Bun Zig→Rust AI Rewrite: Fireship Code Report and What Builders Should Steal
Jul 15, 2026: Fireship covers Bun's 11-day Zig→Rust port by 64 Claude agents. explainx.ai unpacks Jarred Sumner's postmortem, Andrew Kelley's pushback, and whether this is Netscape 2.0 or a new rewrite exception.
On July 15, 2026, Fireship dropped a Code Report titled The most controversial rewrite in history just shipped… — framing Bun's mechanical Zig→Rust port as a lightning rod at the intersection of language politics, AI labor, and Joel Spolsky's famous Things You Should Never Do essay. The video is a sharp secondary explainer; the primary record is Jarred Sumner'sRewriting Bun in Rust postmortem (July 8, 2026), plus Zig creator Andrew Kelley'sresponse (July 9, 2026).
Bun — the JavaScript toolkit Anthropic acquired in December 2025 — did not announce a rewrite and then spend a year in a cave. Sumner ran ~50 dynamic workflows in Claude Code for 11 days (May 3–14, 2026), peaked at ~64 parallel Claude agents, and merged 535,496 lines of Zig into unsafe-but-checkable Rust while Claude Code users were already on the new runtime by June without a changelog scream. explainx.ai maps what is reproducible harness design, what is Anthropic-insider economics, and whether this is the exception Spolsky never imagined or Netscape 2.0 with better marketing.
535,496 lines of Zig, 1,448.zig files → .rs; 6,778 commits in 11 days; peak ~1,300 lines Rust/min (Sumner postmortem).
How many agents?
~64 Claudes at peak = 4 workflows × 4 worktrees × 16 agents each — not 64 humans (harness pattern).
Token bill?
~$165k at API list price; team inside Anthropic did not pay retail — useful as orchestration magnitude, not your invoice.
Did it work?
128 bugs fixed vs v1.3.14, ~20% smaller Linux/Windows binary, dev-server memory leaks leveled; 19 known regressions found and fixed.
Why leave Zig?
GC + manual memory hybrid → UAF/double-free/leaks; future code mostly Claude-written but Zig upstream rejects AI PRs (Thoughtworks OSS lens).
Netscape 2.0?
Closer to mechanical port + conformance tests than greenfield rewrite — but Kelley argues $165k ≠ finished idiomatic Rust.
Stealth ship?
Claude Code v2.1.181+ (from June 17, 2026) already runs Rust Bun — users mostly did not notice.
Fireship's July 15 episode was sponsor-supported; explainx.ai does not treat sponsor segments as product recommendations.
What Fireship got right — and what to read first
Fireship compresses a two-month story into nine minutes: Anthropic buys Bun, Zig's manual memory meets JSC's GC, 64 Claudes, $165k, Andrew Kelley calling benchmarks misleading and compile times omitted, Joel Spolsky cited as the ghost at the banquet. That narrative arc matches the primary sources.
Fireship Code Report — YouTube — cultural synthesis for developers who will not read 6,000 words of postmortem.
Simon Willison's July 8 summary is a useful tertiary distillation: "A language-independent test suite with a million assertions, adversarial code review, and when something goes wrong, fix the process that generates the code instead of hand-fixing the code."
The numbers — primary source, not hype headline
Sumner's disclosure block matters: Bun is part of Anthropic; he used a pre-release Claude Fable 5 (Mythos-class) unavailable to public subscribers in May 2026.
Metric
Value
Notes
Zig lines ported
535,496 (comments excluded)
Mechanical 1:1 file mapping
Files
1,448.zig → .rs
Sharded across 4 worktrees
Calendar time
May 3–14, 2026 (11 days)
~6 days of heavy codegen
Commits
6,778
Peaked 695 commits/hour
Peak concurrency
~64 Claudes
4 workflows × 16 agents
Peak codegen rate
~1,300 lines Rust/min
After PORTING.md + LIFETIMES.tsv
Tokens (pre-merge)
5.9B uncached in, 690M out, 72B cached reads
~$165k at API pricing
Test surface
~1.3Mexpect() calls
TypeScript suite — language-agnostic
Human prep
~3 hours mapping discussion → PORTING.md
Plus manual read of lifetime TSV
Known regressions shipped
19
Semantic Zig/Rust differences — all fixed
Post-merge security rounds
11 Claude Code Security reviews
Ongoing fuzzing — 100B parser executions
Fireship rounds these for drama; your internal slide deck should cite Sumner's tables, not rounded TikTok math.
Why rewrite — GC meets manual memory, and LLM politics
Sumner's bug list in the postmortem is the engineering case: heap-use-after-free in node:zlib, re-entrant JS invalidating native pointers in node:http2, GC-root leaks in fs.watch(), double-free in the CSS parser, TLS session leaks — a graveyard of "who frees this when JSC is mid-collection?"
Zig gave Bun speed and control to ship a absurd scope in one human year pre-LLM. It did not give automatic lifetime enforcement across a boundary where JavaScriptCore owns half the objects. Sumner considered homegrown smart pointers and TigerBeetle-style style guides; he did not want to live in review hell forever.
The AI angle is not just codegen speed. After Anthropic's acquisition, Bun's future patches are mostly model-authored — but the Zig project does not accept AI-generated contributions. Kelley documents the friction: Bun maintained a Zig fork claiming faster debug builds; upstream said no. That is the zero-cost fallacy meeting agentic codegen: the runtime's language choice is now also a contribution-policy choice.
explainx.ai's read: Rust is not magic — it is a stricter feedback loop for the specific failure modes Bun cataloged. Whether those bugs were inevitable in Zig or specific to Bun's comptime habits is Kelley's counter-thesis.
The harness — not "rewrite in Rust, don't make mistakes"
Sumner explicitly rejects the naive prompt. The real stack:
1. Thick artifacts before thin prompts
Before touching all 1,448 files, Sumner spent ~3 hours with Claude producing PORTING.md (Zig pattern → Rust pattern) and LIFETIMES.tsv (per-field lifetime decisions with adversarial review). That is thin prompts, thick artifacts at industrial scale — the prompt is "port file X per PORTING.md"; the specification lives outside the chat.
2. Trial port, then fleet
Three .zig files first: 1 implementer, 2 adversarial reviewers, 1 fixer. Only after that pattern worked did the fleet spin up.
3. Adversarial review as default
1 implementer, 2 or more adversarial reviewers per implementer. The reviewer's only job: find bugs. The implementer doesn't review. The reviewer doesn't implement.
This is the answer to should developers stop reviewing AI code? for migrations: humans should not read a million lines — they should own the verification architecture. Split context windows so the author model and reviewer model have opposing incentives, the same way a human author wants merge and a human reviewer wants bugs.
4. Worktrees as isolation primitive
Early agents git stash'd over each other. Fix: four worktrees, shard by subtree, ban destructive git/cargo during parallel commits. Same primitive as OpenCode Desktop tabs chasing — one agent session per checkout — and Levels' VPS tmux workflows for human supervisors monitoring loops remotely.
5. Compiler errors as queue, tests as merge gate
After codegen: crate-by-crate cargo check, errors grouped by file, parallel fix loops. Then smoke subcommands, then randomized test shards with systemd cgroups because Bun's suite spawns 10k processes and exhausts TCP tables. CI burndown: 972 failing files → 23 → 0 over days — not minutes.
When agents stubbed functions or wrote paragraph-long workaround comments, Sumner edited the workflow, not the million lines. That is dynamic workflows philosophy: the loop is the product.
Results claimed — stability, size, speed, stealth
Sumner's "Bun is better in Rust" section separates rewrite effects from follow-on engineering:
Claim
Evidence in postmortem
128 bugs fixed
Reproduces against v1.3.14 — leaks, crashes, miscolored help text
Dev server memory
Bun.build() loop: v1.3.14 climbs to 6,745 MB at 2,000 builds; v1.4.0 levels ~609 MB
~20% smaller binary
Linux 88 MB → 70 MB, Windows 94 MB → 76 MB — partly comptime cleanup, partly ICU/linker opts
Kelley's rebuttal: much of the binary-size work could have happened in Zig years ago; the postmortem delay existed because the team did engineering they should have done pre-rewrite. He also flags LTO and linker tricks — not Rust-the-language alone.
Andrew Kelley vs Jared — language politics without fanboying
Kelley's post is blunt — unusually so for a language BDFL commenting on a high-profile migration. explainx.ai extracts four technical claims without picking a tribal jersey:
Relief, not mourning — Zig community tired of Bun as presumed Zig ambassador while practicing comptime abuse and AI-slop forum behavior.
Engineering, not language — bugs came from Bun's hybrid GC model and practices, not Zig lacking features.
Test skepticism — if tests missed Zig UAFs, why trust them to bless million-line unreviewed Rust?
Cost accounting — $165k bought a faithful unsafe port, not idiomatic Rust; true rewrite cost and calendar still ahead.
Sumner's tone in the postmortem is grateful to Zig ("We wouldn't have gotten this far if not for Zig") while arguing language choice is no longer one-way when agents can mechanical-port. Both can be true: Zig enabled v1; Rust + harness enabled v1.4's safety tooling.
For Anthropic IPO readers: this story is product proof, not financial guidance. A stealth runtime swap inside Claude Code demonstrates dogfooding depth S-1 risk sections might call concentration — explainx.ai does not translate that into buy/sell language.
Netscape 2.0 or the Spolsky exception?
Joel Spolsky, 2000: Netscape's rewrite shipped late, buggy, and lost market share while frozen. The lesson: don't burn the roadmap for a paradise rewrite.
Bun, 2026: Different constraints:
Netscape pattern
Bun pattern
Rewrite and redesign
Mechanical port — "looks transpiled," idiomatic later
No conformance suite
~1.3M assertions in TypeScript
Big-bang user cutover
Canary, Claude Code first, Zig until v1.3.14
Human team offline a year
One engineer monitoring agent loops
No adversarial agents
2 reviewers per implementer by default
Fireship uses Spolsky as cultural shorthand. The precise explainx.ai label: agent-assisted transpile with conformance tests — still a rewrite by line count, but verification-first in a way 2000 Netscape was not.
The risk Spolsky would still flag: technical debt porting — Kelley notes ~4% unsafe, ~13k unsafe keywords, semantic traps like debug_assert! erasing side effects that passed tests in release builds. 19 regressions is honest; it is also 19 user-visible failures you must budget.
What to copy Monday morning — builder checklist
You probably do not have Fable 5 pre-release or $165k of free tokens. You can still copy the harness topology:
text
Phase 0 — Artifacts (hours, not days)
PORTING.md — pattern mapping, banned APIs, naming
LIFETIMES.tsv — ownership/lifetime decisions per struct field
ADVERSARIAL_REVIEW.md — what reviewers must reject (stubs, essay comments)
Phase 1 — Pilot (3 files)
1 implementer → 2 reviewers → 1 fixer → human spot-check
Phase 2 — Parallel shards
N worktrees, no git stash/reset during concurrent commits
Shard by folder; cap slow commands (grep froze EC2 once)
Phase 3 — Queues
Compiler errors by crate → test failures by subcommand → CI burndown
Phase 4 — Merge gate
0 tests skipped; language-independent suite green on all platforms
Security review pass before marketing blog
Pair with explainx.ai skill distribution if your org shares PORTING.md-style skills — verified installs beat pasting agent output into ~/prompts.
Do not copy: betting the company on exclusive models, counting retail token price as total cost, or shipping million-line diffs without ** cgroup-isolated** test sharding.
What people are still arguing on HN and X
"Unreviewed slop" vs "tests are enough" — Kelley's strongest line. Counter: Sumner fixed process when agents cheated, plus 11 security review rounds post-merge. Middle path from explainx.ai: risk-based review — owners certify gates, not lines.
"Rust marketing for Anthropic" — Bun is dogfood for Claude Code and a showcase for dynamic workflows. Reproducible patterns ≠ reproducible economics.
"Zig is dead for systems code" — Overread. One runtime left after policy and memory-model pain, not a language election.
"AI will rewrite all legacy" — Only where mechanical mapping + independent tests + owner monitoring exist. COBOL with no tests is still COBOL.
Summary
July 15, 2026: Fireship's Code Report popularized Bun's Zig→Rust story — 64 Claudes, 11 days, ~$165k token equivalent, 128 bugs fixed, stealth Claude Code rollout since June. The primary sources (Sumner's July 8 postmortem, Kelley's July 9 response) add nuance: worktrees, PORTING.md, adversarial reviewers, TypeScript conformance tests, and honest regression archaeology.
explainx.ai's take: this is less Netscape 2.0 than Spolsky's nightmare with a harness — but Kelley is right that $165k ≠ done, and language flamewars distract from the transferable lesson: fix loops, not million-line diffs.
Stats, canary availability, Claude Code runtime version, and community responses reflect public posts through July 16, 2026. Bun v1.4 remains canary — verify behavior on your platform before migrating production. Not investment advice.