Documentation

Welcome to Bedrock

Bedrock is the compliance ledger and governance layer for AI-assisted financial advice. These docs explain how it works, how to integrate it, and how it maps to the FCA Handbook.

Bedrock has two faces. For engineers, it is a REST API that records every advice decision into a tamper-evident hash chain, signs the result, and exposes the artefacts through webhooks and endpoints you can wire into existing pipelines. For compliance officers, it is a permanent system of record that can be inspected by the firm, by clients, or by the FCA — without trusting the firm not to have edited it after the fact.

These two views are the same product. The technical decisions — append-only storage, hash-linked records, ed25519 signatures, externally verifiable certificates — are the compliance decisions, in code.

What you'll find here

  • Getting Started — install the SDK, get an API key, submit your first record, and see it land in the ledger end-to-end.
  • Concepts — the moving parts: ledger, principal, certificates, the governance layer, firms and users.
  • Features — the eleven governance capabilities Bedrock layers on top of the ledger, from model registry to chain integrity.
  • Reference — exhaustive tables for ledger event types, enums, webhook payloads, error codes, and the data model.
  • Cookbook — copy-pasteable recipes for the things people actually build.
  • Compliance — how every Bedrock capability maps to a specific FCA rule, with citations.
  • API Reference — every endpoint, parameter, and schema, generated from the OpenAPI spec.

How to read these docs

If you're evaluating Bedrock as a compliance officer, start with The Ledger, then The Governance Layer, then FCA Handbook Mapping. Skip the code blocks.

If you're an engineer integrating Bedrock, start with Quickstart, then Authentication, then pick the cookbook recipe closest to what you're building.

If you already know what you're doing and just need an endpoint, jump to the API Reference.

The short version

Every advice decision flows through the API. Bedrock records it as an immutable entry in your firm's hash chain, optionally routes it to a human reviewer (the Principal), and — when the review is complete — issues a cryptographically signed certificate that anyone can verify with your firm's public key. The certificate is the proof. The chain is the audit trail. The webhooks tell your other systems it happened.

That's the whole product. Everything else in these docs is detail.