Secure Exec v0.3 rewrites in Rust and adds Bun SDK, process trees, and Node-less mode

• rivet_dev's launch thread says Secure Exec v0.3 shipped a full Rust rewrite, framing it as a performance and security upgrade for its secure Node.js execution layer.
• According to the feature list in rivet_dev's thread, v0.3 also adds Bun and Rust SDKs, widening the runtime beyond the original Node-centric setup.
• rivet_dev's release notes thread lists process-tree support, which means spawn and exec can now run inside the VM instead of stopping at a single process boundary.
• rivet_dev's launch post also introduces a configurable runtime with a Node-less mode, while the GitHub repo and the linked write-up point to the implementation and docs.

You can jump from the GitHub repo to the linked write-up, and the launch thread itself is unusually compact: four bullets, each naming a subsystem that changed. The odd extra bit is that a reply from 0xblacklight pulled an older complaint about broken APIs and hallucinated docs back into the conversation the same day.

The headline change is the rewrite itself. rivet_dev's thread presents the Rust port as both a speed play and a security play, which fits the product's pitch around running code without a traditional sandbox.

The linked materials sit in the usual places: the GitHub repository for code, and the write-up for the release explanation.

The feature list splits cleanly into two buckets:

• New client surfaces: Bun SDK and Rust SDK, per rivet_dev's feature list.
• Broader execution model: process trees, so spawn and exec can run inside the VM, again per the launch thread.

That process-tree support is the most concrete runtime change in the announcement. It suggests Secure Exec is moving from single-process execution toward workloads that fork helpers, shells, or build steps.

The fourth bullet in rivet_dev's announcement is a configurable runtime with a Node-less mode. That is the part most likely to matter for teams treating execution as a lower-level primitive rather than a full Node environment.

The announcement does not expand the mode's mechanics in-thread, but the wording makes the direction clear: Secure Exec can now be configured without depending on a bundled Node runtime.

The only visible pushback in the evidence came from 0xblacklight's reply, which said an earlier Secure Exec release shipped with hallucinated docs, broken APIs, and slow bug fixes.

That does not change what v0.3 shipped, but it does add a useful piece of release-day context: this version is not just a feature drop, it lands against public complaints about the project's earlier documentation and maintenance quality.