[autofix.ci] apply automated fixes

Switch to Accept header-based content negotiation (much cleaner!)
- Replace User-Agent detection with proper Accept header parsing - Check for text/html and */* to determine response format - Much more standards-compliant approach - Cleaner logic and better separation of concerns Thanks to feedback suggesting Accept header over User-Agent parsing! 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-23 09:11:51 +00:00 · 2025-08-25 06:30:05 +00:00 · 2025-08-25 06:27:39 +00:00 · 2025-08-25 05:55:56 +00:00 · 2025-08-25 05:52:59 +00:00 · 2025-08-25 05:09:45 +00:00
897 changed files with 225653 additions and 87961 deletions
--- a/.buildkite/ci.mjs
+++ b/.buildkite/ci.mjs
@@ -303,9 +303,34 @@ function getCppAgent(platform, options) {
  }

  return getEc2Agent(platform, options, {
-    instanceType: arch === "aarch64" ? "c8g.16xlarge" : "c7i.16xlarge",
-    cpuCount: 32,
-    threadsPerCore: 1,
+    instanceType: arch === "aarch64" ? "c8g.4xlarge" : "c7i.4xlarge",
+  });
+}
+
+/**
+ * @param {Platform} platform
+ * @param {PipelineOptions} options
+ * @returns {string}
+ */
+function getLinkBunAgent(platform, options) {
+  const { os, arch, distro } = platform;
+
+  if (os === "darwin") {
+    return {
+      queue: `build-${os}`,
+      os,
+      arch,
+    };
+  }
+
+  if (os === "windows") {
+    return getEc2Agent(platform, options, {
+      instanceType: arch === "aarch64" ? "r8g.large" : "r7i.large",
+    });
+  }
+
+  return getEc2Agent(platform, options, {
+    instanceType: arch === "aarch64" ? "r8g.xlarge" : "r7i.xlarge",
  });
 }

@@ -356,7 +381,7 @@ function getTestAgent(platform, options) {
    };
  }

-  // TODO: `dev-server-ssr-110.test.ts` and `next-build.test.ts` run out of memory at 8GB of memory, so use 16GB instead.
+  // TODO: delete this block when we upgrade to mimalloc v3
  if (os === "windows") {
    return getEc2Agent(platform, options, {
      instanceType: "c7i.2xlarge",
@@ -409,11 +434,17 @@ function getBuildEnv(target, options) {
 * @param {PipelineOptions} options
 * @returns {string}
 */
-function getBuildCommand(target, options) {
+function getBuildCommand(target, options, label) {
  const { profile } = target;
+  const buildProfile = profile || "release";

-  const label = profile || "release";
-  return `bun run build:${label}`;
+  if (target.os === "windows" && label === "build-bun") {
+    // Only sign release builds, not canary builds (DigiCert charges per signature)
+    const enableSigning = !options.canary ? " -DENABLE_WINDOWS_CODESIGNING=ON" : "";
+    return `bun run build:${buildProfile}${enableSigning}`;
+  }
+
+  return `bun run build:${buildProfile}`;
 }

 /**
@@ -502,14 +533,14 @@ function getLinkBunStep(platform, options) {
    key: `${getTargetKey(platform)}-build-bun`,
    label: `${getTargetLabel(platform)} - build-bun`,
    depends_on: [`${getTargetKey(platform)}-build-cpp`, `${getTargetKey(platform)}-build-zig`],
-    agents: getCppAgent(platform, options),
+    agents: getLinkBunAgent(platform, options),
    retry: getRetry(),
    cancel_on_build_failing: isMergeQueue(),
    env: {
      BUN_LINK_ONLY: "ON",
      ...getBuildEnv(platform, options),
    },
-    command: `${getBuildCommand(platform, options)} --target bun`,
+    command: `${getBuildCommand(platform, options, "build-bun")} --target bun`,
  };
 }

--- a/.buildkite/scripts/sign-windows.ps1
+++ b/.buildkite/scripts/sign-windows.ps1
@@ -0,0 +1,464 @@
+# Windows Code Signing Script for Bun
+# Uses DigiCert KeyLocker for Authenticode signing
+# Native PowerShell implementation - no path translation issues
+
+param(
+    [Parameter(Mandatory=$true)]
+    [string]$BunProfileExe,
+    
+    [Parameter(Mandatory=$true)]
+    [string]$BunExe
+)
+
+$ErrorActionPreference = "Stop"
+$ProgressPreference = "SilentlyContinue"
+
+# Logging functions
+function Log-Info {
+    param([string]$Message)
+    Write-Host "[INFO] $Message" -ForegroundColor Cyan
+}
+
+function Log-Success {
+    param([string]$Message)
+    Write-Host "[SUCCESS] $Message" -ForegroundColor Green
+}
+
+function Log-Error {
+    param([string]$Message)
+    Write-Host "[ERROR] $Message" -ForegroundColor Red
+}
+
+function Log-Debug {
+    param([string]$Message)
+    if ($env:DEBUG -eq "true" -or $env:DEBUG -eq "1") {
+        Write-Host "[DEBUG] $Message" -ForegroundColor Gray
+    }
+}
+
+# Load Visual Studio environment if not already loaded
+function Ensure-VSEnvironment {
+    if ($null -eq $env:VSINSTALLDIR) {
+        Log-Info "Loading Visual Studio environment..."
+        
+        $vswhere = "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe"
+        if (!(Test-Path $vswhere)) {
+            throw "Command not found: vswhere (did you install Visual Studio?)"
+        }
+        
+        $vsDir = & $vswhere -prerelease -latest -property installationPath
+        if ($null -eq $vsDir) {
+            $vsDir = Get-ChildItem -Path "C:\Program Files\Microsoft Visual Studio\2022" -Directory -ErrorAction SilentlyContinue
+            if ($null -eq $vsDir) {
+                throw "Visual Studio directory not found."
+            }
+            $vsDir = $vsDir.FullName
+        }
+        
+        Push-Location $vsDir
+        try {
+            $vsShell = Join-Path -Path $vsDir -ChildPath "Common7\Tools\Launch-VsDevShell.ps1"
+            . $vsShell -Arch amd64 -HostArch amd64
+        } finally {
+            Pop-Location
+        }
+        
+        Log-Success "Visual Studio environment loaded"
+    }
+    
+    if ($env:VSCMD_ARG_TGT_ARCH -eq "x86") {
+        throw "Visual Studio environment is targeting 32 bit, but only 64 bit is supported."
+    }
+}
+
+# Check for required environment variables
+function Check-Environment {
+    Log-Info "Checking environment variables..."
+    
+    $required = @{
+        "SM_API_KEY" = $env:SM_API_KEY
+        "SM_CLIENT_CERT_PASSWORD" = $env:SM_CLIENT_CERT_PASSWORD
+        "SM_KEYPAIR_ALIAS" = $env:SM_KEYPAIR_ALIAS
+        "SM_HOST" = $env:SM_HOST
+        "SM_CLIENT_CERT_FILE" = $env:SM_CLIENT_CERT_FILE
+    }
+    
+    $missing = @()
+    foreach ($key in $required.Keys) {
+        if ([string]::IsNullOrEmpty($required[$key])) {
+            $missing += $key
+        } else {
+            Log-Debug "$key is set (length: $($required[$key].Length))"
+        }
+    }
+    
+    if ($missing.Count -gt 0) {
+        throw "Missing required environment variables: $($missing -join ', ')"
+    }
+    
+    Log-Success "All required environment variables are present"
+}
+
+# Setup certificate file
+function Setup-Certificate {
+    Log-Info "Setting up certificate..."
+    
+    # Always try to decode as base64 first
+    # If it fails, then treat as file path
+    try {
+        Log-Info "Attempting to decode certificate as base64..."
+        Log-Debug "Input string length: $($env:SM_CLIENT_CERT_FILE.Length) characters"
+        
+        $tempCertPath = Join-Path $env:TEMP "digicert_cert_$(Get-Random).p12"
+        
+        # Try to decode as base64
+        $certBytes = [System.Convert]::FromBase64String($env:SM_CLIENT_CERT_FILE)
+        [System.IO.File]::WriteAllBytes($tempCertPath, $certBytes)
+        
+        # Validate the decoded certificate size
+        $fileSize = (Get-Item $tempCertPath).Length
+        if ($fileSize -lt 100) {
+            throw "Decoded certificate too small: $fileSize bytes (expected >100 bytes)"
+        }
+        
+        # Update environment to point to file
+        $env:SM_CLIENT_CERT_FILE = $tempCertPath
+        
+        Log-Success "Certificate decoded and written to: $tempCertPath"
+        Log-Debug "Decoded certificate file size: $fileSize bytes"
+        
+        # Register cleanup
+        $global:TEMP_CERT_PATH = $tempCertPath
+        
+    } catch {
+        # If base64 decode fails, check if it's a file path
+        Log-Info "Base64 decode failed, checking if it's a file path..."
+        Log-Debug "Decode error: $_"
+        
+        if (Test-Path $env:SM_CLIENT_CERT_FILE) {
+            $fileSize = (Get-Item $env:SM_CLIENT_CERT_FILE).Length
+            
+            # Validate file size
+            if ($fileSize -lt 100) {
+                throw "Certificate file too small: $fileSize bytes at $env:SM_CLIENT_CERT_FILE (possibly corrupted)"
+            }
+            
+            Log-Info "Using certificate file: $env:SM_CLIENT_CERT_FILE"
+            Log-Debug "Certificate file size: $fileSize bytes"
+        } else {
+            throw "SM_CLIENT_CERT_FILE is neither valid base64 nor an existing file: $env:SM_CLIENT_CERT_FILE"
+        }
+    }
+}
+
+# Install DigiCert KeyLocker tools
+function Install-KeyLocker {
+    Log-Info "Setting up DigiCert KeyLocker tools..."
+    
+    # Define our controlled installation directory
+    $installDir = "C:\BuildTools\DigiCert"
+    $smctlPath = Join-Path $installDir "smctl.exe"
+    
+    # Check if already installed in our controlled location
+    if (Test-Path $smctlPath) {
+        Log-Success "KeyLocker tools already installed at: $smctlPath"
+        
+        # Add to PATH if not already there
+        if ($env:PATH -notlike "*$installDir*") {
+            $env:PATH = "$installDir;$env:PATH"
+            Log-Info "Added to PATH: $installDir"
+        }
+        
+        return $smctlPath
+    }
+    
+    Log-Info "Installing KeyLocker tools to: $installDir"
+    
+    # Create the installation directory if it doesn't exist
+    if (!(Test-Path $installDir)) {
+        Log-Info "Creating installation directory: $installDir"
+        try {
+            New-Item -ItemType Directory -Path $installDir -Force | Out-Null
+            Log-Success "Created directory: $installDir"
+        } catch {
+            throw "Failed to create directory $installDir : $_"
+        }
+    }
+    
+    # Download MSI installer
+    $msiUrl = "https://bun-ci-assets.bun.sh/Keylockertools-windows-x64.msi"
+    $msiPath = Join-Path $env:TEMP "Keylockertools-windows-x64.msi"
+    
+    Log-Info "Downloading MSI from: $msiUrl"
+    Log-Info "Downloading to: $msiPath"
+    
+    try {
+        # Remove existing MSI if present
+        if (Test-Path $msiPath) {
+            Remove-Item $msiPath -Force
+            Log-Debug "Removed existing MSI file"
+        }
+        
+        # Download with progress tracking
+        $webClient = New-Object System.Net.WebClient
+        $webClient.DownloadFile($msiUrl, $msiPath)
+        
+        if (!(Test-Path $msiPath)) {
+            throw "MSI download failed - file not found"
+        }
+        
+        $fileSize = (Get-Item $msiPath).Length
+        Log-Success "MSI downloaded successfully (size: $fileSize bytes)"
+        
+    } catch {
+        throw "Failed to download MSI: $_"
+    }
+    
+    # Install MSI
+    Log-Info "Installing MSI..."
+    Log-Debug "MSI path: $msiPath"
+    Log-Debug "File exists: $(Test-Path $msiPath)"
+    Log-Debug "File size: $((Get-Item $msiPath).Length) bytes"
+    
+    # Check if running as administrator
+    $isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+    Log-Info "Running as administrator: $isAdmin"
+    
+    # Install MSI silently to our controlled directory
+    $arguments = @(
+        "/i", "`"$msiPath`"",
+        "/quiet",
+        "/norestart",
+        "TARGETDIR=`"$installDir`"",
+        "INSTALLDIR=`"$installDir`"",
+        "ACCEPT_EULA=1",
+        "ADDLOCAL=ALL"
+    )
+    
+    Log-Debug "Running: msiexec.exe $($arguments -join ' ')"
+    Log-Info "Installing to: $installDir"
+    
+    $process = Start-Process -FilePath "msiexec.exe" -ArgumentList $arguments -Wait -PassThru -NoNewWindow
+    
+    if ($process.ExitCode -ne 0) {
+        Log-Error "MSI installation failed with exit code: $($process.ExitCode)"
+        
+        # Try to get error details from event log
+        try {
+            $events = Get-WinEvent -LogName "Application" -MaxEvents 10 | 
+                Where-Object { $_.ProviderName -eq "MsiInstaller" -and $_.TimeCreated -gt (Get-Date).AddMinutes(-1) }
+            
+            foreach ($event in $events) {
+                Log-Debug "MSI Event: $($event.Message)"
+            }
+        } catch {
+            Log-Debug "Could not retrieve MSI installation events"
+        }
+        
+        throw "MSI installation failed with exit code: $($process.ExitCode)"
+    }
+    
+    Log-Success "MSI installation completed"
+    
+    # Wait for installation to complete
+    Start-Sleep -Seconds 2
+    
+    # Verify smctl.exe exists in our controlled location
+    if (Test-Path $smctlPath) {
+        Log-Success "KeyLocker tools installed successfully at: $smctlPath"
+        
+        # Add to PATH
+        $env:PATH = "$installDir;$env:PATH"
+        Log-Info "Added to PATH: $installDir"
+        
+        return $smctlPath
+    }
+    
+    # If not in our expected location, check if it installed somewhere in the directory
+    $found = Get-ChildItem -Path $installDir -Filter "smctl.exe" -Recurse -ErrorAction SilentlyContinue | 
+        Select-Object -First 1
+    
+    if ($found) {
+        Log-Success "Found smctl.exe at: $($found.FullName)"
+        $smctlDir = $found.DirectoryName
+        $env:PATH = "$smctlDir;$env:PATH"
+        return $found.FullName
+    }
+    
+    throw "KeyLocker tools installation succeeded but smctl.exe not found in $installDir"
+}
+
+# Configure KeyLocker
+function Configure-KeyLocker {
+    param([string]$SmctlPath)
+    
+    Log-Info "Configuring KeyLocker..."
+    
+    # Verify smctl is accessible
+    try {
+        $version = & $SmctlPath --version 2>&1
+        Log-Debug "smctl version: $version"
+    } catch {
+        throw "Failed to run smctl: $_"
+    }
+    
+    # Configure KeyLocker credentials and environment
+    Log-Info "Configuring KeyLocker credentials..."
+    
+    try {
+        # Save credentials (API key and password)
+        Log-Info "Saving credentials to OS store..."
+        $saveOutput = & $SmctlPath credentials save $env:SM_API_KEY $env:SM_CLIENT_CERT_PASSWORD 2>&1 | Out-String
+        Log-Debug "Credentials save output: $saveOutput"
+        
+        if ($saveOutput -like "*Credentials saved*") {
+            Log-Success "Credentials saved successfully"
+        }
+        
+        # Set environment variables for smctl
+        Log-Info "Setting KeyLocker environment variables..."
+        $env:SM_HOST = $env:SM_HOST  # Already set, but ensure it's available
+        $env:SM_API_KEY = $env:SM_API_KEY  # Already set
+        $env:SM_CLIENT_CERT_FILE = $env:SM_CLIENT_CERT_FILE  # Path to decoded cert file
+        Log-Debug "SM_HOST: $env:SM_HOST"
+        Log-Debug "SM_CLIENT_CERT_FILE: $env:SM_CLIENT_CERT_FILE"
+        
+        # Run health check
+        Log-Info "Running KeyLocker health check..."
+        $healthOutput = & $SmctlPath healthcheck 2>&1 | Out-String
+        Log-Debug "Health check output: $healthOutput"
+        
+        if ($healthOutput -like "*Healthy*" -or $healthOutput -like "*SUCCESS*" -or $LASTEXITCODE -eq 0) {
+            Log-Success "KeyLocker health check passed"
+        } else {
+            Log-Error "Health check failed: $healthOutput"
+            # Don't throw here, sometimes healthcheck is flaky but signing still works
+        }
+        
+        # Sync certificates to Windows certificate store
+        Log-Info "Syncing certificates to Windows store..."
+        $syncOutput = & $SmctlPath windows certsync 2>&1 | Out-String
+        Log-Debug "Certificate sync output: $syncOutput"
+        
+        if ($syncOutput -like "*success*" -or $syncOutput -like "*synced*" -or $LASTEXITCODE -eq 0) {
+            Log-Success "Certificates synced to Windows store"
+        } else {
+            Log-Info "Certificate sync output: $syncOutput"
+        }
+        
+    } catch {
+        throw "Failed to configure KeyLocker: $_"
+    }
+}
+
+# Sign an executable
+function Sign-Executable {
+    param(
+        [string]$ExePath,
+        [string]$SmctlPath
+    )
+    
+    if (!(Test-Path $ExePath)) {
+        throw "Executable not found: $ExePath"
+    }
+    
+    $fileName = Split-Path $ExePath -Leaf
+    Log-Info "Signing $fileName..."
+    Log-Debug "Full path: $ExePath"
+    Log-Debug "File size: $((Get-Item $ExePath).Length) bytes"
+    
+    # Check if already signed
+    $existingSig = Get-AuthenticodeSignature $ExePath
+    if ($existingSig.Status -eq "Valid") {
+        Log-Info "$fileName is already signed by: $($existingSig.SignerCertificate.Subject)"
+        Log-Info "Skipping re-signing"
+        return
+    }
+    
+    # Sign the executable using smctl
+    try {
+        # smctl sign command with keypair-alias
+        $signArgs = @(
+            "sign",
+            "--keypair-alias", $env:SM_KEYPAIR_ALIAS,
+            "--input", $ExePath,
+            "--verbose"
+        )
+        
+        Log-Debug "Running: $SmctlPath $($signArgs -join ' ')"
+        
+        $signOutput = & $SmctlPath $signArgs 2>&1 | Out-String
+        
+        if ($LASTEXITCODE -ne 0) {
+            Log-Error "Signing output: $signOutput"
+            throw "Signing failed with exit code: $LASTEXITCODE"
+        }
+        
+        Log-Debug "Signing output: $signOutput"
+        Log-Success "Signing command completed"
+        
+    } catch {
+        throw "Failed to sign $fileName : $_"
+    }
+    
+    # Verify signature
+    $newSig = Get-AuthenticodeSignature $ExePath
+    
+    if ($newSig.Status -eq "Valid") {
+        Log-Success "$fileName signed successfully"
+        Log-Info "Signed by: $($newSig.SignerCertificate.Subject)"
+        Log-Info "Thumbprint: $($newSig.SignerCertificate.Thumbprint)"
+        Log-Info "Valid from: $($newSig.SignerCertificate.NotBefore) to $($newSig.SignerCertificate.NotAfter)"
+    } else {
+        throw "$fileName signature verification failed: $($newSig.Status) - $($newSig.StatusMessage)"
+    }
+}
+
+# Cleanup function
+function Cleanup {
+    if ($global:TEMP_CERT_PATH -and (Test-Path $global:TEMP_CERT_PATH)) {
+        try {
+            Remove-Item $global:TEMP_CERT_PATH -Force
+            Log-Info "Cleaned up temporary certificate"
+        } catch {
+            Log-Error "Failed to cleanup temporary certificate: $_"
+        }
+    }
+}
+
+# Main execution
+try {
+    Write-Host "========================================" -ForegroundColor Cyan
+    Write-Host "  Windows Code Signing for Bun" -ForegroundColor Cyan
+    Write-Host "========================================" -ForegroundColor Cyan
+    
+    # Ensure we're in a VS environment
+    Ensure-VSEnvironment
+    
+    # Check environment variables
+    Check-Environment
+    
+    # Setup certificate
+    Setup-Certificate
+    
+    # Install and configure KeyLocker
+    $smctlPath = Install-KeyLocker
+    Configure-KeyLocker -SmctlPath $smctlPath
+    
+    # Sign both executables
+    Sign-Executable -ExePath $BunProfileExe -SmctlPath $smctlPath
+    Sign-Executable -ExePath $BunExe -SmctlPath $smctlPath
+    
+    Write-Host "========================================" -ForegroundColor Green
+    Write-Host "  Code signing completed successfully!" -ForegroundColor Green
+    Write-Host "========================================" -ForegroundColor Green
+    
+    exit 0
+    
+} catch {
+    Log-Error "Code signing failed: $_"
+    exit 1
+    
+} finally {
+    Cleanup
+}
--- a/.github/workflows/CLAUDE.md
+++ b/.github/workflows/CLAUDE.md
@@ -0,0 +1,103 @@
+# GitHub Actions Workflow Maintenance Guide
+
+This document provides guidance for maintaining the GitHub Actions workflows in this repository.
+
+## format.yml Workflow
+
+### Overview
+The `format.yml` workflow runs code formatters (Prettier, clang-format, and Zig fmt) on pull requests and pushes to main. It's optimized for speed by running all formatters in parallel.
+
+### Key Components
+
+#### 1. Clang-format Script (`scripts/run-clang-format.sh`)
+- **Purpose**: Formats C++ source and header files
+- **What it does**:
+  - Reads C++ files from `cmake/sources/CxxSources.txt`
+  - Finds all header files in `src/` and `packages/`
+  - Excludes third-party directories (libuv, napi, deps, vendor, sqlite, etc.)
+  - Requires specific clang-format version (no fallbacks)
+
+**Important exclusions**:
+- `src/napi/` - Node API headers (third-party)
+- `src/bun.js/bindings/libuv/` - libuv headers (third-party)
+- `src/bun.js/bindings/sqlite/` - SQLite headers (third-party)
+- `src/bun.js/api/ffi-*.h` - FFI headers (generated/third-party)
+- `src/deps/` - Dependencies (third-party)
+- Files in `vendor/`, `third_party/`, `generated/` directories
+
+#### 2. Parallel Execution
+The workflow runs all three formatters simultaneously:
+- Each formatter outputs with a prefix (`[prettier]`, `[clang-format]`, `[zig]`)
+- Output is streamed in real-time without blocking
+- Uses GitHub Actions groups (`::group::`) for collapsible sections
+
+#### 3. Tool Installation
+
+##### Clang-format-19
+- Installs ONLY `clang-format-19` package (not the entire LLVM toolchain)
+- Uses `--no-install-recommends --no-install-suggests` to skip unnecessary packages
+- Quiet installation with `-qq` and `-o=Dpkg::Use-Pty=0`
+
+##### Zig
+- Downloads from `oven-sh/zig` releases (musl build for static linking)
+- URL: `https://github.com/oven-sh/zig/releases/download/autobuild-{COMMIT}/bootstrap-x86_64-linux-musl.zip`
+- Extracts to temp directory to avoid polluting the repository
+- Directory structure: `bootstrap-x86_64-linux-musl/zig`
+
+### Updating the Workflow
+
+#### To update Zig version:
+1. Find the new commit hash from https://github.com/oven-sh/zig/releases
+2. Replace the hash in the wget URL (line 65 of format.yml)
+3. Test that the URL is valid and the binary works
+
+#### To update clang-format version:
+1. Update `LLVM_VERSION_MAJOR` environment variable at the top of format.yml
+2. Update the version check in `scripts/run-clang-format.sh`
+
+#### To add/remove file exclusions:
+1. Edit the exclusion patterns in `scripts/run-clang-format.sh` (lines 34-39)
+2. Test locally to ensure the right files are being formatted
+
+### Performance Optimizations
+1. **Parallel execution**: All formatters run simultaneously
+2. **Minimal installations**: Only required packages, no extras
+3. **Temp directories**: Tools downloaded to temp dirs, cleaned up after use
+4. **Streaming output**: Real-time feedback without buffering
+5. **Early start**: Formatting begins immediately after each tool is ready
+
+### Troubleshooting
+
+**If formatters appear to run sequentially:**
+- Check if output is being buffered (should use `sed` for line prefixing)
+- Ensure background processes use `&` and proper wait commands
+
+**If third-party files are being formatted:**
+- Review exclusion patterns in `scripts/run-clang-format.sh`
+- Check if new third-party directories were added that need exclusion
+
+**If clang-format installation is slow:**
+- Ensure using minimal package installation flags
+- Check if apt cache needs updating
+- Consider caching the clang-format binary between runs
+
+### Testing Changes Locally
+
+```bash
+# Test the clang-format script
+export LLVM_VERSION_MAJOR=19
+./scripts/run-clang-format.sh format
+
+# Test with check mode (no modifications)
+./scripts/run-clang-format.sh check
+
+# Test specific file exclusions
+./scripts/run-clang-format.sh format 2>&1 | grep -E "(libuv|napi|deps)"
+# Should return nothing if exclusions work correctly
+```
+
+### Important Notes
+- The script defaults to **format** mode (modifies files)
+- Always test locally before pushing workflow changes
+- The musl Zig build works on glibc systems due to static linking
+- Keep the exclusion list updated as new third-party code is added
--- a/.github/workflows/auto-label-claude-prs.yml
+++ b/.github/workflows/auto-label-claude-prs.yml
@@ -0,0 +1,24 @@
+name: Auto-label Claude PRs
+
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  auto-label:
+    if: github.event.pull_request.user.login == 'robobun' || contains(github.event.pull_request.body, '🤖 Generated with')
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Add claude label to PRs from robobun
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              labels: ['claude']
+            });
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -13,23 +13,55 @@ on:
 jobs:
  claude:
    if: |
+      github.repository == 'oven-sh/bun' &&
+      (
+        (github.event_name == 'issue_comment' && (github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'COLLABORATOR')) ||
+        (github.event_name == 'pull_request_review_comment' && (github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'COLLABORATOR')) ||
+        (github.event_name == 'pull_request_review' && (github.event.review.author_association == 'MEMBER' || github.event.review.author_association == 'OWNER' || github.event.review.author_association == 'COLLABORATOR')) ||
+        (github.event_name == 'issues' && (github.event.issue.author_association == 'MEMBER' || github.event.issue.author_association == 'OWNER' || github.event.issue.author_association == 'COLLABORATOR'))
+      ) &&
      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
-    runs-on: ubuntu-latest
+    runs-on: claude
+    env:
+      IS_SANDBOX: 1
+    container:
+      image: localhost:5000/claude-bun:latest
+      options: --privileged --user 1000:1000
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
+        working-directory: /workspace/bun
+        run: |
+          git config --global user.email "claude-bot@bun.sh" && \
+          git config --global user.name "Claude Bot" && \
+          git config --global url."git@github.com:".insteadOf "https://github.com/" && \
+          git config --global url."git@github.com:".insteadOf "http://github.com/" && \
+          git config --global --add safe.directory /workspace/bun && \
+          git config --global push.default current && \
+          git config --global pull.rebase true && \
+          git config --global init.defaultBranch main && \
+          git config --global core.editor "vim" && \
+          git config --global color.ui auto && \
+          git config --global fetch.prune true && \
+          git config --global diff.colorMoved zebra && \
+          git config --global merge.conflictStyle diff3 && \
+          git config --global rerere.enabled true && \
+          git config --global core.autocrlf input
+          git fetch origin ${{ github.event.pull_request.head.sha }}
+          git checkout ${{ github.event.pull_request.head.ref }}
+          git reset --hard origin/${{ github.event.pull_request.head.ref }}
      - name: Run Claude Code
        id: claude
-        uses: anthropics/claude-code-action@beta
+        # TODO: switch this out once they merge their v1
+        uses: km-anthropic/claude-code-action@v1-dev
        with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
-
+          timeout_minutes: "180"
+          claude_args: |
+            --dangerously-skip-permissions
+            --system-prompt "You are working on the Bun codebase"
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -6,6 +6,8 @@ on:
      - "docs/**"
      - "packages/bun-types/**.d.ts"
      - "CONTRIBUTING.md"
+      - "src/cli/install.sh"
+      - "src/cli/install.ps1"
    branches:
      - main

--- a/.github/workflows/format.yml
+++ b/.github/workflows/format.yml
@@ -37,24 +37,72 @@ jobs:
      - name: Setup Dependencies
        run: |
          bun install
-      - name: Install LLVM
+      - name: Format Code
        run: |
-          curl -fsSL https://apt.llvm.org/llvm.sh | sudo bash -s -- ${{ env.LLVM_VERSION_MAJOR }} all
-      - name: Setup Zig
-        uses: mlugg/setup-zig@v1
-        with:
-          version: 0.14.0
-      - name: Zig Format
-        run: |
-          zig fmt src
-          ./scripts/sort-imports.ts src
-          zig fmt src
-      - name: Prettier Format
-        run: |
-          bun run prettier
-      - name: Clang Format
-        run: |
-          bun run clang-format
+          # Start prettier in background with prefixed output
+          echo "::group::Prettier"
+          (bun run prettier 2>&1 | sed 's/^/[prettier] /' || echo "[prettier] Failed with exit code $?") &
+          PRETTIER_PID=$!
+          
+          # Start clang-format installation and formatting in background with prefixed output
+          echo "::group::Clang-format"
+          (
+            echo "[clang-format] Installing clang-format-${{ env.LLVM_VERSION_MAJOR }}..."
+            wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc > /dev/null
+            echo "deb http://apt.llvm.org/$(lsb_release -cs)/ llvm-toolchain-$(lsb_release -cs)-${{ env.LLVM_VERSION_MAJOR }} main" | sudo tee /etc/apt/sources.list.d/llvm.list > /dev/null
+            sudo apt-get update -qq
+            sudo apt-get install -y -qq --no-install-recommends --no-install-suggests -o=Dpkg::Use-Pty=0 clang-format-${{ env.LLVM_VERSION_MAJOR }}
+            echo "[clang-format] Running clang-format..."
+            LLVM_VERSION_MAJOR=${{ env.LLVM_VERSION_MAJOR }} ./scripts/run-clang-format.sh format 2>&1 | sed 's/^/[clang-format] /'
+          ) &
+          CLANG_PID=$!
+          
+          # Setup Zig in temp directory and run zig fmt in background with prefixed output
+          echo "::group::Zig fmt"
+          (
+            ZIG_TEMP=$(mktemp -d)
+            echo "[zig] Downloading Zig (musl build)..."
+            wget -q -O "$ZIG_TEMP/zig.zip" https://github.com/oven-sh/zig/releases/download/autobuild-d1a4e0b0ddc75f37c6a090b97eef0cbb6335556e/bootstrap-x86_64-linux-musl.zip
+            unzip -q -d "$ZIG_TEMP" "$ZIG_TEMP/zig.zip"
+            export PATH="$ZIG_TEMP/bootstrap-x86_64-linux-musl:$PATH"
+            echo "[zig] Running zig fmt..."
+            zig fmt src 2>&1 | sed 's/^/[zig] /'
+            ./scripts/sort-imports.ts src 2>&1 | sed 's/^/[zig] /'
+            zig fmt src 2>&1 | sed 's/^/[zig] /'
+            rm -rf "$ZIG_TEMP"
+          ) &
+          ZIG_PID=$!
+          
+          # Wait for all formatting tasks to complete
+          echo ""
+          echo "Running formatters in parallel..."
+          FAILED=0
+          
+          if ! wait $PRETTIER_PID; then
+            echo "::error::Prettier failed"
+            FAILED=1
+          fi
+          echo "::endgroup::"
+          
+          if ! wait $CLANG_PID; then
+            echo "::error::Clang-format failed"
+            FAILED=1
+          fi
+          echo "::endgroup::"
+          
+          if ! wait $ZIG_PID; then
+            echo "::error::Zig fmt failed"
+            FAILED=1
+          fi
+          echo "::endgroup::"
+          
+          # Exit with error if any formatter failed
+          if [ $FAILED -eq 1 ]; then
+            echo "::error::One or more formatters failed"
+            exit 1
+          fi
+          
+          echo "✅ All formatters completed successfully"
      - name: Ban Words
        run: |
          bun ./test/internal/ban-words.test.ts
--- a/.gitignore
+++ b/.gitignore
@@ -184,4 +184,6 @@ codegen-for-zig-team.tar.gz
 *.sock
 scratch*.{js,ts,tsx,cjs,mjs}

-*.bun-build
+*.bun-build
+
+scripts/lldb-inline
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -22,6 +22,9 @@
        "BUN_DEBUG_QUIET_LOGS": "1",
        "BUN_DEBUG_jest": "1",
        "BUN_GARBAGE_COLLECTOR_LEVEL": "1",
+        // "BUN_JSC_validateExceptionChecks": "1",
+        // "BUN_JSC_dumpSimulatedThrows": "1",
+        // "BUN_JSC_unexpectedExceptionStackTraceLimit": "20",
      },
      "console": "internalConsole",
      "sourceMap": {
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -168,5 +168,5 @@
    "WebKit/WebInspectorUI": true,
  },
  "git.detectSubmodules": false,
-  "bun.test.customScript": "./build/debug/bun-debug test"
+  "bun.test.customScript": "./build/debug/bun-debug test",
 }
--- a/0
+++ b/0
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -6,7 +6,7 @@ This is the Bun repository - an all-in-one JavaScript runtime & toolkit designed

 - **Build debug version**: `bun bd`
  - Creates a debug build at `./build/debug/bun-debug`
-  - Compilation takes ~5 minutes. Don't timeout, be patient.
+  - **CRITICAL**: DO NOT set a build timeout. Compilation takes ~5 minutes. Be patient.
 - **Run tests with your debug build**: `bun bd test <test-file>`
  - **CRITICAL**: Never use `bun test` directly - it won't include your changes
 - **Run any command with debug build**: `bun bd <command>`
@@ -43,7 +43,12 @@ Tests use Bun's Jest-compatible test runner with proper test fixtures:

 ```typescript
 import { test, expect } from "bun:test";
-import { bunEnv, bunExe, tempDirWithFiles } from "harness";
+import {
+  bunEnv,
+  bunExe,
+  normalizeBunSnapshot,
+  tempDirWithFiles,
+} from "harness";

 test("my feature", async () => {
  // Create temp directory with test files
@@ -56,19 +61,25 @@ test("my feature", async () => {
    cmd: [bunExe(), "index.js"],
    env: bunEnv,
    cwd: dir,
+    stderr: "pipe",
  });

  const [stdout, stderr, exitCode] = await Promise.all([
-    new Response(proc.stdout).text(),
-    new Response(proc.stderr).text(),
+    proc.stdout.text(),
+    proc.stderr.text(),
    proc.exited,
  ]);

  expect(exitCode).toBe(0);
-  expect(stdout).toBe("hello\n");
+  // Prefer snapshot tests over expect(stdout).toBe("hello\n");
+  expect(normalizeBunSnapshot(stdout, dir)).toMatchInlineSnapshot(`"hello"`);
 });
 ```

+- Always use `port: 0`. Do not hardcode ports. Do not use your own random port number function.
+- Use `normalizeBunSnapshot` to normalize snapshot output of the test.
+- NEVER write tests that check for no "panic" or "uncaught exception" or similar in the test output. That is NOT a valid test.
+
 ## Code Architecture

 ### Language Structure
@@ -133,7 +144,6 @@ test("my feature", async () => {
 When implementing JavaScript classes in C++:

 1. Create three classes if there's a public constructor:
-
   - `class Foo : public JSC::JSDestructibleObject` (if has C++ fields)
   - `class FooPrototype : public JSC::JSNonFinalObject`
   - `class FooConstructor : public JSC::InternalFunction`
@@ -193,7 +203,6 @@ Built-in JavaScript modules use special syntax and are organized as:
   ```

 3. **Debug helpers**:
-
   - `$debug()` - Like console.log but stripped in release builds
   - `$assert()` - Assertions stripped in release builds
   - `if($debug) {}` - Check if debug env var is set
@@ -221,15 +230,17 @@ bun ci
 ## Important Development Notes

 1. **Never use `bun test` or `bun <file>` directly** - always use `bun bd test` or `bun bd <command>`. `bun bd` compiles & runs the debug build.
-2. **Use `await using`** for proper resource cleanup with Bun APIs (Bun.spawn, Bun.serve, Bun.connect, etc.)
-3. **Follow existing code style** - check neighboring files for patterns
-4. **Create regression tests** in `test/regression/issue/` when fixing bugs
-5. **Use absolute paths** - Always use absolute paths in file operations
-6. **Avoid shell commands** - Don't use `find` or `grep` in tests; use Bun's Glob and built-in tools
-7. **Memory management** - In Zig code, be careful with allocators and use defer for cleanup
-8. **Cross-platform** - Test on macOS, Linux, and Windows when making platform-specific changes
-9. **Debug builds** - Use `BUN_DEBUG_QUIET_LOGS=1` to disable debug logging, or `BUN_DEBUG_<scope>=1` to enable specific scopes
-10. **Transpiled source** - Find transpiled files in `/tmp/bun-debug-src/` for debugging
+2. **All changes must be tested** - if you're not testing your changes, you're not done.
+3. **Get your tests to pass**. If you didn't run the tests, your code does not work.
+4. **Follow existing code style** - check neighboring files for patterns
+5. **Create tests in the right folder** in `test/` and the test must end in `.test.ts` or `.test.tsx`
+6. **Use absolute paths** - Always use absolute paths in file operations
+7. **Avoid shell commands** - Don't use `find` or `grep` in tests; use Bun's Glob and built-in tools
+8. **Memory management** - In Zig code, be careful with allocators and use defer for cleanup
+9. **Cross-platform** - Run `bun run zig:check-all` to compile the Zig code on all platforms when making platform-specific changes
+10. **Debug builds** - Use `BUN_DEBUG_QUIET_LOGS=1` to disable debug logging, or `BUN_DEBUG_<scope>=1` to enable specific scopes
+11. **Be humble & honest** - NEVER overstate what you got done or what actually works in commits, PRs or in messages to the user.
+12. **Branch names must start with `claude/`** - This is a requirement for the CI to work.

 ## Key APIs and Features

--- a/0
+++ b/0
--- a/2
+++ b/2
@@ -1 +1 @@
-1.2.19
+1.2.20
--- a/2046
+++ b/2046
--- a/app.js
+++ b/app.js
@@ -0,0 +1,7 @@
+export default {
+  port: 3000,
+  fetch() {
+    import('./nonexistent.js');
+    return new Response('hello');
+  }
+}
--- a/bench/bun.lock
+++ b/bench/bun.lock
@@ -15,11 +15,13 @@
        "eventemitter3": "^5.0.0",
        "execa": "^8.0.1",
        "fast-glob": "3.3.1",
+        "fastify": "^5.0.0",
        "fdir": "^6.1.0",
        "mitata": "^1.0.25",
        "react": "^18.3.1",
        "react-dom": "^18.3.1",
        "string-width": "7.1.0",
+        "strip-ansi": "^7.1.0",
        "tinycolor2": "^1.6.0",
        "zx": "^7.2.3",
      },
@@ -93,6 +95,18 @@

    "@esbuild/linux-loong64": ["@esbuild/linux-loong64@0.14.54", "", { "os": "linux", "cpu": "none" }, "sha512-bZBrLAIX1kpWelV0XemxBZllyRmM6vgFQQG2GdNb+r3Fkp0FOh1NJSvekXDs7jq70k4euu1cryLMfU+mTXlEpw=="],

+    "@fastify/ajv-compiler": ["@fastify/ajv-compiler@4.0.2", "", { "dependencies": { "ajv": "^8.12.0", "ajv-formats": "^3.0.1", "fast-uri": "^3.0.0" } }, "sha512-Rkiu/8wIjpsf46Rr+Fitd3HRP+VsxUFDDeag0hs9L0ksfnwx2g7SPQQTFL0E8Qv+rfXzQOxBJnjUB9ITUDjfWQ=="],
+
+    "@fastify/error": ["@fastify/error@4.2.0", "", {}, "sha512-RSo3sVDXfHskiBZKBPRgnQTtIqpi/7zhJOEmAxCiBcM7d0uwdGdxLlsCaLzGs8v8NnxIRlfG0N51p5yFaOentQ=="],
+
+    "@fastify/fast-json-stringify-compiler": ["@fastify/fast-json-stringify-compiler@5.0.3", "", { "dependencies": { "fast-json-stringify": "^6.0.0" } }, "sha512-uik7yYHkLr6fxd8hJSZ8c+xF4WafPK+XzneQDPU+D10r5X19GW8lJcom2YijX2+qtFF1ENJlHXKFM9ouXNJYgQ=="],
+
+    "@fastify/forwarded": ["@fastify/forwarded@3.0.0", "", {}, "sha512-kJExsp4JCms7ipzg7SJ3y8DwmePaELHxKYtg+tZow+k0znUTf3cb+npgyqm8+ATZOdmfgfydIebPDWM172wfyA=="],
+
+    "@fastify/merge-json-schemas": ["@fastify/merge-json-schemas@0.2.1", "", { "dependencies": { "dequal": "^2.0.3" } }, "sha512-OA3KGBCy6KtIvLf8DINC5880o5iBlDX4SxzLQS8HorJAbqluzLRn80UXU0bxZn7UOFhFgpRJDasfwn9nG4FG4A=="],
+
+    "@fastify/proxy-addr": ["@fastify/proxy-addr@5.0.0", "", { "dependencies": { "@fastify/forwarded": "^3.0.0", "ipaddr.js": "^2.1.0" } }, "sha512-37qVVA1qZ5sgH7KpHkkC4z9SK6StIsIcOmpjvMPXNb3vx2GQxhZocogVYbr2PbbeLCQxYIPDok307xEvRZOzGA=="],
+
    "@jridgewell/gen-mapping": ["@jridgewell/gen-mapping@0.1.1", "", { "dependencies": { "@jridgewell/set-array": "^1.0.0", "@jridgewell/sourcemap-codec": "^1.4.10" } }, "sha512-sQXCasFk+U8lWYEe66WxRDOE9PjVz4vSM51fTu3Hw+ClTpUSQb718772vH3pyS5pShp6lvQM7SxgIDXXXmOX7w=="],

    "@jridgewell/resolve-uri": ["@jridgewell/resolve-uri@3.1.0", "", {}, "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w=="],
@@ -143,10 +157,20 @@

    "@types/which": ["@types/which@3.0.3", "", {}, "sha512-2C1+XoY0huExTbs8MQv1DuS5FS86+SEjdM9F/+GS61gg5Hqbtj8ZiDSx8MfWcyei907fIPbfPGCOrNUTnVHY1g=="],

+    "abstract-logging": ["abstract-logging@2.0.1", "", {}, "sha512-2BjRTZxTPvheOvGbBslFSYOUkr+SjPtOnrLP33f+VIWLzezQpZcqVg7ja3L4dBXmzzgwT+a029jRx5PCi3JuiA=="],
+
+    "ajv": ["ajv@8.17.1", "", { "dependencies": { "fast-deep-equal": "^3.1.3", "fast-uri": "^3.0.1", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2" } }, "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g=="],
+
+    "ajv-formats": ["ajv-formats@3.0.1", "", { "dependencies": { "ajv": "^8.0.0" } }, "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ=="],
+
    "ansi-regex": ["ansi-regex@6.0.1", "", {}, "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA=="],

    "ansi-styles": ["ansi-styles@3.2.1", "", { "dependencies": { "color-convert": "^1.9.0" } }, "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA=="],

+    "atomic-sleep": ["atomic-sleep@1.0.0", "", {}, "sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ=="],
+
+    "avvio": ["avvio@9.1.0", "", { "dependencies": { "@fastify/error": "^4.0.0", "fastq": "^1.17.1" } }, "sha512-fYASnYi600CsH/j9EQov7lECAniYiBFiiAtBNuZYLA2leLe9qOvZzqYHFjtIj6gD2VMoMLP14834LFWvr4IfDw=="],
+
    "benchmark": ["benchmark@2.1.4", "", { "dependencies": { "lodash": "^4.17.4", "platform": "^1.3.3" } }, "sha512-l9MlfN4M1K/H2fbhfMy3B7vJd6AGKJVQn2h6Sg/Yx+KckoUA7ewS5Vv6TjSq18ooE1kS9hhAlQRH3AkXIh/aOQ=="],

    "braces": ["braces@3.0.2", "", { "dependencies": { "fill-range": "^7.0.1" } }, "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A=="],
@@ -167,12 +191,16 @@

    "convert-source-map": ["convert-source-map@1.9.0", "", {}, "sha512-ASFBup0Mz1uyiIjANan1jzLQami9z1PoYSZCiiYW2FczPbenXc45FZdBZLzOT+r6+iciuEModtmCti+hjaAk0A=="],

+    "cookie": ["cookie@1.0.2", "", {}, "sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA=="],
+
    "cross-spawn": ["cross-spawn@7.0.3", "", { "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", "which": "^2.0.1" } }, "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w=="],

    "data-uri-to-buffer": ["data-uri-to-buffer@4.0.1", "", {}, "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A=="],

    "debug": ["debug@4.3.4", "", { "dependencies": { "ms": "2.1.2" } }, "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ=="],

+    "dequal": ["dequal@2.0.3", "", {}, "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA=="],
+
    "dir-glob": ["dir-glob@3.0.1", "", { "dependencies": { "path-type": "^4.0.0" } }, "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA=="],

    "duplexer": ["duplexer@0.1.2", "", {}, "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg=="],
@@ -233,10 +261,22 @@

    "execa": ["execa@8.0.1", "", { "dependencies": { "cross-spawn": "^7.0.3", "get-stream": "^8.0.1", "human-signals": "^5.0.0", "is-stream": "^3.0.0", "merge-stream": "^2.0.0", "npm-run-path": "^5.1.0", "onetime": "^6.0.0", "signal-exit": "^4.1.0", "strip-final-newline": "^3.0.0" } }, "sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg=="],

+    "fast-decode-uri-component": ["fast-decode-uri-component@1.0.1", "", {}, "sha512-WKgKWg5eUxvRZGwW8FvfbaH7AXSh2cL+3j5fMGzUMCxWBJ3dV3a7Wz8y2f/uQ0e3B6WmodD3oS54jTQ9HVTIIg=="],
+
    "fast-deep-equal": ["fast-deep-equal@3.1.3", "", {}, "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="],

    "fast-glob": ["fast-glob@3.3.1", "", { "dependencies": { "@nodelib/fs.stat": "^2.0.2", "@nodelib/fs.walk": "^1.2.3", "glob-parent": "^5.1.2", "merge2": "^1.3.0", "micromatch": "^4.0.4" } }, "sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg=="],

+    "fast-json-stringify": ["fast-json-stringify@6.0.1", "", { "dependencies": { "@fastify/merge-json-schemas": "^0.2.0", "ajv": "^8.12.0", "ajv-formats": "^3.0.1", "fast-uri": "^3.0.0", "json-schema-ref-resolver": "^2.0.0", "rfdc": "^1.2.0" } }, "sha512-s7SJE83QKBZwg54dIbD5rCtzOBVD43V1ReWXXYqBgwCwHLYAAT0RQc/FmrQglXqWPpz6omtryJQOau5jI4Nrvg=="],
+
+    "fast-querystring": ["fast-querystring@1.1.2", "", { "dependencies": { "fast-decode-uri-component": "^1.0.1" } }, "sha512-g6KuKWmFXc0fID8WWH0jit4g0AGBoJhCkJMb1RmbsSEUNvQ+ZC8D6CUZ+GtF8nMzSPXnhiePyyqqipzNNEnHjg=="],
+
+    "fast-redact": ["fast-redact@3.5.0", "", {}, "sha512-dwsoQlS7h9hMeYUq1W++23NDcBLV4KqONnITDV9DjfS3q1SgDGVrBdvvTLUotWtPSD7asWDV9/CmsZPy8Hf70A=="],
+
+    "fast-uri": ["fast-uri@3.0.6", "", {}, "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw=="],
+
+    "fastify": ["fastify@5.5.0", "", { "dependencies": { "@fastify/ajv-compiler": "^4.0.0", "@fastify/error": "^4.0.0", "@fastify/fast-json-stringify-compiler": "^5.0.0", "@fastify/proxy-addr": "^5.0.0", "abstract-logging": "^2.0.1", "avvio": "^9.0.0", "fast-json-stringify": "^6.0.0", "find-my-way": "^9.0.0", "light-my-request": "^6.0.0", "pino": "^9.0.0", "process-warning": "^5.0.0", "rfdc": "^1.3.1", "secure-json-parse": "^4.0.0", "semver": "^7.6.0", "toad-cache": "^3.7.0" } }, "sha512-ZWSWlzj3K/DcULCnCjEiC2zn2FBPdlZsSA/pnPa/dbUfLvxkD/Nqmb0XXMXLrWkeM4uQPUvjdJpwtXmTfriXqw=="],
+
    "fastq": ["fastq@1.15.0", "", { "dependencies": { "reusify": "^1.0.4" } }, "sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw=="],

    "fdir": ["fdir@6.1.0", "", { "peerDependencies": { "picomatch": "2.x" } }, "sha512-274qhz5PxNnA/fybOu6apTCUnM0GnO3QazB6VH+oag/7DQskdYq8lm07ZSm90kEQuWYH5GvjAxGruuHrEr0bcg=="],
@@ -245,6 +285,8 @@

    "fill-range": ["fill-range@7.0.1", "", { "dependencies": { "to-regex-range": "^5.0.1" } }, "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ=="],

+    "find-my-way": ["find-my-way@9.3.0", "", { "dependencies": { "fast-deep-equal": "^3.1.3", "fast-querystring": "^1.0.0", "safe-regex2": "^5.0.0" } }, "sha512-eRoFWQw+Yv2tuYlK2pjFS2jGXSxSppAs3hSQjfxVKxM5amECzIgYYc1FEI8ZmhSh/Ig+FrKEz43NLRKJjYCZVg=="],
+
    "formdata-polyfill": ["formdata-polyfill@4.0.10", "", { "dependencies": { "fetch-blob": "^3.1.2" } }, "sha512-buewHzMvYL29jdeQTVILecSaZKnt/RJWjoZCF5OW60Z67/GmSLBkOFM7qh1PI3zFNtJbaZL5eQu1vLfazOwj4g=="],

    "from": ["from@0.1.7", "", {}, "sha512-twe20eF1OxVxp/ML/kq2p1uc6KvFK/+vs8WjEbeKmV2He22MKm7YF2ANIt+EOqhJ5L3K/SuuPhk0hWQDjOM23g=="],
@@ -273,6 +315,8 @@

    "ignore": ["ignore@5.3.0", "", {}, "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg=="],

+    "ipaddr.js": ["ipaddr.js@2.2.0", "", {}, "sha512-Ag3wB2o37wslZS19hZqorUnrnzSkpOVy+IiiDEiTqNubEYpYuHWIf6K4psgN2ZWKExS4xhVCrRVfb/wfW8fWJA=="],
+
    "is-arrayish": ["is-arrayish@0.3.2", "", {}, "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ=="],

    "is-extglob": ["is-extglob@2.1.1", "", {}, "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ=="],
@@ -289,10 +333,16 @@

    "jsesc": ["jsesc@2.5.2", "", { "bin": { "jsesc": "bin/jsesc" } }, "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA=="],

+    "json-schema-ref-resolver": ["json-schema-ref-resolver@2.0.1", "", { "dependencies": { "dequal": "^2.0.3" } }, "sha512-HG0SIB9X4J8bwbxCbnd5FfPEbcXAJYTi1pBJeP/QPON+w8ovSME8iRG+ElHNxZNX2Qh6eYn1GdzJFS4cDFfx0Q=="],
+
+    "json-schema-traverse": ["json-schema-traverse@1.0.0", "", {}, "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="],
+
    "json5": ["json5@2.2.3", "", { "bin": { "json5": "lib/cli.js" } }, "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg=="],

    "jsonfile": ["jsonfile@6.1.0", "", { "dependencies": { "universalify": "^2.0.0" }, "optionalDependencies": { "graceful-fs": "^4.1.6" } }, "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ=="],

+    "light-my-request": ["light-my-request@6.6.0", "", { "dependencies": { "cookie": "^1.0.1", "process-warning": "^4.0.0", "set-cookie-parser": "^2.6.0" } }, "sha512-CHYbu8RtboSIoVsHZ6Ye4cj4Aw/yg2oAFimlF7mNvfDV192LR7nDiKtSIfCuLT7KokPSTn/9kfVLm5OGN0A28A=="],
+
    "lodash": ["lodash@4.17.21", "", {}, "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="],

    "loose-envify": ["loose-envify@1.4.0", "", { "dependencies": { "js-tokens": "^3.0.0 || ^4.0.0" }, "bin": { "loose-envify": "cli.js" } }, "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q=="],
@@ -323,6 +373,8 @@

    "npm-run-path": ["npm-run-path@5.2.0", "", { "dependencies": { "path-key": "^4.0.0" } }, "sha512-W4/tgAXFqFA0iL7fk0+uQ3g7wkL8xJmx3XdK0VGb4cHW//eZTtKGvFBBoRKVTpY7n6ze4NL9ly7rgXcHufqXKg=="],

+    "on-exit-leak-free": ["on-exit-leak-free@2.1.2", "", {}, "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA=="],
+
    "onetime": ["onetime@6.0.0", "", { "dependencies": { "mimic-fn": "^4.0.0" } }, "sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ=="],

    "path-key": ["path-key@3.1.1", "", {}, "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q=="],
@@ -335,24 +387,50 @@

    "picomatch": ["picomatch@2.3.1", "", {}, "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="],

+    "pino": ["pino@9.9.0", "", { "dependencies": { "atomic-sleep": "^1.0.0", "fast-redact": "^3.1.1", "on-exit-leak-free": "^2.1.0", "pino-abstract-transport": "^2.0.0", "pino-std-serializers": "^7.0.0", "process-warning": "^5.0.0", "quick-format-unescaped": "^4.0.3", "real-require": "^0.2.0", "safe-stable-stringify": "^2.3.1", "sonic-boom": "^4.0.1", "thread-stream": "^3.0.0" }, "bin": { "pino": "bin.js" } }, "sha512-zxsRIQG9HzG+jEljmvmZupOMDUQ0Jpj0yAgE28jQvvrdYTlEaiGwelJpdndMl/MBuRr70heIj83QyqJUWaU8mQ=="],
+
+    "pino-abstract-transport": ["pino-abstract-transport@2.0.0", "", { "dependencies": { "split2": "^4.0.0" } }, "sha512-F63x5tizV6WCh4R6RHyi2Ml+M70DNRXt/+HANowMflpgGFMAym/VKm6G7ZOQRjqN7XbGxK1Lg9t6ZrtzOaivMw=="],
+
+    "pino-std-serializers": ["pino-std-serializers@7.0.0", "", {}, "sha512-e906FRY0+tV27iq4juKzSYPbUj2do2X2JX4EzSca1631EB2QJQUqGbDuERal7LCtOpxl6x3+nvo9NPZcmjkiFA=="],
+
    "platform": ["platform@1.3.6", "", {}, "sha512-fnWVljUchTro6RiCFvCXBbNhJc2NijN7oIQxbwsyL0buWJPG85v81ehlHI9fXrJsMNgTofEoWIQeClKpgxFLrg=="],

+    "process-warning": ["process-warning@5.0.0", "", {}, "sha512-a39t9ApHNx2L4+HBnQKqxxHNs1r7KF+Intd8Q/g1bUh6q0WIp9voPXJ/x0j+ZL45KF1pJd9+q2jLIRMfvEshkA=="],
+
    "ps-tree": ["ps-tree@1.2.0", "", { "dependencies": { "event-stream": "=3.3.4" }, "bin": { "ps-tree": "./bin/ps-tree.js" } }, "sha512-0VnamPPYHl4uaU/nSFeZZpR21QAWRz+sRv4iW9+v/GS/J5U5iZB5BNN6J0RMoOvdx2gWM2+ZFMIm58q24e4UYA=="],

    "queue-microtask": ["queue-microtask@1.2.3", "", {}, "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A=="],

+    "quick-format-unescaped": ["quick-format-unescaped@4.0.4", "", {}, "sha512-tYC1Q1hgyRuHgloV/YXs2w15unPVh8qfu/qCTfhTYamaw7fyhumKa2yGpdSo87vY32rIclj+4fWYQXUMs9EHvg=="],
+
    "react": ["react@18.3.1", "", { "dependencies": { "loose-envify": "^1.1.0" } }, "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ=="],

    "react-dom": ["react-dom@18.3.1", "", { "dependencies": { "loose-envify": "^1.1.0", "scheduler": "^0.23.2" }, "peerDependencies": { "react": "^18.3.1" } }, "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw=="],

+    "real-require": ["real-require@0.2.0", "", {}, "sha512-57frrGM/OCTLqLOAh0mhVA9VBMHd+9U7Zb2THMGdBUoZVOtGbJzjxsYGDJ3A9AYYCP4hn6y1TVbaOfzWtm5GFg=="],
+
+    "require-from-string": ["require-from-string@2.0.2", "", {}, "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw=="],
+
+    "ret": ["ret@0.5.0", "", {}, "sha512-I1XxrZSQ+oErkRR4jYbAyEEu2I0avBvvMM5JN+6EBprOGRCs63ENqZ3vjavq8fBw2+62G5LF5XelKwuJpcvcxw=="],
+
    "reusify": ["reusify@1.0.4", "", {}, "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw=="],

+    "rfdc": ["rfdc@1.4.1", "", {}, "sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA=="],
+
    "run-parallel": ["run-parallel@1.2.0", "", { "dependencies": { "queue-microtask": "^1.2.2" } }, "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA=="],

+    "safe-regex2": ["safe-regex2@5.0.0", "", { "dependencies": { "ret": "~0.5.0" } }, "sha512-YwJwe5a51WlK7KbOJREPdjNrpViQBI3p4T50lfwPuDhZnE3XGVTlGvi+aolc5+RvxDD6bnUmjVsU9n1eboLUYw=="],
+
+    "safe-stable-stringify": ["safe-stable-stringify@2.5.0", "", {}, "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA=="],
+
    "scheduler": ["scheduler@0.23.2", "", { "dependencies": { "loose-envify": "^1.1.0" } }, "sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ=="],

+    "secure-json-parse": ["secure-json-parse@4.0.0", "", {}, "sha512-dxtLJO6sc35jWidmLxo7ij+Eg48PM/kleBsxpC8QJE0qJICe+KawkDQmvCMZUr9u7WKVHgMW6vy3fQ7zMiFZMA=="],
+
    "semver": ["semver@6.3.0", "", { "bin": { "semver": "./bin/semver.js" } }, "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw=="],

+    "set-cookie-parser": ["set-cookie-parser@2.7.1", "", {}, "sha512-IOc8uWeOZgnb3ptbCURJWNjWUPcO3ZnTTdzsurqERrP6nPyv+paC55vJM0LpOlT2ne+Ix+9+CRG1MNLlyZ4GjQ=="],
+
    "shebang-command": ["shebang-command@2.0.0", "", { "dependencies": { "shebang-regex": "^3.0.0" } }, "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA=="],

    "shebang-regex": ["shebang-regex@3.0.0", "", {}, "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A=="],
@@ -363,8 +441,12 @@

    "slash": ["slash@4.0.0", "", {}, "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew=="],

+    "sonic-boom": ["sonic-boom@4.2.0", "", { "dependencies": { "atomic-sleep": "^1.0.0" } }, "sha512-INb7TM37/mAcsGmc9hyyI6+QR3rR1zVRu36B0NeGXKnOOLiZOfER5SA+N7X7k3yUYRzLWafduTDvJAfDswwEww=="],
+
    "split": ["split@0.3.3", "", { "dependencies": { "through": "2" } }, "sha512-wD2AeVmxXRBoX44wAycgjVpMhvbwdI2aZjCkvfNcH1YqHQvJVa1duWc73OyVGJUc05fhFaTZeQ/PYsrmyH0JVA=="],

+    "split2": ["split2@4.2.0", "", {}, "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg=="],
+
    "stream-combiner": ["stream-combiner@0.0.4", "", { "dependencies": { "duplexer": "~0.1.1" } }, "sha512-rT00SPnTVyRsaSz5zgSPma/aHSOic5U1prhYdRy5HS2kTZviFpmDgzilbtsJsxiroqACmayynDN/9VzIbX5DOw=="],

    "string-width": ["string-width@7.1.0", "", { "dependencies": { "emoji-regex": "^10.3.0", "get-east-asian-width": "^1.0.0", "strip-ansi": "^7.1.0" } }, "sha512-SEIJCWiX7Kg4c129n48aDRwLbFb2LJmXXFrWBG4NGaRtMQ3myKPKbwrD1BKqQn74oCoNMBVrfDEr5M9YxCsrkw=="],
@@ -375,6 +457,8 @@

    "supports-color": ["supports-color@5.5.0", "", { "dependencies": { "has-flag": "^3.0.0" } }, "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow=="],

+    "thread-stream": ["thread-stream@3.1.0", "", { "dependencies": { "real-require": "^0.2.0" } }, "sha512-OqyPZ9u96VohAyMfJykzmivOrY2wfMSf3C5TtFJVgN+Hm6aj+voFhlK+kZEIv2FBh1X6Xp3DlnCOfEQ3B2J86A=="],
+
    "through": ["through@2.3.8", "", {}, "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg=="],

    "tinycolor2": ["tinycolor2@1.6.0", "", {}, "sha512-XPaBkWQJdsf3pLKJV9p4qN/S+fm2Oj8AIPo1BTUhg5oxkvm9+SVEGFdhyOz7tTdUTfvxMiAs4sp6/eZO2Ew+pw=="],
@@ -383,6 +467,8 @@

    "to-regex-range": ["to-regex-range@5.0.1", "", { "dependencies": { "is-number": "^7.0.0" } }, "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ=="],

+    "toad-cache": ["toad-cache@3.7.0", "", {}, "sha512-/m8M+2BJUpoJdgAHoG+baCwBT+tf2VraSfkBgl0Y00qIWt41DJ8R5B8nsEw0I58YwF5IZH6z24/2TobDKnqSWw=="],
+
    "undici-types": ["undici-types@5.26.5", "", {}, "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA=="],

    "universalify": ["universalify@2.0.1", "", {}, "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw=="],
@@ -407,8 +493,14 @@

    "ansi-styles/color-convert": ["color-convert@1.9.3", "", { "dependencies": { "color-name": "1.1.3" } }, "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg=="],

+    "avvio/fastq": ["fastq@1.19.1", "", { "dependencies": { "reusify": "^1.0.4" } }, "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ=="],
+
    "cross-spawn/which": ["which@2.0.2", "", { "dependencies": { "isexe": "^2.0.0" }, "bin": { "node-which": "./bin/node-which" } }, "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA=="],

+    "fastify/semver": ["semver@7.7.2", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA=="],
+
+    "light-my-request/process-warning": ["process-warning@4.0.1", "", {}, "sha512-3c2LzQ3rY9d0hc1emcsHhfT9Jwz0cChib/QN89oME2R451w5fy3f0afAhERFZAwrbDU43wk12d0ORBpDVME50Q=="],
+
    "npm-run-path/path-key": ["path-key@4.0.0", "", {}, "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ=="],

    "ansi-styles/color-convert/color-name": ["color-name@1.1.3", "", {}, "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw=="],
--- a/bench/package.json
+++ b/bench/package.json
@@ -18,6 +18,7 @@
    "react": "^18.3.1",
    "react-dom": "^18.3.1",
    "string-width": "7.1.0",
+    "strip-ansi": "^7.1.0",
    "tinycolor2": "^1.6.0",
    "zx": "^7.2.3"
  },
--- a/bench/postMessage/postMessage-string.mjs
+++ b/bench/postMessage/postMessage-string.mjs
@@ -0,0 +1,77 @@
+// Benchmark for string fast path optimization in postMessage with Workers
+
+import { bench, run } from "mitata";
+import { Worker, isMainThread, parentPort } from "node:worker_threads";
+
+// Test strings of different sizes
+const strings = {
+  small: "Hello world",
+  medium: Buffer.alloc("Hello World!!!".length * 1024, "Hello World!!!").toString(),
+  large: Buffer.alloc("Hello World!!!".length * 1024 * 256, "Hello World!!!").toString(),
+};
+
+let worker;
+let receivedCount = new Int32Array(new SharedArrayBuffer(4));
+let sentCount = 0;
+
+function createWorker() {
+  const workerCode = `
+    import { parentPort, workerData } from "node:worker_threads";
+
+    let int = workerData;
+
+    parentPort?.on("message", data => {
+      Atomics.add(int, 0, 1);
+    });
+  `;
+
+  worker = new Worker(workerCode, { eval: true, workerData: receivedCount });
+
+  worker.on("message", confirmationId => {});
+
+  worker.on("error", error => {
+    console.error("Worker error:", error);
+  });
+}
+
+// Initialize worker before running benchmarks
+createWorker();
+
+function fmt(int) {
+  if (int < 1000) {
+    return `${int} chars`;
+  }
+
+  if (int < 100000) {
+    return `${(int / 1024) | 0} KB`;
+  }
+
+  return `${(int / 1024 / 1024) | 0} MB`;
+}
+
+// Benchmark postMessage with pure strings (uses fast path)
+bench("postMessage(" + fmt(strings.small.length) + " string)", async () => {
+  sentCount++;
+  worker.postMessage(strings.small);
+});
+
+bench("postMessage(" + fmt(strings.medium.length) + " string)", async () => {
+  sentCount++;
+  worker.postMessage(strings.medium);
+});
+
+bench("postMessage(" + fmt(strings.large.length) + " string)", async () => {
+  sentCount++;
+  worker.postMessage(strings.large);
+});
+
+await run();
+
+await new Promise(resolve => setTimeout(resolve, 5000));
+
+if (receivedCount[0] !== sentCount) {
+  throw new Error("Expected " + receivedCount[0] + " to equal " + sentCount);
+}
+
+// Cleanup worker
+worker?.terminate();
--- a/bench/postMessage/structureClone-string.mjs
+++ b/bench/postMessage/structureClone-string.mjs
@@ -0,0 +1,56 @@
+// Benchmark for string fast path optimization in postMessage and structuredClone
+
+import { bench, run } from "mitata";
+
+// Test strings of different sizes
+const strings = {
+  small: "Hello world",
+  medium: "Hello World!!!".repeat(1024).split("").join(""),
+  large: "Hello World!!!".repeat(1024).repeat(1024).split("").join(""),
+};
+
+console.log("String fast path benchmark");
+console.log("Comparing pure strings (fast path) vs objects containing strings (traditional)");
+console.log("For structuredClone, pure strings should have constant time regardless of size.");
+console.log("");
+
+// Benchmark structuredClone with pure strings (uses fast path)
+bench("structuredClone small string (fast path)", () => {
+  structuredClone(strings.small);
+});
+
+bench("structuredClone medium string (fast path)", () => {
+  structuredClone(strings.medium);
+});
+
+bench("structuredClone large string (fast path)", () => {
+  structuredClone(strings.large);
+});
+
+// Benchmark structuredClone with objects containing strings (traditional path)
+bench("structuredClone object with small string", () => {
+  structuredClone({ str: strings.small });
+});
+
+bench("structuredClone object with medium string", () => {
+  structuredClone({ str: strings.medium });
+});
+
+bench("structuredClone object with large string", () => {
+  structuredClone({ str: strings.large });
+});
+
+// Multiple string cloning benchmark
+bench("structuredClone 100 small strings", () => {
+  for (let i = 0; i < 100; i++) {
+    structuredClone(strings.small);
+  }
+});
+
+bench("structuredClone 100 small objects", () => {
+  for (let i = 0; i < 100; i++) {
+    structuredClone({ str: strings.small });
+  }
+});
+
+await run();
--- a/bench/snippets/strip-ansi.mjs
+++ b/bench/snippets/strip-ansi.mjs
@@ -0,0 +1,37 @@
+import npmStripAnsi from "strip-ansi";
+import { bench, run } from "../runner.mjs";
+
+let bunStripANSI = null;
+if (!process.env.FORCE_NPM) {
+  bunStripANSI = globalThis?.Bun?.stripANSI;
+}
+
+const stripANSI = bunStripANSI || npmStripAnsi;
+const formatter = new Intl.NumberFormat();
+const format = n => {
+  return formatter.format(n);
+};
+
+const inputs = [
+  ["hello world", "no-ansi"],
+  ["\x1b[31mred\x1b[39m", "ansi"],
+  ["a".repeat(1024 * 16), "long-no-ansi"],
+  ["\x1b[31mred\x1b[39m".repeat(1024 * 16), "long-ansi"],
+];
+
+const maxInputLength = Math.max(...inputs.map(([input]) => input.length));
+
+for (const [input, textLabel] of inputs) {
+  const label = bunStripANSI ? "Bun.stripANSI" : "npm/strip-ansi";
+  const name = `${label} ${format(input.length).padStart(format(maxInputLength).length, " ")} chars ${textLabel}`;
+
+  bench(name, () => {
+    stripANSI(input);
+  });
+
+  if (bunStripANSI && bunStripANSI(input) !== npmStripAnsi(input)) {
+    throw new Error("strip-ansi mismatch");
+  }
+}
+
+await run();
--- a/bench/yaml/bun.lock
+++ b/bench/yaml/bun.lock
@@ -0,0 +1,19 @@
+{
+  "lockfileVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "yaml-benchmark",
+      "dependencies": {
+        "js-yaml": "^4.1.0",
+        "yaml": "^2.8.1",
+      },
+    },
+  },
+  "packages": {
+    "argparse": ["argparse@2.0.1", "", {}, "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="],
+
+    "js-yaml": ["js-yaml@4.1.0", "", { "dependencies": { "argparse": "^2.0.1" }, "bin": { "js-yaml": "bin/js-yaml.js" } }, "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA=="],
+
+    "yaml": ["yaml@2.8.1", "", { "bin": { "yaml": "bin.mjs" } }, "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw=="],
+  }
+}
--- a/bench/yaml/package.json
+++ b/bench/yaml/package.json
@@ -0,0 +1,8 @@
+{
+  "name": "yaml-benchmark",
+  "version": "1.0.0",
+  "dependencies": {
+    "js-yaml": "^4.1.0",
+    "yaml": "^2.8.1"
+  }
+}
--- a/bench/yaml/yaml-parse.mjs
+++ b/bench/yaml/yaml-parse.mjs
@@ -0,0 +1,368 @@
+import { bench, group, run } from "../runner.mjs";
+import jsYaml from "js-yaml";
+import yaml from "yaml";
+
+// Small YAML document
+const smallYaml = `
+name: John Doe
+age: 30
+email: john@example.com
+active: true
+`;
+
+// Medium YAML document with nested structures
+const mediumYaml = `
+company: Acme Corp
+employees:
+  - name: John Doe
+    age: 30
+    position: Developer
+    skills:
+      - JavaScript
+      - TypeScript
+      - Node.js
+  - name: Jane Smith
+    age: 28
+    position: Designer
+    skills:
+      - Figma
+      - Photoshop
+      - Illustrator
+  - name: Bob Johnson
+    age: 35
+    position: Manager
+    skills:
+      - Leadership
+      - Communication
+      - Planning
+settings:
+  database:
+    host: localhost
+    port: 5432
+    name: mydb
+  cache:
+    enabled: true
+    ttl: 3600
+`;
+
+// Large YAML document with complex structures
+const largeYaml = `
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
+        env:
+        - name: ENV_VAR_1
+          value: "value1"
+        - name: ENV_VAR_2
+          value: "value2"
+        volumeMounts:
+        - name: config
+          mountPath: /etc/nginx
+        resources:
+          limits:
+            cpu: "1"
+            memory: "1Gi"
+          requests:
+            cpu: "0.5"
+            memory: "512Mi"
+      volumes:
+      - name: config
+        configMap:
+          name: nginx-config
+          items:
+          - key: nginx.conf
+            path: nginx.conf
+          - key: mime.types
+            path: mime.types
+      nodeSelector:
+        disktype: ssd
+      tolerations:
+      - key: "key1"
+        operator: "Equal"
+        value: "value1"
+        effect: "NoSchedule"
+      - key: "key2"
+        operator: "Exists"
+        effect: "NoExecute"
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/e2e-az-name
+                operator: In
+                values:
+                - e2e-az1
+                - e2e-az2
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app
+                  operator: In
+                  values:
+                  - web-store
+              topologyKey: kubernetes.io/hostname
+`;
+
+// YAML with anchors and references
+const yamlWithAnchors = `
+defaults: &defaults
+  adapter: postgresql
+  host: localhost
+  port: 5432
+
+development:
+  <<: *defaults
+  database: dev_db
+
+test:
+  <<: *defaults
+  database: test_db
+
+production:
+  <<: *defaults
+  database: prod_db
+  host: prod.example.com
+`;
+
+// Array of items
+const arrayYaml = `
+- id: 1
+  name: Item 1
+  price: 10.99
+  tags: [electronics, gadgets]
+- id: 2
+  name: Item 2
+  price: 25.50
+  tags: [books, education]
+- id: 3
+  name: Item 3
+  price: 5.00
+  tags: [food, snacks]
+- id: 4
+  name: Item 4
+  price: 100.00
+  tags: [electronics, computers]
+- id: 5
+  name: Item 5
+  price: 15.75
+  tags: [clothing, accessories]
+`;
+
+// Multiline strings
+const multilineYaml = `
+description: |
+  This is a multiline string
+  that preserves line breaks
+  and indentation.
+  
+  It can contain multiple paragraphs
+  and special characters: !@#$%^&*()
+  
+folded: >
+  This is a folded string
+  where line breaks are converted
+  to spaces unless there are
+  
+  empty lines like above.
+plain: This is a plain string
+quoted: "This is a quoted string with \\"escapes\\""
+literal: 'This is a literal string with ''quotes'''
+`;
+
+// Numbers and special values
+const numbersYaml = `
+integer: 42
+negative: -17
+float: 3.14159
+scientific: 1.23e-4
+infinity: .inf
+negativeInfinity: -.inf
+notANumber: .nan
+octal: 0o755
+hex: 0xFF
+binary: 0b1010
+`;
+
+// Dates and timestamps
+const datesYaml = `
+date: 2024-01-15
+datetime: 2024-01-15T10:30:00Z
+timestamp: 2024-01-15 10:30:00.123456789 -05:00
+canonical: 2024-01-15T10:30:00.123456789Z
+`;
+
+// Parse benchmarks
+group("parse small YAML", () => {
+  if (typeof Bun !== "undefined" && Bun.YAML) {
+    bench("Bun.YAML.parse", () => {
+      globalThis.result = Bun.YAML.parse(smallYaml);
+    });
+  }
+
+  bench("js-yaml.load", () => {
+    globalThis.result = jsYaml.load(smallYaml);
+  });
+
+  bench("yaml.parse", () => {
+    globalThis.result = yaml.parse(smallYaml);
+  });
+});
+
+group("parse medium YAML", () => {
+  if (typeof Bun !== "undefined" && Bun.YAML) {
+    bench("Bun.YAML.parse", () => {
+      globalThis.result = Bun.YAML.parse(mediumYaml);
+    });
+  }
+
+  bench("js-yaml.load", () => {
+    globalThis.result = jsYaml.load(mediumYaml);
+  });
+
+  bench("yaml.parse", () => {
+    globalThis.result = yaml.parse(mediumYaml);
+  });
+});
+
+group("parse large YAML", () => {
+  if (typeof Bun !== "undefined" && Bun.YAML) {
+    bench("Bun.YAML.parse", () => {
+      globalThis.result = Bun.YAML.parse(largeYaml);
+    });
+  }
+
+  bench("js-yaml.load", () => {
+    globalThis.result = jsYaml.load(largeYaml);
+  });
+
+  bench("yaml.parse", () => {
+    globalThis.result = yaml.parse(largeYaml);
+  });
+});
+
+group("parse YAML with anchors", () => {
+  if (typeof Bun !== "undefined" && Bun.YAML) {
+    bench("Bun.YAML.parse", () => {
+      globalThis.result = Bun.YAML.parse(yamlWithAnchors);
+    });
+  }
+
+  bench("js-yaml.load", () => {
+    globalThis.result = jsYaml.load(yamlWithAnchors);
+  });
+
+  bench("yaml.parse", () => {
+    globalThis.result = yaml.parse(yamlWithAnchors);
+  });
+});
+
+group("parse YAML array", () => {
+  if (typeof Bun !== "undefined" && Bun.YAML) {
+    bench("Bun.YAML.parse", () => {
+      globalThis.result = Bun.YAML.parse(arrayYaml);
+    });
+  }
+
+  bench("js-yaml.load", () => {
+    globalThis.result = jsYaml.load(arrayYaml);
+  });
+
+  bench("yaml.parse", () => {
+    globalThis.result = yaml.parse(arrayYaml);
+  });
+});
+
+group("parse YAML with multiline strings", () => {
+  if (typeof Bun !== "undefined" && Bun.YAML) {
+    bench("Bun.YAML.parse", () => {
+      globalThis.result = Bun.YAML.parse(multilineYaml);
+    });
+  }
+
+  bench("js-yaml.load", () => {
+    globalThis.result = jsYaml.load(multilineYaml);
+  });
+
+  bench("yaml.parse", () => {
+    globalThis.result = yaml.parse(multilineYaml);
+  });
+});
+
+group("parse YAML with numbers", () => {
+  if (typeof Bun !== "undefined" && Bun.YAML) {
+    bench("Bun.YAML.parse", () => {
+      globalThis.result = Bun.YAML.parse(numbersYaml);
+    });
+  }
+
+  bench("js-yaml.load", () => {
+    globalThis.result = jsYaml.load(numbersYaml);
+  });
+
+  bench("yaml.parse", () => {
+    globalThis.result = yaml.parse(numbersYaml);
+  });
+});
+
+group("parse YAML with dates", () => {
+  if (typeof Bun !== "undefined" && Bun.YAML) {
+    bench("Bun.YAML.parse", () => {
+      globalThis.result = Bun.YAML.parse(datesYaml);
+    });
+  }
+
+  bench("js-yaml.load", () => {
+    globalThis.result = jsYaml.load(datesYaml);
+  });
+
+  bench("yaml.parse", () => {
+    globalThis.result = yaml.parse(datesYaml);
+  });
+});
+
+// // Stringify benchmarks
+// const smallObjJs = jsYaml.load(smallYaml);
+// const mediumObjJs = jsYaml.load(mediumYaml);
+// const largeObjJs = jsYaml.load(largeYaml);
+
+// group("stringify small object", () => {
+//   bench("js-yaml.dump", () => {
+//     globalThis.result = jsYaml.dump(smallObjJs);
+//   });
+// });
+
+// group("stringify medium object", () => {
+//   bench("js-yaml.dump", () => {
+//     globalThis.result = jsYaml.dump(mediumObjJs);
+//   });
+// });
+
+// group("stringify large object", () => {
+//   bench("js-yaml.dump", () => {
+//     globalThis.result = jsYaml.dump(largeObjJs);
+//   });
+// });
+
+await run();
--- a/bun.lock
+++ b/bun.lock
@@ -6,6 +6,7 @@
      "devDependencies": {
        "@lezer/common": "^1.2.3",
        "@lezer/cpp": "^1.1.3",
+        "@types/bun": "workspace:*",
        "bun-tracestrings": "github:oven-sh/bun.report#912ca63e26c51429d3e6799aa2a6ab079b188fd8",
        "esbuild": "^0.21.4",
        "mitata": "^0.1.11",
@@ -39,8 +40,8 @@
    },
  },
  "overrides": {
-    "@types/bun": "workspace:packages/@types/bun",
    "bun-types": "workspace:packages/bun-types",
+    "@types/bun": "workspace:packages/@types/bun",
  },
  "packages": {
    "@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.21.5", "", { "os": "aix", "cpu": "ppc64" }, "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ=="],
@@ -147,7 +148,7 @@

    "@octokit/webhooks-types": ["@octokit/webhooks-types@7.6.1", "", {}, "sha512-S8u2cJzklBC0FgTwWVLaM8tMrDuDMVE4xiTK4EYXM9GntyvrdbSoxqDQa+Fh57CCNApyIpyeqPhhFEmHPfrXgw=="],

-    "@sentry/types": ["@sentry/types@7.120.3", "", {}, "sha512-C4z+3kGWNFJ303FC+FxAd4KkHvxpNFYAFN8iMIgBwJdpIl25KZ8Q/VdGn0MLLUEHNLvjob0+wvwlcRBBNLXOow=="],
+    "@sentry/types": ["@sentry/types@7.120.4", "", {}, "sha512-cUq2hSSe6/qrU6oZsEP4InMI5VVdD86aypE+ENrQ6eZEVLTCYm1w6XhW1NvIu3UuWh7gZec4a9J7AFpYxki88Q=="],

    "@types/aws-lambda": ["@types/aws-lambda@8.10.152", "", {}, "sha512-soT/c2gYBnT5ygwiHPmd9a1bftj462NWVk2tKCc1PYHSIacB2UwbTS2zYG4jzag1mRDuzg/OjtxQjQ2NKRB6Rw=="],

@@ -159,9 +160,9 @@

    "@types/ms": ["@types/ms@2.1.0", "", {}, "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA=="],

-    "@types/node": ["@types/node@24.1.0", "", { "dependencies": { "undici-types": "~7.8.0" } }, "sha512-ut5FthK5moxFKH2T1CUOC6ctR67rQRvvHdFLCD2Ql6KXmMuCrjsSsRI9UsLCm9M18BMwClv4pn327UvB7eeO1w=="],
+    "@types/node": ["@types/node@24.2.1", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-DRh5K+ka5eJic8CjH7td8QpYEV6Zo10gfRkjHCO3weqZHWDtAaSTFtl4+VMqOJ4N5jcuhZ9/l+yy8rVgw7BQeQ=="],

-    "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="],
+    "@types/react": ["@types/react@19.1.10", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-EhBeSYX0Y6ye8pNebpKrwFJq7BoQ8J5SO6NlvNwwHjSj6adXJViPQrKlsyPw7hLBLvckEMO1yxeGdR82YBBlDg=="],

    "aggregate-error": ["aggregate-error@3.1.0", "", { "dependencies": { "clean-stack": "^2.0.0", "indent-string": "^4.0.0" } }, "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA=="],

@@ -311,7 +312,7 @@

    "uglify-js": ["uglify-js@3.19.3", "", { "bin": { "uglifyjs": "bin/uglifyjs" } }, "sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ=="],

-    "undici-types": ["undici-types@7.8.0", "", {}, "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw=="],
+    "undici-types": ["undici-types@7.10.0", "", {}, "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag=="],

    "universal-github-app-jwt": ["universal-github-app-jwt@1.2.0", "", { "dependencies": { "@types/jsonwebtoken": "^9.0.0", "jsonwebtoken": "^9.0.2" } }, "sha512-dncpMpnsKBk0eetwfN8D8OUHGfiDhhJ+mtsbMl+7PfW7mYjiH8LIcqRmYMtzYLgSh47HjfdBtrBwIQ/gizKR3g=="],

@@ -333,8 +334,6 @@

    "@octokit/webhooks/@octokit/webhooks-methods": ["@octokit/webhooks-methods@4.1.0", "", {}, "sha512-zoQyKw8h9STNPqtm28UGOYFE7O6D4Il8VJwhAtMHFt2C4L0VQT1qGKLeefUOqHNs1mNRYSadVv7x0z8U2yyeWQ=="],

-    "bun-tracestrings/typescript": ["typescript@5.8.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ=="],
-
    "camel-case/no-case": ["no-case@2.3.2", "", { "dependencies": { "lower-case": "^1.1.1" } }, "sha512-rmTZ9kz+f3rCvK2TD1Ue/oZlns7OGoIWP4fc3llxxRXlOkHKoWPPWJOfFYpITabSow43QJbRIoHQXtt10VldyQ=="],

    "change-case/camel-case": ["camel-case@4.1.2", "", { "dependencies": { "pascal-case": "^3.1.2", "tslib": "^2.0.3" } }, "sha512-gxGWBrTT1JuMx6R+o5PTXMmUnhnVzLQ9SNutD4YqKtI6ap897t3tKECYla6gCWEkplXnlNybEkZg9GEGxKFCgw=="],
--- a/cmake/Options.cmake
+++ b/cmake/Options.cmake
@@ -57,6 +57,23 @@ else()
  message(FATAL_ERROR "Unsupported architecture: ${CMAKE_SYSTEM_PROCESSOR}")
 endif()

+# Windows Code Signing Option
+if(WIN32)
+  optionx(ENABLE_WINDOWS_CODESIGNING BOOL "Enable Windows code signing with DigiCert KeyLocker" DEFAULT OFF)
+  
+  if(ENABLE_WINDOWS_CODESIGNING)
+    message(STATUS "Windows code signing: ENABLED")
+    
+    # Check for required environment variables
+    if(NOT DEFINED ENV{SM_API_KEY})
+      message(WARNING "SM_API_KEY not set - code signing may fail")
+    endif()
+    if(NOT DEFINED ENV{SM_CLIENT_CERT_FILE})
+      message(WARNING "SM_CLIENT_CERT_FILE not set - code signing may fail")
+    endif()
+  endif()
+endif()
+
 if(LINUX)
  if(EXISTS "/etc/alpine-release")
    set(DEFAULT_ABI "musl")
@@ -102,6 +119,11 @@ else()
 endif()

 optionx(ENABLE_ASAN BOOL "If ASAN support should be enabled" DEFAULT ${DEFAULT_ASAN})
+optionx(ENABLE_ZIG_ASAN BOOL "If Zig ASAN support should be enabled" DEFAULT ${ENABLE_ASAN})
+
+if (NOT ENABLE_ASAN)
+  set(ENABLE_ZIG_ASAN OFF)
+endif()

 if(RELEASE AND LINUX AND CI AND NOT ENABLE_ASSERTIONS AND NOT ENABLE_ASAN)
  set(DEFAULT_LTO ON)
--- a/cmake/sources/CxxSources.txt
+++ b/cmake/sources/CxxSources.txt
@@ -42,6 +42,7 @@ src/bun.js/bindings/DOMURL.cpp
 src/bun.js/bindings/DOMWrapperWorld.cpp
 src/bun.js/bindings/DoubleFormatter.cpp
 src/bun.js/bindings/EncodeURIComponent.cpp
+src/bun.js/bindings/EncodingTables.cpp
 src/bun.js/bindings/ErrorCode.cpp
 src/bun.js/bindings/ErrorStackFrame.cpp
 src/bun.js/bindings/ErrorStackTrace.cpp
@@ -86,6 +87,7 @@ src/bun.js/bindings/JSNodePerformanceHooksHistogramConstructor.cpp
 src/bun.js/bindings/JSNodePerformanceHooksHistogramPrototype.cpp
 src/bun.js/bindings/JSPropertyIterator.cpp
 src/bun.js/bindings/JSS3File.cpp
+src/bun.js/bindings/JSSecrets.cpp
 src/bun.js/bindings/JSSocketAddressDTO.cpp
 src/bun.js/bindings/JSStringDecoder.cpp
 src/bun.js/bindings/JSWrappingFunction.cpp
@@ -93,6 +95,7 @@ src/bun.js/bindings/JSX509Certificate.cpp
 src/bun.js/bindings/JSX509CertificateConstructor.cpp
 src/bun.js/bindings/JSX509CertificatePrototype.cpp
 src/bun.js/bindings/linux_perf_tracing.cpp
+src/bun.js/bindings/MarkedArgumentBufferBinding.cpp
 src/bun.js/bindings/MarkingConstraint.cpp
 src/bun.js/bindings/ModuleLoader.cpp
 src/bun.js/bindings/napi_external.cpp
@@ -187,12 +190,24 @@ src/bun.js/bindings/ProcessIdentifier.cpp
 src/bun.js/bindings/RegularExpression.cpp
 src/bun.js/bindings/S3Error.cpp
 src/bun.js/bindings/ScriptExecutionContext.cpp
+src/bun.js/bindings/SecretsDarwin.cpp
+src/bun.js/bindings/SecretsLinux.cpp
+src/bun.js/bindings/SecretsWindows.cpp
 src/bun.js/bindings/Serialization.cpp
 src/bun.js/bindings/ServerRouteList.cpp
 src/bun.js/bindings/spawn.cpp
 src/bun.js/bindings/SQLClient.cpp
 src/bun.js/bindings/sqlite/JSSQLStatement.cpp
+src/bun.js/bindings/stripANSI.cpp
 src/bun.js/bindings/Strong.cpp
+src/bun.js/bindings/TextCodec.cpp
+src/bun.js/bindings/TextCodecCJK.cpp
+src/bun.js/bindings/TextCodecReplacement.cpp
+src/bun.js/bindings/TextCodecSingleByte.cpp
+src/bun.js/bindings/TextCodecUserDefined.cpp
+src/bun.js/bindings/TextCodecWrapper.cpp
+src/bun.js/bindings/TextEncoding.cpp
+src/bun.js/bindings/TextEncodingRegistry.cpp
 src/bun.js/bindings/Uint8Array.cpp
 src/bun.js/bindings/Undici.cpp
 src/bun.js/bindings/URLDecomposition.cpp
--- a/cmake/sources/JavaScriptSources.txt
+++ b/cmake/sources/JavaScriptSources.txt
@@ -65,6 +65,12 @@ src/js/internal/linkedlist.ts
 src/js/internal/primordials.js
 src/js/internal/promisify.ts
 src/js/internal/shared.ts
+src/js/internal/sql/errors.ts
+src/js/internal/sql/mysql.ts
+src/js/internal/sql/postgres.ts
+src/js/internal/sql/query.ts
+src/js/internal/sql/shared.ts
+src/js/internal/sql/sqlite.ts
 src/js/internal/stream.promises.ts
 src/js/internal/stream.ts
 src/js/internal/streams/add-abort-signal.ts
--- a/cmake/sources/ZigGeneratedClassesSources.txt
+++ b/cmake/sources/ZigGeneratedClassesSources.txt
@@ -6,7 +6,6 @@ src/bun.js/api/Glob.classes.ts
 src/bun.js/api/h2.classes.ts
 src/bun.js/api/html_rewriter.classes.ts
 src/bun.js/api/JSBundler.classes.ts
-src/bun.js/api/postgres.classes.ts
 src/bun.js/api/ResumableSink.classes.ts
 src/bun.js/api/S3Client.classes.ts
 src/bun.js/api/S3Stat.classes.ts
@@ -15,6 +14,7 @@ src/bun.js/api/Shell.classes.ts
 src/bun.js/api/ShellArgs.classes.ts
 src/bun.js/api/sockets.classes.ts
 src/bun.js/api/sourcemap.classes.ts
+src/bun.js/api/sql.classes.ts
 src/bun.js/api/streams.classes.ts
 src/bun.js/api/valkey.classes.ts
 src/bun.js/api/zlib.classes.ts
--- a/cmake/sources/ZigSources.txt
+++ b/cmake/sources/ZigSources.txt
@@ -1,6 +1,8 @@
 src/allocators.zig
 src/allocators/AllocationScope.zig
 src/allocators/basic.zig
+src/allocators/fallback.zig
+src/allocators/fallback/z.zig
 src/allocators/LinuxMemFdAllocator.zig
 src/allocators/MaxHeapAllocator.zig
 src/allocators/MemoryReportingAllocator.zig
@@ -19,25 +21,50 @@ src/ast/base.zig
 src/ast/Binding.zig
 src/ast/BundledAst.zig
 src/ast/CharFreq.zig
+src/ast/ConvertESMExportsForHmr.zig
 src/ast/E.zig
 src/ast/Expr.zig
+src/ast/foldStringAddition.zig
 src/ast/G.zig
+src/ast/ImportScanner.zig
+src/ast/KnownGlobal.zig
 src/ast/Macro.zig
+src/ast/maybe.zig
 src/ast/NewStore.zig
 src/ast/Op.zig
+src/ast/P.zig
+src/ast/parse.zig
+src/ast/parseFn.zig
+src/ast/parseImportExport.zig
+src/ast/parseJSXElement.zig
+src/ast/parsePrefix.zig
+src/ast/parseProperty.zig
+src/ast/Parser.zig
+src/ast/parseStmt.zig
+src/ast/parseSuffix.zig
+src/ast/parseTypescript.zig
 src/ast/S.zig
 src/ast/Scope.zig
 src/ast/ServerComponentBoundary.zig
+src/ast/SideEffects.zig
+src/ast/skipTypescript.zig
 src/ast/Stmt.zig
 src/ast/Symbol.zig
+src/ast/symbols.zig
 src/ast/TS.zig
+src/ast/TypeScript.zig
 src/ast/UseDirective.zig
+src/ast/visit.zig
+src/ast/visitBinaryExpression.zig
+src/ast/visitExpr.zig
+src/ast/visitStmt.zig
 src/async/posix_event_loop.zig
 src/async/stub_event_loop.zig
 src/async/windows_event_loop.zig
 src/bake.zig
 src/bake/DevServer.zig
 src/bake/DevServer/Assets.zig
+src/bake/DevServer/DevAllocator.zig
 src/bake/DevServer/DirectoryWatchStore.zig
 src/bake/DevServer/ErrorReportRequest.zig
 src/bake/DevServer/HmrSocket.zig
@@ -72,6 +99,11 @@ src/bun.js/api/bun/spawn.zig
 src/bun.js/api/bun/spawn/stdio.zig
 src/bun.js/api/bun/ssl_wrapper.zig
 src/bun.js/api/bun/subprocess.zig
+src/bun.js/api/bun/subprocess/Readable.zig
+src/bun.js/api/bun/subprocess/ResourceUsage.zig
+src/bun.js/api/bun/subprocess/StaticPipeWriter.zig
+src/bun.js/api/bun/subprocess/SubprocessPipeReader.zig
+src/bun.js/api/bun/subprocess/Writable.zig
 src/bun.js/api/bun/udp_socket.zig
 src/bun.js/api/bun/x509.zig
 src/bun.js/api/BunObject.zig
@@ -104,6 +136,7 @@ src/bun.js/api/server/StaticRoute.zig
 src/bun.js/api/server/WebSocketServerContext.zig
 src/bun.js/api/streams.classes.zig
 src/bun.js/api/Timer.zig
+src/bun.js/api/Timer/DateHeaderTimer.zig
 src/bun.js/api/Timer/EventLoopTimer.zig
 src/bun.js/api/Timer/ImmediateObject.zig
 src/bun.js/api/Timer/TimeoutObject.zig
@@ -111,6 +144,7 @@ src/bun.js/api/Timer/TimerObjectInternals.zig
 src/bun.js/api/Timer/WTFTimer.zig
 src/bun.js/api/TOMLObject.zig
 src/bun.js/api/UnsafeObject.zig
+src/bun.js/api/YAMLObject.zig
 src/bun.js/bindgen_test.zig
 src/bun.js/bindings/AbortSignal.zig
 src/bun.js/bindings/AnyPromise.zig
@@ -152,10 +186,12 @@ src/bun.js/bindings/JSPromiseRejectionOperation.zig
 src/bun.js/bindings/JSPropertyIterator.zig
 src/bun.js/bindings/JSRef.zig
 src/bun.js/bindings/JSRuntimeType.zig
+src/bun.js/bindings/JSSecrets.zig
 src/bun.js/bindings/JSString.zig
 src/bun.js/bindings/JSType.zig
 src/bun.js/bindings/JSUint8Array.zig
 src/bun.js/bindings/JSValue.zig
+src/bun.js/bindings/MarkedArgumentBuffer.zig
 src/bun.js/bindings/NodeModuleModule.zig
 src/bun.js/bindings/RegularExpression.zig
 src/bun.js/bindings/ResolvedSource.zig
@@ -165,6 +201,7 @@ src/bun.js/bindings/SourceProvider.zig
 src/bun.js/bindings/SourceType.zig
 src/bun.js/bindings/static_export.zig
 src/bun.js/bindings/SystemError.zig
+src/bun.js/bindings/TextCodec.zig
 src/bun.js/bindings/URL.zig
 src/bun.js/bindings/URLSearchParams.zig
 src/bun.js/bindings/VM.zig
@@ -250,7 +287,84 @@ src/bun.js/RuntimeTranspilerCache.zig
 src/bun.js/SavedSourceMap.zig
 src/bun.js/Strong.zig
 src/bun.js/test/diff_format.zig
+src/bun.js/test/diff/diff_match_patch.zig
+src/bun.js/test/diff/printDiff.zig
 src/bun.js/test/expect.zig
+src/bun.js/test/expect/toBe.zig
+src/bun.js/test/expect/toBeArray.zig
+src/bun.js/test/expect/toBeArrayOfSize.zig
+src/bun.js/test/expect/toBeBoolean.zig
+src/bun.js/test/expect/toBeCloseTo.zig
+src/bun.js/test/expect/toBeDate.zig
+src/bun.js/test/expect/toBeDefined.zig
+src/bun.js/test/expect/toBeEmpty.zig
+src/bun.js/test/expect/toBeEmptyObject.zig
+src/bun.js/test/expect/toBeEven.zig
+src/bun.js/test/expect/toBeFalse.zig
+src/bun.js/test/expect/toBeFalsy.zig
+src/bun.js/test/expect/toBeFinite.zig
+src/bun.js/test/expect/toBeFunction.zig
+src/bun.js/test/expect/toBeGreaterThan.zig
+src/bun.js/test/expect/toBeGreaterThanOrEqual.zig
+src/bun.js/test/expect/toBeInstanceOf.zig
+src/bun.js/test/expect/toBeInteger.zig
+src/bun.js/test/expect/toBeLessThan.zig
+src/bun.js/test/expect/toBeLessThanOrEqual.zig
+src/bun.js/test/expect/toBeNaN.zig
+src/bun.js/test/expect/toBeNegative.zig
+src/bun.js/test/expect/toBeNil.zig
+src/bun.js/test/expect/toBeNull.zig
+src/bun.js/test/expect/toBeNumber.zig
+src/bun.js/test/expect/toBeObject.zig
+src/bun.js/test/expect/toBeOdd.zig
+src/bun.js/test/expect/toBeOneOf.zig
+src/bun.js/test/expect/toBePositive.zig
+src/bun.js/test/expect/toBeString.zig
+src/bun.js/test/expect/toBeSymbol.zig
+src/bun.js/test/expect/toBeTrue.zig
+src/bun.js/test/expect/toBeTruthy.zig
+src/bun.js/test/expect/toBeTypeOf.zig
+src/bun.js/test/expect/toBeUndefined.zig
+src/bun.js/test/expect/toBeValidDate.zig
+src/bun.js/test/expect/toBeWithin.zig
+src/bun.js/test/expect/toContain.zig
+src/bun.js/test/expect/toContainAllKeys.zig
+src/bun.js/test/expect/toContainAllValues.zig
+src/bun.js/test/expect/toContainAnyKeys.zig
+src/bun.js/test/expect/toContainAnyValues.zig
+src/bun.js/test/expect/toContainEqual.zig
+src/bun.js/test/expect/toContainKey.zig
+src/bun.js/test/expect/toContainKeys.zig
+src/bun.js/test/expect/toContainValue.zig
+src/bun.js/test/expect/toContainValues.zig
+src/bun.js/test/expect/toEndWith.zig
+src/bun.js/test/expect/toEqual.zig
+src/bun.js/test/expect/toEqualIgnoringWhitespace.zig
+src/bun.js/test/expect/toHaveBeenCalled.zig
+src/bun.js/test/expect/toHaveBeenCalledOnce.zig
+src/bun.js/test/expect/toHaveBeenCalledTimes.zig
+src/bun.js/test/expect/toHaveBeenCalledWith.zig
+src/bun.js/test/expect/toHaveBeenLastCalledWith.zig
+src/bun.js/test/expect/toHaveBeenNthCalledWith.zig
+src/bun.js/test/expect/toHaveLastReturnedWith.zig
+src/bun.js/test/expect/toHaveLength.zig
+src/bun.js/test/expect/toHaveNthReturnedWith.zig
+src/bun.js/test/expect/toHaveProperty.zig
+src/bun.js/test/expect/toHaveReturned.zig
+src/bun.js/test/expect/toHaveReturnedTimes.zig
+src/bun.js/test/expect/toHaveReturnedWith.zig
+src/bun.js/test/expect/toInclude.zig
+src/bun.js/test/expect/toIncludeRepeated.zig
+src/bun.js/test/expect/toMatch.zig
+src/bun.js/test/expect/toMatchInlineSnapshot.zig
+src/bun.js/test/expect/toMatchObject.zig
+src/bun.js/test/expect/toMatchSnapshot.zig
+src/bun.js/test/expect/toSatisfy.zig
+src/bun.js/test/expect/toStartWith.zig
+src/bun.js/test/expect/toStrictEqual.zig
+src/bun.js/test/expect/toThrow.zig
+src/bun.js/test/expect/toThrowErrorMatchingInlineSnapshot.zig
+src/bun.js/test/expect/toThrowErrorMatchingSnapshot.zig
 src/bun.js/test/jest.zig
 src/bun.js/test/pretty_format.zig
 src/bun.js/test/snapshot.zig
@@ -487,7 +601,6 @@ src/defines.zig
 src/deps/boringssl.translated.zig
 src/deps/brotli_c.zig
 src/deps/c_ares.zig
-src/deps/diffz/DiffMatchPatch.zig
 src/deps/libdeflate.zig
 src/deps/libuv.zig
 src/deps/lol-html.zig
@@ -621,6 +734,7 @@ src/install/PackageManager/patchPackage.zig
 src/install/PackageManager/processDependencyList.zig
 src/install/PackageManager/ProgressStrings.zig
 src/install/PackageManager/runTasks.zig
+src/install/PackageManager/security_scanner.zig
 src/install/PackageManager/updatePackageJSONAndInstall.zig
 src/install/PackageManager/UpdateRequest.zig
 src/install/PackageManager/WorkspacePackageJSONCache.zig
@@ -639,6 +753,7 @@ src/interchange.zig
 src/interchange/json.zig
 src/interchange/toml.zig
 src/interchange/toml/lexer.zig
+src/interchange/yaml.zig
 src/io/heap.zig
 src/io/io.zig
 src/io/MaxBuf.zig
@@ -682,7 +797,12 @@ src/Progress.zig
 src/ptr.zig
 src/ptr/Cow.zig
 src/ptr/CowSlice.zig
+src/ptr/meta.zig
+src/ptr/owned.zig
+src/ptr/owned/maybe.zig
+src/ptr/owned/scoped.zig
 src/ptr/ref_count.zig
+src/ptr/shared.zig
 src/ptr/tagged_pointer.zig
 src/ptr/weak_ptr.zig
 src/renamer.zig
@@ -706,8 +826,10 @@ src/s3/multipart.zig
 src/s3/simple_request.zig
 src/s3/storage_class.zig
 src/safety.zig
-src/safety/alloc_ptr.zig
+src/safety/alloc.zig
 src/safety/CriticalSection.zig
+src/safety/thread_id.zig
+src/safety/ThreadLock.zig
 src/semver.zig
 src/semver/ExternalString.zig
 src/semver/SemverObject.zig
@@ -768,30 +890,63 @@ src/sourcemap/JSSourceMap.zig
 src/sourcemap/LineOffsetTable.zig
 src/sourcemap/sourcemap.zig
 src/sourcemap/VLQ.zig
+src/sql/mysql.zig
+src/sql/mysql/AuthMethod.zig
+src/sql/mysql/Capabilities.zig
+src/sql/mysql/ConnectionState.zig
+src/sql/mysql/MySQLConnection.zig
+src/sql/mysql/MySQLContext.zig
+src/sql/mysql/MySQLQuery.zig
+src/sql/mysql/MySQLRequest.zig
+src/sql/mysql/MySQLStatement.zig
+src/sql/mysql/MySQLTypes.zig
+src/sql/mysql/protocol/AnyMySQLError.zig
+src/sql/mysql/protocol/Auth.zig
+src/sql/mysql/protocol/AuthSwitchRequest.zig
+src/sql/mysql/protocol/AuthSwitchResponse.zig
+src/sql/mysql/protocol/CharacterSet.zig
+src/sql/mysql/protocol/ColumnDefinition41.zig
+src/sql/mysql/protocol/CommandType.zig
+src/sql/mysql/protocol/DecodeBinaryValue.zig
+src/sql/mysql/protocol/EncodeInt.zig
+src/sql/mysql/protocol/EOFPacket.zig
+src/sql/mysql/protocol/ErrorPacket.zig
+src/sql/mysql/protocol/HandshakeResponse41.zig
+src/sql/mysql/protocol/HandshakeV10.zig
+src/sql/mysql/protocol/LocalInfileRequest.zig
+src/sql/mysql/protocol/NewReader.zig
+src/sql/mysql/protocol/NewWriter.zig
+src/sql/mysql/protocol/OKPacket.zig
+src/sql/mysql/protocol/PacketHeader.zig
+src/sql/mysql/protocol/PacketType.zig
+src/sql/mysql/protocol/PreparedStatement.zig
+src/sql/mysql/protocol/Query.zig
+src/sql/mysql/protocol/ResultSet.zig
+src/sql/mysql/protocol/ResultSetHeader.zig
+src/sql/mysql/protocol/Signature.zig
+src/sql/mysql/protocol/StackReader.zig
+src/sql/mysql/protocol/StmtPrepareOKPacket.zig
+src/sql/mysql/SSLMode.zig
+src/sql/mysql/StatusFlags.zig
+src/sql/mysql/TLSStatus.zig
 src/sql/postgres.zig
 src/sql/postgres/AnyPostgresError.zig
 src/sql/postgres/AuthenticationState.zig
 src/sql/postgres/CommandTag.zig
-src/sql/postgres/ConnectionFlags.zig
-src/sql/postgres/Data.zig
 src/sql/postgres/DataCell.zig
 src/sql/postgres/DebugSocketMonitorReader.zig
 src/sql/postgres/DebugSocketMonitorWriter.zig
-src/sql/postgres/ObjectIterator.zig
-src/sql/postgres/PostgresCachedStructure.zig
 src/sql/postgres/PostgresProtocol.zig
 src/sql/postgres/PostgresRequest.zig
 src/sql/postgres/PostgresSQLConnection.zig
 src/sql/postgres/PostgresSQLContext.zig
 src/sql/postgres/PostgresSQLQuery.zig
-src/sql/postgres/PostgresSQLQueryResultMode.zig
 src/sql/postgres/PostgresSQLStatement.zig
 src/sql/postgres/PostgresTypes.zig
 src/sql/postgres/protocol/ArrayList.zig
 src/sql/postgres/protocol/Authentication.zig
 src/sql/postgres/protocol/BackendKeyData.zig
 src/sql/postgres/protocol/Close.zig
-src/sql/postgres/protocol/ColumnIdentifier.zig
 src/sql/postgres/protocol/CommandComplete.zig
 src/sql/postgres/protocol/CopyData.zig
 src/sql/postgres/protocol/CopyFail.zig
@@ -824,7 +979,6 @@ src/sql/postgres/protocol/StartupMessage.zig
 src/sql/postgres/protocol/TransactionStatusIndicator.zig
 src/sql/postgres/protocol/WriteWrap.zig
 src/sql/postgres/protocol/zHelpers.zig
-src/sql/postgres/QueryBindingIterator.zig
 src/sql/postgres/SASL.zig
 src/sql/postgres/Signature.zig
 src/sql/postgres/SocketMonitor.zig
@@ -839,6 +993,14 @@ src/sql/postgres/types/json.zig
 src/sql/postgres/types/numeric.zig
 src/sql/postgres/types/PostgresString.zig
 src/sql/postgres/types/Tag.zig
+src/sql/shared/CachedStructure.zig
+src/sql/shared/ColumnIdentifier.zig
+src/sql/shared/ConnectionFlags.zig
+src/sql/shared/Data.zig
+src/sql/shared/ObjectIterator.zig
+src/sql/shared/QueryBindingIterator.zig
+src/sql/shared/SQLDataCell.zig
+src/sql/shared/SQLQueryResultMode.zig
 src/StandaloneModuleGraph.zig
 src/StaticHashMap.zig
 src/string.zig
@@ -858,6 +1020,10 @@ src/string/StringJoiner.zig
 src/string/WTFStringImpl.zig
 src/sys_uv.zig
 src/sys.zig
+src/sys/coreutils_error_map.zig
+src/sys/Error.zig
+src/sys/File.zig
+src/sys/libuv_error_map.zig
 src/system_timer.zig
 src/test/fixtures.zig
 src/test/recover.zig
--- a/cmake/targets/BuildBun.cmake
+++ b/cmake/targets/BuildBun.cmake
@@ -618,7 +618,7 @@ register_command(
      -Doptimize=${ZIG_OPTIMIZE}
      -Dcpu=${ZIG_CPU}
      -Denable_logs=$<IF:$<BOOL:${ENABLE_LOGS}>,true,false>
-      -Denable_asan=$<IF:$<BOOL:${ENABLE_ASAN}>,true,false>
+      -Denable_asan=$<IF:$<BOOL:${ENABLE_ZIG_ASAN}>,true,false>
      -Dversion=${VERSION}
      -Dreported_nodejs_version=${NODEJS_VERSION}
      -Dcanary=${CANARY_REVISION}
@@ -645,6 +645,10 @@ set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS "build.zig")

 set(BUN_USOCKETS_SOURCE ${CWD}/packages/bun-usockets)

+if(WIN32)
+  list(APPEND BUN_CXX_SOURCES ${CWD}/src/bun.js/bindings/windows/rescle.cpp)
+  list(APPEND BUN_CXX_SOURCES ${CWD}/src/bun.js/bindings/windows/rescle-binding.cpp)
+endif()

 register_repository(
  NAME
@@ -1030,7 +1034,6 @@ if(LINUX)
    --ld-path=${LLD_PROGRAM}
    -fno-pic
    -Wl,-no-pie
-    -Wl,-icf=safe
    -Wl,--as-needed
    -Wl,-z,stack-size=12800000
    -Wl,--compress-debug-sections=zlib
@@ -1056,6 +1059,13 @@ if(LINUX)
      -Wl,--gc-sections
    )
  endif()
+
+  if (NOT DEBUG AND NOT ENABLE_ASAN)
+    target_link_options(${bun} PUBLIC
+      -Wl,-icf=safe
+    )
+  endif()
+
 endif()

 # --- Symbols list ---
@@ -1195,6 +1205,7 @@ if(NOT BUN_CPP_ONLY)
  endif()

  if(bunStrip)
+    # First, strip bun-profile.exe to create bun.exe
    register_command(
      TARGET
        ${bun}
@@ -1215,6 +1226,48 @@ if(NOT BUN_CPP_ONLY)
      OUTPUTS
        ${BUILD_PATH}/${bunStripExe}
    )
+    
+    # Then sign both executables on Windows
+    if(WIN32 AND ENABLE_WINDOWS_CODESIGNING)
+      set(SIGN_SCRIPT "${CMAKE_SOURCE_DIR}/.buildkite/scripts/sign-windows.ps1")
+      
+      # Verify signing script exists
+      if(NOT EXISTS "${SIGN_SCRIPT}")
+        message(FATAL_ERROR "Windows signing script not found: ${SIGN_SCRIPT}")
+      endif()
+      
+      # Use PowerShell for Windows code signing (native Windows, no path issues)
+      find_program(POWERSHELL_EXECUTABLE 
+        NAMES pwsh.exe powershell.exe
+        PATHS 
+          "C:/Program Files/PowerShell/7"
+          "C:/Program Files (x86)/PowerShell/7"
+          "C:/Windows/System32/WindowsPowerShell/v1.0"
+        DOC "Path to PowerShell executable"
+      )
+      
+      if(NOT POWERSHELL_EXECUTABLE)
+        set(POWERSHELL_EXECUTABLE "powershell.exe")
+      endif()
+      
+      message(STATUS "Using PowerShell executable: ${POWERSHELL_EXECUTABLE}")
+      
+      # Sign both bun-profile.exe and bun.exe after stripping
+      register_command(
+        TARGET
+          ${bun}
+        TARGET_PHASE
+          POST_BUILD
+        COMMENT
+          "Code signing bun-profile.exe and bun.exe with DigiCert KeyLocker"
+        COMMAND
+          "${POWERSHELL_EXECUTABLE}" "-NoProfile" "-ExecutionPolicy" "Bypass" "-File" "${SIGN_SCRIPT}" "-BunProfileExe" "${BUILD_PATH}/${bunExe}" "-BunExe" "${BUILD_PATH}/${bunStripExe}"
+        CWD
+          ${CMAKE_SOURCE_DIR}
+        SOURCES
+          ${BUILD_PATH}/${bunStripExe}
+      )
+    endif()
  endif()

  # somehow on some Linux systems we need to disable ASLR for ASAN-instrumented binaries to run
--- a/cmake/targets/BuildHdrHistogram.cmake
+++ b/cmake/targets/BuildHdrHistogram.cmake
@@ -4,7 +4,7 @@ register_repository(
  REPOSITORY
    HdrHistogram/HdrHistogram_c
  COMMIT
-    652d51bcc36744fd1a6debfeb1a8a5f58b14022c
+    8dcce8f68512fca460b171bccc3a5afce0048779
 )

 register_cmake_command(
--- a/cmake/targets/BuildLibArchive.cmake
+++ b/cmake/targets/BuildLibArchive.cmake
@@ -4,7 +4,7 @@ register_repository(
  REPOSITORY
    libarchive/libarchive
  COMMIT
-    7118f97c26bf0b2f426728b482f86508efc81d02
+    9525f90ca4bd14c7b335e2f8c84a4607b0af6bdf
 )

 register_cmake_command(
--- a/cmake/targets/BuildMimalloc.cmake
+++ b/cmake/targets/BuildMimalloc.cmake
@@ -4,7 +4,7 @@ register_repository(
  REPOSITORY
    oven-sh/mimalloc
  COMMIT
-    c1f17cd2538417620f60bff70bffe7e68d332aec
+    1beadf9651a7bfdec6b5367c380ecc3fe1c40d1a
 )

 set(MIMALLOC_CMAKE_ARGS
@@ -13,14 +13,52 @@ set(MIMALLOC_CMAKE_ARGS
  -DMI_BUILD_SHARED=OFF
  -DMI_BUILD_TESTS=OFF
  -DMI_USE_CXX=ON
-  -DMI_OVERRIDE=OFF
-  -DMI_OSX_ZONE=OFF
-  -DMI_OSX_INTERPOSE=OFF
  -DMI_SKIP_COLLECT_ON_EXIT=ON
+  
+  # ```
+  # ❯ mimalloc_allow_large_os_pages=0 BUN_PORT=3004 mem bun http-hello.js
+  # Started development server: http://localhost:3004
+  #
+  # Peak memory usage: 52 MB
+  #
+  # ❯ mimalloc_allow_large_os_pages=1 BUN_PORT=3004 mem bun http-hello.js
+  # Started development server: http://localhost:3004
+  #
+  # Peak memory usage: 74 MB
+  # ```
+  #
+  # ```
+  # ❯ mimalloc_allow_large_os_pages=1 mem bun --eval 1
+  #
+  # Peak memory usage: 52 MB
+  #
+  # ❯ mimalloc_allow_large_os_pages=0 mem bun --eval 1
+  #
+  # Peak memory usage: 30 MB
+  # ```
+  -DMI_NO_THP=1
 )

+if (ABI STREQUAL "musl")
+  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_LIBC_MUSL=ON)
+endif()
+
 if(ENABLE_ASAN)
  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_TRACK_ASAN=ON)
+  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OVERRIDE=OFF)
+  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OSX_ZONE=OFF)
+  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OSX_INTERPOSE=OFF)
+  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_DEBUG_UBSAN=ON)
+elseif(APPLE OR LINUX)
+  if(APPLE)
+    list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OVERRIDE=OFF)  
+    list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OSX_ZONE=OFF)
+    list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OSX_INTERPOSE=OFF)
+  else()
+    list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OVERRIDE=ON)
+    list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OSX_ZONE=OFF)
+    list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OSX_INTERPOSE=OFF)
+  endif()
 endif()

 if(DEBUG)
@@ -31,7 +69,19 @@ if(ENABLE_VALGRIND)
  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_VALGRIND=ON)
 endif()

-if(DEBUG)
+# Enable SIMD optimizations when not building for baseline (older CPUs)
+if(NOT ENABLE_BASELINE)
+  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OPT_ARCH=ON)
+  list(APPEND MIMALLOC_CMAKE_ARGS -DMI_OPT_SIMD=ON)
+endif()
+
+if(WIN32)
+  if(DEBUG)
+    set(MIMALLOC_LIBRARY mimalloc-static-debug)
+  else()
+    set(MIMALLOC_LIBRARY mimalloc-static)
+  endif()
+elseif(DEBUG)
  if (ENABLE_ASAN)
    set(MIMALLOC_LIBRARY mimalloc-asan-debug)
  else()
--- a/cmake/tools/SetupWebKit.cmake
+++ b/cmake/tools/SetupWebKit.cmake
@@ -2,7 +2,7 @@ option(WEBKIT_VERSION "The version of WebKit to use")
 option(WEBKIT_LOCAL "If a local version of WebKit should be used instead of downloading")

 if(NOT WEBKIT_VERSION)
-  set(WEBKIT_VERSION 642e2252f6298387edb6d2f991a0408fd0320466)
+  set(WEBKIT_VERSION 9dba2893ab70f873d8bb6950ee1bccb6b20c10b9)
 endif()

 string(SUBSTRING ${WEBKIT_VERSION} 0 16 WEBKIT_VERSION_PREFIX)
--- a/completions/bun-cli.json
+++ b/completions/bun-cli.json
--- a/docs/api/fetch.md
+++ b/docs/api/fetch.md
@@ -320,7 +320,6 @@ Bun automatically sets the `Content-Type` header for request bodies when not exp

 - For `Blob` objects, uses the blob's `type`
 - For `FormData`, sets appropriate multipart boundary
- For JSON objects, sets `application/json`

 ## Debugging

--- a/docs/api/secrets.md
+++ b/docs/api/secrets.md
@@ -0,0 +1,319 @@
+Store and retrieve sensitive credentials securely using the operating system's native credential storage APIs.
+
+**Experimental:** This API is new and experimental. It may change in the future.
+
+```typescript
+import { secrets } from "bun";
+
+const githubToken = await secrets.get({
+  service: "my-cli-tool",
+  name: "github-token",
+});
+
+if (!githubToken) {
+  const response = await fetch("https://api.github.com/name", {
+    headers: { "Authorization": `token ${githubToken}` },
+  });
+  console.log("Please enter your GitHub token");
+} else {
+  await secrets.set({
+    service: "my-cli-tool",
+    name: "github-token",
+    value: prompt("Please enter your GitHub token"),
+  });
+  console.log("GitHub token stored");
+}
+```
+
+## Overview
+
+`Bun.secrets` provides a cross-platform API for managing sensitive credentials that CLI tools and development applications typically store in plaintext files like `~/.npmrc`, `~/.aws/credentials`, or `.env` files. It uses:
+
+- **macOS**: Keychain Services
+- **Linux**: libsecret (GNOME Keyring, KWallet, etc.)
+- **Windows**: Windows Credential Manager
+
+All operations are asynchronous and non-blocking, running on Bun's threadpool.
+
+Note: in the future, we may add an additional `provider` option to make this better for production deployment secrets, but today this API is mostly useful for local development tools.
+
+## API
+
+### `Bun.secrets.get(options)`
+
+Retrieve a stored credential.
+
+```typescript
+import { secrets } from "bun";
+
+const password = await Bun.secrets.get({
+  service: "my-app",
+  name: "alice@example.com",
+});
+// Returns: string | null
+
+// Or if you prefer without an object
+const password = await Bun.secrets.get("my-app", "alice@example.com");
+```
+
+**Parameters:**
+
+- `options.service` (string, required) - The service or application name
+- `options.name` (string, required) - The username or account identifier
+
+**Returns:**
+
+- `Promise<string | null>` - The stored password, or `null` if not found
+
+### `Bun.secrets.set(options, value)`
+
+Store or update a credential.
+
+```typescript
+import { secrets } from "bun";
+
+await secrets.set({
+  service: "my-app",
+  name: "alice@example.com",
+  value: "super-secret-password",
+});
+```
+
+**Parameters:**
+
+- `options.service` (string, required) - The service or application name
+- `options.name` (string, required) - The username or account identifier
+- `value` (string, required) - The password or secret to store
+
+**Notes:**
+
+- If a credential already exists for the given service/name combination, it will be replaced
+- The stored value is encrypted by the operating system
+
+### `Bun.secrets.delete(options)`
+
+Delete a stored credential.
+
+```typescript
+const deleted = await Bun.secrets.delete({
+  service: "my-app",
+  name: "alice@example.com",
+  value: "super-secret-password",
+});
+// Returns: boolean
+```
+
+**Parameters:**
+
+- `options.service` (string, required) - The service or application name
+- `options.name` (string, required) - The username or account identifier
+
+**Returns:**
+
+- `Promise<boolean>` - `true` if a credential was deleted, `false` if not found
+
+## Examples
+
+### Storing CLI Tool Credentials
+
+```javascript
+// Store GitHub CLI token (instead of ~/.config/gh/hosts.yml)
+await Bun.secrets.set({
+  service: "my-app.com",
+  name: "github-token",
+  value: "ghp_xxxxxxxxxxxxxxxxxxxx",
+});
+
+// Or if you prefer without an object
+await Bun.secrets.set("my-app.com", "github-token", "ghp_xxxxxxxxxxxxxxxxxxxx");
+
+// Store npm registry token (instead of ~/.npmrc)
+await Bun.secrets.set({
+  service: "npm-registry",
+  name: "https://registry.npmjs.org",
+  value: "npm_xxxxxxxxxxxxxxxxxxxx",
+});
+
+// Retrieve for API calls
+const token = await Bun.secrets.get({
+  service: "gh-cli",
+  name: "github.com",
+});
+
+if (token) {
+  const response = await fetch("https://api.github.com/name", {
+    headers: {
+      "Authorization": `token ${token}`,
+    },
+  });
+}
+```
+
+### Migrating from Plaintext Config Files
+
+```javascript
+// Instead of storing in ~/.aws/credentials
+await Bun.secrets.set({
+  service: "aws-cli",
+  name: "AWS_SECRET_ACCESS_KEY",
+  value: process.env.AWS_SECRET_ACCESS_KEY,
+});
+
+// Instead of .env files with sensitive data
+await Bun.secrets.set({
+  service: "my-app",
+  name: "api-key",
+  value: "sk_live_xxxxxxxxxxxxxxxxxxxx",
+});
+
+// Load at runtime
+const apiKey =
+  (await Bun.secrets.get({
+    service: "my-app",
+    name: "api-key",
+  })) || process.env.API_KEY; // Fallback for CI/production
+```
+
+### Error Handling
+
+```javascript
+try {
+  await Bun.secrets.set({
+    service: "my-app",
+    name: "alice",
+    value: "password123",
+  });
+} catch (error) {
+  console.error("Failed to store credential:", error.message);
+}
+
+// Check if a credential exists
+const password = await Bun.secrets.get({
+  service: "my-app",
+  name: "alice",
+});
+
+if (password === null) {
+  console.log("No credential found");
+}
+```
+
+### Updating Credentials
+
+```javascript
+// Initial password
+await Bun.secrets.set({
+  service: "email-server",
+  name: "admin@example.com",
+  value: "old-password",
+});
+
+// Update to new password
+await Bun.secrets.set({
+  service: "email-server",
+  name: "admin@example.com",
+  value: "new-password",
+});
+
+// The old password is replaced
+```
+
+## Platform Behavior
+
+### macOS (Keychain)
+
+- Credentials are stored in the name's login keychain
+- The keychain may prompt for access permission on first use
+- Credentials persist across system restarts
+- Accessible by the name who stored them
+
+### Linux (libsecret)
+
+- Requires a secret service daemon (GNOME Keyring, KWallet, etc.)
+- Credentials are stored in the default collection
+- May prompt for unlock if the keyring is locked
+- The secret service must be running
+
+### Windows (Credential Manager)
+
+- Credentials are stored in Windows Credential Manager
+- Visible in Control Panel → Credential Manager → Windows Credentials
+- Persist with `CRED_PERSIST_ENTERPRISE` flag so it's scoped per user
+- Encrypted using Windows Data Protection API
+
+## Security Considerations
+
+1. **Encryption**: Credentials are encrypted by the operating system's credential manager
+2. **Access Control**: Only the name who stored the credential can retrieve it
+3. **No Plain Text**: Passwords are never stored in plain text
+4. **Memory Safety**: Bun zeros out password memory after use
+5. **Process Isolation**: Credentials are isolated per name account
+
+## Limitations
+
+- Maximum password length varies by platform (typically 2048-4096 bytes)
+- Service and name names should be reasonable lengths (< 256 characters)
+- Some special characters may need escaping depending on the platform
+- Requires appropriate system services:
+  - Linux: Secret service daemon must be running
+  - macOS: Keychain Access must be available
+  - Windows: Credential Manager service must be enabled
+
+## Comparison with Environment Variables
+
+Unlike environment variables, `Bun.secrets`:
+
+- ✅ Encrypts credentials at rest (thanks to the operating system)
+- ✅ Avoids exposing secrets in process memory dumps (memory is zeroed after its no longer needed)
+- ✅ Survives application restarts
+- ✅ Can be updated without restarting the application
+- ✅ Provides name-level access control
+- ❌ Requires OS credential service
+- ❌ Not very useful for deployment secrets (use environment variables in production)
+
+## Best Practices
+
+1. **Use descriptive service names**: Match the tool or application name
+   If you're building a CLI for external use, you probably should use a UTI (Uniform Type Identifier) for the service name.
+
+   ```javascript
+   // Good - matches the actual tool
+   { service: "com.docker.hub", name: "username" }
+   { service: "com.vercel.cli", name: "team-name" }
+
+   // Avoid - too generic
+   { service: "api", name: "key" }
+   ```
+
+2. **Credentials-only**: Don't store application configuration in this API
+   This API is slow, you probably still need to use a config file for some things.
+
+3. **Use for local development tools**:
+   - ✅ CLI tools (gh, npm, docker, kubectl)
+   - ✅ Local development servers
+   - ✅ Personal API keys for testing
+   - ❌ Production servers (use proper secret management)
+
+## TypeScript
+
+```typescript
+namespace Bun {
+  interface SecretsOptions {
+    service: string;
+    name: string;
+  }
+
+  interface Secrets {
+    get(options: SecretsOptions): Promise<string | null>;
+    set(options: SecretsOptions, value: string): Promise<void>;
+    delete(options: SecretsOptions): Promise<boolean>;
+  }
+
+  const secrets: Secrets;
+}
+```
+
+## See Also
+
+- [Environment Variables](./env.md) - For deployment configuration
+- [Bun.password](./password.md) - For password hashing and verification
--- a/docs/api/sql.md
+++ b/docs/api/sql.md
@@ -1,20 +1,20 @@
-Bun provides native bindings for working with PostgreSQL databases with a modern, Promise-based API. The interface is designed to be simple and performant, using tagged template literals for queries and offering features like connection pooling, transactions, and prepared statements.
+Bun provides native bindings for working with SQL databases through a unified Promise-based API that supports both PostgreSQL and SQLite. The interface is designed to be simple and performant, using tagged template literals for queries and offering features like connection pooling, transactions, and prepared statements.

 ```ts
-import { sql } from "bun";
+import { sql, SQL } from "bun";

+// PostgreSQL (default)
 const users = await sql`
  SELECT * FROM users
  WHERE active = ${true}
  LIMIT ${10}
 `;

-// Select with multiple conditions
-const activeUsers = await sql`
-  SELECT * 
-  FROM users 
-  WHERE active = ${true} 
-  AND age >= ${18}
+// With a a SQLite db
+const sqlite = new SQL("sqlite://myapp.db");
+const results = await sqlite`
+  SELECT * FROM users 
+  WHERE active = ${1}
 `;
 ```

@@ -44,6 +44,115 @@ const activeUsers = await sql`

 {% /features %}

+## Database Support
+
+Bun.SQL provides a unified API for multiple database systems:
+
+### PostgreSQL
+
+PostgreSQL is used when:
+
+- The connection string doesn't match SQLite patterns (it's the fallback adapter)
+- The connection string explicitly uses `postgres://` or `postgresql://` protocols
+- No connection string is provided and environment variables point to PostgreSQL
+
+```ts
+import { sql } from "bun";
+// Uses PostgreSQL if DATABASE_URL is not set or is a PostgreSQL URL
+await sql`SELECT ...`;
+
+import { SQL } from "bun";
+const pg = new SQL("postgres://user:pass@localhost:5432/mydb");
+await pg`SELECT ...`;
+```
+
+### SQLite
+
+SQLite support is now built into Bun.SQL, providing the same tagged template literal interface as PostgreSQL:
+
+```ts
+import { SQL } from "bun";
+
+// In-memory database
+const memory = new SQL(":memory:");
+const memory2 = new SQL("sqlite://:memory:");
+
+// File-based database
+const db = new SQL("sqlite://myapp.db");
+
+// Using options object
+const db2 = new SQL({
+  adapter: "sqlite",
+  filename: "./data/app.db",
+});
+
+// For simple filenames, specify adapter explicitly
+const db3 = new SQL("myapp.db", { adapter: "sqlite" });
+```
+
+<details>
+<summary>SQLite Connection String Formats</summary>
+
+SQLite accepts various URL formats for connection strings:
+
+```ts
+// Standard sqlite:// protocol
+new SQL("sqlite://path/to/database.db");
+new SQL("sqlite:path/to/database.db"); // Without slashes
+
+// file:// protocol (also recognized as SQLite)
+new SQL("file://path/to/database.db");
+new SQL("file:path/to/database.db");
+
+// Special :memory: database
+new SQL(":memory:");
+new SQL("sqlite://:memory:");
+new SQL("file://:memory:");
+
+// Relative and absolute paths
+new SQL("sqlite://./local.db"); // Relative to current directory
+new SQL("sqlite://../parent/db.db"); // Parent directory
+new SQL("sqlite:///absolute/path.db"); // Absolute path
+
+// With query parameters
+new SQL("sqlite://data.db?mode=ro"); // Read-only mode
+new SQL("sqlite://data.db?mode=rw"); // Read-write mode (no create)
+new SQL("sqlite://data.db?mode=rwc"); // Read-write-create mode (default)
+```
+
+**Note:** Simple filenames without a protocol (like `"myapp.db"`) require explicitly specifying `{ adapter: "sqlite" }` to avoid ambiguity with PostgreSQL.
+
+</details>
+
+<details>
+<summary>SQLite-Specific Options</summary>
+
+SQLite databases support additional configuration options:
+
+```ts
+const db = new SQL({
+  adapter: "sqlite",
+  filename: "app.db",
+
+  // SQLite-specific options
+  readonly: false, // Open in read-only mode
+  create: true, // Create database if it doesn't exist
+  readwrite: true, // Open for reading and writing
+
+  // Additional Bun:sqlite options
+  strict: true, // Enable strict mode
+  safeIntegers: false, // Use JavaScript numbers for integers
+});
+```
+
+Query parameters in the URL are parsed to set these options:
+
+- `?mode=ro` → `readonly: true`
+- `?mode=rw` → `readonly: false, create: false`
+- `?mode=rwc` → `readonly: false, create: true` (default)
+
+</details>
+
 ### Inserting data

 You can pass JavaScript values directly to the SQL template literal and escaping will be handled for you.
@@ -251,14 +360,55 @@ await query;

 ## Database Environment Variables

-`sql` connection parameters can be configured using environment variables. The client checks these variables in a specific order of precedence.
+`sql` connection parameters can be configured using environment variables. The client checks these variables in a specific order of precedence and automatically detects the database type based on the connection string format.

-The following environment variables can be used to define the connection URL:
+### Automatic Database Detection
+
+When using `Bun.sql()` without arguments or `new SQL()` with a connection string, the adapter is automatically detected based on the URL format. SQLite becomes the default adapter in these cases:
+
+#### SQLite Auto-Detection
+
+SQLite is automatically selected when the connection string matches these patterns:
+
+- `:memory:` - In-memory database
+- `sqlite://...` - SQLite protocol URLs
+- `sqlite:...` - SQLite protocol without slashes
+- `file://...` - File protocol URLs
+- `file:...` - File protocol without slashes
+
+```ts
+// These all use SQLite automatically (no adapter needed)
+const sql1 = new SQL(":memory:");
+const sql2 = new SQL("sqlite://app.db");
+const sql3 = new SQL("file://./database.db");
+
+// Works with DATABASE_URL environment variable
+DATABASE_URL=":memory:" bun run app.js
+DATABASE_URL="sqlite://myapp.db" bun run app.js
+DATABASE_URL="file://./data/app.db" bun run app.js
+```
+
+#### PostgreSQL Auto-Detection
+
+PostgreSQL is the default for all other connection strings:
+
+```bash
+# PostgreSQL is detected for these patterns
+DATABASE_URL="postgres://user:pass@localhost:5432/mydb" bun run app.js
+DATABASE_URL="postgresql://user:pass@localhost:5432/mydb" bun run app.js
+
+# Or any URL that doesn't match SQLite patterns
+DATABASE_URL="localhost:5432/mydb" bun run app.js
+```
+
+### PostgreSQL Environment Variables
+
+The following environment variables can be used to define the PostgreSQL connection:

 | Environment Variable        | Description                                |
 | --------------------------- | ------------------------------------------ |
 | `POSTGRES_URL`              | Primary connection URL for PostgreSQL      |
-| `DATABASE_URL`              | Alternative connection URL                 |
+| `DATABASE_URL`              | Alternative connection URL (auto-detected) |
 | `PGURL`                     | Alternative connection URL                 |
 | `PG_URL`                    | Alternative connection URL                 |
 | `TLS_POSTGRES_DATABASE_URL` | SSL/TLS-enabled connection URL             |
@@ -274,6 +424,19 @@ If no connection URL is provided, the system checks for the following individual
 | `PGPASSWORD`         | -                            | (empty)       | Database password |
 | `PGDATABASE`         | -                            | username      | Database name     |

+### SQLite Environment Variables
+
+SQLite connections can be configured via `DATABASE_URL` when it contains a SQLite-compatible URL:
+
+```bash
+# These are all recognized as SQLite
+DATABASE_URL=":memory:"
+DATABASE_URL="sqlite://./app.db"
+DATABASE_URL="file:///absolute/path/to/db.sqlite"
+```
+
+**Note:** PostgreSQL-specific environment variables (`POSTGRES_URL`, `PGHOST`, etc.) are ignored when using SQLite.
+
 ## Runtime Preconnection

 Bun can preconnect to PostgreSQL at startup to improve performance by establishing database connections before your application code runs. This is useful for reducing connection latency on the first database query.
@@ -293,16 +456,18 @@ The `--sql-preconnect` flag will automatically establish a PostgreSQL connection

 ## Connection Options

-You can configure your database connection manually by passing options to the SQL constructor:
+You can configure your database connection manually by passing options to the SQL constructor. Options vary depending on the database adapter:
+
+### PostgreSQL Options

 ```ts
 import { SQL } from "bun";

 const db = new SQL({
-  // Required
+  // Connection details (adapter is auto-detected as PostgreSQL)
  url: "postgres://user:pass@localhost:5432/dbname",

-  // Optional configuration
+  // Alternative connection parameters
  hostname: "localhost",
  port: 5432,
  database: "myapp",
@@ -330,14 +495,53 @@ const db = new SQL({

  // Callbacks
  onconnect: client => {
-    console.log("Connected to database");
+    console.log("Connected to PostgreSQL");
  },
  onclose: client => {
-    console.log("Connection closed");
+    console.log("PostgreSQL connection closed");
  },
 });
 ```

+### SQLite Options
+
+```ts
+import { SQL } from "bun";
+
+const db = new SQL({
+  // Required for SQLite
+  adapter: "sqlite",
+  filename: "./data/app.db", // or ":memory:" for in-memory database
+
+  // SQLite-specific access modes
+  readonly: false, // Open in read-only mode
+  create: true, // Create database if it doesn't exist
+  readwrite: true, // Allow read and write operations
+
+  // SQLite data handling
+  strict: true, // Enable strict mode for better type safety
+  safeIntegers: false, // Use BigInt for integers exceeding JS number range
+
+  // Callbacks
+  onconnect: client => {
+    console.log("SQLite database opened");
+  },
+  onclose: client => {
+    console.log("SQLite database closed");
+  },
+});
+```
+
+<details>
+<summary>SQLite Connection Notes</summary>
+
+- **Connection Pooling**: SQLite doesn't use connection pooling as it's a file-based database. Each `SQL` instance represents a single connection.
+- **Transactions**: SQLite supports nested transactions through savepoints, similar to PostgreSQL.
+- **Concurrent Access**: SQLite handles concurrent access through file locking. Use WAL mode for better concurrency.
+- **Memory Databases**: Using `:memory:` creates a temporary database that exists only for the connection lifetime.
+
+</details>
+
 ## Dynamic passwords

 When clients need to use alternative authentication schemes such as access tokens or connections to databases with rotating passwords, provide either a synchronous or asynchronous function that will resolve the dynamic password value at connection time.
@@ -353,11 +557,66 @@ const sql = new SQL(url, {
 });
 ```

+## SQLite-Specific Features
+
+### Query Execution
+
+SQLite executes queries synchronously, unlike PostgreSQL which uses asynchronous I/O. However, the API remains consistent using Promises:
+
+```ts
+const sqlite = new SQL("sqlite://app.db");
+
+// Works the same as PostgreSQL, but executes synchronously under the hood
+const users = await sqlite`SELECT * FROM users`;
+
+// Parameters work identically
+const user = await sqlite`SELECT * FROM users WHERE id = ${userId}`;
+```
+
+### SQLite Pragmas
+
+You can use PRAGMA statements to configure SQLite behavior:
+
+```ts
+const sqlite = new SQL("sqlite://app.db");
+
+// Enable foreign keys
+await sqlite`PRAGMA foreign_keys = ON`;
+
+// Set journal mode to WAL for better concurrency
+await sqlite`PRAGMA journal_mode = WAL`;
+
+// Check integrity
+const integrity = await sqlite`PRAGMA integrity_check`;
+```
+
+### Data Type Differences
+
+SQLite has a more flexible type system than PostgreSQL:
+
+```ts
+// SQLite stores data in 5 storage classes: NULL, INTEGER, REAL, TEXT, BLOB
+const sqlite = new SQL("sqlite://app.db");
+
+// SQLite is more lenient with types
+await sqlite`
+  CREATE TABLE flexible (
+    id INTEGER PRIMARY KEY,
+    data TEXT,        -- Can store numbers as strings
+    value NUMERIC,    -- Can store integers, reals, or text
+    blob BLOB         -- Binary data
+  )
+`;
+
+// JavaScript values are automatically converted
+await sqlite`INSERT INTO flexible VALUES (${1}, ${"text"}, ${123.45}, ${Buffer.from("binary")})`;
+```
+
 ## Transactions

-To start a new transaction, use `sql.begin`. This method reserves a dedicated connection for the duration of the transaction and provides a scoped `sql` instance to use within the callback function. Once the callback completes, `sql.begin` resolves with the return value of the callback.
+To start a new transaction, use `sql.begin`. This method works for both PostgreSQL and SQLite. For PostgreSQL, it reserves a dedicated connection from the pool. For SQLite, it begins a transaction on the single connection.

-The `BEGIN` command is sent automatically, including any optional configurations you specify. If an error occurs during the transaction, a `ROLLBACK` is triggered to release the reserved connection and ensure the process continues smoothly.
+The `BEGIN` command is sent automatically, including any optional configurations you specify. If an error occurs during the transaction, a `ROLLBACK` is triggered to ensure the process continues smoothly.

 ### Basic Transactions

@@ -552,9 +811,34 @@ Note that disabling prepared statements may impact performance for queries that

 ## Error Handling

-The client provides typed errors for different failure scenarios:
+The client provides typed errors for different failure scenarios. Errors are database-specific and extend from base error classes:

-### Connection Errors
+### Error Classes
+
+```ts
+import { SQL } from "bun";
+
+try {
+  await sql`SELECT * FROM users`;
+} catch (error) {
+  if (error instanceof SQL.PostgresError) {
+    // PostgreSQL-specific error
+    console.log(error.code); // PostgreSQL error code
+    console.log(error.detail); // Detailed error message
+    console.log(error.hint); // Helpful hint from PostgreSQL
+  } else if (error instanceof SQL.SQLiteError) {
+    // SQLite-specific error
+    console.log(error.code); // SQLite error code (e.g., "SQLITE_CONSTRAINT")
+    console.log(error.errno); // SQLite error number
+    console.log(error.byteOffset); // Byte offset in SQL statement (if available)
+  } else if (error instanceof SQL.SQLError) {
+    // Generic SQL error (base class)
+    console.log(error.message);
+  }
+}
+```
+
+### PostgreSQL Connection Errors

 | Connection Errors                 | Description                                          |
 | --------------------------------- | ---------------------------------------------------- |
@@ -619,6 +903,50 @@ The client provides typed errors for different failure scenarios:
 | `ERR_POSTGRES_UNSAFE_TRANSACTION`        | Unsafe transaction operation detected |
 | `ERR_POSTGRES_INVALID_TRANSACTION_STATE` | Invalid transaction state             |

+### SQLite-Specific Errors
+
+SQLite errors provide error codes and numbers that correspond to SQLite's standard error codes:
+
+<details>
+<summary>Common SQLite Error Codes</summary>
+
+| Error Code          | errno | Description                                          |
+| ------------------- | ----- | ---------------------------------------------------- |
+| `SQLITE_CONSTRAINT` | 19    | Constraint violation (UNIQUE, CHECK, NOT NULL, etc.) |
+| `SQLITE_BUSY`       | 5     | Database is locked                                   |
+| `SQLITE_LOCKED`     | 6     | Table in the database is locked                      |
+| `SQLITE_READONLY`   | 8     | Attempt to write to a readonly database              |
+| `SQLITE_IOERR`      | 10    | Disk I/O error                                       |
+| `SQLITE_CORRUPT`    | 11    | Database disk image is malformed                     |
+| `SQLITE_FULL`       | 13    | Database or disk is full                             |
+| `SQLITE_CANTOPEN`   | 14    | Unable to open database file                         |
+| `SQLITE_PROTOCOL`   | 15    | Database lock protocol error                         |
+| `SQLITE_SCHEMA`     | 17    | Database schema has changed                          |
+| `SQLITE_TOOBIG`     | 18    | String or BLOB exceeds size limit                    |
+| `SQLITE_MISMATCH`   | 20    | Data type mismatch                                   |
+| `SQLITE_MISUSE`     | 21    | Library used incorrectly                             |
+| `SQLITE_AUTH`       | 23    | Authorization denied                                 |
+
+Example error handling:
+
+```ts
+const sqlite = new SQL("sqlite://app.db");
+
+try {
+  await sqlite`INSERT INTO users (id, name) VALUES (1, 'Alice')`;
+  await sqlite`INSERT INTO users (id, name) VALUES (1, 'Bob')`; // Duplicate ID
+} catch (error) {
+  if (error instanceof SQL.SQLiteError) {
+    if (error.code === "SQLITE_CONSTRAINT") {
+      console.log("Constraint violation:", error.message);
+      // Handle unique constraint violation
+    }
+  }
+}
+```
+
+</details>
+
 ## Numbers and BigInt

 Bun's SQL client includes special handling for large numbers that exceed the range of a 53-bit integer. Here's how it works:
@@ -652,7 +980,6 @@ There's still some things we haven't finished yet.

 - Connection preloading via `--db-preconnect` Bun CLI flag
 - MySQL support: [we're working on it](https://github.com/oven-sh/bun/pull/15274)
- SQLite support: planned, but not started. Ideally, we implement it natively instead of wrapping `bun:sqlite`.
 - Column name transforms (e.g. `snake_case` to `camelCase`). This is mostly blocked on a unicode-aware implementation of changing the case in C++ using WebKit's `WTF::String`.
 - Column type transforms

--- a/docs/api/utils.md
+++ b/docs/api/utils.md
@@ -772,6 +772,65 @@ console.log(obj); // => { foo: "bar" }

 Internally, [`structuredClone`](https://developer.mozilla.org/en-US/docs/Web/API/structuredClone) and [`postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) serialize and deserialize the same way. This exposes the underlying [HTML Structured Clone Algorithm](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Structured_clone_algorithm) to JavaScript as an ArrayBuffer.

+## `Bun.stripANSI()` ~6-57x faster `strip-ansi` alternative
+
+`Bun.stripANSI(text: string): string`
+
+Strip ANSI escape codes from a string. This is useful for removing colors and formatting from terminal output.
+
+```ts
+const coloredText = "\u001b[31mHello\u001b[0m \u001b[32mWorld\u001b[0m";
+const plainText = Bun.stripANSI(coloredText);
+console.log(plainText); // => "Hello World"
+
+// Works with various ANSI codes
+const formatted = "\u001b[1m\u001b[4mBold and underlined\u001b[0m";
+console.log(Bun.stripANSI(formatted)); // => "Bold and underlined"
+```
+
+`Bun.stripANSI` is significantly faster than the popular [`strip-ansi`](https://www.npmjs.com/package/strip-ansi) npm package:
+
+```js
+> bun bench/snippets/strip-ansi.mjs
+cpu: Apple M3 Max
+runtime: bun 1.2.21 (arm64-darwin)
+
+benchmark                               avg (min … max) p75 / p99
+------------------------------------------------------- ----------
+Bun.stripANSI      11 chars no-ansi        8.13 ns/iter   8.27 ns
+                                   (7.45 ns … 33.59 ns)  10.29 ns
+
+Bun.stripANSI      13 chars ansi          51.68 ns/iter  52.51 ns
+                                 (46.16 ns … 113.71 ns)  57.71 ns
+
+Bun.stripANSI  16,384 chars long-no-ansi 298.39 ns/iter 305.44 ns
+                                (281.50 ns … 331.65 ns) 320.70 ns
+
+Bun.stripANSI 212,992 chars long-ansi    227.65 µs/iter 234.50 µs
+                                (216.46 µs … 401.92 µs) 262.25 µs
+```
+
+```js
+> node bench/snippets/strip-ansi.mjs
+cpu: Apple M3 Max
+runtime: node 24.6.0 (arm64-darwin)
+
+benchmark                                avg (min … max) p75 / p99
+-------------------------------------------------------- ---------
+npm/strip-ansi      11 chars no-ansi      466.79 ns/iter 468.67 ns
+                                 (454.08 ns … 570.67 ns) 543.67 ns
+
+npm/strip-ansi      13 chars ansi         546.77 ns/iter 550.23 ns
+                                 (532.74 ns … 651.08 ns) 590.35 ns
+
+npm/strip-ansi  16,384 chars long-no-ansi   4.85 µs/iter   4.89 µs
+                                     (4.71 µs … 5.00 µs)   4.98 µs
+
+npm/strip-ansi 212,992 chars long-ansi      1.36 ms/iter   1.38 ms
+                                     (1.27 ms … 1.73 ms)   1.49 ms
+
+```
+
 ## `estimateShallowMemoryUsageOf` in `bun:jsc`

 The `estimateShallowMemoryUsageOf` function returns a best-effort estimate of the memory usage of an object in bytes, excluding the memory usage of properties or other objects it references. For accurate per-object memory usage, use `Bun.generateHeapSnapshot`.
--- a/docs/api/workers.md
+++ b/docs/api/workers.md
@@ -1,5 +1,5 @@
 {% callout %}
-**🚧** — The `Worker` API is still experimental and should not be considered ready for production.
+**🚧** — The `Worker` API is still experimental (particularly for terminating workers). We are actively working on improving this.
 {% /callout %}

 [`Worker`](https://developer.mozilla.org/en-US/docs/Web/API/Worker) lets you start and communicate with a new JavaScript instance running on a separate thread while sharing I/O resources with the main thread.
--- a/docs/api/yaml.md
+++ b/docs/api/yaml.md
@@ -0,0 +1,459 @@
+In Bun, YAML is a first-class citizen alongside JSON and TOML.
+
+Bun provides built-in support for YAML files through both runtime APIs and bundler integration. You can
+
+- Parse YAML strings with `Bun.YAML.parse`
+- import & require YAML files as modules at runtime (including hot reloading & watch mode support)
+- import & require YAML files in frontend apps via bun's bundler
+
+## Conformance
+
+Bun's YAML parser currently passes over 90% of the official YAML test suite. While we're actively working on reaching 100% conformance, the current implementation covers the vast majority of real-world use cases. The parser is written in Zig for optimal performance and is continuously being improved.
+
+## Runtime API
+
+### `Bun.YAML.parse()`
+
+Parse a YAML string into a JavaScript object.
+
+```ts
+import { YAML } from "bun";
+const text = `
+name: John Doe
+age: 30
+email: john@example.com
+hobbies:
+  - reading
+  - coding
+  - hiking
+`;
+
+const data = YAML.parse(text);
+console.log(data);
+// {
+//   name: "John Doe",
+//   age: 30,
+//   email: "john@example.com",
+//   hobbies: ["reading", "coding", "hiking"]
+// }
+```
+
+#### Multi-document YAML
+
+When parsing YAML with multiple documents (separated by `---`), `Bun.YAML.parse()` returns an array:
+
+```ts
+const multiDoc = `
+---
+name: Document 1
+---
+name: Document 2
+---
+name: Document 3
+`;
+
+const docs = Bun.YAML.parse(multiDoc);
+console.log(docs);
+// [
+//   { name: "Document 1" },
+//   { name: "Document 2" },
+//   { name: "Document 3" }
+// ]
+```
+
+#### Supported YAML Features
+
+Bun's YAML parser supports the full YAML 1.2 specification, including:
+
+- **Scalars**: strings, numbers, booleans, null values
+- **Collections**: sequences (arrays) and mappings (objects)
+- **Anchors and Aliases**: reusable nodes with `&` and `*`
+- **Tags**: type hints like `!!str`, `!!int`, `!!float`, `!!bool`, `!!null`
+- **Multi-line strings**: literal (`|`) and folded (`>`) scalars
+- **Comments**: using `#`
+- **Directives**: `%YAML` and `%TAG`
+
+```ts
+const yaml = `
+# Employee record
+employee: &emp
+  name: Jane Smith
+  department: Engineering
+  skills:
+    - JavaScript
+    - TypeScript
+    - React
+
+manager: *emp  # Reference to employee
+
+config: !!str 123  # Explicit string type
+
+description: |
+  This is a multi-line
+  literal string that preserves
+  line breaks and spacing.
+
+summary: >
+  This is a folded string
+  that joins lines with spaces
+  unless there are blank lines.
+`;
+
+const data = Bun.YAML.parse(yaml);
+```
+
+#### Error Handling
+
+`Bun.YAML.parse()` throws a `SyntaxError` if the YAML is invalid:
+
+```ts
+try {
+  Bun.YAML.parse("invalid: yaml: content:");
+} catch (error) {
+  console.error("Failed to parse YAML:", error.message);
+}
+```
+
+## Module Import
+
+### ES Modules
+
+You can import YAML files directly as ES modules. The YAML content is parsed and made available as both default and named exports:
+
+```yaml#config.yaml
+database:
+  host: localhost
+  port: 5432
+  name: myapp
+
+redis:
+  host: localhost
+  port: 6379
+
+features:
+  auth: true
+  rateLimit: true
+  analytics: false
+```
+
+#### Default Import
+
+```ts#app.ts
+import config from "./config.yaml";
+
+console.log(config.database.host); // "localhost"
+console.log(config.redis.port); // 6379
+```
+
+#### Named Imports
+
+You can destructure top-level YAML properties as named imports:
+
+```ts
+import { database, redis, features } from "./config.yaml";
+
+console.log(database.host); // "localhost"
+console.log(redis.port); // 6379
+console.log(features.auth); // true
+```
+
+Or combine both:
+
+```ts
+import config, { database, features } from "./config.yaml";
+
+// Use the full config object
+console.log(config);
+
+// Or use specific parts
+if (features.rateLimit) {
+  setupRateLimiting(database);
+}
+```
+
+### CommonJS
+
+YAML files can also be required in CommonJS:
+
+```js
+const config = require("./config.yaml");
+console.log(config.database.name); // "myapp"
+
+// Destructuring also works
+const { database, redis } = require("./config.yaml");
+console.log(database.port); // 5432
+```
+
+## Hot Reloading with YAML
+
+One of the most powerful features of Bun's YAML support is hot reloading. When you run your application with `bun --hot`, changes to YAML files are automatically detected and reloaded without closing connections
+
+### Configuration Hot Reloading
+
+```yaml#config.yaml
+server:
+  port: 3000
+  host: localhost
+
+features:
+  debug: true
+  verbose: false
+```
+
+```ts#server.ts
+import { server, features } from "./config.yaml";
+
+console.log(`Starting server on ${server.host}:${server.port}`);
+
+if (features.debug) {
+  console.log("Debug mode enabled");
+}
+
+// Your server code here
+Bun.serve({
+  port: server.port,
+  hostname: server.host,
+  fetch(req) {
+    if (features.verbose) {
+      console.log(`${req.method} ${req.url}`);
+    }
+    return new Response("Hello World");
+  },
+});
+```
+
+Run with hot reloading:
+
+```bash
+bun --hot server.ts
+```
+
+Now when you modify `config.yaml`, the changes are immediately reflected in your running application. This is perfect for:
+
+- Adjusting configuration during development
+- Testing different settings without restarts
+- Live debugging with configuration changes
+- Feature flag toggling
+
+## Configuration Management
+
+### Environment-Based Configuration
+
+YAML excels at managing configuration across different environments:
+
+```yaml#config.yaml
+defaults: &defaults
+  timeout: 5000
+  retries: 3
+  cache:
+    enabled: true
+    ttl: 3600
+
+development:
+  <<: *defaults
+  api:
+    url: http://localhost:4000
+    key: dev_key_12345
+  logging:
+    level: debug
+    pretty: true
+
+staging:
+  <<: *defaults
+  api:
+    url: https://staging-api.example.com
+    key: ${STAGING_API_KEY}
+  logging:
+    level: info
+    pretty: false
+
+production:
+  <<: *defaults
+  api:
+    url: https://api.example.com
+    key: ${PROD_API_KEY}
+  cache:
+    enabled: true
+    ttl: 86400
+  logging:
+    level: error
+    pretty: false
+```
+
+```ts#app.ts
+import configs from "./config.yaml";
+
+const env = process.env.NODE_ENV || "development";
+const config = configs[env];
+
+// Environment variables in YAML values can be interpolated
+function interpolateEnvVars(obj: any): any {
+  if (typeof obj === "string") {
+    return obj.replace(/\${(\w+)}/g, (_, key) => process.env[key] || "");
+  }
+  if (typeof obj === "object") {
+    for (const key in obj) {
+      obj[key] = interpolateEnvVars(obj[key]);
+    }
+  }
+  return obj;
+}
+
+export default interpolateEnvVars(config);
+```
+
+### Feature Flags Configuration
+
+```yaml#features.yaml
+features:
+  newDashboard:
+    enabled: true
+    rolloutPercentage: 50
+    allowedUsers:
+      - admin@example.com
+      - beta@example.com
+
+  experimentalAPI:
+    enabled: false
+    endpoints:
+      - /api/v2/experimental
+      - /api/v2/beta
+
+  darkMode:
+    enabled: true
+    default: auto # auto, light, dark
+```
+
+```ts#feature-flags.ts
+import { features } from "./features.yaml";
+
+export function isFeatureEnabled(
+  featureName: string,
+  userEmail?: string,
+): boolean {
+  const feature = features[featureName];
+
+  if (!feature?.enabled) {
+    return false;
+  }
+
+  // Check rollout percentage
+  if (feature.rolloutPercentage < 100) {
+    const hash = hashCode(userEmail || "anonymous");
+    if (hash % 100 >= feature.rolloutPercentage) {
+      return false;
+    }
+  }
+
+  // Check allowed users
+  if (feature.allowedUsers && userEmail) {
+    return feature.allowedUsers.includes(userEmail);
+  }
+
+  return true;
+}
+
+// Use with hot reloading to toggle features in real-time
+if (isFeatureEnabled("newDashboard", user.email)) {
+  renderNewDashboard();
+} else {
+  renderLegacyDashboard();
+}
+```
+
+### Database Configuration
+
+```yaml#database.yaml
+connections:
+  primary:
+    type: postgres
+    host: ${DB_HOST:-localhost}
+    port: ${DB_PORT:-5432}
+    database: ${DB_NAME:-myapp}
+    username: ${DB_USER:-postgres}
+    password: ${DB_PASS}
+    pool:
+      min: 2
+      max: 10
+      idleTimeout: 30000
+
+  cache:
+    type: redis
+    host: ${REDIS_HOST:-localhost}
+    port: ${REDIS_PORT:-6379}
+    password: ${REDIS_PASS}
+    db: 0
+
+  analytics:
+    type: clickhouse
+    host: ${ANALYTICS_HOST:-localhost}
+    port: 8123
+    database: analytics
+
+migrations:
+  autoRun: ${AUTO_MIGRATE:-false}
+  directory: ./migrations
+
+seeds:
+  enabled: ${SEED_DB:-false}
+  directory: ./seeds
+```
+
+```ts#db.ts
+import { connections, migrations } from "./database.yaml";
+import { createConnection } from "./database-driver";
+
+// Parse environment variables with defaults
+function parseConfig(config: any) {
+  return JSON.parse(
+    JSON.stringify(config).replace(
+      /\${([^:-]+)(?::([^}]+))?}/g,
+      (_, key, defaultValue) => process.env[key] || defaultValue || "",
+    ),
+  );
+}
+
+const dbConfig = parseConfig(connections);
+
+export const db = await createConnection(dbConfig.primary);
+export const cache = await createConnection(dbConfig.cache);
+export const analytics = await createConnection(dbConfig.analytics);
+
+// Auto-run migrations if configured
+if (parseConfig(migrations).autoRun === "true") {
+  await runMigrations(db, migrations.directory);
+}
+```
+
+### Bundler Integration
+
+When you import YAML files in your application and bundle it with Bun, the YAML is parsed at build time and included as a JavaScript module:
+
+```bash
+bun build app.ts --outdir=dist
+```
+
+This means:
+
+- Zero runtime YAML parsing overhead in production
+- Smaller bundle sizes
+- Tree-shaking support for unused configuration (named imports)
+
+### Dynamic Imports
+
+YAML files can be dynamically imported, useful for loading configuration on demand:
+
+```ts#Load configuration based on environment
+const env = process.env.NODE_ENV || "development";
+const config = await import(`./configs/${env}.yaml`);
+
+// Load user-specific settings
+async function loadUserSettings(userId: string) {
+  try {
+    const settings = await import(`./users/${userId}/settings.yaml`);
+    return settings.default;
+  } catch {
+    return await import("./users/default-settings.yaml");
+  }
+}
+```
--- a/docs/bundler/executables.md
+++ b/docs/bundler/executables.md
@@ -408,16 +408,119 @@ $ bun build --compile --asset-naming="[name].[ext]" ./index.ts

 To trim down the size of the executable a little, pass `--minify` to `bun build --compile`. This uses Bun's minifier to reduce the code size. Overall though, Bun's binary is still way too big and we need to make it smaller.

+## Using Bun.build() API
+
+You can also generate standalone executables using the `Bun.build()` JavaScript API. This is useful when you need programmatic control over the build process.
+
+### Basic usage
+
+```js
+await Bun.build({
+  entrypoints: ["./app.ts"],
+  outdir: "./dist",
+  compile: {
+    target: "bun-windows-x64",
+    outfile: "myapp.exe",
+  },
+});
+```
+
+### Windows metadata with Bun.build()
+
+When targeting Windows, you can specify metadata through the `windows` object:
+
+```js
+await Bun.build({
+  entrypoints: ["./app.ts"],
+  outdir: "./dist",
+  compile: {
+    target: "bun-windows-x64",
+    outfile: "myapp.exe",
+    windows: {
+      title: "My Application",
+      publisher: "My Company Inc",
+      version: "1.2.3.4",
+      description: "A powerful application built with Bun",
+      copyright: "© 2024 My Company Inc",
+      hideConsole: false, // Set to true for GUI applications
+      icon: "./icon.ico", // Path to icon file
+    },
+  },
+});
+```
+
+### Cross-compilation with Bun.build()
+
+You can cross-compile for different platforms:
+
+```js
+// Build for multiple platforms
+const platforms = [
+  { target: "bun-windows-x64", outfile: "app-windows.exe" },
+  { target: "bun-linux-x64", outfile: "app-linux" },
+  { target: "bun-darwin-arm64", outfile: "app-macos" },
+];
+
+for (const platform of platforms) {
+  await Bun.build({
+    entrypoints: ["./app.ts"],
+    outdir: "./dist",
+    compile: platform,
+  });
+}
+```
+
 ## Windows-specific flags

-When compiling a standalone executable on Windows, there are two platform-specific options that can be used to customize metadata on the generated `.exe` file:
+When compiling a standalone executable for Windows, there are several platform-specific options that can be used to customize the generated `.exe` file:

- `--windows-icon=path/to/icon.ico` to customize the executable file icon.
- `--windows-hide-console` to disable the background terminal, which can be used for applications that do not need a TTY.
+### Visual customization
+
+- `--windows-icon=path/to/icon.ico` - Set the executable file icon
+- `--windows-hide-console` - Disable the background terminal window (useful for GUI applications)
+
+### Metadata customization
+
+You can embed version information and other metadata into your Windows executable:
+
+- `--windows-title <STR>` - Set the product name (appears in file properties)
+- `--windows-publisher <STR>` - Set the company name
+- `--windows-version <STR>` - Set the version number (e.g. "1.2.3.4")
+- `--windows-description <STR>` - Set the file description
+- `--windows-copyright <STR>` - Set the copyright information
+
+#### Example with all metadata flags:
+
+```sh
+bun build --compile ./app.ts \
+  --outfile myapp.exe \
+  --windows-title "My Application" \
+  --windows-publisher "My Company Inc" \
+  --windows-version "1.2.3.4" \
+  --windows-description "A powerful application built with Bun" \
+  --windows-copyright "© 2024 My Company Inc"
+```
+
+This metadata will be visible in Windows Explorer when viewing the file properties:
+
+1. Right-click the executable in Windows Explorer
+2. Select "Properties"
+3. Go to the "Details" tab
+
+#### Version string format
+
+The `--windows-version` flag accepts version strings in the following formats:
+
+- `"1"` - Will be normalized to "1.0.0.0"
+- `"1.2"` - Will be normalized to "1.2.0.0"
+- `"1.2.3"` - Will be normalized to "1.2.3.0"
+- `"1.2.3.4"` - Full version format
+
+Each version component must be a number between 0 and 65535.

 {% callout %}

-These flags currently cannot be used when cross-compiling because they depend on Windows APIs.
+These flags currently cannot be used when cross-compiling because they depend on Windows APIs. They are only available when building on Windows itself.

 {% /callout %}

--- a/docs/bundler/index.md
+++ b/docs/bundler/index.md
@@ -1,4 +1,4 @@
-Bun's fast native bundler is now in beta. It can be used via the `bun build` CLI command or the `Bun.build()` JavaScript API.
+Bun's fast native bundler can be used via the `bun build` CLI command or the `Bun.build()` JavaScript API.

 {% codetabs group="a" %}

--- a/docs/bundler/loaders.md
+++ b/docs/bundler/loaders.md
@@ -1,6 +1,6 @@
 The Bun bundler implements a set of default loaders out of the box. As a rule of thumb, the bundler and the runtime both support the same set of file types out of the box.

-`.js` `.cjs` `.mjs` `.mts` `.cts` `.ts` `.tsx` `.jsx` `.toml` `.json` `.txt` `.wasm` `.node` `.html`
+`.js` `.cjs` `.mjs` `.mts` `.cts` `.ts` `.tsx` `.jsx` `.toml` `.json` `.yaml` `.yml` `.txt` `.wasm` `.node` `.html`

 Bun uses the file extension to determine which built-in _loader_ should be used to parse the file. Every loader has a name, such as `js`, `tsx`, or `json`. These names are used when building [plugins](https://bun.com/docs/bundler/plugins) that extend Bun with custom loaders.

@@ -121,6 +121,55 @@ export default {

 {% /codetabs %}

+### `yaml`
+
+**YAML loader**. Default for `.yaml` and `.yml`.
+
+YAML files can be directly imported. Bun will parse them with its fast native YAML parser.
+
+```ts
+import config from "./config.yaml";
+config.database.host; // => "localhost"
+
+// via import attribute:
+// import myCustomYAML from './my.config' with {type: "yaml"};
+```
+
+During bundling, the parsed YAML is inlined into the bundle as a JavaScript object.
+
+```ts
+var config = {
+  database: {
+    host: "localhost",
+    port: 5432,
+  },
+  // ...other fields
+};
+config.database.host;
+```
+
+If a `.yaml` or `.yml` file is passed as an entrypoint, it will be converted to a `.js` module that `export default`s the parsed object.
+
+{% codetabs %}
+
+```yaml#Input
+name: John Doe
+age: 35
+email: johndoe@example.com
+```
+
+```js#Output
+export default {
+  name: "John Doe",
+  age: 35,
+  email: "johndoe@example.com"
+}
+```
+
+{% /codetabs %}
+
+For more details on YAML support including the runtime API `Bun.YAML.parse()`, see the [YAML API documentation](/docs/api/yaml).
+
 ### `text`

 **Text loader**. Default for `.txt`.
--- a/docs/guides/runtime/import-yaml.md
+++ b/docs/guides/runtime/import-yaml.md
@@ -0,0 +1,76 @@
+---
+name: Import a YAML file
+---
+
+Bun natively supports `.yaml` and `.yml` imports.
+
+```yaml#config.yaml
+database:
+  host: localhost
+  port: 5432
+  name: myapp
+
+server:
+  port: 3000
+  timeout: 30
+
+features:
+  auth: true
+  rateLimit: true
+```
+
+---
+
+Import the file like any other source file.
+
+```ts
+import config from "./config.yaml";
+
+config.database.host; // => "localhost"
+config.server.port; // => 3000
+config.features.auth; // => true
+```
+
+---
+
+You can also use named imports to destructure top-level properties:
+
+```ts
+import { database, server, features } from "./config.yaml";
+
+console.log(database.name); // => "myapp"
+console.log(server.timeout); // => 30
+console.log(features.rateLimit); // => true
+```
+
+---
+
+Bun also supports [Import Attributes](https://github.com/tc39/proposal-import-attributes) syntax:
+
+```ts
+import config from "./config.yaml" with { type: "yaml" };
+
+config.database.port; // => 5432
+```
+
+---
+
+For parsing YAML strings at runtime, use `Bun.YAML.parse()`:
+
+```ts
+const yamlString = `
+name: John Doe
+age: 30
+hobbies:
+  - reading
+  - coding
+`;
+
+const data = Bun.YAML.parse(yamlString);
+console.log(data.name); // => "John Doe"
+console.log(data.hobbies); // => ["reading", "coding"]
+```
+
+---
+
+See [Docs > API > YAML](https://bun.com/docs/api/yaml) for complete documentation on YAML support in Bun.
--- a/docs/install/security-scanner-api.md
+++ b/docs/install/security-scanner-api.md
@@ -0,0 +1,81 @@
+Bun's package manager can scan packages for security vulnerabilities before installation, helping protect your applications from supply chain attacks and known vulnerabilities.
+
+## Quick Start
+
+Configure a security scanner in your `bunfig.toml`:
+
+```toml
+[install.security]
+scanner = "@acme/bun-security-scanner"
+```
+
+When configured, Bun will:
+
+- Scan all packages before installation
+- Display security warnings and advisories
+- Cancel installation if critical vulnerabilities are found
+- Automatically disable auto-install for security
+
+## How It Works
+
+Security scanners analyze packages during `bun install`, `bun add`, and other package operations. They can detect:
+
+- Known security vulnerabilities (CVEs)
+- Malicious packages
+- License compliance issues
+- ...and more!
+
+### Security Levels
+
+Scanners report issues at two severity levels:
+
+- **`fatal`** - Installation stops immediately, exits with non-zero code
+- **`warn`** - In interactive terminals, prompts to continue; in CI, exits immediately
+
+## Using Pre-built Scanners
+
+Many security companies publish Bun security scanners as npm packages that you can install and use immediately.
+
+### Installing a Scanner
+
+Install a security scanner from npm:
+
+```bash
+$ bun add -d @acme/bun-security-scanner
+```
+
+> **Note:** Consult your security scanner's documentation for their specific package name and installation instructions. Most scanners will be installed with `bun add`.
+
+### Configuring the Scanner
+
+After installation, configure it in your `bunfig.toml`:
+
+```toml
+[install.security]
+scanner = "@acme/bun-security-scanner"
+```
+
+### Enterprise Configuration
+
+Some enterprise scanners might support authentication and/or configuration through environment variables:
+
+```bash
+# This might go in ~/.bashrc, for example
+export SECURITY_API_KEY="your-api-key"
+
+# The scanner will now use these credentials automatically
+bun install
+```
+
+Consult your security scanner's documentation to learn which environment variables to set and if any additional configuration is required.
+
+### Authoring your own scanner
+
+For a complete example with tests and CI setup, see the official template:
+[github.com/oven-sh/security-scanner-template](https://github.com/oven-sh/security-scanner-template)
+
+## Related
+
+- [Configuration (bunfig.toml)](/docs/runtime/bunfig#installsecurityscanner)
+- [Package Manager](/docs/install)
+- [Security Scanner Template](https://github.com/oven-sh/security-scanner-template)
--- a/docs/nav.ts
+++ b/docs/nav.ts
@@ -383,6 +383,9 @@ export default {
    page("api/spawn", "Child processes", {
      description: `Spawn sync and async child processes with easily configurable input and output streams.`,
    }), // "`Bun.spawn`"),
+    page("api/yaml", "YAML", {
+      description: `Bun.YAML.parse(string) lets you parse YAML files in JavaScript`,
+    }), // "`Bun.spawn`"),
    page("api/html-rewriter", "HTMLRewriter", {
      description: `Parse and transform HTML with Bun's native HTMLRewriter API, inspired by Cloudflare Workers.`,
    }), // "`HTMLRewriter`"),
--- a/docs/runtime/bun-apis.md
+++ b/docs/runtime/bun-apis.md
@@ -195,12 +195,12 @@ Click the link in the right column to jump to the associated documentation.
 ---

 - Parsing & Formatting
- [`Bun.semver`](https://bun.com/docs/api/semver), `Bun.TOML.parse`, [`Bun.color`](https://bun.com/docs/api/color)
+- [`Bun.semver`](https://bun.com/docs/api/semver), `Bun.TOML.parse`, [`Bun.YAML.parse`](https://bun.com/docs/api/yaml), [`Bun.color`](https://bun.com/docs/api/color)

 ---

 - Low-level / Internals
- `Bun.mmap`, `Bun.gc`, `Bun.generateHeapSnapshot`, [`bun:jsc`](https://bun.com/docs/api/bun-jsc)
+- `Bun.mmap`, `Bun.gc`, `Bun.generateHeapSnapshot`, [`bun:jsc`](https://bun.com/reference/bun/jsc)

 ---

--- a/docs/runtime/bunfig.md
+++ b/docs/runtime/bunfig.md
@@ -94,6 +94,7 @@ Bun supports the following loaders:
 - `file`
 - `json`
 - `toml`
+- `yaml`
 - `wasm`
 - `napi`
 - `base64`
@@ -496,6 +497,62 @@ Whether to generate a non-Bun lockfile alongside `bun.lock`. (A `bun.lock` will
 print = "yarn"
 ```

+### `install.security.scanner`
+
+Configure a security scanner to scan packages for vulnerabilities before installation.
+
+First, install a security scanner from npm:
+
+```bash
+$ bun add -d @acme/bun-security-scanner
+```
+
+Then configure it in your `bunfig.toml`:
+
+```toml
+[install.security]
+scanner = "@acme/bun-security-scanner"
+```
+
+When a security scanner is configured:
+
+- Auto-install is automatically disabled for security
+- Packages are scanned before installation
+- Installation is cancelled if fatal issues are found
+- Security warnings are displayed during installation
+
+Learn more about [using and writing security scanners](/docs/install/security).
+
+### `install.linker`
+
+Configure the default linker strategy. Default `"hoisted"`.
+
+For complete documentation refer to [Package manager > Isolated installs](https://bun.com/docs/install/isolated).
+
+```toml
+[install]
+linker = "hoisted"
+```
+
+Valid values are:
+
+{% table %}
+
+- Value
+- Description
+
+---
+
+- `"hoisted"`
+- Link dependencies in a shared `node_modules` directory.
+
+---
+
+- `"isolated"`
+- Link dependencies inside each package installation.
+
+{% /table %}
+
 <!-- ## Debugging -->

 <!--
--- a/docs/runtime/index.md
+++ b/docs/runtime/index.md
@@ -92,15 +92,18 @@ every file before execution. Its transpiler  can directly run TypeScript and JSX

 ## JSX

-## JSON and TOML
+## JSON, TOML, and YAML

-Source files can import a `*.json` or `*.toml` file to load its contents as a plain old JavaScript object.
+Source files can import `*.json`, `*.toml`, or `*.yaml` files to load their contents as plain JavaScript objects.

 ```ts
 import pkg from "./package.json";
 import bunfig from "./bunfig.toml";
+import config from "./config.yaml";
 ```

+See the [YAML API documentation](/docs/api/yaml) for more details on YAML support.
+
 ## WASI

 {% callout %}
--- a/docs/runtime/loaders.md
+++ b/docs/runtime/loaders.md
@@ -52,15 +52,18 @@ Hello world!

 {% /codetabs %}

-## JSON and TOML
+## JSON, TOML, and YAML

-JSON and TOML files can be directly imported from a source file. The contents will be loaded and returned as a JavaScript object.
+JSON, TOML, and YAML files can be directly imported from a source file. The contents will be loaded and returned as a JavaScript object.

 ```ts
 import pkg from "./package.json";
 import data from "./data.toml";
+import config from "./config.yaml";
 ```

+For more details on YAML support, see the [YAML API documentation](/docs/api/yaml).
+
 ## WASI

 {% callout %}
--- a/docs/runtime/nodejs-apis.md
+++ b/docs/runtime/nodejs-apis.md
@@ -148,7 +148,7 @@ This page is updated regularly to reflect compatibility status of the latest ver

 ### [`node:vm`](https://nodejs.org/api/vm.html)

-🟡 Core functionality works, but experimental VM ES modules are not implemented, including `vm.Module`, `vm.SourceTextModule`, `vm.SyntheticModule`,`importModuleDynamically`, and `vm.measureMemory`. Options like `timeout`, `breakOnSigint`, `cachedData` are not implemented yet.
+🟡 Core functionality and ES modules are implemented, including `vm.Script`, `vm.createContext`, `vm.runInContext`, `vm.runInNewContext`, `vm.runInThisContext`, `vm.compileFunction`, `vm.isContext`, `vm.Module`, `vm.SourceTextModule`, `vm.SyntheticModule`, and `importModuleDynamically` support. Options like `timeout` and `breakOnSigint` are fully supported. Missing `vm.measureMemory` and some `cachedData` functionality.

 ### [`node:wasi`](https://nodejs.org/api/wasi.html)

@@ -214,6 +214,10 @@ The table below lists all globals implemented by Node.js and Bun's current compa

 🟢 Fully implemented.

+### [`Atomics`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Atomics)
+
+🟢 Fully implemented.
+
 ### [`BroadcastChannel`](https://developer.mozilla.org/en-US/docs/Web/API/BroadcastChannel)

 🟢 Fully implemented.
--- a/docs/runtime/shell.md
+++ b/docs/runtime/shell.md
@@ -532,6 +532,74 @@ Hello World! pwd=C:\Users\Demo

 Bun Shell is a small programming language in Bun that is implemented in Zig. It includes a handwritten lexer, parser, and interpreter. Unlike bash, zsh, and other shells, Bun Shell runs operations concurrently.

+## Security in the Bun shell
+
+By design, the Bun shell _does not invoke a system shell_ (like `/bin/sh`) and
+is instead a re-implementation of bash that runs in the same Bun process,
+designed with security in mind.
+
+When parsing command arguments, it treats all _interpolated variables_ as single, literal strings.
+
+This protects the Bun shell against **command injection**:
+
+```js
+import { $ } from "bun";
+
+const userInput = "my-file.txt; rm -rf /";
+
+// SAFE: `userInput` is treated as a single quoted string
+await $`ls ${userInput}`;
+```
+
+In the above example, `userInput` is treated as a single string. This causes
+the `ls` command to try to read the contents of a single directory named
+"my-file; rm -rf /".
+
+### Security considerations
+
+While command injection is prevented by default, developers are still
+responsible for security in certain scenarios.
+
+Similar to the `Bun.spawn` or `node:child_process.exec()` APIs, you can intentionally
+execute a command which spawns a new shell (e.g. `bash -c`) with arguments.
+
+When you do this, you hand off control, and Bun's built-in protections no
+longer apply to the string interpreted by that new shell.
+
+```js
+import { $ } from "bun";
+
+const userInput = "world; touch /tmp/pwned";
+
+// UNSAFE: You have explicitly started a new shell process with `bash -c`.
+// This new shell will execute the `touch` command. Any user input
+// passed this way must be rigorously sanitized.
+await $`bash -c "echo ${userInput}"`;
+```
+
+### Argument injection
+
+The Bun shell cannot know how an external command interprets its own
+command-line arguments. An attacker can supply input that the target program
+recognizes as one of its own options or flags, leading to unintended behavior.
+
+```js
+import { $ } from "bun";
+
+// Malicious input formatted as a Git command-line flag
+const branch = "--upload-pack=echo pwned";
+
+// UNSAFE: While Bun safely passes the string as a single argument,
+// the `git` program itself sees and acts upon the malicious flag.
+await $`git ls-remote origin ${branch}`;
+```
+
+{% callout %}
+**Recommendation** — As is best practice in every language, always sanitize
+user-provided input before passing it as an argument to an external command.
+The responsibility for validating arguments rests with your application code.
+{% /callout %}
+
 ## Credits

 Large parts of this API were inspired by [zx](https://github.com/google/zx), [dax](https://github.com/dsherret/dax), and [bnx](https://github.com/wobsoriano/bnx). Thank you to the authors of those projects.
--- a/misctools/generate-cli-completions.ts
+++ b/misctools/generate-cli-completions.ts
@@ -0,0 +1,724 @@
+#!/usr/bin/env bun
+/**
+ * CLI Flag Parser for Bun Commands
+ *
+ * This script reads the --help menu for every Bun command and generates JSON
+ * containing all flag information, descriptions, and whether they support
+ * positional or non-positional arguments.
+ *
+ * Handles complex cases like:
+ * - Nested subcommands (bun pm cache rm)
+ * - Command aliases (bun i = bun install, bun a = bun add)
+ * - Dynamic completions (scripts, packages, files)
+ * - Context-aware flags
+ * - Special cases like bare 'bun' vs 'bun run'
+ *
+ * Output is saved to completions/bun-cli.json for use in generating
+ * shell completions (fish, bash, zsh).
+ */
+
+import { spawn } from "bun";
+import { mkdirSync, writeFileSync, mkdtempSync, rmSync } from "fs";
+import { join } from "path";
+
+interface FlagInfo {
+  name: string;
+  shortName?: string;
+  description: string;
+  hasValue: boolean;
+  valueType?: string;
+  defaultValue?: string;
+  choices?: string[];
+  required?: boolean;
+  multiple?: boolean;
+}
+
+interface SubcommandInfo {
+  name: string;
+  description: string;
+  flags?: FlagInfo[];
+  subcommands?: Record<string, SubcommandInfo>;
+  positionalArgs?: {
+    name: string;
+    description?: string;
+    required: boolean;
+    multiple: boolean;
+    type?: string;
+    completionType?: string;
+  }[];
+  examples?: string[];
+}
+
+interface CommandInfo {
+  name: string;
+  aliases?: string[];
+  description: string;
+  usage?: string;
+  flags: FlagInfo[];
+  positionalArgs: {
+    name: string;
+    description?: string;
+    required: boolean;
+    multiple: boolean;
+    type?: string;
+    completionType?: string;
+  }[];
+  examples: string[];
+  subcommands?: Record<string, SubcommandInfo>;
+  documentationUrl?: string;
+  dynamicCompletions?: {
+    scripts?: boolean;
+    packages?: boolean;
+    files?: boolean;
+    binaries?: boolean;
+  };
+}
+
+interface CompletionData {
+  version: string;
+  commands: Record<string, CommandInfo>;
+  globalFlags: FlagInfo[];
+  specialHandling: {
+    bareCommand: {
+      description: string;
+      canRunFiles: boolean;
+      dynamicCompletions: {
+        scripts: boolean;
+        files: boolean;
+        binaries: boolean;
+      };
+    };
+  };
+  bunGetCompletes: {
+    available: boolean;
+    commands: {
+      scripts: string; // "bun getcompletes s" or "bun getcompletes z"
+      binaries: string; // "bun getcompletes b"
+      packages: string; // "bun getcompletes a <prefix>"
+      files: string; // "bun getcompletes j"
+    };
+  };
+}
+
+const BUN_EXECUTABLE = process.env.BUN_DEBUG_BUILD || "bun";
+
+/**
+ * Parse flag line from help output
+ */
+function parseFlag(line: string): FlagInfo | null {
+  // Match patterns like:
+  // -h, --help                          Display this menu and exit
+  // --timeout=<val>              Set the per-test timeout in milliseconds, default is 5000.
+  // -r, --preload=<val>                 Import a module before other modules are loaded
+  // --watch                         Automatically restart the process on file change
+
+  const patterns = [
+    // Long flag with short flag and value: -r, --preload=<val>
+    /^\s*(-[a-zA-Z]),\s+(--[a-zA-Z-]+)=(<[^>]+>)\s+(.+)$/,
+    // Long flag with short flag: -h, --help
+    /^\s*(-[a-zA-Z]),\s+(--[a-zA-Z-]+)\s+(.+)$/,
+    // Long flag with value: --timeout=<val>
+    /^\s+(--[a-zA-Z-]+)=(<[^>]+>)\s+(.+)$/,
+    // Long flag without value: --watch
+    /^\s+(--[a-zA-Z-]+)\s+(.+)$/,
+    // Short flag only: -i
+    /^\s+(-[a-zA-Z])\s+(.+)$/,
+  ];
+
+  for (const pattern of patterns) {
+    const match = line.match(pattern);
+    if (match) {
+      let shortName: string | undefined;
+      let longName: string;
+      let valueSpec: string | undefined;
+      let description: string;
+
+      if (match.length === 5) {
+        // Pattern with short flag, long flag, and value
+        [, shortName, longName, valueSpec, description] = match;
+      } else if (match.length === 4) {
+        if (match[1].startsWith("-") && match[1].length === 2) {
+          // Short flag with long flag
+          [, shortName, longName, description] = match;
+        } else if (match[2].startsWith("<")) {
+          // Long flag with value
+          [, longName, valueSpec, description] = match;
+        } else {
+          // Long flag without value
+          [, longName, description] = match;
+        }
+      } else if (match.length === 3) {
+        if (match[1].length === 2) {
+          // Short flag only
+          [, shortName, description] = match;
+          longName = shortName.replace("-", "--");
+        } else {
+          // Long flag without value
+          [, longName, description] = match;
+        }
+      } else {
+        continue;
+      }
+
+      // Extract additional info from description
+      const hasValue = !!valueSpec;
+      let valueType: string | undefined;
+      let defaultValue: string | undefined;
+      let choices: string[] | undefined;
+
+      if (valueSpec) {
+        valueType = valueSpec.replace(/[<>]/g, "");
+      }
+
+      // Look for default values in description
+      const defaultMatch = description.match(/[Dd]efault(?:s?)\s*(?:is|to|:)\s*"?([^".\s,]+)"?/);
+      if (defaultMatch) {
+        defaultValue = defaultMatch[1];
+      }
+
+      // Look for choices/enums
+      const choicesMatch = description.match(/(?:One of|Valid (?:orders?|values?|options?)):?\s*"?([^"]+)"?/);
+      if (choicesMatch) {
+        choices = choicesMatch[1]
+          .split(/[,\s]+/)
+          .map(s => s.replace(/[",]/g, "").trim())
+          .filter(Boolean);
+      }
+
+      return {
+        name: longName.replace(/^--/, ""),
+        shortName: shortName?.replace(/^-/, ""),
+        description: description.trim(),
+        hasValue,
+        valueType,
+        defaultValue,
+        choices,
+        required: false, // We'll determine this from usage patterns
+        multiple: description.toLowerCase().includes("multiple") || description.includes("[]"),
+      };
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Parse usage line to extract positional arguments
+ */
+function parseUsage(usage: string): {
+  name: string;
+  description?: string;
+  required: boolean;
+  multiple: boolean;
+  type?: string;
+  completionType?: string;
+}[] {
+  const args: {
+    name: string;
+    description?: string;
+    required: boolean;
+    multiple: boolean;
+    type?: string;
+    completionType?: string;
+  }[] = [];
+
+  // Extract parts after command name
+  const parts = usage.split(/\s+/).slice(2); // Skip "Usage:" and command name
+
+  for (const part of parts) {
+    if (part.startsWith("[") || part.startsWith("<") || part.includes("...")) {
+      let name = part;
+      let required = false;
+      let multiple = false;
+      let completionType: string | undefined;
+
+      // Clean up the argument name
+      name = name.replace(/[\[\]<>]/g, "");
+
+      if (part.startsWith("<")) {
+        required = true;
+      }
+
+      if (part.includes("...") || name.includes("...")) {
+        multiple = true;
+        name = name.replace(/\.{3}/g, "");
+      }
+
+      // Skip flags
+      if (!name.startsWith("-") && name.length > 0) {
+        // Determine completion type based on argument name
+        if (name.toLowerCase().includes("package")) {
+          completionType = "package";
+        } else if (name.toLowerCase().includes("script")) {
+          completionType = "script";
+        } else if (name.toLowerCase().includes("file") || name.includes(".")) {
+          completionType = "file";
+        }
+
+        args.push({
+          name,
+          required,
+          multiple,
+          type: "string", // Default type
+          completionType,
+        });
+      }
+    }
+  }
+
+  return args;
+}
+
+const temppackagejson = mkdtempSync("package");
+writeFileSync(
+  join(temppackagejson, "package.json"),
+  JSON.stringify({
+    name: "test",
+    version: "1.0.0",
+    scripts: {},
+  }),
+);
+process.once("beforeExit", () => {
+  rmSync(temppackagejson, { recursive: true });
+});
+
+/**
+ * Execute bun command and get help output
+ */
+async function getHelpOutput(command: string[]): Promise<string> {
+  try {
+    const proc = spawn({
+      cmd: [BUN_EXECUTABLE, ...command, "--help"],
+      stdout: "pipe",
+      stderr: "pipe",
+      cwd: temppackagejson,
+    });
+
+    const [stdout, stderr] = await Promise.all([new Response(proc.stdout).text(), new Response(proc.stderr).text()]);
+
+    await proc.exited;
+
+    return stdout || stderr || "";
+  } catch (error) {
+    console.error(`Failed to get help for command: ${command.join(" ")}`, error);
+    return "";
+  }
+}
+
+/**
+ * Parse PM subcommands from help output
+ */
+function parsePmSubcommands(helpText: string): Record<string, SubcommandInfo> {
+  const lines = helpText.split("\n");
+  const subcommands: Record<string, SubcommandInfo> = {};
+
+  let inCommands = false;
+  for (const line of lines) {
+    const trimmed = line.trim();
+
+    if (trimmed === "Commands:") {
+      inCommands = true;
+      continue;
+    }
+
+    if (inCommands && trimmed.startsWith("Learn more")) {
+      break;
+    }
+
+    if (inCommands && line.match(/^\s+bun pm \w+/)) {
+      // Parse lines like: "bun pm pack                 create a tarball of the current workspace"
+      const match = line.match(/^\s+bun pm (\S+)(?:\s+(.+))?$/);
+      if (match) {
+        const [, name, description = ""] = match;
+        subcommands[name] = {
+          name,
+          description: description.trim(),
+          flags: [],
+          positionalArgs: [],
+        };
+
+        // Special handling for subcommands with their own subcommands
+        if (name === "cache") {
+          subcommands[name].subcommands = {
+            rm: {
+              name: "rm",
+              description: "clear the cache",
+            },
+          };
+        } else if (name === "pkg") {
+          subcommands[name].subcommands = {
+            get: { name: "get", description: "get values from package.json" },
+            set: { name: "set", description: "set values in package.json" },
+            delete: { name: "delete", description: "delete keys from package.json" },
+            fix: { name: "fix", description: "auto-correct common package.json errors" },
+          };
+        }
+      }
+    }
+  }
+
+  return subcommands;
+}
+
+/**
+ * Parse help output into CommandInfo
+ */
+function parseHelpOutput(helpText: string, commandName: string): CommandInfo {
+  const lines = helpText.split("\n");
+  const command: CommandInfo = {
+    name: commandName,
+    description: "",
+    flags: [],
+    positionalArgs: [],
+    examples: [],
+  };
+
+  let currentSection = "";
+  let inFlags = false;
+  let inExamples = false;
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const trimmed = line.trim();
+
+    // Extract command description (usually the first non-usage line)
+    if (
+      !command.description &&
+      trimmed &&
+      !trimmed.startsWith("Usage:") &&
+      !trimmed.startsWith("Alias:") &&
+      currentSection === ""
+    ) {
+      command.description = trimmed;
+      continue;
+    }
+
+    // Extract aliases
+    if (trimmed.startsWith("Alias:")) {
+      const aliasMatch = trimmed.match(/Alias:\s*(.+)/);
+      if (aliasMatch) {
+        command.aliases = aliasMatch[1]
+          .split(/[,\s]+/)
+          .map(a => a.trim())
+          .filter(Boolean);
+      }
+      continue;
+    }
+
+    // Extract usage and positional args
+    if (trimmed.startsWith("Usage:")) {
+      command.usage = trimmed;
+      command.positionalArgs = parseUsage(trimmed);
+      continue;
+    }
+
+    // Track sections
+    if (trimmed === "Flags:") {
+      inFlags = true;
+      currentSection = "flags";
+      continue;
+    } else if (trimmed === "Examples:") {
+      inExamples = true;
+      inFlags = false;
+      currentSection = "examples";
+      continue;
+    } else if (
+      trimmed.startsWith("Full documentation") ||
+      trimmed.startsWith("Learn more") ||
+      trimmed.startsWith("A full list")
+    ) {
+      const urlMatch = trimmed.match(/https?:\/\/[^\s]+/);
+      if (urlMatch) {
+        command.documentationUrl = urlMatch[0];
+      }
+      inFlags = false;
+      inExamples = false;
+      continue;
+    }
+
+    // Parse flags
+    if (inFlags && line.match(/^\s+(-|\s+--)/)) {
+      const flag = parseFlag(line);
+      if (flag) {
+        command.flags.push(flag);
+      }
+    }
+
+    // Parse examples
+    if (inExamples && trimmed && !trimmed.startsWith("Full documentation")) {
+      if (trimmed.startsWith("bun ") || trimmed.startsWith("./") || trimmed.startsWith("Bundle")) {
+        command.examples.push(trimmed);
+      }
+    }
+  }
+
+  // Special case for pm command
+  if (commandName === "pm") {
+    command.subcommands = parsePmSubcommands(helpText);
+  }
+
+  // Add dynamic completion info based on command
+  command.dynamicCompletions = {};
+  if (commandName === "run") {
+    command.dynamicCompletions.scripts = true;
+    command.dynamicCompletions.files = true;
+    command.dynamicCompletions.binaries = true;
+    // Also add file type info for positional args
+    for (const arg of command.positionalArgs) {
+      if (arg.name.includes("file") || arg.name.includes("script")) {
+        arg.completionType = "javascript_files";
+      }
+    }
+  } else if (commandName === "add") {
+    command.dynamicCompletions.packages = true;
+    // Mark package args
+    for (const arg of command.positionalArgs) {
+      if (arg.name.includes("package") || arg.name === "name") {
+        arg.completionType = "package";
+      }
+    }
+  } else if (commandName === "remove") {
+    command.dynamicCompletions.packages = true; // installed packages
+    for (const arg of command.positionalArgs) {
+      if (arg.name.includes("package") || arg.name === "name") {
+        arg.completionType = "installed_package";
+      }
+    }
+  } else if (["test"].includes(commandName)) {
+    command.dynamicCompletions.files = true;
+    for (const arg of command.positionalArgs) {
+      if (arg.name.includes("pattern") || arg.name.includes("file")) {
+        arg.completionType = "test_files";
+      }
+    }
+  } else if (["build"].includes(commandName)) {
+    command.dynamicCompletions.files = true;
+    for (const arg of command.positionalArgs) {
+      if (arg.name === "entrypoint" || arg.name.includes("file")) {
+        arg.completionType = "javascript_files";
+      }
+    }
+  } else if (commandName === "create") {
+    // Create has special template completions
+    for (const arg of command.positionalArgs) {
+      if (arg.name.includes("template")) {
+        arg.completionType = "create_template";
+      }
+    }
+  }
+
+  return command;
+}
+
+/**
+ * Get list of main commands from bun --help
+ */
+async function getMainCommands(): Promise<string[]> {
+  const helpText = await getHelpOutput([]);
+  const lines = helpText.split("\n");
+  const commands: string[] = [];
+
+  let inCommands = false;
+  for (const line of lines) {
+    const trimmed = line.trim();
+
+    if (trimmed === "Commands:") {
+      inCommands = true;
+      continue;
+    }
+
+    // Stop when we hit the "Flags:" section
+    if (inCommands && trimmed === "Flags:") {
+      break;
+    }
+
+    if (inCommands && line.match(/^\s+\w+/)) {
+      // Extract command name (first word after whitespace)
+      const match = line.match(/^\s+(\w+)/);
+      if (match) {
+        commands.push(match[1]);
+      }
+    }
+  }
+
+  const commandsToRemove = ["lint"];
+
+  return commands.filter(a => {
+    if (commandsToRemove.includes(a)) {
+      return false;
+    }
+    return true;
+  });
+}
+
+/**
+ * Extract global flags from main help
+ */
+function parseGlobalFlags(helpText: string): FlagInfo[] {
+  const lines = helpText.split("\n");
+  const flags: FlagInfo[] = [];
+
+  let inFlags = false;
+  for (const line of lines) {
+    const trimmed = line.trim();
+
+    if (trimmed === "Flags:") {
+      inFlags = true;
+      continue;
+    }
+
+    if (inFlags && (trimmed === "" || trimmed.startsWith("("))) {
+      break;
+    }
+
+    if (inFlags && line.match(/^\s+(-|\s+--)/)) {
+      const flag = parseFlag(line);
+      if (flag) {
+        flags.push(flag);
+      }
+    }
+  }
+
+  return flags;
+}
+
+/**
+ * Add command aliases based on common patterns
+ */
+function addCommandAliases(commands: Record<string, CommandInfo>): void {
+  const aliasMap: Record<string, string[]> = {
+    "install": ["i"],
+    "add": ["a"],
+    "remove": ["rm"],
+    "create": ["c"],
+    "x": ["bunx"], // bunx is an alias for bun x
+  };
+
+  for (const [command, aliases] of Object.entries(aliasMap)) {
+    if (commands[command]) {
+      commands[command].aliases = aliases;
+    }
+  }
+}
+
+/**
+ * Main function to generate completion data
+ */
+async function generateCompletions(): Promise<void> {
+  console.log("🔍 Discovering Bun commands...");
+
+  // Get main help and extract commands
+  const mainHelpText = await getHelpOutput([]);
+  const mainCommands = await getMainCommands();
+  const globalFlags = parseGlobalFlags(mainHelpText);
+
+  console.log(`📋 Found ${mainCommands.length} main commands: ${mainCommands.join(", ")}`);
+
+  const completionData: CompletionData = {
+    version: "1.1.0",
+    commands: {},
+    globalFlags,
+    specialHandling: {
+      bareCommand: {
+        description: "Run JavaScript/TypeScript files directly or access package scripts and binaries",
+        canRunFiles: true,
+        dynamicCompletions: {
+          scripts: true,
+          files: true,
+          binaries: true,
+        },
+      },
+    },
+    bunGetCompletes: {
+      available: true,
+      commands: {
+        scripts: "bun getcompletes s", // or "bun getcompletes z" for scripts with descriptions
+        binaries: "bun getcompletes b",
+        packages: "bun getcompletes a", // takes prefix as argument
+        files: "bun getcompletes j", // JavaScript/TypeScript files
+      },
+    },
+  };
+
+  // Parse each command
+  for (const commandName of mainCommands) {
+    console.log(`📖 Parsing help for: ${commandName}`);
+
+    try {
+      const helpText = await getHelpOutput([commandName]);
+      if (helpText.trim()) {
+        const commandInfo = parseHelpOutput(helpText, commandName);
+        completionData.commands[commandName] = commandInfo;
+      }
+    } catch (error) {
+      console.error(`❌ Failed to parse ${commandName}:`, error);
+    }
+  }
+
+  // Add common aliases
+  addCommandAliases(completionData.commands);
+
+  // Also check some common subcommands that might have their own help
+  const additionalCommands = ["pm"];
+  for (const commandName of additionalCommands) {
+    if (!completionData.commands[commandName]) {
+      console.log(`📖 Parsing help for additional command: ${commandName}`);
+
+      try {
+        const helpText = await getHelpOutput([commandName]);
+        if (helpText.trim() && !helpText.includes("error:") && !helpText.includes("Error:")) {
+          const commandInfo = parseHelpOutput(helpText, commandName);
+          completionData.commands[commandName] = commandInfo;
+        }
+      } catch (error) {
+        console.error(`❌ Failed to parse ${commandName}:`, error);
+      }
+    }
+  }
+
+  // Ensure completions directory exists
+  const completionsDir = join(process.cwd(), "completions");
+  try {
+    mkdirSync(completionsDir, { recursive: true });
+  } catch (error) {
+    // Directory might already exist
+  }
+
+  // Write the JSON file
+  const outputPath = join(completionsDir, "bun-cli.json");
+  const jsonData = JSON.stringify(completionData, null, 2);
+
+  writeFileSync(outputPath, jsonData, "utf8");
+
+  console.log(`✅ Generated CLI completion data at: ${outputPath}`);
+  console.log(`📊 Statistics:`);
+  console.log(`   - Commands: ${Object.keys(completionData.commands).length}`);
+  console.log(`   - Global flags: ${completionData.globalFlags.length}`);
+
+  let totalFlags = 0;
+  let totalExamples = 0;
+  let totalSubcommands = 0;
+  for (const [name, cmd] of Object.entries(completionData.commands)) {
+    totalFlags += cmd.flags.length;
+    totalExamples += cmd.examples.length;
+    const subcommandCount = cmd.subcommands ? Object.keys(cmd.subcommands).length : 0;
+    totalSubcommands += subcommandCount;
+
+    const aliasInfo = cmd.aliases ? ` (aliases: ${cmd.aliases.join(", ")})` : "";
+    const subcommandInfo = subcommandCount > 0 ? `, ${subcommandCount} subcommands` : "";
+    const dynamicInfo = cmd.dynamicCompletions ? ` [dynamic: ${Object.keys(cmd.dynamicCompletions).join(", ")}]` : "";
+
+    console.log(
+      `   - ${name}${aliasInfo}: ${cmd.flags.length} flags, ${cmd.positionalArgs.length} positional args, ${cmd.examples.length} examples${subcommandInfo}${dynamicInfo}`,
+    );
+  }
+
+  console.log(`   - Total command flags: ${totalFlags}`);
+  console.log(`   - Total examples: ${totalExamples}`);
+  console.log(`   - Total subcommands: ${totalSubcommands}`);
+}
+
+// Run the script
+if (import.meta.main) {
+  generateCompletions().catch(console.error);
+}
--- a/misctools/lldb/README.md
+++ b/misctools/lldb/README.md
@@ -0,0 +1,121 @@
+# LLDB Pretty Printers for Bun
+
+This directory contains LLDB pretty printers for various Bun data structures to improve the debugging experience.
+
+## Files
+
+- `bun_pretty_printer.py` - Pretty printers for Bun-specific types (bun.String, WTFStringImpl, ZigString, BabyList, etc.)
+- `lldb_pretty_printers.py` - Pretty printers for Zig language types from the Zig project
+- `lldb_webkit.py` - Pretty printers for WebKit/JavaScriptCore types
+- `init.lldb` - LLDB initialization commands
+
+## Supported Types
+
+### bun.String Types
+- `bun.String` (or just `String`) - The main Bun string type
+- `WTFStringImpl` - WebKit string implementation (Latin1/UTF16)
+- `ZigString` - Zig string type (UTF8/Latin1/UTF16 with pointer tagging)
+
+### Display Format
+
+The pretty printers show string content directly, with additional metadata:
+
+```
+# bun.String examples:
+"Hello, World!" [latin1]          # Regular ZigString
+"UTF-8 String 🎉" [utf8]          # UTF-8 encoded
+"Static content" [latin1 static]  # Static string
+""                                # Empty string
+<dead>                            # Dead/invalid string
+
+# WTFStringImpl examples:
+"WebKit String"                   # Shows the actual string content
+
+# ZigString examples:
+"Some text" [utf16 global]        # UTF16 globally allocated
+"ASCII text" [latin1]             # Latin1 encoded
+```
+
+## Usage
+
+### Option 1: Manual Loading
+In your LLDB session:
+```lldb
+command script import /path/to/bun/misctools/lldb/bun_pretty_printer.py
+```
+
+### Option 2: Add to ~/.lldbinit
+Add the following line to your `~/.lldbinit` file to load automatically:
+```lldb
+command script import /path/to/bun/misctools/lldb/bun_pretty_printer.py
+```
+
+### Option 3: Use init.lldb
+```lldb
+command source /path/to/bun/misctools/lldb/init.lldb
+```
+
+## Testing
+
+To test the pretty printers:
+
+1. Build a debug version of Bun:
+```bash
+bun bd
+```
+
+2. Create a test file that uses bun.String types
+
+3. Debug with LLDB:
+```bash
+lldb ./build/debug/bun-debug
+(lldb) command script import misctools/lldb/bun_pretty_printer.py
+(lldb) breakpoint set --file your_test.zig --line <line_number>
+(lldb) run your_test.zig
+(lldb) frame variable
+```
+
+## Implementation Details
+
+### ZigString Pointer Tagging
+ZigString uses pointer tagging in the upper bits:
+- Bit 63: 1 = UTF16, 0 = UTF8/Latin1
+- Bit 62: 1 = Globally allocated (mimalloc)
+- Bit 61: 1 = UTF8 encoding
+
+The pretty printer automatically detects and handles these tags.
+
+### WTFStringImpl Encoding
+WTFStringImpl uses flags in `m_hashAndFlags`:
+- Bit 2 (s_hashFlag8BitBuffer): 1 = Latin1, 0 = UTF16
+
+### bun.String Tag Union
+bun.String is a tagged union with these variants:
+- Dead (0): Invalid/freed string
+- WTFStringImpl (1): WebKit string
+- ZigString (2): Regular Zig string
+- StaticZigString (3): Static/immortal string
+- Empty (4): Empty string ""
+
+## Troubleshooting
+
+If the pretty printers don't work:
+
+1. Verify the Python script loaded:
+```lldb
+(lldb) script print("Python works")
+```
+
+2. Check if the category is enabled:
+```lldb
+(lldb) type category list
+```
+
+3. Enable the Bun category manually:
+```lldb
+(lldb) type category enable bun
+```
+
+4. For debugging the pretty printer itself, check for exceptions:
+- The pretty printers catch all exceptions and return `<error>`
+- Modify the code to print exceptions for debugging
--- a/misctools/lldb/bun_pretty_printer.py
+++ b/misctools/lldb/bun_pretty_printer.py
@@ -10,8 +10,8 @@ class bun_BabyList_SynthProvider:

        try:
            self.ptr = self.value.GetChildMemberWithName('ptr')
-            self.len = self.value.GetChildMemberWithName('len').unsigned
-            self.cap = self.value.GetChildMemberWithName('cap').unsigned
+            self.len = self.value.GetChildMemberWithName('len').GetValueAsUnsigned()
+            self.cap = self.value.GetChildMemberWithName('cap').GetValueAsUnsigned()
            self.elem_type = self.ptr.type.GetPointeeType()
            self.elem_size = self.elem_type.size
        except:
@@ -46,7 +46,7 @@ def bun_BabyList_SummaryProvider(value, _=None):
        value = value.GetNonSyntheticValue()
        len_val = value.GetChildMemberWithName('len')
        cap_val = value.GetChildMemberWithName('cap')
-        return 'len=%d cap=%d' % (len_val.unsigned, cap_val.unsigned)
+        return 'len=%d cap=%d' % (len_val.GetValueAsUnsigned(), cap_val.GetValueAsUnsigned())
    except:
        return 'len=? cap=?'

@@ -67,6 +67,241 @@ def add(debugger, *, category, regex=False, type, identifier=None, synth=False,
            type
        ))

+def WTFStringImpl_SummaryProvider(value, _=None):
+    try:
+        # Get the raw pointer (it's already a pointer type)
+        value = value.GetNonSyntheticValue()
+        
+        # Check if it's a pointer type and dereference if needed
+        if value.type.IsPointerType():
+            struct = value.deref
+        else:
+            struct = value
+        
+        m_length = struct.GetChildMemberWithName('m_length').GetValueAsUnsigned()
+        m_hashAndFlags = struct.GetChildMemberWithName('m_hashAndFlags').GetValueAsUnsigned()
+        m_ptr = struct.GetChildMemberWithName('m_ptr')
+        
+        # Check if it's 8-bit (latin1) or 16-bit (utf16) string
+        s_hashFlag8BitBuffer = 1 << 2
+        is_8bit = (m_hashAndFlags & s_hashFlag8BitBuffer) != 0
+        
+        if m_length == 0:
+            return '[%s] ""' % ('latin1' if is_8bit else 'utf16')
+        
+        # Limit memory reads to 1MB for performance
+        MAX_BYTES = 1024 * 1024  # 1MB
+        MAX_DISPLAY_CHARS = 200  # Maximum characters to display
+        
+        # Calculate how much to read
+        bytes_per_char = 1 if is_8bit else 2
+        total_bytes = m_length * bytes_per_char
+        truncated = False
+        
+        if total_bytes > MAX_BYTES:
+            # Read only first part of very large strings
+            chars_to_read = MAX_BYTES // bytes_per_char
+            bytes_to_read = chars_to_read * bytes_per_char
+            truncated = True
+        else:
+            chars_to_read = m_length
+            bytes_to_read = total_bytes
+        
+        if is_8bit:
+            # Latin1 string
+            latin1_ptr = m_ptr.GetChildMemberWithName('latin1')
+            process = value.process
+            error = lldb.SBError()
+            ptr_addr = latin1_ptr.GetValueAsUnsigned()
+            if ptr_addr:
+                byte_data = process.ReadMemory(ptr_addr, min(chars_to_read, m_length), error)
+                if error.Success():
+                    string_val = byte_data.decode('latin1', errors='replace')
+                else:
+                    return '[latin1] <read error: %s>' % error
+            else:
+                return '[latin1] <null ptr>'
+        else:
+            # UTF16 string
+            utf16_ptr = m_ptr.GetChildMemberWithName('utf16')
+            process = value.process
+            error = lldb.SBError()
+            ptr_addr = utf16_ptr.GetValueAsUnsigned()
+            if ptr_addr:
+                byte_data = process.ReadMemory(ptr_addr, bytes_to_read, error)
+                if error.Success():
+                    # Properly decode UTF16LE to string
+                    string_val = byte_data.decode('utf-16le', errors='replace')
+                else:
+                    return '[utf16] <read error: %s>' % error
+            else:
+                return '[utf16] <null ptr>'
+        
+        # Escape special characters
+        string_val = string_val.replace('\\', '\\\\')
+        string_val = string_val.replace('"', '\\"')
+        string_val = string_val.replace('\n', '\\n')
+        string_val = string_val.replace('\r', '\\r')
+        string_val = string_val.replace('\t', '\\t')
+        
+        # Truncate display if too long
+        display_truncated = truncated or len(string_val) > MAX_DISPLAY_CHARS
+        if len(string_val) > MAX_DISPLAY_CHARS:
+            string_val = string_val[:MAX_DISPLAY_CHARS]
+        
+        # Add encoding and size info at the beginning
+        encoding = 'latin1' if is_8bit else 'utf16'
+        
+        if display_truncated:
+            size_info = ' %d chars' % m_length
+            if total_bytes >= 1024 * 1024:
+                size_info += ' (%.1fMB)' % (total_bytes / (1024.0 * 1024.0))
+            elif total_bytes >= 1024:
+                size_info += ' (%.1fKB)' % (total_bytes / 1024.0)
+            return '[%s%s] "%s..." <truncated>' % (encoding, size_info, string_val)
+        else:
+            return '[%s] "%s"' % (encoding, string_val)
+    except:
+        return '<error>'
+
+def ZigString_SummaryProvider(value, _=None):
+    try:
+        value = value.GetNonSyntheticValue()
+        
+        ptr = value.GetChildMemberWithName('_unsafe_ptr_do_not_use').GetValueAsUnsigned()
+        length = value.GetChildMemberWithName('len').GetValueAsUnsigned()
+        
+        # Check encoding flags
+        is_16bit = (ptr & (1 << 63)) != 0
+        is_utf8 = (ptr & (1 << 61)) != 0
+        is_global = (ptr & (1 << 62)) != 0
+        
+        # Determine encoding
+        encoding = 'utf16' if is_16bit else ('utf8' if is_utf8 else 'latin1')
+        flags = ' global' if is_global else ''
+        
+        if length == 0:
+            return '[%s%s] ""' % (encoding, flags)
+        
+        # Untag the pointer (keep only the lower 53 bits)
+        untagged_ptr = ptr & ((1 << 53) - 1)
+        
+        # Limit memory reads to 1MB for performance
+        MAX_BYTES = 1024 * 1024  # 1MB
+        MAX_DISPLAY_CHARS = 200  # Maximum characters to display
+        
+        # Calculate how much to read
+        bytes_per_char = 2 if is_16bit else 1
+        total_bytes = length * bytes_per_char
+        truncated = False
+        
+        if total_bytes > MAX_BYTES:
+            # Read only first part of very large strings
+            chars_to_read = MAX_BYTES // bytes_per_char
+            bytes_to_read = chars_to_read * bytes_per_char
+            truncated = True
+        else:
+            bytes_to_read = total_bytes
+        
+        # Read the string data
+        process = value.process
+        error = lldb.SBError()
+        
+        byte_data = process.ReadMemory(untagged_ptr, bytes_to_read, error)
+        if not error.Success():
+            return '[%s%s] <read error>' % (encoding, flags)
+        
+        # Decode based on encoding
+        if is_16bit:
+            string_val = byte_data.decode('utf-16le', errors='replace')
+        elif is_utf8:
+            string_val = byte_data.decode('utf-8', errors='replace')
+        else:
+            string_val = byte_data.decode('latin1', errors='replace')
+        
+        # Escape special characters
+        string_val = string_val.replace('\\', '\\\\')
+        string_val = string_val.replace('"', '\\"')
+        string_val = string_val.replace('\n', '\\n')
+        string_val = string_val.replace('\r', '\\r')
+        string_val = string_val.replace('\t', '\\t')
+        
+        # Truncate display if too long
+        display_truncated = truncated or len(string_val) > MAX_DISPLAY_CHARS
+        if len(string_val) > MAX_DISPLAY_CHARS:
+            string_val = string_val[:MAX_DISPLAY_CHARS]
+        
+        # Build the output
+        if display_truncated:
+            size_info = ' %d chars' % length
+            if total_bytes >= 1024 * 1024:
+                size_info += ' (%.1fMB)' % (total_bytes / (1024.0 * 1024.0))
+            elif total_bytes >= 1024:
+                size_info += ' (%.1fKB)' % (total_bytes / 1024.0)
+            return '[%s%s%s] "%s..." <truncated>' % (encoding, flags, size_info, string_val)
+        else:
+            return '[%s%s] "%s"' % (encoding, flags, string_val)
+    except:
+        return '<error>'
+
+def bun_String_SummaryProvider(value, _=None):
+    try:
+        value = value.GetNonSyntheticValue()
+        
+        # Debug: Show the actual type name LLDB sees
+        type_name = value.GetTypeName()
+        
+        tag = value.GetChildMemberWithName('tag')
+        if not tag or not tag.IsValid():
+            # Try alternate field names
+            tag = value.GetChildMemberWithName('Tag')
+            if not tag or not tag.IsValid():
+                # Show type name to help debug
+                return '<no tag field in type: %s>' % type_name
+        
+        tag_value = tag.GetValueAsUnsigned()
+        
+        # Map tag values to names
+        tag_names = {
+            0: 'Dead',
+            1: 'WTFStringImpl', 
+            2: 'ZigString',
+            3: 'StaticZigString',
+            4: 'Empty'
+        }
+        
+        tag_name = tag_names.get(tag_value, 'Unknown')
+        
+        if tag_name == 'Empty':
+            return '""'
+        elif tag_name == 'Dead':
+            return '<dead>'
+        elif tag_name == 'WTFStringImpl':
+            value_union = value.GetChildMemberWithName('value')
+            if not value_union or not value_union.IsValid():
+                return '<no value field>'
+            impl_value = value_union.GetChildMemberWithName('WTFStringImpl')
+            if not impl_value or not impl_value.IsValid():
+                return '<no WTFStringImpl field>'
+            return WTFStringImpl_SummaryProvider(impl_value, _)
+        elif tag_name == 'ZigString' or tag_name == 'StaticZigString':
+            value_union = value.GetChildMemberWithName('value')
+            if not value_union or not value_union.IsValid():
+                return '<no value field>'
+            field_name = 'ZigString' if tag_name == 'ZigString' else 'StaticZigString'
+            zig_string_value = value_union.GetChildMemberWithName(field_name)
+            if not zig_string_value or not zig_string_value.IsValid():
+                return '<no %s field>' % field_name
+            result = ZigString_SummaryProvider(zig_string_value, _)
+            # Add static marker if needed
+            if tag_name == 'StaticZigString':
+                result = result.replace(']', ' static]')
+            return result
+        else:
+            return '<unknown tag %d>' % tag_value
+    except Exception as e:
+        return '<error: %s>' % str(e)
+
 def __lldb_init_module(debugger, _=None):
    # Initialize Bun Category
    debugger.HandleCommand('type category define --language c99 bun')
@@ -74,5 +309,30 @@ def __lldb_init_module(debugger, _=None):
    # Initialize Bun Data Structures
    add(debugger, category='bun', regex=True, type='^baby_list\\.BabyList\\(.*\\)$', identifier='bun_BabyList', synth=True, expand=True, summary=True)
    
+    # Add WTFStringImpl pretty printer - try multiple possible type names
+    add(debugger, category='bun', type='WTFStringImpl', identifier='WTFStringImpl', summary=True)
+    add(debugger, category='bun', type='*WTFStringImplStruct', identifier='WTFStringImpl', summary=True)
+    add(debugger, category='bun', type='string.WTFStringImpl', identifier='WTFStringImpl', summary=True)
+    add(debugger, category='bun', type='string.WTFStringImplStruct', identifier='WTFStringImpl', summary=True)
+    add(debugger, category='bun', type='*string.WTFStringImplStruct', identifier='WTFStringImpl', summary=True)
+    
+    # Add ZigString pretty printer - try multiple possible type names
+    add(debugger, category='bun', type='ZigString', identifier='ZigString', summary=True)
+    add(debugger, category='bun', type='bun.js.bindings.ZigString', identifier='ZigString', summary=True)
+    add(debugger, category='bun', type='bindings.ZigString', identifier='ZigString', summary=True)
+    
+    # Add bun.String pretty printer - try multiple possible type names
+    add(debugger, category='bun', type='String', identifier='bun_String', summary=True)
+    add(debugger, category='bun', type='bun.String', identifier='bun_String', summary=True)
+    add(debugger, category='bun', type='string.String', identifier='bun_String', summary=True)
+    add(debugger, category='bun', type='BunString', identifier='bun_String', summary=True)
+    add(debugger, category='bun', type='bun::String', identifier='bun_String', summary=True)
+    add(debugger, category='bun', type='bun::string::String', identifier='bun_String', summary=True)
+    
+    # Try regex patterns for more flexible matching
+    add(debugger, category='bun', regex=True, type='.*String$', identifier='bun_String', summary=True)
+    add(debugger, category='bun', regex=True, type='.*WTFStringImpl.*', identifier='WTFStringImpl', summary=True)
+    add(debugger, category='bun', regex=True, type='.*ZigString.*', identifier='ZigString', summary=True)
+    
    # Enable the category
    debugger.HandleCommand('type category enable bun')
--- a/package.json
+++ b/package.json
@@ -1,15 +1,16 @@
 {
  "private": true,
  "name": "bun",
-  "version": "1.2.20",
+  "version": "1.2.21",
  "workspaces": [
    "./packages/bun-types",
    "./packages/@types/bun"
  ],
  "devDependencies": {
-    "bun-tracestrings": "github:oven-sh/bun.report#912ca63e26c51429d3e6799aa2a6ab079b188fd8",
    "@lezer/common": "^1.2.3",
    "@lezer/cpp": "^1.1.3",
+    "@types/bun": "workspace:*",
+    "bun-tracestrings": "github:oven-sh/bun.report#912ca63e26c51429d3e6799aa2a6ab079b188fd8",
    "esbuild": "^0.21.4",
    "mitata": "^0.1.11",
    "peechy": "0.4.34",
@@ -48,6 +49,9 @@
    "css-properties": "bun run src/css/properties/generate_properties.ts",
    "uv-posix-stubs": "bun run src/bun.js/bindings/libuv/generate_uv_posix_stubs.ts",
    "bump": "bun ./scripts/bump.ts",
+    "jsc:build": "bun ./scripts/build-jsc.ts release",
+    "jsc:build:debug": "bun ./scripts/build-jsc.ts debug",
+    "jsc:build:lto": "bun ./scripts/build-jsc.ts lto",
    "typecheck": "tsc --noEmit && cd test && bun run typecheck",
    "fmt": "bun run prettier",
    "fmt:cpp": "bun run clang-format",
@@ -68,9 +72,9 @@
    "zig:check-windows": "bun run zig build check-windows --summary new",
    "analysis": "bun ./scripts/build.mjs -DCMAKE_BUILD_TYPE=Debug -DENABLE_ANALYSIS=ON -DENABLE_CCACHE=OFF -B build/analysis",
    "analysis:no-llvm": "bun run analysis -DENABLE_LLVM=OFF",
-    "clang-format": "bun run analysis --target clang-format",
-    "clang-format:check": "bun run analysis --target clang-format-check",
-    "clang-format:diff": "bun run analysis --target clang-format-diff",
+    "clang-format": "./scripts/run-clang-format.sh format",
+    "clang-format:check": "./scripts/run-clang-format.sh check",
+    "clang-format:diff": "./scripts/run-clang-format.sh diff",
    "clang-tidy": "bun run analysis --target clang-tidy",
    "clang-tidy:check": "bun run analysis --target clang-tidy-check",
    "clang-tidy:diff": "bun run analysis --target clang-tidy-diff",
--- a/packages/bun-native-bundler-plugin-api/bundler_plugin.h
+++ b/packages/bun-native-bundler-plugin-api/bundler_plugin.h
@@ -18,9 +18,11 @@ typedef enum {
  BUN_LOADER_BASE64 = 10,
  BUN_LOADER_DATAURL = 11,
  BUN_LOADER_TEXT = 12,
+  BUN_LOADER_HTML = 17,
+  BUN_LOADER_YAML = 18,
 } BunLoader;

-const BunLoader BUN_LOADER_MAX = BUN_LOADER_TEXT;
+const BunLoader BUN_LOADER_MAX = BUN_LOADER_YAML;

 typedef struct BunLogOptions {
  size_t __struct_size;
--- a/packages/bun-plugin-svelte/bun.lock
+++ b/packages/bun-plugin-svelte/bun.lock
@@ -5,7 +5,7 @@
      "name": "bun-plugin-svelte",
      "devDependencies": {
        "@threlte/core": "8.0.1",
-        "bun-types": "canary",
+        "@types/bun": "../bun-types",
        "svelte": "^5.20.4",
      },
      "peerDependencies": {
@@ -28,11 +28,13 @@

    "@threlte/core": ["@threlte/core@8.0.1", "", { "dependencies": { "mitt": "^3.0.1" }, "peerDependencies": { "svelte": ">=5", "three": ">=0.155" } }, "sha512-vy1xRQppJFNmfPTeiRQue+KmYFsbPgVhwuYXRTvVrwPeD2oYz43gxUeOpe1FACeGKxrxZykeKJF5ebVvl7gBxw=="],

+    "@types/bun": ["bun-types@file:../bun-types", { "dependencies": { "@types/node": "*" }, "devDependencies": { "@types/react": "^19" }, "peerDependencies": { "@types/react": "^19" } }],
+
    "@types/estree": ["@types/estree@1.0.6", "", {}, "sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw=="],

    "@types/node": ["@types/node@22.13.5", "", { "dependencies": { "undici-types": "~6.20.0" } }, "sha512-+lTU0PxZXn0Dr1NBtC7Y8cR21AJr87dLLU953CWA6pMxxv/UDc7jYAY90upcrie1nRcD6XNG5HOYEDtgW5TxAg=="],

-    "@types/ws": ["@types/ws@8.5.14", "", { "dependencies": { "@types/node": "*" } }, "sha512-bd/YFLW+URhBzMXurx7lWByOu+xzU9+kb3RboOteXYDfW+tr+JZa99OyNmPINEGB/ahzKrEuc8rcv4gnpJmxTw=="],
+    "@types/react": ["@types/react@19.1.9", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-WmdoynAX8Stew/36uTSVMcLJJ1KRh6L3IZRx1PZ7qJtBqT3dYTgyDTx8H1qoRghErydW7xw9mSJ3wS//tCRpFA=="],

    "acorn": ["acorn@8.14.0", "", { "bin": { "acorn": "bin/acorn" } }, "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA=="],

@@ -42,10 +44,10 @@

    "axobject-query": ["axobject-query@4.1.0", "", {}, "sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ=="],

-    "bun-types": ["bun-types@1.2.4-canary.20250226T140704", "", { "dependencies": { "@types/node": "*", "@types/ws": "~8.5.10" } }, "sha512-P8b2CGLtbvi/kQ4dPHBhU5qkguIjHMYCjNqjWDTKSnodWDTbcv9reBdktZJ7m5SF4m15JLthfFq2PtwKpA9a+w=="],
-
    "clsx": ["clsx@2.1.1", "", {}, "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA=="],

+    "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="],
+
    "esm-env": ["esm-env@1.2.2", "", {}, "sha512-Epxrv+Nr/CaL4ZcFGPJIYLWFom+YeV1DqMLHJoEd9SYRxNbaFruBwfEX/kkHUJf55j2+TUbmDcmuilbP1TmXHA=="],

    "esrap": ["esrap@1.4.5", "", { "dependencies": { "@jridgewell/sourcemap-codec": "^1.4.15" } }, "sha512-CjNMjkBWWZeHn+VX+gS8YvFwJ5+NDhg8aWZBSFJPR8qQduDNjbJodA2WcwCm7uQa5Rjqj+nZvVmceg1RbHFB9g=="],
--- a/packages/bun-plugin-svelte/package.json
+++ b/packages/bun-plugin-svelte/package.json
@@ -23,7 +23,7 @@
    "build:types": "tsc --emitDeclarationOnly --declaration --declarationDir ./dist"
  },
  "devDependencies": {
-    "bun-types": "canary",
+    "@types/bun": "../bun-types",
    "svelte": "^5.20.4",
    "@threlte/core": "8.0.1"
  },
--- a/packages/bun-types/bun.d.ts
+++ b/packages/bun-types/bun.d.ts
--- a/packages/bun-types/deprecated.d.ts
+++ b/packages/bun-types/deprecated.d.ts
@@ -1,4 +1,35 @@
 declare module "bun" {
+  /** @deprecated This type is unused in Bun's types and might be removed in the near future */
+  type Platform =
+    | "aix"
+    | "android"
+    | "darwin"
+    | "freebsd"
+    | "haiku"
+    | "linux"
+    | "openbsd"
+    | "sunos"
+    | "win32"
+    | "cygwin"
+    | "netbsd";
+
+  /** @deprecated This type is unused in Bun's types and might be removed in the near future */
+  type Architecture = "arm" | "arm64" | "ia32" | "mips" | "mipsel" | "ppc" | "ppc64" | "s390" | "s390x" | "x64";
+
+  /** @deprecated This type is unused in Bun's types and might be removed in the near future */
+  type UncaughtExceptionListener = (error: Error, origin: UncaughtExceptionOrigin) => void;
+
+  /**
+   * Most of the time the unhandledRejection will be an Error, but this should not be relied upon
+   * as *anything* can be thrown/rejected, it is therefore unsafe to assume that the value is an Error.
+   *
+   * @deprecated This type is unused in Bun's types and might be removed in the near future
+   */
+  type UnhandledRejectionListener = (reason: unknown, promise: Promise<unknown>) => void;
+
+  /** @deprecated This type is unused in Bun's types and might be removed in the near future */
+  type MultipleResolveListener = (type: MultipleResolveType, promise: Promise<unknown>, value: unknown) => void;
+
  /**
   * Consume all data from a {@link ReadableStream} until it closes or errors.
   *
--- a/packages/bun-types/extensions.d.ts
+++ b/packages/bun-types/extensions.d.ts
@@ -8,6 +8,16 @@ declare module "*.toml" {
  export = contents;
 }

+declare module "*.yaml" {
+  var contents: any;
+  export = contents;
+}
+
+declare module "*.yml" {
+  var contents: any;
+  export = contents;
+}
+
 declare module "*.jsonc" {
  var contents: any;
  export = contents;
--- a/packages/bun-types/globals.d.ts
+++ b/packages/bun-types/globals.d.ts
@@ -1284,7 +1284,7 @@ interface ImportMeta {
   * )
   * ```
   */
-  readonly main: boolean;
+  main: boolean;

  /** Alias of `import.meta.dir`. Exists for Node.js compatibility */
  dirname: string;
@@ -1888,6 +1888,25 @@ interface BunFetchRequestInit extends RequestInit {
   * ```
   */
  unix?: string;
+
+  /**
+   * Control automatic decompression of the response body.
+   * When set to `false`, the response body will not be automatically decompressed,
+   * and the `Content-Encoding` header will be preserved. This can improve performance
+   * when you need to handle compressed data manually or forward it as-is.
+   * This is a custom property that is not part of the Fetch API specification.
+   *
+   * @default true
+   * @example
+   * ```js
+   * // Disable automatic decompression for a proxy server
+   * const response = await fetch("https://example.com/api", {
+   *   decompress: false
+   * });
+   * // response.headers.get('content-encoding') might be 'gzip' or 'br'
+   * ```
+   */
+  decompress?: boolean;
 }

 /**
--- a/packages/bun-types/index.d.ts
+++ b/packages/bun-types/index.d.ts
@@ -21,6 +21,8 @@
 /// <reference path="./redis.d.ts" />
 /// <reference path="./shell.d.ts" />
 /// <reference path="./experimental.d.ts" />
+/// <reference path="./sql.d.ts" />
+/// <reference path="./security.d.ts" />

 /// <reference path="./bun.ns.d.ts" />

--- a/packages/bun-types/overrides.d.ts
+++ b/packages/bun-types/overrides.d.ts
@@ -24,6 +24,12 @@ declare module "stream/web" {
  }
 }

+declare module "url" {
+  interface URLSearchParams {
+    toJSON(): Record<string, string>;
+  }
+}
+
 declare global {
  namespace NodeJS {
    interface ProcessEnv extends Bun.Env {}
--- a/packages/bun-types/redis.d.ts
+++ b/packages/bun-types/redis.d.ts
@@ -574,6 +574,50 @@ declare module "bun" {
     */
    getex(key: RedisClient.KeyLike): Promise<string | null>;

+    /**
+     * Get the value of a key and set its expiration in seconds
+     * @param key The key to get
+     * @param ex Set the specified expire time, in seconds
+     * @param seconds The number of seconds until expiration
+     * @returns Promise that resolves with the value of the key, or null if the key doesn't exist
+     */
+    getex(key: RedisClient.KeyLike, ex: "EX", seconds: number): Promise<string | null>;
+
+    /**
+     * Get the value of a key and set its expiration in milliseconds
+     * @param key The key to get
+     * @param px Set the specified expire time, in milliseconds
+     * @param milliseconds The number of milliseconds until expiration
+     * @returns Promise that resolves with the value of the key, or null if the key doesn't exist
+     */
+    getex(key: RedisClient.KeyLike, px: "PX", milliseconds: number): Promise<string | null>;
+
+    /**
+     * Get the value of a key and set its expiration at a specific Unix timestamp in seconds
+     * @param key The key to get
+     * @param exat Set the specified Unix time at which the key will expire, in seconds
+     * @param timestampSeconds The Unix timestamp in seconds
+     * @returns Promise that resolves with the value of the key, or null if the key doesn't exist
+     */
+    getex(key: RedisClient.KeyLike, exat: "EXAT", timestampSeconds: number): Promise<string | null>;
+
+    /**
+     * Get the value of a key and set its expiration at a specific Unix timestamp in milliseconds
+     * @param key The key to get
+     * @param pxat Set the specified Unix time at which the key will expire, in milliseconds
+     * @param timestampMilliseconds The Unix timestamp in milliseconds
+     * @returns Promise that resolves with the value of the key, or null if the key doesn't exist
+     */
+    getex(key: RedisClient.KeyLike, pxat: "PXAT", timestampMilliseconds: number): Promise<string | null>;
+
+    /**
+     * Get the value of a key and remove its expiration
+     * @param key The key to get
+     * @param persist Remove the expiration from the key
+     * @returns Promise that resolves with the value of the key, or null if the key doesn't exist
+     */
+    getex(key: RedisClient.KeyLike, persist: "PERSIST"): Promise<string | null>;
+
    /**
     *  Ping the server
     *  @returns Promise that resolves with "PONG" if the server is reachable, or throws an error if the server is not reachable
--- a/packages/bun-types/security.d.ts
+++ b/packages/bun-types/security.d.ts
@@ -0,0 +1,101 @@
+declare module "bun" {
+  /**
+   * `bun install` security related declarations
+   */
+  export namespace Security {
+    export interface Package {
+      /**
+       * The name of the package
+       */
+      name: string;
+
+      /**
+       * The resolved version to be installed that matches the requested range.
+       *
+       * This is the exact version string, **not** a range.
+       */
+      version: string;
+
+      /**
+       * The URL of the tgz of this package that Bun will download
+       */
+      tarball: string;
+
+      /**
+       * The range that was requested by the command
+       *
+       * This could be a tag like `beta` or a semver range like `>=4.0.0`
+       */
+      requestedRange: string;
+    }
+
+    /**
+     * Advisory represents the result of a security scan result of a package
+     */
+    export interface Advisory {
+      /**
+       * Level represents the degree of danger for a security advisory
+       *
+       * Bun behaves differently depending on the values returned from the
+       * {@link Scanner.scan `scan()`} hook:
+       *
+       * > In any case, Bun *always* pretty prints *all* the advisories,
+       * > but...
+       * >
+       * > → if any **fatal**, Bun will immediately cancel the installation
+       * > and quit with a non-zero exit code
+       * >
+       * > → else if any **warn**, Bun will either ask the user if they'd like
+       * > to continue with the install if in a TTY environment, or
+       * > immediately exit if not.
+       */
+      level: "fatal" | "warn";
+
+      /**
+       * The name of the package attempting to be installed.
+       */
+      package: string;
+
+      /**
+       * If available, this is a url linking to a CVE or report online so
+       * users can learn more about the advisory.
+       */
+      url: string | null;
+
+      /**
+       * If available, this is a brief description of the advisory that Bun
+       * will print to the user.
+       */
+      description: string | null;
+    }
+
+    export interface Scanner {
+      /**
+       * This is the version of the scanner implementation. It may change in
+       * future versions, so we will use this version to discriminate between
+       * such versions. It's entirely possible this API changes in the future
+       * so much that version 1 would no longer be supported.
+       *
+       * The version is required because third-party scanner package versions
+       * are inherently unrelated to Bun versions
+       */
+      version: "1";
+
+      /**
+       * Perform an advisory check when a user ran `bun add <package>
+       * [...packages]` or other related/similar commands.
+       *
+       * If this function throws an error, Bun will immediately stop the
+       * install process and print the error to the user.
+       *
+       * @param info An object containing an array of packages to be added.
+       * The package array will contain all proposed dependencies, including
+       * transitive ones. More simply, that means it will include dependencies
+       * of the packages the user wants to add.
+       *
+       * @returns A list of advisories.
+       */
+      scan: (info: { packages: Package[] }) => Promise<Advisory[]>;
+    }
+  }
+}
--- a/packages/bun-types/sql.d.ts
+++ b/packages/bun-types/sql.d.ts
@@ -0,0 +1,809 @@
+import type * as BunSQLite from "bun:sqlite";
+
+declare module "bun" {
+  /**
+   * Represents a reserved connection from the connection pool Extends SQL with
+   * additional release functionality
+   */
+  interface ReservedSQL extends SQL, Disposable {
+    /**
+     * Releases the client back to the connection pool
+     */
+    release(): void;
+  }
+
+  /**
+   * Represents a client within a transaction context Extends SQL with savepoint
+   * functionality
+   */
+  interface TransactionSQL extends SQL {
+    /**
+     * Creates a savepoint within the current transaction
+     */
+    savepoint<T>(name: string, fn: SQL.SavepointContextCallback<T>): Promise<T>;
+    savepoint<T>(fn: SQL.SavepointContextCallback<T>): Promise<T>;
+
+    /**
+     * The reserve method pulls out a connection from the pool, and returns a
+     * client that wraps the single connection.
+     *
+     * Using reserve() inside of a transaction will return a brand new
+     * connection, not one related to the transaction. This matches the
+     * behaviour of the `postgres` package.
+     */
+    reserve(): Promise<ReservedSQL>;
+  }
+
+  namespace SQL {
+    class SQLError extends Error {
+      constructor(message: string);
+    }
+
+    class PostgresError extends SQLError {
+      public readonly code: string;
+      public readonly errno: string | undefined;
+      public readonly detail: string | undefined;
+      public readonly hint: string | undefined;
+      public readonly severity: string | undefined;
+      public readonly position: string | undefined;
+      public readonly internalPosition: string | undefined;
+      public readonly internalQuery: string | undefined;
+      public readonly where: string | undefined;
+      public readonly schema: string | undefined;
+      public readonly table: string | undefined;
+      public readonly column: string | undefined;
+      public readonly dataType: string | undefined;
+      public readonly constraint: string | undefined;
+      public readonly file: string | undefined;
+      public readonly line: string | undefined;
+      public readonly routine: string | undefined;
+
+      constructor(
+        message: string,
+        options: {
+          code: string;
+          errno?: string | undefined;
+          detail?: string;
+          hint?: string | undefined;
+          severity?: string | undefined;
+          position?: string | undefined;
+          internalPosition?: string;
+          internalQuery?: string;
+          where?: string | undefined;
+          schema?: string;
+          table?: string | undefined;
+          column?: string | undefined;
+          dataType?: string | undefined;
+          constraint?: string;
+          file?: string | undefined;
+          line?: string | undefined;
+          routine?: string | undefined;
+        },
+      );
+    }
+
+    class MySQLError extends SQLError {
+      public readonly code: string;
+      public readonly errno: number | undefined;
+      public readonly sqlState: string | undefined;
+      constructor(message: string, options: { code: string; errno: number | undefined; sqlState: string | undefined });
+    }
+
+    class SQLiteError extends SQLError {
+      public readonly code: string;
+      public readonly errno: number;
+      public readonly byteOffset?: number | undefined;
+
+      constructor(message: string, options: { code: string; errno: number; byteOffset?: number | undefined });
+    }
+
+    type AwaitPromisesArray<T extends Array<PromiseLike<any>>> = {
+      [K in keyof T]: Awaited<T[K]>;
+    };
+
+    type ContextCallbackResult<T> = T extends Array<PromiseLike<any>> ? AwaitPromisesArray<T> : Awaited<T>;
+    type ContextCallback<T, SQL> = (sql: SQL) => Bun.MaybePromise<T>;
+
+    interface SQLiteOptions extends BunSQLite.DatabaseOptions {
+      adapter?: "sqlite";
+
+      /**
+       * Specify the path to the database file
+       *
+       * Examples:
+       *
+       * - `sqlite://:memory:`
+       * - `sqlite://./path/to/database.db`
+       * - `sqlite:///Users/bun/projects/my-app/database.db`
+       * - `./dev.db`
+       * - `:memory:`
+       *
+       * @default ":memory:"
+       */
+      filename?: URL | ":memory:" | (string & {}) | undefined;
+
+      /**
+       * Callback executed when a connection attempt completes (SQLite)
+       * Receives an Error on failure, or null on success.
+       */
+      onconnect?: ((err: Error | null) => void) | undefined;
+
+      /**
+       * Callback executed when a connection is closed (SQLite)
+       * Receives the closing Error or null.
+       */
+      onclose?: ((err: Error | null) => void) | undefined;
+    }
+
+    interface PostgresOrMySQLOptions {
+      /**
+       * Connection URL (can be string or URL object)
+       */
+      url?: URL | string | undefined;
+
+      /**
+       * Database server hostname
+       * @default "localhost"
+       */
+      host?: string | undefined;
+
+      /**
+       * Database server hostname (alias for host)
+       * @deprecated Prefer {@link host}
+       * @default "localhost"
+       */
+      hostname?: string | undefined;
+
+      /**
+       * Database server port number
+       * @default 5432
+       */
+      port?: number | string | undefined;
+
+      /**
+       * Database user for authentication
+       * @default "postgres"
+       */
+      username?: string | undefined;
+
+      /**
+       * Database user for authentication (alias for username)
+       * @deprecated Prefer {@link username}
+       * @default "postgres"
+       */
+      user?: string | undefined;
+
+      /**
+       * Database password for authentication
+       * @default ""
+       */
+      password?: string | (() => MaybePromise<string>) | undefined;
+
+      /**
+       * Database password for authentication (alias for password)
+       * @deprecated Prefer {@link password}
+       * @default ""
+       */
+      pass?: string | (() => MaybePromise<string>) | undefined;
+
+      /**
+       * Name of the database to connect to
+       * @default The username value
+       */
+      database?: string | undefined;
+
+      /**
+       * Name of the database to connect to (alias for database)
+       * @deprecated Prefer {@link database}
+       * @default The username value
+       */
+      db?: string | undefined;
+
+      /**
+       * Database adapter/driver to use
+       * @default "postgres"
+       */
+      adapter?: "postgres" | "mysql" | "mariadb";
+
+      /**
+       * Maximum time in seconds to wait for connection to become available
+       * @default 0 (no timeout)
+       */
+      idleTimeout?: number | undefined;
+
+      /**
+       * Maximum time in seconds to wait for connection to become available (alias for idleTimeout)
+       * @deprecated Prefer {@link idleTimeout}
+       * @default 0 (no timeout)
+       */
+      idle_timeout?: number | undefined;
+
+      /**
+       * Maximum time in seconds to wait when establishing a connection
+       * @default 30
+       */
+      connectionTimeout?: number | undefined;
+
+      /**
+       * Maximum time in seconds to wait when establishing a connection (alias for connectionTimeout)
+       * @deprecated Prefer {@link connectionTimeout}
+       * @default 30
+       */
+      connection_timeout?: number | undefined;
+
+      /**
+       * Maximum time in seconds to wait when establishing a connection (alias
+       * for connectionTimeout)
+       * @deprecated Prefer {@link connectionTimeout}
+       * @default 30
+       */
+      connectTimeout?: number | undefined;
+
+      /**
+       * Maximum time in seconds to wait when establishing a connection (alias
+       * for connectionTimeout)
+       * @deprecated Prefer {@link connectionTimeout}
+       * @default 30
+       */
+      connect_timeout?: number | undefined;
+
+      /**
+       * Maximum lifetime in seconds of a connection
+       * @default 0 (no maximum lifetime)
+       */
+      maxLifetime?: number | undefined;
+
+      /**
+       * Maximum lifetime in seconds of a connection (alias for maxLifetime)
+       * @deprecated Prefer {@link maxLifetime}
+       * @default 0 (no maximum lifetime)
+       */
+      max_lifetime?: number | undefined;
+
+      /**
+       * Whether to use TLS/SSL for the connection
+       * @default false
+       */
+      tls?: TLSOptions | boolean | undefined;
+
+      /**
+       * Whether to use TLS/SSL for the connection (alias for tls)
+       * @default false
+       */
+      ssl?: TLSOptions | boolean | undefined;
+
+      /**
+       * Unix domain socket path for connection
+       * @default undefined
+       */
+      path?: string | undefined;
+
+      /**
+       * Callback executed when a connection attempt completes
+       * Receives an Error on failure, or null on success.
+       */
+      onconnect?: ((err: Error | null) => void) | undefined;
+
+      /**
+       * Callback executed when a connection is closed
+       * Receives the closing Error or null.
+       */
+      onclose?: ((err: Error | null) => void) | undefined;
+
+      /**
+       * Postgres client runtime configuration options
+       *
+       * @see https://www.postgresql.org/docs/current/runtime-config-client.html
+       */
+      connection?: Record<string, string | boolean | number> | undefined;
+
+      /**
+       * Maximum number of connections in the pool
+       * @default 10
+       */
+      max?: number | undefined;
+
+      /**
+       * By default values outside i32 range are returned as strings. If this is
+       * true, values outside i32 range are returned as BigInts.
+       * @default false
+       */
+      bigint?: boolean | undefined;
+
+      /**
+       * Automatic creation of prepared statements
+       * @default true
+       */
+      prepare?: boolean | undefined;
+    }
+
+    /**
+     * Configuration options for SQL client connection and behavior
+     *
+     * @example
+     * ```ts
+     * const config: Bun.SQL.Options = {
+     *   host: 'localhost',
+     *   port: 5432,
+     *   user: 'dbuser',
+     *   password: 'secretpass',
+     *   database: 'myapp',
+     *   idleTimeout: 30,
+     *   max: 20,
+     *   onconnect: (client) => {
+     *     console.log('Connected to database');
+     *   }
+     * };
+     * ```
+     */
+    type Options = SQLiteOptions | PostgresOrMySQLOptions;
+
+    /**
+     * Represents a SQL query that can be executed, with additional control
+     * methods Extends Promise to allow for async/await usage
+     */
+    interface Query<T> extends Promise<T> {
+      /**
+       * Indicates if the query is currently executing
+       */
+      active: boolean;
+
+      /**
+       * Indicates if the query has been cancelled
+       */
+      cancelled: boolean;
+
+      /**
+       * Cancels the executing query
+       */
+      cancel(): Query<T>;
+
+      /**
+       * Executes the query as a simple query, no parameters are allowed but can
+       * execute multiple commands separated by semicolons
+       */
+      simple(): Query<T>;
+
+      /**
+       * Executes the query
+       */
+      execute(): Query<T>;
+
+      /**
+       * Returns the raw query result
+       */
+      raw(): Query<T>;
+
+      /**
+       * Returns only the values from the query result
+       */
+      values(): Query<T>;
+    }
+
+    /**
+     * Callback function type for transaction contexts
+     * @param sql Function to execute SQL queries within the transaction
+     */
+    type TransactionContextCallback<T> = ContextCallback<T, TransactionSQL>;
+
+    /**
+     * Callback function type for savepoint contexts
+     * @param sql Function to execute SQL queries within the savepoint
+     */
+    type SavepointContextCallback<T> = ContextCallback<T, SavepointSQL>;
+
+    /**
+     * SQL.Helper represents a parameter or serializable
+     * value inside of a query.
+     *
+     * @example
+     * ```ts
+     * const helper = sql(users, 'id');
+     * await sql`insert into users ${helper}`;
+     * ```
+     */
+    interface Helper<T> {
+      readonly value: T[];
+      readonly columns: (keyof T)[];
+    }
+  }
+
+  interface SQL extends AsyncDisposable {
+    /**
+     * Executes a SQL query using template literals
+     * @example
+     * ```ts
+     * const [user] = await sql<Users[]>`select * from users where id = ${1}`;
+     * ```
+     */
+    <T = any>(strings: TemplateStringsArray, ...values: unknown[]): SQL.Query<T>;
+
+    /**
+     * Execute a SQL query using a string
+     *
+     * @example
+     * ```ts
+     * const users = await sql<User[]>`SELECT * FROM users WHERE id = ${1}`;
+     * ```
+     */
+    <T = any>(string: string): SQL.Query<T>;
+
+    /**
+     * Helper function for inserting an object into a query
+     *
+     * @example
+     * ```ts
+     * // Insert an object
+     * const result = await sql`insert into users ${sql(users)} returning *`;
+     *
+     * // Or pick specific columns
+     * const result = await sql`insert into users ${sql(users, "id", "name")} returning *`;
+     *
+     * // Or a single object
+     * const result = await sql`insert into users ${sql(user)} returning *`;
+     * ```
+     */
+    <T extends { [Key in PropertyKey]: unknown }>(obj: T | T[] | readonly T[]): SQL.Helper<T>; // Contributor note: This is the same as the signature below with the exception of the columns and the Pick<T, Keys>
+
+    /**
+     * Helper function for inserting an object into a query, supporting specific columns
+     *
+     * @example
+     * ```ts
+     * // Insert an object
+     * const result = await sql`insert into users ${sql(users)} returning *`;
+     *
+     * // Or pick specific columns
+     * const result = await sql`insert into users ${sql(users, "id", "name")} returning *`;
+     *
+     * // Or a single object
+     * const result = await sql`insert into users ${sql(user)} returning *`;
+     * ```
+     */
+    <T extends { [Key in PropertyKey]: unknown }, Keys extends keyof T = keyof T>(
+      obj: T | T[] | readonly T[],
+      ...columns: readonly Keys[]
+    ): SQL.Helper<Pick<T, Keys>>; // Contributor note: This is the same as the signature above with the exception of this signature tracking keys
+
+    /**
+     * Helper function for inserting any serializable value into a query
+     *
+     * @example
+     * ```ts
+     * const result = await sql`SELECT * FROM users WHERE id IN ${sql([1, 2, 3])}`;
+     * ```
+     */
+    <T>(value: T): SQL.Helper<T>;
+  }
+
+  /**
+   * Main SQL client interface providing connection and transaction management
+   */
+  class SQL {
+    /**
+     * Creates a new SQL client instance
+     *
+     * @param connectionString - The connection string for the SQL client
+     *
+     * @example
+     * ```ts
+     * const sql = new SQL("postgres://localhost:5432/mydb");
+     * const sql = new SQL(new URL("postgres://localhost:5432/mydb"));
+     * ```
+     */
+    constructor(connectionString: string | URL);
+
+    /**
+     * Creates a new SQL client instance with options
+     *
+     * @param connectionString - The connection string for the SQL client
+     * @param options - The options for the SQL client
+     *
+     * @example
+     * ```ts
+     * const sql = new SQL("postgres://localhost:5432/mydb", { idleTimeout: 1000 });
+     * ```
+     */
+    constructor(
+      connectionString: string | URL,
+      options: Bun.__internal.DistributedOmit<SQL.Options, "url" | "filename">,
+    );
+
+    /**
+     * Creates a new SQL client instance with options
+     *
+     * @param options - The options for the SQL client
+     *
+     * @example
+     * ```ts
+     * const sql = new SQL({ url: "postgres://localhost:5432/mydb", idleTimeout: 1000 });
+     * ```
+     */
+    constructor(options?: SQL.Options);
+
+    /**
+     * Current client options
+     */
+    options: Bun.__internal.DistributedMerge<SQL.Options>;
+
+    /**
+     * Commits a distributed transaction also know as prepared transaction in postgres or XA transaction in MySQL
+     *
+     * @param name - The name of the distributed transaction
+     *
+     * @throws {Error} If the adapter does not support distributed transactions (e.g., SQLite)
+     *
+     * @example
+     * ```ts
+     * await sql.commitDistributed("my_distributed_transaction");
+     * ```
+     */
+    commitDistributed(name: string): Promise<void>;
+
+    /**
+     * Rolls back a distributed transaction also know as prepared transaction in postgres or XA transaction in MySQL
+     *
+     * @param name - The name of the distributed transaction
+     *
+     * @throws {Error} If the adapter does not support distributed transactions (e.g., SQLite)
+     *
+     * @example
+     * ```ts
+     * await sql.rollbackDistributed("my_distributed_transaction");
+     * ```
+     */
+    rollbackDistributed(name: string): Promise<void>;
+
+    /** Waits for the database connection to be established
+     *
+     * @example
+     * ```ts
+     * await sql.connect();
+     * ```
+     */
+    connect(): Promise<SQL>;
+
+    /**
+     * Closes the database connection with optional timeout in seconds. If timeout is 0, it will close immediately, if is not provided it will wait for all queries to finish before closing.
+     *
+     * @param options - The options for the close
+     *
+     * @example
+     * ```ts
+     * await sql.close({ timeout: 1 });
+     * ```
+     */
+    close(options?: { timeout?: number }): Promise<void>;
+
+    /**
+     * Closes the database connection with optional timeout in seconds. If timeout is 0, it will close immediately, if is not provided it will wait for all queries to finish before closing.
+     * This is an alias of {@link SQL.close}
+     *
+     * @param options - The options for the close
+     *
+     * @example
+     * ```ts
+     * await sql.end({ timeout: 1 });
+     * ```
+     */
+    end(options?: { timeout?: number }): Promise<void>;
+
+    /**
+     * Flushes any pending operations
+     *
+     * @throws {Error} If the adapter does not support flushing (e.g., SQLite)
+     *
+     * @example
+     * ```ts
+     * sql.flush();
+     * ```
+     */
+    flush(): void;
+
+    /**
+     * The reserve method pulls out a connection from the pool, and returns a client that wraps the single connection.
+     *
+     * This can be used for running queries on an isolated connection.
+     * Calling reserve in a reserved Sql will return a new reserved connection,  not the same connection (behavior matches postgres package).
+     *
+     * @throws {Error} If the adapter does not support connection pooling (e.g., SQLite)s
+     *
+     * @example
+     * ```ts
+     * const reserved = await sql.reserve();
+     * await reserved`select * from users`;
+     * await reserved.release();
+     * // with in a production scenario would be something more like
+     * const reserved = await sql.reserve();
+     * try {
+     *   // ... queries
+     * } finally {
+     *   await reserved.release();
+     * }
+     *
+     * // Bun supports Symbol.dispose and Symbol.asyncDispose
+     * // always release after context (safer)
+     * using reserved = await sql.reserve()
+     * await reserved`select * from users`
+     * ```
+     */
+    reserve(): Promise<ReservedSQL>;
+
+    /**
+     * Begins a new transaction.
+     *
+     * Will reserve a connection for the transaction and supply a scoped sql instance for all transaction uses in the callback function. sql.begin will resolve with the returned value from the callback function.
+     * BEGIN is automatically sent with the optional options, and if anything fails ROLLBACK will be called so the connection can be released and execution can continue.
+     * @example
+     * const [user, account] = await sql.begin(async sql => {
+     *   const [user] = await sql`
+     *     insert into users (
+     *       name
+     *     ) values (
+     *       'Murray'
+     *     )
+     *     returning *
+     *   `
+     *   const [account] = await sql`
+     *     insert into accounts (
+     *       user_id
+     *     ) values (
+     *       ${ user.user_id }
+     *     )
+     *     returning *
+     *   `
+     *   return [user, account]
+     * })
+     */
+    begin<const T>(fn: SQL.TransactionContextCallback<T>): Promise<SQL.ContextCallbackResult<T>>;
+
+    /**
+     * Begins a new transaction with options.
+     *
+     * Will reserve a connection for the transaction and supply a scoped sql instance for all transaction uses in the callback function. sql.begin will resolve with the returned value from the callback function.
+     * BEGIN is automatically sent with the optional options, and if anything fails ROLLBACK will be called so the connection can be released and execution can continue.
+     * @example
+     * const [user, account] = await sql.begin("read write", async sql => {
+     *   const [user] = await sql`
+     *     insert into users (
+     *       name
+     *     ) values (
+     *       'Murray'
+     *     )
+     *     returning *
+     *   `
+     *   const [account] = await sql`
+     *     insert into accounts (
+     *       user_id
+     *     ) values (
+     *       ${ user.user_id }
+     *     )
+     *     returning *
+     *   `
+     *   return [user, account]
+     * })
+     */
+    begin<const T>(options: string, fn: SQL.TransactionContextCallback<T>): Promise<SQL.ContextCallbackResult<T>>;
+
+    /**
+     * Alternative method to begin a transaction.
+     *
+     * Will reserve a connection for the transaction and supply a scoped sql instance for all transaction uses in the callback function. sql.transaction will resolve with the returned value from the callback function.
+     * BEGIN is automatically sent with the optional options, and if anything fails ROLLBACK will be called so the connection can be released and execution can continue.
+     * @alias begin
+     * @example
+     * const [user, account] = await sql.transaction(async sql => {
+     *   const [user] = await sql`
+     *     insert into users (
+     *       name
+     *     ) values (
+     *       'Murray'
+     *     )
+     *     returning *
+     *   `
+     *   const [account] = await sql`
+     *     insert into accounts (
+     *       user_id
+     *     ) values (
+     *       ${ user.user_id }
+     *     )
+     *     returning *
+     *   `
+     *   return [user, account]
+     * })
+     */
+    transaction<const T>(fn: SQL.TransactionContextCallback<T>): Promise<SQL.ContextCallbackResult<T>>;
+
+    /**
+     * Alternative method to begin a transaction with options
+     * Will reserve a connection for the transaction and supply a scoped sql instance for all transaction uses in the callback function. sql.transaction will resolve with the returned value from the callback function.
+     * BEGIN is automatically sent with the optional options, and if anything fails ROLLBACK will be called so the connection can be released and execution can continue.
+     *
+     * @alias {@link begin}
+     *
+     * @example
+     * const [user, account] = await sql.transaction("read write", async sql => {
+     *   const [user] = await sql`
+     *     insert into users (
+     *       name
+     *     ) values (
+     *       'Murray'
+     *     )
+     *     returning *
+     *   `
+     *   const [account] = await sql`
+     *     insert into accounts (
+     *       user_id
+     *     ) values (
+     *       ${ user.user_id }
+     *     )
+     *     returning *
+     *   `
+     *   return [user, account]
+     * });
+     */
+    transaction<const T>(options: string, fn: SQL.TransactionContextCallback<T>): Promise<SQL.ContextCallbackResult<T>>;
+
+    /**
+     * Begins a distributed transaction
+     * Also know as Two-Phase Commit, in a distributed transaction, Phase 1 involves the coordinator preparing nodes by ensuring data is written and ready to commit, while Phase 2 finalizes with nodes committing or rolling back based on the coordinator's decision, ensuring durability and releasing locks.
+     * In PostgreSQL and MySQL distributed transactions persist beyond the original session, allowing privileged users or coordinators to commit/rollback them, ensuring support for distributed transactions, recovery, and administrative tasks.
+     * beginDistributed will automatic rollback if any exception are not caught, and you can commit and rollback later if everything goes well.
+     * PostgreSQL natively supports distributed transactions using PREPARE TRANSACTION, while MySQL uses XA Transactions, and MSSQL also supports distributed/XA transactions. However, in MSSQL, distributed transactions are tied to the original session, the DTC coordinator, and the specific connection.
+     * These transactions are automatically committed or rolled back following the same rules as regular transactions, with no option for manual intervention from other sessions, in MSSQL distributed transactions are used to coordinate transactions using Linked Servers.
+     *
+     * @throws {Error} If the adapter does not support distributed transactions (e.g., SQLite)
+     *
+     * @example
+     * await sql.beginDistributed("numbers", async sql => {
+     *   await sql`create table if not exists numbers (a int)`;
+     *   await sql`insert into numbers values(1)`;
+     * });
+     * // later you can call
+     * await sql.commitDistributed("numbers");
+     * // or await sql.rollbackDistributed("numbers");
+     */
+    beginDistributed<const T>(
+      name: string,
+      fn: SQL.TransactionContextCallback<T>,
+    ): Promise<SQL.ContextCallbackResult<T>>;
+
+    /** Alternative method to begin a distributed transaction
+     * @alias {@link beginDistributed}
+     */
+    distributed<const T>(name: string, fn: SQL.TransactionContextCallback<T>): Promise<SQL.ContextCallbackResult<T>>;
+
+    /**If you know what you're doing, you can use unsafe to pass any string you'd like.
+     * Please note that this can lead to SQL injection if you're not careful.
+     * You can also nest sql.unsafe within a safe sql expression. This is useful if only part of your fraction has unsafe elements.
+     * @example
+     * const result = await sql.unsafe(`select ${danger} from users where id = ${dragons}`)
+     */
+    unsafe<T = any>(string: string, values?: any[]): SQL.Query<T>;
+
+    /**
+     * Reads a file and uses the contents as a query.
+     * Optional parameters can be used if the file includes $1, $2, etc
+     * @example
+     * const result = await sql.file("query.sql", [1, 2, 3]);
+     */
+    file<T = any>(filename: string, values?: any[]): SQL.Query<T>;
+  }
+
+  /**
+   * SQL client
+   */
+  const sql: SQL;
+
+  /**
+   * SQL client for PostgreSQL
+   *
+   * @deprecated Prefer {@link Bun.sql}
+   */
+  const postgres: SQL;
+
+  /**
+   * Represents a savepoint within a transaction
+   */
+  interface SavepointSQL extends SQL {}
+}
--- a/packages/bun-types/sqlite.d.ts
+++ b/packages/bun-types/sqlite.d.ts
@@ -24,6 +24,66 @@
 * | `null`          | `NULL`                 |
 */
 declare module "bun:sqlite" {
+  /**
+   * Options for {@link Database}
+   */
+  export interface DatabaseOptions {
+    /**
+     * Open the database as read-only (no write operations, no create).
+     *
+     * Equivalent to {@link constants.SQLITE_OPEN_READONLY}
+     */
+    readonly?: boolean;
+
+    /**
+     * Allow creating a new database
+     *
+     * Equivalent to {@link constants.SQLITE_OPEN_CREATE}
+     */
+    create?: boolean;
+
+    /**
+     * Open the database as read-write
+     *
+     * Equivalent to {@link constants.SQLITE_OPEN_READWRITE}
+     */
+    readwrite?: boolean;
+
+    /**
+     * When set to `true`, integers are returned as `bigint` types.
+     *
+     * When set to `false`, integers are returned as `number` types and truncated to 52 bits.
+     *
+     * @default false
+     * @since v1.1.14
+     */
+    safeIntegers?: boolean;
+
+    /**
+     * When set to `false` or `undefined`:
+     * - Queries missing bound parameters will NOT throw an error
+     * - Bound named parameters in JavaScript need to exactly match the SQL query.
+     *
+     * @example
+     * ```ts
+     * const db = new Database(":memory:", { strict: false });
+     * db.run("INSERT INTO foo (name) VALUES ($name)", { $name: "foo" });
+     * ```
+     *
+     * When set to `true`:
+     * - Queries missing bound parameters will throw an error
+     * - Bound named parameters in JavaScript no longer need to be `$`, `:`, or `@`. The SQL query will remain prefixed.
+     *
+     * @example
+     * ```ts
+     * const db = new Database(":memory:", { strict: true });
+     * db.run("INSERT INTO foo (name) VALUES ($name)", { name: "foo" });
+     * ```
+     * @since v1.1.14
+     */
+    strict?: boolean;
+  }
+
  /**
   * A SQLite3 database
   *
@@ -53,8 +113,6 @@ declare module "bun:sqlite" {
   * ```ts
   * const db = new Database("mydb.sqlite", {readonly: true});
   * ```
-   *
-   * @category Database
   */
  export class Database implements Disposable {
    /**
@@ -63,96 +121,19 @@ declare module "bun:sqlite" {
     * @param filename The filename of the database to open. Pass an empty string (`""`) or `":memory:"` or undefined for an in-memory database.
     * @param options defaults to `{readwrite: true, create: true}`. If a number, then it's treated as `SQLITE_OPEN_*` constant flags.
     */
-    constructor(
-      filename?: string,
-      options?:
-        | number
-        | {
-            /**
-             * Open the database as read-only (no write operations, no create).
-             *
-             * Equivalent to {@link constants.SQLITE_OPEN_READONLY}
-             */
-            readonly?: boolean;
-            /**
-             * Allow creating a new database
-             *
-             * Equivalent to {@link constants.SQLITE_OPEN_CREATE}
-             */
-            create?: boolean;
-            /**
-             * Open the database as read-write
-             *
-             * Equivalent to {@link constants.SQLITE_OPEN_READWRITE}
-             */
-            readwrite?: boolean;
-
-            /**
-             * When set to `true`, integers are returned as `bigint` types.
-             *
-             * When set to `false`, integers are returned as `number` types and truncated to 52 bits.
-             *
-             * @default false
-             * @since v1.1.14
-             */
-            safeIntegers?: boolean;
-
-            /**
-             * When set to `false` or `undefined`:
-             * - Queries missing bound parameters will NOT throw an error
-             * - Bound named parameters in JavaScript need to exactly match the SQL query.
-             *
-             * @example
-             * ```ts
-             * const db = new Database(":memory:", { strict: false });
-             * db.run("INSERT INTO foo (name) VALUES ($name)", { $name: "foo" });
-             * ```
-             *
-             * When set to `true`:
-             * - Queries missing bound parameters will throw an error
-             * - Bound named parameters in JavaScript no longer need to be `$`, `:`, or `@`. The SQL query will remain prefixed.
-             *
-             * @example
-             * ```ts
-             * const db = new Database(":memory:", { strict: true });
-             * db.run("INSERT INTO foo (name) VALUES ($name)", { name: "foo" });
-             * ```
-             * @since v1.1.14
-             */
-            strict?: boolean;
-          },
-    );
+    constructor(filename?: string, options?: number | DatabaseOptions);

    /**
+     * Open or create a SQLite3 databases
+     *
+     * @param filename The filename of the database to open. Pass an empty string (`""`) or `":memory:"` or undefined for an in-memory database.
+     * @param options defaults to `{readwrite: true, create: true}`. If a number, then it's treated as `SQLITE_OPEN_*` constant flags.
+     *
     * This is an alias of `new Database()`
     *
     * See {@link Database}
     */
-    static open(
-      filename: string,
-      options?:
-        | number
-        | {
-            /**
-             * Open the database as read-only (no write operations, no create).
-             *
-             * Equivalent to {@link constants.SQLITE_OPEN_READONLY}
-             */
-            readonly?: boolean;
-            /**
-             * Allow creating a new database
-             *
-             * Equivalent to {@link constants.SQLITE_OPEN_CREATE}
-             */
-            create?: boolean;
-            /**
-             * Open the database as read-write
-             *
-             * Equivalent to {@link constants.SQLITE_OPEN_READWRITE}
-             */
-            readwrite?: boolean;
-          },
-    ): Database;
+    static open(filename: string, options?: number | DatabaseOptions): Database;

    /**
     * Execute a SQL query **without returning any results**.
@@ -203,8 +184,11 @@ declare module "bun:sqlite" {
     * @returns `Database` instance
     */
    run<ParamsType extends SQLQueryBindings[]>(sql: string, ...bindings: ParamsType[]): Changes;
+
    /**
     * This is an alias of {@link Database.run}
+     *
+     * @deprecated Prefer {@link Database.run}
     */
    exec<ParamsType extends SQLQueryBindings[]>(sql: string, ...bindings: ParamsType[]): Changes;

@@ -351,6 +335,16 @@ declare module "bun:sqlite" {
     */
    static setCustomSQLite(path: string): boolean;

+    /**
+     * Closes the database when using the async resource proposal
+     *
+     * @example
+     * ```
+     * using db = new Database("myapp.db");
+     * doSomethingWithDatabase(db);
+     * // Automatically closed when `db` goes out of scope
+     * ```
+     */
    [Symbol.dispose](): void;

    /**
@@ -744,6 +738,30 @@ declare module "bun:sqlite" {
     */
    values(...params: ParamsType): Array<Array<string | bigint | number | boolean | Uint8Array>>;

+    /**
+     * Execute the prepared statement and return all results as arrays of
+     * `Uint8Array`s.
+     *
+     * This is similar to `values()` but returns all values as Uint8Array
+     * objects, regardless of their original SQLite type.
+     *
+     * @param params optional values to bind to the statement. If omitted, the
+     * statement is run with the last bound values or no parameters if there are
+     * none.
+     *
+     * @example
+     * ```ts
+     * const stmt = db.prepare("SELECT * FROM foo WHERE bar = ?");
+     *
+     * stmt.raw("baz");
+     * // => [[Uint8Array(24)]]
+     *
+     * stmt.raw();
+     * // => [[Uint8Array(24)]]
+     * ```
+     */
+    raw(...params: ParamsType): Array<Array<Uint8Array | null>>;
+
    /**
     * The names of the columns returned by the prepared statement.
     * @example
--- a/packages/bun-types/test.d.ts
+++ b/packages/bun-types/test.d.ts
@@ -56,6 +56,11 @@ declare module "bun:test" {
     * Restore the previous value of mocks.
     */
    restore(): void;
+
+    /**
+     * Reset all mock function state (calls, results, etc.) without restoring their original implementation.
+     */
+    clearAllMocks(): void;
  };

  /**
--- a/packages/bun-usockets/certdata.txt
+++ b/packages/bun-usockets/certdata.txt
--- a/packages/bun-usockets/src/context.c
+++ b/packages/bun-usockets/src/context.c
@@ -130,6 +130,7 @@ void us_internal_socket_context_unlink_socket(int ssl, struct us_socket_context_
            next->prev = prev;
        }
    }
+    us_internal_disable_sweep_timer(context->loop);
    us_socket_context_unref(ssl, context);
 }
 void us_internal_socket_context_unlink_connecting_socket(int ssl, struct us_socket_context_t *context, struct us_connecting_socket_t *c) {
@@ -147,6 +148,7 @@ void us_internal_socket_context_unlink_connecting_socket(int ssl, struct us_sock
            next->prev_pending = prev;
        }
    }
+    us_internal_disable_sweep_timer(context->loop);
    us_socket_context_unref(ssl, context);
 }

@@ -172,6 +174,7 @@ void us_internal_socket_context_link_connecting_socket(int ssl, struct us_socket
    }
    context->head_connecting_sockets = c;
    us_socket_context_ref(ssl, context);
+    us_internal_enable_sweep_timer(context->loop);
 }


@@ -185,6 +188,7 @@ void us_internal_socket_context_link_socket(struct us_socket_context_t *context,
    }
    context->head_sockets = s;
    us_socket_context_ref(0, context);
+    us_internal_enable_sweep_timer(context->loop);
 }

 struct us_loop_t *us_socket_context_loop(int ssl, struct us_socket_context_t *context) {
--- a/packages/bun-usockets/src/crypto/default_ciphers.h
+++ b/packages/bun-usockets/src/crypto/default_ciphers.h
@@ -0,0 +1,58 @@
+// TLSv1.3 suites start with TLS_, and are the OpenSSL defaults, see:
+//   https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_ciphersuites.html
+#ifndef DEFAULT_CIPHER_LIST
+#define DEFAULT_CIPHER_LIST \
+                                 "ECDHE-RSA-AES128-GCM-SHA256:"     \
+                                 "ECDHE-ECDSA-AES128-GCM-SHA256:"   \
+                                 "ECDHE-RSA-AES256-GCM-SHA384:"     \
+                                 "ECDHE-ECDSA-AES256-GCM-SHA384:"   \
+                                 "ECDHE-RSA-AES128-SHA256:"         \
+                                 "ECDHE-RSA-AES256-SHA384:"         \
+                                 "HIGH:"                            \
+                                 "!aNULL:"                          \
+                                 "!eNULL:"                          \
+                                 "!EXPORT:"                         \
+                                 "!DES:"                            \
+                                 "!RC4:"                            \
+                                 "!MD5:"                            \
+                                 "!PSK:"                            \
+                                 "!SRP:"                            \
+                                 "!CAMELLIA"
+#endif
+
+// BoringSSL does not support legacy DHE ciphers and dont support SSL_CTX_set_cipher_list (see https://github.com/envoyproxy/envoy/issues/8848#issuecomment-548672667)
+// Node.js full list bellow
+
+// In node.js they filter TLS_* ciphers and use SSL_CTX_set_cipher_list (TODO: Electron has a patch https://github.com/nodejs/node/issues/25890)
+// if passed to SSL_CTX_set_cipher_list it will be filtered out and not used in BoringSSL
+// "TLS_AES_256_GCM_SHA384:"          \
+// "TLS_CHACHA20_POLY1305_SHA256:"    \
+// "TLS_AES_128_GCM_SHA256:"          \
+
+// Supported by BoringSSL:
+// "ECDHE-RSA-AES128-GCM-SHA256:"     \
+// "ECDHE-ECDSA-AES128-GCM-SHA256:"   \
+// "ECDHE-RSA-AES256-GCM-SHA384:"     \
+// "ECDHE-ECDSA-AES256-GCM-SHA384:"   \
+// "ECDHE-RSA-AES128-SHA256:"         \
+// "ECDHE-RSA-AES256-SHA384:"         \
+
+// Not supported by BoringSSL:
+// "ECDHE-RSA-AES256-SHA256:"         \
+// "DHE-RSA-AES128-GCM-SHA256:"       \
+// "DHE-RSA-AES128-SHA256:"           \
+// "DHE-RSA-AES256-SHA384:"           \
+// "DHE-RSA-AES256-SHA256:"           \
+
+
+// Also present in Node.js and supported by BoringSSL:
+// "HIGH:"                            \
+// "!aNULL:"                          \
+// "!eNULL:"                          \
+// "!EXPORT:"                         \
+// "!DES:"                            \
+// "!RC4:"                            \
+// "!MD5:"                            \
+// "!PSK:"                            \
+// "!SRP:"                            \
+// "!CAMELLIA"
--- a/packages/bun-usockets/src/crypto/openssl.c
+++ b/packages/bun-usockets/src/crypto/openssl.c
@@ -45,7 +45,7 @@ void *sni_find(void *sni, const char *hostname);
 #endif

 #include "./root_certs_header.h"
-
+#include "./default_ciphers.h"
 struct loop_ssl_data {
  char *ssl_read_input, *ssl_read_output;
  unsigned int ssl_read_input_length;
@@ -346,6 +346,7 @@ us_internal_ssl_socket_close(struct us_internal_ssl_socket_t *s, int code,

  // check if we are already closed
  if (us_internal_ssl_socket_is_closed(s)) return s;
+  us_internal_set_loop_ssl_data(s);
  us_internal_update_handshake(s);

  if (s->handshake_state != HANDSHAKE_COMPLETED) {
@@ -848,21 +849,24 @@ create_ssl_context_from_options(struct us_socket_context_options_t options) {
      return NULL;
    }

-    /* OWASP Cipher String 'A+'
-     * (https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet) */
-    if (SSL_CTX_set_cipher_list(
-            ssl_context,
-            "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-"
-            "AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256") != 1) {
+    if (!SSL_CTX_set_cipher_list(ssl_context, DEFAULT_CIPHER_LIST)) {
      free_ssl_context(ssl_context);
      return NULL;
    }
  }

  if (options.ssl_ciphers) {
-    if (SSL_CTX_set_cipher_list(ssl_context, options.ssl_ciphers) != 1) {
-      free_ssl_context(ssl_context);
-      return NULL;
+    if (!SSL_CTX_set_cipher_list(ssl_context, options.ssl_ciphers)) {
+      unsigned long ssl_err = ERR_get_error(); 
+      if (!(strlen(options.ssl_ciphers) == 0 && ERR_GET_REASON(ssl_err) == SSL_R_NO_CIPHER_MATCH)) {
+        // TLS1.2 ciphers were deliberately cleared, so don't consider
+        // SSL_R_NO_CIPHER_MATCH to be an error (this is how _set_cipher_suites()
+        // works). If the user actually sets a value (like "no-such-cipher"), then
+        // that's actually an error.
+        free_ssl_context(ssl_context);
+        return NULL;
+      }
+      ERR_clear_error();
    }
  }

@@ -1288,21 +1292,27 @@ SSL_CTX *create_ssl_context_from_bun_options(
      return NULL;
    }

-    /* OWASP Cipher String 'A+'
-     * (https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet) */
-    if (SSL_CTX_set_cipher_list(
-            ssl_context,
-            "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-"
-            "AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256") != 1) {
+    if (!SSL_CTX_set_cipher_list(ssl_context, DEFAULT_CIPHER_LIST)) {
      free_ssl_context(ssl_context);
      return NULL;
    }
  }

  if (options.ssl_ciphers) {
-    if (SSL_CTX_set_cipher_list(ssl_context, options.ssl_ciphers) != 1) {
-      free_ssl_context(ssl_context);
-      return NULL;
+    if (!SSL_CTX_set_cipher_list(ssl_context, options.ssl_ciphers)) {
+      unsigned long ssl_err = ERR_get_error(); 
+      if (!(strlen(options.ssl_ciphers) == 0 && ERR_GET_REASON(ssl_err) == SSL_R_NO_CIPHER_MATCH)) {
+        char error_msg[256];
+        ERR_error_string_n(ERR_peek_last_error(), error_msg, sizeof(error_msg));
+        // TLS1.2 ciphers were deliberately cleared, so don't consider
+        // SSL_R_NO_CIPHER_MATCH to be an error (this is how _set_cipher_suites()
+        // works). If the user actually sets a value (like "no-such-cipher"), then
+        // that's actually an error.
+        *err = CREATE_BUN_SOCKET_ERROR_INVALID_CIPHERS;  
+        free_ssl_context(ssl_context);
+        return NULL;
+      }
+      ERR_clear_error();
    }
  }

--- a/packages/bun-usockets/src/crypto/root_certs.cpp
+++ b/packages/bun-usockets/src/crypto/root_certs.cpp
@@ -5,6 +5,7 @@
 #include "./internal/internal.h"
 #include <atomic>
 #include <string.h>
+#include "./default_ciphers.h"
 static const int root_certs_size = sizeof(root_certs) / sizeof(root_certs[0]);

 extern "C" void BUN__warn__extra_ca_load_failed(const char* filename, const char* error_msg);
@@ -184,3 +185,6 @@ extern "C" X509_STORE *us_get_default_ca_store() {

  return store;
 }
+extern "C" const char *us_get_default_ciphers() {
+  return DEFAULT_CIPHER_LIST;
+}
--- a/packages/bun-usockets/src/crypto/root_certs.h
+++ b/packages/bun-usockets/src/crypto/root_certs.h
@@ -1,4 +1,4 @@
-// Maintaining the root certificates
+// Maintaining the root certificates 
 //
 // `src/crypto/root_certs.h` contains a compiled-in set of root certificates used as trust anchors
 // for TLS certificate validation.
@@ -23,76 +23,10 @@
 //    `src/crypto/root_certs.h`.
 //  * Using `git diff-files` to determine which certificate have been added and/or
 //    removed.
-//
+//  
 #include "libusockets.h"
 static struct us_cert_string_t root_certs[] = {

-/* GlobalSign Root CA */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMC\n"
-"QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNV\n"
-"BAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBa\n"
-"MFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdS\n"
-"b290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA\n"
-"A4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtI\n"
-"K+6NiY6arymAZavpxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCO\n"
-"XkNz8kHp1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n"
-"snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3\n"
-"dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DP\n"
-"AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRg\n"
-"e2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEA1nPnfE920I2/7LqivjTF\n"
-"KDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY7\n"
-"76BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9\n"
-"LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr\n"
-"+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
-"HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
-"-----END CERTIFICATE-----",.len=1258},
-
-/* Entrust.net Premium 2048 Secure Server CA */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVz\n"
-"dC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJl\n"
-"Zi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0\n"
-"ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4\n"
-"KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0\n"
-"Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVm\n"
-"LiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRl\n"
-"ZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp\n"
-"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtK\n"
-"TY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/EC\n"
-"DNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ\n"
-"/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzWnLLPKQP5L6RQstRIzgUyVYr9smRM\n"
-"DuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVC\n"
-"wQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/\n"
-"BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQAD\n"
-"ggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo\n"
-"U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6YfzX1XEC+b\n"
-"BAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKTJ1wD\n"
-"LW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e\n"
-"nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=\n"
-"-----END CERTIFICATE-----",.len=1501},
-
-/* Baltimore CyberTrust Root */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAG\n"
-"A1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1v\n"
-"cmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjEL\n"
-"MAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEi\n"
-"MCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD\n"
-"ggEPADCCAQoCggEBAKMEuyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2ygu\n"
-"zmKiYv60iNoS6zjrIZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo\n"
-"6vWrJYeKmpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\n"
-"XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3z\n"
-"yZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkC\n"
-"AwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB/wQIMAYB\n"
-"Af8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27\n"
-"TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukM\n"
-"JY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhS\n"
-"NzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67\n"
-"G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\n"
-"R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n"
-"-----END CERTIFICATE-----",.len=1258},
-
 /* Entrust Root Certification Authority */
 {.str="-----BEGIN CERTIFICATE-----\n"
 "MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAU\n"
@@ -119,30 +53,6 @@ static struct us_cert_string_t root_certs[] = {
 "j2A781q0tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8\n"
 "-----END CERTIFICATE-----",.len=1639},

-/* Comodo AAA Services root */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UE\n"
-"CAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21v\n"
-"ZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0\n"
-"MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdy\n"
-"ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENB\n"
-"IExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZI\n"
-"hvcNAQEBBQADggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686td\n"
-"UIoWMQuaBtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe\n"
-"3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8Ioa\n"
-"E+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULi\n"
-"mAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7S\n"
-"w4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYD\n"
-"VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDov\n"
-"L2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0\n"
-"dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG\n"
-"9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q\n"
-"GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLzRt0vxuBq\n"
-"w8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z8VlI\n"
-"MCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C\n"
-"12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==\n"
-"-----END CERTIFICATE-----",.len=1513},
-
 /* QuoVadis Root CA 2 */
 {.str="-----BEGIN CERTIFICATE-----\n"
 "MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNV\n"
@@ -211,78 +121,6 @@ static struct us_cert_string_t root_certs[] = {
 "zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=\n"
 "-----END CERTIFICATE-----",.len=2349},

-/* XRamp Global CA Root */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkG\n"
-"A1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJh\n"
-"bXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlm\n"
-"aWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjEL\n"
-"MAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMb\n"
-"WFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2Vy\n"
-"dGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY\n"
-"JB69FbS638eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP\n"
-"KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5df\n"
-"T2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3\n"
-"hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSP\n"
-"puIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJ\n"
-"KwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O\n"
-"BBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwu\n"
-"eHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcN\n"
-"AQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR\n"
-"vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxtqZ4Bfj8p\n"
-"zgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8nnxCb\n"
-"HIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz\n"
-"8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=\n"
-"-----END CERTIFICATE-----",.len=1509},
-
-/* Go Daddy Class 2 CA */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UE\n"
-"ChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAy\n"
-"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYy\n"
-"MFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjEx\n"
-"MC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAw\n"
-"DQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWiz\n"
-"V3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HF\n"
-"iH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi\n"
-"EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN\n"
-"f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44\n"
-"dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h/t2oatTj\n"
-"MIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTjoWekZTBjMQswCQYDVQQGEwJV\n"
-"UzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRk\n"
-"eSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJ\n"
-"KoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYX\n"
-"MP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P\n"
-"TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cN\n"
-"xA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9R\n"
-"aRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b\n"
-"vZ8=\n"
-"-----END CERTIFICATE-----",.len=1445},
-
-/* Starfield Class 2 CA */
-{.str="-----BEGIN CERTIFICATE-----\n"
-"MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UE\n"
-"ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENs\n"
-"YXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5\n"
-"MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2ll\n"
-"cywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRo\n"
-"b3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N\n"
-"78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMe\n"
-"j2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0\n"
-"X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4Umkhyn\n"
-"ArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W\n"
-"93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRb\n"
-"Vazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0fhvRbVazc1xDCDqmI56FspGowaDEL\n"
-"MAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAw\n"
-"BgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG\n"
-"A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1ep\n"
-"oXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D\n"
-"eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJlxy16paq8\n"
-"U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJDKVtH\n"
-"CN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3\n"
-"QBFGmh95DmK/D5fs4C8fF5Q=\n"
-"-----END CERTIFICATE-----",.len=1465},
-
 /* DigiCert Assured ID Root CA */
 {.str="-----BEGIN CERTIFICATE-----\n"
 "MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYD\n"
@@ -3625,6 +3463,52 @@ static struct us_cert_string_t root_certs[] = {
 "GJCy89UDyibK79XH4I9TjvAA46jtn/mtd+ArY0+ew+43u3gJhJ65bvspmZDogNOfJA==\n"
 "-----END CERTIFICATE-----",.len=2020},

+/* TrustAsia TLS ECC Root CA */
+{.str="-----BEGIN CERTIFICATE-----\n"
+"MIICMTCCAbegAwIBAgIUNnThTXxlE8msg1UloD5Sfi9QaMcwCgYIKoZIzj0EAwMwWDELMAkG\n"
+"A1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xIjAgBgNV\n"
+"BAMTGVRydXN0QXNpYSBUTFMgRUNDIFJvb3QgQ0EwHhcNMjQwNTE1MDU0MTU2WhcNNDQwNTE1\n"
+"MDU0MTU1WjBYMQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2ll\n"
+"cywgSW5jLjEiMCAGA1UEAxMZVHJ1c3RBc2lhIFRMUyBFQ0MgUm9vdCBDQTB2MBAGByqGSM49\n"
+"AgEGBSuBBAAiA2IABLh/pVs/AT598IhtrimY4ZtcU5nb9wj/1WrgjstEpvDBjL1P1M7UiFPo\n"
+"XlfXTr4sP/MSpwDpguMqWzJ8S5sUKZ74LYO1644xST0mYekdcouJtgq7nDM1D9rs3qlKH8kz\n"
+"saNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULIVTu7FDzTLqnqOH/qKYqKaT6RAw\n"
+"DgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMFRH18MtYYZI9HlaVQ01L18N9mds\n"
+"d0AaRuf4aFtOJx24mH1/k78ITcTaRTChD15KeAIxAKORh/IRM4PDwYqROkwrULG9IpRdNYlz\n"
+"g8WbGf60oenUoWa2AaU2+dhoYSi3dOGiMQ==\n"
+"-----END CERTIFICATE-----",.len=820},
+
+/* TrustAsia TLS RSA Root CA */
+{.str="-----BEGIN CERTIFICATE-----\n"
+"MIIFgDCCA2igAwIBAgIUHBjYz+VTPyI1RlNUJDxsR9FcSpwwDQYJKoZIhvcNAQEMBQAwWDEL\n"
+"MAkGA1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xIjAg\n"
+"BgNVBAMTGVRydXN0QXNpYSBUTFMgUlNBIFJvb3QgQ0EwHhcNMjQwNTE1MDU0MTU3WhcNNDQw\n"
+"NTE1MDU0MTU2WjBYMQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xv\n"
+"Z2llcywgSW5jLjEiMCAGA1UEAxMZVHJ1c3RBc2lhIFRMUyBSU0EgUm9vdCBDQTCCAiIwDQYJ\n"
+"KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMMWuBtqpERz5dZO9LnPWwvB0ZqB9WOwj0PBuwha\n"
+"GnrhB3YmH49pVr7+NmDQDIPNlOrnxS1cLwUWAp4KqC/lYCZUlviYQB2srp10Zy9U+5RjmOMm\n"
+"SoPGlbYJQ1DNDX3eRA5gEk9bNb2/mThtfWza4mhzH/kxpRkQcwUqwzIZheo0qt1CHjCNP561\n"
+"HmHVb70AcnKtEj+qpklz8oYVlQwQX1Fkzv93uMltrOXVmPGZLmzjyUT5tUMnCE32ft5Eebuy\n"
+"jBza00tsLtbDeLdM1aTk2tyKjg7/D8OmYCYozza/+lcK7Fs/6TAWe8TbxNRkoDD75f0dcZLd\n"
+"KY9BWN4ArTr9PXwaqLEX8E40eFgl1oUh63kd0Nyrz2I8sMeXi9bQn9P+PN7F4/w6g3CEIR0J\n"
+"wqH8uyghZVNgepBtljhb//HXeltt08lwSUq6HTrQUNoyIBnkiz/r1RYmNzz7dZ6wB3C4FGB3\n"
+"3PYPXFIKvF1tjVEK2sUYyJtt3LCDs3+jTnhMmCWr8n4uIF6CFabW2I+s5c0yhsj55NqJ4js+\n"
+"k8UTav/H9xj8Z7XvGCxUq0DTbE3txci3OE9kxJRMT6DNrqXGJyV1J23G2pyOsAWZ1SgRxSHU\n"
+"uPzHlqtKZFlhaxP8S8ySpg+kUb8OWJDZgoM5pl+z+m6Ss80zDoWo8SnTq1mt1tve1CuBAgMB\n"
+"AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLgHkXlcBvRG/XtZylomkadFK/hT\n"
+"MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQwFAAOCAgEAIZtqBSBdGBanEqT3Rz/Nyjuu\n"
+"jsCCztxIJXgXbODgcMTWltnZ9r96nBO7U5WS/8+S4PPFJzVXqDuiGev4iqME3mmL5Dw8veWv\n"
+"0BIb5Ylrc5tvJQJLkIKvQMKtuppgJFqBTQUYo+IzeXoLH5Pt7DlK9RME7I10nYEKqG/odv6L\n"
+"TytpEoYKNDbdgptvT+Bz3Ul/KD7JO6NXBNiT2Twp2xIQaOHEibgGIOcberyxk2GaGUARtWqF\n"
+"VwHxtlotJnMnlvm5P1vQiJ3koP26TpUJg3933FEFlJ0gcXax7PqJtZwuhfG5WyRasQmr2soa\n"
+"B82G39tp27RIGAAtvKLEiUUjpQ7hRGU+isFqMB3iYPg6qocJQrmBktwliJiJ8Xw18WLK7nn4\n"
+"GS/+X/jbh87qqA8MpugLoDzga5SYnH+tBuYc6kIQX+ImFTw3OffXvO645e8D7r0i+yiGNFjE\n"
+"Wn9hongPXvPKnbwbPKfILfanIhHKA9jnZwqKDss1jjQ52MjqjZ9k4DewbNfFj8GQYSbbJIwe\n"
+"SsCI3zWQzj8C9GRh3sfIB5XeMhg6j6JCQCTl1jNdfK7vsU1P1FeQNWrcrgSXSYk0ly4wBOeY\n"
+"99sLAZDBHwo/+ML+TvrbmnNzFrwFuHnYWa8G5z9nODmxfKuU4CkUpijy323imttUQ/hHWKNd\n"
+"dBWcwauwxzQ=\n"
+"-----END CERTIFICATE-----",.len=1964},
+
 /* D-TRUST EV Root CA 2 2023 */
 {.str="-----BEGIN CERTIFICATE-----\n"
 "MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBIMQswCQYD\n"
@@ -3655,4 +3539,35 @@ static struct us_cert_string_t root_certs[] = {
 "S5N5YHVpD/Aa1VP6IQzCP+k/HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAstNl7F6cTVg8uGF5cs\n"
 "bBNvh1qvSaYd2804BC5f4ko1Di1L+KIkBI3Y4WNeApI02phhXBxvWHZks/wCuPWdCg==\n"
 "-----END CERTIFICATE-----",.len=2020},
+
+/* SwissSign RSA TLS Root CA 2022 - 1 */
+{.str="-----BEGIN CERTIFICATE-----\n"
+"MIIFkzCCA3ugAwIBAgIUQ/oMX04bgBhE79G0TzUfRPSA7cswDQYJKoZIhvcNAQELBQAwUTEL\n"
+"MAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UEAxMiU3dpc3NTaWdu\n"
+"IFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2MDgxMTA4MjJaFw00NzA2MDgxMTA4\n"
+"MjJaMFExCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxKzApBgNVBAMTIlN3\n"
+"aXNzU2lnbiBSU0EgVExTIFJvb3QgQ0EgMjAyMiAtIDEwggIiMA0GCSqGSIb3DQEBAQUAA4IC\n"
+"DwAwggIKAoICAQDLKmjiC8NXvDVjvHClO/OMPE5Xlm7DTjak9gLKHqquuN6orx122ro10JFw\n"
+"B9+zBvKK8i5VUXu7LCTLf5ImgKO0lPaCoaTo+nUdWfMHamFk4saMla+ju45vVs9xzF6BYQ1t\n"
+"8qsCLqSX5XH8irCRIFucdFJtrhUnWXjyCcplDn/L9Ovn3KlMd/YrFgSVrpxxpT8q2kFC5zyE\n"
+"EPThPYxr4iuRR1VPuFa+Rd4iUU1OKNlfGUEGjw5NBuBwQCMBauTLE5tzrE0USJIt/m2n+Idr\n"
+"eXXhvhCxqohAWVTXz8TQm0SzOGlkjIHRI36qOTw7D59Ke4LKa2/KIj4x0LDQKhySio/YGZxH\n"
+"5D4MucLNvkEM+KRHBdvBFzA4OmnczcNpI/2aDwLOEGrOyvi5KaM2iYauC8BPY7kGWUleDsFp\n"
+"swrzd34unYyzJ5jSmY0lpx+Gs6ZUcDj8fV3oT4MM0ZPlEuRU2j7yrTrePjxF8CgPBrnh25d7\n"
+"mUWe3f6VWQQvdT/TromZhqwUtKiE+shdOxtYk8EXlFXIC+OCeYSf8wCENO7cMdWP8vpPlkwG\n"
+"qnj73mSiI80fPsWMvDdUDrtaclXvyFu1cvh43zcgTFeRc5JzrBh3Q4IgaezprClG5QtO+Ddz\n"
+"iZaKHG29777YtvTKwP1H8K4LWCDFyB02rpeNUIMmJCn3nTsPBQIDAQABo2MwYTAPBgNVHRMB\n"
+"Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBRvjmKLk0Ow4UD2p8P98Q+4\n"
+"DxU4pTAdBgNVHQ4EFgQUb45ii5NDsOFA9qfD/fEPuA8VOKUwDQYJKoZIhvcNAQELBQADggIB\n"
+"AKwsKUF9+lz1GpUYvyypiqkkVHX1uECry6gkUSsYP2OprphWKwVDIqO310aewCoSPY6WlkDf\n"
+"DDOLazeROpW7OSltwAJsipQLBwJNGD77+3v1dj2b9l4wBlgzHqp41eZUBDqyggmNzhYzWUUo\n"
+"8aWjlw5DI/0LIICQ/+Mmz7hkkeUFjxOgdg3XNwwQiJb0Pr6VvfHDffCjw3lHC1ySFWPtUnWK\n"
+"50Zpy1FVCypM9fJkT6lc/2cyjlUtMoIcgC9qkfjLvH4YoiaoLqNTKIftV+Vlek4ASltOU8li\n"
+"Nr3CjlvrzG4ngRhZi0Rjn9UMZfQpZX+RLOV/fuiJz48gy20HQhFRJjKKLjpHE7iNvUcNCfAW\n"
+"pO2Whi4Z2L6MOuhFLhG6rlrnub+xzI/goP+4s9GFe3lmozm1O2bYQL7Pt2eLSMkZJVX8vY3P\n"
+"XtpOpvJpzv1/THfQwUY1mFwjmwJFQ5Ra3bxHrSL+ul4vkSkphnsh3m5kt8sNjzdbowhq6/Td\n"
+"Ao9QAwKxuDdollDruF/UKIqlIgyKhPBZLtU30WHlQnNYKoH3dtvi4k0NX/a3vgW0rk4N3hY9\n"
+"A4GzJl5LuEsAz/+MF7psYC0nhzck5npgL7XTgwSqT0N1osGDsieYK7EOgLrAhV5Cud+xYJHT\n"
+"6xh+cHiudoO+cVrQkOPKwRYlZ0rwtnu64ZzZ\n"
+"-----END CERTIFICATE-----",.len=1988},
 };
--- a/packages/bun-usockets/src/eventing/epoll_kqueue.c
+++ b/packages/bun-usockets/src/eventing/epoll_kqueue.c
@@ -246,8 +246,7 @@ void us_loop_run(struct us_loop_t *loop) {
    }
 }

-extern void Bun__JSC_onBeforeWait(void*);
-extern void Bun__JSC_onAfterWait(void*);
+extern void Bun__JSC_onBeforeWait(void * _Nonnull jsc_vm);

 void us_loop_run_bun_tick(struct us_loop_t *loop, const struct timespec* timeout) {
    if (loop->num_polls == 0)
@@ -264,8 +263,9 @@ void us_loop_run_bun_tick(struct us_loop_t *loop, const struct timespec* timeout
    /* Emit pre callback */
    us_internal_loop_pre(loop);

-    /* Safe if jsc_vm is NULL */
-    Bun__JSC_onBeforeWait(loop->data.jsc_vm);
+
+    if (loop->data.jsc_vm) 
+        Bun__JSC_onBeforeWait(loop->data.jsc_vm);

    /* Fetch ready polls */
 #ifdef LIBUS_USE_EPOLL
@@ -276,7 +276,6 @@ void us_loop_run_bun_tick(struct us_loop_t *loop, const struct timespec* timeout
    } while (IS_EINTR(loop->num_ready_polls));
 #endif

-    Bun__JSC_onAfterWait(loop->data.jsc_vm);

    /* Iterate ready polls, dispatching them by type */
    for (loop->current_ready_poll = 0; loop->current_ready_poll < loop->num_ready_polls; loop->current_ready_poll++) {
--- a/packages/bun-usockets/src/internal/internal.h
+++ b/packages/bun-usockets/src/internal/internal.h
@@ -116,6 +116,8 @@ extern struct addrinfo_result *Bun__addrinfo_getRequestResult(struct addrinfo_re
 /* Loop related */
 void us_internal_dispatch_ready_poll(struct us_poll_t *p, int error, int eof, int events);
 void us_internal_timer_sweep(us_loop_r loop);
+void us_internal_enable_sweep_timer(struct us_loop_t *loop);
+void us_internal_disable_sweep_timer(struct us_loop_t *loop);
 void us_internal_free_closed_sockets(us_loop_r loop);
 void us_internal_loop_link(struct us_loop_t *loop,
                           struct us_socket_context_t *context);
--- a/packages/bun-usockets/src/internal/loop_data.h
+++ b/packages/bun-usockets/src/internal/loop_data.h
@@ -35,6 +35,7 @@ typedef void* zig_mutex_t;
 // IMPORTANT: When changing this, don't forget to update the zig version in uws.zig as well!
 struct us_internal_loop_data_t {
    struct us_timer_t *sweep_timer;
+    int sweep_timer_count;
    struct us_internal_async *wakeup_async;
    int last_write_failed;
    struct us_socket_context_t *head;
--- a/packages/bun-usockets/src/libusockets.h
+++ b/packages/bun-usockets/src/libusockets.h
@@ -262,6 +262,7 @@ enum create_bun_socket_error_t {
  CREATE_BUN_SOCKET_ERROR_LOAD_CA_FILE,
  CREATE_BUN_SOCKET_ERROR_INVALID_CA_FILE,
  CREATE_BUN_SOCKET_ERROR_INVALID_CA,
+  CREATE_BUN_SOCKET_ERROR_INVALID_CIPHERS,
 };

 struct us_socket_context_t *us_create_bun_ssl_socket_context(struct us_loop_t *loop,
--- a/packages/bun-usockets/src/loop.c
+++ b/packages/bun-usockets/src/loop.c
@@ -18,6 +18,7 @@
 #include "libusockets.h"
 #include "internal/internal.h"
 #include <stdlib.h>
+#include <stdio.h>
 #ifndef WIN32
 #include <sys/ioctl.h>
 #endif
@@ -29,11 +30,32 @@ extern void __attribute((__noreturn__)) Bun__panic(const char* message, size_t l
 #define BUN_PANIC(message) Bun__panic(message, sizeof(message) - 1)
 #endif

+extern void Bun__internal_ensureDateHeaderTimerIsEnabled(struct us_loop_t *loop);
+
+void sweep_timer_cb(struct us_internal_callback_t *cb);
+
+void us_internal_enable_sweep_timer(struct us_loop_t *loop) {
+    loop->data.sweep_timer_count++;
+    if (loop->data.sweep_timer_count == 1) {
+        us_timer_set(loop->data.sweep_timer, (void (*)(struct us_timer_t *)) sweep_timer_cb, LIBUS_TIMEOUT_GRANULARITY * 1000, LIBUS_TIMEOUT_GRANULARITY * 1000);
+        Bun__internal_ensureDateHeaderTimerIsEnabled(loop);
+    }
+    
+}
+
+void us_internal_disable_sweep_timer(struct us_loop_t *loop) {
+    loop->data.sweep_timer_count--;
+    if (loop->data.sweep_timer_count == 0) {
+        us_timer_set(loop->data.sweep_timer, (void (*)(struct us_timer_t *)) sweep_timer_cb, 0, 0);
+    }
+}
+
 /* The loop has 2 fallthrough polls */
 void us_internal_loop_data_init(struct us_loop_t *loop, void (*wakeup_cb)(struct us_loop_t *loop),
    void (*pre_cb)(struct us_loop_t *loop), void (*post_cb)(struct us_loop_t *loop)) {
    // We allocate with calloc, so we only need to initialize the specific fields in use.
    loop->data.sweep_timer = us_create_timer(loop, 1, 0);
+    loop->data.sweep_timer_count = 0;
    loop->data.recv_buf = malloc(LIBUS_RECV_BUFFER_LENGTH + LIBUS_RECV_BUFFER_PADDING * 2);
    loop->data.send_buf = malloc(LIBUS_SEND_BUFFER_LENGTH);
    loop->data.pre_cb = pre_cb;
@@ -547,9 +569,9 @@ void us_internal_dispatch_ready_poll(struct us_poll_t *p, int error, int eof, in
    }
 }

-/* Integration only requires the timer to be set up */
+/* Integration only requires the timer to be set up, but not automatically enabled */
 void us_loop_integrate(struct us_loop_t *loop) {
-    us_timer_set(loop->data.sweep_timer, (void (*)(struct us_timer_t *)) sweep_timer_cb, LIBUS_TIMEOUT_GRANULARITY * 1000, LIBUS_TIMEOUT_GRANULARITY * 1000);
+    /* Timer is now controlled dynamically by socket count, not enabled automatically */
 }

 void *us_loop_ext(struct us_loop_t *loop) {
--- a/packages/bun-uws/src/HttpParser.h
+++ b/packages/bun-uws/src/HttpParser.h
@@ -222,6 +222,78 @@ namespace uWS
            return std::string_view(nullptr, 0);
        }

+        struct TransferEncoding {
+            bool has: 1 = false;
+            bool chunked: 1 = false;
+            bool invalid: 1 = false;
+        };
+
+        TransferEncoding getTransferEncoding()
+        {
+            TransferEncoding te;
+            
+            if (!bf.mightHave("transfer-encoding")) {
+                return te;
+            }
+            
+            for (Header *h = headers; (++h)->key.length();) {
+                if (h->key.length() == 17 && !strncmp(h->key.data(), "transfer-encoding", 17)) {
+                    // Parse comma-separated values, ensuring "chunked" is last if present
+                    const auto value = h->value;
+                    size_t pos = 0;
+                    size_t lastTokenStart = 0;
+                    size_t lastTokenLen = 0;
+        
+                    while (pos < value.length()) {
+                        // Skip leading whitespace
+                        while (pos < value.length() && (value[pos] == ' ' || value[pos] == '\t')) {
+                            pos++;
+                        }
+                        
+                        // Remember start of this token
+                        size_t tokenStart = pos;
+                        
+                        // Find end of token (until comma or end)
+                        while (pos < value.length() && value[pos] != ',') {
+                            pos++;
+                        }
+                        
+                        // Trim trailing whitespace from token
+                        size_t tokenEnd = pos;
+                        while (tokenEnd > tokenStart && (value[tokenEnd - 1] == ' ' || value[tokenEnd - 1] == '\t')) {
+                            tokenEnd--;
+                        }
+                        
+                        size_t tokenLen = tokenEnd - tokenStart;
+                        if (tokenLen > 0) {
+                            lastTokenStart = tokenStart;
+                            lastTokenLen = tokenLen;
+                        }
+                        
+                        // Move past comma if present
+                        if (pos < value.length() && value[pos] == ',') {
+                            pos++;
+                        }
+                    }
+
+                    if (te.chunked) [[unlikely]] {
+                        te.invalid = true;
+                        return te;
+                    }
+
+                    te.has = lastTokenLen > 0;
+                    
+                    // Check if the last token is "chunked"
+                    if (lastTokenLen == 7 && !strncmp(value.data() + lastTokenStart, "chunked", 7)) [[likely]] {
+                        te.chunked = true;
+                    }
+                    
+                }
+            }
+
+            return te;
+        }
+

        std::string_view getUrl()
        {
@@ -771,14 +843,16 @@ namespace uWS
            * the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt
            * to perform request smuggling (Section 11.2) or response splitting (Section 11.1) and
            * ought to be handled as an error. */
-            std::string_view transferEncodingString = req->getHeader("transfer-encoding");
-            std::string_view contentLengthString = req->getHeader("content-length");
+            const std::string_view contentLengthString = req->getHeader("content-length");
+            const auto contentLengthStringLen = contentLengthString.length();
+            
+            /* Check Transfer-Encoding header validity and conflicts */
+            HttpRequest::TransferEncoding transferEncoding = req->getTransferEncoding();

-            auto transferEncodingStringLen = transferEncodingString.length();
-            auto contentLengthStringLen = contentLengthString.length();
-            if (transferEncodingStringLen && contentLengthStringLen) {
-                /* We could be smart and set an error in the context along with this, to indicate what
-                 * http error response we might want to return */
+            transferEncoding.invalid = transferEncoding.invalid || (transferEncoding.has && (contentLengthStringLen || !transferEncoding.chunked));
+
+            if (transferEncoding.invalid) [[unlikely]] {
+                /* Invalid Transfer-Encoding (multiple headers or chunked not last - request smuggling attempt) */
                return HttpParserResult::error(HTTP_ERROR_400_BAD_REQUEST, HTTP_PARSER_ERROR_INVALID_TRANSFER_ENCODING);
            }

@@ -789,7 +863,7 @@ namespace uWS
            // lets check if content len is valid before calling requestHandler
            if(contentLengthStringLen) {
                remainingStreamingBytes = toUnsignedInteger(contentLengthString);
-                if (remainingStreamingBytes == UINT64_MAX) {
+                if (remainingStreamingBytes == UINT64_MAX) [[unlikely]] {
                    /* Parser error */
                    return HttpParserResult::error(HTTP_ERROR_400_BAD_REQUEST, HTTP_PARSER_ERROR_INVALID_CONTENT_LENGTH);
                }
@@ -813,20 +887,8 @@ namespace uWS
            /* RFC 9112 6.3
             * If a message is received with both a Transfer-Encoding and a Content-Length header field,
             * the Transfer-Encoding overrides the Content-Length. */
-            if (transferEncodingStringLen) {
-
-                /* If a proxy sent us the transfer-encoding header that 100% means it must be chunked or else the proxy is
-                 * not RFC 9112 compliant. Therefore it is always better to assume this is the case, since that entirely eliminates
-                 * all forms of transfer-encoding obfuscation tricks. We just rely on the header. */
-
-                /* RFC 9112 6.3
-                 * If a Transfer-Encoding header field is present in a request and the chunked transfer coding is not the
-                 * final encoding, the message body length cannot be determined reliably; the server MUST respond with the
-                 * 400 (Bad Request) status code and then close the connection. */
-
-                /* In this case we fail later by having the wrong interpretation (assuming chunked).
-                 * This could be made stricter but makes no difference either way, unless forwarding the identical message as a proxy. */
-
+            if (transferEncoding.has) {
+                /* We already validated that chunked is last if present, before calling the handler */
                remainingStreamingBytes = STATE_IS_CHUNKED;
                /* If consume minimally, we do not want to consume anything but we want to mark this as being chunked */
                if constexpr (!ConsumeMinimally) {
@@ -835,7 +897,7 @@ namespace uWS
                    for (auto chunk : uWS::ChunkIterator(&dataToConsume, &remainingStreamingBytes)) {
                        dataHandler(user, chunk, chunk.length() == 0);
                    }
-                    if (isParsingInvalidChunkedEncoding(remainingStreamingBytes)) {
+                    if (isParsingInvalidChunkedEncoding(remainingStreamingBytes)) [[unlikely]] {
                        // TODO: what happen if we already responded?
                        return HttpParserResult::error(HTTP_ERROR_400_BAD_REQUEST, HTTP_PARSER_ERROR_INVALID_CHUNKED_ENCODING);
                    }
--- a/packages/bun-uws/src/Loop.h
+++ b/packages/bun-uws/src/Loop.h
@@ -82,19 +82,6 @@ private:

    static Loop *create(void *hint) {
        Loop *loop = ((Loop *) us_create_loop(hint, wakeupCb, preCb, postCb, sizeof(LoopData)))->init();
-
-        /* We also need some timers (should live off the one 4 second timer rather) */
-        LoopData *loopData = (LoopData *) us_loop_ext((struct us_loop_t *) loop);
-        loopData->dateTimer = us_create_timer((struct us_loop_t *) loop, 1, sizeof(LoopData *));
-        loopData->updateDate();
-
-        memcpy(us_timer_ext(loopData->dateTimer), &loopData, sizeof(LoopData *));
-        us_timer_set(loopData->dateTimer, [](struct us_timer_t *t) {
-            LoopData *loopData;
-            memcpy(&loopData, us_timer_ext(t), sizeof(LoopData *));
-            loopData->updateDate();
-        }, 1000, 1000);
-
        return loop;
    }

@@ -146,10 +133,7 @@ public:
    /* Freeing the default loop should be done once */
    void free() {
        LoopData *loopData = (LoopData *) us_loop_ext((us_loop_t *) this);
-
-        /* Stop and free dateTimer first */
-        us_timer_close(loopData->dateTimer, 1);
-
+        
        loopData->~LoopData();
        /* uSockets will track whether this loop is owned by us or a borrowed alien loop */
        us_loop_free((us_loop_t *) this);
--- a/packages/bun-uws/src/LoopData.h
+++ b/packages/bun-uws/src/LoopData.h
@@ -151,8 +151,6 @@ public:
    ZlibContext *zlibContext = nullptr;
    InflationStream *inflationStream = nullptr;
    DeflationStream *deflationStream = nullptr;
-
-    us_timer_t *dateTimer;
 };

 }
--- a/packages/bun-vscode/src/features/tests/bun-test-controller.ts
+++ b/packages/bun-vscode/src/features/tests/bun-test-controller.ts
@@ -163,8 +163,11 @@ export class BunTestController implements vscode.Disposable {
    const ignoreGlobs = await this.buildIgnoreGlobs(cancellationToken);
    const tests = await vscode.workspace.findFiles(
      this.customFilePattern(),
-      "node_modules",
-      undefined,
+      "**/node_modules/**",
+      // 5k tests is more than enough for most projects.
+      // If they need more, they can manually open the files themself and it should be added to the test explorer.
+      // This is needed because otherwise with too many tests, vscode OOMs.
+      5_000,
      cancellationToken,
    );

--- a/scripts/build-jsc.ts
+++ b/scripts/build-jsc.ts
@@ -0,0 +1,215 @@
+#!/usr/bin/env bun
+import { spawnSync } from "child_process";
+import { existsSync, mkdirSync } from "fs";
+import { arch, platform } from "os";
+import { join, resolve } from "path";
+
+// Build configurations
+type BuildConfig = "debug" | "release" | "lto";
+
+// Parse command line arguments
+const args = process.argv.slice(2);
+const buildConfig: BuildConfig = (args[0] as BuildConfig) || "debug";
+const validConfigs = ["debug", "release", "lto"];
+
+if (!validConfigs.includes(buildConfig)) {
+  console.error(`Invalid build configuration: ${buildConfig}`);
+  console.error(`Valid configurations: ${validConfigs.join(", ")}`);
+  process.exit(1);
+}
+
+// Detect platform
+const OS_NAME = platform().toLowerCase();
+const ARCH_NAME_RAW = arch();
+const IS_MAC = OS_NAME === "darwin";
+const IS_LINUX = OS_NAME === "linux";
+const IS_ARM64 = ARCH_NAME_RAW === "arm64" || ARCH_NAME_RAW === "aarch64";
+
+// Paths
+const ROOT_DIR = resolve(import.meta.dir, "..");
+const WEBKIT_DIR = resolve(ROOT_DIR, "vendor/WebKit");
+const WEBKIT_BUILD_DIR = join(WEBKIT_DIR, "WebKitBuild");
+const WEBKIT_RELEASE_DIR = join(WEBKIT_BUILD_DIR, "Release");
+const WEBKIT_DEBUG_DIR = join(WEBKIT_BUILD_DIR, "Debug");
+const WEBKIT_RELEASE_DIR_LTO = join(WEBKIT_BUILD_DIR, "ReleaseLTO");
+
+// Homebrew prefix detection
+const HOMEBREW_PREFIX = IS_ARM64 ? "/opt/homebrew/" : "/usr/local/";
+
+// Compiler detection
+function findExecutable(names: string[]): string | null {
+  for (const name of names) {
+    const result = spawnSync("which", [name], { encoding: "utf8" });
+    if (result.status === 0) {
+      return result.stdout.trim();
+    }
+  }
+  return null;
+}
+
+const CC = findExecutable(["clang-19", "clang"]) || "clang";
+const CXX = findExecutable(["clang++-19", "clang++"]) || "clang++";
+
+// Build directory based on config
+const getBuildDir = (config: BuildConfig) => {
+  switch (config) {
+    case "debug":
+      return WEBKIT_DEBUG_DIR;
+    case "lto":
+      return WEBKIT_RELEASE_DIR_LTO;
+    default:
+      return WEBKIT_RELEASE_DIR;
+  }
+};
+
+// Common CMake flags
+const getCommonFlags = () => {
+  const flags = [
+    "-DPORT=JSCOnly",
+    "-DENABLE_STATIC_JSC=ON",
+    "-DALLOW_LINE_AND_COLUMN_NUMBER_IN_BUILTINS=ON",
+    "-DUSE_THIN_ARCHIVES=OFF",
+    "-DUSE_BUN_JSC_ADDITIONS=ON",
+    "-DUSE_BUN_EVENT_LOOP=ON",
+    "-DENABLE_FTL_JIT=ON",
+    "-G",
+    "Ninja",
+    `-DCMAKE_C_COMPILER=${CC}`,
+    `-DCMAKE_CXX_COMPILER=${CXX}`,
+  ];
+
+  if (IS_MAC) {
+    flags.push(
+      "-DENABLE_SINGLE_THREADED_VM_ENTRY_SCOPE=ON",
+      "-DBUN_FAST_TLS=ON",
+      "-DPTHREAD_JIT_PERMISSIONS_API=1",
+      "-DUSE_PTHREAD_JIT_PERMISSIONS_API=ON",
+    );
+  } else if (IS_LINUX) {
+    flags.push(
+      "-DJSEXPORT_PRIVATE=WTF_EXPORT_DECLARATION",
+      "-DUSE_VISIBILITY_ATTRIBUTE=1",
+      "-DENABLE_REMOTE_INSPECTOR=ON",
+    );
+  }
+
+  return flags;
+};
+
+// Build-specific CMake flags
+const getBuildFlags = (config: BuildConfig) => {
+  const flags = [...getCommonFlags()];
+
+  switch (config) {
+    case "debug":
+      flags.push(
+        "-DCMAKE_BUILD_TYPE=Debug",
+        "-DENABLE_BUN_SKIP_FAILING_ASSERTIONS=ON",
+        "-DCMAKE_EXPORT_COMPILE_COMMANDS=ON",
+        "-DENABLE_REMOTE_INSPECTOR=ON",
+        "-DUSE_VISIBILITY_ATTRIBUTE=1",
+      );
+
+      if (IS_MAC) {
+        // Enable address sanitizer by default on Mac debug builds
+        flags.push("-DENABLE_SANITIZERS=address");
+        // To disable asan, comment the line above and uncomment:
+        // flags.push("-DENABLE_MALLOC_HEAP_BREAKDOWN=ON");
+      }
+      break;
+
+    case "lto":
+      flags.push("-DCMAKE_BUILD_TYPE=Release", "-DCMAKE_C_FLAGS=-flto=full", "-DCMAKE_CXX_FLAGS=-flto=full");
+      break;
+
+    default: // release
+      flags.push("-DCMAKE_BUILD_TYPE=RelWithDebInfo");
+      break;
+  }
+
+  return flags;
+};
+
+// Environment variables for the build
+const getBuildEnv = () => {
+  const env = { ...process.env };
+
+  const cflags = ["-ffat-lto-objects"];
+  const cxxflags = ["-ffat-lto-objects"];
+
+  if (IS_LINUX && buildConfig !== "lto") {
+    cflags.push("-Wl,--whole-archive");
+    cxxflags.push("-Wl,--whole-archive", "-DUSE_BUN_JSC_ADDITIONS=ON", "-DUSE_BUN_EVENT_LOOP=ON");
+  }
+
+  env.CFLAGS = (env.CFLAGS || "") + " " + cflags.join(" ");
+  env.CXXFLAGS = (env.CXXFLAGS || "") + " " + cxxflags.join(" ");
+
+  if (IS_MAC) {
+    env.ICU_INCLUDE_DIRS = `${HOMEBREW_PREFIX}opt/icu4c/include`;
+  }
+
+  return env;
+};
+
+// Run a command with proper error handling
+function runCommand(command: string, args: string[], options: any = {}) {
+  console.log(`Running: ${command} ${args.join(" ")}`);
+  const result = spawnSync(command, args, {
+    stdio: "inherit",
+    ...options,
+  });
+
+  if (result.error) {
+    console.error(`Failed to execute command: ${result.error.message}`);
+    process.exit(1);
+  }
+
+  if (result.status !== 0) {
+    console.error(`Command failed with exit code ${result.status}`);
+    process.exit(result.status || 1);
+  }
+}
+
+// Main build function
+function buildJSC() {
+  const buildDir = getBuildDir(buildConfig);
+  const cmakeFlags = getBuildFlags(buildConfig);
+  const env = getBuildEnv();
+
+  console.log(`Building JSC with configuration: ${buildConfig}`);
+  console.log(`Build directory: ${buildDir}`);
+
+  // Create build directories
+  if (!existsSync(buildDir)) {
+    mkdirSync(buildDir, { recursive: true });
+  }
+
+  if (!existsSync(WEBKIT_DIR)) {
+    mkdirSync(WEBKIT_DIR, { recursive: true });
+  }
+
+  // Configure with CMake
+  console.log("\n📦 Configuring with CMake...");
+  runCommand("cmake", [...cmakeFlags, WEBKIT_DIR, buildDir], {
+    cwd: buildDir,
+    env,
+  });
+
+  // Build with CMake
+  console.log("\n🔨 Building JSC...");
+  const buildType = buildConfig === "debug" ? "Debug" : buildConfig === "lto" ? "Release" : "RelWithDebInfo";
+
+  runCommand("cmake", ["--build", buildDir, "--config", buildType, "--target", "jsc"], {
+    cwd: buildDir,
+    env,
+  });
+
+  console.log(`\n✅ JSC build completed successfully!`);
+  console.log(`Build output: ${buildDir}`);
+}
+
+// Entry point
+if (import.meta.main) {
+  buildJSC();
+}
--- a/scripts/build.mjs
+++ b/scripts/build.mjs
@@ -5,7 +5,9 @@ import { chmodSync, cpSync, existsSync, mkdirSync, readFileSync } from "node:fs"
 import { basename, join, relative, resolve } from "node:path";
 import {
  formatAnnotationToHtml,
+  getSecret,
  isCI,
+  isWindows,
  parseAnnotations,
  printEnvironment,
  reportAnnotationToBuildKite,
@@ -214,14 +216,47 @@ function parseOptions(args, flags = []) {
 async function spawn(command, args, options, label) {
  const effectiveArgs = args.filter(Boolean);
  const description = [command, ...effectiveArgs].map(arg => (arg.includes(" ") ? JSON.stringify(arg) : arg)).join(" ");
+  let env = options?.env;
+
  console.log("$", description);

  label ??= basename(command);

  const pipe = process.env.CI === "true";
+
+  if (isBuildkite()) {
+    if (process.env.BUN_LINK_ONLY && isWindows) {
+      env ||= options?.env || { ...process.env };
+
+      // Pass signing secrets directly to the build process
+      // The PowerShell signing script will handle certificate decoding
+      env.SM_CLIENT_CERT_PASSWORD = getSecret("SM_CLIENT_CERT_PASSWORD", {
+        redact: true,
+        required: true,
+      });
+      env.SM_CLIENT_CERT_FILE = getSecret("SM_CLIENT_CERT_FILE", {
+        redact: true,
+        required: true,
+      });
+      env.SM_API_KEY = getSecret("SM_API_KEY", {
+        redact: true,
+        required: true,
+      });
+      env.SM_KEYPAIR_ALIAS = getSecret("SM_KEYPAIR_ALIAS", {
+        redact: true,
+        required: true,
+      });
+      env.SM_HOST = getSecret("SM_HOST", {
+        redact: true,
+        required: true,
+      });
+    }
+  }
+
  const subprocess = nodeSpawn(command, effectiveArgs, {
    stdio: pipe ? "pipe" : "inherit",
    ...options,
+    env,
  });

  let killedManually = false;
--- a/scripts/github-metrics.ts
+++ b/scripts/github-metrics.ts
@@ -0,0 +1,176 @@
+#!/usr/bin/env bun
+
+import { $ } from "bun";
+
+interface ReleaseInfo {
+  publishedAt: string;
+  tag: string;
+}
+
+interface Issue {
+  number: number;
+  closedAt: string;
+  stateReason: string;
+}
+
+interface Reaction {
+  content: string;
+}
+
+interface Comment {
+  id: number;
+}
+
+/**
+ * Get release information for a given tag
+ */
+async function getReleaseInfo(tag: string): Promise<ReleaseInfo> {
+  try {
+    const result = await $`gh release view ${tag} --json publishedAt,tagName`.json();
+    return {
+      publishedAt: result.publishedAt,
+      tag: result.tagName,
+    };
+  } catch (error) {
+    throw new Error(`Failed to get release info for ${tag}: ${error}`);
+  }
+}
+
+/**
+ * Count issues closed as completed since a given date
+ */
+async function countCompletedIssues(sinceDate: string): Promise<{ count: number; issues: number[] }> {
+  try {
+    const result =
+      (await $`gh issue list --state closed --search "closed:>=${sinceDate} reason:completed" --limit 1000 --json number,closedAt,stateReason`.json()) as Issue[];
+
+    const completedIssues = result.filter(issue => issue.stateReason === "COMPLETED");
+
+    return {
+      count: completedIssues.length,
+      issues: completedIssues.map(issue => issue.number),
+    };
+  } catch (error) {
+    throw new Error(`Failed to count completed issues: ${error}`);
+  }
+}
+
+/**
+ * Get positive reactions for an issue (👍, ❤️, 🎉, 🚀)
+ */
+async function getIssueReactions(issueNumber: number): Promise<number> {
+  try {
+    const reactions = (await $`gh api "repos/oven-sh/bun/issues/${issueNumber}/reactions"`.json()) as Reaction[];
+    return reactions.filter(r => ["+1", "heart", "hooray", "rocket"].includes(r.content)).length;
+  } catch {
+    return 0;
+  }
+}
+
+/**
+ * Get positive reactions for all comments on an issue
+ */
+async function getCommentReactions(issueNumber: number): Promise<number> {
+  try {
+    const comments = (await $`gh api "repos/oven-sh/bun/issues/${issueNumber}/comments"`.json()) as Comment[];
+
+    let totalReactions = 0;
+    for (const comment of comments) {
+      try {
+        const reactions =
+          (await $`gh api "repos/oven-sh/bun/issues/comments/${comment.id}/reactions"`.json()) as Reaction[];
+        totalReactions += reactions.filter(r => ["+1", "heart", "hooray", "rocket"].includes(r.content)).length;
+      } catch {
+        // Skip if we can't get reactions for this comment
+      }
+    }
+
+    return totalReactions;
+  } catch {
+    return 0;
+  }
+}
+
+/**
+ * Count total positive reactions for issues and their comments
+ */
+async function countReactions(issueNumbers: number[], verbose = false): Promise<number> {
+  let totalReactions = 0;
+
+  for (const issueNumber of issueNumbers) {
+    if (verbose) {
+      console.log(`Processing issue #${issueNumber}...`);
+    }
+
+    const [issueReactions, commentReactions] = await Promise.all([
+      getIssueReactions(issueNumber),
+      getCommentReactions(issueNumber),
+    ]);
+
+    const issueTotal = issueReactions + commentReactions;
+    totalReactions += issueTotal;
+
+    if (verbose && issueTotal > 0) {
+      console.log(
+        `  Issue #${issueNumber}: ${issueReactions} issue + ${commentReactions} comment = ${issueTotal} total`,
+      );
+    }
+
+    // Small delay to avoid rate limiting
+    await Bun.sleep(50);
+  }
+
+  return totalReactions;
+}
+
+/**
+ * Main function to collect GitHub metrics
+ */
+async function main() {
+  const args = process.argv.slice(2);
+  const releaseTag = args[0];
+  const verbose = args.includes("--verbose") || args.includes("-v");
+
+  if (!releaseTag) {
+    console.error("Usage: bun run scripts/github-metrics.ts <release-tag> [--verbose]");
+    console.error("Example: bun run scripts/github-metrics.ts bun-v1.2.19");
+    process.exit(1);
+  }
+
+  try {
+    console.log(`📊 Collecting GitHub metrics since ${releaseTag}...`);
+
+    // Get release date
+    const releaseInfo = await getReleaseInfo(releaseTag);
+    const releaseDate = releaseInfo.publishedAt.split("T")[0]; // Extract date part
+
+    if (verbose) {
+      console.log(`📅 Release date: ${releaseDate}`);
+    }
+
+    // Count completed issues
+    console.log("🔍 Counting completed issues...");
+    const { count: issueCount, issues: issueNumbers } = await countCompletedIssues(releaseDate);
+
+    // Count reactions
+    console.log("👍 Counting positive reactions...");
+    const reactionCount = await countReactions(issueNumbers, verbose);
+
+    // Display results
+    console.log("\n📈 Results:");
+    console.log(`Issues closed as completed since ${releaseTag}: ${issueCount}`);
+    console.log(`Total positive reactions (👍❤️🎉🚀): ${reactionCount}`);
+
+    if (issueCount > 0) {
+      console.log(`Average reactions per completed issue: ${(reactionCount / issueCount).toFixed(1)}`);
+    }
+  } catch (error) {
+    console.error("❌ Error:", error.message);
+    process.exit(1);
+  }
+}
+
+// Run if this script is executed directly
+if (import.meta.main) {
+  main();
+}
--- a/scripts/lldb-inline-tool.cpp
+++ b/scripts/lldb-inline-tool.cpp
@@ -0,0 +1,409 @@
+/*
+ * LLDB Inline Debug Tool
+ * 
+ * This tool allows you to add inline debug points in your code using comments:
+ *   // LOG: message here
+ *   // LOG: variable value is {variable_name}
+ * 
+ * The tool will set non-stopping breakpoints at these locations and print
+ * the messages when hit, without interrupting program execution.
+ * 
+ * BUILD INSTRUCTIONS:
+ * ------------------
+ * On macOS with Homebrew LLVM:
+ *   c++ -std=c++17 -o lldb-inline lldb-inline-tool.cpp \
+ *       -llldb \
+ *       -L/opt/homebrew/opt/llvm/lib \
+ *       -I/opt/homebrew/opt/llvm/include \
+ *       -Wl,-rpath,/opt/homebrew/opt/llvm/lib
+ * 
+ * On Linux:
+ *   c++ -std=c++17 -o lldb-inline lldb-inline-tool.cpp \
+ *       -llldb \
+ *       -L/usr/lib/llvm-14/lib \
+ *       -I/usr/lib/llvm-14/include
+ * 
+ * USAGE:
+ * ------
+ *   ./lldb-inline <executable> [args...]
+ * 
+ * The tool searches for // LOG: comments in all source files listed in
+ * cmake/sources/ *.txt and sets breakpoints at those locations.
+ */
+
+#include <lldb/API/LLDB.h>
+#include <iostream>
+#include <vector>
+#include <string>
+#include <cstdlib>
+#include <regex>
+#include <unistd.h>
+#include <glob.h>
+#include <fstream>
+#include <chrono>
+#include <set>
+#include <thread>
+#include <atomic>
+#include <signal.h>
+#include <errno.h>
+
+extern char **environ;
+
+using namespace lldb;
+
+struct DebugPoint {
+    std::string file;
+    int line;
+    int column;
+    enum Type { LOG, VAR } type;
+    std::string data;
+};
+
+std::vector<DebugPoint> debugPoints;
+
+bool logpointCallback(void *baton, SBProcess &process, SBThread &thread, SBBreakpointLocation &location) {
+    auto start = std::chrono::high_resolution_clock::now();
+    
+    auto* point = static_cast<DebugPoint*>(baton);
+    
+    std::cout << point->file << ":" << point->line << ":" << point->column << " ";
+    
+    // Parse the log message for {expressions}
+    std::string msg = point->data;
+    size_t pos = 0;
+    
+    while ((pos = msg.find('{', pos)) != std::string::npos) {
+        size_t endPos = msg.find('}', pos);
+        if (endPos == std::string::npos) {
+            break;
+        }
+        
+        // Extract expression
+        std::string expr = msg.substr(pos + 1, endPos - pos - 1);
+        
+        // Evaluate expression
+        SBFrame frame = thread.GetFrameAtIndex(0);
+        SBValue result = frame.EvaluateExpression(expr.c_str());
+        
+        std::string value;
+        if (result.GetError().Success() && result.GetValue()) {
+            value = result.GetValue();
+        } else {
+            value = "<error>";
+        }
+        
+        // Replace {expression} with value
+        msg.replace(pos, endPos - pos + 1, value);
+        pos += value.length();
+    }
+    
+    std::cout << msg << std::endl;
+    
+    auto end = std::chrono::high_resolution_clock::now();
+    auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+    // std::cerr << "Breakpoint callback took: " << duration.count() << "ms" << std::endl;
+    
+    // Don't stop
+    return false;
+}
+
+std::vector<std::string> getSourceFiles() {
+    std::vector<std::string> files;
+    
+    // Read cmake source files
+    glob_t globbuf;
+    if (glob("cmake/sources/*.txt", 0, nullptr, &globbuf) == 0) {
+        for (size_t i = 0; i < globbuf.gl_pathc; i++) {
+            std::ifstream file(globbuf.gl_pathv[i]);
+            std::string line;
+            while (std::getline(file, line)) {
+                if (!line.empty() && line[0] != '#' && line.find("${") == std::string::npos) {
+                    files.push_back(line);
+                }
+            }
+        }
+        globfree(&globbuf);
+    }
+    
+    return files;
+}
+
+void findDebugPoints() {
+    // Get source files
+    auto files = getSourceFiles();
+    
+    if (files.empty()) {
+        return;
+    }
+    
+    // Create temp file with list of files
+    std::string tmpfile = "/tmp/lldb-inline-files.txt";
+    std::ofstream out(tmpfile);
+    for (const auto& file : files) {
+        out << file << std::endl;
+    }
+    out.close();
+    
+    // Use ripgrep with limited threads for speed
+    std::string cmd = "cat " + tmpfile + " | xargs rg -j4 --line-number --column --no-heading --color=never '//\\s*LOG:'";
+    
+    FILE* pipe = popen(cmd.c_str(), "r");
+    if (!pipe) {
+        unlink(tmpfile.c_str());
+        return;
+    }
+    
+    char buffer[1024];
+    std::regex logRegex(".*//\\s*LOG:\\s*(.+)");
+    
+    while (fgets(buffer, sizeof(buffer), pipe)) {
+        std::string line(buffer);
+        // Remove trailing newline
+        if (!line.empty() && line.back() == '\n') {
+            line.pop_back();
+        }
+        
+        // Parse ripgrep output: file:line:column:text
+        size_t pos1 = line.find(':');
+        if (pos1 == std::string::npos) continue;
+        
+        size_t pos2 = line.find(':', pos1 + 1);
+        if (pos2 == std::string::npos) continue;
+        
+        size_t pos3 = line.find(':', pos2 + 1);
+        if (pos3 == std::string::npos) continue;
+        
+        DebugPoint point;
+        point.file = line.substr(0, pos1);
+        point.line = std::stoi(line.substr(pos1 + 1, pos2 - pos1 - 1));
+        point.column = std::stoi(line.substr(pos2 + 1, pos3 - pos2 - 1));
+        
+        std::string text = line.substr(pos3 + 1);
+        
+        std::smatch match;
+        if (std::regex_match(text, match, logRegex)) {
+            point.type = DebugPoint::LOG;
+            point.data = match[1];  // The message is in capture group 1
+            // Trim whitespace
+            point.data.erase(0, point.data.find_first_not_of(" \t"));
+            point.data.erase(point.data.find_last_not_of(" \t") + 1);
+            debugPoints.push_back(point);
+        }
+    }
+    
+    pclose(pipe);
+    unlink(tmpfile.c_str());
+}
+
+int main(int argc, char* argv[]) {
+    if (argc < 2) {
+        return 1;
+    }
+    
+    const char* executable = argv[1];
+    
+    // Find debug points
+    auto start = std::chrono::high_resolution_clock::now();
+    findDebugPoints();
+    auto end = std::chrono::high_resolution_clock::now();
+    auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+    // std::cerr << "Ripgrep search took: " << duration.count() << "ms" << std::endl;
+    
+    
+    if (debugPoints.empty()) {
+        return 1;
+    }
+    
+    // Initialize LLDB
+    start = std::chrono::high_resolution_clock::now();
+    SBDebugger::Initialize();
+    SBDebugger debugger = SBDebugger::Create(false); // Don't read .lldbinit
+    debugger.SetAsync(true);
+    end = std::chrono::high_resolution_clock::now();
+    duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+    // std::cerr << "LLDB init took: " << duration.count() << "ms" << std::endl;
+    
+    // Keep LLDB's stdio handling enabled
+    SBCommandInterpreter interpreter = debugger.GetCommandInterpreter();
+    SBCommandReturnObject result;
+    interpreter.HandleCommand("settings set target.disable-stdio false", result);
+    interpreter.HandleCommand("settings set symbols.load-on-demand true", result);
+    interpreter.HandleCommand("settings set target.preload-symbols false", result);
+    interpreter.HandleCommand("settings set symbols.enable-external-lookup false", result);
+    interpreter.HandleCommand("settings set target.auto-import-clang-modules false", result);
+    interpreter.HandleCommand("settings set target.detach-on-error true", result);
+    
+    // Create target
+    SBError error;
+    char cwd[PATH_MAX];
+    getcwd(cwd, sizeof(cwd));
+    
+    std::string fullPath = executable;
+    if (fullPath[0] != '/') {
+        fullPath = std::string(cwd) + "/" + executable;
+    }
+    
+    start = std::chrono::high_resolution_clock::now();
+    SBTarget target = debugger.CreateTarget(fullPath.c_str(), nullptr, nullptr, false, error);
+    if (!target.IsValid()) {
+        std::cerr << "Failed to create target: " << error.GetCString() << std::endl;
+        return 1;
+    }
+    end = std::chrono::high_resolution_clock::now();
+    duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+    // std::cerr << "Create target took: " << duration.count() << "ms" << std::endl;
+    
+    // Set breakpoints
+    start = std::chrono::high_resolution_clock::now();
+    for (auto& point : debugPoints) {
+        std::string absPath = point.file;
+        if (absPath[0] != '/') {
+            absPath = std::string(cwd) + "/" + point.file;
+        }
+        
+        SBBreakpoint bp = target.BreakpointCreateByLocation(absPath.c_str(), point.line);
+        if (bp.IsValid()) {
+            bp.SetCallback(logpointCallback, &point);
+        }
+    }
+    end = std::chrono::high_resolution_clock::now();
+    duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+    // std::cerr << "Set breakpoints took: " << duration.count() << "ms" << std::endl;
+    
+    // Build args
+    std::vector<const char*> args;
+    for (int i = 2; i < argc; i++) {
+        args.push_back(argv[i]);
+    }
+    args.push_back(nullptr);
+    
+    // Launch process with proper settings
+    SBLaunchInfo launch_info(args.data());
+    launch_info.SetWorkingDirectory(cwd);
+    launch_info.SetLaunchFlags(0);  // Don't disable stdio
+    
+    // Pass through environment variables from parent
+    SBEnvironment env = launch_info.GetEnvironment();
+    for (char **p = environ; *p != nullptr; p++) {
+        env.PutEntry(*p);
+    }
+    launch_info.SetEnvironment(env, false);
+    
+    start = std::chrono::high_resolution_clock::now();
+    SBProcess process = target.Launch(launch_info, error);
+    if (!process.IsValid()) {
+        std::cerr << "Failed to launch process: " << error.GetCString() << std::endl;
+        return 1;
+    }
+    end = std::chrono::high_resolution_clock::now();
+    duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+    // std::cerr << "Launch process took: " << duration.count() << "ms" << std::endl;
+    
+    // lldb::pid_t launchedPid = process.GetProcessID();
+    // std::cerr << "Launched process with PID: " << launchedPid << std::endl;
+    
+    // Handle events properly
+    SBListener listener = debugger.GetListener();
+    
+    start = std::chrono::high_resolution_clock::now();
+    auto lastOutput = start;
+    bool done = false;
+    bool gotOutput = false;
+    
+    int eventCount = 0;
+    while (!done) {
+        SBEvent event;
+        if (listener.WaitForEvent(0, event)) {  // Non-blocking
+            eventCount++;
+            auto eventTime = std::chrono::high_resolution_clock::now();
+            auto elapsed = std::chrono::duration_cast<std::chrono::milliseconds>(eventTime - start);
+            StateType state = SBProcess::GetStateFromEvent(event);
+            // std::cerr << "Event #" << eventCount << " at " << elapsed.count() << "ms: state=" << state << std::endl;
+            if (state == eStateExited) {
+                auto exitTime = std::chrono::high_resolution_clock::now();
+                auto totalTime = std::chrono::duration_cast<std::chrono::milliseconds>(exitTime - start);
+                // std::cerr << "Process exited with code: " << process.GetExitStatus() << " after " << totalTime.count() << "ms in event loop" << std::endl;
+            }
+            
+            switch (state) {
+                case eStateStopped:
+                    process.Continue();
+                    break;
+                    
+                case eStateRunning:
+                    break;
+                    
+                case eStateExited:
+                case eStateCrashed:
+                case eStateDetached:
+                    // std::cerr << "Exiting immediately on state: " << state << std::endl;
+                    // Just exit immediately - skip all cleanup
+                    exit(process.GetExitStatus());
+                    break;
+                    
+                default:
+                    break;
+            }
+        } else {
+            // No event, check if process is done
+            StateType currentState = process.GetState();
+            if (currentState == eStateExited || currentState == eStateCrashed || currentState == eStateDetached) {
+                done = true;
+                end = std::chrono::high_resolution_clock::now();
+                duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - lastOutput);
+                // std::cerr << "Process already exited, detected by polling. Time from last output: " << duration.count() << "ms" << std::endl;
+            }
+        }
+        
+        // Read and forward stdout/stderr
+        char buffer[1024];
+        size_t num_bytes;
+        
+        bool hadStdout = false;
+        while ((num_bytes = process.GetSTDOUT(buffer, sizeof(buffer)-1)) > 0) {
+            buffer[num_bytes] = '\0';
+            std::cout << buffer;
+            std::cout.flush();
+            lastOutput = std::chrono::high_resolution_clock::now();
+            gotOutput = true;
+            hadStdout = true;
+        }
+        
+        bool hadStderr = false;
+        while ((num_bytes = process.GetSTDERR(buffer, sizeof(buffer)-1)) > 0) {
+            buffer[num_bytes] = '\0';
+            std::cerr << buffer;
+            std::cerr.flush();
+            lastOutput = std::chrono::high_resolution_clock::now();
+            gotOutput = true;
+            hadStderr = true;
+        }
+        
+        // Poll process state every iteration
+        StateType currentState = process.GetState();
+        if (currentState == eStateExited || currentState == eStateCrashed || currentState == eStateDetached) {
+            // Process has exited, break out of loop
+            done = true;
+        } else {
+            // Small sleep to avoid busy-waiting  
+            usleep(10000);  // 10ms
+        }
+    }
+    
+    int exit_code = process.GetExitStatus();
+    
+    end = std::chrono::high_resolution_clock::now();
+    duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+    // std::cerr << "Total event loop time: " << duration.count() << "ms" << std::endl;
+    
+    // Cleanup
+    start = std::chrono::high_resolution_clock::now();
+    SBDebugger::Destroy(debugger);
+    end = std::chrono::high_resolution_clock::now();
+    duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+    // std::cerr << "Debugger destroy took: " << duration.count() << "ms" << std::endl;
+    
+    SBDebugger::Terminate();
+    
+    return exit_code;
+}
--- a/scripts/lldb-inline.sh
+++ b/scripts/lldb-inline.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+# LLDB Inline Debug Tool Build & Run Script
+#
+# This script builds the lldb-inline tool if needed and runs it.
+# Usage: ./scripts/lldb-inline.sh <executable> [args...]
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+TOOL_SOURCE="$SCRIPT_DIR/lldb-inline-tool.cpp"
+TOOL_BINARY="$SCRIPT_DIR/lldb-inline"
+
+# Check if we need to rebuild
+if [ ! -f "$TOOL_BINARY" ] || [ "$TOOL_SOURCE" -nt "$TOOL_BINARY" ]; then
+    # Detect OS and build accordingly
+    if [[ "$OSTYPE" == "darwin"* ]]; then
+        # macOS with Homebrew LLVM
+        c++ -std=c++17 -o "$TOOL_BINARY" "$TOOL_SOURCE" \
+            -llldb \
+            -L/opt/homebrew/opt/llvm/lib \
+            -I/opt/homebrew/opt/llvm/include \
+            -Wl,-rpath,/opt/homebrew/opt/llvm/lib >/dev/null 2>&1
+    else
+        # Linux - try to find LLVM installation
+        LLVM_DIR=""
+        for version in 18 17 16 15 14 13 12; do
+            if [ -d "/usr/lib/llvm-$version" ]; then
+                LLVM_DIR="/usr/lib/llvm-$version"
+                break
+            fi
+        done
+        
+        if [ -z "$LLVM_DIR" ] && [ -d "/usr/lib/llvm" ]; then
+            LLVM_DIR="/usr/lib/llvm"
+        fi
+        
+        if [ -z "$LLVM_DIR" ]; then
+            # Try pkg-config as fallback
+            LLDB_CFLAGS=$(pkg-config --cflags lldb 2>/dev/null)
+            LLDB_LIBS=$(pkg-config --libs lldb 2>/dev/null)
+            c++ -std=c++17 -o "$TOOL_BINARY" "$TOOL_SOURCE" \
+                $LLDB_CFLAGS $LLDB_LIBS >/dev/null 2>&1
+        else
+            c++ -std=c++17 -o "$TOOL_BINARY" "$TOOL_SOURCE" \
+                -llldb \
+                -L"$LLVM_DIR/lib" \
+                -I"$LLVM_DIR/include" >/dev/null 2>&1
+        fi
+    fi
+    
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
+fi
+
+# Run the tool with all arguments
+exec "$TOOL_BINARY" "$@"
--- a/scripts/run-clang-format.sh
+++ b/scripts/run-clang-format.sh
@@ -0,0 +1,126 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Run clang-format on all C++ source and header files in the Bun project
+
+# Get the directory where this script is located
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# Get the project root directory (parent of scripts/)
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# Default to format mode (modify files)
+MODE="${1:-format}"
+
+# Use LLVM_VERSION_MAJOR from environment or default to 19
+LLVM_VERSION="${LLVM_VERSION_MAJOR:-19}"
+
+# Ensure we have the specific clang-format version
+CLANG_FORMAT="clang-format-${LLVM_VERSION}"
+if ! command -v "$CLANG_FORMAT" &> /dev/null; then
+    echo "Error: $CLANG_FORMAT not found" >&2
+    echo "Please install clang-format version $LLVM_VERSION" >&2
+    exit 1
+fi
+
+cd "$PROJECT_ROOT"
+
+# Array to hold all files to format
+declare -a FILES_TO_FORMAT
+
+# Find all header files in src/ and packages/, excluding third-party and generated code
+echo "Finding header files..."
+while IFS= read -r -d '' file; do
+    # Additional filtering for specific files and patterns
+    if [[ "$file" =~ src/bun\.js/api/ffi- ]] || \
+       [[ "$file" =~ src/napi/ ]] || \
+       [[ "$file" =~ src/bun\.js/bindings/libuv/ ]] || \
+       [[ "$file" =~ src/bun\.js/bindings/sqlite/ ]] || \
+       [[ "$file" =~ packages/bun-usockets/.*libuv ]] || \
+       [[ "$file" =~ src/deps/ ]]; then
+        continue
+    fi
+    FILES_TO_FORMAT+=("$file")
+done < <(find src packages -type f \( -name "*.h" -o -name "*.hpp" \) \
+    -not -path "*/vendor/*" \
+    -not -path "*/third_party/*" \
+    -not -path "*/thirdparty/*" \
+    -not -path "*/generated/*" \
+    -print0 2>/dev/null || true)
+
+# Read C++ source files from CxxSources.txt
+echo "Reading C++ source files from CxxSources.txt..."
+if [ -f "cmake/sources/CxxSources.txt" ]; then
+    while IFS= read -r file; do
+        # Skip empty lines and comments
+        if [[ -n "$file" && ! "$file" =~ ^[[:space:]]*# ]]; then
+            # Check if file exists
+            if [ -f "$file" ]; then
+                FILES_TO_FORMAT+=("$file")
+            fi
+        fi
+    done < "cmake/sources/CxxSources.txt"
+else
+    echo "Warning: cmake/sources/CxxSources.txt not found" >&2
+fi
+
+# Remove duplicates while preserving order
+declare -a UNIQUE_FILES
+declare -A seen
+for file in "${FILES_TO_FORMAT[@]}"; do
+    if [[ ! -v "seen[$file]" ]]; then
+        seen["$file"]=1
+        UNIQUE_FILES+=("$file")
+    fi
+done
+
+echo "Processing ${#UNIQUE_FILES[@]} files..."
+
+# Run clang-format based on mode
+if [ "$MODE" = "check" ]; then
+    # Check mode - verify formatting without modifying files
+    FAILED=0
+    for file in "${UNIQUE_FILES[@]}"; do
+        # Find the nearest .clang-format file for this source file
+        dir=$(dirname "$file")
+        while [ "$dir" != "." ] && [ "$dir" != "/" ]; do
+            if [ -f "$dir/.clang-format" ]; then
+                break
+            fi
+            dir=$(dirname "$dir")
+        done
+        
+        if ! $CLANG_FORMAT --dry-run --Werror "$file" 2>/dev/null; then
+            echo "Format check failed: $file"
+            FAILED=1
+        fi
+    done
+    
+    if [ $FAILED -eq 1 ]; then
+        echo "Some files need formatting. Run 'bun run clang-format' to fix."
+        exit 1
+    else
+        echo "All files are properly formatted."
+    fi
+elif [ "$MODE" = "format" ] || [ "$MODE" = "fix" ]; then
+    # Format mode - modify files in place
+    for file in "${UNIQUE_FILES[@]}"; do
+        echo "Formatting: $file"
+        $CLANG_FORMAT -i "$file"
+    done
+    echo "Formatting complete."
+elif [ "$MODE" = "diff" ]; then
+    # Diff mode - show what would change
+    for file in "${UNIQUE_FILES[@]}"; do
+        if ! $CLANG_FORMAT --dry-run --Werror "$file" 2>/dev/null; then
+            echo "=== $file ==="
+            diff -u "$file" <($CLANG_FORMAT "$file") || true
+        fi
+    done
+else
+    echo "Usage: $0 [check|format|fix|diff]" >&2
+    echo "  check  - Check if files are formatted (default)" >&2
+    echo "  format - Format files in place" >&2
+    echo "  fix    - Same as format" >&2
+    echo "  diff   - Show formatting differences" >&2
+    exit 1
+fi
--- a/scripts/runner.node.mjs
+++ b/scripts/runner.node.mjs
@@ -82,6 +82,10 @@ function getNodeParallelTestTimeout(testPath) {
  return 10_000;
 }

+process.on("SIGTRAP", () => {
+  console.warn("Test runner received SIGTRAP. Doing nothing.");
+});
+
 const { values: options, positionals: filters } = parseArgs({
  allowPositionals: true,
  options: {
@@ -178,6 +182,37 @@ if (options["quiet"]) {
  isQuiet = true;
 }

+let newFiles = [];
+let prFileCount = 0;
+if (isBuildkite) {
+  try {
+    console.log("on buildkite: collecting new files from PR");
+    const per_page = 50;
+    for (let i = 1; i <= 5; i++) {
+      const res = await fetch(
+        `https://api.github.com/repos/oven-sh/bun/pulls/${process.env.BUILDKITE_PULL_REQUEST}/files?per_page=${per_page}&page=${i}`,
+        {
+          headers: {
+            Authorization: `Bearer ${getSecret("GITHUB_TOKEN")}`,
+          },
+        },
+      );
+      const doc = await res.json();
+      console.log(`-> page ${i}, found ${doc.length} items`);
+      if (doc.length === 0) break;
+      if (doc.length < per_page) break;
+      for (const { filename, status } of doc) {
+        prFileCount += 1;
+        if (status !== "added") continue;
+        newFiles.push(filename);
+      }
+    }
+    console.log(`- PR ${process.env.BUILDKITE_PULL_REQUEST}, ${prFileCount} files, ${newFiles.length} new files`);
+  } catch (e) {
+    console.error(e);
+  }
+}
+
 let coresDir;

 if (options["coredump-upload"]) {
@@ -270,6 +305,7 @@ const skipArray = (() => {
  }
  return readFileSync(path, "utf-8")
    .split("\n")
+    .map(line => line.trim())
    .filter(line => !line.startsWith("#") && line.length > 0);
 })();

@@ -419,6 +455,7 @@ async function runTests() {
      if (attempt >= maxAttempts || isAlwaysFailure(error)) {
        flaky = false;
        failedResults.push(failure);
+        break;
      }
    }

@@ -478,7 +515,7 @@ async function runTests() {
      console.log("run in", cwd);
      let exiting = false;

-      const server = spawn(execPath, ["run", "ci-remap-server", execPath, cwd, getCommit()], {
+      const server = spawn(execPath, ["run", "--silent", "ci-remap-server", execPath, cwd, getCommit()], {
        stdio: ["ignore", "pipe", "inherit"],
        cwd, // run in main repo
        env: { ...process.env, BUN_DEBUG_QUIET_LOGS: "1", NO_COLOR: "1" },
@@ -488,18 +525,22 @@ async function runTests() {
      server.on("exit", (code, signal) => {
        if (!exiting && (code !== 0 || signal !== null)) errorResolve(signal ? signal : "code " + code);
      });
-      process.on("exit", () => {
+      function onBeforeExit() {
        exiting = true;
-        server.kill();
-      });
+        server.off("error");
+        server.off("exit");
+        server.kill?.();
+      }
+      process.once("beforeExit", onBeforeExit);
      const lines = createInterface(server.stdout);
      lines.on("line", line => {
        portResolve({ port: parseInt(line) });
      });

-      const result = await Promise.race([portPromise, errorPromise, setTimeoutPromise(5000, "timeout")]);
-      if (typeof result.port != "number") {
-        server.kill();
+      const result = await Promise.race([portPromise, errorPromise.catch(e => e), setTimeoutPromise(5000, "timeout")]);
+      if (typeof result?.port != "number") {
+        process.off("beforeExit", onBeforeExit);
+        server.kill?.();
        console.warn("ci-remap server did not start:", result);
      } else {
        console.log("crash reports parsed on port", result.port);
@@ -524,6 +565,7 @@ async function runTests() {
            };
            if ((basename(execPath).includes("asan") || !isCI) && shouldValidateExceptions(testPath)) {
              env.BUN_JSC_validateExceptionChecks = "1";
+              env.BUN_JSC_dumpSimulatedThrows = "1";
            }
            return runTest(title, async () => {
              const { ok, error, stdout, crashes } = await spawnBun(execPath, {
@@ -1247,6 +1289,7 @@ async function spawnBunTest(execPath, testPath, options = { cwd }) {
  };
  if ((basename(execPath).includes("asan") || !isCI) && shouldValidateExceptions(relative(cwd, absPath))) {
    env.BUN_JSC_validateExceptionChecks = "1";
+    env.BUN_JSC_dumpSimulatedThrows = "1";
  }

  const { ok, error, stdout, crashes } = await spawnBun(execPath, {
@@ -1976,6 +2019,9 @@ function formatTestToMarkdown(result, concise, retries) {
    if (retries > 0) {
      markdown += ` (${retries} ${retries === 1 ? "retry" : "retries"})`;
    }
+    if (newFiles.includes(testTitle)) {
+      markdown += ` (new)`;
+    }

    if (concise) {
      markdown += "</li>\n";
@@ -2181,6 +2227,7 @@ function isAlwaysFailure(error) {
    error.includes("illegal instruction") ||
    error.includes("sigtrap") ||
    error.includes("error: addresssanitizer") ||
+    error.includes("internal assertion failure") ||
    error.includes("core dumped") ||
    error.includes("crash reported")
  );
--- a/scripts/sort-imports.ts
+++ b/scripts/sort-imports.ts
@@ -14,7 +14,7 @@ const usage = String.raw`
 /_____ \____/|__|   |__|   /_____ \__|__|_|  /   __/ \____/|__|   |__| /____  >
       \/                         \/        \/|__|                           \/

-Usage: bun scripts/sortImports [options] <files...>
+Usage: bun scripts/sort-imports [options] <files...>

 Options:
  --help         Show this help message
@@ -22,7 +22,7 @@ Options:
  --keep-unused  Don't remove unused imports

 Examples:
-  bun scripts/sortImports src
+  bun scripts/sort-imports src
 `.slice(1);
 if (args.includes("--help")) {
  console.log(usage);
--- a/scripts/vs-shell.ps1
+++ b/scripts/vs-shell.ps1
@@ -40,7 +40,25 @@ if ($args.Count -gt 0) {
    $commandArgs = @($args[1..($args.Count - 1)] | % {$_})
  }

-  Write-Host "$ $command $commandArgs"
+  # Don't print the full command as it may contain sensitive information like certificates
+  # Just show the command name and basic info
+  $displayArgs = @()
+  foreach ($arg in $commandArgs) {
+    if ($arg -match "^-") {
+      # Include flags
+      $displayArgs += $arg
+    } elseif ($arg -match "\.(mjs|js|ts|cmake|zig|cpp|c|h|exe)$") {
+      # Include file names
+      $displayArgs += $arg
+    } elseif ($arg.Length -gt 100) {
+      # Truncate long arguments (likely certificates or encoded data)
+      $displayArgs += "[REDACTED]"
+    } else {
+      $displayArgs += $arg
+    }
+  }
+  
+  Write-Host "$ $command $displayArgs"
  & $command $commandArgs
  exit $LASTEXITCODE
 }
--- a/src/Global.zig
+++ b/src/Global.zig
@@ -165,13 +165,7 @@ pub const versions = @import("./generated_versions_list.zig");
 // Keeping this code for:
 // 1. documentation that an attempt was made
 // 2. if I want to configure allocator later
-pub inline fn configureAllocator(_: AllocatorConfiguration) void {
-    // if (comptime !use_mimalloc) return;
-    // const mimalloc = bun.mimalloc;
-    // mimalloc.mi_option_set_enabled(mimalloc.mi_option_verbose, config.verbose);
-    // mimalloc.mi_option_set_enabled(mimalloc.mi_option_large_os_pages, config.long_running);
-    // if (!config.long_running) mimalloc.mi_option_set(mimalloc.mi_option_reset_delay, 0);
-}
+pub inline fn configureAllocator(_: AllocatorConfiguration) void {}

 pub fn notimpl() noreturn {
    @branchHint(.cold);
--- a/src/HTMLScanner.zig
+++ b/src/HTMLScanner.zig
@@ -47,7 +47,7 @@ fn createImportRecord(this: *HTMLScanner, input_path: []const u8, kind: ImportKi
    try this.import_records.push(this.allocator, record);
 }

-const debug = bun.Output.scoped(.HTMLScanner, true);
+const debug = bun.Output.scoped(.HTMLScanner, .hidden);

 pub fn onWriteHTML(_: *HTMLScanner, bytes: []const u8) void {
    _ = bytes; // bytes are not written in scan phase
--- a/src/StandaloneModuleGraph.zig
+++ b/src/StandaloneModuleGraph.zig
@@ -6,6 +6,7 @@ pub const StandaloneModuleGraph = struct {
    bytes: []const u8 = "",
    files: bun.StringArrayHashMap(File),
    entry_point_id: u32 = 0,
+    compile_exec_argv: []const u8 = "",

    // We never want to hit the filesystem for these files
    // We use the `/$bunfs/` prefix to indicate that it's a virtual path
@@ -54,7 +55,7 @@ pub const StandaloneModuleGraph = struct {

    // by normalized file path
    pub fn find(this: *const StandaloneModuleGraph, name: []const u8) ?*File {
-        if (!isBunStandaloneFilePath(base_path)) {
+        if (!isBunStandaloneFilePath(name)) {
            return null;
        }

@@ -279,6 +280,7 @@ pub const StandaloneModuleGraph = struct {
        byte_count: usize = 0,
        modules_ptr: bun.StringPointer = .{},
        entry_point_id: u32 = 0,
+        compile_exec_argv_ptr: bun.StringPointer = .{},
    };

    const trailer = "\n---- Bun! ----\n";
@@ -323,6 +325,7 @@ pub const StandaloneModuleGraph = struct {
            .bytes = raw_bytes[0..offsets.byte_count],
            .files = modules,
            .entry_point_id = offsets.entry_point_id,
+            .compile_exec_argv = sliceToZ(raw_bytes, offsets.compile_exec_argv_ptr),
        };
    }

@@ -338,14 +341,14 @@ pub const StandaloneModuleGraph = struct {
        return bytes[ptr.offset..][0..ptr.length :0];
    }

-    pub fn toBytes(allocator: std.mem.Allocator, prefix: []const u8, output_files: []const bun.options.OutputFile, output_format: bun.options.Format) ![]u8 {
+    pub fn toBytes(allocator: std.mem.Allocator, prefix: []const u8, output_files: []const bun.options.OutputFile, output_format: bun.options.Format, compile_exec_argv: []const u8) ![]u8 {
        var serialize_trace = bun.perf.trace("StandaloneModuleGraph.serialize");
        defer serialize_trace.end();

        var entry_point_id: ?usize = null;
        var string_builder = bun.StringBuilder{};
        var module_count: usize = 0;
-        for (output_files) |output_file| {
+        for (output_files) |*output_file| {
            string_builder.countZ(output_file.dest_path);
            string_builder.countZ(prefix);
            if (output_file.value == .buffer) {
@@ -379,6 +382,7 @@ pub const StandaloneModuleGraph = struct {
        string_builder.cap += trailer.len;
        string_builder.cap += 16;
        string_builder.cap += @sizeOf(Offsets);
+        string_builder.countZ(compile_exec_argv);

        try string_builder.allocate(allocator);

@@ -391,7 +395,7 @@ pub const StandaloneModuleGraph = struct {
        var source_map_arena = bun.ArenaAllocator.init(allocator);
        defer source_map_arena.deinit();

-        for (output_files) |output_file| {
+        for (output_files) |*output_file| {
            if (!output_file.output_kind.isFileInStandaloneMode()) {
                continue;
            }
@@ -463,6 +467,7 @@ pub const StandaloneModuleGraph = struct {
        const offsets = Offsets{
            .entry_point_id = @as(u32, @truncate(entry_point_id.?)),
            .modules_ptr = string_builder.appendCount(std.mem.sliceAsBytes(modules.items)),
+            .compile_exec_argv_ptr = string_builder.appendCountZ(compile_exec_argv),
            .byte_count = string_builder.len,
        };

@@ -487,15 +492,28 @@ pub const StandaloneModuleGraph = struct {

    const page_size = std.heap.page_size_max;

-    pub const InjectOptions = struct {
-        windows_hide_console: bool = false,
+    pub const InjectOptions = bun.options.WindowsOptions;
+
+    pub const CompileResult = union(enum) {
+        success: void,
+        error_message: []const u8,
+
+        pub fn fail(msg: []const u8) CompileResult {
+            return .{ .error_message = msg };
+        }
+
+        pub fn deinit(this: *const @This()) void {
+            if (this.* == .error_message) {
+                bun.default_allocator.free(this.error_message);
+            }
+        }
    };

-    pub fn inject(bytes: []const u8, self_exe: [:0]const u8, inject_options: InjectOptions, target: *const CompileTarget) !bun.FileDescriptor {
+    pub fn inject(bytes: []const u8, self_exe: [:0]const u8, inject_options: InjectOptions, target: *const CompileTarget) bun.FileDescriptor {
        var buf: bun.PathBuffer = undefined;
        var zname: [:0]const u8 = bun.span(bun.fs.FileSystem.instance.tmpname("bun-build", &buf, @as(u64, @bitCast(std.time.milliTimestamp()))) catch |err| {
            Output.prettyErrorln("<r><red>error<r><d>:<r> failed to get temporary file name: {s}", .{@errorName(err)});
-            Global.exit(1);
+            return bun.invalid_fd;
        });

        const cleanup = struct {
@@ -503,7 +521,7 @@ pub const StandaloneModuleGraph = struct {
                // Ensure we own the file
                if (Environment.isPosix) {
                    // Make the file writable so we can delete it
-                    _ = Syscall.fchmod(fd, 0o755);
+                    _ = Syscall.fchmod(fd, 0o777);
                }
                fd.close();
                _ = Syscall.unlink(name);
@@ -525,7 +543,7 @@ pub const StandaloneModuleGraph = struct {

                bun.copyFile(in, out).unwrap() catch |err| {
                    Output.prettyErrorln("<r><red>error<r><d>:<r> failed to copy bun executable into temporary file: {s}", .{@errorName(err)});
-                    Global.exit(1);
+                    return bun.invalid_fd;
                };
                const file = bun.sys.openFileAtWindows(
                    bun.invalid_fd,
@@ -537,7 +555,7 @@ pub const StandaloneModuleGraph = struct {
                    },
                ).unwrap() catch |e| {
                    Output.prettyErrorln("<r><red>error<r><d>:<r> failed to open temporary file to copy bun into\n{}", .{e});
-                    Global.exit(1);
+                    return bun.invalid_fd;
                };

                break :brk file;
@@ -559,7 +577,7 @@ pub const StandaloneModuleGraph = struct {
            const fd = brk2: {
                var tried_changing_abs_dir = false;
                for (0..3) |retry| {
-                    switch (Syscall.open(zname, bun.O.CLOEXEC | bun.O.RDWR | bun.O.CREAT, 0o755)) {
+                    switch (Syscall.open(zname, bun.O.CLOEXEC | bun.O.RDWR | bun.O.CREAT, 0)) {
                        .result => |res| break :brk2 res,
                        .err => |err| {
                            if (retry < 2) {
@@ -591,7 +609,8 @@ pub const StandaloneModuleGraph = struct {
                                }

                                Output.prettyErrorln("<r><red>error<r><d>:<r> failed to open temporary file to copy bun into\n{}", .{err});
-                                Global.exit(1);
+                                // No fd to cleanup yet, just return error
+                                return bun.invalid_fd;
                            }
                        },
                    }
@@ -613,7 +632,7 @@ pub const StandaloneModuleGraph = struct {

                            Output.prettyErrorln("<r><red>error<r><d>:<r> failed to open bun executable to copy from as read-only\n{}", .{err});
                            cleanup(zname, fd);
-                            Global.exit(1);
+                            return bun.invalid_fd;
                        },
                    }
                }
@@ -625,14 +644,9 @@ pub const StandaloneModuleGraph = struct {
            bun.copyFile(self_fd, fd).unwrap() catch |err| {
                Output.prettyErrorln("<r><red>error<r><d>:<r> failed to copy bun executable into temporary file: {s}", .{@errorName(err)});
                cleanup(zname, fd);
-                Global.exit(1);
+                return bun.invalid_fd;
            };

-            // Ensure the file has proper permissions after copying
-            if (comptime !Environment.isWindows) {
-                _ = bun.c.fchmod(fd.native(), 0o644);
-            }
-
            break :brk fd;
        };

@@ -642,18 +656,18 @@ pub const StandaloneModuleGraph = struct {
                if (input_result.err) |err| {
                    Output.prettyErrorln("Error reading standalone module graph: {}", .{err});
                    cleanup(zname, cloned_executable_fd);
-                    Global.exit(1);
+                    return bun.invalid_fd;
                }
                var macho_file = bun.macho.MachoFile.init(bun.default_allocator, input_result.bytes.items, bytes.len) catch |err| {
                    Output.prettyErrorln("Error initializing standalone module graph: {}", .{err});
                    cleanup(zname, cloned_executable_fd);
-                    Global.exit(1);
+                    return bun.invalid_fd;
                };
                defer macho_file.deinit();
                macho_file.writeSection(bytes) catch |err| {
                    Output.prettyErrorln("Error writing standalone module graph: {}", .{err});
                    cleanup(zname, cloned_executable_fd);
-                    Global.exit(1);
+                    return bun.invalid_fd;
                };
                input_result.bytes.deinit();

@@ -661,7 +675,7 @@ pub const StandaloneModuleGraph = struct {
                    .err => |err| {
                        Output.prettyErrorln("Error seeking to start of temporary file: {}", .{err});
                        cleanup(zname, cloned_executable_fd);
-                        Global.exit(1);
+                        return bun.invalid_fd;
                    },
                    else => {},
                }
@@ -676,99 +690,59 @@ pub const StandaloneModuleGraph = struct {
                macho_file.buildAndSign(buffered_writer.writer()) catch |err| {
                    Output.prettyErrorln("Error writing standalone module graph: {}", .{err});
                    cleanup(zname, cloned_executable_fd);
-                    Global.exit(1);
+                    return bun.invalid_fd;
                };
                buffered_writer.flush() catch |err| {
                    Output.prettyErrorln("Error flushing standalone module graph: {}", .{err});
                    cleanup(zname, cloned_executable_fd);
-                    Global.exit(1);
+                    return bun.invalid_fd;
                };
                if (comptime !Environment.isWindows) {
-                    _ = bun.c.fchmod(cloned_executable_fd.native(), 0o755);
+                    _ = bun.c.fchmod(cloned_executable_fd.native(), 0o777);
                }
                return cloned_executable_fd;
            },
            .windows => {
-                // Implement .bun section support for Windows executables
-                const pe_module = @import("./pe.zig");
-
-                // Get the path from fd
-                var path_buf: bun.PathBuffer = undefined;
-                const path = cloned_executable_fd.getFdPath(&path_buf) catch |err| {
-                    Output.prettyErrorln("Error getting executable path: {}", .{err});
+                const input_result = bun.sys.File.readToEnd(.{ .handle = cloned_executable_fd }, bun.default_allocator);
+                if (input_result.err) |err| {
+                    Output.prettyErrorln("Error reading standalone module graph: {}", .{err});
                    cleanup(zname, cloned_executable_fd);
-                    Global.exit(1);
-                };
-
-                // We need to close the fd before modifying the file
-                cloned_executable_fd.close();
-
-                // Create temporary path for PE with .bun section
-                const tmp_path = std.fmt.allocPrint(bun.default_allocator, "{s}.bun.tmp", .{path}) catch |err| {
-                    Output.prettyErrorln("Error allocating temporary path: {}", .{err});
-                    cleanup(zname, cloned_executable_fd);
-                    Global.exit(1);
-                };
-                defer bun.default_allocator.free(tmp_path);
-
-                // Load the PE file
-                const pe_data = std.fs.cwd().readFileAlloc(bun.default_allocator, path, std.math.maxInt(usize)) catch |err| {
-                    Output.prettyErrorln("Error reading PE file: {}", .{err});
-                    Global.exit(1);
-                };
-                defer bun.default_allocator.free(pe_data);
-
-                var pe_obj = pe_module.PEFile.init(bun.default_allocator, pe_data) catch |err| {
-                    Output.prettyErrorln("Error parsing PE file: {}", .{err});
-                    Global.exit(1);
-                };
-                defer pe_obj.deinit();
-
-                // Add .bun section
-                pe_obj.addBunSection(bytes) catch |err| {
-                    Output.prettyErrorln("Error adding .bun section: {}", .{err});
-                    Global.exit(1);
-                };
-
-                // Write to temporary file
-                const tmp_file = std.fs.cwd().createFile(tmp_path, .{}) catch |err| {
-                    Output.prettyErrorln("Error creating temporary file: {}", .{err});
-                    Global.exit(1);
-                };
-                defer tmp_file.close();
-
-                pe_obj.write(tmp_file.writer()) catch |err| {
-                    Output.prettyErrorln("Error writing PE file: {}", .{err});
-                    std.fs.cwd().deleteFile(tmp_path) catch {};
-                    Global.exit(1);
-                };
-
-                // Move temporary file to final location
-                std.fs.cwd().rename(tmp_path, path) catch |err| {
-                    Output.prettyErrorln("Error renaming temporary file: {}", .{err});
-                    std.fs.cwd().deleteFile(tmp_path) catch {};
-                    Global.exit(1);
-                };
-
-                // Reopen the modified file
-                var path_z_buf: [bun.MAX_PATH_BYTES]u8 = undefined;
-                const path_z = std.fmt.bufPrintZ(&path_z_buf, "{s}", .{path}) catch {
-                    Output.prettyErrorln("Error creating null-terminated path", .{});
-                    Global.exit(1);
-                };
-                const modified_fd = switch (Syscall.open(path_z, bun.O.CLOEXEC | bun.O.RDWR, 0)) {
-                    .result => |res| res,
-                    .err => |err| {
-                        Output.prettyErrorln("Error reopening modified executable: {}", .{err});
-                        Global.exit(1);
-                    },
-                };
-
-                // Set executable permissions (not needed on Windows)
-                if (comptime !bun.Environment.isWindows) {
-                    _ = bun.c.fchmod(modified_fd.native(), 0o755);
+                    return bun.invalid_fd;
                }
-                return modified_fd;
+                var pe_file = bun.pe.PEFile.init(bun.default_allocator, input_result.bytes.items) catch |err| {
+                    Output.prettyErrorln("Error initializing PE file: {}", .{err});
+                    cleanup(zname, cloned_executable_fd);
+                    return bun.invalid_fd;
+                };
+                defer pe_file.deinit();
+                pe_file.addBunSection(bytes) catch |err| {
+                    Output.prettyErrorln("Error adding Bun section to PE file: {}", .{err});
+                    cleanup(zname, cloned_executable_fd);
+                    return bun.invalid_fd;
+                };
+                input_result.bytes.deinit();
+
+                switch (Syscall.setFileOffset(cloned_executable_fd, 0)) {
+                    .err => |err| {
+                        Output.prettyErrorln("Error seeking to start of temporary file: {}", .{err});
+                        cleanup(zname, cloned_executable_fd);
+                        return bun.invalid_fd;
+                    },
+                    else => {},
+                }
+
+                var file = bun.sys.File{ .handle = cloned_executable_fd };
+                const writer = file.writer();
+                pe_file.write(writer) catch |err| {
+                    Output.prettyErrorln("Error writing PE file: {}", .{err});
+                    cleanup(zname, cloned_executable_fd);
+                    return bun.invalid_fd;
+                };
+                // Set executable permissions when running on POSIX hosts, even for Windows targets
+                if (comptime !Environment.isWindows) {
+                    _ = bun.c.fchmod(cloned_executable_fd.native(), 0o777);
+                }
+                return cloned_executable_fd;
            },
            else => {
                var total_byte_count: usize = undefined;
@@ -776,7 +750,7 @@ pub const StandaloneModuleGraph = struct {
                    total_byte_count = bytes.len + 8 + (Syscall.setFileOffsetToEndWindows(cloned_executable_fd).unwrap() catch |err| {
                        Output.prettyErrorln("<r><red>error<r><d>:<r> failed to seek to end of temporary file\n{}", .{err});
                        cleanup(zname, cloned_executable_fd);
-                        Global.exit(1);
+                        return bun.invalid_fd;
                    });
                } else {
                    const seek_position = @as(u64, @intCast(brk: {
@@ -785,7 +759,7 @@ pub const StandaloneModuleGraph = struct {
                            .err => |err| {
                                Output.prettyErrorln("{}", .{err});
                                cleanup(zname, cloned_executable_fd);
-                                Global.exit(1);
+                                return bun.invalid_fd;
                            },
                        };

@@ -812,7 +786,7 @@ pub const StandaloneModuleGraph = struct {
                                },
                            );
                            cleanup(zname, cloned_executable_fd);
-                            Global.exit(1);
+                            return bun.invalid_fd;
                        },
                        else => {},
                    }
@@ -825,8 +799,7 @@ pub const StandaloneModuleGraph = struct {
                        .err => |err| {
                            Output.prettyErrorln("<r><red>error<r><d>:<r> failed to write to temporary file\n{}", .{err});
                            cleanup(zname, cloned_executable_fd);
-
-                            Global.exit(1);
+                            return bun.invalid_fd;
                        },
                    }
                }
@@ -834,19 +807,49 @@ pub const StandaloneModuleGraph = struct {
                // the final 8 bytes in the file are the length of the module graph with padding, excluding the trailer and offsets
                _ = Syscall.write(cloned_executable_fd, std.mem.asBytes(&total_byte_count));
                if (comptime !Environment.isWindows) {
-                    _ = bun.c.fchmod(cloned_executable_fd.native(), 0o755);
+                    _ = bun.c.fchmod(cloned_executable_fd.native(), 0o777);
                }

                return cloned_executable_fd;
            },
        }

-        if (Environment.isWindows and inject_options.windows_hide_console) {
+        if (Environment.isWindows and inject_options.hide_console) {
            bun.windows.editWin32BinarySubsystem(.{ .handle = cloned_executable_fd }, .windows_gui) catch |err| {
                Output.err(err, "failed to disable console on executable", .{});
                cleanup(zname, cloned_executable_fd);
+                return bun.invalid_fd;
+            };
+        }

-                Global.exit(1);
+        // Set Windows icon and/or metadata if any options are provided (single operation)
+        if (Environment.isWindows and (inject_options.icon != null or
+            inject_options.title != null or
+            inject_options.publisher != null or
+            inject_options.version != null or
+            inject_options.description != null or
+            inject_options.copyright != null))
+        {
+            var zname_buf: bun.OSPathBuffer = undefined;
+            const zname_w = bun.strings.toWPathNormalized(&zname_buf, zname) catch |err| {
+                Output.err(err, "failed to resolve executable path", .{});
+                cleanup(zname, cloned_executable_fd);
+                return bun.invalid_fd;
+            };
+
+            // Single call to set all Windows metadata at once
+            bun.windows.rescle.setWindowsMetadata(
+                zname_w.ptr,
+                inject_options.icon,
+                inject_options.title,
+                inject_options.publisher,
+                inject_options.version,
+                inject_options.description,
+                inject_options.copyright,
+            ) catch |err| {
+                Output.err(err, "failed to set Windows metadata on executable", .{});
+                cleanup(zname, cloned_executable_fd);
+                return bun.invalid_fd;
            };
        }

@@ -862,7 +865,43 @@ pub const StandaloneModuleGraph = struct {
        var needs_download: bool = true;
        const dest_z = target.exePath(&exe_path_buf, version_str, env, &needs_download);
        if (needs_download) {
-            try target.downloadToPath(env, allocator, dest_z);
+            target.downloadToPath(env, allocator, dest_z) catch |err| {
+                // For CLI, provide detailed error messages and exit
+                switch (err) {
+                    error.TargetNotFound => {
+                        Output.errGeneric(
+                            \\Does this target and version of Bun exist?
+                            \\
+                            \\404 downloading {} from npm registry
+                        , .{target.*});
+                    },
+                    error.NetworkError => {
+                        Output.errGeneric(
+                            \\Failed to download cross-compilation target.
+                            \\
+                            \\Network error downloading {} from npm registry
+                        , .{target.*});
+                    },
+                    error.InvalidResponse => {
+                        Output.errGeneric(
+                            \\Failed to verify the integrity of the downloaded tarball.
+                            \\
+                            \\The downloaded content for {} appears to be corrupted
+                        , .{target.*});
+                    },
+                    error.ExtractionFailed => {
+                        Output.errGeneric(
+                            \\Failed to extract the downloaded tarball.
+                            \\
+                            \\Could not extract executable for {}
+                        , .{target.*});
+                    },
+                    else => {
+                        Output.errGeneric("Failed to download {}: {s}", .{ target.*, @errorName(err) });
+                    },
+                }
+                return error.DownloadFailed;
+            };
        }

        return try allocator.dupeZ(u8, dest_z);
@@ -877,28 +916,69 @@ pub const StandaloneModuleGraph = struct {
        outfile: []const u8,
        env: *bun.DotEnv.Loader,
        output_format: bun.options.Format,
-        windows: bun.options.WindowsSettings,
-    ) !void {
-        const bytes = try toBytes(allocator, module_prefix, output_files, output_format);
-        if (bytes.len == 0) return;
+        windows_options: bun.options.WindowsOptions,
+        compile_exec_argv: []const u8,
+        self_exe_path: ?[]const u8,
+    ) !CompileResult {
+        const bytes = toBytes(allocator, module_prefix, output_files, output_format, compile_exec_argv) catch |err| {
+            return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to generate module graph bytes: {s}", .{@errorName(err)}) catch "failed to generate module graph bytes");
+        };
+        if (bytes.len == 0) return CompileResult.fail("no output files to bundle");
+        defer allocator.free(bytes);

-        const fd = try inject(
+        var free_self_exe = false;
+        const self_exe = if (self_exe_path) |path| brk: {
+            free_self_exe = true;
+            break :brk allocator.dupeZ(u8, path) catch bun.outOfMemory();
+        } else if (target.isDefault())
+            bun.selfExePath() catch |err| {
+                return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to get self executable path: {s}", .{@errorName(err)}) catch "failed to get self executable path");
+            }
+        else blk: {
+            var exe_path_buf: bun.PathBuffer = undefined;
+            var version_str_buf: [1024]u8 = undefined;
+            const version_str = std.fmt.bufPrintZ(&version_str_buf, "{}", .{target}) catch {
+                return CompileResult.fail("failed to format target version string");
+            };
+            var needs_download: bool = true;
+            const dest_z = target.exePath(&exe_path_buf, version_str, env, &needs_download);
+
+            if (needs_download) {
+                target.downloadToPath(env, allocator, dest_z) catch |err| {
+                    const msg = switch (err) {
+                        error.TargetNotFound => std.fmt.allocPrint(allocator, "Target platform '{}' is not available for download. Check if this version of Bun supports this target.", .{target}) catch "Target platform not available for download",
+                        error.NetworkError => std.fmt.allocPrint(allocator, "Network error downloading executable for '{}'. Check your internet connection and proxy settings.", .{target}) catch "Network error downloading executable",
+                        error.InvalidResponse => std.fmt.allocPrint(allocator, "Downloaded file for '{}' appears to be corrupted. Please try again.", .{target}) catch "Downloaded file is corrupted",
+                        error.ExtractionFailed => std.fmt.allocPrint(allocator, "Failed to extract executable for '{}'. The download may be incomplete.", .{target}) catch "Failed to extract downloaded executable",
+                        error.UnsupportedTarget => std.fmt.allocPrint(allocator, "Target '{}' is not supported", .{target}) catch "Unsupported target",
+                        else => std.fmt.allocPrint(allocator, "Failed to download '{}': {s}", .{ target, @errorName(err) }) catch "Download failed",
+                    };
+                    return CompileResult.fail(msg);
+                };
+            }
+
+            free_self_exe = true;
+            break :blk allocator.dupeZ(u8, dest_z) catch bun.outOfMemory();
+        };
+
+        defer if (free_self_exe) {
+            allocator.free(self_exe);
+        };
+
+        var fd = inject(
            bytes,
-            if (target.isDefault())
-                bun.selfExePath() catch |err| {
-                    Output.err(err, "failed to get self executable path", .{});
-                    Global.exit(1);
-                }
-            else
-                download(allocator, target, env) catch |err| {
-                    Output.err(err, "failed to download cross-compiled bun executable", .{});
-                    Global.exit(1);
-                },
-            .{ .windows_hide_console = windows.hide_console },
+            self_exe,
+            windows_options,
            target,
        );
+        defer if (fd != bun.invalid_fd) fd.close();
        bun.debugAssert(fd.kind == .system);

+        if (Environment.isPosix) {
+            // Set executable permissions (0o755 = rwxr-xr-x) - makes it executable for owner, readable/executable for group and others
+            _ = Syscall.fchmod(fd, 0o755);
+        }
+
        if (Environment.isWindows) {
            var outfile_buf: bun.OSPathBuffer = undefined;
            const outfile_slice = brk: {
@@ -910,163 +990,89 @@ pub const StandaloneModuleGraph = struct {
            };

            bun.windows.moveOpenedFileAtLoose(fd, .fromStdDir(root_dir), outfile_slice, true).unwrap() catch |err| {
-                if (err == error.EISDIR) {
-                    Output.errGeneric("{} is a directory. Please choose a different --outfile or delete the directory", .{bun.fmt.utf16(outfile_slice)});
-                } else {
-                    Output.err(err, "failed to move executable to result path", .{});
-                }
-
                _ = bun.windows.deleteOpenedFile(fd);
-
-                Global.exit(1);
+                if (err == error.EISDIR) {
+                    return CompileResult.fail(std.fmt.allocPrint(allocator, "{s} is a directory. Please choose a different --outfile or delete the directory", .{outfile}) catch "outfile is a directory");
+                } else {
+                    return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to move executable to result path: {s}", .{@errorName(err)}) catch "failed to move executable");
+                }
            };
-            // Apply Windows resource edits if needed
-            if (windows.icon != null or windows.title != null or windows.publisher != null or windows.version != null or windows.description != null or windows.hide_console) {
-                const pe_module = @import("./pe.zig");
-
-                // Get file size
-                const size = if (Environment.isWindows)
-                    Syscall.setFileOffsetToEndWindows(fd).unwrap() catch |err| {
-                        Output.err(err, "failed to get file size", .{});
-                        Global.exit(1);
-                    }
-                else blk: {
-                    const fstat = Syscall.fstat(fd).unwrap() catch |err| {
-                        Output.err(err, "failed to stat file", .{});
-                        Global.exit(1);
-                    };
-                    break :blk @as(usize, @intCast(fstat.size));
-                };
-
-                _ = Syscall.setFileOffset(fd, 0).unwrap() catch |err| {
-                    Output.err(err, "failed to seek to start", .{});
-                    Global.exit(1);
-                };
-
-                // Read entire file
-                const pe_data = try allocator.alloc(u8, size);
-                defer allocator.free(pe_data);
-
-                const read_result = Syscall.readAll(fd, pe_data);
-                _ = read_result.unwrap() catch |err| {
-                    Output.err(err, "failed to read PE file", .{});
-                    Global.exit(1);
-                };
-
-                var pe_file = try pe_module.PEFile.init(allocator, pe_data);
-                defer pe_file.deinit();
-
-                pe_file.applyWindowsSettings(&windows, allocator) catch |err| {
-                    if (windows.icon != null and (err == error.InvalidIconData or err == error.InvalidIconFormat)) {
-                        Output.errGeneric("Invalid icon file: {s}", .{windows.icon.?});
-                        Output.flush();
-                        Global.exit(1);
-                    }
-                    return err;
-                };
-
-                // Write back modified PE
-                var write_buffer = std.ArrayList(u8).init(allocator);
-                defer write_buffer.deinit();
-                try pe_file.write(write_buffer.writer());
-
-                // Seek to start and write
-                _ = Syscall.setFileOffset(fd, 0).unwrap() catch |err| {
-                    Output.err(err, "failed to seek to start for write", .{});
-                    Global.exit(1);
-                };
-
-                _ = Syscall.write(fd, write_buffer.items).unwrap() catch |err| {
-                    Output.err(err, "failed to write modified PE", .{});
-                    Global.exit(1);
-                };
-
-                // Truncate if new size is smaller
-                _ = Syscall.ftruncate(fd, @intCast(write_buffer.items.len)).unwrap() catch |err| {
-                    Output.err(err, "failed to truncate file", .{});
-                    Global.exit(1);
-                };
-            }

            fd.close();
-            return;
+            fd = bun.invalid_fd;
+
+            // Set Windows icon and/or metadata using unified function
+            if (windows_options.icon != null or
+                windows_options.title != null or
+                windows_options.publisher != null or
+                windows_options.version != null or
+                windows_options.description != null or
+                windows_options.copyright != null)
+            {
+                // Need to get the full path to the executable
+                var full_path_buf: bun.OSPathBuffer = undefined;
+                const full_path = brk: {
+                    // Get the directory path
+                    var dir_buf: bun.PathBuffer = undefined;
+                    const dir_path = bun.getFdPath(bun.FD.fromStdDir(root_dir), &dir_buf) catch |err| {
+                        return CompileResult.fail(std.fmt.allocPrint(allocator, "Failed to get directory path: {s}", .{@errorName(err)}) catch "Failed to get directory path");
+                    };
+
+                    // Join with the outfile name
+                    const full_path_str = bun.path.joinAbsString(dir_path, &[_][]const u8{outfile}, .auto);
+                    const full_path_w = bun.strings.toWPathNormalized(&full_path_buf, full_path_str);
+                    const buf_u16 = bun.reinterpretSlice(u16, &full_path_buf);
+                    buf_u16[full_path_w.len] = 0;
+                    break :brk buf_u16[0..full_path_w.len :0];
+                };
+
+                bun.windows.rescle.setWindowsMetadata(
+                    full_path.ptr,
+                    windows_options.icon,
+                    windows_options.title,
+                    windows_options.publisher,
+                    windows_options.version,
+                    windows_options.description,
+                    windows_options.copyright,
+                ) catch |err| {
+                    return CompileResult.fail(std.fmt.allocPrint(allocator, "Failed to set Windows metadata: {s}", .{@errorName(err)}) catch "Failed to set Windows metadata");
+                };
+            }
+            return .success;
        }

        var buf: bun.PathBuffer = undefined;
        const temp_location = bun.getFdPath(fd, &buf) catch |err| {
-            Output.prettyErrorln("<r><red>error<r><d>:<r> failed to get path for fd: {s}", .{@errorName(err)});
-            Global.exit(1);
+            return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to get path for fd: {s}", .{@errorName(err)}) catch "failed to get path for file descriptor");
+        };
+        const temp_posix = std.posix.toPosixPath(temp_location) catch |err| {
+            return CompileResult.fail(std.fmt.allocPrint(allocator, "path too long: {s}", .{@errorName(err)}) catch "path too long");
+        };
+        const outfile_basename = std.fs.path.basename(outfile);
+        const outfile_posix = std.posix.toPosixPath(outfile_basename) catch |err| {
+            return CompileResult.fail(std.fmt.allocPrint(allocator, "outfile name too long: {s}", .{@errorName(err)}) catch "outfile name too long");
        };

        bun.sys.moveFileZWithHandle(
            fd,
            bun.FD.cwd(),
-            bun.sliceTo(&(try std.posix.toPosixPath(temp_location)), 0),
+            bun.sliceTo(&temp_posix, 0),
            .fromStdDir(root_dir),
-            bun.sliceTo(&(try std.posix.toPosixPath(std.fs.path.basename(outfile))), 0),
+            bun.sliceTo(&outfile_posix, 0),
        ) catch |err| {
-            if (err == error.IsDir or err == error.EISDIR) {
-                Output.prettyErrorln("<r><red>error<r><d>:<r> {} is a directory. Please choose a different --outfile or delete the directory", .{bun.fmt.quote(outfile)});
-            } else {
-                Output.prettyErrorln("<r><red>error<r><d>:<r> failed to rename {s} to {s}: {s}", .{ temp_location, outfile, @errorName(err) });
-            }
-            _ = Syscall.unlink(
-                &(try std.posix.toPosixPath(temp_location)),
-            );
+            fd.close();
+            fd = bun.invalid_fd;

-            Global.exit(1);
+            _ = Syscall.unlink(&temp_posix);
+
+            if (err == error.IsDir or err == error.EISDIR) {
+                return CompileResult.fail(std.fmt.allocPrint(allocator, "{s} is a directory. Please choose a different --outfile or delete the directory", .{outfile}) catch "outfile is a directory");
+            } else {
+                return CompileResult.fail(std.fmt.allocPrint(allocator, "failed to rename {s} to {s}: {s}", .{ temp_location, outfile, @errorName(err) }) catch "failed to rename file");
+            }
        };

-        // Apply Windows resource edits if needed
-        if (target.os == .windows and (windows.icon != null or windows.title != null or windows.publisher != null or windows.version != null or windows.description != null or windows.hide_console)) {
-            const pe_module = @import("./pe.zig");
-
-            // Read the PE file
-            const pe_data = std.fs.cwd().readFileAlloc(allocator, outfile, std.math.maxInt(usize)) catch |err| {
-                Output.err(err, "failed to read PE file for resource editing", .{});
-                Global.exit(1);
-            };
-            defer allocator.free(pe_data);
-
-            // Parse and modify PE
-            var pe_obj = pe_module.PEFile.init(allocator, pe_data) catch |err| {
-                Output.err(err, "failed to parse PE file", .{});
-                Global.exit(1);
-            };
-            defer pe_obj.deinit();
-
-            pe_obj.applyWindowsSettings(&windows, allocator) catch |err| {
-                if (windows.icon != null and (err == error.InvalidIconData or err == error.InvalidIconFormat)) {
-                    Output.errGeneric("Invalid icon file: {s}", .{windows.icon.?});
-                } else {
-                    Output.err(err, "failed to apply Windows settings", .{});
-                }
-                Global.exit(1);
-            };
-
-            // Write to temporary file then rename
-            const tmp_name = try std.fmt.allocPrint(allocator, "{s}.tmp", .{outfile});
-            defer allocator.free(tmp_name);
-
-            {
-                const tmp_file = std.fs.cwd().createFile(tmp_name, .{}) catch |err| {
-                    Output.err(err, "failed to create temporary file", .{});
-                    Global.exit(1);
-                };
-                defer tmp_file.close();
-
-                pe_obj.write(tmp_file.writer()) catch |err| {
-                    Output.err(err, "failed to write modified PE", .{});
-                    Global.exit(1);
-                };
-            }
-
-            std.fs.cwd().rename(tmp_name, outfile) catch |err| {
-                Output.err(err, "failed to replace PE file", .{});
-                std.fs.cwd().deleteFile(tmp_name) catch {};
-                Global.exit(1);
-            };
-        }
+        return .success;
    }

    pub fn fromExecutable(allocator: std.mem.Allocator) !?StandaloneModuleGraph {
@@ -1472,7 +1478,6 @@ const w = std.os.windows;

 const bun = @import("bun");
 const Environment = bun.Environment;
-const Global = bun.Global;
 const Output = bun.Output;
 const SourceMap = bun.sourcemap;
 const StringPointer = bun.StringPointer;
--- a/src/Watcher.zig
+++ b/src/Watcher.zig
@@ -2,7 +2,7 @@

 const Watcher = @This();

-const DebugLogScope = bun.Output.Scoped(.watcher, false);
+const DebugLogScope = bun.Output.Scoped(.watcher, .visible);
 const log = DebugLogScope.log;

 // This will always be [max_count]WatchEvent,
@@ -32,7 +32,7 @@ ctx: *anyopaque,
 onFileUpdate: *const fn (this: *anyopaque, events: []WatchEvent, changed_files: []?[:0]u8, watchlist: WatchList) void,
 onError: *const fn (this: *anyopaque, err: bun.sys.Error) void,

-thread_lock: bun.DebugThreadLock = bun.DebugThreadLock.unlocked,
+thread_lock: bun.safety.ThreadLock = .initUnlocked(),

 pub const max_count = 128;
 pub const requires_file_descriptors = switch (Environment.os) {
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .2.19
 .2.20