Skip to content

🚀 Release v3.1.1: Enterprise RBAC, Zero-Trust mTLS, SIMD Hyperbolic Acceleration & Eco-Monitoring

Latest

Choose a tag to compare

@YARlabs YARlabs released this 02 Jul 18:15

Following the massive release of our Spatial AI Engine in v3.1.0, HyperspaceDB v3.1.1 focuses on enterprise-grade security, zero-trust infrastructure hardening, extreme hardware-level performance optimizations, and ESG sustainability tracking.

This update transforms HyperspaceDB into a compliance-ready fortress engineered for strict corporate environments, B2B multi-tenancy, and high-throughput edge deployments.

Here is what is new in v3.1.1.


🔒 1. Enterprise RBAC & Cross-Tenant Sharing

Building multi-tenant B2B AI applications requires strict data boundary isolation and granular permissions.

  • Transaction-Safe Security Core: Implemented a centralized, transaction-safe security storage (data/security.db) powered by redb v4, featuring dynamic API key hashing and multi-tenant permission records.

  • Granular User Roles: Added strict UserRole gating (Admin, ReadWrite, ReadOnly) across all HTTP and gRPC request scopes.

  • Namespaced Cross-Tenant Sharing: Enabled secure index sharing via namespaced URL collection referencing (using owner:name or owner/name syntax).

  • Dashboard Management: Integrated a full-featured "Share Collection" modal, grantee privilege management, and role-based action filters directly into the Web Dashboard.

🛡️ 2. Out-of-the-Box Mutual TLS (mTLS) & Audit Logging

We made meeting SOC 2 Type II, HIPAA, and GDPR compliance standards frictionless for DevOps teams.

  • Zero-Dependency mTLS: Integrated out-of-the-box TLS/mTLS configuration for both HTTP (Axum) and gRPC (Tonic) servers controlled via straightforward environment variables (HS_TLS_CERT, HS_TLS_KEY, HS_TLS_CA).

  • Custom Acceptor Loop: Features a custom TLS connection acceptor supporting strict client certificate verification with seamless fallback to unencrypted traffic when needed.

  • Tenant-Isolated Audit Trails: Added structured JSON-formatted application audit logging with configurable granularity levels (off, low, medium, high, full) streaming directly to stdout or an dedicated audit.log file.

  • Web Dashboard Control Plane: Tenant-isolated log buffers now stream secure, filtered audit histories directly to the Web Dashboard's Control Plane Settings based on the authenticated request context.

⚡ 3. Hardware Sympathy: SIMD Acceleration & O(1) WAL

We continuously optimize our Rust core to ensure every CPU cycle is utilized effectively.

  • Nightly SIMD Vector Acceleration: Activated SIMD intrinsics via std::simd under the nightly-simd cargo feature. This unlocks maximum hardware utilization on AVX2 / AVX-512 / ARM64 Neon platforms for complex non-Euclidean math, drastically accelerating Lorentz metrics, Poincaré distance calculations, and Möbius additions.

  • O(1) Incremental Payload Storage: Replaced full $O(N)$ index serialization with an append-only Write-Ahead Log (WAL) inside payload_store.rs. This eliminates NVMe latency spikes during high-throughput payload ingestion, ensuring flat, deterministic write latency.

🌱 4. Eco-Monitoring & Carbon Footprint Tracking

HyperspaceDB continues to lead as the most resource-efficient and eco-conscious vector engine on the market.

  • Real-Time Carbon Telemetry: Integrated hyperspace-eco telemetry to actively calculate and track the carbon impact of CPU and RAM computations per node.

  • ESG Dashboard Badges: Real-time ESG sustainability badges and operational efficiency metrics are now exposed directly inside the overview and collections interfaces of the Web Dashboard.


📦 Upgrading to v3.1.1

To upgrade your local node or embedded Rust dependency to v3.1.1:

Rust Cargo Dependency:

[dependencies]
hyperspace-sdk = "3.1.1"
# To enable SIMD hardware acceleration on nightly toolchains:
# hyperspace-sdk = { version = "3.1.1", features = ["nightly-simd"] }

Docker Pull:

docker pull glukhota/hyperspacedb:3.1.1

Environment Setup for mTLS:

export HS_TLS_CERT="/path/to/server.crt"
export HS_TLS_KEY="/path/to/server.key"
export HS_TLS_CA="/path/to/ca.crt" # Enables strict mTLS client verification

*For full documentation, architecture breakdown, and SDK guides, visit [yar.ink/docs]