BondFoundry
FINOS AIGF v2.0 reference implementation

AI on the buy-side desk that an auditor will sign off on.

Self-hosted, Claude-backed pricing, risk, scenarios, and FIX-booked trades — fronted by a pure-function policy gate, a hash-chained audit log, and HITL approvals the agent cannot forge.

Book a 20-min walkthrough See the four pillars
AIGF v2.0
23 / 23 risks
License
MIT
Audit
Tier 3
Diagram: agent actions flow through a single pure-function policy gate into a hash-chained audit log, with HITL routing on above-materiality writes.

FINOS AIGF v2.0

23 / 23 risks mapped

AIR-DET-21 audit

Tier 3 tamper-evident

License

MIT · self-hosted

Coverage gate

CI fails below 85%

The four pillars

Governance you can prove in a single SQL query.

Four primitives, designed so a stranger with subpoena power can verify the control claims in an afternoon.

Policy gate

One pure function. Every action. Every time.

A single deterministic function every governed action passes through. No I/O, no state, no eventually-consistent guesswork. Tier-routed by reversibility, returns a verbatim rule citation on every blocked decision.

  • decide(action, context) → Decision
  • Tiers T0 (read) · T1 (reversible) · T2 (single-HITL) · T3 (dual-HITL irreversible)
  • Fuzz-tested across millions of synthetic actions
AIR-OP-6 Tier routingAIR-OP-4 SoD

See the pillar

Audit chain

Append-only at the database. Hash-chained across rows.

Postgres triggers reject UPDATE and DELETE on the audit table — the application layer does not get a vote. Every row carries a sha256 hash over the previous row, so any insert between two rows breaks the chain in a single SQL query.

  • Postgres BEFORE UPDATE/DELETE triggers
  • sha256 row chain for Tier-3 tamper-evidence
  • framework_ref NOT NULL with taxonomy validation
AIR-DET-21 Tier 3AIR-RC-22

See the pillar

HITL envelopes

HMAC-signed approvals the agent cannot forge.

When the gate routes an action to T2 or T3, the agent requests an envelope. The server signs it with a key the agent never sees, scoped to this exact ISIN, notional, and side. SoD is enforced at the API, not the UI.

  • HMAC-signed, server-generated, 90s expiry
  • scope_hash binds approval to action + identity
  • Distinct approver identity enforced at the API
AIR-SEC-24AIR-OP-18

See the pillar

AIGF coverage gate

23 of 23 risks mapped. CI fails below 85%.

Every PR runs the four-dimension eval harness and the AIGF coverage report. If coverage drops below 85% or any AIGF v2.0 risk has zero passing eval cases, the build fails. Continuous monitoring as CI.

  • Four dimensions: accuracy · policy · robustness · latency
  • 23 / 23 AIGF v2.0 risks mapped to code + eval + audit
  • bondfoundry-finos coverage --threshold 0.85
AIR-OP-14

See the pillar

Pick your path

Each role gets a different first conversation.

BondFoundry serves four audiences. Each landing page is written for what you actually need to evaluate.

Buy-side desk

PMs, traders, treasury

A Claude-backed analyst on your desk. Above-materiality trades never bypass you.

Book the desk walkthrough

Engineers & CTOs

Architects, platform leads

Fork-friendly governance primitives. Not another vendor lock-in.

Read the architecture

Quants & AI architects

Model evaluators, AI leads

A pure-function policy gate you can embed. A four-dimension eval you can extend.

See the eval harness

FINOS & compliance

Reviewers, risk officers

The first runnable AIGF v2.0 reference. 23 of 23 risks mapped.

Read the FINOS mapping

Writing

For the finance teams designing this from scratch.

Cornerstone pieces on auditable AI agents, materiality-tier routing, and the FINOS AIGF v2.0 control surface.

All articles
For engineers 13 min Cornerstone

The Four Pillars of Governed AI in Finance

Policy gate, audit chain, HITL envelopes, and the AIGF coverage gate — the four primitives every agentic-AI system in a regulated workflow needs.

Read
For engineers 6 min

Open-Source vs Vendor SaaS: Building Your Own Governed AI Desk

Why self-hosting an AI agent for the buy-side desk is a board-level conversation in 2026 — and the fork-and-swap pattern that makes it tractable.

Read
For buy-side 7 min

FIX Gateway as AI: Connecting Your OMS to Claude-Backed Quant Analysis

How BondFoundry's FIX 4.4 gateway sits in front of an AI agent — with HITL approval envelopes, ExecutionReport flowback, and a HITL queue that doesn't trust the model.

Read
FAQ

What teams ask before the first call

Is BondFoundry a replacement for Aladdin, SimCorp Dimension, Charles River, or Bloomberg AIM?

No. BondFoundry is designed to sit alongside whatever OMS or book-of-record a desk already runs. It is the AI agent layer with governance built in — not the OMS itself.

How is BondFoundry licensed?

MIT. The full source is on GitHub. You can fork it, self-host it, and modify it for your domain (loans, derivatives, etc.) without any commercial license.

What is the FINOS AI Governance Framework v2.0?

AIGF v2.0 is the FINOS-published taxonomy of 23 AI risks and 23 mitigations for agentic AI in financial services. BondFoundry is the working reference implementation: every risk has a mapped mitigation in code, every mitigation has at least one passing eval case, every audit row carries a framework_ref.

Do I need Anthropic Claude to run BondFoundry?

Claude is the reference model and what we use in the demo. The model boundary is a tool-call interface, so swapping in another frontier model is a configuration change — not a re-architecture.

How do I evaluate BondFoundry for my desk?

Start with `make demo` from the GitHub repo for a sixty-second Docker compose run, or book a twenty-minute walkthrough on /book to see the policy gate, HITL queue, and audit chain end-to-end.

See it on a real desk

20 minutes. Policy gate, HITL queue, audit chain — end to end.

We'll run a $5M corporate-bond rebalance through the live system. You'll see the chain, the envelope, and the framework_ref column.

Book a walkthrough Read the FINOS mapping