A new core. Simpler, faster, stronger.
GuardianDB 0.14.0 Ironclad marks the largest structural change since the beginning of the project. This is not an incremental release. It is a deliberate reconstruction of the foundations, designed to reduce complexity, eliminate inherited layers, and align GuardianDB with a truly local-first, deterministic, and native P2P architecture.
Ironclad does not just add features. It removes what no longer needed to exist.
Goodbye IPFS and libp2p. Hello Iroh.
GuardianDB officially no longer depends on IPFS or libp2p. The entire replication and P2P communication layer is now built directly on top of Iroh, using its native gossip and document protocols.
This migration brought immediate gains:
- A more direct and predictable architecture
- Fewer intermediate abstractions and less duplicated code
- Native replication without artificial wrappers
- Better integration with identity, cryptography, and synchronization
The former Replicator module, which duplicated functionality already provided by Iroh, has been completely removed. Replication now happens where it always should have: in the network core itself.
From JSON to binary: Postcard as the standard
Another central change in the Ironclad architecture was the complete removal of JSON serialization from GuardianDB’s internal structures.
All serialization of CRDTs, operations, snapshots, messages, and permissions now uses Postcard, a compact and deterministic binary format.
The impact is significant:
- 65% to 84% reduction in serialized data size
- Up to 6× faster serialization and deserialization
- Elimination of JSON ambiguities and inconsistencies
- Smaller attack surface and less complex parsing
To guarantee cryptographic consistency, serialized structures now use BTreeMap instead of HashMap, ensuring stable ordering and reproducible hashes.
CIDs out. BLAKE3 in.
With the removal of IPFS, CIDs no longer make sense in GuardianDB.
Ironclad fully replaces CID-based identifiers with BLAKE3 hashes, computed over deterministically serialized data.
The result:
- Predictable and reproducible hashes
- Higher performance
- Direct alignment with the local-first data model
- Fewer external conceptual dependencies
A hash is now exactly that: a hash of the real content, not an artifact borrowed from another ecosystem.
Modern cryptography aligned with the core
All cryptographic infrastructure has been migrated from secp256k1 to ed25519, following the standard adopted by Iroh.
This change reduces key sizes, simplifies verification, and improves interoperability. Signatures now operate directly on raw bytes, without unnecessary intermediate hashing, making the system both simpler and more correct.
A GuardianDB tested to its limits
Ironclad is not just architecture. It is verification.
This release introduces more than 800 tests, covering:
- Access control (ACL) with multiple controllers
- P2P replication across multiple nodes
- Concurrency, cache isolation, and failure recovery
- Persistence, permissions, identities, and extreme edge cases
The tests validate not only functional behavior, but also guarantee real isolation between nodes, a critical requirement in distributed environments.
Reactive and observable synchronization
GuardianDB now includes a reactive synchronization system, allowing interfaces, monitoring tools, or higher-level layers to observe in real time:
- Synchronization start
- Percentage-based progress
- Intermediate states
- Completed replications or failures
Synchronization is no longer a black box. It becomes an observable flow.
Radical API simplification
Several API methods were changed from &mut self to &self, properly exposing the existing interior mutability model.
The practical effect is a more ergonomic API, especially when working with Arc<dyn Trait>, with no loss of safety or consistency.
Ironclad is not the end. It is the base.
GuardianDB 0.14.0 Ironclad establishes a solid, minimal, and coherent foundation.
Fewer layers. Fewer inherited assumptions. More control.
From here, evolution becomes easier. Scaling becomes more predictable. And the system does exactly what it promises: synchronize data in a local-first, secure, and quiet way.