Wholisphere
Wholisphere VPAT

The compliance document procurement actually signs.

A traditional VPAT ends with "fix these in 6 months." Ours ends with "they're already mitigated by the agent — here's the telemetry proof." Every verdict measured per criterion. Every approval SHA-256-hashed into a tamper-evident audit log.

91% of WCAG 2.2 AA — machine-evaluated

Not "100% automated" — we tell you exactly how each criterion is judged. 50 of the 55 Level AA criteria are machine-evaluated by 80+ evaluators in the engine. 8 of them use vision-LLM verification against the rendered page (1.4.5 images-of-text, 1.4.1 use-of-color, 2.4.6 heading descriptiveness — criteria a rule-based scanner cannot evaluate). 5 use a Playwright-driven probe for browser-dynamic checks (2.1.2 keyboard trap, 1.4.10 reflow at 320px, 3.3.1 form error identification). 4 cross-page aggregators check consistency across the page set (3.2.3 navigation, 3.2.6 help location, 3.3.7 redundant entry). The remaining 9% is the WCAG-acknowledged judgment-call set (1.4.8 visual presentation, 3.3.4 legal-context, 3.3.8 cognitive auth) — those flow through the in-VPAT Human Attestations table for one-click reviewer signoff.

Equivalent facilitation

Every "Does Not Support" row has a paired remediation: when the Wholisphere agent is embedded, those failures are mitigated in real time under §1194.5 / EN 301 549 cl. 12. Your VPAT lists the failure honestly AND documents the live mitigation with telemetry proof.

Attestation built for scrutiny

Every approved VPAT is hashed (SHA-256) and chained into a tamper-evident audit log. Mutating findings re-renders to a new hash; old approvals preserve the old hash. Reviewer overrides surface as a Human Attestations table on the VPAT itself — procurement reads exactly which verdicts were machine-emitted vs human-attested.

What you'd produce

Real VPAT 2.5 INT, rendered live from the same pipeline customers use. Mix of Supports / Partially Supports / Does Not Support / Not Applicable — exactly what a real scan looks like. The Equivalent-Facilitation block at the bottom is the section a scanner without a live remediation agent can't produce.

Open the sample in a new tab →  ·  Download as markdown

Everything in the box

VPAT 2.5 INT
WCAG 2.2 (A / AA / AAA), Section 508 (Chapter 3 + E205), EN 301 549 (Annex A, Clauses 9–13). Edition picker; locked + suppressed standards enforced for semantic correctness.
CI integration
GitHub Action runs on every push or PR. Optional regression gate fails the build when WCAG conformance regresses since the previous scan.
Multi-product per org
Track marketing site + admin app + checkout flow as separate products. Each gets its own scan history, defaults, and approval roster.
Webhooks
scan.completed, scan.failed, vpat.approved, vpat.revoked — every event delivered through a signed outbox with retry + dead-letter.
Equivalent-Facilitation auto-fill
When the agent is also embedded on your site, the VPAT auto-fills the §1194.5 mitigation block from real production telemetry — distinct visitors, assisted actions, criteria served.
HTML / Markdown / API
Render the same structured findings as procurement-ready HTML (CMD+P → save as PDF), GitHub-renderable markdown, or JSON for your own tooling.

Drop a conformance badge in your README

Every product gets a shields.io endpoint URL that renders the latest scan's overall verdict — the same way GitHub shows build status. Below is the live sample-VPAT badge; the same shape ships per-product on every paid plan.

Sample WCAG conformance badge — AA, mixed verdicts
![WCAG](https://img.shields.io/endpoint?url=https://staging-api.wholisphere.ai/v1/public/sample-badge.json)

Color tracks the conforming-criterion percentage (Supports + Not Applicable / Total). Re-fetched once per day so a CI run flipping a verdict updates the badge automatically.

Compared to a consultancy VPAT

Consultancy ($5–20k one-time)Wholisphere VPAT
Time to first VPAT2–6 weeks≤ 10 minutes
Re-issue cost (next release)$5–20k againAuto-regenerated on every CI run
Real scan evidenceWord doc + screenshotsHashed evidence in tamper-evident audit log
Equivalent-facilitation blockNot availableAuto-filled from real production telemetry
Approval signatureEmail signatureSHA-256 hash chained into audit log
CI regression gateNot possibleBuilt-in (fails build on regression)
PR comment with diffNot possibleAuto-posted on pull_request, updates in place
Editions coveredPick one upfrontINT / WCAG / 508 / EU — render any anytime
Vision-LLM-only criteria (1.4.5, 1.3.3)Not evaluated (no model)Verdict against the rendered page
Cross-page criteria (3.2.3, 3.2.6, 3.3.7)Not evaluated (single-page only)Multi-page aggregator runs after every scan
% of WCAG 2.2 AA automatedManual; 100% of the consultancy's hours91% — 50 of 55 AA criteria, 80+ evaluators

Ready when procurement asks for one.

Get a working VPAT in your CI pipeline this week. Custom enterprise pricing for multi-product orgs and white-label deployments.