Upgrade from 2.0 to 2.2
Back up, upgrade, verify, and adopt the v2.1 and v2.2 changes from an existing Lific 2.0 installation.
This guide covers upgrades from Lific 2.0 through 2.2. It assumes an existing 2.0 instance and deliberately does not describe older migration paths.
Before upgrading
-
Record the selected configuration and database paths with
lific instance infoand your service status command. -
Make a complete backup while the service is stopped or quiesced:
lific dump --out ./lific-before-2.2.tar.gzThe archive includes a consistent database snapshot, attachments, and
manifest.json. -
Record how clients connect: browser URL, API-key users, OAuth clients, and MCP configuration files. Keep one known-good operator key available for recovery.
-
If the instance is behind a reverse proxy, review
server.trusted_proxiesbefore starting 2.2. Add only proxy networks you operate; the default trusts loopback proxies.
Stop the background service before replacing the binary or restoring a backup. Keep the same lific.toml, database path, attachments directory, and public URL unless you are intentionally relocating the instance.
Changes to account for
v2.1
lific membermanages project membership and roles from the CLI.lific user set-passwordprovides an operator password reset and invalidates the user's sessions.--configis honored byinitand service installation, and configuration/database discovery follows standard OS directories.- Private instances may set
[auth] required = false; this is a shell-controlled operator setting and must remain local or firewalled.
v2.2
- Browser views use credentialed realtime invalidation. Sessions are revalidated, connections are capped per user, and reconnects trigger a resync.
server.trusted_proxiescontrols when forwarded client-IP headers are trusted for rate limiting.- MCP output is compact by default. Use the documented opt-in fields such as
include_closed,include_comments, orecho_treewhen an agent needs the full view. - MCP search supports literal mode, comments are searchable, and list/comment operations expose pagination hints.
- The web UI adds list sub-tabs, sidebar recents, touch page movement, PWA install metadata, and improved command-palette results.
- Auth-optional mode now reaches the browser through the instance auto-login flow; with no accounts, the signup screen still appears.
v2.2.1
- The three export MCP tools are now one
exporttool. It dispatches by identifier:PRO-42for an issue,PRO-DOC-3for a page, and barePROfor a project. - The MCP surface is 27 tools. Clients that assumed the older 29-tool count or the removed export tool names must refresh their discovery data.
Upgrade and verify
-
Install the v2.2 binary and restart the existing service.
-
Run
lific doctorwith the operator credential. Resolve configuration, database, backup, server, OAuth, and MCP failures before opening the instance to users. -
Check
lific instance infoand confirm the expected database, public URL, signup policy, andauthz_enforcedstate. -
Review membership and operator keys:
lific key list lific member list --project <PROJECT>Unbound API keys are operator-trusted/admin-equivalent because they can only be minted with shell access. Audit or rotate any key that is no longer needed. Use user-owned bot keys when an agent should inherit project membership.
-
Test the browser login and one representative project workflow. Confirm issue, page, plan, comment, attachment, and saved-view data before testing writes.
-
Test one API and one MCP client. For MCP, refresh tool discovery and replace calls to
export_issue,export_page, orexport_projectwithexport. -
If the instance uses a proxy, confirm the server logs the expected client IP and that rate limits do not trust arbitrary forwarded headers.
-
Keep the pre-upgrade archive until the browser, API, MCP, backups, and service restart have all been verified.
Authorization rollout
An existing 2.0 instance keeps its persisted authorization setting during the upgrade. Inspect it before changing anything. With enforcement on, viewers can read and comment, maintainers can mutate project content and structure, and leads manage settings, membership, and deletion. Cross-project relations and plan-step links require the appropriate role in every project involved.
To change the setting deliberately:
lific instance set --authz-enforced trueBefore enabling it, ensure every human and bot that needs access has a project membership, and keep an operator-trusted key available for recovery. To roll back the setting on a private instance, use --authz-enforced false and then investigate the missing membership or role rather than distributing a broader key.
For a private local deployment, [auth] required = false is a separate setting from project authorization. It grants credential-less operator access and is unsafe on a public URL; Lific refuses that combination at startup. Treat both settings as operator changes that require shell access and a verification step.
If the upgrade fails
Stop the service, preserve its logs and the failed database state, and do not repeatedly rerun migrations against the only copy. Restore the pre-upgrade archive to a separate data directory or use lific restore <ARCHIVE> --force only after confirming the archive and intended target. Re-run lific doctor, then compare the restored instance's configuration and client credentials before switching traffic back.