diff --git a/bun.lock b/bun.lock
index 28d3b975..6b4897c8 100644
--- a/bun.lock
+++ b/bun.lock
@@ -10,10 +10,8 @@
         "@mui/icons-material": "^7.3.9",
         "@mui/material": "^7.3.9",
         "@mui/x-date-pickers": "^8.27.2",
-        "@types/better-sqlite3": "^7.6.13",
         "apexcharts": "^5.10.4",
         "bcryptjs": "^3.0.3",
-        "better-sqlite3": "^12.8.0",
         "d3-geo": "^3.1.1",
         "dayjs": "^1.11.20",
         "drizzle-orm": "^0.45.1",
@@ -32,6 +30,7 @@
         "@eslint/js": "^10.0.1",
         "@next/eslint-plugin-next": "^16.1.7",
         "@playwright/test": "^1.58.2",
+        "@types/better-sqlite3": "^7.6.13",
         "@types/bun": "latest",
         "@types/d3-geo": "^3.1.0",
         "@types/node": "^25.5.0",
@@ -40,6 +39,7 @@
         "@types/react-dom": "^19.2.3",
         "@types/topojson-client": "^3.1.5",
         "@vitest/ui": "^4.1.0",
+        "better-sqlite3": "^12.8.0",
         "drizzle-kit": "^0.31.10",
         "eslint": "^10.0.3",
         "typescript": "^5.9.3",
diff --git a/docker/web/Dockerfile b/docker/web/Dockerfile
index 37b21060..ef1cc051 100644
--- a/docker/web/Dockerfile
+++ b/docker/web/Dockerfile
@@ -4,31 +4,25 @@ FROM oven/bun:1-slim AS base
 WORKDIR /app
 
 FROM base AS deps
-# Install build dependencies for native modules like better-sqlite3
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    python3 \
-    make \
-    g++ \
     openssl \
     ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 COPY package.json bun.lock ./
-RUN bun install --frozen-lockfile
+# --ignore-scripts skips native addon compilation (better-sqlite3 is a test-only devDep;
+# production uses bun's built-in bun:sqlite which needs no compilation)
+RUN bun install --frozen-lockfile --ignore-scripts
 
 FROM base AS builder
 ENV NODE_ENV=production
 ENV NEXT_TELEMETRY_DISABLED=1
-# Set a temporary database path for build
 ENV DATABASE_PATH=/tmp/build.db
 ENV DATABASE_URL=file:/tmp/build.db
 COPY --from=deps /app/node_modules ./node_modules
 COPY . .
-# Build the Next.js application
 RUN bun run build && rm -f /tmp/build.db
 
 FROM base AS runner
-# Accept build args for user/group IDs to support rootless operation
-# Using 10001 as default to avoid conflicts with system users
 ARG PUID=10001
 ARG PGID=10001
 
@@ -36,8 +30,6 @@ ENV NODE_ENV=production
 ENV PORT=3000
 WORKDIR /app
 
-# Create user and group with configurable IDs for rootless operation
-# Remove any existing users/groups with the same UID/GID to avoid conflicts
 RUN (getent group ${PGID} && groupdel $(getent group ${PGID} | cut -d: -f1) || true) && \
     (getent passwd ${PUID} && userdel $(getent passwd ${PUID} | cut -d: -f1) || true) && \
     groupadd -g ${PGID} nodejs && \
@@ -48,23 +40,16 @@ COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
 COPY --from=builder --chown=nextjs:nodejs /app/package.json ./package.json
 
-# Copy instrumentation file and all required chunks for server startup initialization
 COPY --from=builder --chown=nextjs:nodejs /app/.next/server/instrumentation.js ./.next/server/instrumentation.js
 COPY --from=builder --chown=nextjs:nodejs /app/.next/server/instrumentation ./.next/server/instrumentation
 COPY --from=builder --chown=nextjs:nodejs /app/.next/server/chunks/ ./.next/server/chunks/
-# Copy Drizzle migrations for runtime schema management
 COPY --from=builder --chown=nextjs:nodejs /app/drizzle ./drizzle
 
-# Create data directory for SQLite database with correct ownership
 RUN mkdir -p /app/data && chown -R nextjs:nodejs /app/data
 
-# Copy entrypoint script
 COPY --chown=nextjs:nodejs docker/web/entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
 EXPOSE 3000
-
-# Run as non-root user (fully rootless)
 USER nextjs
-
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/next.config.mjs b/next.config.mjs
index b6a38402..233f582e 100644
--- a/next.config.mjs
+++ b/next.config.mjs
@@ -2,6 +2,7 @@
 
 /** @type {import('next').NextConfig} */
 const nextConfig = {
+  serverExternalPackages: ['bun:sqlite'],
   experimental: {
     serverActions: {
       bodySizeLimit: '2mb'
diff --git a/package.json b/package.json
index b0f843dc..969c13c0 100644
--- a/package.json
+++ b/package.json
@@ -25,10 +25,8 @@
     "@mui/icons-material": "^7.3.9",
     "@mui/material": "^7.3.9",
     "@mui/x-date-pickers": "^8.27.2",
-    "@types/better-sqlite3": "^7.6.13",
     "apexcharts": "^5.10.4",
     "bcryptjs": "^3.0.3",
-    "better-sqlite3": "^12.8.0",
     "d3-geo": "^3.1.1",
     "dayjs": "^1.11.20",
     "drizzle-orm": "^0.45.1",
@@ -44,8 +42,10 @@
     "topojson-client": "^3.1.0"
   },
   "devDependencies": {
+    "@types/better-sqlite3": "^7.6.13",
     "@types/bun": "latest",
     "@eslint/js": "^10.0.1",
+    "better-sqlite3": "^12.8.0",
     "@next/eslint-plugin-next": "^16.1.7",
     "@playwright/test": "^1.58.2",
     "@types/d3-geo": "^3.1.0",
diff --git a/src/lib/db.ts b/src/lib/db.ts
index 9c17cc36..714e0936 100644
--- a/src/lib/db.ts
+++ b/src/lib/db.ts
@@ -1,6 +1,6 @@
-import Database from "better-sqlite3";
-import { drizzle } from "drizzle-orm/better-sqlite3";
-import { migrate } from "drizzle-orm/better-sqlite3/migrator";
+import { Database } from "bun:sqlite";
+import { drizzle } from "drizzle-orm/bun-sqlite";
+import { migrate } from "drizzle-orm/bun-sqlite/migrator";
 import { mkdirSync } from "node:fs";
 import { dirname, isAbsolute, resolve as resolvePath } from "node:path";
 import * as schema from "./db/schema";
@@ -9,7 +9,7 @@ const DEFAULT_SQLITE_URL = "file:./data/caddy-proxy-manager.db";
 
 type GlobalForDrizzle = typeof globalThis & {
   __DRIZZLE_DB__?: ReturnType<typeof drizzle<typeof schema>>;
-  __SQLITE_CLIENT__?: Database.Database;
+  __SQLITE_CLIENT__?: InstanceType<typeof Database>;
   __MIGRATIONS_RAN__?: boolean;
 };
 
diff --git a/tests/helpers/bun-sqlite-compat.ts b/tests/helpers/bun-sqlite-compat.ts
new file mode 100644
index 00000000..c819badb
--- /dev/null
+++ b/tests/helpers/bun-sqlite-compat.ts
@@ -0,0 +1,6 @@
+// Vitest-only shim: maps bun:sqlite's named Database export to better-sqlite3.
+// Used via resolve.alias in vitest.config.ts so tests that transitively import
+// src/lib/db.ts (which uses bun:sqlite) don't fail under Node.js.
+// No actual queries run via this path in the affected tests (DATABASE_URL=:memory:
+// skips migrations, and the tested functions don't touch the database).
+export { default as Database } from 'better-sqlite3';
diff --git a/tests/vitest.config.ts b/tests/vitest.config.ts
index 2b2d3df0..88bd0ac7 100644
--- a/tests/vitest.config.ts
+++ b/tests/vitest.config.ts
@@ -6,6 +6,17 @@ const root = resolve(__dirname, '..');
 
 export default defineConfig({
   plugins: [tsconfigPaths({ root })],
+  resolve: {
+    alias: {
+      // bun:sqlite is a Bun built-in unavailable in Node.js/Vitest. Redirect both
+      // the protocol import and the drizzle bun-sqlite adapter to their better-sqlite3
+      // equivalents so tests that transitively import src/lib/db.ts don't crash.
+      // Tests that need a real database use tests/helpers/db.ts (better-sqlite3 directly).
+      'bun:sqlite': resolve(__dirname, 'helpers/bun-sqlite-compat.ts'),
+      'drizzle-orm/bun-sqlite/migrator': 'drizzle-orm/better-sqlite3/migrator',
+      'drizzle-orm/bun-sqlite': 'drizzle-orm/better-sqlite3',
+    },
+  },
   test: {
     environment: 'node',
     setupFiles: [resolve(__dirname, 'setup.vitest.ts')],
diff --git a/tsconfig.json b/tsconfig.json
index 646fed38..eacff8ea 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -19,6 +19,7 @@
     "incremental": true,
     "baseUrl": ".",
     "types": [
+      "bun-types",
       "node"
     ],
     "paths": {