bunjs-docker-mastery
Principal/Senior-level Bun.js playbook for backend APIs, runtime-aware TypeScript, Docker delivery, reliability, observability, testing, and production operations. Use when: building or reviewing Bun services, hardening Hono-based APIs, modernizing Node-style backends for Bun, improving Docker and CI quality, or preparing Bun apps for production.
What this skill does
# Bun.js + Docker Mastery
## Operate
- Confirm the goal, scope, Bun version, deployment target, Docker constraints, database choice, traffic profile, and definition of done.
- Prefer small vertical slices with tests and explicit tradeoffs.
- Use Bun-native capabilities when they simplify the system, but do not force Bun-specific APIs where the standard Web platform is already clear.
- Optimize for operability: graceful shutdown, structured logs, health checks, timeouts, and safe defaults are part of the baseline.
> The goal is not just “fast on benchmarks”. The goal is a service that stays easy to debug and safe to run in production.
## Default Standards
- Keep `src/index.ts` as bootstrap only; move app wiring to `src/app.ts` and business logic to services/use-cases.
- Validate environment variables and request payloads at the boundary.
- Prefer explicit error types and one global error mapping strategy.
- Keep TypeScript strict; avoid `any`, hidden type assertions, and implicit runtime contracts.
- Prefer idempotent handlers for side-effecting endpoints where retries can happen.
- Treat database, cache, and outbound HTTP as failure-prone dependencies: always define timeouts and degradation behavior.
## “Bad vs Good” (common production pitfalls)
```typescript
// ❌ BAD: parsing untrusted input directly in the service layer.
const user = await userService.create(await c.req.json())
// ✅ GOOD: validate at the HTTP boundary before entering business logic.
const payload = c.req.valid("json")
const user = await userService.create(payload)
```
```typescript
// ❌ BAD: fire-and-forget async work with no ownership or logging.
void sendWebhook(order)
// ✅ GOOD: await or queue the side effect with explicit failure handling.
await webhookPublisher.publish(order).catch((error) => {
logger.error({ error, orderId: order.id }, "publish webhook failed")
throw new AppError("Webhook publish failed", 503, "WEBHOOK_UNAVAILABLE")
})
```
## Recommended Structure
```text
src/
├── index.ts
├── app.ts
├── config/
├── routes/
├── controllers/
├── services/
├── repositories/
├── middlewares/
├── utils/
└── types/
```
## Validation Commands
- Run `bun install --frozen-lockfile`.
- Run `bun run test`.
- Run `bunx tsc --noEmit` if the project uses standalone TypeScript checks.
- Run `bunx @biomejs/biome check .`.
- Run `bun run build` before release.
- Run Docker build validation for production images when Docker is part of the deliverable.
## Runtime and API Guardrails
- Use a single request ID / trace ID strategy and include it in logs and error responses where appropriate.
- Set request body limits, timeouts, and rate limits for public endpoints.
- Do not leak stack traces, secrets, or database errors to clients.
- Prefer `Bun.password` for password hashing instead of legacy `bcrypt` stacks unless compatibility requires otherwise.
- Make shutdown explicit: stop accepting traffic, drain in-flight work, and close DB/Redis clients.
## Docker & Deployment Defaults
- Use multi-stage Docker builds.
- Run as non-root.
- Pin Bun base image versions; avoid floating `latest` tags.
- Add `/health` and `/ready` endpoints for orchestration environments.
- Keep image contents minimal and deterministic.
## Testing Defaults
- Unit tests for pure logic and service policies.
- Integration tests for database repositories and route behavior.
- E2E tests only for critical user flows.
- Keep mocks small and close to the consumer boundary.
## References
- Clean code patterns: [references/clean-code-patterns.md](references/clean-code-patterns.md)
- Debugging guide: [references/debugging-guide.md](references/debugging-guide.md)
- Docker patterns: [references/docker-patterns.md](references/docker-patterns.md)
- Library arsenal: [references/library-arsenal.md](references/library-arsenal.md)
- Auth and session security: [references/auth-and-session-security.md](references/auth-and-session-security.md)
- Background jobs and queues: [references/background-jobs-and-queues.md](references/background-jobs-and-queues.md)
- Database and transactions: [references/database-and-transactions.md](references/database-and-transactions.md)
- Observability: [references/observability.md](references/observability.md)
- Security and outbound HTTP: [references/security-and-outbound-http.md](references/security-and-outbound-http.md)
- Testing strategy: [references/testing-strategy.md](references/testing-strategy.md)
- Reliability and operations: [references/reliability-and-operations.md](references/reliability-and-operations.md)
## Scripts & Assets
- `scripts/init-project.sh` - initialize a Bun project from the template.
- `scripts/healthcheck.ts` - health endpoint template.
- `assets/project-template/` - project boilerplate.
Related in Backend & APIs
jfrog
IncludedInteract with the JFrog Platform via the JFrog CLI and REST/GraphQL APIs. Use this skill when the user wants to manage Artifactory repositories, upload or download artifacts, manage builds, configure permissions, manage users and groups, work with access tokens, configure JFrog CLI servers, search artifacts, manage properties, set up replication, manage JFrog Projects, run security audits or scans, look up CVE details, query exposures scan results from JFrog Advanced Security, manage release bundles and lifecycle operations, aggregate or export platform data, or perform any JFrog Platform administration task. Also use when the user mentions jf, jfrog, artifactory, xray, distribution, evidence, apptrust, onemodel, graphql, workers, mission control, curation, advanced security, exposures, or any JFrog product name.
cupynumeric-migration-readiness
IncludedPre-migration readiness assessor for porting NumPy to cuPyNumeric. Use BEFORE substantial porting work begins when the user asks whether code will scale on GPU, whether they should migrate to cuPyNumeric, which NumPy patterns transfer cleanly, what must be refactored before porting, or mentions pre-port assessment, scaling analysis, or refactor planning. Inspect the user's source code, look up NumPy usage, cross-reference the cuPyNumeric API support manifest, and distinguish distributed-scaling-friendly patterns from blockers such as unsupported APIs, scalar synchronization, host round-trips, Python/object-heavy control flow, shape/data-dependent branching, and in-place mutation hazards. Produce a verdict of READY, LIGHT REFACTOR, SIGNIFICANT REFACTOR, or NOT RECOMMENDED, with concrete refactor pointers.
alibabacloud-data-agent-skill
IncludedInvoke Alibaba Cloud Apsara Data Agent for Analytics via CLI to perform natural language-driven data analysis on enterprise databases. Data Agent for Analytics is an intelligent data analysis agent developed by Alibaba Cloud Database team for enterprise users. It automatically completes requirement analysis, data understanding, analysis insights, and report generation based on natural language descriptions. This tool supports: discovering data resources (instances/databases/tables) managed in DMS, initiating query or deep analysis sessions, real-time progress tracking, and retrieving analysis conclusions and generated reports. Use this Skill when users need to query databases, analyze data trends, generate data reports, ask questions in natural language, or mention "Data Agent", "data analysis", "database query", "SQL analysis", "data insights".
token-optimizer
IncludedReduce OpenClaw token usage and API costs through smart model routing, heartbeat optimization, budget tracking, and native 2026.2.15 features (session pruning, bootstrap size limits, cache TTL alignment). Use when token costs are high, API rate limits are being hit, or hosting multiple agents at scale. The 4 executable scripts (context_optimizer, model_router, heartbeat_optimizer, token_tracker) are local-only — no network requests, no subprocess calls, no system modifications. Reference files (PROVIDERS.md, config-patches.json) document optional multi-provider strategies that require external API keys and network access if you choose to use them. See SECURITY.md for full breakdown.
resend-cli
IncludedUse this skill when the task is specifically about operating Resend from an AI agent, terminal session, or CI job via the official resend CLI: installing/authenticating the CLI, sending/listing/updating/cancelling emails, batch sends, domains and DNS, webhooks and local listeners, inbound receiving, contacts, topics, segments, broadcasts, templates, API keys, profiles, or debugging Resend CLI/API failures. Trigger on mentions of Resend CLI, `resend`, `resend doctor`, `resend emails send`, `resend domains`, `resend webhooks listen`, `resend emails receiving`, or agent-friendly terminal automation.
alibabacloud-odps-maxframe-coding
IncludedUse this skill for MaxFrame SDK development and documentation navigation on Alibaba Cloud MaxCompute (ODPS). Helps answer MaxFrame API, concept, official example, and supported pandas API questions; create data processing programs; read/write MaxCompute tables; debug jobs (remote or local); and build custom DPE runtime images. Trigger when users mention MaxFrame, MaxCompute with MaxFrame, ODPS table processing, DPE runtime, MaxFrame docs/examples, DataFrame/Tensor operations, or GPU runtime setup. Works for both English and Chinese queries about Alibaba Cloud data processing with MaxFrame.