Skip to main content

Unified Rust persistence for the CIRIS federation — signed events, time-series, runtime state.

Project description

CIRISPersist

One embeddable Rust crate behind every stateful surface a CIRIS federation node needs — the signed reasoning-trace log, the hash-chained audit log, the memory graph, time-series telemetry, secrets-at-rest, and federation trust state. Postgres or SQLite; in-process via PyO3 or over HTTP.

What it is

CIRISPersist is the lowest stateful substrate above CIRISVerify. An agent or lens node links it as a library — pip install ciris-persist — and gets every storage surface it needs from one versioned API instead of ~11 hand-rolled services. The backend is chosen at Engine construction by DSN scheme (postgres://… or sqlite://…); every method works on both.

Substrates

Substrate Backs
trace ingest signed reasoning-trace event log + LLM-call log
cirisaudit hash-chained, per-tenant signed audit log (RFC 6962 Merkle)
cirisgraph memory nodes + edges — absorbs MemoryService / ConfigService
telemetry metric writes + TSDB rollup
secrets federated SecretsService — AES-256-GCM at rest, hardware-backed master key
cirisnode CIRISNodeCore federation-consensus substrate
sequence / occurrence atomic per-identity counters + endpoint-liveness registry
lens substrates tasks, thoughts, correlations, tickets, deferral reports, WA certs, …

Honest read

  • Postgres + SQLite at 100% parity. Every PyO3 method works on both backends — including the observability read API and the lens-derived schemas — so sovereign-mode (Pi / iOS) deployments are not second-class.
  • In-process cohabitation. Engine is a process-singleton: a CIRIS 3.0 process hosting the agent + NodeCore + LensCore shares one runtime, one pool, one identity — see docs/COHABITATION.md.
  • Hardware-backed secrets. The secrets master key is derived — via CIRISVerify — from a seed sealed by the platform TPM / Keystore / Secure Enclave where one exists, with an honest software fallback where it does not.
  • Crypto goes through CIRISVerify. Persist never rolls its own — signing, verification, and key derivation route through ciris-verify-core / ciris-keyring.
  • Deliberately not: no embedded graph DB engine (Postgres / SQLite recursive CTEs instead); not a daemon (a library, not a service); horizontal sharding is out of scope. No direct peer to benchmark against — the thing it replaces is per-service ORMs and hand-rolled SQL.

Quick start

import ciris_persist as cp

engine = cp.Engine(dsn="sqlite://./agent.db", signing_key_id="agent-ed25519")
engine.register_consumer("my-adapter", ["cirisgraph"])
summary = engine.receive_and_persist(request_body_bytes)

Docs

Doc What
MISSION.md Mission-Driven Development alignment (Accord Meta-Goal M-1)
FSD/CIRIS_PERSIST.md Full functional spec
docs/COHABITATION.md In-process cohabitation model
docs/THREAT_MODEL.md Threat model (AV-* attack vectors)
docs/PUBLIC_SCHEMA_CONTRACT.md Stable schema contract
CHANGELOG.md Per-release history

License

AGPL-3.0-or-later. The persistence path is auditable line-by-line by design: closed-source forks are forbidden, which makes the federation primitive's audit story structurally enforceable, not merely socially expected.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ciris_persist-1.11.0-cp311-abi3-manylinux_2_38_x86_64.whl (9.9 MB view details)

Uploaded CPython 3.11+manylinux: glibc 2.38+ x86-64

ciris_persist-1.11.0-cp311-abi3-manylinux_2_38_aarch64.whl (9.5 MB view details)

Uploaded CPython 3.11+manylinux: glibc 2.38+ ARM64

ciris_persist-1.11.0-cp311-abi3-macosx_11_0_arm64.whl (6.9 MB view details)

Uploaded CPython 3.11+macOS 11.0+ ARM64

File details

Details for the file ciris_persist-1.11.0-cp311-abi3-manylinux_2_38_x86_64.whl.

File metadata

File hashes

Hashes for ciris_persist-1.11.0-cp311-abi3-manylinux_2_38_x86_64.whl
Algorithm Hash digest
SHA256 712c9f3af1321cb572d4d85b3e85e88ee9a0b89587033838e2a0712e388570c8
MD5 cb4d171da984a5d9c125e52f7a49f60a
BLAKE2b-256 a4a8a6bf9014279faab047d41458d06aa250da97c017c70e1f9d4b22787c0ac4

See more details on using hashes here.

Provenance

The following attestation bundles were made for ciris_persist-1.11.0-cp311-abi3-manylinux_2_38_x86_64.whl:

Publisher: ci.yml on CIRISAI/CIRISPersist

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ciris_persist-1.11.0-cp311-abi3-manylinux_2_38_aarch64.whl.

File metadata

File hashes

Hashes for ciris_persist-1.11.0-cp311-abi3-manylinux_2_38_aarch64.whl
Algorithm Hash digest
SHA256 17e2daf9fefb8b599831cae19f82d633ebfedfafcf99d02e12ca8381ea88f4e6
MD5 cdf60e22633630d9f283a07967cbf168
BLAKE2b-256 9ca116ff3e0c2f32c5fbb4e58a61b2e63fbdce5558cc63354089305afe18e257

See more details on using hashes here.

Provenance

The following attestation bundles were made for ciris_persist-1.11.0-cp311-abi3-manylinux_2_38_aarch64.whl:

Publisher: ci.yml on CIRISAI/CIRISPersist

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ciris_persist-1.11.0-cp311-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ciris_persist-1.11.0-cp311-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 db65e8e745e1df4e163be3c71e0a3aaaa649ae74952999b9b784cd7791d8b3cb
MD5 5009c518171e7b82497a18f70af41c98
BLAKE2b-256 125967af27049d9dc2d7ab81bd256bdccfff9bc85370e73bd5cfa229d25b1fba

See more details on using hashes here.

Provenance

The following attestation bundles were made for ciris_persist-1.11.0-cp311-abi3-macosx_11_0_arm64.whl:

Publisher: ci.yml on CIRISAI/CIRISPersist

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page