mirim 1.0.0
First stable release. No code change from 0.14.0; this milestone declares
the public API and the on-disk formats stable. The per-version history
that follows records how the project reached here.
What mirim is
A tiny embedded SQL database (~3.4 kLOC of safe Rust, #![forbid(unsafe_code)]),
encrypted at rest by default, with post-quantum sealed exports and no
classical asymmetric cryptography anywhere in any file format.
Capabilities
- SQL subset over in-memory tables: CREATE/INSERT/SELECT/UPDATE/DELETE,
INTEGER and TEXT, single-column PRIMARY KEY / UNIQUE with an O(1)
equality index,?parameter binding, no type coercion. - Encrypted vault (
.mrm): XChaCha20-Poly1305 over the snapshot, key from
Argon2id (passphrase) or a caller-held 32-byte key; atomic saves. - Durable sessions (
DurableDb): an encrypted write-ahead log; an
acknowledged mutation surviveskill -9and power loss, enforced by a
SIGKILL harness.checkpoint()folds the log into a fresh snapshot. - Post-quantum sealed exports: ML-KEM-768 (FIPS 203), single- and
multi-recipient. Signed manifests: ML-DSA-87 (FIPS 204) viamirim-sign,
with monotonic-counter rollback enforcement; mirim signs its own
releases with it. - Key rotation, one-writer advisory locking, and a C FFI (
mirim-ffi).
Security
- No classical public-key cryptography in any persisted artifact, so
archived vaults and sealed exports are outside harvest-now-decrypt-later
scope. Primitives are vetted RustCrypto / ML-KEM / ML-DSA crates. - Official test vectors pass: FIPS 203, FIPS 204, RFC 9106, RFC 8439.
- A plain-English threat model with an explicit "does NOT protect against"
section lives in SECURITY.md.
Assurance
- 97 native tests, a SIGKILL power-cut harness, 5 libFuzzer targets, a
proptest property layer, a model-based differential test against an
independent oracle, and Miri on the logic-bearing suites. - The C FFI runs under ASan + UBSan.
- Reproducible release builds (bit-identical), a CycloneDX SBOM of the
runtime dependency closure, andcargo audit/cargo denygates in CI.
Measured (x86-64, in-memory, vs SQLite)
- Bulk insert 10k rows with a PRIMARY KEY: 13.4 ms (SQLite 33.6 ms).
- Point SELECT by PK over 10k rows: 1.42 µs (SQLite 0.62 µs).
- Durable commit (fsynced): 578 µs. CLI binary with the full crypto
stack: ~436 KiB.
Licensing
Dual-licensed: AGPL-3.0-only (see LICENSE), or a commercial license for
uses the AGPL does not fit — closed-source embedding, or running a
modified version as a network service without publishing source. See
LICENSING.md; commercial licensing via securityops.co. (Relicensed from
MIT during 1.0.0 finalization, before any tagged release.)
Stability commitment
The vault, WAL, sealed-export, and manifest formats are frozen at their
v1/v2 layouts and will remain readable. The public Rust API and the C ABI
are stable; breaking changes would be a 2.0.
Website: https://mirim.securityops.co · Source build & verification steps in README.md and RELEASE.md. Source mirrored to Forgejo, Codeberg, and GitHub.