Standards Compliance & Certification

Standards compliance ensures portability, interoperability, and predictable behavior across database implementations. Geode’s commitment to standards-based development, particularly the ISO/IEC 39075:2024 Graph Query Language (GQL) standard, provides enterprise users with confidence that their graph applications will be maintainable, portable, and future-proof.

As an enterprise-ready graph database, Geode doesn’t just implement standards—it validates compliance through rigorous testing, maintains comprehensive documentation, and participates in standards development to ensure the graph database ecosystem evolves in the right direction.

ISO/IEC 39075:2024 GQL Standard Share link

What is GQL?

The Graph Query Language (GQL) is the international standard for querying property graphs, ratified by ISO/IEC in 2024. GQL provides a declarative, SQL-inspired syntax specifically designed for graph data, enabling pattern matching, path finding, and graph analytics with a consistent, portable query language.

Geode’s GQL Conformance:

• 100% compliance: Documented scope and diagnostics (see conformance profile)
• Deterministic Ordering & Pagination: ORDER BY + LIMIT/OFFSET policies
• Standard Error Codes: ISO GQL status codes and handling

GQL Features Implemented:

-- Pattern matching
MATCH (u:User)-[:FOLLOWS]->(f:User)
RETURN u.name, f.name;

-- Path patterns
MATCH path = (a:Person)-[:KNOWS*1..3]->(b:Person)
WHERE a.name = 'Alice'
RETURN path;

-- Graph pattern composition
MATCH (u:User)
OPTIONAL MATCH (u)-[:POSTED]->(p:Post)
RETURN u.name, COUNT(p) AS post_count;

-- Aggregations
MATCH (u:User)-[:PURCHASED]->(p:Product)
RETURN p.category, SUM(p.price) AS total_revenue
GROUP BY p.category;

-- Graph construction
INSERT (u:User {name: 'Alice', email: 'alice@example.com'});

-- Graph modification
MATCH (u:User {name: 'Alice'})
SET u.verified = true;

-- Graph deletion
MATCH (u:User {inactive: true})
DELETE u;

Conformance Profile Validation:

# Run ISO compliance test suite
cd geode-test-harness
make test-gql-compliance

# Results: see conformance profile (100%)
# - Pattern matching: 15/15
# - Path expressions: 10/10
# - Aggregations: 8/8
# - Graph updates: 12/12
# - Subqueries: 8/8
# - Functions: 17/17

ACID Transaction Compliance Share link

Geode provides full ACID (Atomicity, Consistency, Isolation, Durability) transaction support:

Atomicity:

• All operations in a transaction commit or rollback as a unit
• No partial updates visible to other transactions
• Savepoint support for partial rollback

BEGIN TRANSACTION;
  MATCH (account:Account {id: 'A'})
  SET account.balance = account.balance - 100;

  MATCH (account:Account {id: 'B'})
  SET account.balance = account.balance + 100;
COMMIT;  -- Both updates succeed or both fail

Consistency:

• Constraints enforced transactionally
• Referential integrity maintained
• Schema validation applied

-- Unique constraint enforced
CREATE CONSTRAINT unique_email ON :User ASSERT UNIQUE(email);

-- Violation causes rollback
BEGIN TRANSACTION;
  INSERT (u:User {email: 'alice@example.com'});
  INSERT (v:User {email: 'alice@example.com'});  -- Error: constraint violation
ROLLBACK;

Isolation:

• Snapshot isolation (default)
• Serializable isolation available
• No dirty reads, non-repeatable reads, or phantom reads

-- Transaction sees consistent snapshot
BEGIN TRANSACTION ISOLATION LEVEL SERIALIZABLE;
  MATCH (u:User {id: 1}) RETURN u.balance;  -- Reads 100
  -- Another transaction updates balance to 200
  MATCH (u:User {id: 1}) RETURN u.balance;  -- Still reads 100
COMMIT;

Durability:

• Write-ahead logging (WAL)
• Fsync before commit acknowledgment
• Crash recovery with transaction replay

SQL:2023 Compatibility Share link

While Geode implements GQL (not SQL), it maintains conceptual compatibility with SQL:2023 where appropriate:

Shared Concepts:

• SELECT/MATCH semantics
• WHERE clause filtering
• GROUP BY aggregations
• ORDER BY sorting
• JOIN-like pattern matching
• Subquery expressions

Differences from SQL:

• Graph patterns instead of table joins
• Path expressions instead of foreign keys
• Label-based typing instead of table schemas
• Property graphs instead of relational tuples

Security Standards Share link

TLS 1.3:

• All connections require TLS 1.3
• No downgrade to earlier TLS versions
• Perfect forward secrecy (PFS)
• Strong cipher suites only

Authentication Standards:

• SCRAM-SHA-256 (default)
• PKI certificate-based authentication
• OAuth 2.0 / OpenID Connect integration
• LDAP/Active Directory support

Encryption Standards:

• AES-256-GCM for data at rest
• ChaCha20-Poly1305 for transport
• Argon2id for password hashing
• PBKDF2 for key derivation

Compliance Certifications:

• SOC 2 Type II (planned)
• ISO 27001 (planned)
• GDPR compliant data handling
• HIPAA-eligible deployment configurations

Protocol Standards Share link

QUIC Protocol (RFC 9000):

• HTTP/3 compatible transport
• Multiplexed streams
• Connection migration support
• Built-in encryption (TLS 1.3)

JSON (RFC 8259):

• Standard JSON encoding for wire protocol
• UTF-8 character encoding
• Numeric precision preservation
• Null value handling

URI/URL Standards (RFC 3986):

• Standard connection strings
• Query parameter encoding
• Fragment identifier support

quic://username:password@host:3141?param=value

Data Type Standards Share link

ISO 8601 Date/Time:

-- Standard date formats
INSERT (e:Event {
  date: DATE '2024-01-24',
  time: TIME '10:30:00',
  timestamp: TIMESTAMP '2024-01-24T10:30:00Z',
  duration: DURATION 'PT2H30M'
});

IEEE 754 Floating Point:

• Double-precision (64-bit) floats
• Proper infinity and NaN handling
• Consistent rounding behavior

Unicode UTF-8:

• Full Unicode 15.0 support
• Normalization forms (NFC, NFD, NFKC, NFKD)
• Locale-aware collation

Observability Standards Share link

OpenTelemetry:

• Distributed tracing support
• Metrics export
• Structured logging
• Context propagation

Prometheus Metrics:

# Standard metrics endpoint
curl http://localhost:3141/metrics

# Sample metrics
geode_queries_total{status="success"} 12345
geode_query_duration_seconds{quantile="0.95"} 0.042
geode_connections_active 45

Structured Logging (JSON):

{
  "timestamp": "2024-01-24T10:30:00Z",
  "level": "INFO",
  "message": "Query executed",
  "query_id": "q-12345",
  "duration_ms": 42,
  "rows_returned": 100
}

API Standards Share link

RESTful HTTP API:

• Standard HTTP methods (GET, POST, PUT, DELETE)
• Proper HTTP status codes
• Content negotiation
• CORS support

GraphQL API (planned):

• GraphQL schema
• Introspection support
• Subscription support

Documentation Standards Share link

OpenAPI/Swagger:

• API documentation in OpenAPI 3.1 format
• Interactive API explorer
• Client code generation support

Markdown Documentation:

• CommonMark specification
• GitHub-flavored markdown
• Semantic HTML5 output

Testing Standards Share link

Test Coverage:

• 97.4% code coverage (1644/1688 tests)
• Statement coverage
• Branch coverage
• Integration test coverage

Test Categories:

• Unit tests (isolated component testing)
• Integration tests (cross-component validation)
• Compliance tests (ISO/IEC 39075:2024)
• Performance tests (benchmarking)
• Security tests (vulnerability scanning)
• Fuzz tests (edge case discovery)

Evidence-Based Development Share link

Geode uses CANARY markers for governance tracking:

// CANARY: REQ=REQ-XXX; FEATURE="GQLCompliance"; ASPECT=PatternMatching; STATUS=TESTED; TEST=TestPatternMatching; OWNER=parser; UPDATED=2026-01-24
// Evidence: TestPatternMatching validates ISO/IEC 39075:2024 §7.2

Current Governance Statistics:

• 1,735 CANARY markers tracking 2,190+ requirements
• 100% traceability from requirements to implementation
• Automated validation of evidence linkage

Interoperability Standards Share link

Data Exchange Formats:

• GraphML (XML-based graph format)
• JSON-LD (Linked Data)
• RDF triples (via export)
• CSV (nodes and relationships)

Client Libraries:

• Go: database/sql driver interface
• Python: PEP 249 DB-API 2.0 compatible
• Rust: Standard async traits
• Zig: Standard library integration

Version Compatibility Standards Share link

Semantic Versioning:

• MAJOR.MINOR.PATCH versioning
• Backward compatibility within major versions
• Clear deprecation policies
• Migration guides for breaking changes

Protocol Versioning:

• Protocol version negotiation
• Backward-compatible protocol changes
• Feature detection and capability negotiation

Best Practices for Standards Compliance Share link

1. Use Standard GQL Syntax: Avoid vendor-specific extensions when possible
2. Follow Naming Conventions: Use standard identifier naming (snake_case, camelCase)
3. Validate Input: Use standard data types and constraints
4. Test Against Standards: Run compliance tests before deployment
5. Document Deviations: Clearly document any non-standard behavior
6. Stay Updated: Track standard updates and new versions

Compliance Verification Share link

Self-Assessment:

# Run compliance verification
geode compliance check

# Generate compliance report
geode compliance report --output compliance.html

Third-Party Audits:

• Annual ISO compliance audits
• Security penetration testing
• Performance benchmarking
• Code quality analysis

Related Topics Share link

• ISO/IEC 39075:2024 GQL Standard
• ACID Transaction Guarantees
• Security and Authentication
• Data Types and Type System
• Protocol Specifications
• Testing and Validation
• API Documentation

Further Reading Share link

• ISO/IEC 39075:2024 GQL Specification
• ACID Transaction Theory
• TLS 1.3 RFC 8446
• QUIC RFC 9000
• OpenTelemetry Specification
• Semantic Versioning 2.0.0
• Geode Compliance Documentation