diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
index f2a7f310..e8734b9e 100644
--- a/.github/workflows/docker-build-push.yml
+++ b/.github/workflows/docker-build-push.yml
@@ -34,6 +34,7 @@ jobs:
outputs:
version: ${{ steps.extract-version.outputs.version }}
image: ${{ steps.meta.outputs.tags }}
+ dockerhub_enabled: ${{ steps.dockerhub.outputs.enabled }}
steps:
- name: Checkout code
@@ -65,7 +66,7 @@ jobs:
echo "Version: ${VERSION}"
- name: Set up QEMU for multi-platform builds
- uses: docker/setup-qemu-action@v4
+ uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
@@ -168,3 +169,31 @@ jobs:
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
+ # Mirror the Docker Hub repository overview from DOCKERHUB.md after each main
+ # build. Runs only on main and only when Docker Hub is configured
+ # (DOCKER_HUB_USERNAME variable present), so forks are unaffected.
+ dockerhub-readme:
+ name: Sync Docker Hub README
+ needs: build-and-push
+ # Run only on main, only when Docker Hub is fully configured: the token
+ # (checked via the build job's dockerhub_enabled output โ secrets can't be
+ # read in an `if:`) AND the username variable.
+ if: ${{ github.ref == 'refs/heads/main' && needs.build-and-push.outputs.dockerhub_enabled == 'true' && vars.DOCKER_HUB_USERNAME != '' }}
+ runs-on: ubuntu-latest
+ # Only needs to read the repo to checkout DOCKERHUB.md; the Docker Hub
+ # update authenticates with DOCKER_HUB_TOKEN, not GITHUB_TOKEN.
+ permissions:
+ contents: read
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
+ - name: Update Docker Hub repository description
+ uses: peter-evans/dockerhub-description@1b9a80c056b620d92cedb9d9b5a223409c68ddfa # v5.0.0
+ with:
+ username: ${{ vars.DOCKER_HUB_USERNAME }}
+ password: ${{ secrets.DOCKER_HUB_TOKEN }}
+ repository: ${{ vars.DOCKER_HUB_USERNAME }}/libredb-studio
+ short-description: "Open-source AI-powered web SQL IDE โ Postgres, MySQL, Mongo, Redis, Oracle, MSSQL, SQLite"
+ readme-filepath: ./DOCKERHUB.md
+
diff --git a/DOCKERHUB.md b/DOCKERHUB.md
new file mode 100644
index 00000000..a62b2fe2
--- /dev/null
+++ b/DOCKERHUB.md
@@ -0,0 +1,161 @@
+
+ 
+
+
+LibreDB Studio
+
+
+ The modern, AI-powered, open-source web-based SQL IDE for cloud-native teams.
+
+
+
+ 
+ 
+ 
+
+
+
+ 
+
+
+> ๐ **Full documentation, source, and issues:**
+
+Query **PostgreSQL, MySQL, SQLite, Oracle, SQL Server, MongoDB and Redis** from your browser โ with AI-powered query assistance, interactive ER diagrams, schema diff, a virtualized data grid, RBAC, OIDC SSO, and a live monitoring dashboard. A lightweight, secure bridge between heavy desktop tools (DataGrip/DBeaver) and minimal CLIs.
+
+---
+
+## Quick start
+
+```bash
+docker run -d \
+ --name libredb-studio \
+ -p 3000:3000 \
+ -e ADMIN_EMAIL=admin@libredb.org \
+ -e ADMIN_PASSWORD=change-me-admin \
+ -e USER_EMAIL=user@libredb.org \
+ -e USER_PASSWORD=change-me-user \
+ -e JWT_SECRET=change-me-to-a-random-32-char-string \
+ libredb/libredb-studio:latest
+```
+
+Open and log in with the `ADMIN_EMAIL` / `ADMIN_PASSWORD` you set above. **Use your own strong passwords and a random `JWT_SECRET`** โ the values here are placeholders.
+
+> **Enable AI:** add `-e LLM_PROVIDER=gemini -e LLM_API_KEY=your_key -e LLM_MODEL=gemini-2.5-flash`.
+
+### Docker Compose
+
+```yaml
+services:
+ libredb-studio:
+ image: libredb/libredb-studio:latest
+ ports:
+ - "3000:3000"
+ environment:
+ ADMIN_EMAIL: admin@libredb.org
+ ADMIN_PASSWORD: change-me
+ USER_EMAIL: user@libredb.org
+ USER_PASSWORD: change-me
+ JWT_SECRET: change-me-to-a-random-32-char-string
+ STORAGE_PROVIDER: sqlite # persist on the volume below
+ STORAGE_SQLITE_PATH: /app/data/libredb-storage.db
+ volumes:
+ - libredb-data:/app/data
+ restart: unless-stopped
+volumes:
+ libredb-data:
+```
+
+A ready-to-use, fully-commented compose file is in the repo: [`docker-compose.example.yml`](https://github.com/libredb/libredb-studio/blob/main/docker-compose.example.yml).
+
+---
+
+## Image tags
+
+| Tag | Pushed from | Use |
+|-----|-------------|-----|
+| `latest` | `main` | Latest stable build |
+| `X.Y.Z` | `main` / release | Pin an exact version, e.g. `docker pull libredb/libredb-studio:0.9.16` (recommended for production) |
+| `dev` | `feat/**`, `fix/**` branches | Bleeding-edge / preview |
+| `sha-` | every build | Exact immutable commit |
+
+- **Architectures:** `linux/amd64`, `linux/arm64` (multi-arch manifest).
+- **Also on GHCR:** `ghcr.io/libredb/libredb-studio` (canonical mirror, no pull rate limits โ preferred for Kubernetes).
+
+---
+
+## Supported databases
+
+| Database | Driver | Highlights |
+| :--- | :--- | :--- |
+| **PostgreSQL** | `pg` | EXPLAIN plans, transactions, query cancellation, SSL/TLS, SSH tunnel |
+| **MySQL** | `mysql2` | EXPLAIN plans, transactions, `KILL QUERY`, SSL/TLS, SSH tunnel |
+| **Oracle** | `oracledb` (thin) | `FETCH FIRST` pagination, `V$` monitoring, `ANALYZE`, transactions |
+| **SQL Server** | `mssql` | `OFFSET FETCH`, `sys.dm_*` DMVs, `DBCC CHECKDB`, Azure SQL auto-detect |
+| **SQLite** | `better-sqlite3` | File-based or in-memory databases |
+| **MongoDB** | `mongodb` | JSON query editor, find/aggregate/insert/update/delete |
+| **Redis** | `ioredis` | Command editor, key browser, INFO monitoring |
+
+---
+
+## Key features
+
+- **Professional SQL IDE** โ Monaco editor (VS Code engine), schema-aware autocomplete, multi-tab workspace, Visual EXPLAIN.
+- **Interactive ER diagrams** โ real FK edges, cardinality, auto-layout (ELK.js), PNG/SVG export.
+- **Schema diff & migration** โ compare snapshots/connections and auto-generate migration SQL.
+- **Multi-model AI copilot** โ NL2SQL, query safety analysis, EXPLAIN-in-plain-English, slow-query autopilot. Gemini / OpenAI / Ollama / custom.
+- **Pro data grid** โ virtualized millions of rows, inline editing, per-column filters, pivot table, CSV/JSON export.
+- **Data visualization** โ 8 chart types with aggregation and saved-chart dashboards.
+- **Data privacy & masking** โ automatic sensitive-column detection, RBAC-enforced masking, export protection.
+- **Auth & SSO** โ local email/password or OIDC (Auth0, Keycloak, Okta, Azure AD, Zitadel) with PKCE and role mapping.
+- **DBA toolkit (admin)** โ live monitoring dashboard, threshold alerts, one-click VACUUM/ANALYZE/REINDEX, full audit trail.
+
+
+ 
+
Ask in plain English, get executable SQL โ schema-aware.
+
+
+
+ 
+
Interactive ER diagrams with real foreign-key edges and auto-layout.
+
+
+---
+
+## Environment variables
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `ADMIN_EMAIL` | โ
| Admin email (default `admin@libredb.org`) |
+| `ADMIN_PASSWORD` | โ
| Admin password |
+| `USER_EMAIL` | โ
| Standard user email (default `user@libredb.org`) |
+| `USER_PASSWORD` | โ
| Standard user password |
+| `JWT_SECRET` | โ
| JWT signing secret (min 32 chars) |
+| `NEXT_PUBLIC_AUTH_PROVIDER` | โ | `local` (default) or `oidc` |
+| `OIDC_ISSUER` / `OIDC_CLIENT_ID` / `OIDC_CLIENT_SECRET` | โ | OIDC SSO (required when `oidc`) |
+| `OIDC_ROLE_CLAIM` / `OIDC_ADMIN_ROLES` / `OIDC_SCOPE` | โ | OIDC role mapping & scope |
+| `LLM_PROVIDER` / `LLM_API_KEY` / `LLM_MODEL` / `LLM_API_URL` | โ | AI: `gemini`, `openai`, `ollama`, `custom` |
+| `STORAGE_PROVIDER` | โ | `local` (default), `sqlite`, or `postgres` |
+| `STORAGE_SQLITE_PATH` | โ | SQLite file path (e.g. `/app/data/libredb-storage.db`) |
+| `STORAGE_POSTGRES_URL` | โ | PostgreSQL URL (when `STORAGE_PROVIDER=postgres`) |
+
+Health check endpoint: `GET /api/db/health` ยท Container HTTP port: `3000`.
+
+---
+
+## Deploy
+
+- **Docker / Compose** โ see Quick start above.
+- **Kubernetes (Helm)** โ `oci://ghcr.io/libredb/charts/libredb-studio` ยท [Artifact Hub](https://artifacthub.io/packages/search?repo=libredb-studio)
+- **CapRover** โ one-click app: add repo `https://libredb.org/caprover-one-click-apps`, then install **LibreDB Studio**.
+- **PaaS** โ one-click buttons for Koyeb & Render in the [GitHub README](https://github.com/libredb/libredb-studio#-one-click-deploy).
+
+---
+
+## Links
+
+- **Source & docs:**
+- **Live demo:** (`admin@libredb.org` / `LibreDB.2026`)
+- **DeepWiki docs:**
+- **License:** MIT
+
+This page is generated from DOCKERHUB.md and synced automatically on every main build.
diff --git a/package.json b/package.json
index 49f1eea1..8489f74d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "@libredb/studio",
- "version": "0.9.15",
+ "version": "0.9.16",
"private": false,
"publishConfig": {
"access": "public"