This chapter is the map for the entire book. We'll survey the five crates that make up Quipu-Log, and — more importantly — show in a single table how concepts a database gives you for free appear in their file-based forms. Get that table into your head and the chapters that follow will read much faster.
Quipu-Log recreates WAL, indexes, locking, MVCC, and partition deletion on top of plain files — no database required. Once you understand the DB concept → file implementation mapping, every design decision in this library makes sense.
Five crates at a glance
Quipu-Log is not a single monolithic crate. It's split into five crates by responsibility. Let's see what each one does.
| Crate | Role | Key types |
|---|---|---|
quipu-core | Synchronous storage engine — segment files, registry, encryption, retention, queries, Merkle tree | AuditStore, StoreConfig, Table<T> |
quipu-middleware | Async pipeline — non-blocking emit, DLQ, filters, RBAC, tower layer, shard router | AuditPipeline, AuditHandle, AuditLayer |
quipu-server | Standalone daemon — token-authenticated HTTP/JSON API, write-only mode | HTTP handlers, config file |
quipu-client | Server-mode reference client — retry, exponential backoff, disk spool | QuipuClient, Backoff, Spool |
quipu-mcp | LLM auditor — LLM calls query/history/verify via the MCP protocol | MCP tool handlers |
Embedded mode vs. server mode
There are two main ways to use Quipu-Log.
Embedded mode: add quipu-core + quipu-middleware to your Rust service as a library. The audit store runs inside the service's own process. No separate daemon, no network, no database. This is the simplest choice when a single Rust service needs audit logging.
Server mode: run quipu-server as a standalone process and have multiple services (any language) write to it over the HTTP/JSON API. Choose this when you want to consolidate audit records from multiple services in one place, or when you're writing services in languages other than Rust.
Relational databases offer an analogous split: SQLite (embedded) runs inside the process, while PostgreSQL (server) runs as a separate process. Quipu-Log offers the same choice — except the underlying storage engine is built directly on files, not a database engine.
The book's backbone: DB ↔ Filesystem correspondence table
Here is the heart of this chapter. If you've worked with databases you already know these concepts: WAL, indexes, lock manager, MVCC, partition deletion, checksums. Quipu-Log implements all of them directly on files, without a database engine. Let's see the full mapping in one shot.
| DB concept | Quipu-Log file implementation | Covered in |
|---|---|---|
| WAL (Write-Ahead Log) Sequential file that records transaction intent first |
Append-only segment files The WAL is the database. No B-tree body. |
Ch. 7 |
| Data files / tablespace The set of files that hold table data |
A bundle of segment files (Table<T>)seg-0000000000.log, seg-0000000001.log… |
Ch. 8 |
| Page checksum / torn-page detection Detecting disk bit errors and partial writes |
Per-frame CRC32[len][crc32][ts][payload] — on every record |
Ch. 9 |
| Lock manager Preventing concurrent-write conflicts |
OS file lock (File::try_lock)A LOCK file in the root directory — a second process trying to open the store gets an immediate error |
Ch. 13 |
| MVCC (Multi-Version Concurrency Control) Letting reads and writes proceed without blocking each other |
Read snapshots (ReadSnapshot)Clone the in-memory index — immutable segments + index copy |
Ch. 14 |
| B-tree secondary index Fast lookups on a specific column |
In-memory registry index + disk tokens Rebuilt on restart; blind index for searching encrypted fields |
Ch. 15 Ch. 26 |
| Partition deletion (partition drop) Deleting a whole old partition as a single file |
Segment unlinkDelete a sealed segment file wholesale — O(1), no row-level rewrite |
Ch. 17 |
| WAL replay / crash recovery Replaying the log after a power failure to recover |
Segment skim + tail truncate Valid up to the first CRC failure; everything after is trimmed. Redo-only. |
Ch. 12 |
Once this table clicks, later chapters read as "oh, X from DB world is implemented as Y on files." Come back to it whenever something doesn't make sense.
Store layout: the actual file structure
Opening a Quipu-Log store creates the following structure under the root directory.
crates/quipu-core/src/store.rs — AuditStore layout commentroot/
meta/ type schemas + custom column registry (replayed on open)
logs/ AuditLog rows
relations/ log -> target-entity-version relations
registry/<t>/ one versioned registry table per entity/actor type
access/ meta-audit (opt-in)
LOCK advisory OS lock file
Each directory corresponds to one Table<T> — that is, a single append-only log made up of multiple segment files. In database terms, this is like one table stored in a tablespace (a set of files). Format versioning and more are covered in Ch. 18.
In a DB, the data dictionary (system catalog) manages table and column information. In Quipu-Log, the meta/ directory plays that role — type schema definitions are recorded append-only and replayed in order on restart. It's the same principle as a DB's DDL log.
① Describe the difference in roles between quipu-core and quipu-middleware in one sentence each.
② How is a DB "partition drop" implemented in Quipu-Log? Why is it more efficient than a row-level DELETE + vacuum?
③ What problem do DB MVCC and Quipu-Log read snapshots both solve?