diff --git a/lib/auth.ts b/lib/auth.ts
index 235d1e3..ed51c21 100644
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -44,10 +44,22 @@ export const authOptions: NextAuthOptions = {
           return null;
         }
 
-        // Match by email OR username
-        const user = getDb()
-          .prepare("SELECT id, email, username, password_hash, role, created_at FROM users WHERE email = ? OR username = ? LIMIT 1")
-          .get(identifier, identifier) as UserRow | undefined;
+        // Match by email OR username. Fallback to email-only if migration hasn't run yet.
+        const db = getDb();
+        let user: UserRow | undefined;
+        try {
+          user = db
+            .prepare("SELECT id, email, username, password_hash, role, created_at FROM users WHERE email = ? OR username = ? LIMIT 1")
+            .get(identifier, identifier) as UserRow | undefined;
+        } catch {
+          // username column missing — self-heal and retry email-only
+          try { db.exec("ALTER TABLE users ADD COLUMN username TEXT"); } catch {}
+          try { db.exec("CREATE UNIQUE INDEX IF NOT EXISTS idx_users_username ON users(username) WHERE username IS NOT NULL"); } catch {}
+          user = db
+            .prepare("SELECT id, email, password_hash, role, created_at FROM users WHERE email = ? LIMIT 1")
+            .get(identifier) as UserRow | undefined;
+          if (user) (user as UserRow).username = null;
+        }
 
         if (!user) {
           await new Promise((r) => setTimeout(r, 200));
diff --git a/package.json b/package.json
index efe8b5e..a471bee 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "corex-nexredirect",
-  "version": "0.1.28",
+  "version": "0.1.29",
   "license": "MIT",
   "overrides": {
     "postcss": "^8.5.13",