Skip to content
Evidence you can share

Every scan becomes a signed, shareable proof.

A Watchdog survey isn't just a report to yourself. Every scan is issued as a signed (Ed25519), tamper-evident, shareable CAI-delivery package — dated, pinned to a commit and a frozen rubric, and verifiable by whoever you hand it to. Signed and reproducible by us — not editable by the one who shares it.

Sign in with GitHub · no card · C#/.NET · the first full report on any repo is €0.

✓ Signed by Watchdog
checkout-serviceby acmeAdequate
CAI62 / 100
Trend: improving (up 17) over the last 8 scans.
4562↑ +17
Code health68
Architecture55
Maturity63
Readiness52
Security71
Measured1 July 2026 · 4.2M lines
Reproducible fingerprinta3f9…e021
Shared with3 parties

A sample evidence artifact — dated, signed, verifiable. Not editable by the party who shares it.

The trust invariant

Why a shared artifact can be believed.

What makes the evidence shareable is exactly what makes it credible: the independence is built in.

Signed & tamper-evident

Each package carries an Ed25519 signature by Watchdog over a content-addressed manifest. Change a byte and the signature breaks — a seller can't polish their own result.

Not editable by the sharer

You share access to the package; you never hold a version you could doctor. The recipient verifies the signature and the reproducible fingerprint against us, not against you.

Pinned to a commit + frozen rubric

The evidence re-runs to the same number: same commit, same rubric version → the same CAI. Either side can have it re-derived and get the identical result — or they've found a discrepancy.

Verify a delivery →
The share flow

From your scan to their decision — five steps.

You scan

Point Watchdog at the repo. The first scan on every repo is free — always.

Watchdog signs

The scan is issued as a dated, Ed25519-signed evidence package. It cannot be edited — not by you, not by the recipient.

You share it

You explicitly grant a client, buyer or investor access. Consent is built in — you *want* to be assessed.

They get a free copy

Your counterpart receives the evidence at no cost — and can verify it's genuine against the registry.

Reports are the paid part

They (or you) pay only for the decision reports built on top — the consequences read, the DD dossier, the delivery attestation.

The canonical registry of signed deliveries lives on the open standard: cai.canine.dev/registry

One evidence → many reports

You produce the evidence once. Each party pays for the report they need.

The same free evidence package can carry different decision reports for different parties.

Your side

The seller's win-proof

Attach a signed attestation to your proposal or hand-over — proof of quality no slide deck can match, graded by a rubric neither party owns.

Their side

The buyer's consequences read

Your client gets "what do these findings mean for me" in plain language — the cost of inaction, the risks to raise — built on the evidence you shared.

A third party

An acquirer's DD dossier

An investor or acquirer builds a data-room-ready due-diligence dossier on the same evidence — rubric frozen so the number is comparable from LOI to close.

Two entry flows

Two ways a deal gets its evidence.

Entry A

You share

You scan your own code and share the signed package with the other side. Consent is built in — a seller who wants to sell *wants* to be assessed.

Entry B

A cooperative buyer brings access

The buyer or investor brings repository access for a cooperative target, and the evidence is collected for the engagement — then the reports are built on top.

The hand-offWatchdog markets the produce + share half. Turning the evidence into a decision report is Assay's job — consequences, due diligence, tender verification, contract attestation, compliance signing, portfolio. assay.canine.dev →

Produce the proof once. Let it win the deal.

Sign in with GitHub · no card · C#/.NET · the first full report is €0.