Browser schema workbench — no install required.
macOS:
brew install --cask mhiro2/tap/reluneLinux:
Download the latest relune_*_linux_* archive from the GitHub Releases page and place relune on your PATH.
Render an SVG (default format):
relune render --sql schema.sql -o erd.svgSelf-contained HTML viewer (pan/zoom, search, filters):
relune render --sql schema.sql --format html -o erd.htmlrender draws tables, views, and PostgreSQL enum types when they are present in the schema.
Generate Markdown documentation:
relune doc --sql schema.sql -o schema.mdSummarize the schema in the terminal:
relune inspect --sql schema.sqlPoint at a database URL instead of a SQL file (supported where the relune-introspect adapter allows). Prefer the DATABASE_URL environment variable over --db-url so the DSN does not leak into argv (ps) or shell history — when no input flag is given, Relune reads DATABASE_URL:
export DATABASE_URL='postgres://user:pass@localhost:5432/dbname'
relune render -o erd.svg
# Or pass it explicitly (visible to other users via `ps`):
relune render --db-url "$DATABASE_URL" -o erd.svgDialects and URL schemes follow CLI help (relune render --help).
For PostgreSQL and MySQL/MariaDB, Relune applies a 30 second per-statement deadline by default. Connecting is bounded by a 30 second acquire timeout, and the whole catalog fetch is capped by an overall deadline (default 600 seconds; raise it for very large schemas with RELUNE_DB_INTROSPECTION_TIMEOUT_SECS). This keeps SQLite — and MySQL servers that cannot set a session timeout — bounded too.
Remote TCP connections also default to verifying TLS (sslmode=verify-full for PostgreSQL, ssl-mode=verify-identity for MySQL/MariaDB), so the server certificate chain and hostname must match. Pass an explicit sslmode=require / ssl-mode=required in the URL to keep encryption while accepting self-signed clusters. Unix sockets and loopback-only local connections are left untouched.
The connection URL is fully trusted — Relune connects to exactly the host you name with no destination filtering — so never point it at an untrusted DSN. Introspection needs read-only access: PostgreSQL reads its system catalogs (pg_catalog / information_schema); MySQL/MariaDB needs SELECT on information_schema plus the SHOW VIEW privilege to read view definitions (without it, views appear with no definition and a warning is logged); SQLite needs to read the database file.
- CLI reference — all commands and flags
- Configuration — shared defaults in
relune.toml - Public schema workbench — run the WASM build in your browser for render / inspect / export / lint / compare