Wholisphere
Scanning & Monitoring

Scan any site. Watch it stay accessible.

80+ evaluators across WCAG 2.2 — machine coverage of 50 of the 55 Level AA criteria — backed by vision-LLM and real-browser probes that catch what rule-based scanners can’t. Run it yourself in CI, or paste a URL and let our fleet run it for you — then keep it monitored with scheduled scans and regression alerts.

Private beta Hosted (zero-touch) scanning is rolling out to invited orgs. Request access →

Two ways to run a scan

You run it

Drop the GitHub Action into your pipeline, or run the CLI locally. Scans on every push or PR, with an optional gate that fails the build when conformance regresses.

- uses: wholisphere/scan-action@v1
  with:
    urls: https://example.com
    fail-on-regression: true

We run it beta

Paste a URL in the dashboard. Our hosted runner fleet claims the job, scans (including SPA and signed-in pages), and reports findings back — your client never touches a terminal.

  • Queued → Scanning… → Done, live
  • Baseline scan + recurring schedule in one form
  • No customer credentials on the runner
The three-tier deep scan

Test the way a real user experiences it.

Most scanners parse the DOM and stop. Our deep scan runs on-demand — minutes and cents per page — to turn "cannot verify" into a measured verdict.

Tier 1

Deterministic interaction probes

Playwright drives the real page — no LLM. Keyboard-trap detection, focus order, focus visibility, pixel-measured contrast, 320px reflow, text spacing, target size, motion. Converts ~15 "cannot verify" criteria into hard verdicts.

Tier 2

The audio judge

Fetches caption tracks and measures cue coverage ("captions cover 42% of the media"), with a Whisper adapter for transcripts. The 1.2.x media criteria become measured, not guessed.

Tier 3

Agent self-verification

Runs the Wholisphere agent’s own capabilities against the page and records, per criterion, whether it delivered access. Measured, never assumed — no vision key means "unverified," never a false pass. This is the part nobody without a remediation agent can build.

Coverage figure, stated honestly: 80+ evaluators machine-cover 50 of the 55 WCAG 2.2 Level AA criteria. Some are deterministic, some are vision-LLM-assisted, and the WCAG-acknowledged judgment calls flow to a one-click human-attestation step. We report which is which on the VPAT — we don’t round it up to "100% automated."

From one-time scan to monitored service

Hosted scans
Paste a URL and our runner fleet does the rest — no CLI, no terminal, nothing for your client to install. Queued → Scanning… → Done, with live status.
Scheduled monitoring
Recurring scans on a real cron schedule (timezone- and DST-correct). Accessibility stops being a one-time audit and becomes a monitored service.
Regression detection
Every scheduled run diffs against the previous one. A regression can email your team the criterion-by-criterion delta — or fail your build.
SPA + auth-walled sites
The browser runner loads dynamic, JS-rendered pages and can sign in with a stored session, so scans see what a logged-in user sees.
GitHub issues, auto-filed
Failing criteria open as issues in your repo, deduped by criterion, auto-closed when a later scan finds them fixed, reopened on regression.
Client status portal
A tokenized, no-login page per product: current conformance score, scan-history trend, and published VPATs. Turn a one-time deliverable into an ongoing relationship.

Point it at a URL.

Free tier includes real scans. Hosted, zero-touch scanning is in private beta — ask us for an invite.