Developer Documentation

Integrate GAMP in minutes

Register your AI model, get a cryptographic passport, embed a live trust badge. No infrastructure changes required — GAMP wraps your existing model without changing how it works.

Quickstart

Four steps from zero to a live trust badge on your site.

Create an account

Register at gampid.co.za. Fill in your profile — name, company, country, website. This is what GAMP reviewers see when auditing your documentation. Takes 5 minutes.

Go to Dashboard → Register Agent. Fill in your model name, version, description, intended use, and training data description. Choose your tier. Click Register.

Save your private key

GAMP issues an Ed25519 private key and returns it once. Copy it immediately and store it in your secrets manager, environment variable, or password manager. GAMP never stores it and cannot recover it.

Embed the badge

Copy the embed snippet from your model's dashboard page. Paste it anywhere — your website, your app, your README. The live badge appears automatically and updates whenever your trust score changes.

✓

That's it for Declared tier. Your model has a cryptographic passport, a public registry entry, and a live embeddable badge. If you want a higher trust tier, continue to the Audit Tiers section below.

1. Create an Account

Your GAMP account is your identity in the registry. Every model you register is tied to this account. When you apply for an audited tier, GAMP reviewers use your account profile to verify your identity and contact you.

Required profile fields

Field	Required for	Why
name	All tiers	Identity of the person or team registering
email	All tiers	Contact for audit results and notifications
company_name	Verified +	Identifies the organisation behind the model
country	Verified +	Determines applicable regulatory frameworks
website	Verified +	Verified as part of identity confirmation
phone	Audited +	Direct contact for audit review
bio	Audited +	Organisation description for public profile

ℹ

GAMP enforces profile completeness before accepting audit applications. If your profile is incomplete when you apply for Verified or higher tier, the API returns a clear error listing the missing fields.

2. Register Your Model

Registration creates a cryptographically signed passport for your AI model. The passport contains the information you provide, hashed and signed with GAMP's master Ed25519 key, then stored in the public registry.

Registration fields

Field	Required	Description
name	Yes	Model name — min 3 characters, no spam patterns
version	Yes	Version string, e.g. "1.0.0" or "2026-03"
description	Yes	What the model does — min 20 characters
model_type	Yes	llm, classifier, embedding, image, speech, multimodal
intended_use	Yes	Declared intended deployment context
training_data_description	Yes	Description of training data and methodology
tier	No	declared (default), verified, audited, accredited
architecture	No	Model architecture details
limitations	No	Known limitations and failure modes
industry_code	No	Declared industry — see industry codes below

⚠

Industry classification matters. GAMP uses AI to independently assess what industry your model is likely used in, and cross-checks it against your declaration. If you declare "general" but your model description suggests healthcare use, GAMP flags this and may require a higher audit tier.

3. Your Private Key

At registration, GAMP generates an Ed25519 keypair for your model. The private key is returned once in the registration response and never stored by GAMP. The public key is stored in the registry and used to verify your model's signed outputs.

⚠

Store your private key immediately. Copy it from the registration response and store it in your secrets manager, environment variable, or an encrypted file. If you lose it, you will need to rotate your keys through the dashboard (Key Management → Rotate Key). Rotation issues a new keypair and re-signs your passport.

Where to store it

Environment variable (recommended)

export GAMP_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg...
-----END PRIVATE KEY-----"

In your .env file

GAMP_MODEL_ID=mdl_abc123
GAMP_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----\nMIGH...\n-----END PRIVATE KEY-----

4. Embed the Badge

The live badge reflects your model's current trust status in real time. When your tier changes or your trust score updates, every embedded badge updates automatically — no code change required on your site.

Copy from your dashboard — or use this format

<!-- GAMP Trust Badge -->
<script
  src="https://gampid.co.za/badge.js"
  data-gamp-model-id="mdl_YOUR_MODEL_ID"
  data-theme="light"
  data-size="medium"
></script>

Markdown (for README files)

[![GAMP Verified](https://gampid.co.za/models/mdl_YOUR_MODEL_ID/badge.svg)](https://gampid.co.za/transparency/passport/mdl_YOUR_MODEL_ID)

Badge states

Tier	Colour	Meaning
accredited	Gold ★	Institutionally approved, full audit passed
audited	Green ✓	Third-party certified, documents reviewed
verified	Blue ✓	Identity confirmed, basic docs reviewed
declared	Grey ·	Self-registered, not independently verified
flagged	Amber ⚠	Under investigation
suspended	Red ✕	Certification suspended

Python SDK

The Python SDK is a single file with no external dependencies beyond the cryptography package. Copy gamp_sdk.py from the registry or install it directly.

Installation

pip install cryptography
# Then copy gamp_sdk.py into your project
# or download from: https://gampid.co.za/sdk/gamp_sdk.py

Signing Outputs

Wrap your model in the GAMPAgent class to sign every output with your Ed25519 private key. Signed outputs can be independently verified by anyone using only your public GAMP passport — no API key required.

from gamp_sdk import GAMPAgent
import os

agent = GAMPAgent(
    model_id=os.environ["GAMP_MODEL_ID"],
    private_key_pem=os.environ["GAMP_PRIVATE_KEY"],
)

# Sign a single output
response = "The capital of France is Paris."
signed = agent.sign_output(response)

print(signed.output_text)   # The capital of France is Paris.
print(signed.signature)     # Base64 Ed25519 signature
print(signed.output_hash)   # SHA-256 of the output

# Use as a decorator
from gamp_sdk import gamp_signed

@gamp_signed(agent)
def my_model(prompt: str) -> str:
    return llm.generate(prompt)

result = my_model("What is 2+2?")
# result is a SignedOutput with .output_text and .signature

const { GAMPAgent } = require('./gamp_sdk.js');

const agent = new GAMPAgent({
  modelId: process.env.GAMP_MODEL_ID,
  privateKeyPem: process.env.GAMP_PRIVATE_KEY,
});

// Express middleware — signs every response automatically
app.use(agent.expressMiddleware());

// Or sign manually
const signed = await agent.signOutput("The capital of France is Paris.");
console.log(signed.outputText);
console.log(signed.signature);

Verifying Outputs

Anyone receiving a response from a GAMP-registered agent can verify it independently. All they need is the model ID and the signed output — no API key, no account.

from gamp_sdk import GAMPAgent

# Local verification — fetches the public key from the GAMP passport
result = GAMPAgent.verify(
    model_id="mdl_abc123",
    output_text="The capital of France is Paris.",
    signature="BASE64_SIGNATURE_FROM_RESPONSE",
)

print(result["valid"])    # True
print(result["tier"])     # "audited"
print(result["trust_score"])  # 82

const { GAMPAgent } = require('./gamp_sdk.js');

const result = await GAMPAgent.verify({
  modelId: 'mdl_abc123',
  outputText: 'The capital of France is Paris.',
  signature: 'BASE64_SIGNATURE',
});

console.log(result.valid);       // true
console.log(result.tier);        // "audited"
console.log(result.trustScore);  // 82

POST /models/{model_id}/verify-output

{
  "output_text": "The capital of France is Paris.",
  "signature": "BASE64_SIGNATURE",
  "output_hash": "SHA256_HASH"
}

// Response
{
  "valid": true,
  "tier": "audited",
  "trust_score": 82,
  "status": "active",
  "model_name": "MyModel v2",
  "message": "Output signature valid."
}

JavaScript SDK

The JavaScript SDK works in Node.js. It uses the Web Crypto API and has no npm dependencies for core functionality.

Download and use

// Download: https://gampid.co.za/sdk/gamp_sdk.js
const { GAMPAgent } = require('./gamp_sdk.js');

// Express — automatic response header signing
const express = require('express');
const app = express();
const agent = new GAMPAgent({
  modelId: process.env.GAMP_MODEL_ID,
  privateKeyPem: process.env.GAMP_PRIVATE_KEY,
});

app.use(agent.expressMiddleware());
// Every response now has a GAMP-Signature header
// verifiable by any consumer against the public passport

How Audits Work

Declared tier is free and immediate. To move to Verified, Audited, or Accredited tier, you submit documentation for review. Submission can be done through the dashboard or the SDK. Approval is always human — a GAMP reviewer reads every document before any tier upgrade is granted.

Complete your profile

Name, company, website, and country are required for Verified. Phone and bio are additionally required for Audited and Accredited.

Apply for audit in the dashboard

Go to your model → Apply for Audit → select your target tier. GAMP creates an audit record and tells you exactly which documents are required.

Upload your documents

Use the tabbed document upload interface in your model's detail page. Each document type has a clear description of what to include. Documents are stored securely and only visible to you and GAMP reviewers.

Automated checks run first

GAMP's system checks word count, placeholder detection, URL reachability, field consistency, and industry compliance. You receive a score and a list of any issues before a human reviewer sees your documents.

Human review

A GAMP reviewer reads your documents, checks for consistency with your registration, and approves or requests changes. You receive an email when the review is complete.

Required Documents by Tier

Document	Verified	Audited	Accredited	Description
training_data	✓	✓	✓	Dataset sources, size, curation, consent/licensing
intended_use_policy	✓	✓	✓	Approved uses, prohibited uses, restrictions
architecture		✓	✓	Model type, layers, parameters, training procedure
safety_eval		✓	✓	Red-team results, adversarial testing, failure modes
bias_assessment		✓	✓	Demographic performance, fairness metrics, mitigations
testing_results			✓	Benchmarks, accuracy metrics, evaluation methodology
data_governance			✓	Data handling, retention, GDPR/CCPA compliance

ℹ

Minimum quality bar. Documents must be at least 50 words. GAMP's automated checker actively rejects documents containing placeholder language (TODO, lorem ipsum, test data, coming soon). Submit real documentation or your application will fail the automated checks before reaching human review.

Submitting Documents via SDK

If you generate documentation programmatically — from deployment metadata, automated test runs, or CI pipelines — you can submit documents via the Python SDK instead of the dashboard.

from gamp_sdk import GAMPAuditClient

client = GAMPAuditClient(
    api_key="gamp_your_api_key",   # from dashboard → API Keys
    model_id="mdl_abc123",
)

# Apply for Verified tier
audit = client.apply_for_audit(tier="verified")
audit_id = audit["audit_record_id"]

# Submit documents from files
client.submit_documents_from_files(audit_id, {
    "training_data":       "docs/training_data.md",
    "intended_use_policy": "docs/intended_use.md",
})

# Run automated checks
result = client.run_checks(audit_id)
print(result["auto_check_score"])  # 74/100

# Check status — human review begins after all docs submitted
print(client.get_audit_status())   # "manual_review"

⚠

SDK submission still requires a complete account profile. The API key links to your account. If your profile is missing required fields, apply_for_audit() returns a 422 error with a list of what to complete. Log in to gampid.co.za → Profile → Edit Profile to fix this.

API Keys

API keys are for programmatic access to the GAMP management API — registering models, submitting documents, reading audit status. They are separate from the Ed25519 private key used to sign outputs.

Scope	What it allows
registry:read	Search registry, read passports, public data
models:write	Register and update models, submit audit documents
audit:submit	Apply for audit, submit documents, run checks
admin	Admin operations — only available to admin accounts

Generate API keys at: Dashboard → Profile → API Keys → Generate New Key. The full key is shown once. Store it securely — it starts with gamp_.

Key Endpoints

Authentication

Method	Endpoint	Description
POST	/auth/register	Create a new account
POST	/auth/login	Get JWT access token
POST	/auth/forgot-password	Request password reset link

Models

Method	Endpoint	Description
POST	/models/register	Register a new AI model — returns passport + private key
GET	/models/{id}	Get a model's full passport
PATCH	/models/{id}	Update model metadata (version, description etc.)
GET	/models/{id}/verify	Verify passport signature — returns valid true/false
GET	/models/{id}/badge.svg	Live SVG trust badge
POST	/models/{id}/verify-output	Verify a signed model output

Registry (public, no auth)

Method	Endpoint	Description
GET	/registry/search	Search all registered models
GET	/registry/stats	Registry statistics
GET	/transparency/feed	Public activity feed (append-only)
GET	/transparency/revoked	Machine-readable revocation list

Audit

Method	Endpoint	Description
POST	/audit/apply/{model_id}	Apply for audit — returns required document list
POST	/audit/documents/{audit_id}	Submit a document for review
POST	/audit/run-checks/{audit_id}	Trigger automated checks
GET	/audit/status/{model_id}	Get current audit status

Swagger API Docs

Every endpoint in the GAMP API is documented and testable interactively through the Swagger UI. No account needed to browse — but you can authenticate and test live calls directly from the browser.

All 118 endpoints — request/response schemas, live testing, authentication support. Requires admin account.

Open Swagger UI →

Backend must be running. Replace 127.0.0.1:8000 with gampid.co.za in production.