Validate Bun.serve() app.bundlerOptions is an object

[robobun]

Passing a non-object value for app.bundlerOptions (or its server/client/ssr sub-options, or a non-boolean non-object minify) to Bun.serve() would hit a debug assertion in JSValue.get() and crash.

Bun.serve({ app: { bundlerOptions: "not an object" } });
// panic: reached unreachable code (debugAssert target.isObject())

Now throws ERR_INVALID_ARG_TYPE instead.

Also fixes minify: false which previously fell through the boolean check and tried to read .whitespace off a boolean primitive.

Found by Fuzzilli (fingerprint 4160b7d95e4e6895).

[robobun]

^{Updated 5:21 AM PT - May 11th, 2026}

❌ @robobun, your commit 762f75c has 1 failures in Build #53309 (All Failures):

• scripts/build/ci.ts - build failed on 🐧 x64-asan - build-zig
• scripts/build/ci.ts - build failed on 🍎 aarch64 - build-zig
• scripts/build/ci.ts - build failed on 🐧 aarch64-android - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64-musl-baseline - build-cpp
• scripts/build/ci.ts - build failed on 🐧 x64 - build-zig
• scripts/build/ci.ts - build failed on 🍎 x64 - build-zig
• scripts/build/ci.ts - build failed on 🐧 aarch64-musl - build-cpp
• scripts/build/ci.ts - build failed on 🍎 x64 - build-cpp
• scripts/build/ci.ts - build failed on 🐧 x64-musl-baseline - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64-baseline - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64-musl - build-cpp
• scripts/build/ci.ts - build failed on 🐧 x64-android - build-zig
• scripts/build/ci.ts - build failed on 🐧 aarch64-musl - build-zig
• scripts/build/ci.ts - build failed on :freebsd: aarch64 - build-zig
• scripts/build/ci.ts - build failed on 🐧 x64-musl - build-zig
• scripts/build/ci.ts - build failed on :freebsd: x64 - build-zig
• scripts/build/ci.ts - build failed on 🐧 aarch64 - build-zig

---

🧪   To try this PR locally:

bunx bun-pr 30487

That installs a local version of the PR into your bun-30487 executable, so you can run:

bun-30487 --bun

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6fe39670-76f2-4cfc-ac10-640e8db8c11a

📥 Commits

Reviewing files that changed from the base of the PR and between b9e1abb and 762f75c.

📒 Files selected for processing (1)

• test/js/bun/http/bun-serve-app-invalid-args.test.ts

---

Walkthrough

The PR adds a comptime name parameter to BuildConfigSubset.fromJS for contextualized type errors; UserOptions.fromJS forwards names for bundlerOptions.server/client/ssr; minify boolean handling consistently sets all sub-flags; tests validate the improved argument-type error messages.

Changes

bundlerOptions Validation and Error Reporting

Layer / File(s)	Summary
Function Signature Update src/bake/bake.zig	BuildConfigSubset.fromJS adds a comptime name parameter and uses it when throwing an object-type validation error for js_options.
Caller Integration src/bake/bake.zig	UserOptions.fromJS forwards distinct comptime names ("bundlerOptions.server", "bundlerOptions.client", "bundlerOptions.ssr") to BuildConfigSubset.fromJS for contextualized error messages.
Minify Logic Refinement src/bake/bake.zig	Minify parsing now applies boolean values to all three sub-options (syntax, identifiers, whitespace) even when false, and type errors reference name ++ ".minify".
Validation Tests test/js/bun/http/bun-serve-app-invalid-args.test.ts	Tests assert that bundlerOptions must be an object, that server/client/ssr must each be objects, and that minify accepts boolean or object, with error messages matching expected patterns.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding validation for the app.bundlerOptions parameter in Bun.serve() to ensure it is an object rather than allowing crashes.
Description check	✅ Passed	The description fully addresses both required template sections: it explains what the PR does (validates bundlerOptions and fixes minify:false) and how it was verified (Fuzzilli fuzzer finding).
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/js/bun/http/bun-serve-app-invalid-args.test.ts`:
- Around line 19-24: Add a regression test that verifies Bun.serve accepts
boolean false for bundlerOptions.*.minify and does not throw: create a new test
case alongside the existing "Bun.serve() app.bundlerOptions.*.minify must be a
boolean or object" that calls Bun.serve({ app: { bundlerOptions: { server: {
minify: false } } } }) and asserts it does not throw or returns a valid server
handle; ensure the test uses the same test harness (e.g., test(...)) and cleans
up/ closes any server handle if one is returned so it doesn’t leak resources.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b87fe978-e315-4974-a60f-8c751e82e95d

📥 Commits

Reviewing files that changed from the base of the PR and between 450072b and b9e1abb.

📒 Files selected for processing (2)

• src/bake/bake.zig
• test/js/bun/http/bun-serve-app-invalid-args.test.ts

[github-actions]

This PR may be a duplicate of:

1. bake: validate bundlerOptions values are objects before property access #30125 - Adds identical isObject() guards on bundlerOptions and its sub-options in src/bake/bake.zig, fixes the same minify: false boolean fall-through bug found by Fuzzilli
2. Validate app.bundlerOptions types in Bun.serve #30402 - Modifies the exact same lines in src/bake/bake.zig with the same fix (isObject guards, minify boolean fix, BuildConfigSubset.fromJS signature change)

🤖 Generated with Claude Code

[robobun]

Duplicate of #30125.