Files that prove themselves.
Wise gives every file a win tag — a small portable record that travels with it. The win tag says which signing key sealed the file, when, and whether the file is unchanged since. Receivers read it offline, without accounts, without trusting any server.
A file without a win tag is untagged: neutral, not dangerous.
A .win proves:
- the file inside matches the proof inside
- the file has not changed since it was sealed
- the sealing key signed that proof
- the proof travels with the file
A .win does not automatically prove:
- the real-world person, company, or organization behind the key
- that the signer told the truth
- that the file content is factually correct
- that Wise.Est Systems signed it
- that it was the first copy ever made
That is why Wise separates file integrity from human trust. The verifier returns one of three states for the file integrity check (Verified / Tampered / Invalid) and, alongside it, a trust class for the signing key:
| Trust class | What it means |
|---|---|
| Local Win | Signed by a key generated on a device. Verification proves the file still matches what that key sealed; it does not prove a real-world identity behind the key. |
| Named Win | Signed by a key with a self-declared display name. The receiver still decides whether to trust that name. |
| Official Win | Signed by a key whose fingerprint matches a key the receiver added to their local trusted list (e.g. a published release key). |
| Unknown Win | Valid signature, but the signer is not in any local trust list. |
There is no central Wise.Est Systems signing key in the protocol. Any
.win is signed by whichever key sealed it — by default, a key
generated on the sealer's own device.
| Surface | Status |
|---|---|
| Verifier (Rust) | Stable. 189 tests, #![forbid(unsafe_code)] |
| Verifier (WASM) | Stable. ≤ 1 MB compressed budget enforced in CI |
.win container v1 |
Stable. Backwards-compatibility contract in CONTRIBUTING |
| CLI | win — Linux / macOS / Windows |
| Desktop app | macOS Apple Silicon shipping; Linux / Windows in CI |
| URL verifier | winstack.dev/v/<hash> — share-anywhere static page |
See CHANGELOG.md for what changed in each release.
- Witness seals a file —
win seal report.pdfproducesreport.pdf.win, a single portable container holding the file plus its win tag. - The file travels — email, Slack, Drive, S3. The win tag travels inside the container; nothing strips it.
- Receiver verifies it — drops the
.wininto any verifier (browser, desktop, CLI, WASM). The verifier returns one of three states.
| State | Meaning |
|---|---|
| Verified | The win tag matches the file. Unchanged since it was sealed. |
| Tampered | Was sealed once. Has been changed since. The original is gone. |
| Invalid | We can't verify this win tag. Wrong tag, unreadable signature, or malformed container. |
Three states. No fourth. See ADR 0002.
Without installing anything — open winstack.dev,
drop a .win. Verification runs locally in the browser; nothing is
uploaded. (Migrating to truth.systems; the verifier is the same code.)
Plain-English intro — proofs-one.vercel.app
explains what a .win is, what the three results mean, and what it
does not prove.
CLI —
cargo build --release
./target/release/win seal report.pdf # → report.pdf.win
./target/release/win verify report.pdf.win # Verified / Tampered / Invalid
./target/release/win open report.pdf.win # → restores report.pdf
./target/release/win publish report.pdf.win # → public/v/<hash>.json- SHA-256 of the file (not the file)
- Ed25519 signature over the canonical object payload
- Witness public key
- Creation date — local clock, or RFC 3161 anchored
- Lineage metadata (parents, generation, optional delegation chain)
- Protocol version (
V1)
It does not contain the file contents, file paths, account info, machine identifiers, or anything that identifies the witness's location. The win tag is safe to share publicly.
The product is not the app. The product is the win tag attached to the file.
- A witness seals a file. The file and win tag travel together.
- Any receiver verifies using any Wise verifier. No coordination.
- The app and CLI are creator tools and verifiers — not a platform.
Three verification paths, same result:
- URL —
truth.systems/v/<hash>resolves to the static win tag. - Browser — drop a
.wininto the verifier; runs in-browser. - Desktop app — full offline verification with name-tag creation.
- CLI / library —
win verify, or call theverifier-wasmexports from any browser-adjacent surface.
| Wise | Traditional hash | Blockchain notary | Cloud signing | |
|---|---|---|---|---|
| Works offline | Yes | Yes | No | No |
| Requires server trust | No | No | Yes | Yes |
| Any file type | Yes | Yes | Varies | Varies |
| Win tag travels with file | Yes | Manual | No | No |
| Version history (lineage) | Yes | No | Varies | Varies |
| Key rotation (delegation) | Yes | No | Varies | Varies |
| Accounts required | No | No | Yes | Yes |
| External timestamps | Optional | No | Built-in | Built-in |
Wise is not a blockchain, a certificate authority, or a cloud service. It is a local proof system. Win tags are self-contained; verification contacts nothing.
- A specific file existed at a specific time (local device clock, or anchored via RFC 3161).
- It has not been modified since.
- It was signed by a specific key.
- It may be part of a verifiable lineage.
- That the file content is true or accurate.
- The real-world identity of the witness (only key continuity).
- That this is the first copy in the world (only first in this lineage).
- That a local timestamp is globally authoritative — only anchored timestamps are independently verifiable.
12 Rust crates plus a Tauri desktop app and zero-dep browser verifier.
The verifier-wasm crate compiles to a single .wasm artifact that
powers every browser-adjacent receiver surface (URL verifier, planned
extensions, planned chat-app integrations).
canon-types Domain primitives. The three-state grammar lives here.
crypto SHA-256 + Ed25519. Constant-time guarantees inherited.
identity-core Identities, key delegation, module registry.
time-core Time chain + RFC 3161 TSA validation.
policy-core Permit/Deny decisions and proofs.
object-store Content-addressed object storage (SQLite).
graph-index Lineage DAG.
verifier Pure-function verifier. No I/O. 12-step pipeline.
verifier-wasm wasm-bindgen export. Same logic, JS-callable.
win-format The .win container. Zero workspace dependencies.
registry-core 10-step sealing pipeline. Fail-closed on persistence.
window-api Axum HTTP API used by the desktop app.
cli win binary.
desktop Tauri 2 frontend.
Read docs/architecture.md for the long form,
and docs/adr/ for the rationales behind the
non-obvious decisions.
The cultural and product constitution lives in
spec/grammar.md. Read it before proposing
features.
# Prereqs
rustup toolchain install stable
rustup target add wasm32-unknown-unknown
cargo install wasm-bindgen-cli --version 0.2.117
# CLI
cargo build --workspace --release
# WASM verifier
./scripts/build-wasm.sh # → public/wasm/
# Desktop app
cargo install tauri-cli --version "^2"
cd desktop && cargo tauri buildThe four checks every PR must pass:
cargo fmt --all --check
cargo clippy --workspace --all-targets -- -D warnings
cargo test --workspace
./scripts/build-wasm.sh # if WASM-touching changesCI runs these on Linux, macOS, and Windows.
| Document | Purpose |
|---|---|
spec/grammar.md |
Cultural and product constitution |
spec/PROOF-SPEC.md |
Wire format and verification rules |
docs/architecture.md |
Crate layout, pipelines, surfaces |
docs/adr/ |
Architecture Decision Records |
CONTRIBUTING.md |
How to contribute |
SECURITY.md |
Vulnerability disclosure |
CHANGELOG.md |
What changed in each release |
ROADMAP.md |
Where the project is heading |
- Wise.dmg — macOS Apple Silicon
- Wise.zip — macOS Apple Silicon (alternative archive)
macOS may show a developer warning on first launch (the app is not yet code-signed). Right-click → Open → Open to bypass.
Linux and Windows release artifacts are produced by CI; promotion to
shipped releases is tracked in ROADMAP.md.
MIT — Wise.Est Systems