Features
FusionDB packs three production-grade database engines into one binary, bound by a single atomic transaction layer and a unified query interface.
Three Engines. One Write.
| Layer | Storage Format | Use Case | Key Prefix |
|---|---|---|---|
| KV Store | AES-256-GCM encrypted JSON documents | Fast point lookups, metadata, audit fields, entity payloads | 0x10 – 0x12 |
| Graph Store | Semantic triples (subject → predicate → object) | Relationship traversal, entity linking, ontology queries | 0x00 – 0x01 |
| Vector Store | Float32 embeddings via HNSW index | Similarity search, RAG retrieval, semantic ranking | 0x02 – 0x04 |
Every KV payload is encrypted with AES-256-GCM before touching disk. A fresh random nonce is generated per write. Three byte-prefix-isolated data tiers maintain logical separation between verified, unverified, and knowledge data.
- AES-256-GCM encryption at rest
- Ristretto LRU in-process cache (128 MB default)
- ScanFilterStream for streaming reads
- Salience / reliability / decay envelope
Bidirectional quad store with length-prefixed key format. Forward edges at prefix 0x00, reverse at 0x01. Degree-2 (PII) edges are HMAC-SHA256 masked — the original value is stored in a separate encrypted reverse-lookup record.
- Bidirectional edge indexing
- HMAC-SHA256 PII masking on Degree-2 edges
- 4-Degree ontology (Primary → Quaternary)
- HydrateEntity() full relationship resolution
Hierarchical Navigable Small World (HNSW) approximate nearest-neighbor index backed by BadgerDB. No separate vector service required. CometNode binary serialization with cosine-distance metric and configurable max neighbors.
- HNSW ANN index (cosine distance)
- Float32 embedding support
- MaxNeighbors = 16 (configurable)
- Vector similarity via UFL
$nearselector
Zero-Trust Data Model
FusionDB derives two independent keys from your master secret — one for encryption, one for PII salting. The raw secret never enters the database. Degree-2 PII identifiers are one-way hashed before indexing.
- AES-256-GCM encryption for all KV payloads
- HMAC-SHA256 key derivation with domain separation
- HMAC-SHA256 PII masking (emails, phones, IDs)
- Encrypted reverse-lookup for PII decryption
- FUSIONDB_SECRET environment variable — never on disk
- Startup validation: exit on insufficient key entropy
- Circuit breaker — halts after 3 sequential failures
- Session sync guard — prevents cross-session operations
Unified Fusion Language
UFL is a JSON-based declarative interface for all reads and writes. One manifest format handles entity fusion, vector queries, and graph traversal.
{
"ufl_version": "1.0",
"action": "fuse",
"entity": {
"id": "person:jane_smith",
"type": "Person",
"tier": "verified",
"vector": [0.12, -0.05, 0.88, 0.34],
"kv": { "name": "Jane Smith" },
"relations": {
"secondary": [
{ "predicate": "has_email",
"object": "jane@corp.com" }
]
}
}
}Write entities atomically across all three layers. Supports JSON manifests, Markdown (YAML frontmatter), and Excel files for bulk ingestion.
Query by entity ID with selector.id, or by vector similarity with selector.vector.$near. Hydration options control relationship depth (1–4 degrees).
The seed CLI command recursively ingests a directory of JSON, Markdown, and Excel files. Batch commits at 100 entities prevent transaction overflow.
CLI & Observability
CLI Commands
| Command | Description |
|---|---|
| store | Single entity write via command-line flags |
| query | Forward graph index lookup by subject |
| ufl | Parse and fuse a UFL manifest JSON file |
| seed | Recursive directory ingestion (JSON, MD, XLSX) |
| serve | HTTP observability server with health endpoints |
Observability Endpoints
Liveness probe. Returns 200 ok whenever the process is running.
Readiness probe. Returns 200 ok when the database LOCK file exists and disk usage is below 90%.
Ready to Build?
One license unlocks the full FusionDB engine — Windows installer, Linux binary, and Go library.