What's new​

• Docusaurus 3.10.1 docs site served from GitHub Pages. Versioned per release (use the version dropdown in the navbar after future cuts), local search (no Algolia signup), MDX content with .mdx extension throughout. Built with v4 future flags on (future.v4: true, future.faster: true) so the eventual Docusaurus 4 upgrade is a no-op.
• Reference docs migrated out of the README. Environment variables, auth methods, metrics catalog, Prometheus + Grafana setup, tuning, troubleshooting, dashboard import — all now live on the docs site with proper navigation, search, and per-page edit-on-GitHub links.
• Contributor docs written from scratch rather than copying CONTRIBUTING.md:
  • Architecture — 1500-word deep-dive on the two-tier scrape, the eager-kickoff promise pattern, JS-side joins instead of $lookup, cardinality gates, ESM/NodeNext gotchas. Two Mermaid diagrams (scrape sequence + auth method decision flowchart).
  • Ways to contribute — five concrete paths: high-signal bug reports, propose-a-metric, share-a-dashboard, improve-docs, sponsor.
  • Adding a metric — step-by-step playbook including the cardinality budget rules every new metric must follow.
• README slimmed from 343 lines to 53. CONTRIBUTING.md from 86 lines to 26 — both now point at the docs site for detail.
• Blog as changelog. This post is the first of a "Changelog & news" feed on the docs site, with RSS/Atom for feed readers (<link rel="alternate"> in every page's <head>).

CI / CD additions​

• Lighthouse CI on PRs — every PR touching website/** triggers a Lighthouse run with thresholds: a11y ≥ 90 and SEO ≥ 90 as errors; performance ≥ 85 and best-practices ≥ 85 as warnings. Full report posted to a temporary public URL and linked in the PR.
• Docs build verification on PRs — docs-test-deploy.yml runs the production Docusaurus build on every PR. onBrokenLinks, onBrokenAnchors, and onBrokenMarkdownLinks are all set to "throw" so dead refs and stale anchors fail review.
• Path-filtered docs-deploy.yml — push-to-main only triggers a Pages deploy when website/** or CONTRIBUTING.md actually changes.
• GitHub-native attestations for SBOM + build provenance (actions/attest-build-provenance@v4, actions/attest-sbom@v4) — verifiable via gh attestation verify oci://.... No GHCR clutter because push-to-registry: false.

Release automation​

The version number now lives in one place — root package.json — and the docs site reads it dynamically. The current-version label in the navbar dropdown updates automatically when package.json is bumped; no more hand-editing docusaurus.config.ts per release.

A new "Prepare release" workflow (workflow_dispatch-only) automates the rest:

1. Trigger it from the Actions tab with version: 0.10.0 (no leading v).
2. The workflow snapshots the docs site as 0.10 (so the new "0.10" version dropdown entry will work after deploy), bumps package.json + package-lock.json, and opens a "Release v0.10.0" PR.
3. Review + merge.
4. Tag the merge commit (git tag v0.10.0 origin/main && git push --tags) — or use the GitHub UI's "Draft a new release → Generate release notes" flow.
5. CD takes over: multi-arch build, cosign sign, attest build-provenance + SBOM, Trivy scan, attach SBOM to the Release.

Community polish​

• .github/ISSUE_TEMPLATE/config.yml — adds contact links above the existing Bug/Feature templates pointing to the docs site, GitHub Discussions, and the private security advisory flow.
• GitHub Discussions referenced from the issue config + docs site footer — needs a one-time toggle under repo Settings → General → Features → Discussions to activate.

Upgrading​

Image-side: docker pull ghcr.io/rubentalstra/librechat-prom-exporter:0.9.0. No code changes; behavior identical to v0.8.0. The version number is bumped just to land a clean release tag for the docs site.

If you've bookmarked specific README sections, update those bookmarks to the docs site:

Metrics correctness & performance​

• Tenant-leak fix: Conversation.estimatedDocumentCount() (which is tenant-blind by design) was replaced with countDocuments({}) so the tenant hook applies. Fixes inflated librechat_cost_per_conversation_avg for multi-tenant installs.
• 6× redundant $lookup against users eliminated — all six places now use the pre-loaded userIdToEmail map. Material advanced-scrape speedup on large installs.
• allowDiskUse: true added to every $facet / $group that touches the full messages or transactions collection. Prevents Mongo's 100 MB in-memory aggregation limit from biting on real LibreChat installs.
• Index assertions extended: now warns on missing recommended indexes for messages.createdAt, messages.{isCreatedByUser,createdAt}, files.user, transactions.user, transactions.conversationId.

HTTP hardening + optional auth​

• helmet applied with sensible defaults (no CSP since /metrics returns text, no CORP).
• compression middleware — significant payload reduction on /metrics.
• express-rate-limit with separate per-IP limiters for /metrics (default 120/min) and /health (600/min).
• /metrics auth — four optional methods, all off by default: static bearer (METRICS_BEARER_TOKEN), HTTP Basic (METRICS_BASIC_AUTH_USER + METRICS_BASIC_AUTH_PASSWORD), OAuth2/OIDC JWT (METRICS_OAUTH2_*), IP allowlist (METRICS_ALLOWED_IPS). Constant-time comparison; rate-limited reject logging. See Auth.
• METRICS_PORT — optionally bind /metrics on a separate port so it can be internal-only while /health stays public-reachable.

Tooling foundation​

• pino structured logging — every console.* call swapped for the singleton logger. Pretty in dev, JSON in prod.
• zod env validation — every env var schema-checked at boot. Misconfig fails fast with a clear list of issues. Replaces ad-hoc parseInt and envFlag.
• vitest + 46 tests across config, util, tenantHooks, metricsAuth. JWT signing + JWKS mocking via nock for the OAuth2 path.
• prettier + husky + lint-staged for consistent style and pre-commit hooks.
• tsconfig modernization: target: ES2023, noUncheckedIndexedAccess: true, exactOptionalPropertyTypes: true, sourceMap: true.

Container + CI/CD​

• Base image: distroless → Chainguard cgr.dev/chainguard/node:latest. Daily rebuilds against the latest CVE fixes; currently zero CRITICAL/HIGH CVEs at every severity.
• OCI labels + annotations via docker/metadata-action — description, vendor, source, license, documentation all visible on the GHCR Packages page (no more "No description provided").
• SLSA build provenance + SBOM attestation via GitHub's native framework (actions/attest-build-provenance@v4 + actions/attest-sbom@v4). push-to-registry: false so they live in GitHub's attestation DB and don't clutter GHCR. Verifiable with gh attestation verify oci://....
• cosign keyless signing of every published tag via Sigstore.
• Multi-arch-safe cleanup workflow — actions/delete-package-versions@v5 is not manifest-aware (known upstream bugs); replaced with dataaxiom/ghcr-cleanup-action@v1 which understands manifest lists, cosign signatures, and attestation referrers.
• Weekly Trivy scan of the published :latest — catches CVEs introduced after publish (base-image regression, new Debian advisories) and reports them to GitHub Code Scanning.
• PR-time docker build added to CI so Dockerfile regressions surface at review time, not after merge.

Upgrading​

• docker pull ghcr.io/rubentalstra/librechat-prom-exporter:0.8.0. No env-var changes needed for existing deployments.
• New env vars are all opt-in: see Environment variables.

Thanks to everyone who reported issues during the integration PRs.

(A separate documentation site landed in v0.9.0 — that's the recommended way to read these docs going forward.)