Skip to content

Releases: SIGNETSTACK/SIGNET_FORGE

Signet Forge v0.1.1 — security, correctness, CI

01 May 21:48
@github-actions github-actions
Immutable release. Only release title and notes can be modified.
v0.1.1
deb3c8d

Choose a tag to compare

View all tags
Signet Forge v0.1.1 — security, correctness, CI Latest
Latest

Patch release rolling up all post-v0.1.0 security, correctness, and CI
work. Full notes in CHANGELOG.md.

Highlights

  • External pentest remediation (5 findings, 2 HIGH) — Strix.ai
  • Audit #8 — 21 findings remediated, zero open vulnerabilities
  • Thrift Correctness Phase — parquet-format 2.9.0 alignment, 47 new tests
  • 73 → 92 enterprise compliance gaps — FIPS 140-3, EU AI Act, MiFID II, GDPR, DORA
  • Performance — lock-free EventBus publish (~53 ns), FeatureReader RG cache (~0.14 μs cached get)
  • Local KMS — additive `IKmsClient` interface for on-premise deployments
  • CI — 17 jobs across Ubuntu / macOS / Windows MSVC / sanitizers / fuzz / mutation / codeql / sbom

Migration

  • C++: no public API breaks
  • Rust: `ParquetReader::schema()` now returns `SchemaRef<'a>` (lifetime-bound) — fixes a use-after-free (CWE-416). Existing `let s = reader.schema();` continues to compile; storing the schema beyond the reader'''s lifetime now fails at compile time as intended.

Tests

  • 779 → 830 unit tests in the canonical `server-pq` build
  • 844/844 passing in the `RelWithDebInfo + commercial` preset (PQ tests skipped without liboqs)

SBOM

CycloneDX and SPDX SBOMs attached as release assets (auto-generated by the SBOM workflow on tag push).

Verification

```bash
git clone https://github.com/SIGNETSTACK/SIGNET_FORGE.git
cd SIGNET_FORGE
git checkout v0.1.1
cmake --preset server-pq
cmake --build build-server-pq --target signet_tests
cd build-server-pq && ctest --output-on-failure
```

Assets 5
Loading

v0.1.0 — Initial Public Release

05 Mar 22:51
@Johnson-Ogundeji Johnson-Ogundeji
Immutable release. Only release title and notes can be modified.
v0.1.0
8700dfe

Choose a tag to compare

View all tags
v0.1.0 — Initial Public Release

Signet Forge v0.1.0 — Initial Public Release

The first public release of Signet Forge — a standalone, header-only C++20 Parquet library purpose-built for AI/ML infrastructure, quantitative finance, and regulated industries. Zero mandatory dependencies. Post-quantum encryption. Sub-microsecond streaming. Compliance-native audit trails for MiFID II and the EU AI Act. No other Parquet library fills these gaps.

What Makes Signet Forge Different

Capability Arrow C++ parquet-rs Lance Signet Forge
Standalone (no Arrow dependency) - Yes Yes Yes
Header-only core (zero mandatory deps) - - - Yes
Post-quantum encryption (Kyber-768 + Dilithium-3) - - - Yes
MiFID II / EU AI Act compliance reports - - - Yes
AI decision + inference audit trail - - - Yes
Sub-microsecond streaming WAL - - - Yes
Native vector column type (FLOAT32_VECTOR) - - Yes Yes
Zero-copy Parquet to ONNX Runtime bridge - - - Yes
Parquet-native feature store - - - Yes
Encrypted bloom filters (PME) - - - Yes

Core Parquet Engine

  • ParquetWriter / ParquetReader / MmapParquetReader — streaming write, random-access read, zero-copy mmap path
  • 7 physical types — BOOLEAN, INT32, INT64, INT96, FLOAT, DOUBLE, BYTE_ARRAY, FIXED_LEN_BYTE_ARRAY
  • 5 encodings — PLAIN, RLE/Bit-Packing Hybrid, DELTA_BINARY_PACKED, BYTE_STREAM_SPLIT, RLE_DICTIONARY
  • 4 compression codecs — Snappy (bundled, zero-dep), ZSTD, LZ4, Gzip (optional link)
  • Column/offset index — predicate pushdown, page-level min/max statistics
  • Split-block bloom filters — xxHash64, PME-encrypted bloom support
  • CSV-to-Parquet converter — automatic type detection

Encryption & Post-Quantum Cryptography

  • Parquet Modular Encryption (PME) — full spec: AES-256-GCM footer encryption + AES-256-CTR column data encryption
  • Post-quantum KEM — Kyber-768 key encapsulation (NIST FIPS 203 candidate)
  • Post-quantum signatures — Dilithium-3 digital signatures (NIST FIPS 204 candidate)
  • X25519 key agreement — real RFC 7748 Montgomery ladder implementation
  • Hybrid KEM — X25519 + Kyber-768 combined encapsulation (classical + post-quantum security)
  • Key metadata serialization — TLV format with overflow guards

AI/ML Infrastructure

  • FLOAT32_VECTOR(dim) logical type — SIMD-accelerated I/O for embedding vectors
  • INT8/INT4 quantized vectors — on-read dequantization for compressed model weights
  • Zero-copy tensor bridge — Parquet columns to ONNX OrtValue, Arrow ArrowArray, DLPack, NumPy buffer protocol
  • Feature StoreFeatureWriter + FeatureReader with point-in-time correct as_of() lookups (12 us per entity)
  • Event Bus — Vyukov MPMC ring (10.4 ns push+pop) + columnar ColumnBatch + three-tier topic router

Streaming WAL (Write-Ahead Log)

  • WalWriter — fwrite-based, 339 ns per 32 B append, CRC-32 integrity on every record
  • WalMmapWriter — mmap ring-buffer, ~38 ns per 32 B append, background segment pre-allocation
  • WalReader — crash-safe recovery with truncated-record tolerance
  • WalManager — segment rolling, compaction, lifecycle management
  • StreamingSink — lock-free ring buffer to automatic row group flushing

Regulatory Compliance (BSL 1.1)

  • SHA-256 audit chain — tamper-evident hash chain across row groups; any modification breaks the chain
  • DecisionLogWriter / Reader — structured AI decision logging with strategy ID, confidence, feature snapshots
  • InferenceLogWriter / Reader — ML inference audit trail (model version, input hash, output, latency)
  • MiFID II RTS 24 Reporter — Annex I report generation in JSON, NDJSON, and CSV formats
  • EU AI Act Reporter — Articles 12, 13, and 19 conformity assessment reports
  • Row lineage tracking — monotonic row IDs with prev_hash chain for provenance

Language Bindings

  • Python — 44 C++ API exports via pybind11, NumPy integration, 35 pytest tests
  • Rust — C FFI layer + signet-forge-sys (unsafe) + signet-forge (safe wrapper), 10 tests
  • WASM — Emscripten embind, drag-and-drop browser demo
  • C FFI — portable C99 interface for any language with C interop

Quality & Security

  • 394 unit tests — 100% passing across 17 test files
  • 4 security hardening passes — 87 vulnerabilities identified and fixed across entire codebase
  • 6 fuzz harnesses — libFuzzer on reader, Thrift parser, RLE, Delta, BSS, Dictionary encoders
  • 59 enterprise benchmark cases — write/read throughput, WAL latency, encoding speed, feature store, MPMC ring, compliance reporters
  • 11 CI jobs — Ubuntu + macOS + Windows MSVC + ASan + TSan + UBSan + server codecs (ZSTD/LZ4/Gzip) + post-quantum (liboqs) + fuzz + coverage + benchmarks
  • Platform CSPRNG — arc4random_buf (macOS), getrandom (Linux) for IV generation
  • Key-zeroing destructors — AES round keys and cipher adapter buffers wiped on destruction

Installation

include(FetchContent)
FetchContent_Declare(signet_forge
    GIT_REPOSITORY https://github.com/SIGNETSTACK/SIGNET_FORGE.git
    GIT_TAG        v0.1.0)
FetchContent_MakeAvailable(signet_forge)
target_link_libraries(your_target PRIVATE signet::forge)

Full Changelog

See CHANGELOG.md for complete details.

License

  • Core library: Apache 2.0
  • AI audit & compliance tier: BSL 1.1 (converts to Apache 2.0 on January 1, 2030)
Loading