Features

Chain integrity

Continuous proof that the ledger has not been tampered with — verifiable by anyone, anywhere, without trusting Bedrock.

Chain integrity is the property that makes the ledger worth anything. If the chain could be silently rewritten, every certificate it backs becomes worthless. The integrity check is the algorithm that proves it cannot be.

The verification algorithm

  1. Fetch the firm's public key from /.well-known/signing-key.
  2. Walk the chain entry by entry, in order of sequence.
  3. For each entry, compute SHA-256(canonical(entry)) and assert it equals the stored contentHash.
  4. Assert previousHash equals the previous entry's contentHash.
  5. Assert sequence is exactly one greater than the previous entry's.
  6. Verify the ed25519 signature over sequence || previousHash || contentHash || signedAt || eventType.

If any step fails, the failure is one of the four ChainInvalidReason values:

  • HASH_MISMATCH
  • SIGNATURE_INVALID
  • SEQUENCE_GAP
  • PREVIOUS_HASH_MISMATCH

Continuous verification

Bedrock runs the verification on a schedule (every 15 minutes) over each firm's chain. Any failure raises CHAIN_INTEGRITY_FAILED and pages the on-call rotation. Firms can also subscribe to this event via webhook.

Verifying yourself

bash
# Pull the chain segment you want to verify (paginated, supports filters)
curl "https://api.bedrockcompliance.co.uk/v1/ledger/records?page=1&pageSize=100" \
  -H "X-Bedrock-Key: bk_live_..." > segment.json

# Or call the firm-scoped chain verifier directly
curl https://api.bedrockcompliance.co.uk/v1/ledger/chains/verify \
  -H "X-Bedrock-Key: bk_live_..."

# Pull the public key
curl https://api.bedrockcompliance.co.uk/.well-known/signing-key > key.json

# Verify (using the @bedrock/core CLI)
npx @bedrock/core verify-chain segment.json key.json

FCA mapping

  • SYSC 9 — Record-keeping integrity
  • PRIN 2A.6 — Cross-cutting obligation to act in good faith
  • SUP 9 — Records to be available to the FCA

See also