Skrifheim is a Rust world database for signed, versioned, policy-bound facts, branchable worlds, causal provenance, tamper-evident storage, and security-aware query planning.
Built for causal provenance, tamper-evident history, strict release gates, and rootless containers.
skrifheim is a world database.
The 1.0 target is a serious production-ready causal world-state database for applications that need signed, versioned, policy-bound facts; branchable worlds; provenance; classification-aware planning; tamper-evident storage; and CMS integration through typed facts, atomic releases, sanitized projections, and AI artifacts with provenance.
The project is currently at the v0.5.0 implementation stop. It is not a
usable database engine.
skrifheim is licensed under the European Union Public Licence 1.2.
| Capability | Status | Notes |
|---|---|---|
| Rust workspace | Active | Edition 2024, resolver 3, Rust stable 1.96.0 pinned. |
| Core crate split | Active | Focused crates for core types, facts, worlds, policy, crypto envelopes, storage metadata, query planning, and CLI orchestration. |
no_std core policy |
Active | Library crates under crates/ use #![no_std] and #![forbid(unsafe_code)]. |
| Dependency policy | Active | cargo deny policy denies wildcard external dependencies and unknown sources. |
| Security reporting | Active | Private-first vulnerability process in SECURITY.md. |
| Release notes | Active | release-notes/RELEASE_NOTES_0.5.0.md records scope, verification, and non-claims. |
| Capability | Status | Notes |
|---|---|---|
| Core IDs and labels | Scaffolded | Tenant, world, fact, entity, predicate, policy, transaction, actor, source, timestamp, and classification types. |
| Fact builder and validation | Scaffolded | Facts carry valid time, evidence, confidence, policy, labels, causal links, and signature sets. |
| World overlays | Scaffolded | Worlds support deterministic metadata identity, parent pointers, depth, added facts, hidden facts, fork, and diff primitives. |
| Authority-aware policy context | Scaffolded | Subject, device, and workload context constrain clearance, compartments, releasability, output classification, and aggregate proof metadata. |
| Crypto-agile envelopes | Scaffolded | Algorithm IDs, crypto epochs, and signature envelopes exist without locking the database to one permanent algorithm. |
| Storage metadata | Scaffolded | Immutable segment headers validate magic, version, transaction range, and body length. |
| Query planning primitives | Scaffolded | Query requests become policy decision plans for early read, causality, simulation, and context intents. |
| Capability | Status | Notes |
|---|---|---|
| Local gate | Active | scripts/checks.sh runs formatting, shell syntax, doc links, release metadata, engineering policy, modularity, security policy, clippy, and tests. |
v0.5.0 release gate |
Active | scripts/release_0_5_gate.sh runs local checks, dependency policy, RustSec audit, CLI startup, and rootless Podman smoke. |
| Rootless Podman | Active | Containerfile builds and runs the current CLI in a non-root runtime image. |
| Pentest stop rule | Active | Every version has a clean implementation stop before tagging. Root PENTEST.md is temporary findings input and must be removed after resolution. |
| Modularity gate | Active | Non-generated Rust files over 500 lines fail the local gate. |
| Engineering gate | Active | Core libraries must stay no_std, forbid unsafe code, and avoid std imports. |
| Capability | Status | Target |
|---|---|---|
| Encryption control plane | Planned | v0.7.0 through v0.13.0. |
| Durable WAL | Planned | v0.14.0 through v0.16.0. |
| Immutable segment persistence | Planned | v0.17.0 through v0.20.0. |
| Strict serializable transactions | Planned | v0.21.0 through v0.23.0. |
| Native query parser and execution | Planned | v0.25.0 through v0.28.0. |
| Rebuildable projections | Planned | v0.29.0 through v0.32.0. |
| Crypto-agile manifest signatures | Planned | v0.33.0. |
| Audit proofs and backup/restore | Planned | v0.34.0 through v0.36.0. |
| CMS release primitives | Planned | v0.39.0 through v0.40.0. |
| AI artifact provenance | Planned | v0.41.0. |
| Local-first worlds and mission capsules | Planned | v0.42.0 through v0.43.0. |
| Fuzz/property baseline, operations, and hardening | Planned | v0.44.0 through v0.51.0. |
| Standalone legal/compliance passports and placement foundations | Planned | v0.52.0 through v0.55.0. |
| Production release candidate | Planned | v0.56.0. |
| Hyve multi-cell cluster fabric | Planned | v1.1.0 and later. |
- Worlds instead of databases: production, draft, simulation, audit, user-local, and mission worlds are first-class branchable states.
- Facts instead of rows: canonical state is signed, versioned, timed, evidence-bound, and policy-bound.
- Security-aware planning: classification, compartments, releasability, redaction, and rejection are database planning concerns, not application-side decoration.
- Compliance-aware direction: future instance, data, and operation passports let standalone reads, CMS access, exports, indexing, backup, AI processing, placement, replication, and failover respect signed law and compliance packs.
- Tamper-evident direction: WAL, immutable segments, manifests, signatures, and audit proofs are planned as the storage foundation.
- AI is not truth: AI output is planned as derived artifact state with provenance and review, never silent authoritative mutation.
- Strict engineering posture: core crates are
no_std, unsafe code is forbidden, external crates require admission, and release stops require pentest review.
Build the workspace:
cargo build --workspaceRun the current CLI:
cargo run -p skrifheimExpected output:
skrifheim 0.5.0
Run the normal local checks:
scripts/checks.shRun the v0.5.0 release gate:
scripts/release_0_5_gate.shSkip the rootless Podman part only when the host cannot run containers:
SKRIFHEIM_SKIP_PODMAN=1 scripts/release_0_5_gate.shBuild and run the local container:
scripts/podman_smoke.shThe current container only starts the CLI and prints build identity. Durable database operation begins in later storage and runtime milestones.
| Crate | Purpose |
|---|---|
skrifheim |
Main crate and CLI entry point. |
skrifheim-core |
IDs, timestamps, labels, values, and shared errors. |
skrifheim-fact |
Signed policy-bound fact model. |
skrifheim-world |
World branch and overlay model. |
skrifheim-policy |
Classification and planner decision model. |
skrifheim-crypto |
Crypto-agile algorithm and signature envelopes. |
skrifheim-storage |
Storage format and tamper-evident metadata model. |
skrifheim-query |
Query planning primitives. |
xtask |
Project automation helper. |
skrifheim is designed around military-security constraints:
- no god-mode database assumption,
- no unsafe code in core crates,
- no external dependencies without admission,
- no
stdin core library crates, - no AI output as authoritative truth,
- no release tag without a clean stop and pentest resolution,
- no legal/compliance-sensitive access, derivation, backup, export, or movement without signed policy inputs and audit proof,
- no root
PENTEST.mdcommitted.
See Engineering Policy, Unsafe Policy, Threat Model, and Security Controls.
Each version has a clean implementation stop. When the version criteria are
done, the maintainer runs a pentest for the exact commit and writes temporary
findings to root PENTEST.md. Findings are fixed, PENTEST.md is removed, and
the gates are rerun before any permanent pentest report or tag.
Tags are created only when explicitly requested.