Skip to content

Releases: cristiancmoises/mirim

mirim 1.1.0

Choose a tag to compare

@cristiancmoises cristiancmoises released this 15 Jul 16:48

Query-ergonomics + distribution release. On-disk formats are unchanged and still v1/frozen — every 1.0.0 vault, sealed export, WAL, and manifest opens unchanged under 1.1.0.

Highlights

  • SQL: ORDER BY <col> [ASC|DESC] (multi-key, stable; NULLs first on ASC), LIMIT <n> [OFFSET <m>], COUNT(*), and -- / /* */ comments. All contextual keywords, so order/count/limit/… stay usable as identifiers. New Db::execute_script, mirim::split_statements, Db::schema_sql; CLI .read <file> and .schema.
  • Five sample databases under samples/ + a gen_samples generator, all validated in CI.
  • Desktop GUI (mirim-gui, new gui/ crate): a simple, secure-by-default front end — dark theme + cyan accents, offline, opens via the durable/encrypted engine, read-only until you tick “Allow writes”, passphrase zeroized.
  • Docs: a friendly GUIDE and a sourced comparison vs SQLite/SQLCipher/DuckDB/libSQL/redb/sled.

Downloads

Native packages for Linux (.deb, .rpm, AppImage, .tar.gz), macOS (.dmg, .pkg, .tar.gz), and Windows (.exe/.zip) are attached, plus the standalone mirim-gui binary per OS. Verify with SHA256SUMS; each artifact also carries a detached ML-DSA-87 (.mf) signature you can check against mirim-release.pub:

sha256sum -c SHA256SUMS --ignore-missing
mirim-sign verify <artifact> <artifact>.mf mirim-release.pub

Full notes: CHANGELOG.md.

mirim 1.0.0

Choose a tag to compare

@cristiancmoises cristiancmoises released this 14 Jun 08:42

First stable release. No code change from 0.14.0; this milestone declares
the public API and the on-disk formats stable. The per-version history
that follows records how the project reached here.

What mirim is

A tiny embedded SQL database (~3.4 kLOC of safe Rust, #![forbid(unsafe_code)]),
encrypted at rest by default, with post-quantum sealed exports and no
classical asymmetric cryptography anywhere in any file format.

Capabilities

  • SQL subset over in-memory tables: CREATE/INSERT/SELECT/UPDATE/DELETE,
    INTEGER and TEXT, single-column PRIMARY KEY / UNIQUE with an O(1)
    equality index, ? parameter binding, no type coercion.
  • Encrypted vault (.mrm): XChaCha20-Poly1305 over the snapshot, key from
    Argon2id (passphrase) or a caller-held 32-byte key; atomic saves.
  • Durable sessions (DurableDb): an encrypted write-ahead log; an
    acknowledged mutation survives kill -9 and power loss, enforced by a
    SIGKILL harness. checkpoint() folds the log into a fresh snapshot.
  • Post-quantum sealed exports: ML-KEM-768 (FIPS 203), single- and
    multi-recipient. Signed manifests: ML-DSA-87 (FIPS 204) via mirim-sign,
    with monotonic-counter rollback enforcement; mirim signs its own
    releases with it.
  • Key rotation, one-writer advisory locking, and a C FFI (mirim-ffi).

Security

  • No classical public-key cryptography in any persisted artifact, so
    archived vaults and sealed exports are outside harvest-now-decrypt-later
    scope. Primitives are vetted RustCrypto / ML-KEM / ML-DSA crates.
  • Official test vectors pass: FIPS 203, FIPS 204, RFC 9106, RFC 8439.
  • A plain-English threat model with an explicit "does NOT protect against"
    section lives in SECURITY.md.

Assurance

  • 97 native tests, a SIGKILL power-cut harness, 5 libFuzzer targets, a
    proptest property layer, a model-based differential test against an
    independent oracle, and Miri on the logic-bearing suites.
  • The C FFI runs under ASan + UBSan.
  • Reproducible release builds (bit-identical), a CycloneDX SBOM of the
    runtime dependency closure, and cargo audit / cargo deny gates in CI.

Measured (x86-64, in-memory, vs SQLite)

  • Bulk insert 10k rows with a PRIMARY KEY: 13.4 ms (SQLite 33.6 ms).
  • Point SELECT by PK over 10k rows: 1.42 µs (SQLite 0.62 µs).
  • Durable commit (fsynced): 578 µs. CLI binary with the full crypto
    stack: ~436 KiB.

Licensing

Dual-licensed: AGPL-3.0-only (see LICENSE), or a commercial license for
uses the AGPL does not fit — closed-source embedding, or running a
modified version as a network service without publishing source. See
LICENSING.md; commercial licensing via securityops.co. (Relicensed from
MIT during 1.0.0 finalization, before any tagged release.)

Stability commitment

The vault, WAL, sealed-export, and manifest formats are frozen at their
v1/v2 layouts and will remain readable. The public Rust API and the C ABI
are stable; breaking changes would be a 2.0.


Website: https://mirim.securityops.co · Source build & verification steps in README.md and RELEASE.md. Source mirrored to Forgejo, Codeberg, and GitHub.