GuardianDB
A high-performance, local-first decentralized P2P database for the modern web, built in Rust and powered by the Iroh protocol for secure, offline-friendly sync.
GuardianDB is a high-performance, local-first, peer-to-peer decentralized database built using the Rust programming language. Developed by William Maslonek, the project serves as an alternative to centralized database solutions, ensuring that every node maintains a full local replica. This architecture allows applications to function seamlessly without a central server or point of failure, enabling instant reads and writes even when the device is completely offline. Originally inspired by OrbitDB, GuardianDB has evolved to replace legacy IPFS and libp2p stacks with the more efficient Iroh P2P protocol, leveraging QUIC transport, BLAKE3 hashing, and the Willow protocol for range-based set reconciliation.
The database provides comprehensive functionality by offering multiple specialized storage engines within a unified framework. It manages synchronization, data integrity, and network communication entirely embedded within the host application. By utilizing Iroh, it handles complex networking tasks such as NAT traversal, hole punching, and roaming between different network types like Wi-Fi and 5G. The reactive async core, built on the Tokio runtime, integrates Iroh-Gossip to ensure that application state updates occur in real-time as data is received from the mesh network.
Some of the key features are:
- Local-First Architecture: Every participating node holds a complete replica, ensuring full offline functionality and sub-millisecond local reads and writes.
- Willow Protocol Sync: Employs 3-dimensional range-based set reconciliation to synchronize only missing bytes between peers rather than full logs, significantly reducing bandwidth requirements.
- Security-Focused Design: Utilizes Ed25519 identities for every peer, with all network traffic encrypted out-of-the-box via QUIC tunnels and capability tickets for fine-grained access control.
- Diverse Store Types: Offers flexible storage options including Document Stores for collaborative data, Event Log Stores for immutable causal audit trails, and high-performance Key-Value stores.
- Optional ODM Layer: Features an integrated Object Document Mapper layer with derive macros, schema support, and MongoDB-style querying capabilities to simplify application development.
- Advanced Networking: Leverages Iroh's Magicsock for seamless peer discovery and connectivity without requiring global DHTs or external server-side daemons.
- Memory-Safe Implementation: Written in pure Rust, the project ensures high performance and memory safety without the need for garbage collection or runtime overhead.
GuardianDB is operated as an embedded database library. Developers integrate it into their Rust applications via the crate, using a client-server local architecture where the database instance manages its own P2P endpoint. Configurations for discovery (mDNS, DNS, or static peer lists) can be tuned to suit specific deployment requirements, ranging from local LAN environments to global internet-spanning mesh networks. The system supports cryptographic namespace sharing, allowing developers to define read-only or read-write peers using capability tokens, effectively managing permissions within a decentralized trust model.
Some common use cases include:
- Local-First Productivity Tools: Building editors, note-taking apps, or project management software that remains fully functional without an internet connection.
- Real-Time Collaborative Apps: Powering whiteboards, shared document editors, and multiplayer gaming state using automatic CRDT-based conflict resolution.
- Decentralized Backend Services: Creating Web3 and decentralized applications that require user-owned data storage without relying on centralized cloud providers.
- Edge and IoT Networks: Connecting distributed devices on local networks to share state and synchronize sensor data directly without routing traffic through the cloud.
- Secure Auditing and Messaging: Implementing tamper-evident event logging or private, end-to-end encrypted messaging channels with causal ordering.