getsentry · BYK · May 20, 2026 · May 20, 2026 · sentry-warden · May 20, 2026
diff --git a/.lore.md b/.lore.md
diff --git a/AGENTS.md b/AGENTS.md
diff --git a/src/commands/api.ts b/src/commands/api.ts
@@ -5,6 +5,7 @@
  * Similar to 'gh api' for GitHub.
  */
 
+import { access, readFile } from "node:fs/promises";
 // biome-ignore lint/performance/noNamespaceImport: Sentry SDK recommends namespace import
 import * as Sentry from "@sentry/node-core/light";
 import type { SentryContext } from "../context.js";
@@ -828,11 +829,14 @@ export async function buildBodyFromInput(
   if (inputPath === "-") {
     content = await readStdin(stdin);
   } else {
-    const file = Bun.file(inputPath);
-    if (!(await file.exists())) {
+    const exists = await access(inputPath).then(
+      () => true,
+      () => false
+    );
+    if (!exists) {
       throw new ValidationError(`File not found: ${inputPath}`, "input");
     }
-    content = await file.text();
+    content = await readFile(inputPath, "utf-8");
   }
 
   // Try to parse as JSON for the API client

diff --git a/src/commands/cli/upgrade.ts b/src/commands/cli/upgrade.ts
@@ -14,8 +14,10 @@
  * so that subsequent bare `sentry cli upgrade` calls use the same channel.
  */
 
+import { spawn } from "node:child_process";
 import { homedir } from "node:os";
 import { dirname } from "node:path";
+import { setTimeout } from "node:timers/promises";
 import type { SentryContext } from "../../context.js";
 import {
   determineInstallDir,
@@ -425,12 +427,14 @@
 ): Promise<number> {
   for (let attempt = 1; attempt <= SPAWN_MAX_ATTEMPTS; attempt++) {
     try {
-      const proc = Bun.spawn([binaryPath, ...args], {
-        stdout: "inherit",
-        stderr: "inherit",
+      const proc = spawn(binaryPath, args, {
+        stdio: ["ignore", "inherit", "inherit"],
         env,
       });
-      return await proc.exited;
+      return await new Promise<number>((resolve) => {
+        proc.on("close", (code) => resolve(code ?? 1));
+        proc.on("error", () => resolve(1));
+      });
     } catch (error) {
       // Translate the opaque Bun "Executable not found" error into an
       // actionable UpgradeError. This path triggers when the binary at
@@ -454,7 +458,7 @@
       log.warn(
         `Binary is locked (antivirus scan?), retrying in ${delay}ms... (attempt ${attempt}/${SPAWN_MAX_ATTEMPTS})`
       );
-      await Bun.sleep(delay);
+      await setTimeout(delay);
     }
   }
   // Unreachable — the loop either returns or throws

diff --git a/src/commands/dashboard/list.ts b/src/commands/dashboard/list.ts
@@ -5,6 +5,7 @@
  * and optional client-side glob filtering by title.
  */
 
+import picomatch from "picomatch";
 import type { SentryContext } from "../../context.js";
 import { MAX_PAGINATION_PAGES } from "../../lib/api/infrastructure.js";
 import {
@@ -233,7 +234,7 @@ function processPage(
     limit: number;
     serverCursor: string | undefined;
     afterId: string | undefined;
-    glob: InstanceType<typeof Bun.Glob> | undefined;
+    glob: ((input: string) => boolean) | undefined;
   }
 ): PageResult {
   // When resuming mid-page, find the afterId and skip everything up to and
@@ -249,7 +250,7 @@ function processPage(
 
   for (let i = startIdx; i < data.length; i++) {
     const item = data[i] as DashboardListItem;
-    if (!opts.glob || opts.glob.match(item.title.toLowerCase())) {
+    if (!opts.glob || opts.glob(item.title.toLowerCase())) {
       results.push(item);
       if (results.length >= opts.limit) {
         return {
@@ -283,7 +284,7 @@ async function fetchDashboards(
     perPage: number;
     serverCursor: string | undefined;
     afterId: string | undefined;
-    glob: InstanceType<typeof Bun.Glob> | undefined;
+    glob: ((input: string) => boolean) | undefined;
   }
 ): Promise<FetchResult> {
   let { serverCursor, afterId } = opts;
@@ -434,7 +435,7 @@ export const listCommand = buildListCommand("dashboard", {
     const { serverCursor, afterId } = decodeCursor(rawCursor ?? "");
 
     const glob = titleFilter
-      ? new Bun.Glob(titleFilter.toLowerCase())
+      ? picomatch(titleFilter.toLowerCase(), { dot: true })
       : undefined;
 
     // When filtering, fetch max-size pages to minimize round trips.

diff --git a/src/lib/agent-skills.ts b/src/lib/agent-skills.ts
@@ -10,6 +10,7 @@
  */
 
 import { accessSync, constants, existsSync, mkdirSync } from "node:fs";
+import { writeFile } from "node:fs/promises";
 import { dirname, join } from "node:path";
 import { captureException } from "@sentry/node-core/light";
 import { SKILL_FILES } from "../generated/skill-content.js";
@@ -68,7 +69,7 @@ async function writeSkillFiles(
       if (!existsSync(dir)) {
         mkdirSync(dir, { recursive: true, mode: 0o755 });
       }
-      await Bun.write(fullPath, content);
+      await writeFile(fullPath, content, "utf-8");
       if (relativePath.startsWith("references/")) {
         referenceCount += 1;
       }

diff --git a/src/lib/binary.ts b/src/lib/binary.ts
@@ -5,15 +5,17 @@
  * Used by both `setup --install` (fresh installs) and `upgrade` (self-updates).
  */
 
+import { spawnSync } from "node:child_process";
 import {
   existsSync,
   readFileSync,
   renameSync,
   unlinkSync,
   writeFileSync,
 } from "node:fs";
-import { chmod, mkdir, unlink } from "node:fs/promises";
+import { chmod, copyFile, mkdir, unlink } from "node:fs/promises";
 import { delimiter, join, resolve } from "node:path";
+import { compare as semverCompare } from "semver";
 import { getUserAgent } from "./constants.js";
 import {
   buildTlsErrorDetail,
@@ -56,9 +58,8 @@ export function isMusl(): boolean {
 
   // Heuristic 2: ldd --version output (musl ldd writes "musl libc" to stderr)
   try {
-    const result = Bun.spawnSync(["ldd", "--version"], {
-      stdout: "pipe",
-      stderr: "pipe",
+    const result = spawnSync("ldd", ["--version"], {
+      stdio: ["ignore", "pipe", "pipe"],
     });
     const output =
       Buffer.from(result.stdout).toString() +
@@ -130,7 +131,7 @@ export function isNightlyVersion(version: string): boolean {
  * @returns 1 if a > b, -1 if a < b, 0 if equal
  */
 export function compareVersions(a: string, b: string): -1 | 0 | 1 {
-  return Bun.semver.order(a, b);
+  return semverCompare(a, b);
 }
 
 /**
@@ -451,7 +452,7 @@ export async function installBinary(
       }
 
       // Copy source binary to temp path next to install location
-      await Bun.write(tempPath, Bun.file(sourcePath));
+      await copyFile(sourcePath, tempPath);
 
       // Set executable permission (Unix only)
       if (process.platform !== "win32") {

diff --git a/src/lib/browser.ts b/src/lib/browser.ts
@@ -2,10 +2,18 @@
  * Browser utilities
  *
  * Cross-platform utilities for interacting with the user's browser.
- * Uses Bun.spawn and Bun.which for process management.
+ * Uses child_process.spawn and whichSync for process management.
  */
 
+import { spawn } from "node:child_process";
+import { setTimeout } from "node:timers/promises";
 import { generateQRCode } from "./qrcode.js";
+import { whichSync } from "./which.js";
+
+/** No-op error handler to prevent unhandled error crashes from spawn. */
+function noop(): void {
+  // Intentionally empty — absorbs async spawn errors (e.g., ENOENT)
+}
 
 /**
  * Open a URL in the user's default browser.
@@ -20,10 +28,10 @@
   let args: string[];
 
   if (platform === "darwin") {
-    command = Bun.which("open");
+    command = whichSync("open");
     args = [url];
   } else if (platform === "win32") {
-    command = Bun.which("cmd");
+    command = whichSync("cmd");
     args = ["/c", "start", "", url];
   } else {
     // Linux and other Unix-like systems - try multiple openers
@@ -35,7 +43,7 @@
       "kde-open",
     ];
     for (const opener of linuxOpeners) {
-      command = Bun.which(opener);
+      command = whichSync(opener);
       if (command) {
         break;
       }
@@ -48,16 +56,18 @@
   }
 
   try {
-    const proc = Bun.spawn([command, ...args], {
-      stdout: "ignore",
-      stderr: "ignore",
+    const proc = spawn(command, args, {
+      stdio: ["ignore", "ignore", "ignore"],
     });
+    // Prevent unhandled error crash if the binary disappears between
+    // whichSync() and spawn() (TOCTOU window).
+    proc.on("error", noop);
 
     // Give browser time to open, then detach
-    await Bun.sleep(500);
+    await setTimeout(500);
     proc.unref();
     return true;
   } catch {
    return false;
  }
 }

diff --git a/src/lib/bspatch.ts b/src/lib/bspatch.ts
@@ -31,7 +31,7 @@
  */
 
 import { constants, copyFileSync } from "node:fs";
-import { unlink } from "node:fs/promises";
+import { readFile, unlink } from "node:fs/promises";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 
@@ -269,7 +269,7 @@ async function loadOldBinary(oldPath: string): Promise<OldFileHandle> {
       /* May not exist if copyFileSync failed */
     });
     return {
-      data: new Uint8Array(await Bun.file(oldPath).arrayBuffer()),
+      data: new Uint8Array(await readFile(oldPath)),
       cleanup: () => {
         // Data is in JS heap — no temp file to clean up
       },

diff --git a/src/lib/clipboard.ts b/src/lib/clipboard.ts
@@ -5,7 +5,9 @@
  * Includes both low-level copy function and interactive keyboard-triggered copy.
  */
 
+import { spawn } from "node:child_process";
 import { logger } from "./logger.js";
+import { whichSync } from "./which.js";
 
 const log = logger.withTag("clipboard");
 
@@ -29,18 +31,18 @@ export async function copyToClipboard(text: string): Promise<boolean> {
   let args: string[] = [];
 
   if (platform === "darwin") {
-    command = Bun.which("pbcopy");
+    command = whichSync("pbcopy");
     args = [];
   } else if (platform === "win32") {
-    command = Bun.which("clip");
+    command = whichSync("clip");
     args = [];
   } else {
     // Linux - try xclip first, then xsel
-    command = Bun.which("xclip");
+    command = whichSync("xclip");
     if (command) {
       args = ["-selection", "clipboard"];
     } else {
-      command = Bun.which("xsel");
+      command = whichSync("xsel");
       if (command) {
         args = ["--clipboard", "--input"];
       }
@@ -52,16 +54,20 @@ export async function copyToClipboard(text: string): Promise<boolean> {
   }
 
   try {
-    const proc = Bun.spawn([command, ...args], {
-      stdin: "pipe",
-      stdout: "ignore",
-      stderr: "ignore",
+    const proc = spawn(command, args, {
+      stdio: ["pipe", "ignore", "ignore"],
     });
 
-    proc.stdin.write(text);
-    proc.stdin.end();
+    const { stdin } = proc;
+    if (stdin) {
+      stdin.write(text);
+      stdin.end();
+    }
 
-    const exitCode = await proc.exited;
+    const exitCode = await new Promise<number>((resolve) => {
+      proc.on("close", (code) => resolve(code ?? 1));
+      proc.on("error", () => resolve(1));
+    });
     return exitCode === 0;
   } catch {
     return false;

diff --git a/src/lib/completions.ts b/src/lib/completions.ts
@@ -13,6 +13,7 @@
  */
 
 import { existsSync, mkdirSync } from "node:fs";
+import { writeFile } from "node:fs/promises";
 import { dirname, join } from "node:path";
 import { routes } from "../app.js";
 import { type FlagDef, isCommand, isRouteMap } from "./introspect.js";
@@ -649,7 +650,7 @@ export async function installCompletions(
     }
 
     const alreadyExists = existsSync(path);
-    await Bun.write(path, script);
+    await writeFile(path, script, "utf-8");
 
     return {
       path,

diff --git a/src/lib/db/dsn-cache.ts b/src/lib/db/dsn-cache.ts
@@ -256,11 +256,11 @@ async function validateFileMtime(
   cachedMtime: number
 ): Promise<boolean> {
   try {
-    const file = Bun.file(fullPath);
-    if (!(await file.exists())) {
+    const stats = await stat(fullPath);
+    if (!stats.isFile()) {
       return false;
     }
-    return file.lastModified === cachedMtime;
+    return Math.floor(stats.mtimeMs) === cachedMtime;
   } catch {
     return false;
   }

diff --git a/src/lib/db/instance.ts b/src/lib/db/instance.ts
@@ -5,6 +5,7 @@
  * Uses UUIDv7 for time-sortable, unique identifiers.
  */
 
+import { uuidv7 } from "uuidv7";
 import { getDatabase } from "./index.js";
 
 /**
@@ -28,8 +29,7 @@ export function getInstanceId(): string {
   // Generate and store new instance ID
   // Use INSERT OR IGNORE to handle race condition when multiple CLI processes
   // start simultaneously - only the first insert succeeds
-  // Bun.randomUUIDv7() is native in Bun, polyfilled via uuidv7 package for Node.js
-  const instanceId = Bun.randomUUIDv7();
+  const instanceId = uuidv7();
   const now = Date.now();
 
   db.query(`

diff --git a/src/lib/delta-upgrade.ts b/src/lib/delta-upgrade.ts
@@ -21,6 +21,7 @@
 
 // biome-ignore lint/performance/noNamespaceImport: Sentry SDK recommends namespace import
 import * as Sentry from "@sentry/node-core/light";
+import { compare as semverCompare } from "semver";
 
 import {
   GITHUB_RELEASES_URL,
@@ -465,15 +466,15 @@
     const version = tag.slice(PATCH_TAG_PREFIX.length);
     // Include tags where: currentVersion < version <= targetVersion
     if (
-      Bun.semver.order(version, currentVersion) === 1 &&
-      Bun.semver.order(version, targetVersion) !== 1
+      semverCompare(version, currentVersion) === 1 &&
+      semverCompare(version, targetVersion) !== 1
     ) {
       chainTags.push({ tag, version });
     }
   }
 
   // Sort by version (chronological for nightlies)
-  chainTags.sort((a, b) => Bun.semver.order(a.version, b.version));
+  chainTags.sort((a, b) => semverCompare(a.version, b.version));
 
   return chainTags.map((t) => t.tag);
 }