobun]

What does this PR do?

Adds type validation for app.bundlerOptions in Bun.serve() so that non-object values for bundlerOptions, bundlerOptions.{server,client,ssr}, and non-boolean/non-object values for minify throw a proper ERR_INVALID_ARG_TYPE instead of being silently misinterpreted via prototype-chain lookups.

Also fixes minify: false, which previously fell through to the object-property-reading path (the check was is_boolean() && as_boolean()); it now correctly sets all three minify flags to false.

Originally fixed a debug assertion crash (fuzzer fingerprint c6994d6f8d88e64a) in the Zig JSValue.get() path; after #30412 moved this code to Rust the hard crash no longer reproduces, but the input was still accepted without validation. The behavior now matches Bun.build's minify handling.

Bun.serve({
  app: {
    bundlerOptions: {
      ssr: { minify: 10 },
    },
  },
});
// Before: silently ignored (prototype lookup on Number)
// After:  TypeError: Expected minify to be a boolean or an object

How did you verify your code works?

Added regression tests to test/js/bun/http/bun-serve-args.test.ts covering each invalid shape, asserting name: "TypeError" and code: "ERR_INVALID_ARG_TYPE".

[robobun]

^{Updated 3:31 AM PT - May 14th, 2026}

❌ @robobun, your commit c4fb8f4 has 2 failures in Build #54228 (All Failures):

• test/js/node/http/node-http-backpressure.test.ts - SIGKILL on 🐧 13 aarch64
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 13 x64-asan
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 13 aarch64
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 25.04 aarch64
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 25.04 x64
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 13 x64
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 13 x64-baseline
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 25.04 x64-baseline
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 3.23 aarch64
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 3.23 x64-baseline
• test/js/web/fetch/fetch-tcp-keepalive.test.ts - code 1 on 🐧 3.23 x64

---

🧪   To try this PR locally:

bunx bun-pr 30402

That installs a local version of the PR into your bun-30402 executable, so you can run:

bun-30402 --bun

[coderabbitai]

Walkthrough

Refactors BuildConfigSubset.fromJS to accept a comptime property_name for contextual error messages, changes boolean minify handling to explicitly set all minify flags (including false), updates UserOptions.fromJS to pass property names for server/client/ssr, and adds tests validating bundlerOptions shapes and minify behavior.

Changes

Bundler Options Validation Enhancement

Layer / File(s)	Summary
API Contract & Minify Handling src/bake/bake.zig	BuildConfigSubset.fromJS adds a comptime property_name parameter and uses it in object-type error messages. Boolean minify now sets minify_syntax, minify_identifiers, and minify_whitespace to the boolean value (including false).
Caller Integration src/bake/bake.zig	UserOptions.fromJS passes explicit property names ("server", "client", "ssr") to BuildConfigSubset.fromJS so validation errors identify the specific bundlerOptions.<field>.
Tests & Validation test/js/bun/http/bun-serve-args.test.ts	New test matrix validates bundlerOptions and nested server/client/ssr require object types, minify must be boolean or object, and verifies minify: false parses without crashing.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding validation for app.bundlerOptions types in Bun.serve, which matches the primary objective of fixing the assertion crash.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description fully addresses the template requirements with clear explanation of what the PR does and how verification was performed.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/js/bun/http/bun-serve-args.test.ts`:
- Around line 675-709: Update the tests to assert the error class/code as well
as the message for at least one representative case (e.g., the "bundlerOptions
is not an object" case that calls serve). Instead of only using
expect(...).toThrow(message), call the function inside a try/catch (or capture
the thrown error via a helper) and assert the error is the expected type/code
(for example error instanceof TypeError or error.code ===
'ERR_INVALID_ARG_TYPE') and that error.message matches the existing message;
keep the other table entries as-is but tighten this single representative
assertion referencing serve and the specific test case description.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f88ebf4b-4d61-4262-a0a0-b339eb64a4a3

📥 Commits

Reviewing files that changed from the base of the PR and between d5945cf and 73dcb4a.

📒 Files selected for processing (2)

• src/bake/bake.zig
• test/js/bun/http/bun-serve-args.test.ts

[github-actions]

This PR may be a duplicate of:

1. bake: validate bundlerOptions values are objects before property access #30125 - Also validates that bundlerOptions values are objects before property access in bake.zig, fixing the same debug assertion crash

🤖 Generated with Claude Code

[claude]

LGTM — straightforward input validation that converts assertion crashes into proper ERR_INVALID_ARG_TYPE errors, with regression tests.

Extended reasoning...

Overview

This PR touches two files: src/bake/bake.zig adds isObject() guards before reading properties from app.bundlerOptions, bundlerOptions.{server,client,ssr}, and minify, converting a fuzzer-found debug-assertion crash into a proper TypeError [ERR_INVALID_ARG_TYPE]. It also fixes minify: false which previously fell through to the object-property path (the old check was isBoolean() and asBoolean()). test/js/bun/http/bun-serve-args.test.ts gains a test.each table covering each invalid shape plus a minify: false regression case. The CodeRabbit suggestion to assert error name/code (not just message) was addressed in a8653bf.

Security risks

None. This is purely additive input validation on a user-facing config API — it tightens behavior (rejecting bad input with a clear error) rather than loosening anything. No auth, crypto, filesystem, or network surface is touched.

Level of scrutiny

Low. The Zig change is ~30 lines of mechanical guard-clause additions following the exact pattern already used elsewhere in the same function (throwInvalidArguments, which I verified maps to jsc.Error.INVALID_ARG_TYPE → TypeError with code: ERR_INVALID_ARG_TYPE, matching the new test assertions). The comptime property_name parameter for contextual error messages is idiomatic Zig. The minify: false semantics now correctly set all three minify flags to false rather than crashing — this is the obviously-intended behavior and mirrors Bun.build.

Other factors

The robobun build-zig failures on 73dcb4a hit all six platforms simultaneously on scripts/build/ci.ts, which strongly suggests an infra flake rather than a code error in this ~30-line diff (and the file compiles cleanly in the checked-out tree). A duplicate-PR bot flagged #30125 as overlapping; that's a process/coordination matter for maintainers and doesn't affect the correctness of this change.

[claude]

LGTM — straightforward input validation fix that replaces a debug assertion with a proper ERR_INVALID_ARG_TYPE, with regression tests.

Extended reasoning...

Overview

This PR adds isObject() guards in src/bake/bake.zig before reading properties from bundlerOptions, bundlerOptions.{server,client,ssr}, and minify in Bun.serve({ app: ... }). It also fixes minify: false, which previously fell through the isBoolean() and asBoolean() check into the object-property path and hit the same assertion. A comptime property_name parameter is threaded through BuildConfigSubset.fromJS for clearer error messages, and regression tests are added to test/js/bun/http/bun-serve-args.test.ts.

Security risks

None. This is purely defensive input validation on a developer-facing config object. It converts a debug-build assertion into a thrown TypeError; no auth, crypto, filesystem, or network surface is touched.

Level of scrutiny

Low. The if (!x.isObject()) return global.throwInvalidArguments(...) pattern is already used throughout this same file (for config, plugin_config, framework options, etc.), and throwInvalidArguments resolves to jsc.Error.INVALID_ARG_TYPE — matching the name: "TypeError" / code: "ERR_INVALID_ARG_TYPE" contract asserted by the new tests. The only behavioral nuance is that minify: false now sets the three minify_* optionals to false rather than crashing, which is the correct interpretation. BuildConfigSubset.fromJS has no other callers, so the new comptime parameter is fully covered.

Other factors

The CodeRabbit suggestion to assert the error contract was addressed in a8653bf and the comment is resolved. CI failures (s3-storage-class, hot.test.ts, test-http-should-emit-close-when-connection-is-aborted, and the Windows x64-baseline build-zig flake that prompted the CI re-trigger commit) are unrelated to these files. No CODEOWNERS entries cover src/bake/ or this test file. A duplicate-PR bot flagged #30125 as covering similar ground, but that's a merge-coordination question for maintainers, not a correctness issue with this diff.

[robobun]

CI failures are unrelated to this change:

Build #54228:

• test/js/web/fetch/fetch-tcp-keepalive.test.ts — pre-existing failure from http: gate fetch TCP keepalive on the existing keepalive option #30640, also failing on builds #54215, #54218, #54224, #54225, #54227. Tests SO_KEEPALIVE on fetch sockets; unrelated to bake_body.rs config parsing.
• test/cli/install/bun-install.test.ts — Windows EBADF flake, passed on retry.

Build #52840 (pre-rebase):

• test-http-should-emit-close-when-connection-is-aborted.ts — Windows timeout, pre-existing in builds #52824, #52818.
• node-http-backpressure-max.test.ts — darwin 4GB stream timeout.

bun-serve-args.test.ts (the tests added by this PR) passes on all platforms.

[claude]

LGTM — straightforward input validation fix that converts a debug assertion crash into a proper ERR_INVALID_ARG_TYPE, with regression tests covering each path.

Extended reasoning...

Overview

This PR adds is_object() guards in src/runtime/bake/bake_body.rs before reading properties from bundlerOptions, bundlerOptions.{server,client,ssr}, and minify, and restructures the minify branch so minify: false no longer falls through to the object-property-reading path. BuildConfigSubset::from_js gains a property_name: &str parameter (only the three call sites in this file use it; verified no other callers). Regression tests are added in test/js/bun/http/bun-serve-args.test.ts asserting the error name, code, and message for each invalid shape, plus a positive test that minify: false parses without crashing.

Security risks

None. This is purely defensive input validation that turns a debug-assertion panic into a typed JS exception. No new attack surface, no auth/crypto/permissions involved.

Level of scrutiny

Low. The change is small (~50 LOC of logic), mechanical, and follows the existing throw_invalid_arguments pattern already used throughout this function for other invalid shapes. The one semantic change — minify: false now sets Some(false) for all three minify flags instead of crashing — is the obviously correct behavior and matches how minify: true was already handled. to_invalid_arguments uses JscError::INVALID_ARG_TYPE, so the test's { name: "TypeError", code: "ERR_INVALID_ARG_TYPE" } assertion is consistent with the implementation.

Other factors

• CodeRabbit's suggestion to assert the error contract (not just message) was addressed in a follow-up commit and the inline comment is resolved.
• robobun reports bun-serve-args.test.ts passed on all platforms; the remaining CI failures are pre-existing flakes unrelated to this code path.
• Neither modified file is covered by CODEOWNERS.
• A bot flagged PR #30125 as a potential duplicate; that's a coordination concern for the maintainers but doesn't affect the correctness of this change.