Legalis-RS 0.1.5 Released — 100% Pure Rust by Default: The Last C Dependency Is Gone

Sovereignty isn’t a feature flag anymore — as of 0.1.5, the default build of Legalis-RS is 100% Pure Rust, top to bottom.

Today we released Legalis-RS 0.1.5 — a hardening release in which the default build became 100% Pure Rust, a known RSA CVE was eliminated from the dependency graph, and every unwrap() was removed from production code.

No C. No Fortran. No vendored native blobs. No “just install Z3 first.” No bespoke SIer legal stack that only one vendor can maintain, and no manual-review bottleneck where the source of truth is a PDF in someone’s inbox. Even the part everyone forgets — PDF generation — is now Pure Rust: printpdf, which linked C and quietly pulled in a vulnerable RSA crate, is gone, replaced by the COOLJAPAN fop-render backend. Legalis-RS still compiles to a single static binary or to WASM, and it still treats statutes the way they deserve to be treated: Governance as Code, Justice as Narrative. The engine computes what is deterministic and refuses to pretend the rest is.

Why 0.1.5 matters

In legaltech, your toolchain is part of your compliance surface. When you are certifying a GDPR, APPI, or PDPL workflow, a transitive C dependency you never asked for and a crate with a known CVE are not implementation details — they are liabilities you have to explain to an auditor. “We don’t know what that native library does, but it’s in the binary that decides legal outcomes” is not an answer anyone wants to give.

So 0.1.5 closes that gap. The concrete wins:

• printpdf → fop-render: the last C dependency in the default build is gone; PDF output is now Pure Rust.
• An RSA CVE eliminated: removing printpdf removed the vulnerable RSA version it transitively pulled in.
• 100% Pure-Rust default: optional C/Fortran paths remain, but only behind explicit feature gates — never in the default graph.
• Zero unwrap() in production: no hidden panics anywhere in a legal pipeline.
• A workspace-wide maintainability pass: oversized source files split to under 2,000 lines each.
• 22 example READMEs: every example crate now documents its purpose, usage, and expected output.

This builds directly on the 0.1.4 universal-engine work — one generic engine driving 23 operational jurisdictions across Civil, Common, Islamic, and Supranational legal traditions. That baseline is now established; 0.1.5 is about making the foundation under it unimpeachable.

Technical Deep Dive: a Pure-Rust legal stack

A few grounded notes on what changed under the hood.

The output layer now runs on fop-render. legalis-viz generates PDFs through fop-render’s SimpleDocumentBuilder API. fop-render is the COOLJAPAN pure-Rust PDF backend, so there is no native PDF library to link, no C toolchain to provision in CI, and — crucially — no RSA crate riding along behind your report generator.

Formal verification still runs on Pure Rust SMT. legalis-verifier checks statutes for contradictions and unreachable conditions using OxiZ (oxiz-solver / oxiz-core, now at 0.2.0), the Pure Rust SMT solver. There is no Z3 to install, no Z3_SYS_* environment variables to set, and nothing native to ship. The solver is just another crate in the graph.

Compression is Pure Rust too. Where the toolchain needs deflate, it uses OxiARC (oxiarc-deflate) — no flate2, no zlib, no C.

Feature-gating keeps the optional native paths out by default. The advanced C/Fortran acceleration paths are still available for users who explicitly opt in, but they are gated. cargo build with default features pulls nothing native.

And because production code is now unwrap()-free, errors propagate the way they should in a legal system: through LegalResult and Result, not through a panic. That matters because of the core type. A LegalResult<T> is one of:

• Deterministic(T) — the statute resolves to a definite outcome,
• JudicialDiscretion { .. } — the law explicitly leaves room for a judge,
• Void { reason } — the rule does not apply, with the reason recorded.

“Not everything should be computable” is a design principle, and an unwrap-free pipeline is how you honor it: ambiguity is surfaced and carried, never crashed through.

Getting Started

Add the core crate:

cargo add legalis-core

Define a statute with a precondition:

use legalis_core::{Statute, Condition, Effect, EffectType, ComparisonOp};

let statute = Statute::new(
    "voting-rights",
    "Voting Rights Act",
    Effect::new(EffectType::Grant, "Right to vote in elections"),
)
.with_precondition(Condition::Age {
    operator: ComparisonOp::GreaterOrEqual,
    value: 18,
});

Verify a set of statutes for contradictions before you trust them:

use legalis_verifier::StatuteVerifier;

let verifier = StatuteVerifier::new();
let result = verifier.verify(&statutes);
if !result.passed {
    // inspect result.errors
}

Copy-paste it, point it at your own rules, and the engine tells you what is deterministic and what is not.

What’s New in 0.1.5

• PDF backend migrated from printpdf to fop-render — the last C dependency in the default build is gone; all PDF generation now uses fop-render’s SimpleDocumentBuilder.
• 100% Pure-Rust default — all remaining C/Fortran transitive dependencies removed from the default feature set; optional native paths stay feature-gated; workspace dependency declarations cleaned up so *.workspace = true is enforced throughout.
• RSA CVE eliminated — removing printpdf removed the vulnerable RSA version it pulled in; all transitive dependency vulnerabilities resolved as of 2026-04-20.
• All unwrap() removed from production code — replaced with expect(), ? propagation, or explicit match / if let; zero unwrap() remaining in non-test source.
• Workspace-wide file-size refactor — every oversized source file (notably across legalis-porting) split to under 2,000 lines; no oversized files remain anywhere in the workspace.
• 22 example READMEs — generated for all example crates, covering purpose, usage, expected output, and COOLJAPAN ecosystem context.

Tips

• Audit your own graph. Run cargo tree -e no-dev and confirm there is no C or Fortran in your default build. With Legalis-RS 0.1.5 there shouldn’t be — and now you can prove it to an auditor.
• Generate compliance reports anywhere. PDF export no longer needs native libraries; fop-render is Pure Rust, so you can produce reports inside a WASM sandbox or a scratch container with no system dependencies.
• Turn on formal verification cleanly. Build with cargo build --features smt-solver to enable OxiZ-backed checking. It’s Pure Rust — no Z3 install, no environment variables.
• Handle outcomes explicitly. Because production code is unwrap-free, treat LegalResult / Result as something you must match on. Don’t expect a panic to tell you a statute didn’t apply — read the Void { reason } instead.
• Pull only the jurisdictions you need. Add coverage incrementally, e.g. cargo add legalis-jp, rather than depending on everything at once.

This is the foundation

Here is how Legalis-RS sits in the COOLJAPAN ecosystem as of today:

• PDF / output on fop-render — Pure Rust.
• Formal verification on OxiZ — Pure Rust SMT.
• Compression on OxiARC (oxiarc-deflate) — Pure Rust.
• Japanese text processing on MeCrab — Pure Rust MeCab.

All Pure Rust. All COOLJAPAN. The point of 0.1.5 is that Legalis-RS’s sovereignty is no longer a slogan on a README — it is the dependency graph itself. Every box in that list is a crate you can read, audit, and ship without a native toolchain.

Repository: https://github.com/cool-japan/legalis

Star the repo if you believe legal infrastructure should be as auditable as the law it encodes.

Pure Rust legal DX is here — fast, safe, sovereign, and now C-free by default.

— KitaSan at COOLJAPAN OÜ April 21, 2026