Chrysalis
Three-Layer Immutability
Sub-ms local hashing. Regional QBFT. 101-validator root chain.
Origin, Cocoons, and Chrysalis form the three-layer immutability architecture that makes every record written into the Parinita ecosystem cryptographically provable from the moment of creation through to permanent sovereign anchoring. Every consequential action across the fabric — twin actions, inference receipts, governance decisions, CRM events, identity assertions — is born attested.
Audit Trails Are Mutable and Trustless
Enterprise audit logs are mutable files controlled by the same organization being audited. A privileged insider can modify, delete, or backdate log entries. Compliance teams know this — regulators know this — and the resulting audit prep is adversarial rather than verifiable.
AI systems produce outputs with no cryptographic trace from prompt to answer. Which models were called? What data was retrieved? What decisions were made? The AI audit trail does not exist in any current production system.
-
Mutable Audit Logs
Enterprise audit logs are controlled by the audited organization. A privileged insider can modify, delete, or backdate entries. Compliance is adversarial, not verifiable.
-
No AI Audit Trail
AI systems produce outputs with no cryptographic trace. Which models were called? What data was retrieved? No current production system answers these questions with proof.
-
Single-Point Immutability Failure
S3 Object Lock, WORM storage, and similar approaches rely on single-vendor policy enforcement. A compromised admin can change retention settings.
Born attested. Three-layer proof. Post-quantum.
Chrysalis does not replace your logging infrastructure. It adds cryptographic proof that is independent of your organization's control — anchored on 101 geographically distributed validators, each requiring HSM-backed key custody.
The Verified Reasoning Chain is a Solidity smart-contract construct that records every model invocation, routing decision, retrieval, and synthesis step that produced an AI output — cryptographic trace from prompt to answer, independently verifiable.
-
Layer 1 — Origin
Sub-millisecond append-only NVMe log at every POP. SHA-256 hashing. Dual signatures: secp256k1 + ML-DSA-65 (FIPS 204), HSM-backed. The local log is the birth certificate.
-
Layer 2 — Cocoons
Six regional QBFT shard rings (5–7 validators each) batch Origin hashes into Merkle trees and reach consensus in under 200ms. Priority lane for sovereign workloads under 100ms.
-
Layer 3 — Chrysalis Root Chain
101-validator QBFT root chain on Hyperledger Besu. One validator per POP. 68-of-101 supermajority finality. HSM-backed at FIPS 140-3 Level 3.
-
Verified Reasoning Chain
Solidity smart-contract construct recording every model invocation, routing decision, retrieval, and synthesis step that produced an AI output — cryptographic trace from prompt to answer.
-
Post-Quantum from Day One
Dual-signature path on every block: classical secp256k1 for Ethereum compatibility plus ML-DSA-65 (CRYSTALS-Dilithium, FIPS 204). No migration when the ecosystem moves.
-
101-LLC Legal Stamp
One Delaware LLC per POP jurisdiction-stamps every receipt — every Chrysalis record is legally defensible at the originating POP.
-
Tier-Based Priority Lanes
Tier 4 enterprise/sovereign workloads ride a priority lane under 100ms. Tier 1 standard volume under 1 second. Governance decisions and identity assertions bypass Cocoons and write directly to root.
-
Universal Platform Substrate
Every Parinita product writes to Chrysalis: Enclave writes, Flow tool calls, Almanac consultations, Conduit traversals, Atma actions, Chorus delegations, Pulse stage outputs.
-
Independent Verifiability
Any party with the public key can verify any Chrysalis receipt. No trust in Parinita required — the chain is independently auditable on any Ethereum-standard verifier.
Three Layers
Layer 1 — Origin: sub-millisecond append-only NVMe log at every POP with SHA-256 hashing and dual signatures (secp256k1 + post-quantum ML-DSA-65, HSM-backed). The local log is the birth certificate. Layer 2 — Cocoons: six regional QBFT shard rings batch Origin hashes into Merkle trees and reach consensus in under 200ms. Layer 3 — Chrysalis: 101-validator QBFT root chain on Hyperledger Besu, one validator per POP, 68-of-101 supermajority finality.
To alter a record post-anchoring, an adversary would need to simultaneously alter the append-only NVMe log, compromise the regional Cocoon ring, and compromise 68 of 101 geographically distributed HSM-protected Chrysalis validators — a combination not viable under any realistic threat model.
Origin. Cocoons. Chrysalis. Three layers. Milliseconds.
When any record is written, Origin hashes it immediately on the originating POP's Plane 5 NVMe, generates two HSM signatures, and publishes the hash on the regional NATS JetStream subject. Sub-millisecond. The API response is not delayed — the local log is the proof of birth.
- 01Record WrittenAny consequential action across the Parinita fabric triggers an Origin hash.
- 02Origin HashingPlane 5 NVMe append-only log. SHA-256 hash generated. Dual HSM signatures applied (secp256k1 + ML-DSA-65). Published to regional NATS JetStream subject. Sub-millisecond.
- 03Cocoon BatchingRegional Cocoon ring batches Origin hashes (every 25–50 records or every 20–30 seconds). Merkle tree constructed.
- 04Cocoon ConsensusQBFT consensus on Merkle root among 5–7 regional validators. Under 200ms. Priority lane under 100ms for sovereign workloads.
- 05Root Chain FinalizationChrysalis root chain finalizes Cocoon checkpoints with 68-of-101 supermajority. Every block carries secp256k1 + ML-DSA-65 signatures.
- 06101-LLC StampOne Delaware LLC per POP jurisdiction-stamps the Chrysalis record — legally defensible at the originating POP.
- 07Receipt IssuedChrysalis receipt returned to calling product: block_height, timestamp_ns, pop_id, validator_signatures, Merkle proof.
- 08Independent VerificationAny party can verify the receipt on any Ethereum-standard verifier using the public key. No trust in Parinita required.
import chrysalis
client = chrysalis.Client(pop_id='nyc-01', hsm_key='fips-hsm-01')
receipt = client.anchor(record={'action': 'inference_call', 'model': 'claude-opus', 'input_hash': sha256(prompt), 'output_hash': sha256(response)})
print(receipt.block_height, receipt.validator_signatures, receipt.merkle_proof) Proven at scale. Not in a lab.
Parinita AI Edge is the production deployment of the Parinita platform and the largest heterogeneous AI infrastructure deployment in the United States.
Parinita AI Edge
The most complex heterogeneous AI infrastructure in the United States. 101 sites, 9 planes, 12,000+ nodes, 4 accelerator vendors, dual network fabrics, four-layer tenant isolation — all through a single sovereign control plane.
Network & Security Infrastructure
- Multi-vendor acceleratorsFour accelerator vendors — Intel Habana, NVIDIA, AMD, Qualcomm — orchestrated through one control plane with unified scheduling, monitoring, and lifecycle management.
- Dual-fabric networkingCisco production fabric and Arista GPU backend fabric operating as a coordinated system, bridged by identity-aware routing.
- Nationwide scale101 sites across 42 U.S. states, each operating autonomously with a local control agent and a sovereign cross-site routing plane.
- Multi-tenant isolationFour-layer defense-in-depth: VXLAN VNIs, identity-routing, Palo Alto firewalls, and Cilium eBPF — validated across every plane and site.
- Compliance readinessFIPS 140-2 at launch, with FedRAMP Moderate, CJIS, and IL4/IL5 certification paths active through Parinita compliance profiles.
- Sub-millisecond routingEvery request classified and dispatched in under 1ms, enabling real-time SLA enforcement without perceptible overhead.
Built for compliance that cannot be audited away.
Chrysalis does not ask you to change your compliance infrastructure. It adds cryptographic proof beneath it — independent of your organization's control, verifiable by any party with the public key.
Every Parinita product writes to Chrysalis. Sovereign Parinita, Enclave, Flow, Pulse, Almanac, Crucible, Atma, Chorus, and Conduit all produce Chrysalis-anchored records. One substrate, all products.
-
AI Audit and Compliance
Every Parinita product writes to Chrysalis. Verified Reasoning Chain records model invocations, routing decisions, retrievals, and synthesis steps — cryptographic trace from prompt to answer.
-
Regulated Data Immutability
HIPAA, ITAR, SOX, and FedRAMP workloads requiring cryptographic proof of data integrity independent of the organization's control.
-
Cyber-Insurance and Ransomware Defense
Proving backup and data integrity for cyber-insurance compliance. Chrysalis attestation is independent of admin credentials — a compromised insider cannot alter the record.
-
Legal and Regulatory Evidence
Court-admissible cryptographic evidence for regulatory enforcement, e-discovery, and audit. Every Chrysalis receipt is independently verifiable by any party.
-
Post-Quantum Future-Proofing
Dual-signature path ensures the chain is verifiable on Ethereum-standard verifiers today and proof-anchored for the post-quantum transition — no migration required.
Integration Models
Chrysalis is the underlying substrate for every Parinita product — integration is automatic. Standalone Chrysalis anchoring for external systems is available via the Origin API.
Automatic Chrysalis anchoring — every Parinita product writes to Chrysalis with no configuration required | Best for: Parinita platform users
Direct Origin API for anchoring external system events on Chrysalis — SHA-256 hash submission, receipt returned | Best for: Organizations anchoring non-Parinita events
Custom Chrysalis integration for regulated enterprise workflows — dedicated validator participation, custom 101-LLC jurisdictional entities | Best for: Regulated enterprises requiring sovereign anchoring
Request a Demo
Our engineering team has deployed Chrysalis across 101 sites as the immutability substrate for the entire Parinita platform. We bring that operational experience to every deployment conversation.