Everything the engine does. One binary.
TLS, V8 SSR, multi-layer caching, the compiler, security, CI/CD — all built natively into the engine. No external dependencies to manage.
84 features across 12 categories — built into one open-source engine, with no external dependencies.
HTTP & Networking
Production-grade networking from a single binary. No sidecar proxies, no separate TLS terminator.
Auto TLSOpen source
ACME certificate provisioning with SNI routing, OCSP stapling, and automatic renewal. HTTPS for every domain, zero config.
HTTP/2Open source
Full HTTP/2 multiplexing with configurable stream limits, server push, and connection coalescing.
HTTP/3 + QUICOpen source
QUIC-based HTTP/3 with 0-RTT connection resumption and automatic Alt-Svc advertisement.
Early HintsOpen source
103 Early Hints for preloading critical assets before the main response is ready. Auto-discovery from HTML or manual configuration.
CompressionOpen source
Streaming gzip, Brotli, and Zstd compression with per-entry caching — responses are never re-compressed on cache hits.
CORSOpen source
Configurable cross-origin resource sharing with fine-grained per-route rules, credentials support, and preflight caching.
Rendering & SSR
Full React server-side rendering in V8, no Node.js required. Streaming HTML, automatic islands, and vendor splitting.
V8 SSR EngineOpen source
Render React server-side in an embedded V8 isolate. 3-layer pipeline (base + shell + delta) with heap snapshots for instant cold starts and a per-route warm page-context cache.
Streaming SSROpen source
React 19 renderToReadableStream driven by a custom event-loop driver inside V8. Async server components, <Suspense>, and the use(promise) hook all work natively.
Auto-IslandsOpen source
Components with "use client" are automatically detected and hydrated as interactive islands. Zero manual configuration.
React Server ComponentsOpen source
Real Flight payload pipeline via react-server-dom-parcel. Per-route RSC bundle compiled with the react-server condition, server-only React inlined, evaluated in a separate cached V8 context, and exposed at /__bext/rsc/<path>.
Server IslandsOpen source
Defer expensive SSR components to independent fragment endpoints. Fetched in parallel after initial page load (~1KB client script).
React CompilerOpen source
Auto-memoization via React Compiler integration. Components are optimized at build time without manual useMemo/useCallback.
Font OptimizationOpen source
Transform next/font/google and next/font/local imports with automatic preload injection and self-hosted font files.
OG Image GenerationOpen source
Dynamic Open Graph images rendered server-side with Taffy CSS layout and text rasterization. No external service needed.
Caching & Performance
Multi-layer caching that keeps your app fast without external infrastructure.
ISR CachingOpen source
Incremental Static Regeneration with configurable TTLs, tenant-aware cache keys, and automatic stampede guard to prevent thundering herds.
Stale-While-RevalidateOpen source
Serve stale content instantly while revalidating in the background. Users never wait for a cache miss.
Tiered Cache (L1 + L2)Open source
L1 in-memory cache (DashMap) with automatic promotion/demotion. Optional L2 Redis layer for distributed caching across instances.
Fragment CacheOpen source
Cache individual page fragments with independent TTLs and fine-grained invalidation for partial page updates.
Cache Purge APIOpen source
Programmatic cache invalidation by tag, route, or pattern. Integrates with CI/CD for deploy-time purges.
Vary CachingOpen source
Separate cache entries by Accept-Encoding, Accept-Language, cookies, or any custom header. Full Vary header support.
Redis L2 CacheOpen source
Distributed L2 cache layer backed by Redis for horizontal scaling. Cluster mode support with automatic failover.
Tenant Cache IsolationOpen source
Per-tenant cache namespaces with separate TTLs, size limits, and purge permissions for multi-tenant deployments.
Reverse Proxy & Load Balancing
Full reverse proxy with health-aware routing, circuit breaking, and protocol support for HTTP, WebSocket, and gRPC.
Reverse ProxyOpen source
Route requests to upstream servers with hostname-based routing, path matching, header injection, and request/response transforms.
Load BalancingOpen source
Multiple strategies including round-robin, least-connections, and weighted distribution across upstream servers.
Health ChecksOpen source
Background health probes with configurable intervals, thresholds, and automatic removal of unhealthy upstreams.
Circuit BreakerOpen source
Closed/Open/HalfOpen state machine that stops sending traffic to failing upstreams. Configurable thresholds and recovery windows.
Retry PoliciesOpen source
Configurable retry attempts with exponential backoff and selective retries based on status codes or error types.
gRPC ProxyOpen source
Transparent proxying of gRPC requests with HTTP/2 trailer support, deadline propagation, and load balancing.
WebSocket ProxyOpen source
Full WebSocket reverse proxy with connection upgrade, ping/pong keepalive, and per-connection backpressure.
Security
Defense-in-depth without bolting on third-party services or WAF appliances.
Web Application FirewallOpen source
SQLi/XSS pattern detection, path traversal blocking, bot protection, CRLF injection prevention, and Log4Shell mitigation.
Rate LimitingOpen source
Token bucket rate limiting with configurable time windows, burst allowance, and per-route or per-tenant policies. Redis-backed cluster mode.
Geo-BlockingOpen source
Block or allow traffic by country or region. IP-to-country resolution with configurable allow/deny lists.
Plugin SandboxOpen source
Three isolation tiers: QuickJS for lightweight scripting (free), WASM via wasmtime for portable modules, and nsjail for full process sandboxing.
AuthenticationOpen source
Built-in HTTP Basic (htpasswd with SHA/APR1/bcrypt), JWT validation (RS256/HS256), and auth proxy middleware for upstream services.
SSO / SAML / OIDCOpen source
Enterprise single sign-on with SAML 2.0 and OpenID Connect providers. Role extraction from JWT claims with RBAC enforcement.
Security HeadersOpen source
Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and configurable Content-Security-Policy on all responses.
SSRF PreventionOpen source
Built-in safeguards against server-side request forgery in server actions with configurable allow/deny lists and private IP blocking.
Framework Support
Six framework adapters included in every edition. Auto-detected at startup with zero configuration.
Next.jsOpen source
Full App Router and Pages Router support including RSC streaming, server actions, ISR, middleware, image optimization, and next/font.
HonoOpen source
Native adapter for the ultrafast Hono framework with full middleware support and edge-compatible APIs.
ExpressOpen source
Drop-in hosting for Express apps with automatic port detection, graceful shutdown, and health check integration.
LaravelOpen source
First-class Laravel support with Artisan integration, queue workers, scheduled tasks, and the embedded PHP runtime.
SymfonyOpen source
Full Symfony support including console commands, Messenger workers, and automatic environment detection.
PHPOpen source
Lightweight PHP hosting for custom frameworks or vanilla PHP with the built-in php-fpm replacement. No external PHP runtime needed.
Deployment & Operations
From git push to production with zero-downtime rollouts, canary deploys, and nginx migration.
Git DeployOpen source
Push-to-deploy via GitHub and GitLab webhooks. Automatic builds, health-gated promotion, and deploy status reporting back to your git provider.
Zero-Downtime DeploysOpen source
Rolling deployments with health checks, automatic rollback on failure, and graceful connection draining. No dropped requests.
Zero-Downtime UpgradesOpen source
Replace the bext binary itself without dropping connections. The new version takes over listeners from the old process.
Canary DeploysOpen source
Weighted traffic splitting between versions. Route a percentage of traffic to the new version and promote when metrics look healthy.
A/B TestingOpen source
Route traffic to experiment variants with cookie-based session pinning. Measure conversion across variants without external tools.
nginx CompatibilityOpen source
Drop-in nginx replacement. Auto-detects and parses nginx.conf — server blocks, locations, try_files, proxy_pass, rewrites, and more.
nginx MasqueradeOpen source
Full nginx impersonation with shim binary, PID file, SIGHUP config reload, cache purge API, and systemd unit override.
Config ReloadOpen source
SIGHUP-triggered zero-downtime configuration updates. Validate before applying — bad configs never take effect.
Backup ManagementOpen source
Create and restore backups to local storage, S3, or Cloudflare R2. Scheduled automatic backups with retention policies.
Content & SEO
Built-in optimization for images, metadata, feeds, and search engine visibility.
Image OptimizationOpen source
On-the-fly resize, WebP/AVIF format conversion, quality tuning, and CDN-friendly cache headers. No external image service required.
Blur PlaceholdersOpen source
Generate tiny base64-encoded blur previews for images at build time. Instant perceived loading with no layout shift.
Sitemap GenerationOpen source
Automatic XML sitemap generation from your routes with configurable priority, changefreq, and lastmod values.
robots.txtOpen source
Dynamic robots.txt generation with path blocking rules and automatic sitemap reference.
JSON-LD Structured DataOpen source
Schema.org metadata injection for articles, products, organizations, and breadcrumbs. Better rich results in search engines.
RSS / Atom FeedsOpen source
Automatic feed generation from content routes. Standards-compliant RSS 2.0 and Atom 1.0 output.
Developer Experience
Fast iteration locally, full visibility in production. Built-in tools for every stage.
Hot Module ReplacementOpen source
WebSocket-based HMR in dev mode. CSS reloads in-place without page refresh, JS changes trigger a targeted reload.
Dev DashboardOpen source
Real-time SSE-powered dashboard at /__bext/dev showing active connections, route performance, cache stats, and recent errors.
Error OverlayOpen source
In-browser error display with full stack traces, source mapping, and file:line links during development.
Admin PanelOpen source
Production management UI at /__bext/admin/ with login, cache controls, deploy history, and real-time diagnostics.
Live DiagnosticsOpen source
Run bext diagnose to get real-time server status: TLS certs, cache hit rates, upstream health, and resource usage.
Tail LogsOpen source
Stream recent requests from a running instance with bext logs. Filter by status code, route, or response time.
Toolchain
Built-in package manager, Turbopack bundler, and browser toolchain. No separate npm, yarn, or webpack install.
Package ManagerOpen source
Full npm-compatible package manager built in Rust. Install, uninstall, link, publish, and run scripts — all from bext. Drop-in replacement for npm, yarn, and pnpm.
Turbopack BundlerOpen source
In-process Turbopack bundler for production builds and dev serving. Webpack-compatible configuration with native Rust performance.
Browser ToolchainOpen source
WASM-powered in-browser bundling for playgrounds, sandboxes, and browser-based IDEs. No server required — runs entirely in the browser.
npx AlternativeOpen source
Execute any package binary directly with bext x. Resolves from local node_modules or fetches from the registry on the fly.
Self-UpgradeOpen source
Run bext upgrade to fetch the latest release, replace the binary, and hot-swap the running instance — all without dropping connections.
Companion DownloadsOpen source
Run bext download to fetch companion tool binaries (ut, ut/pack, ut/web) for your platform. One command, no manual builds.
Observability
Metrics, tracing, and structured logs built into every request. No agents to install.
Prometheus MetricsOpen source
Expose request latency, throughput, cache hit rates, upstream health, and resource usage on a standard /metrics endpoint.
Structured LoggingOpen source
JSON-formatted access logs with request IDs, correlation headers, and configurable verbosity per module.
OpenTelemetryPro
OTLP span export to Jaeger, Grafana Tempo, or any OTLP collector. Automatic span creation for HTTP, cache, and plugin operations.
Route MetricsOpen source
Per-route latency histograms, error rates, and throughput counters with automatic Prometheus bucketing.
SLO TrackingOpen source
Define error budgets and latency targets. Track burn rate and get alerts when your SLO is at risk.
Alert EngineOpen source
Rule-based alerting on any metric. Configurable thresholds, evaluation windows, and notification channels.
Platform
Multi-app hosting, real-time communication, workflow orchestration, and i18n — all from one binary.
Multi-App RoutingOpen source
Serve dozens of applications from one binary with hostname-based routing, path prefixes, and fully isolated configurations.
i18n RoutingOpen source
Locale-aware URL routing with automatic redirect based on prefix strategy or Accept-Language content negotiation.
Real-time HubOpen source
WebSocket and SSE with pub/sub channels, presence tracking, automatic reconnection, and per-channel authorization.
Durable FlowsOpen source
Crash-recoverable workflow engine backed by SQLite WAL. SSE progress streaming, retry policies, and saga compensation patterns.
Task SchedulerOpen source
Built-in cron-style job scheduler with persistent state, dead-letter queues, and composable task handlers.
Multi-TenancyOpen source
Per-tenant routing, cache isolation, rate limits, and RBAC. Tenant resolution from subdomain, header, or JWT claim.
Feature FlagsOpen source
Built-in feature flag engine with percentage rollouts, user targeting, and A/B experiment integration.
Embedded PHP RuntimeOpen source
Run PHP without an external runtime. Custom SAPI replaces php-fpm with FastCGI protocol support and worker recycling.