Browser Attestation
Reimagined
ChronoSeal is a Unix-native browser attestation daemon combining cryptographic signatures, deterministic state machines, and a synthetic gene mutation engine for unparalleled session integrity.
Core Features
Everything you need for robust, enterprise-grade browser attestation
Synthetic Gene Engine
Deterministic mutation sequence that both server and browser WASM must execute in sync—creating an unprecedented second state channel.
Cryptographic Chain
Ed25519 signatures and a Blake3 hash chain progression with rotating salts ensures replay resistance and continuity verification.
Deterministic VM
A lightweight 10-opcode virtual machine executing server-issued programs with exact stack state verification between client and server.
Silent Rejection
Failed heartbeats return identical HTTP 200 responses—providing zero oracle feedback and making automated probing impossible.
Pluggable Storage
Use SQLite in-memory for testing, SQLite disk for standalone, or Valkey/Redis for massive distributed cluster deployments.
Production Ready
Built-in Prometheus metrics, liveness/readiness probes, structured logging, systemd integration, and graceful shutdown.
System Architecture
A look inside how ChronoSeal protects your sessions in real-time
Browser Client
JS Frontend + WASM Runtime
POST /init · POST /hb
Ed25519 Signatures · Canonical JSON
Verification Pipeline
Signature → Hash Chain → Mutation → Drift
Storage Backend
State Persistence Layer
Protocol Flow
Secure handshake and continuous background verification
┌─────────────┐ ┌─────────────┐
│ Browser │ │ Server │
│ (WASM) │ │ (ChronoSeal)│
└──────┬──────┘ └──────┬──────┘
│ │
│ POST /init { public_key } │
│─────────────────────────────────────────────────>│
│ │
│ 200 { session_id, salt, opcodes, │
│ initial_hash, mutation_order } │
│<─────────────────────────────────────────────────│
│ │
│ [Execute VM, Preview Mutation] │
│ │
│ POST /hb { prev_hash, timestamp, entropy, │
│ stack_state, gene_commitment, │
│ signature } │
│─────────────────────────────────────────────────>│
│ │
│ [Verify: Signature → Hash → Mutation → Drift] │
│ │
│ 200 { status: "ok", next_salt, │
│ next_mutation_step, next_order } │
│<─────────────────────────────────────────────────│
│ │
│ [Commit Preview, Rotate State] │
│ │
▼ ▼
vs Popular Solutions
Why modern infrastructure chooses ChronoSeal
| Feature | ChronoSeal | Cloudflare Turnstile | reCAPTCHA v3 | Enterprise WAFs |
|---|---|---|---|---|
| Self-hosted & Air-gapped | Yes | No | No | No |
| Privacy Focused | Excellent | Medium | Poor | Low |
| Cryptographic Continuity | Very High | Medium | Low | Medium |
| Cost Structure | Free (FOSS) | Freemium | Free → Paid | Extremely High |
| WASM Mutation Engine | Unique | No | No | No |
| Silent Rejection Architecture | Yes | No | No | No |
Quick Deployment
Spin up the daemon in under a minute
Docker
docker run -d -p 3000:3000 \ chronoseal/chronoseal:latest
Native (systemd)
curl -sL https://chronoseal.io/install.sh | sudo bash sudo systemctl enable --now chronoseal
From Source
git clone https://github.com/thakares/chronoseal-rs cd chronoseal && cargo run --release
$ curl http://localhost:3000/health
{"status":"healthy","uptime": 3600}
$ chronoseal status --format json
{"active_sessions":142,"expired_sessions":3,"max_chain_length":12}