Validate app.bundlerOptions types in Bun.serve

[robobun]

Bun.serve({ app: { bundlerOptions: ... } }) hit a debug assertion in JSValue.get when bundlerOptions, bundlerOptions.{server,client,ssr}, or their minify option were non-object primitives (e.g. a number). The code called .getOptional() on these values without checking they were objects first.

Bun.serve({ app: { bundlerOptions: { ssr: 699 } } });
// panic: reached unreachable code (debugAssert target.isObject())

Now throws a TypeError with the offending property path instead. Also fixes minify: false, which previously fell through the boolean check and hit the same assertion.

Found by Fuzzilli. Fingerprint: b2de5bfcd9b59c23

[robobun]

^{Updated 8:57 AM PT - May 8th, 2026}

❌ @robobun, your commit 7161df3 has 1 failures in Build #52837 (All Failures):

• scripts/build/ci.ts - build failed on 🍎 x64 - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64-musl-baseline - build-zig
• scripts/build/ci.ts - build failed on 🐧 aarch64-android - build-zig
• scripts/build/ci.ts - build failed on 🐧 aarch64 - build-zig
• scripts/build/ci.ts - build failed on :freebsd: x64 - build-zig
• scripts/build/ci.ts - build failed on 🐧 aarch64-musl - build-zig
• scripts/build/ci.ts - build failed on :freebsd: aarch64 - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64-baseline - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64-android - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64-musl - build-zig
• scripts/build/ci.ts - build failed on 🍎 aarch64 - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64 - build-zig

---

🧪   To try this PR locally:

bunx bun-pr 30405

That installs a local version of the PR into your bun-30405 executable, so you can run:

bun-30405 --bun

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 95483056-51e4-4249-8fb0-f333abc7ba39

📥 Commits

Reviewing files that changed from the base of the PR and between d5945cf and 7161df3.

📒 Files selected for processing (2)

• src/bake/bake.zig
• test/bake/bundler-options-validation.test.ts

---

Walkthrough

This PR enhances bundler options validation in the Bake configuration system. The BuildConfigSubset.fromJS function signature is updated to accept a compile-time subset name parameter, enabling subset-specific validation error messages. Minify boolean handling is adjusted to uniformly assign values across all minify sub-options. Integration and test coverage are added accordingly.

Changes

Bundler Options Validation Enhancement

Layer / File(s)	Summary
Function Signature & Input Validation src/bake/bake.zig	BuildConfigSubset.fromJS now accepts a comptime name parameter and validates that js_options is an object, with error messages including bundlerOptions.<name>.
Minify Parsing Logic src/bake/bake.zig	Boolean minify values are now uniformly assigned to minify_syntax, minify_identifiers, and minify_whitespace. Type errors reference the subset-specific path.
Bundler Options Integration src/bake/bake.zig	UserOptions.fromJS is updated to call BuildConfigSubset.fromJS with subset names ("server", "client", "ssr") for targeted validation.
Test Coverage test/bake/bundler-options-validation.test.ts	New test suite validates bundlerOptions structure, subset object requirements, and minify type constraints across all three subsets.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides clear context on the bug, the fix, and verification details, but does not follow the repository's template structure with 'What does this PR do?' and 'How did you verify your code works?' sections.	Consider restructuring the description to follow the template format with explicit 'What does this PR do?' and 'How did you verify your code works?' sections for consistency.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding validation for app.bundlerOptions types in Bun.serve, which is the core focus of the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

This PR may be a duplicate of:

1. bake: validate bundlerOptions values are objects before property access #30125 - Also validates bundlerOptions values are objects before property access in src/bake/bake.zig, with the same isObject() guards and minify: false fix
2. Validate app.bundlerOptions types in Bun.serve #30402 - Same app.bundlerOptions type validation in Bun.serve with identical fixes to the same code paths

🤖 Generated with Claude Code

[robobun]

Duplicate of #30125.

[claude]

LGTM — straightforward input validation fix converting debug-assert crashes into TypeErrors, with tests.

Extended reasoning...

Overview

This PR adds type validation for app.bundlerOptions and its server/client/ssr sub-objects (and their minify field) in Bun.serve. Previously, passing a non-object primitive for any of these would hit a debugAssert(target.isObject()) panic inside JSValue.get. The fix adds isObject() checks that throw a descriptive TypeError instead, threads a comptime name parameter into BuildConfigSubset.fromJS so the error message identifies the offending property path, and fixes minify: false which previously fell through the boolean fast-path and hit the same assertion. A new test file covers all error paths plus the minify: true/false happy paths.

Security risks

None. This is purely defensive input validation in a configuration parsing path — it adds checks rather than removing them, and there is no auth, crypto, file I/O, or command execution involved.

Level of scrutiny

Low. The change is small (~20 lines of logic), mechanical, and follows the same isObject() → throwInvalidArguments pattern already used elsewhere in this file (e.g., the config, reactFastRefresh, serverComponents checks). It converts a fuzzer-discovered crash into a proper error with no behavioral change to valid inputs.

Other factors

• The bug-hunting system found no issues.
• All three callers of BuildConfigSubset.fromJS were updated for the new comptime parameter; there are no other call sites.
• The minify: false change is correct: previously isBoolean() and asBoolean() only short-circuited on true, letting false fall through to getBooleanLoose on a non-object. Now any boolean is handled and assigned directly.
• No CODEOWNERS apply to src/bake/ or the test file (only *.d.ts is owned).
• New tests assert the exact error messages and verify booleans no longer crash.