Two runtimes. One control plane.
Chronicle splits enforcement from intelligence. The enforcement runtime runs where your decisions are made — on your infrastructure. The intelligence layer runs in shared cloud, aggregating signals across your estate.
Split-plane design
The critical enforcement path never leaves your environment. Intelligence aggregates separately, with full evidence sovereignty.
Customer Infrastructure
Chronicle Rust Runtime
:8300Enforcement, LLM gateway, tool gateway, HTTP sensor
Vault
:8200AppRole auth, Transit key wrap, secrets KV
PostgreSQL
:5433Local receipt ledger, Merkle anchors
Redis
:6379Event stream, session state, flush queue
MinIO
:9000Encrypted evidence object store
Shared Cloud (STOE-managed)
Chronicle Server (FastAPI)
:8080Decision ingest, tenant query API, auth middleware
Analytics Rollup Worker
5s cadence, computes approval rates, ML coverage, risk scores
Drift Worker
Hourly baseline comparison, behavioral deviation scoring
Alert Worker
Hourly policy breach surfacing, daily intelligence briefing
PostgreSQL (multi-tenant)
:5432RLS-enforced canonical tables per tenant
Events flow: Client Runtime → Redis stream → batch flush → Server API → ingest table → materializer → canonical tables → query API
The hot path — built for milliseconds.
Layered verdict engine
Four parallel verdict layers: rule engine, policy engine, structural checks, and out-of-distribution signals. Each layer produces a trace. The combiner selects the authoritative verdict and retains all rejected paths as negative lineage.
Fire-and-forget evidence
/enforce returns in milliseconds. Evidence encryption and event emission happen synchronously but inline. The heavy persistence path (Redis → Postgres) is async via the flusher worker — never on the critical path.
Session causality
Every request carries a session ID. The session store in Redis chains decision IDs, enabling a full decision DAG across agents and tool calls. You can trace multi-hop agent behavior from a single root action.
Identity binding
JWT extraction middleware (v1.2) validates tokens via JWKS, classifies actors as human / service / agent, and injects identity into enforcement context. Every decision knows who authorized it.
LLM gateway
Transparent OpenAI/Anthropic passthrough. Normalizes streaming SSE. Emits pre-call / post-call bookend events. Tracks token counts, latency, and model identity. Drop Chronicle in front of any LLM endpoint.
MCP tool gateway
Proxies MCP upstream tool calls. Enforces pre- and post-call policy on every tool invocation. Emits tool call attestation events. Works with any MCP-compatible tool server.
We hold encrypted blobs.
You hold the keys.
Chronicle generates a per-call data encryption key (DEK). Evidence is encrypted AES-256-GCM on the client side before the event is emitted. The DEK is wrapped using Vault Transit — only the wrapped key envelope travels to the server.
Without your Vault, no one can read your evidence — including us. Revoke your Vault keys and the data becomes permanently inaccessible. You own your entire decision history.
Decision made
Agent action triggers Chronicle enforcement endpoint
Evidence built
Request context, identity, verdict, and traces assembled
DEK generated
Per-call AES-256 data encryption key created client-side
Evidence encrypted
Evidence blob encrypted with DEK — never leaves unencrypted
Key wrapped
DEK wrapped via Vault Transit; key_envelope stored with event
Event emitted
Encrypted blob + key envelope sent to server — plaintext never exposed
Four levels of decision replay.
Chronicle doesn't just record what happened — it records what you need to reconstruct, verify, and challenge it.
Signal plane
liveIntent and outcome captured. Sufficient for compliance reporting and trend analysis.
Evidence replay
liveStored request replayed against stored rules. Verify the verdict was correct at the time of the decision.
Receipt verification
liveMerkle tree + inclusion proof. Cryptographically prove a decision record has not been altered since capture.
Deterministic replay
in progressBit-perfect input snapshots. Full environment reconstruction for forensic analysis of edge cases.
Counterfactual sim
roadmapPolicy variant testing. Answer 'what would have happened if the policy was different' for any historical decision.
Ready to see the architecture in action?
We walk through a live Chronicle deployment with every interested team.