Database

Bun's built-in bundler: Bun.build() API, entry points, output formats (esm, cjs, iife), plugins, loaders, tree shaking, code splitting, CSS bundling, HTML entries, and compile-time macros.

Bun runtime overview: all-in-one JavaScript runtime, bundler, test runner, and package manager. Installation, project initialization, Node.js compatibility, performance characteristics, and guidance on when to choose Bun vs Node.

Building HTTP servers with Bun: Bun.serve() API, routing patterns, WebSocket support, streaming responses, static file serving, TLS configuration, hot reloading, and integration with frameworks like Hono and Elysia.

Migrating from Node.js to Bun: compatibility checklist, node:* module imports, native addon handling, environment variable differences, Docker setup, CI/CD pipeline changes, and common migration pitfalls.

Bun as a package manager: bun install, bun add, bun remove, the binary lockfile (bun.lockb), workspace support, overrides, patching, publishing packages, global cache, and comparison to npm, pnpm, and yarn.

Production patterns for Bun: Docker deployments, TypeScript configuration, shell scripting with Bun.$, monorepo setup, database access patterns, and deployment to Fly.io and Railway.

Bun-native runtime APIs including Bun.serve(), Bun.file(), Bun.write(), Bun.spawn(), Bun.sleep(), Bun.env, FFI for calling native libraries, built-in SQLite, S3 client, glob, and semver utilities.

Bun's built-in test runner: bun test command, describe/it/expect assertions, mocking and spies, snapshot testing, lifecycle hooks, DOM testing with happy-dom, code coverage, and watch mode.

Communicate with customers during an active incident — status page,

Serve as the incident commander during an active production incident.

Write runbooks the on-call engineer at 03:00 AM can actually follow.

Define a severity scale that triggers the right response without

Write postmortems that turn outages into learning, not blame. Covers the

Integrate static and dynamic application security testing into the CI/CD

Encode security policy as version-controlled, testable artifacts that

Build the detection layer that catches attacks in production — log

Defend against supply-chain attacks: malicious dependencies, typosquats,

Run a threat modeling session as part of a design review for any

Connect an LLM agent to a browser to perform tasks: navigation, form

Diagnose and fix flaky end-to-end tests. Covers the categories of

Use Playwright to drive browsers reliably across Chrome, Firefox, and

Build scrapers that run reliably across thousands of pages, handle

Design the tool-permission model for an LLM agent so that compromise

Defend against prompt injection delivered via tool outputs — fetched

Sanitize user input before passing it to the LLM to reduce injection

Recognize the categories of prompt injection attack — direct injection,

Coordinate multiple specialized agents on a single task — when to hand

Design the tools that an LLM agent uses. Covers naming, parameter

Build the eval suite that tells you whether changes to your agent

Use LangGraph (or equivalent state-machine frameworks) to express

Build the episodic memory layer that stores specific past events and

Build the agent's accumulated model of the user — preferences, expertise,

Design the memory architecture for a stateful agent — what's in

Implement an agent memory system using a vector database with retrieval-

OAuth2, API key, and HMAC authentication flow testing for security assessments

Rate limiting bypass testing, throttle evasion, and abuse prevention assessment