Chrysalis

The Zero-Trust Agentic Registry

We trusted AI too fast. Chrysalis fixes that — with no platform to connect to, and Baur Software never in your trust chain.

A live, searchable ledger of the registry's own operation — operational metadata only; no principal data leaves the node.
A live, searchable ledger of the registry's own operation — operational metadata only; no principal data leaves the node.

We trusted AI too fast

The rush to give agents access to codebases created an immediate blast radius. AI didn't just introduce new threats — it amplified the mistrust already present in businesses. The window between a vulnerability being announced and exploited has shrunk to almost nothing. Meanwhile, getting developers to adopt security best practices is still a losing battle, because it feels like extra steps.

So when your engineering team asks to deploy AI agents on sensitive code or regulated data, security has to say no. You can't prove where the data went, and you can't prove what the agent was actually allowed to do.

Chrysalis fixes this. It is a zero-trust agentic registry. But more importantly: we do not have a platform. There is no SaaS to connect to, and Baur Software is never in your trust chain.

Zero trust for everywhere.

What is zero trust? →

The problem with gateways

Most companies try to solve this by putting a gateway in front of the LLM provider. But a gateway only enforces rules at the provider boundary. It cannot see or control what the agent is actually doing on your host machine. It is a proxy, not an enforcement engine.

Chrysalis provides request-layer authority for the agentic age. We enforce security where it actually matters: at the execution boundary.

Here is how we do it differently

1

You own the trust chain

We don't host anything for you. Chrysalis is distributed as a fat binary. You run it on your own machines, and you host your own central registry that those nodes connect to. You build your own federated networks. Because there is no vendor SaaS, Baur Software is not in the blast radius. If we disappear tomorrow, your security posture doesn't change.

Peer registries you connect to on your own federated network. You host the central registry; the nodes connect to you.
Peer registries you connect to on your own federated network. You host the central registry; the nodes connect to you.
An agent asked to read a .env file gets a licensing check instead — the request never crossed the perimeter. Nothing left the building.
An agent asked to read a .env file gets a licensing check instead — the request never crossed the perimeter. Nothing left the building.
2

Bilateral caching

If you want to prove data never left the building, the architecture has to make egress impossible. Chrysalis caches bilaterally on the client and the server. Using a proprietary algorithm based on ordinal combinatorial unions, we keep those cache states perfectly synced without ever transmitting the raw source code across the wire.

3

You pay for changes, not context

Providers bill per input token, and every call re-tokenizes the context you send — re-uploading your codebase on each request is where spend balloons. Because the client and server already share a synced cache, each request carries only the delta. Unchanged context is billed at the provider's cached-input rate — a fraction of full price — or omitted entirely. You pay for what changed, not for your whole repo on every single call.

4

Deterministic agents

For pure retrieval tasks like code-search or codegen, you shouldn't be calling an LLM at all. Chrysalis uses deterministic agents for these tasks, resolving them entirely on-machine — the codebase never leaves. That turns a massive chunk of your AI workload into something free, private, and instant, and takes those calls off your provider bill completely.

Deterministic agents — code search, codegen, inference — registered with signed advertisements and per-agent sandboxing, resolving on-machine.
Deterministic agents — code search, codegen, inference — registered with signed advertisements and per-agent sandboxing, resolving on-machine.

The reality

You don't have to choose between developer velocity and security. With Chrysalis, your teams get the agents they want, and you get the hard, cryptographic proof that nothing left the perimeter — because you own the entire perimeter.

Start the assessment

Built by Baur Software.