Give every model
a passport.
Fine-tune, evaluate, scan, and prove — all on hardware you control. Every run emits a cryptographically signed Model Passport that a regulator, auditor, or buyer can verify without ever touching your weights or your data.
Install the tooling: pip install 'soup-cli[sign]'
Training a model got cheap. Proving it didn't.
Showing a bank's risk committee, a hospital's counsel, or an EU regulator that your model is safe, clean, and better is still a months-long manual project. Soup makes that proof a by-product of the work you already do.
Local-first
Nothing leaves your machine until you export. No telemetry, no phone-home — every step works at zero internet, air-gapped by design. (The packaged air-gap installer for locked-down deployment is an Enterprise add-on.)
The artifact is the interface
Engineers work in the terminal. Everyone else — compliance, auditors, buyers — just consumes the signed file the tooling produces.
We sell the printer, not the paper
The passport records only hashes and evidence, never your weights or data. Your documents stay with you; the proof travels.
From checkpoint to signed proof, in five steps.
Each step writes tamper-evident evidence; the last one folds it all into a single Ed25519-signed passport. Runs offline, no GPU required to try.
scan
Checkpoint integrity + backdoor / tamper scan. Catches poisoned pickles before they load.
exit 4 on threateval
Runs your suite and checks for regressions against a baseline. Scores in, deltas out.
before → aftergate
A binary SHIP / DON'T SHIP verdict. Non-zero exit fails your CI pipeline automatically.
SHIP / blockpassport
Assembles the seven-block record and self-signs it. Honest gaps marked, never invented.
signed JSONverify
Anyone re-checks the signature and hash chain. Green if untouched, red on a single byte.
✔ VALIDSeven blocks. One signature. Zero secrets.
A single canonical JSON file — hashes and evidence only. Change one byte anywhere and verification turns red and names exactly what moved.
Identity & data
Base-model fingerprint and licence, dataset hashes, PII-scan result — provenance without exposing a single row.
Training & evaluation
Method, hyperparameters, hardware, duration, the full environment, and before/after scores with the ship verdict.
Security & accountability
Integrity + backdoor findings, who ran it and when, and the Ed25519 signature — personal or your organisation's.
Verify a passport in your browser.
The verifier runs entirely client-side — the passport never leaves the device.
Load the sample and watch it turn green; it's the exact check soup verify runs.
Individual capability is free. Organisational proof is the business.
Train, evaluate, scan, self-sign, and verify — free forever, for everyone. Pay only when you need to prove things at organisation scale.
Free
Every individual engineer. Open source, Apache-2.0.
- train · eval · gate · scan
- Self-signed passports
- Verify — free for the whole world
- Model-card export
- Organisation signing
- Regulator document packs
Pro
Startups & teams shipping models into regulated buyers.
- Everything in Free
- Organisation signing ("signed by MePlay Corp")
- EU AI Act (GPAI) & GDPR packs
- Hosted passport registry
- Model adoption (BYOM) credits
- Air-gap bundle & self-hosted registry
Enterprise
Banks, health, and anyone with a Model Risk function.
- Everything in Pro
- Bank MRM, HIPAA, Annex IV, NIST/ISO packs
- Self-hosted registry (your infra)
- Air-gap bundle + HSM / PKI signing
- SLA & security review
A new regulation is a new renderer — never a new product.
The same signed passport maps into whatever a given regulator or buyer expects. Audit-ready evidence, generated from cryptographically verifiable run records.
Bring a client, earn 51%.
Law firms and engineers: refer the companies you already work with. You get 51% of every payment they make, for the life of the subscription.