AI Marketplace

Catalog

This is the landing page, listing available AI offerings in the marketplace with “at a glance” summary with the ability to filter, view details and request access.
CANCHAT
Available

CANChat (SSC-Hosted)

Provider: SSC · Deployment: Hosted · Sensitivity: Protected B (pilot)

Government-hosted conversational model with department-scoped isolation and audit logging.

ChatAuditProtected B
COHERE
Available

Cohere Command A

Provider: Cohere · Deployment: API · Sensitivity: Unclassified/PBMM via proxy

Instruction-tuned LLM for summarization, RAG, and chat. English/French capable.

ChatNLPRAG
PROMPTS
Curated

Prompt Library (MVP)

Owner: SSC · Reuse: GC-wide · Status: Pilot

Reusable prompts for summarization, translation, classification. Peer-reviewed and tagged.

TemplatesBilingualReviewed
EMBED
Available

CANEmbed (SSC-Hosted Embeddings)

Provider: SSC · Deployment: Hosted · Sensitivity: PBMM

High-throughput embeddings for search and RAG. Tuned for EN/FR public-sector content.

EmbeddingsSearchRAG
RERANK
Available

Cohere ReRank

Provider: Cohere · Deployment: API · Sensitivity: Unclassified/PBMM via proxy

Relevance re-ranking for retrieval pipelines; improves top-k precision for RAG and search.

RAGRankingNLP
OSS
Pilot

Mistral-7B Instruct (Hosted)

Provider: Open Source via SSC · Deployment: Hosted · Sensitivity: Unclassified/PBMM

Lightweight instruction-tuned model for chat and tooling. Great for pilot workloads.

ChatNLPOpen Source
PROMPTS
Curated

EN↔FR Translation (Prompt Pack)

Owner: SSC · Reuse: GC-wide · Status: Curated

Formal EN↔FR translation patterns with tone and register guidance for GC correspondence.

PromptsBilingualTemplates
PROMPTS
Curated

Summarize → Cite (Template)

Owner: SSC · Reuse: GC-wide · Status: Pilot

For evidence-based summaries: enforces citation extraction and coverage targets for RAG.

PromptsRAGSummarization
USE CASE
Candidate

Contact Centre Triage (Workflow)

Owner: ESDC · Status: Candidate

Intent detection + summarization + RAG hand-off for high-volume citizen inquiries.

WorkflowsNLPRAG

Gateway

For platform operations - health checks, policy enforcement (size/timeouts/concurrency), quotas, key management, route management, etc.

Routes

Internal Model Route
CANChat → internal service
Path
/v1/canchat/chat
Target
canchat-svc.internal.cluster:8000
Health
Healthy
External Provider Route
Proxy → external provider
Path
/v1/provider/chat
Target
ssc-proxy.internal:443 → provider
Health
Healthy

Policies & Limits

Protects GPUs and link
Edge timeout
In-flight requests per route

Key Management

Issue new key
canchat:chatMVP scope
Keys are revealed once, then only rotate or revoke.
Active keys
Per department
DepartmentCreatedStatusQuotaActions

Your Services

CANCHAT
CANChat
Provider: SSC · Sensitivity: Protected B (pilot)
ChatAudit
Open workspace
Endpoint
/v1/canchat/chat
Quota
100k calls / 50 RPS
Status
Operational
COHERE
Cohere Command A
Provider: Cohere via SSC proxy · Sensitivity: Unclassified/PBMM
ChatSummarization
Endpoint
/v1/provider/chat
Quota
80k calls / 30 RPS
Status
Operational
TOOL
Departmental RAG (pilot)
Owner: ESDC · Status: Candidate
WorkflowRAG
Status
Coming soon

Model details

Provider · Deployment · Sensitivity

Description…

1. Review 2. Request 3. Governance 4. Workspace

Quick facts

Capabilities: Chat, NLP, RAG
Sensitivity: Protected B (pilot)
Access: API key / portal workspace
Languages: EN / FR

Request access: Model

My Requests

View status and details of submitted access requests.

Request #ModelDepartmentStatusSubmittedAction

Governance review · REQ-0000

Complete checks, record a decision, and (if approved) provision workspace + key.

Approval checklist

Department
SSC
Model/Service
CANChat (SSC-Hosted)
Sensitivity
Protected B (pilot)
Submitted
2025-09-25
Tip: All fields are mock; your existing Approve button will still provision the demo workspace.

Decision

Provisioning result
Workspace + API key (one-time reveal), default quotas
Post-approval
Track in Usage and tune in Gateway

Audit trail (mock)

  • REQ created · Dept submitted
  • Auto-checks completed · Privacy/TRA pre-screen

Workspace: CANChat (SSC-Hosted)

Credentials

Endpoint: https://api.ssc.gc.ca/ai/canchat/v1/chat
API key: gcai_********************************

Quickstart (cURL)

curl -X POST \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  https://api.ssc.gc.ca/ai/canchat/v1/chat \
  -d '{
    "model": "canchat-latest",
    "messages": [{"role":"user","content":"Hello CANChat"}],
    "temperature": 0.2
  }'

SDK snippet (JavaScript)

import fetch from "node-fetch";
const res = await fetch("https://api.ssc.gc.ca/ai/canchat/v1/chat",{
  method:"POST",
  headers:{"Authorization":`Bearer ${process.env.AI_KEY}`,"Content-Type":"application/json"},
  body: JSON.stringify({ model:"canchat-latest", messages:[{role:"user", content:"Hello"}] })
});
const data = await res.json();
console.log(data.choices[0].message.content);

Observability

128
412 ms
0.3%

Governance

Guardrails, roles, and routines that let departments adopt AI quickly—without compromising privacy, security, or fiscal stewardship.

Purpose & scope

Enable safe, compliant, cost-effective AI usage across departments. Applies to Catalog, Gateway, My Services (keys), Usage analytics, and supporting controls for AI workloads.

  • Authorities & standards: ITSG-33 alignment, TBS directives (privacy, security, service), departmental TRA/PIA.
  • Operating principles: least privilege, data minimization, observability-first, versioned change.

Roles & decision rights

RoleOwnsExamples
Platform (SSC)Gateway policies, quotas, FinOps, incidents, provider contractsSet size/timeout, throttle, vendor SLAs
DepartmentsKeys, app guardrails, data stewardshipKey rotation, app-level filtering, business approvals
Security & PrivacySensitivity approvals, exemptions, DPIA/TRAProtected B pilot gates, compensating controls
Finance/ProcurementCost recovery, due diligenceUnit rates, budget variance review
Steering committeeRisk/exception arbitration, roadmapPilot graduation, model retirement

Policy registry (versioned)

Default guardrails; exceptions are time-boxed and monitored.

PolicyApplies toDefaultOverride pathOwnerReview
Request size limitAll routes1 MBException formPlatform SecQuarterly
TimeoutAll routes60 sExceptionPlatform OpsQuarterly
ConcurrencyPer key50Quota packagePlatform OpsQuarterly
Data sensitivityWorkloadsPBMM; PB (pilot)Steering approvalPrivacyQuarterly
Logging & retentionMetadata90 daysRecords scheduleRecordsAnnual
Safety classifiersPrompts/outputsPII, toxicityPlatform SecQuarterly
Request an exception Edit policies in Gateway

Onboarding & lifecycle

  1. Request — submit use case, sensitivity, data sources, expected volumes.
  2. Automated checks — policy fit, privacy screens, TRA gates, licensing.
  3. Provision — workspace + key, default quotas, tagging (dept/env/sensitivity).
  4. Observe — monitor in Usage; tune in Gateway.
  5. Renew/Retire — quarterly review, export audit trail, remove access.
Start request Download checklist

Safety & responsible AI

  • Pre-deploy: safety evals (toxicity, jailbreaks), fairness spot-checks, misuse scenarios.
  • Runtime: PII detection/redaction, content filters, size caps, allow/deny lists, RAG citations.
  • Human-in-the-loop: escalation paths, review queues for flagged content, auditability.

Repeated violations may trigger throttling until an owner acknowledges remediation.

Observability & SLOs

MetricTarget / SLOAlert thresholdOwner
Availability (route)≥ 99.9% monthly< 99.5% (24h)Platform Ops
Latency p95≤ 1.5 s> 2.0 s (1h)Platform Ops
Error rate< 1%≥ 2% (15 min)Sec/Ops
Spend variance≤ +10% vs forecast> +15% (7d)FinOps
Safety flags< 0.25% of calls≥ 0.5% (24h)Platform Sec
Thresholds mirror configurable alerts in Usage.

Quotas & cost recovery

  • Quota tiers: monthly calls, RPS, and burst; exception path for campaigns/pilots.
  • Chargeback: unit rates (tokens in/out, hosted vs provider), internal overhead %, showback dashboard.
  • Budget guardrails: soft cap notice at 80%, hard cap at 100% (auto-throttle).
Open Usage Adjust quotas

Data governance & records

  • Logged by default: request/response metadata, classifier flags; no raw content for PBMM.
  • PB pilots: optional secure vault, time-boxed, hashed pointers; additional approvals required.
  • Retention: durations by sensitivity, export on request, immutable audit trails.
  • Provenance: RAG source attribution and citation coverage targets.

Incident response

  • Declare when: 5xx spikes, safety surge, suspected data leak, provider outage.
  • Playbooks: isolate keys, route failover, token kill-switch, comms templates, PIR within 5 business days.
  • Timeframes: triage ≤ 15 min; stakeholder update ≤ 1 h.
Report an incident Open playbooks

Compliance mapping

Control themePractice in MarketplaceFramework refs
Access controlKeys per dept/env, least privilege, rotationITSG-33; GC IAM
Data protectionTLS, PII redaction, size limits, retentionITSG-33; Privacy Act
MonitoringUsage KPIs, alerts, audit logsITSG-33; TBS Policy on Service
Change mgmtVersion pinning, rollout gates, rollbackITIL/GC Ops
ProcurementVendor due diligence, SLAs, exit termsGC Contracting policy

Contact & escalation

  • Platform Ops: on-call channel
  • Security: incident response queue
  • Privacy: PIA/DPIA advisory
  • FinOps: budget & chargeback
Open a request Ask for more quota

Usage

Traffic & performance

Requests over time (stacked)
Latency over time (p50/p95)
Throughput (RPS)
Token usage
Heatmap (hour × day)

Errors & reliability

Route% of totalSample
Failure timeline
Timeouts vs size limits
Retries
Throttles

Cost & quotas

Provider/RouteCallsTokens (in/out)Est. spend
DepartmentCalls usedRPS peakQuota used

Breakdowns

Content & safety insights

Prompt length distribution
Safety categoryCount
RAG hit rate
Citation coverage

Docs

Developer quickstarts, endpoints, policies, and examples for the AI Marketplace (mock)

Document artefacts (mock)

Buttons use file names and types you can wire to a CDN or export endpoint later.

Governance & policy
Operating model (MD) Policy registry (CSV) Incident playbook (MD) Data handling SOP (PDF)
Risk & compliance
Risk register template (CSV) PIA/DPIA checklist (MD) TRA summary template (MD)
Developer artefacts
OpenAPI spec (JSON) Postman collection (JSON) SDK quickstart (JS) SDK quickstart (Python)
Onboarding
Access request form (DOCX) Onboarding checklist (MD) Model card template (MD)

Getting started

Base URL
https://api.ssc.gc.ca/ai
Environments
pilot / prod (department-scoped)
Versioning
/v1/…

This documentation is mock; use the Workspace view for live keys and quickstarts once approved.

Authentication

Use a department-scoped API key with the Authorization: Bearer <KEY> header.

curl -H "Authorization: Bearer gcai_xxx" https://api.ssc.gc.ca/ai/v1/canchat/chat -d '{ ... }'
  • Keys are issued in Gateway / My Services and can be rotated or revoked.
  • Scopes (mock): canchat:chat, provider:chat, embed:encode.

Endpoints (mock)

CANChat (internal) — chat completion
Protected B (pilot)
POST
/v1/canchat/chat
{
  "model": "canchat-latest",
  "messages": [{"role":"user","content":"Hello CANChat"}],
  "temperature": 0.2
}
Provider (proxied) — chat completion
PBMM
POST
/v1/provider/chat
{
  "model": "command-a",
  "messages": [{"role":"user","content":"Summarize this…"}],
  "max_tokens": 512
}
Embeddings (internal)
POST
/v1/embeddings
{
  "model": "canembed-001",
  "input": ["Public datasets on benefits", "Employment insurance"]
}

Streaming (SSE, mock)

Enable streaming responses for token-by-token output.

curl -N -H "Accept: text/event-stream" -H "Authorization: Bearer gcai_xxx" \
  -H "Content-Type: application/json" \
  https://api.ssc.gc.ca/ai/v1/canchat/chat -d '{ "stream": true, "messages":[...]}'

Event format: data: {"id":"…","delta":"…"}\n\n

Request limits & policies

PolicyDefaultNotes
Max payload1 MBReduce prompt size; use RAG for large sources.
Timeout60 sConsider streaming for long generations.
Burst RPS50/keySee quotas in Gateway.

Defaults match the Governance policy registry (mock). Exceptions require approval.

Errors (shape)

{
  "error": {
    "type": "rate_limit_exceeded",
    "message": "Quota exceeded. Retry after 60s.",
    "request_id": "req_12345"
  }
}
ClassTypical causeAction
4xxValidation, size limit, authFix payload/headers; check key scope
429Quota/RPS exceededBackoff or request more quota
5xxUpstream/provider timeoutRetry with jitter; check Usage

Examples

cURL (chat)
curl -X POST https://api.ssc.gc.ca/ai/v1/canchat/chat \
  -H "Authorization: Bearer $AI_KEY" -H "Content-Type: application/json" \
  -d '{"model":"canchat-latest","messages":[{"role":"user","content":"Hi"}]}'
JavaScript (fetch)
const r = await fetch("/ai/v1/provider/chat", {
  method:"POST",
  headers:{ "Authorization":`Bearer ${AI_KEY}`, "Content-Type":"application/json" },
  body: JSON.stringify({ model:"command-a", messages:[{role:"user",content:"Hello"}] })
});
const data = await r.json();
Python (requests)
import requests, os
res = requests.post("https://api.ssc.gc.ca/ai/v1/canchat/chat",
  headers={"Authorization":f"Bearer {os.getenv('AI_KEY')}",
           "Content-Type":"application/json"},
  json={"model":"canchat-latest","messages":[{"role":"user","content":"Salut"}]})
print(res.json())
Embeddings
curl -X POST https://api.ssc.gc.ca/ai/v1/embeddings \
  -H "Authorization: Bearer $AI_KEY" -H "Content-Type: application/json" \
  -d '{"model":"canembed-001","input":["text one","text two"]}'

Patterns & tips

  • RAG: chunk → embed → store → retrieve top-k → cite sources; consider re-ranking.
  • Prompt hygiene: keep under size limits; use system prompts; log metadata not content.
  • Retries: exponential backoff on 429/5xx; respect Retry-After.
  • Streaming UX: render partials; show token cursor; allow “stop generation”.

Compliance & data handling

  • By default, **PBMM** requests log metadata only; **Protected B (pilot)** may use a time-boxed secure vault (mock).
  • See Governance for policies, retention, and incident playbooks.

Changelog (mock)

  • 2025-09-25 — Added streaming example and embeddings endpoint.
  • 2025-09-18 — Initial Docs structure with quickstarts and error schema.