Starosdev/scrutiny v1.31.0 on GitHub

v1.31.0 (2026-02-24)

API authentication and authorization (#273, closes #268)
Adds opt-in API authentication to Scrutiny, securing the dashboard and API endpoints while maintaining full backward compatibility. Auth is disabled by default -- existing deployments are completely unaffected.
When enabled:
- Web UI login page with token-based and optional username/password login methods
- JWT session tokens with configurable expiry and optional persistent secret for surviving restarts
- Collector authentication -- all 4 collectors (metrics, performance, ZFS, selftest) support --api-token flag and per-collector environment variables (COLLECTOR_METRICS_API_TOKEN, COLLECTOR_PERF_API_TOKEN, COLLECTOR_ZFS_API_TOKEN)
- Independent Prometheus metrics auth -- separate web.metrics.token for securing /api/metrics without enabling full API auth
- Rate limiting on login endpoint (10 failures per IP in 5-minute window)
- Security hardening -- SHA-256 hash-then-compare for constant-time token validation, returnUrl sanitization
Public endpoints (/api/health, /api/auth/status, /api/auth/login) remain accessible without authentication.
See AUTH.md for full configuration, deployment, and migration documentation.
Quick start:
```
web:
    auth:
        enabled: true
        token: 'your-secret-api-token-here'
```

SMART attributes table column sorting (#272, closes #269)
Fixed sorting on the SMART attributes table. Added a sortingDataAccessor to map column definitions to their actual data properties so all columns (ID, name, failure rate, value, worst, threshold, ideal) sort correctly by displayed values. Blank columns in raw/scrutiny mode now sort as 0 instead of by hidden underlying values.

ZFS monitoring setup (#251)
Updated omnibus Docker documentation to include /dev/zfs in the device mappings, which is required for ZFS pool detection inside the container.