- Take a backup of the SQLite database before upgrading; migrations 000016‑000021 are forward‑only.
- After upgrade, update any integrations (e.g., `logchef-mcp`) to use the new un‑scoped API endpoints (`/api/v1/saved-queries`).
- Old team‑scoped URLs will return 404 – adjust client code accordingly.
- Team‑scoped saved queries, alerts, shares, and export jobs are removed; related tables (`team_queries`, `alerts.team_id`, `query_shares.team_id`, `export_jobs.team_id`) dropped.
- API endpoints `/api/v1/team-queries/*`, alert share endpoints, and export job endpoints no longer exist – use the new un‑scoped endpoints (`/api/v1/saved-queries`, `/api/v1/alerts`, `/api/v1/collections`).
- Admin frontend URLs migrated: `/management/*` → `/admin/*`, `/profile` → `/settings/profile`, `/admin/sources/list` → `/admin/sources`, `/admin/sources/edit/:id` → `/admin/sources/:id/edit`.
- New **Editor** team role allowing saving, pinning queries, and managing collections without full admin rights.
- Collections: shared invite‑only curated lists with owner/member roles, unified Saved Queries page, shareable query links (`/logs/saved/:queryId`).
- Native ClickHouse TLS configuration eliminating need for stunnel or sidecar proxies.
Full changelog
LogChef 1.6 reorganizes saved queries around Collections — cross-team curation lists you can share with teammates. Teams now exist purely for access control. A new Editor team role sits between Member and Admin: editors can save queries and manage collections without getting full admin rights.
Heads-up: this release contains a SQL migration sequence and breaking URL changes. Read the Upgrade and Breaking changes sections before deploying.
✨ What's new
Collections
A new way to curate saved queries.
- Personal collection auto-created per user. Anything you save lands in your personal collection by default.
- Shared collections are invite-only, with two roles:
owner(full control) andmember(read + run). Items a member can't run for a source they don't have access to show with a lock icon. - Unified Saved Queries page. One page at
/logs/savedwith a collection picker (All / Personal / shared), inline search, and a flat table — replaces the old two-page layout. - "Add to Collection" drawer — open the menu on any saved query and tick the collections you want it pinned to. Create new collections inline.
- Shareable links.
/logs/saved/:queryIdis the canonical share URL. The resolver picks the right team + source automatically, so the recipient lands directly on the query.
Editor team role
A new role between Member and Admin. Editors can:
- Save and pin queries
- Create, rename, and invite members to collections
- Manage collections they own
They cannot invite team members or link sources — those stay admin-only.
Bigger result downloads
CSV / JSON exports now stream from the backend with synchronous admission control (HTTP 429 when at capacity), so very large exports no longer tip the server over.
OIDC skip_email_verified_check (#86)
Skip the email_verified ID-token claim on providers that don't propagate it — for example, Cloudflare Access in front of an upstream IdP. Off by default; opt in via config.
Native ClickHouse TLS (#88)
Configure TLS directly on the source connection. No more stunnel/sidecar to ship TLS to ClickHouse.
Calendar month/year drill-down
Faster navigation in the date picker for queries that span weeks or months.
🛠️ Fixed (vs v1.5.0)
- Very large query results no longer OOM the browser — new
[query] max_limitcap (default 100k rows). A large unbounded result set previously exhausted the renderer. - Long raw SQL in the URL no longer trips the server's HTTP header size limit.
- "No source selected" race on the explorer — queries no longer execute against a stale source while the new source's schema is loading.
- Stale-request guard on source switching — a slow in-flight
loadSourceDetailsresponse can't overwrite a fast one anymore. - Saved queries open against the right source — the query's
source_idoverrides stale?source=params in the URL. - Export job pruner is crash-safe — interrupted prunes no longer leave orphaned download files behind.
- Translate API errors are surfaced to the editor instead of failing silently.
- Export download URLs are relative, so downloads work behind reverse proxies that rewrite hostnames.
💥 Breaking changes
LogChef 1.6 retires team-scoping for queries, alerts, query shares, and export jobs. There are no compat shims — the old paths return 404.
API
| Removed / changed | New |
|---|---|
| team_queries table | saved_queries(source_id, created_from_team_id, created_by, …) |
| alerts.team_id, query_shares.team_id, export_jobs.team_id columns | dropped |
| Team-scoped saved-query endpoints | /api/v1/saved-queries |
| Team-scoped alert endpoints | /api/v1/alerts |
| — | /api/v1/collections (new) |
| Alert notification payloads | team_id / team_name removed; recipients resolve to users directly |
Admin frontend URLs
| Old | New |
|---|---|
| /management/* | /admin/* |
| /profile | /settings/profile |
| /admin/sources/list | /admin/sources |
| /admin/sources/edit/:id | /admin/sources/:id/edit |
Removed features
- Query Folders — replaced by Collections.
- Bookmarks (
is_bookmarked) — replaced by the auto-created personal collection. Your starred queries migrate over automatically.
🗃️ Migration notes
Migrations 000016 → 000021 run on first boot. Most are SQLite table rebuilds with foreign-key handling to preserve child rows.
| Migration | What it does |
|---|---|
| 000016 | Drops query_folders + query_folder_items |
| 000017 | Rebuilds team_queries → saved_queries, drops team_id, adds created_by |
| 000018 | Drops team_id from alerts, query_shares, export_jobs; adds alerts.created_by |
| 000019 | Creates collections, collection_members, collection_items |
| 000020 | Drops is_bookmarked; seeds personal collections; migrates bookmarks to collection items |
| 000021 | Adds created_from_team_id to saved_queries; backfills from team_sources |
Take a backup of your SQLite database before upgrading. Migrations are forward-only.
How to upgrade
Binary
Download the v1.6.0 binary, stop the running service, replace the binary, start the service. Migrations apply on first boot.
Docker
docker pull ghcr.io/mr-karan/logchef:v1.6.0
docker-compose down
docker-compose up -d
Follow-ups
- If you run
logchef-mcpfrom the separate repo, rewire it to/api/v1/saved-queries— the old team-scoped paths are gone. - Provisionable collections are not in this release; declarative config still covers teams, users, and sources.
Contributors
Thanks to @m0nikasingh for OIDC email-verification skip (#86), native ClickHouse TLS (#88), and AI SQL insert mode fix (#89).
Full changelog: v1.5.0...v1.6.0
