Crate kimberlite

Expand description

§Kimberlite

Compliance-native database for regulated industries.

Kimberlite is built on a replicated append-only log with deterministic projection to a custom storage engine. This provides:

Correctness by design - Ordered log → deterministic apply → snapshot
Full audit trail - Every mutation is captured in the immutable log
Point-in-time recovery - Replay from any offset
Compliance by construction - Built-in durability and encryption

§Architecture

┌─────────────────────────────────────────────────────────────┐
│                          Kimberlite                             │
│  ┌─────────┐   ┌───────────┐   ┌──────────┐   ┌──────────┐ │
│  │   Log   │ → │  Kernel   │ → │  Store   │ → │  Query   │ │
│  │(append) │   │(pure FSM) │   │(B+tree)  │   │  (SQL)   │ │
│  └─────────┘   └───────────┘   └──────────┘   └──────────┘ │
└─────────────────────────────────────────────────────────────┘

§Quick Start

use kimberlite::{Kimberlite, TenantId, DataClass};

// Open database
let db = Kimberlite::open("./data")?;

// Get tenant handle
let tenant = db.tenant(TenantId::new(1));

// Create a stream
let stream_id = tenant.create_stream("events", DataClass::NonPHI)?;

// Append events
tenant.append(stream_id, vec![b"event1".to_vec(), b"event2".to_vec()])?;

// Query (point-in-time support)
let results = tenant.query("SELECT * FROM events LIMIT 10", &[])?;

§Modules

SDK Layer: Kimberlite, TenantHandle - Main API
Foundation: Types, crypto, storage primitives
Query: SQL subset for compliance lookups

Structs§

BTreeStore: B+tree-based projection store implementation.
ChainHash: A 32-byte SHA-256 hash used for chaining records.
ColumnDef: Definition of a table column.
ColumnName: SQL column name.
Directory: Routes stream placements to VSR replication groups.
FieldKey: A key for encrypting a specific field, derived from a tenant key.
GroupId: Unique identifier for a replication group.
KAnonymityResult: Result of a k-anonymity check.
Key: A key in the projection store.
Kimberlite: The main Kimberlite database handle.
KimberliteConfig: Configuration for opening a Kimberlite database.
Offset: Position of an event within a stream.
QueryEngine: Query engine for executing SQL against a projection store.
QueryResult: Result of executing a query.
Record: A single record in the event log.
ReversibleToken: Encrypted token that can be reversed with the key.
Schema: Schema registry mapping SQL names to store types.
SchemaBuilder: Builder for constructing schemas fluently.
State: The kernel’s in-memory state.
Storage: Append-only event log storage with checkpoint support.
StreamId: Unique identifier for a stream within the system.
StreamMetadata: Metadata describing a stream’s configuration and current state.
StreamName: Human-readable name for a stream.
TableDef: Definition of a table in the schema.
TableId: Unique identifier for a table within the store.
TableName: SQL table name.
TenantHandle: A tenant-scoped handle for database operations.
TenantId: Unique identifier for a tenant (organization/customer).
Token: A deterministic token for consistent pseudonymization.
WriteBatch: A batch of write operations to apply atomically.

Enums§

Command: A command to be applied to the kernel.
DataClass: Classification of data for compliance purposes.
DataType: SQL data types supported by the query engine.
DatePrecision: Precision level for date truncation.
DirectoryError: Errors that can occur during directory lookups.
Effect: An effect to be executed by the runtime.
ExecuteResult: Result of executing a DDL/DML statement.
GeoLevel: Geographic hierarchy levels for generalization.
KernelError: Errors that can occur when applying commands to the kernel.
KimberliteError: Errors that can occur during Kimberlite operations.
MaskStyle: Style for masking sensitive values.
Placement: Placement policy for a stream.
QueryError: Errors that can occur during query parsing and execution.
Region: Geographic region for data placement.
StorageError: Errors that can occur during storage operations.
StoreError: Errors that can occur during store operations.
Value: A typed SQL value.
WriteOp: A single write operation within a batch.

Traits§

ProjectionStore: Trait for projection stores that maintain derived state from the log.

Functions§

apply_committed: Applies a committed command to the state, producing new state and effects.
chain_hash: Computes the next hash in the chain.
check_k_anonymity: Checks if a set of quasi-identifier combinations achieves k-anonymity.
decrypt_field: Decrypts a field value encrypted with encrypt_field.
encrypt_field: Encrypts a field value with randomized encryption.
generalize_age
generalize_numeric: Generalizes a numeric value into a range.
generalize_zip: Generalizes a ZIP code by preserving only the first N digits.
mask: Masks a string value according to the specified style.
redact: Returns None to represent a fully redacted value.
tokenize: Creates a deterministic token from a value.
truncate_date: Truncates a date to the specified precision.

Type Aliases§

Result: Result type for Kimberlite operations.
Row: A single result row.

Crate kimberlite

Crate kimberlite Copy item path

§Kimberlite

§Architecture

§Quick Start

§Modules

Structs§

Enums§

Traits§

Functions§

Type Aliases§

Crate kimberlite