AmateRS 0.2.0 Released — UPDATE Queries, OCSP Revocation, JWT Expansion, GPU Detection, and the First End-to-End FHE Examples

Your server should never need to read your data. AmateRS 0.2.0 makes that a complete, operable database — not just a promise.

Today we released AmateRS 0.2.0 — the distributed Fully Homomorphic Encryption database that computes on encrypted data without ever exposing plaintext to the server, now with mutable UPDATE queries, real-time certificate revocation, a full JWT algorithm suite, GPU detection, graceful shutdown, and the first three end-to-end FHE applications.

No C. No Fortran. No OpenSSL pulled in through the back door. The FHE incumbents — TFHE-rs wrappers around C, Microsoft SEAL, OpenFHE — and the cloud databases that still demand plaintext access all share the same unspoken assumption: that the server gets to read your data. AmateRS removes that assumption from the architecture, not from the marketing copy. It ships as a single static binary, it is 100% Pure Rust by default, it is now licensed Apache-2.0, and it serializes everything through oxicode — no bincode on the hot path, no surprise native toolchain. AmateRS is the rock cave (Iwato): your data stays inside a cryptographic shell while the computational light still shines.

Why AmateRS 0.2.0 is a game changer

FHE has had a brutal reputation: it could read, compare, and aggregate ciphertext, but the moment you wanted to change a record, run a production TLS handshake against revoked certs, or shut a node down without losing the last few writes, the abstraction leaked and you were back to plaintext databases. 0.2.0 closes those gaps. It is the largest changelog in the project’s history, and it turns AmateRS from “a remarkable storage-and-compute experiment” into “a database you can run.”

• UPDATE queries, finally — with atomic rollback. AmateRS now supports predicate-based UPDATE: select rows by an FHE predicate and mutate them. If anything fails mid-update, the operation rolls back atomically. No half-applied writes, no partial mutation states.
• Query-result caching. An LRU cache with write-through invalidation sits in front of the query path. Repeated reads hit the cache; any write that touches the underlying data invalidates the affected entries automatically, so you never serve a stale result after a mutation.
• OCSP revocation checking (RFC 6960). mTLS that only checks the certificate chain is mTLS that trusts compromised certificates until they expire. AmateRS now performs full Online Certificate Status Protocol checks, so a revoked client cert is rejected in real time.
• JWT algorithm expansion. On top of HS256/RS256/ES256, the server now accepts HS384, HS512, RS384, RS512, ES384, and EdDSA. Your token infrastructure no longer has to bend to fit the database.
• GPU device detection. AmateRS now probes for accelerators at runtime — Metal on macOS, CUDA on Linux — and exposes the result through both config and metrics, so the FHE compute engine (Yata, the Eight-Span Mirror) knows what hardware it is standing on.
• Graceful shutdown. Ordered teardown — WAL flush, then memtable compaction, then connection drain — means a SIGTERM or SIGINT no longer risks the last writes. The database comes down cleanly.

These are concrete wins, every one of them backed by code and by 1852 passing tests across the workspace.

Technical Deep Dive

Query Engine — mutation, caching, and SDK ergonomics

The headline is the UPDATE query. AmateRS selects rows by an FHE predicate and applies a mutation to them, and the whole operation is transactional: a failure anywhere in the update triggers an atomic rollback so the store is never left in a partially-mutated state. This is the piece that was missing for AmateRS to behave like a database rather than an append-and-read log.

Around the query path sits the new query-result cache — LRU eviction with write-through invalidation. Reads warm the cache; any write that touches the underlying data invalidates the relevant cached results, so correctness after a mutation is automatic rather than something you have to reason about.

On the client side, the SDK gains cursor-based pagination with a configurable page size and multi-field sorting. Large result sets are now paged through with a cursor instead of materialized whole, and you can sort by several fields at once — the kind of ergonomics that make AQL pleasant to build real applications on.

Security & TLS — revocation, algorithms, and key handling

The Network layer (Musubi, the Knot) got the deepest security work in the project so far. OCSP revocation checking implements RFC 6960 end to end: certificate validity is verified against the issuing authority’s responder, so a revoked cert is caught immediately instead of being honored until its natural expiry.

The JWT algorithm suite expands to cover HS384/HS512/RS384/RS512/ES384/EdDSA in addition to the original HS256/RS256/ES256 — a near-complete set spanning HMAC, RSA, ECDSA, and Edwards-curve signatures.

For mTLS configuration there is now a fluent TLS client builder: client certificate and key loading expressed as a readable chain rather than a struct full of optionals. And crucially, AmateRS can now load encrypted PEM keys — password-protected PKCS#8, plus legacy PKCS#1 and SEC1 formats — so the keys you already have, encrypted the way your security team requires, just work.

Network & Transport — meeting clients where they live

The TypeScript SDK gains a native HTTP/1.1 transport built directly on Node’s http/https modules. Until now the SDK was gRPC-only; the HTTP/1.1 path replaces that constraint and unlocks browser and edge runtimes where HTTP/2 gRPC is awkward or unavailable. It is opt-in — set AmateRSClientOptions.transport = "http1" — so existing deployments are untouched.

On the server, graceful shutdown hooks enforce an ordered teardown on SIGTERM/SIGINT: WAL flush → memtable compaction → connection drain. The sequence is deliberate — durability first, then storage consolidation, then disconnecting clients — and it is what prevents data loss when the orchestrator decides it is time for a node to go.

Storage & Consensus — reclaiming space, catching up faster

Down in the storage engine (Iwato, the Rock Cave), a background GC worker now runs periodic value-log compaction. AmateRS uses WiscKey-style value separation, where large values live in a separate log; over time, deleted and overwritten values leave dead space behind. The GC worker reclaims it in the background, so the value log doesn’t grow without bound.

In consensus (Ukehi, the Sacred Pledge), the Raft state machine now applies committed entries in batches and supports snapshotting, so a follower that has fallen behind can catch up from a snapshot instead of replaying the entire log. Batch-apply cuts the per-entry overhead under sustained write load; snapshotting bounds how far a lagging node can fall.

Getting Started

Add AmateRS to a Rust project, or pull in the SDK directly:

# As a library / facade crate
cargo add amaters

# Or pin the Rust SDK explicitly in Cargo.toml:
#   amaters-sdk-rust = "0.2.0"

# Start the server with a local data directory
cargo run --bin amaters-server -- start --data-dir ./data

# NEW in 0.2.0: generate shell completions
cargo run --bin amaters-cli -- completions bash > ~/.local/share/bash-completion/completions/amaters

A predicate-based UPDATE with atomic rollback, and a paginated, sorted read, from the Rust SDK:

use amaters_sdk_rust::AmateRSClient;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = AmateRSClient::connect("http://localhost:7878").await?;

    // UPDATE: select by an FHE predicate, mutate the matched rows.
    // If the update fails partway, the whole operation rolls back atomically.
    client
        .update("accounts")
        .filter("balance < 0")
        .set("status", "frozen")
        .execute()
        .await?;

    // Cursor-based pagination with multi-field sorting.
    let page = client
        .query("accounts")
        .filter("status == \"active\"")
        .sort_by(&["region", "created_at"])
        .page_size(100)
        .fetch()
        .await?;

    println!("fetched {} rows; next cursor: {:?}", page.len(), page.next_cursor());
    Ok(())
}

What’s New in 0.2.0

Query Engine

• UPDATE queries with predicate-based row selection and atomic rollback on failure.
• Query-result caching: LRU eviction with write-through invalidation.
• SDK pagination: cursor-based, configurable page size, multi-field sorting.

Security & TLS

• OCSP revocation checking — full RFC 6960.
• JWT algorithm expansion — HS384, HS512, RS384, RS512, ES384, EdDSA added alongside HS256/RS256/ES256.
• Fluent TLS client builder for mTLS — client cert + key loading.
• Encrypted PEM key decryption — password-protected PKCS#8, plus legacy PKCS#1 and SEC1.

Network & Transport

• Native HTTP/1.1 transport for the TypeScript SDK (pure Node http/https) — enables browser/edge; opt in via AmateRSClientOptions.transport = "http1".
• Graceful shutdown hooks — ordered WAL flush → memtable compaction → connection drain.

Distributed Systems

• Raft state machine — batch apply of committed entries plus snapshotting for faster follower catch-up.

Storage & GC

• Background GC worker — periodic value-log compaction reclaiming space from deleted/overwritten WiscKey values.

CLI & Server

• Shell completion generation — amaters-cli completions <shell> for Bash, Zsh, Fish, PowerShell, and Elvish.
• Health-check HTTP endpoint — standalone HTTP /health, /readyz, /livez, /metrics alongside the existing gRPC health service.

GPU

• GPU device detection — runtime probe for Metal (macOS) / CUDA (Linux); result surfaced via config and metrics.

FHE Examples (3 end-to-end)

• Credit scoring (examples/credit_scoring) — computes a credit risk score over encrypted financial attributes.
• Healthcare genomics (examples/healthcare_genomics) — encrypted genomic variant analysis with no raw sequence exposure.
• Supply chain (examples/supply_chain) — privacy-preserving provenance over encrypted records.

Changed

• License is now Apache-2.0 only (dual MIT/Apache dropped, aligning with COOLJAPAN Policy 2026+).
• Edition upgraded to 2024; rust-version is now 1.85.
• Bench harness migrated from criterion::black_box to std::hint::black_box.

Fixed

• Zero clippy warnings across the workspace.
• Resolved the rustdoc doc-build collision between amaters and amaters-sdk-python.
• Fixed broken intra-doc links.

Tips

• Use the TS SDK in the browser or at the edge. Opt into the new transport with AmateRSClientOptions.transport = "http1" to run on pure Node http/https instead of gRPC-over-HTTP/2 — ideal for environments where HTTP/2 gRPC is unavailable.
• Install shell completions on day one. amaters-cli completions <shell> emits scripts for Bash, Zsh, Fish, PowerShell, and Elvish. Pipe it into your completions directory once and the CLI tab-completes forever.
• Turn on OCSP for real revocation. Chain validation alone trusts a compromised certificate until it expires. With OCSP enabled, a revoked client cert is rejected the moment it presents.
• Trust the rollback. A predicate-based UPDATE that fails partway rolls back atomically — the store is never left half-mutated, so you don’t need to wrap updates in your own compensation logic.
• Let the GC worker run. The background GC worker reclaims WiscKey value-log space from deleted and overwritten values automatically; you don’t have to schedule manual compactions to keep the value log bounded.
• Read GPU detection from metrics. The runtime accelerator probe (Metal / CUDA) is exposed via both config and the metrics endpoint — scrape it to confirm the FHE engine actually found the hardware you expect.

Migration from 0.1.0

A short, honest list of what changes when you move from 0.1.0:

• License string. LicenseInfo now reports "Apache-2.0" instead of "MIT OR Apache-2.0". If you assert on it programmatically, update the expected value.
• Benchmarks. Swap criterion::black_box for std::hint::black_box in any benches you maintain against AmateRS internals.
• TypeScript SDK transport. Nothing breaks by default — gRPC remains the default — but you can now opt into the native HTTP/1.1 transport with AmateRSClientOptions.transport = "http1" for browser/edge targets.

This is the foundation

AmateRS sits inside the COOLJAPAN ecosystem, and as of April 2026 that ecosystem is complete enough to lean on with confidence. Serialization runs through oxicode — Pure Rust, no bincode on the hot path — and compression is handled by OxiARC (LZ4 + DEFLATE), so AmateRS inherits the same C/Fortran-free discipline as the rest of the family rather than reinventing it. Everything stays a single static binary; everything stays sovereign.

Repository: https://github.com/cool-japan/amaters

Star the repo if you believe your data’s privacy should be a property of the architecture, not a clause in a terms-of-service agreement. 0.2.0 is the release where AmateRS stops being a promise and starts being a database — and the biggest changelog so far is just the floor.

— KitaSan at COOLJAPAN OÜ April 26, 2026