Blockchain Primitives Platform

Executive Summary

Blockchain Primitives is an open, composable infrastructure platform that provides institutional-grade digital asset operations as independent, reusable services. Built entirely in Rust for memory safety and predictable performance, the platform supports 120 blockchains through a manifest-driven adapter architecture that makes adding new chains a configuration exercise rather than a development project. It combines next-generation MPC cryptography (DKLS23 (prototype) and CMP (audited)/CGGMP24 for ECDSA, FROST for EdDSA) with a 6-backend HSM hierarchy (Luna, Blocksafe, IBM HPCS, AWS CloudHSM, Nitro Enclaves, Securosys Primus) to eliminate single points of compromise in key management. A five-layer policy engine with 196 intent types, a native Rust condition DSL, and SMT-based formal verification replaces legacy JavaScript evaluation with sub-microsecond decision times. Every service — key management, transaction lifecycle, policy evaluation, querying, tokenization, settlement, staking, lending, exchange/DEX, contract interaction, tax and accounting, compliance, and proof of reserve — is independently deployable and exposable as a standalone API primitive on any cloud (AWS, Azure, GCP) or on-premise Kubernetes. As of 2026-02-19, the platform has 26 deployable microservices and 10,842 tests passing across the full workspace. It targets 500 TPS sustained / 5,000 TPS burst with lock-free data structures and presignature pools that deliver ~1.47 μs warm signing latency, orders of magnitude faster than any competitor. Benchmarked at 9,870+ TPS on a single c7g.16xlarge (64 vCPU ARM64 Graviton - 95% of this was for pre-sig generation) with 16 TX service instances and FROST presignature pools, with the pipeline remaining entirely I/O-bound (< 1% CPU utilization) — throughput scales further with additional hosts.

Detailed Documentation

Feature Deep Dives — 25 service-level deep dives covering Key Management, Transaction Lifecycle, Policy Engine, Settlement, Exchange, Lending, Compliance, Proof of Reserve, and more
Feature Implementation Status — Checklist of all features by category with current status
Security — Threshold MPC cryptography, 6-backend HSM hierarchy, confidential computing (TEE), API authentication, cryptographic policy attestation, anti-rewind infrastructure
Resilience (HA/DR) — Multi-AZ active-active, multi-region DR, automatic failover, 30-day event replay, blue/green deployments
Scalability — Lock-free data structures, per-chain queue isolation, connection pooling, parallel multi-sign, 9,870+ TPS benchmarks
Performance — ~1.47 μs warm signing, < 50 ns policy evaluation, sub-50ms transaction submission, manifest-driven cache TTLs
External Compliance & Regulatory Services — KYT providers, Travel Rule networks, sanctions feeds, regulatory filing
AWS Infrastructure (Dev) — CDK stacks, ECS services, 22 DynamoDB tables, SQS queues, EventBridge

Workspace Structure

blockchain-primitives/
├── crates/                             # Reusable libraries
│   │
│   ├── [Platform Core]
│   ├── platform-types/                 # ChainId, CurveType, TxStatus, Amount, PlatformError
│   ├── platform-storage/               # Storage traits + DynamoDB/sled/memory backends
│   ├── platform-auth/                  # API key validation, HMAC challenge-response
│   ├── platform-events/                # Event publishing (EventBridge backend)
│   ├── platform-account/               # Account lifecycle, state transitions, DynamoDB/sled
│   ├── platform-balance/               # Double-entry balance ledger
│   ├── platform-reconciliation/        # Balance reconciliation engine
│   ├── platform-indexer/               # Block/event indexing traits and polling
│   ├── platform-tenant/                # Multi-tenant isolation
│   │
│   ├── [Blockchain Integration]
│   ├── chain-manifest/                 # TOML manifest loader and schema validation
│   ├── chain-macros/                   # #[derive(PartialChainAdapter)] proc macro
│   ├── chain-adapters/                 # Trait hierarchy + 4 core + 13 extended cluster families + RPC cache
│   ├── xrpl/                           # Full XRPL SDK (6 crates)
│   │   ├── xrpl/                       # Umbrella SDK crate
│   │   ├── xrpl-types/                 # Core XRP Ledger types
│   │   ├── xrpl-codec/                 # Binary serialization/deserialization
│   │   ├── xrpl-crypto/                # Address derivation, key handling
│   │   ├── xrpl-client/                # Async JSON-RPC and WebSocket client
│   │   └── xrpl-macros/                # Derive macros for XRPL binary codec
│   │
│   ├── [MPC Cryptography]
│   ├── mpc-crypto/
│   │   ├── types/                      # Core MPC protocol types and message formats
│   │   ├── macros/                     # Protocol-level procedural macros
│   │   ├── algorithms/                 # secp256k1, p256, Ed25519, batch ops, Lagrange cache
│   │   ├── state-machine/              # Async state machine for multi-round MPC protocols
│   │   ├── hdwallets/                  # HD wallet derivation with Lagrange coefficient caching
│   │   ├── ecdsa-dkls/                 # DKLS23 (prototype) threshold ECDSA (secp256k1) — 92 feature flags
│   │   ├── cmp-kms/                    # CMP/CGGMP24 threshold ECDSA (secp256k1 + secp256r1) — 10-phase keygen, 5-phase signing, 38 tests
│   │   └── eddsa-frost/                # FROST threshold EdDSA (Ed25519)
│   ├── presig-store/                   # Redis/Dragonfly presignature persistence
│   │
│   ├── [Policy & Compliance]
│   ├── policy-engine/
│   │   ├── types/                      # Policy types, evaluation context, approval state
│   │   ├── dsl/                        # Domain-specific language for policy rules
│   │   ├── verification/               # Formal verification (Z3 SMT solver, optional)
│   │   ├── testing/                    # Property-based test utilities
│   │   ├── client/                     # HTTP client for policy engine service
│   │   └── intent-manifest/            # Intent manifest loader
│   ├── travel-rule/                    # FATF Travel Rule — jurisdiction engine, encrypted PII
│   │
│   ├── [Financial Operations]
│   ├── settlement/                     # RTGS, DvP, multilateral netting, XRPL escrow, credit
│   ├── tokenization/                   # ERC-20/3643/2612/4626, Solana SPL, XRPL token builders
│   ├── staking/                        # Stake/unstake/redelegate, validator directory, rewards
│   ├── gas-abstraction/                # 14 fee models, RBF/fee-bump, watermark auto-fueling
│   ├── user-management/                # Identity providers (local + OIDC), user store
│   ├── exchange/                       # DexAdapter RPITIT trait, XRPL/Uniswap V4/Jupiter adapters, MEV module
│   ├── contract/                       # ContractAdapter RPITIT trait, EVM/XRPL/Solana adapters, ABI, Anchor IDL
│   ├── lending/                        # 7-state loan FSM, Aave V3/Compound V3/Morpho live contract reads, LTV monitor
│   ├── tax/                            # FIFO/LIFO/HIFO/SpecID/AvgCost, 6 jurisdictions, FASB ASU 2023-08, 1099-DA
│   ├── compliance/                     # Composite risk scoring, SAR/CTR, audit trail, 8 regulatory frameworks
│   ├── platform-por/                   # Merkle PoR, RFC 6962 hashing, Ed25519 attestation, SnapshotStore
│   │
│   └── [Utilities]
│       ├── merkle-tree/                # Entity Merkle trees for proof-of-reserve and audit + DynamoMerkleRootStore (feature-gated)
│       ├── manifest-signing/           # Manifest integrity signing
│       ├── devtools/               # Developer tooling library (simulation, testing utilities)
│       └── rail-client/            # RAIL B2B payment rail client
│
├── services/                           # 26 deployable microservices
│   ├── key-management/                 # MPC keygen, signing, presig pool, manifests (8081)
│   ├── transaction/                    # Tx lifecycle, gas, travel rule wiring (8082)
│   ├── policy-engine/                  # Policy eval, approvals, anti-rewind (8083/9083)
│   ├── query/                          # Balances, blocks, chain info, tokens (8084)
│   ├── settlement/                     # Settlement REST API (8085)
│   ├── indexer/                        # Block ingestion, event indexing, subscriptions (8085)
│   ├── supervision/                    # Stuck-TX detection and recovery (8086)
│   ├── gas-daemon/                     # Auto-fueling background service (8087)
│   ├── deposit-processor/              # Deposit detection, balance crediting (8088)
│   ├── custody-gateway/                # Provider webhook ingestion (8089)
│   ├── tokenization/                   # Token lifecycle REST API
│   ├── staking/                        # Staking lifecycle REST API
│   ├── travel-rule/                    # Travel Rule transfer lifecycle
│   ├── user-management/                # User CRUD and auth endpoints
│   ├── exchange/                       # DEX/swap REST + WebSocket order book (8088)
│   ├── contract/                       # Contract read/write/events/registry REST (8090)
│   ├── lending/                        # Loan lifecycle, DeFi rates, LTV REST
│   ├── tax-engine/                     # Tax lot CRUD, disposal, bridge transfer REST (8092)
│   ├── proof-of-reserve/               # Merkle PoR, inclusion proofs, WebSocket (anchoring)
│   ├── compliance/                     # AML screening, SAR/CTR, regulatory reports REST
│   ├── devtools/                   # Developer tooling and simulation service
│   ├── otc/                        # OTC RFQ and negotiation REST API
│   ├── reconciliation/             # Balance reconciliation engine
│   ├── xrpl-advanced/              # XRPL advanced operations (multi-sign, amendment gate)
│   ├── rail-integration/           # B2B payment rail integration
│   └── chain-indexer/              # (alias: indexer) Multi-chain block and event indexer
│
├── config/
│   ├── chains/                         # 120 per-chain TOML manifests
│   └── strategies/                     # Fee model and finality strategy configs
├── infra/
│   ├── cdk/                            # AWS CDK: data, messaging, compute stacks
│   ├── docker/                         # Dockerfiles for 6 deployed services
│   └── terraform/                      # VPC, networking, 3-tier subnets
├── mvp/                                # XRP MVP standalone service (benchmarking)
├── sdk/                                # 5-language SDKs (TypeScript, Python, Go, Rust, JVM, .NET)
└── xtask/                              # Developer tooling CLI

Signing Protocol Dispatch

secp256k1 → DKLS23 (prototype) threshold ECDSA (EVM, XRPL secp256k1, Bitcoin, all UTXO chains)
Ed25519 → FROST threshold Schnorr (Solana, XRPL Ed25519)
secp256r1 (NIST P-256) → CMP (audited)/CGGMP24 threshold ECDSA (WebAuthn, institutional HSMs requiring P-256)

Chain adapters produce signing payloads; KMS dispatches to DKLS23, FROST, or CMP (audited) based on the key’s AlgorithmChoice field (defaults to DKLS23 for backward compatibility).

Competitive Comparison

The following table compares core capabilities against the current market leader in each category.

Feature	Current Market Leader	Blockchain Primitives
Key Management & Signing	Fireblocks (MPC-CMP (audited) + Intel SGX)	New Leader — DKLS23 (prototype) + CMP (audited)/CGGMP24 + FROST (3 protocols, 2 generations newer) with 6-backend HSM (Luna, Blocksafe, IBM HPCS, CloudHSM, Nitro, Primus); ~1.47 μs warm signing via presignature pools
Confidential Computing	Fireblocks (Intel SGX only, AWS-only)	New Leader — AWS Nitro + AMD SEV-SNP + Intel TDX + Azure MAA + GCP Confidential Space; VM-level isolation (vs SGX process-level); unified AttestationVerifier across all TEEs; signing gated by attestation policy conditions; no 256 MB EPC memory limit
Chain & Asset Coverage	Cobo / Fireblocks (80+ chains)	New Leader — 120 blockchains across 13 cluster families; 50%+ more than nearest competitor
Policy & Governance Engine	Fireblocks (TAP engine)	New Leader — 5-layer distributed engine, 196 intent types, native Rust DSL (< 50 ns eval vs. ~12 ms GraalVM JS), Z3 SMT formal verification for conflict/shadow/unreachable policy detection
Transaction Lifecycle	Fireblocks (Gas Station + RBF)	New Leader — 4 transaction modes, 14 fee models, EIP-1559 repricing, RBF, auto-fueling, gasless tx via ERC-2612 permits, lock-free nonce management
Gas Operations	Fireblocks (Gas Station)	New Leader — 14 fee models, watermark-based auto-fueling, UTXO consolidation, stuck-tx detection, gasless transactions via relayer pattern
Tokenization & Smart Contracts	Taurus (ERC-3643/CMTAT)	New Leader — 30+ token standards incl. ERC-3643 (T-REX), CMTAT, ERC-4626 vaults, ERC-2612 gasless permits; 12 compliance modules (country restriction, investor accreditation, holding period, investor cap, velocity limits, sanctions screening, identity registry, forced transfer, partial freeze, clawback, dividend distribution, corporate actions); supply invariant enforcement across 104 chains
Settlement & Trading	Fireblocks (1500+ counterparties)	New Leader — RTGS/DNS/DVP/PVP engines, multilateral netting (85-92% ratio), mirror positions, XRPL escrow settlement, Hidden Road FX+crypto convergence; RLUSD as primary settlement rail (dual-chain XRPL+ETH, gasless via ERC-2612, XRPL native payment channels); 7 major stablecoins with de-peg detection, issuer blacklist propagation, cross-stablecoin netting
Staking & Yield	GK8/Galaxy ($5B AUS)	New Leader — native/liquid/restaking across 10 PoS chains (ETH, SOL, DOT, ATOM, ADA, NEAR, ALGO, APT, SUI, AVAX); Lido, Rocket Pool, Jito, EigenLayer integrations
Enterprise Deployment	Ripple Custody / Taurus (SaaS + on-prem)	New Leader — identical containerized architecture across SaaS, on-prem, and hybrid; AWS/Azure/GCP/Kubernetes native; single env var runtime selection (`BP_TARGET`); pure Rust implementation requires ~1/10th the compute resources of Java/Go competitors (256 MiB per service vs. 2-4 GiB), dramatically reducing infrastructure cost at scale
Cross-Platform Infrastructure	No equivalent (competitors are single-cloud)	New Leader — 13-layer abstraction (compute, serverless, KV, RDBMS, cache, storage, events, queues, workflow, HSM, identity, secrets, mesh) across 4 targets; same binaries everywhere
Disaster Recovery	Fireblocks (99.99% SLA)	New Leader — multi-AZ active-active, multi-region DR with cross-cloud portability: AWS (DynamoDB Global Tables, Aurora Global Database), Azure (Cosmos DB multi-region, Azure Database geo-replication), GCP (Spanner multi-region, AlloyDB cross-region), on-prem (PostgreSQL Patroni HA + streaming replication); sub-second RPO, 30-day event replay, blue/green zero-downtime deploys across all targets
Observability & Audit	No clear leader (underinvested market-wide)	New Leader — structured OTel pipeline, hash-chained audit logs, Merkle-tree state commitments, 42 event types with 30-day replay
Proof of Reserve	No equivalent (self-attestation industry norm)	Unique — cryptographic Merkle PoR with client inclusion proofs, hourly on-chain anchoring (XRPL + Ethereum), real-time vs. point-in-time snapshots, auditor APIs with SOC 2 evidence export; first custody platform with user-verifiable PoR
MEV Protection	Flashbots (Ethereum only)	New Leader — per-chain MEV strategy (Flashbots Protect, MEV Share, Jito bundles, sequencer trust); no competitor offers cross-chain MEV protection
Tax & Accounting	TaxBit / Lukka (standalone)	New Leader — custody-native tax engine, FASB ASU 2023-08 compliance, 1099-DA generation, 6 jurisdictions, cost basis at signing time, wash sale cross-account detection
Virtual Accounts	Fireblocks (basic omnibus)	New Leader — double-entry bookkeeping, 6 account types, omnibus wallets, automated reconciliation engine, deposit auto-detection
Lending & Borrowing	No integrated leader	New Leader — CeFi+DeFi convergence, Aave V3/Compound V3/Morpho/Euler integration, cross-chain collateral, liquidation engine with LTV monitoring
Exchange & DEX	Fireblocks (OTC network)	New Leader — XRPL native DEX, Uniswap/Curve/Raydium/Orca integration, pathfinding, AMM calculator, real-time order book streaming
External Custody Adapters	No equivalent (competitors are single-provider)	Unique — 18 providers (Fireblocks, BitGo, Coinbase Prime, Anchorage, Taurus, Ledger Enterprise, etc.) via unified abstraction; internal MPC as just another provider
API & Developer Experience	Dfns (5 SDKs, transparent docs)	New Leader — 6 SDKs (TypeScript, Python, Go, Rust, Java/Kotlin, C#/.NET); REST + gRPC + WebSocket + EventBridge; OpenAPI 3.1 schema-first generation; 3-tier sandbox (hosted/Docker/testnet); full dry-run execution trace (fee, nonce, policy, MEV risk); event replay debugging; OpenAPI mock server; SDK TestClient utilities
Regulatory & Compliance	Coinbase Prime / Paxos (OCC charters)	New Leader — embedded compliance architecture: MiCA CASP operational controls, DORA ICT resilience mapping, VASP Travel Rule automation (IVMS101 auto-enrichment, sunrise issue handling, OpenVASP/TRP), real-time transaction monitoring with SAR/CTR generation, regulatory reporting APIs (FinCEN/FCA/ESMA/MAS machine-readable), version-controlled regulatory rule library with auto-policy suggestions
Pricing Transparency	Dfns ($60-$2,800/mo, no AUM fees)	TBD

Service Summary

Service	Unique / Market Leader	Current Competitor Leader
Key Management	Market Leader (6-backend HSM)	Fireblocks (MPC-CMP (audited) + SGX)
Confidential Computing (TEE)	Market Leader (5 platforms, VM-level)	Fireblocks (SGX only)
Transaction Lifecycle	Market Leader	Fireblocks (Gas Station + RBF)
Policy Engine	Market Leader (SMT verification)	Fireblocks (TAP engine)
Chain Adapters (120 chains)	Market Leader	Cobo / Fireblocks (80+ chains)
Gas Operations	Market Leader (14 fee models, gasless tx)	Fireblocks (Gas Station)
Tokenization (30+ standards)	Market Leader (ERC-3643, CMTAT, ERC-4626)	Taurus TDX / Securitize
Settlement Network	Market Leader (netting, mirror positions)	Fireblocks (1500+ counterparties)
Staking & Yield	Market Leader (10 chains, 3 models)	GK8/Galaxy ($5B AUS)
Exchange & DEX	Market Leader (CeFi+DeFi unified)	Fireblocks (OTC network)
Virtual Accounts	Market Leader (double-entry + reconciliation)	Fireblocks (basic omnibus)
MEV Protection	Market Leader (cross-chain)	Flashbots (Ethereum only)
Tax & Accounting	Market Leader (custody-native, 6 jurisdictions)	TaxBit / Lukka (standalone)
Lending & Borrowing	Market Leader (CeFi+DeFi converged)	No integrated leader
Regulatory & Compliance	Market Leader (embedded, not bolt-on)	Coinbase Prime / Paxos (OCC charters)
External Custody Adapters	Unique (18 providers pluggable)	No equivalent
Query & Balance	Market Leader (coalescing + push invalidation)	No equivalent standalone primitive
Contract Interaction	Unique (4 VM paradigms unified)	No equivalent standalone primitive
Observability & Audit	Market Leader (hash-chained + Merkle)	No clear market leader
Proof of Reserve	Unique (cryptographic, client-verifiable)	No custody equivalent
Cross-Platform Deployment	Market Leader (identical container arch)	Ripple Custody / Taurus (on-prem)
Finality Monitoring	Unique (4-model strategy registry)	Embedded in competitor monoliths
Presignature Pool	Unique (~1.47 μs warm signing)	No competitor equivalent
Developer Sandbox & Testing	Market Leader (3-tier sandbox + simulation)	Dfns (basic sandbox only)
RLUSD & Stablecoin-Native	Unique (first-class settlement rails)	No equivalent in custody platforms
Event Indexing	Market Leader (reorg-safe, address subscriptions)	No equivalent standalone primitive
Supervision & Recovery	Unique (stuck-tx detection, auto-heal)	Embedded in competitor monoliths
Gas Daemon	Unique (background auto-fueling)	No equivalent standalone primitive
Deposit Processing	Market Leader (event-driven, idempotent)	No equivalent standalone primitive
Travel Rule	Market Leader (IVMS101, multi-jurisdiction)	Notabene / CipherTrace (standalone)
User Management	Market Leader (multi-tenant, OIDC + local)	No equivalent standalone primitive
Exchange & DEX	Market Leader (CeFi+DeFi unified, XRPL+EVM+Solana)	Fireblocks (OTC network)
MEV Protection	Market Leader (cross-chain, circuit breaker + slippage tiers)	Flashbots (Ethereum only)
Contract Interaction	Unique (4 VM paradigms, ABI + XRPL + Anchor IDL)	No equivalent standalone primitive
Lending & Borrowing	Market Leader (CeFi+DeFi converged, 7-state FSM)	No integrated leader
Tax & Accounting	Market Leader (custody-native, 6 jurisdictions, FASB ASU 2023-08)	TaxBit / Lukka (standalone)
Regulatory Compliance	Market Leader (embedded AML, SAR/CTR, 8 frameworks, hash-chained audit)	Coinbase Prime / Paxos (OCC charters)
Proof of Reserve	Unique (cryptographic, RFC 6962, Ed25519 attestation, client-verifiable)	No custody equivalent

Development

Prerequisites

Rust 1.91.0 (auto-installed via rust-toolchain.toml)
AWS CLI with configured SSO profile
Podman 5.x (container builds)
Node.js 18+ (CDK, e2e tests)

Build and Test

cargo build --workspace
cargo test --workspace

# Zero-warning policy
cargo clippy --workspace -- -D warnings
cargo fmt --all -- --check

# Do NOT use --all-features — ecdsa-dkls has mutually exclusive features

Quality Gates (Every Commit)

cargo fmt --all -- --check
cargo clippy --workspace -- -D warnings
RUSTFLAGS="-D warnings" cargo build --workspace
cargo test --workspace

Skip gates 3-4 when only markdown/docs/config changed.

Deploy Workflow

# Image-only update (no CDK change needed)
aws ecr get-login-password --region us-east-2 --profile $AWS_PROFILE \
  | podman login --username AWS --password-stdin 084828566741.dkr.ecr.us-east-2.amazonaws.com

podman build --platform linux/arm64 \
  -f infra/docker/Dockerfile.<service> \
  -t 084828566741.dkr.ecr.us-east-2.amazonaws.com/bp-<service>:latest .

podman push 084828566741.dkr.ecr.us-east-2.amazonaws.com/bp-<service>:latest

aws ecs update-service --cluster bp-dev-cluster \
  --service <service-name> --force-new-deployment \
  --profile $AWS_PROFILE --region us-east-2

# Infrastructure change (CDK stack)
cd infra/cdk && npx aws-cdk deploy bp-dev-compute --require-approval never --profile $AWS_PROFILE

Extensibility

The platform is designed so that extending chains, intents, conditions, and custody providers is a guided, low-friction exercise using cargo xtask developer tooling.

Adding a New Chain

One command generates the TOML manifest:

cargo xtask new-chain polygon --family evm

This creates config/chains/polygon.toml pre-populated with the correct family defaults (curve, fee model, finality model, capabilities). For EVM chains, this is often sufficient — the existing EVM adapter handles all EVM-compatible chains from a single implementation.

Scaffolding a New Chain Family

One command generates the full adapter skeleton:

cargo xtask scaffold-adapter cosmos \
  --curve secp256k1 \
  --encoding protobuf \
  --rpc-style rest \
  --address-format bech32

This generates four files with trait stubs:

mod.rs — ChainAdapter implementation (chain identity, capabilities, health)
key.rs — KeyAdapter (address derivation, validation, derivation paths)
transaction.rs — TransactionAdapter (build, sign, submit, finality)
query.rs — QueryAdapter (balance, nonce queries)

Every method body is todo!("CosmosAdapter::method_name") so the adapter compiles immediately and panics with clear messages indicating what needs implementation.

Adding a Query Adapter to an Existing Family

cargo xtask add-query-adapter stellar --rpc-style rest --balance-path "/accounts/{address}"

Adding a New Policy Intent Category

cargo xtask new-intent asset-management --id 32 --name "Asset Management"

This generates a TOML manifest in config/intents/ with the category schema, intent type templates, default policies, and supervision rules. Intent types are declarative — add a [[intents]] entry to define a new intent without touching Rust code.

Adding a New Policy Condition

cargo xtask new-condition XrplReserveCheck \
  --category xrpl \
  --fields "address:string,min_reserve:u128"

This inserts the condition variant into the Rust enum, adds the evaluator match arm, generates SMT (Sparse Merkle Tree) serialization, and creates validation logic — all via source-level markers that keep the codebase consistent.

Adding a New Custody Provider

cargo xtask new-custody-provider anchorage --name "Anchorage Digital" --type external

Validation and Completeness Reporting

cargo xtask validate-manifests      # Validates all 120 chain TOML files
cargo xtask validate-intents        # Validates all intent category manifests
cargo xtask capability-matrix       # Prints chain capability matrix
cargo xtask adapter-completeness    # Reports stub/TODO scores per adapter family
cargo xtask check-markers           # Verifies xtask insertion markers are intact

Benchmarking and E2E Testing

cargo xtask testnet-e2e             # Run E2E transactions across all 4 core chains
cargo xtask bench-tx --stress       # Ramp concurrency until the system breaks
cargo xtask bench-tx --presignatures 200 --concurrency 8  # Measure presig performance

Cross-Platform Support

The platform deploys natively on AWS, Azure, GCP, and on-premise Kubernetes/OpenShift using a six-layer abstraction model. All 26 microservices are identical across targets — only the infrastructure adapter layer changes.

Component	AWS	Azure	GCP	On-Prem
Compute	ECS Fargate (Graviton3 ARM64)	ACI / AKS	Cloud Run / GKE	Kubernetes / OpenShift
Serverless	Lambda	Azure Functions	Cloud Functions	Knative / OpenFaaS
KV Store	DynamoDB	Cosmos DB	Firestore / Spanner	PostgreSQL (JSONB)
Relational DB	Aurora PostgreSQL	Azure Database for PostgreSQL	Cloud SQL / AlloyDB	PostgreSQL (Patroni HA)
Cache	ElastiCache Redis	Azure Cache for Redis	Memorystore Redis	Redis Sentinel / Cluster
Object Storage	S3	Blob Storage	Cloud Storage	MinIO
Event Bus	EventBridge	Event Grid	Eventarc	NATS JetStream
Queue	SQS FIFO	Azure Service Bus	Cloud Tasks / Pub/Sub	NATS JetStream
Workflow	Step Functions	Durable Functions	Cloud Workflows	Temporal.io
HSM	CloudHSM + Nitro Enclaves	Azure Dedicated HSM	Cloud HSM	Securosys / Thales Luna / Utimaco
Identity	Cognito	Azure AD B2C	Firebase Auth	Keycloak
Secrets	Secrets Manager	Key Vault	Secret Manager	HashiCorp Vault
Service Mesh	Cloud Map + VPC Lattice	Istio on AKS	Cloud Service Mesh	Istio / Linkerd

Key differentiator: Unlike competitors that offer SaaS-only (Fireblocks, Coinbase Prime, Dfns) or require separate on-premise builds (Ripple Custody/Metaco Harmonize), this platform runs the exact same containerized binaries everywhere. A single CI/CD pipeline produces artifacts that deploy identically to any target, eliminating deployment-variant bugs and ensuring consistent security posture across all environments.

Runtime selection is a single environment variable (BP_TARGET=aws|azure|gcp|onprem) that activates the appropriate infrastructure adapter at startup. No recompilation, no separate builds, no feature flags in application code.

Technology Stack

Component	Technology
Language	Rust 1.91.0 (pinned via rust-toolchain.toml)
Web framework	Axum 0.8
RPC framework	Tonic 0.12 (gRPC)
Async runtime	Tokio 1.x (full)
MPC — secp256k1	DKLS23 (prototype) (custom, 92 feature flags for optimization modes)
MPC — Ed25519	FROST (custom, presignature support)
Storage	DynamoDB (aws-sdk 1.x), Sled 0.34, Redis/Dragonfly 0.27
Messaging	SQS + EventBridge (aws-sdk 1.x)
Compute	ECS Fargate ARM64/Graviton
Containers	Podman 5.x; gcr.io/distroless/cc-debian12:nonroot
IaC	Terraform 1.12 (networking) + AWS CDK 2.170 (services)

February 2026 — Blockchain Primitives Platform