WCAGdesk
Sign in Start free scan EN · DE
Stakes Process Pricing Exposure Methodology Sign in Start free scan EN · DE

Court-grade evidence, verifiable without us.

Every WCAGdesk scan produces a bundle of files a third party can verify offline using only openssl and a shell. We document the format publicly so a Fachanwalt, an EU procurement reviewer, or an academic auditor can confirm the record stands without trusting our servers, our continuity, or our goodwill.

Read the spec on GitHub → Methodology overview ↗
Why this matters

A compliance officer or counsel does not benefit from evidence they cannot independently verify. A signed PDF, a screenshot, a dashboard URL — any of these depend on a service continuing to exist and behave the same way. Our verify-bundle does not. The procedure runs on a stock POSIX shell with openssl installed and produces a yes-or-no answer about three independent properties: payload integrity, chain integrity, time integrity.

Spec lives in the same repository as the scanner — diff-able, versioned, semver-stable.
01

What the bundle proves

  1. Content integrity. The canonical JSON of the scan still hashes to the recorded payload hash. If a single byte of the scan record was edited after the fact, verification fails.
  2. Chain integrity. Each scan binds to the previous via chain_hash = SHA256(prev_chain_hash ‖ payload_hash). Tampering with any historical scan breaks the chain at every later scan — the falsification cannot be hidden in one record.
  3. Time integrity. An RFC 3161 Time-Stamping Authority signs the chain hash. The TSA's certificate chain is included in the bundle; OpenSSL verifies the signature without any further network call.
  4. Public-record anchoring (optional fourth property). When the scan has been included in a Polygon-anchored Merkle root, the bundle includes the Merkle proof. Anyone with a Polygon RPC endpoint can re-fetch the root and confirm.
02

What competing approaches do not give you

  • A signed PDF, on its own, proves who issued the document, but not when its contents were true. Backdating remains possible if the signer wishes.
  • A dashboard URL with a date stamp is unilaterally re-writable by the dashboard operator. Useful for ops; not useful as a contested record.
  • A blockchain-anchored hash, on its own, proves the hash existed at some block, but not what it represents. Without a canonical payload spec and a verifier the recipient can run, the on-chain anchor is decorative.
  • A trusted-vendor attestation is only as good as the vendor's continuity. A spec a third party can implement survives the vendor.
03

Independent reproduction is invited

We ship reference implementations in TypeScript (the production scanner) and POSIX shell (the verifier in every bundle). A Python reference is planned for v1.1. A Rust implementation by any independent third party is encouraged.

If you are an academic researcher, an audit firm, or a forensic practitioner and you would like to publish a verification walkthrough citing WCAGdesk, write to spec@wcagdesk.eu. We will publish your walkthrough in our documentation with attribution, link to it from this page, and — if the work is substantive — thank you in writing.

Reports of cryptographic weaknesses or ambiguities in the spec go to the same address.

See a verify-bundle for yourself.

Run a free scan, download the verify-bundle, unzip it, run bash verify.sh. Three checks, exit code zero. No account required.

Start free scan Read the full spec