0.9.41
Zero-config first run (#109, #120)
LibreDB Studio now starts with no configuration at all. When JWT_SECRET and/or ADMIN_PASSWORD are not set, the server generates the missing values on first start, stores them in <data dir>/auth-bootstrap.json (file mode 0600, atomic write), and prints the admin password once to the server log. Explicitly set environment variables always take precedence, and restarts reuse the persisted credentials.
docker run -p 3000:3000 ghcr.io/libredb/libredb-studio:latestnow works with zero environment variables.AUTH_BOOTSTRAP=off(alsofalse/0, case-insensitive) restores the strict behavior: missing variables surface as a clear login error instead of generated credentials. Recommended for production deployments with central log collection.- OIDC mode (
NEXT_PUBLIC_AUTH_PROVIDER=oidc) generates only the JWT secret; a password is never generated. - Every bootstrap error fails open to the previous strict behavior; corrupt or wrong-shape credential files are moved to
.bakand regenerated. The JWT secret is never logged. - Helm and existing Docker deployments that set env vars are unaffected: bootstrap is a no-op that performs no filesystem access when credentials are provided.
Trustworthy Docker image tags (#121)
Version tags and latest are now published only when a release is published, so a pinned version tag can never change content and latest always points at the newest release.
- push to
mainpublishesmain+sha-<commit> - feature/fix branches publish
dev+sha-<commit> - a published release builds
<version>+latest(the release tag must match the package.json version and be valid semver, otherwise the build refuses to tag)
Quality
- 100% line and function coverage on the new
auth-bootstrapanddata-dirmodules and the instrumentation boot hook. - Zero-env boot verified end to end in Docker: first-run banner, generated login, restart reuse, volume persistence, strict mode, and env precedence.
Full changelog: 0.9.39...0.9.41