Releases: cristiancmoises/mirim
Release list
mirim 1.1.0
Query-ergonomics + distribution release. On-disk formats are unchanged and still v1/frozen — every 1.0.0 vault, sealed export, WAL, and manifest opens unchanged under 1.1.0.
Highlights
- SQL:
ORDER BY <col> [ASC|DESC](multi-key, stable; NULLs first on ASC),LIMIT <n> [OFFSET <m>],COUNT(*), and--//* */comments. All contextual keywords, soorder/count/limit/… stay usable as identifiers. NewDb::execute_script,mirim::split_statements,Db::schema_sql; CLI.read <file>and.schema. - Five sample databases under
samples/+ agen_samplesgenerator, all validated in CI. - Desktop GUI (
mirim-gui, newgui/crate): a simple, secure-by-default front end — dark theme + cyan accents, offline, opens via the durable/encrypted engine, read-only until you tick “Allow writes”, passphrase zeroized. - Docs: a friendly GUIDE and a sourced comparison vs SQLite/SQLCipher/DuckDB/libSQL/redb/sled.
Downloads
Native packages for Linux (.deb, .rpm, AppImage, .tar.gz), macOS (.dmg, .pkg, .tar.gz), and Windows (.exe/.zip) are attached, plus the standalone mirim-gui binary per OS. Verify with SHA256SUMS; each artifact also carries a detached ML-DSA-87 (.mf) signature you can check against mirim-release.pub:
sha256sum -c SHA256SUMS --ignore-missing
mirim-sign verify <artifact> <artifact>.mf mirim-release.pub
Full notes: CHANGELOG.md.
mirim 1.0.0
First stable release. No code change from 0.14.0; this milestone declares
the public API and the on-disk formats stable. The per-version history
that follows records how the project reached here.
What mirim is
A tiny embedded SQL database (~3.4 kLOC of safe Rust, #![forbid(unsafe_code)]),
encrypted at rest by default, with post-quantum sealed exports and no
classical asymmetric cryptography anywhere in any file format.
Capabilities
- SQL subset over in-memory tables: CREATE/INSERT/SELECT/UPDATE/DELETE,
INTEGER and TEXT, single-column PRIMARY KEY / UNIQUE with an O(1)
equality index,?parameter binding, no type coercion. - Encrypted vault (
.mrm): XChaCha20-Poly1305 over the snapshot, key from
Argon2id (passphrase) or a caller-held 32-byte key; atomic saves. - Durable sessions (
DurableDb): an encrypted write-ahead log; an
acknowledged mutation surviveskill -9and power loss, enforced by a
SIGKILL harness.checkpoint()folds the log into a fresh snapshot. - Post-quantum sealed exports: ML-KEM-768 (FIPS 203), single- and
multi-recipient. Signed manifests: ML-DSA-87 (FIPS 204) viamirim-sign,
with monotonic-counter rollback enforcement; mirim signs its own
releases with it. - Key rotation, one-writer advisory locking, and a C FFI (
mirim-ffi).
Security
- No classical public-key cryptography in any persisted artifact, so
archived vaults and sealed exports are outside harvest-now-decrypt-later
scope. Primitives are vetted RustCrypto / ML-KEM / ML-DSA crates. - Official test vectors pass: FIPS 203, FIPS 204, RFC 9106, RFC 8439.
- A plain-English threat model with an explicit "does NOT protect against"
section lives in SECURITY.md.
Assurance
- 97 native tests, a SIGKILL power-cut harness, 5 libFuzzer targets, a
proptest property layer, a model-based differential test against an
independent oracle, and Miri on the logic-bearing suites. - The C FFI runs under ASan + UBSan.
- Reproducible release builds (bit-identical), a CycloneDX SBOM of the
runtime dependency closure, andcargo audit/cargo denygates in CI.
Measured (x86-64, in-memory, vs SQLite)
- Bulk insert 10k rows with a PRIMARY KEY: 13.4 ms (SQLite 33.6 ms).
- Point SELECT by PK over 10k rows: 1.42 µs (SQLite 0.62 µs).
- Durable commit (fsynced): 578 µs. CLI binary with the full crypto
stack: ~436 KiB.
Licensing
Dual-licensed: AGPL-3.0-only (see LICENSE), or a commercial license for
uses the AGPL does not fit — closed-source embedding, or running a
modified version as a network service without publishing source. See
LICENSING.md; commercial licensing via securityops.co. (Relicensed from
MIT during 1.0.0 finalization, before any tagged release.)
Stability commitment
The vault, WAL, sealed-export, and manifest formats are frozen at their
v1/v2 layouts and will remain readable. The public Rust API and the C ABI
are stable; breaking changes would be a 2.0.
Website: https://mirim.securityops.co · Source build & verification steps in README.md and RELEASE.md. Source mirrored to Forgejo, Codeberg, and GitHub.