Legalis-RS 0.1.6 Released — GPU-Accelerated Legal Simulation, Quantum-Safe Audit, and a C-Free Storage Layer

Population-scale legal simulation just got a GPU, the audit trail just went post-quantum, and the storage layer just dropped its last line of C.

Today we released Legalis-RS 0.1.6 — bringing real NVIDIA CUDA GPU acceleration to population-scale legal simulation, a hardened security/governance/compliance API layer with an autonomous, post-quantum-safe audit subsystem, legal analytics, French civil and company law, and a fully C/C++-free storage backend by migrating off rusqlite to OxiSQL.

No C. No Fortran. No bespoke SIer black boxes. No spreadsheets passed between law firms and consultants. No manual review marathons where the statute lives only in someone’s head. Legalis-RS is the law itself — parsed, typed, reasoned about, and simulated — in pure Rust. And as of 0.1.6 the storage layer is C-free too: the SQLite backend that legalis-audit relied on has moved from rusqlite (which links the C libsqlite3) to the Pure-Rust Limbo backend exposed through OxiSQL’s oxisql-sqlite-compat. The one nuance worth stating plainly: the only C left anywhere in the tree is the optional, feature-gated CUDA path for GPU acceleration — turn it off (the default) and the build is 100% Pure Rust, compiling to a single static binary or to WASM. Governance as Code, Justice as Narrative.

Why Legalis-RS 0.1.6 is a game changer

The incumbent pain is concrete. Population-scale legal and economic simulation — “if we change this eligibility threshold, who gains a right and who loses one, across every entity in the dataset?” — is slow on a CPU, so it gets run rarely, late, and on toy samples. Compliance audit trails are bolt-on afterthoughts: a log file someone hopes nobody tampered with, with no cryptographic chain and no mapping to the standards an auditor actually asks about. And the storage that holds all of it quietly drags a C dependency into your otherwise-clean Rust binary.

0.1.6 attacks all three:

• GPU-accelerated population simulation. legalis-sim’s new GpuExecutor::evaluate_population_threshold() runs a weighted-sum threshold evaluation across an entire entity population on the GPU, and falls back to the CPU transparently when no device is present — same binary, same results, on a laptop or a CUDA box.
• A real security/governance API layer. legalis-api now ships statistical multi-signal abuse detection, API key generation/rotation/revocation, regulatory reporting, security headers (CSP, HSTS), intelligent rate limiting, IP whitelisting, and audit_export to JSON/NDJSON/CSV for compliance archival and SIEM ingestion.
• Autonomous, post-quantum-safe audit. legalis-audit gains post-quantum hash chains (pq_hash), quantum-safe signatures, SHA-256 tamper-proof chaining, real-time compliance monitoring with automated remediation, and cross-jurisdiction federation that maps to ISO 27001, SOC 2, and GDPR.
• Legal analytics. legalis-llm adds risk heatmaps, jurisdiction comparison, outcome pattern analysis, and trend detection (Mann–Kendall test, change-point detection) so you can see drift before it becomes a headline.
• French civil and company law. A new jurisdictions/fr statute set covers Code Civil good-faith (Art. 1104) and force majeure (Art. 1218), plus SA/SARL company articles.
• C-free storage. Default storage backends no longer link libsqlite3 — it’s OxiSQL all the way down.

These hardening features land where they matter. OxigenAI — the GovTech system rebuilding Japan Digital Agency’s “GenAI” legal AI, which first shipped last month (2026-05-07) and is the first production system built on Legalis-RS — runs on this engine. When the engine underneath gets a tamper-evident audit chain and a governed API surface, the production system on top inherits it.

Technical Deep Dive: the four layers

Legalis-RS is a workspace of focused crates. 0.1.6 deepens four layers, while the keystone never moves: every evaluation resolves to a LegalResult<T> — Deterministic(T) when the law computes cleanly, JudicialDiscretion { .. } when it genuinely requires human judgment, and Void { reason } when it does not apply. Not everything should be computable, and the type system says so out loud.

Simulation Layer — legalis-sim. The new GpuExecutor is backed by cudarc = "0.19" (CUDA 12.x) behind an optional cuda feature with default-features = false. At startup a condition-evaluation CUDA kernel is NVRTC-compiled at runtime, with libcuda/libnvrtc loaded dynamically — so the crate still builds on a host without the CUDA toolkit. GpuExecutor::is_gpu_active() returns true only when a real GPU context is live; evaluate_population_threshold() does the heavy lifting across the population using a ThresholdOp (Equal / NotEqual / GreaterThan / GreaterOrEqual / LessThan / LessOrEqual). The GPU and CPU paths are guaranteed to return identical results — the GPU is an accelerator, never a different answer.

Infrastructure / Governance Layer — legalis-api + legalis-audit. On the API side: AbuseDetector watches request burstiness, error ratio, and endpoint scanning; key_rotation, security_headers, intelligent_rate_limit, ip_whitelist, and cursor-based pagination harden the surface; consent, data_classification, governance_routes, regulatory_reporting, and usage_policy cover the policy side; streaming (SSE/chunked) and a GraphQL dataloader round it out. On the audit side: autonomous (attestation, monitoring, predictive compliance, remediation), federation (standards mapping), insights (anomaly detection, root-cause analysis), quantum (post-quantum hash chains, quantum-safe signatures, randomness beacons, hybrid protocols), scale (tiered storage, query-acceleration index, LRU cache), and tenant (multi-tenant analytics, data isolation, retention). legalis-chain adds an autonomous smart-chain layer with a cost optimizer and self-healing invariant enforcement.

Intelligence Layer — legalis-llm + legalis-verifier. The new analytics module gives you RiskHeatmap, JurisdictionComparator, PatternAnalyzer, a ReportBuilder, and trend detection (Mann–Kendall, change-point detection, exponential moving average). Formal verification continues to run on OxiZ (oxiz-solver / oxiz-core 0.2.2) — a Pure-Rust SMT solver, no Z3.

Storage / Output Layer. legalis-audit now persists through the OxiSQL Limbo backend (Pure-Rust SQLite-compatible). PDF output goes through fop-render (0.1.2), compression through oxiarc-deflate (0.3.3), and Japanese-text anonymization through MeCrab (0.2.0, Pure-Rust MeCab) with quick-xml handling French XML statute parsing.

Getting Started

Add the core library:

cargo add legalis-core

Define a statute the way you’d read it — preconditions in, typed effects out:

use legalis_core::{Statute, Condition, Effect, EffectType, ComparisonOp};

let statute = Statute::new(
    "voting-rights",
    "Voting Rights Act",
    Effect::new(EffectType::Grant, "Right to vote in elections"),
)
.with_precondition(Condition::Age {
    operator: ComparisonOp::GreaterOrEqual,
    value: 18,
});

To run population-scale simulation on the GPU, build legalis-sim with the optional cuda feature:

cargo add legalis-sim --features cuda   # optional GPU acceleration; CPU fallback otherwise

With that feature enabled, GpuExecutor::is_gpu_active() reports whether a real GPU context came up at runtime, and GpuExecutor::evaluate_population_threshold(...) runs a GPU-accelerated weighted-sum threshold across the whole entity population — comparing each entity’s aggregate against a cutoff using a ThresholdOp. If there’s no CUDA device, the very same call quietly evaluates on the CPU and returns the identical result, so you can ship one binary and let the hardware decide. (Reach for the variant that matches your data — describe the population, weights, and threshold; the executor handles where it runs.)

What’s New in 0.1.6

• GPU-accelerated legal simulation — legalis-sim GpuExecutor with real NVIDIA CUDA via cudarc = "0.19" (NVRTC runtime kernel compilation), evaluate_population_threshold() across the full population, ThresholdOp comparators, and transparent CPU fallback. Crates still build without the CUDA toolkit.
• Security / governance API layer — legalis-api abuse detection, key rotation, regulatory reporting, security headers, intelligent rate limiting, IP whitelisting, consent and data-classification policies, cursor pagination, SSE streaming, GraphQL DataLoader, and audit_export to JSON/NDJSON/CSV.
• Autonomous + post-quantum-safe audit — legalis-audit pq_hash chains, quantum-safe signatures, SHA-256 tamper-proof chaining, real-time monitoring with automated remediation, federation mapping to ISO 27001 / SOC 2 / GDPR, tiered scale storage, and multi-tenant isolation.
• Legal analytics — legalis-llm risk heatmaps, jurisdiction comparison, pattern analysis, and Mann–Kendall trend detection.
• French civil & company law — jurisdictions/fr covering Code Civil Art. 1104 / 1218 and SA/SARL company articles, with DSL export of the full French statute library.
• C-free storage via OxiSQL — SQLite backend migrated from rusqlite (C-linked libsqlite3) to oxisql-sqlite-compat (Pure-Rust Limbo backend); the default feature set is now C/C++-free for all storage backends.
• Dependency bumps — oxiarc-deflate 0.3.3, fop-render 0.1.2, oxiz-solver/oxiz-core 0.2.2, oxiarc 0.3.2, MeCrab 0.2.0; async-graphql dataloader enabled; quick-xml = "0.37" and optional cudarc = "0.19" added.

Tips

• Enable GPU, but trust the fallback. Build with --features cuda for acceleration, and rely on the automatic CPU fallback so the same binary runs unchanged on machines without a GPU. Verify the runtime state with GpuExecutor::is_gpu_active() before you assume the kernel is live.
• Wire audit logs into your SIEM. Use audit_export to emit NDJSON or CSV from the audit subsystem and stream it straight into your SIEM pipeline for compliance archival.
• Harden a public legal API in three switches. Turn on key_rotation, security_headers, and intelligent_rate_limit together to get rotating keys, CSP/HSTS, and adaptive throttling before you expose an endpoint to the world.
• Watch for drift. Run RiskHeatmap and Mann–Kendall trend detection over your outcome history to catch shifts in JudicialDiscretion rates or risk concentration before they surprise you.
• No libsqlite3 to install. The default storage backend is now Pure-Rust (OxiSQL), so there’s nothing to apt-get and nothing to link — cargo build just works.
• Prove correctness with no Z3. Build formal verification with OxiZ via --features smt-solver — the SMT solver is Pure Rust, so there’s no native solver to bring along.

This is the foundation

As of 2026-06-16, the COOLJAPAN ecosystem under Legalis-RS is Pure Rust top to bottom: storage on OxiSQL, verification on OxiZ, PDF output on fop-render, compression on OxiARC, and Japanese text on MeCrab — with optional GPU acceleration via the standard cudarc crate, cleanly feature-gated so the default build stays 100% Pure Rust. Downstream, OxigenAI — the GovTech system rebuilding Japan Digital Agency’s “GenAI” legal AI — is the flagship consumer built on this engine.

18,398 tests passing. 23 operational jurisdictions. MSRV Rust 1.86, Edition 2024, Apache-2.0.

Repository: https://github.com/cool-japan/legalis

Star the repo if you believe the law should be fast, auditable, and sovereign — not locked inside a vendor’s black box. Pure Rust legal DX is here — fast, safe, sovereign, and now GPU-accelerated.

— KitaSan at COOLJAPAN OÜ June 16, 2026