Identity-based security framework. Every node is a user. Everything between is encrypted at rest.
Project description
Build your app. Inherit the security.
Bedrock is the security layer your app sits on top of.
Identity, encryption, consent, and audit — handled from the start.
You don't bolt security on after the fact. You build on Bedrock, and your app inherits it.
Bedrock is a security framework that your application calls into — not a service you route traffic through. When your app uses Bedrock's SDK, every node gets a cryptographic identity, every field write gets encrypted at rest, every cross-silo read requires cryptographic consent, and every action gets written to a tamper-evident audit chain. Your app focuses on business logic. Bedrock handles the security guarantees.
What Your App Gets
- Cryptographic identity for every node. Each service, device, or user in your system gets a signed identity. No anonymous access.
- Field-level encryption at rest. Data is encrypted before it hits storage. Siloed by category — medical records, financial data, PII — each in its own encrypted container.
- Consent-gated data access. No cross-silo read without a cryptographic consent token. If the patient didn't authorize it, the data doesn't move.
- Tamper-evident audit chain. Every write, read, consent grant, and revocation is SHA-256 chained. Detect tampering, prove compliance.
- Self-healing mesh transport. Encrypted node-to-node communication with automatic failover and reconnection.
- License-gated operation. Runtime enforcement of tier limits — nodes, certificates, features.
Your app calls the SDK. The SDK calls Bedrock Core. The security is there because you built on Bedrock, not because you remembered to add it later.
How It Works
┌─────────────────────────────────────────────────────┐
│ Your Application │
│ │
│ Business logic, routes, UI — whatever you build │
│ │
├──────────┬──────────┬──────────────────────────────┤
│ Python │TypeScript│ REST API │
│ SDK │ SDK │ │
├──────────┴──────────┴──────────────────────────────┤
│ │
│ Bedrock Core │
│ │
│ You inherit: identity, encryption, consent, │
│ audit, key management, mesh transport │
│ │
└─────────────────────────────────────────────────────┘
Your app makes normal SDK calls — register a node, create a silo, encrypt a field, request consent. Bedrock handles the cryptography, the key derivation, the consent verification, the audit logging. You never touch raw crypto. You never write your own access control. You build on top, and the security is already there.
Status
Bedrock v0.3 is an active development release. Core modules (crypto, identity, data separation, licensing) are well-tested (841 tests, zero type errors). The HTTP API server has SQLite persistence and works for development and testing, but is not yet hardened for production traffic. See PRODUCTION_DEPLOYMENT.md for the roadmap.
Quick Start
# Install
pip install bedrock-core
# Initialize a project
bedrock init ./my-project
cd my-project
# Generate a free 30-day trial license
bedrock trial --licensee "your-email@example.com"
# Start the API server
bedrock serve
From Source
git clone https://github.com/drc10101/bedrock.git
cd bedrock/core
pip install -e ".[dev]"
pytest
# Or with Docker
docker compose -f deploy/docker-compose.yml up
Use It In Your App
Python
from bedrock_sdk import BedrockClient
client = BedrockClient(
base_url="https://bedrock.infill.systems",
license_key="1:...",
)
# Register your service as a node — it now has a cryptographic identity
node = client.nodes.register(name="my-service", node_type="application")
# Create a data silo — medical records live here, encrypted at rest
silo = client.silos.create(
name="patient-records",
display_name="Patient Records",
categories=["medical", "phi"],
)
# Encrypt a field before storing it — Bedrock handles key derivation
ciphertext = client.encryption.encrypt(
plaintext="SSN-123-45-6789",
silo=silo.silo_id,
record_id="patient-001",
scope="ssn",
operation="store",
)
# Request consent before reading cross-silo data — cryptographic proof required
consent = client.consent.request(
requester_id=node.node_id,
target_id="patient-001",
silo_id=silo.silo_id,
purpose="treatment",
scope=["ssn", "diagnosis"],
)
TypeScript
import { BedrockClient } from "@infill/bedrock-sdk";
const client = new BedrockClient({
baseUrl: "https://bedrock.infill.systems",
licenseKey: "1:...",
});
// Same API surface as Python SDK
const node = await client.nodes.register({ name: "my-service" });
const silo = await client.silos.create({ name: "patient-records" });
That's it. Your app now has identity, encryption, consent, and audit — because it's built on Bedrock.
CLI Commands
| Command | Description |
|---|---|
bedrock init [dir] |
Initialize a new project (config, keys, env template) |
bedrock trial [--licensee] |
Generate a free 30-day trial license |
bedrock serve [--host] [--port] |
Start the API server |
bedrock keygen [--key-id] |
Generate a signing key |
bedrock license issue --tier --licensee |
Issue a license key |
bedrock license validate --key |
Validate a license key |
bedrock license revoke --key-id |
Revoke a signing key |
bedrock health [--json] |
Run health checks |
bedrock status |
Show system status and config |
Licensing
Bedrock is source-available under the Business Source License 1.1.
Free Trial
Start with a free 30-day trial — full developer features, 3 local nodes, self-signed certificates. No credit card required.
bedrock trial --licensee "your-email@example.com"
Pricing
| Tier | Price | Nodes | Certificates | Use Case |
|---|---|---|---|---|
| Trial | Free (30 days) | 3 | Self-signed | Evaluation and development |
| Developer | $99/yr | 3 | Self-signed | Individual development |
| Professional | $499/yr | 10 | Self-signed | Team development |
| Starter | $5K/yr | 5 | CA-enforced | Production deployment |
| Business | $20K/yr | 25 | CA-enforced | Production at scale |
| Enterprise | Custom | Unlimited | CA-enforced | Mission-critical deployments |
Non-production use (development, testing, evaluation) is free forever under BSL-1.1. Production deployment requires a paid license.
How It Works
bedrock trial— get a free 30-day license with full developer features- Build your app on Bedrock — identity, encryption, consent, audit are inherited
- When ready for production, purchase a runtime license at bedrock.dev/pricing
- Upgrade your license key — no code changes, no reinstallation
Testing
# Core tests
cd core && pytest
# Python SDK tests
cd sdk-python && pytest
# TypeScript SDK tests
cd sdk-ts && npm test
841 tests pass across core modules (841) and Python SDK (20). Zero type errors.
Security
See SECURITY.md for reporting vulnerabilities.
Do not report security issues through public GitHub issues.
License
This software is licensed under the Business Source License 1.1.
You may use, modify, and redistribute this software for non-production purposes (development, testing, evaluation) free of charge. Production use requires a paid license — see bedrock.dev/pricing.
The BSL converts to an open-source license (typically Apache 2.0) on a predetermined change date — see the LICENSE file for details.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file infill_bedrock-0.3.2.tar.gz.
File metadata
- Download URL: infill_bedrock-0.3.2.tar.gz
- Upload date:
- Size: 112.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c4729e9d967386e11587ad6b7fc6889a4c068894e023520bf3eebeddfbbf446e
|
|
| MD5 |
727f9ad2d3c0d4c26cd8b00bc6fd5b56
|
|
| BLAKE2b-256 |
1b30917fb4459fa1e192f82ba0209f3c3786658e84315d0815f31619120c58e7
|
File details
Details for the file infill_bedrock-0.3.2-py3-none-any.whl.
File metadata
- Download URL: infill_bedrock-0.3.2-py3-none-any.whl
- Upload date:
- Size: 128.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5d5fdde9c49689a67e3193d54c0bbaf351912e7ad461f9341d21014f6abec337
|
|
| MD5 |
128c985a8a97c05a3dd5e9fbafc7e78e
|
|
| BLAKE2b-256 |
e43fc06c627995e2f28ac470a5f1ee3bab929354893305971b6a78c8b9378b99
|