← Documentation

Quickstart

Zero to first canonical leaf.

8-step guide. SDK install, key generation, first authorization request, first verification, first compliance report.

Informative

Prerequisites

No prior AGTS knowledge required. This guide explains each step as you go.

Step 1 — Register (30 seconds)

The POST /auto-register endpoint provisions your governance identity in under 2 seconds. It generates your tenant_id (your account identifier) and api_key (your authentication token).

curl -X POST https://api.obligationsign.com/auto-register \ -H "Content-Type: application/json" \ -d '{"email": "you@example.com"}'
{ "tenant_id": "tn_a7f3c2b81d...", "api_key": "agts_live_Xk9m2...", "node_id": "3b8f1c4d9e2f...", # SHA-256 of your governance identity SPKI "log_url": "https://log.obligationsign.com/agts/v1/log", "dashboard": "https://app.obligationsign.com/?t=tn_a7f3c2b81d..." }

Save your api_key — you'll use it in every subsequent request. If you lose it, rotate it at POST /api-key/rotate.

Step 2 — Prepare your governance evidence

AGTS records why you authorized a decision, not just that you did. You provide evidence for five gates. Here's the minimal case — a chatbot response policy:

cat > evidence.json <<'EOF' { "subject_id": "my-chatbot:response-policy:v1.0", "gate_results": { "G1": { "result": "PASS", "confidence_interval_lower": 0.82, "confidence_interval_upper": 0.94, "bootstrap_iterations": 1000 }, "G2": { "result": "PASS", "causal_attribution": true, "ablation_delta": 0.02 }, "G3": { "result": "PASS", "protected_metrics": { "safety_score": 0.96, "toxicity_rate": 0.02 } }, "G4": { "result": "PASS", "evidence_class": "INSTRUMENTED" }, "G5": { "result": "PASS", "operator_id": "you@example.com" } }, "evidence": { "dataset_provenance_hash": "abc123...", "evaluation_trace_hash": "def456...", "ablation_execution_log_hash": "ghi789...", "capability_certificate_hash": "jkl012..." }, "replay_seed": "your-evaluation-run-id-or-uuid", "state_before_hash": "sha256-of-your-model-config-before", "state_after_hash": "sha256-of-your-model-config-after" } EOF

What are the evidence hashes?

They are SHA-256 hashes of the actual artifacts used in your evaluation. You keep the originals. We store only the hashes. An auditor requesting proof recomputes the hash from your originals and checks it matches.

dataset_provenance_hash: sha256sum your_test_dataset.json
evaluation_trace_hash: sha256sum eval_run_output.log
ablation_execution_log_hash: sha256sum ablation_results.json
capability_certificate_hash: sha256sum model_card.md

For a first test, use any 64-character hex strings. The governance pipeline works identically — the hashes just won't correspond to real artifacts.

Step 3 — Submit and receive your first canonical leaf

API_KEY="agts_live_Xk9m2..." curl -X POST https://api.obligationsign.com/governance/evidence \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d @evidence.json
{ "leaf_index": 0, "leaf_hash": "8f3a1bc4d9e2f...", "artifact_hash": "c7d9e2f1a3b8...", "compliance_url": "https://api.obligationsign.com/governance/report/c7d9e2f1a3b8...", "replay_url": "https://obligationsign.com/replay?leaf=8f3a1bc4d9e2f...", "sth": { "tree_size": 1, "root_hash": "4f2a...", "timestamp": "2026-03-14T14:30:00Z", "log_signature": "base64url-ecdsa-p256..." } }

You now have a canonical leaf at index 0 in the transparency log. The governance decision is on the permanent record. Save leaf_hash and artifact_hash — you'll use them in the next steps.

Step 4 — Verify the leaf

Verification proves your leaf is in the Merkle tree under the current Signed Tree Head. It uses only SHA-256 operations — no trust in ObligationSign required.

# Request an inclusion proof curl "https://log.obligationsign.com/agts/v1/log/proof?leaf_hash=8f3a1bc4d9e2f..." # Or verify in the browser: # https://obligationsign.com/verify?leaf=8f3a1bc4d9e2f...

The inclusion proof contains the Merkle audit path — a sequence of sibling hashes that, combined with your leaf hash, reproduce the Merkle root in the STH. You can verify this independently.

Step 5 — Replay the decision

# Open in browser — shows gate-by-gate decision walkthrough: https://obligationsign.com/replay?leaf=8f3a1bc4d9e2f...

The replay shows every gate: what evidence was provided, what the result was, why the action was authorized. This permalink is permanent and shareable — send it to your auditor or regulator directly.

Step 6 — Get your compliance report

curl -H "Authorization: Bearer $API_KEY" \ "https://api.obligationsign.com/governance/report/c7d9e2f1a3b8..."

Returns AGTS_COMPLIANCE_REPORT_V1 — six claims (RTR-C001 through RTR-C006), 17 sub-articles, mapping to EU AI Act, DORA, Basel III, and ISO 42001. On the free tier, the report is generated but export is locked. On L2+, export as JSON or Markdown.

Step 7 — Wire into your CI/CD pipeline

#!/bin/bash # governance-gate.sh — run before any model deployment EVIDENCE=$(cat evidence.json) RESPONSE=$(curl -s -X POST https://api.obligationsign.com/governance/evidence \ -H "Authorization: Bearer $AGTS_API_KEY" \ -H "Content-Type: application/json" \ -d "$EVIDENCE") LEAF=$(echo "$RESPONSE" | jq -r '.leaf_hash // empty') if [ -z "$LEAF" ]; then echo "GOVERNANCE GATE FAILED — deployment blocked" echo "$RESPONSE" | jq '.details' exit 1 fi echo "Governance leaf admitted: $LEAF" echo "Replay: $(echo "$RESPONSE" | jq -r '.replay_url')" exit 0

Step 8 — Understand your trial limits and upgrade path

Your free trial gives you 5 canonical leaves within 72 hours. Each leaf is cryptographically identical to production leaves — trial leaves are in the same log. You don't start over when you upgrade; you continue the same governance chain.

What you're missing on the free tier: the external 3-of-4 validator quorum, the hardware-backed Sovereign Authority signature, and compliance report export. Those are L2 features. The compliance report shows you exactly which claims are amber and what infrastructure resolves them.

See what each tier unlocks → Talk to enterprise →
Full API reference → Normative specification → Start free →