Ed25519 · SHA-256 · RFC 3161 TSA · GPS · Go

Cryptographically
verifiable proof
of service work.

Workers capture before/after photos of a job. Photos are SHA-256 hashed, signed with Ed25519, GPS-stamped, and anchored to an external RFC 3161 timestamp authority. Client gets a 10-digit code and verifies everything locally — the math is the witness, not the app.

How it works For Sale →
Zero trust in the backend.
proof_output.json ● VERIFIED
BEFORE
SHA-256: f71c…09a2
AFTER
SHA-256: a3f9…c84d
signature Ed25519 ✓
timestamp RFC 3161 ✓
gps_accuracy ±2.4 m
proof_hash c54a…88ee
verify_code 4829-1047-38
expires 24h
Any modification — photo, GPS, timestamp, metadata — invalidates the signature instantly.
// what is this

A trust layer for service work.
Not a marketplace, not a payment app.

When a plumber fixes your pipe or a contractor completes a job, there's no neutral witness. Disputes are word against word. BEFORE-AFTER eliminates that. Workers generate cryptographically signed, GPS-stamped, timestamp-anchored before/after photo evidence. Clients verify it all locally without trusting any backend.

≠ payment processor ≠ job marketplace ≠ project management ≠ chat platform = verifiable cryptographic evidence
// how it works

Two sides. One proof.

WORKER
01
Open app → I am a worker
02
Set session timer (1–10 min), capture before photo
03
Do the job. Timer runs.
04
Capture after photo
05
~5–7s: SHA-256 hash → Ed25519 sign → TSA anchor → GPS record → proof hash chain
06
10-digit verification code. Share with client.
CLIENT
01
Open app → I am a client
02
Enter 10-digit code (or scan QR)
03
Local cryptographic verification runs. No backend trust required.
04
Full proof: before/after, GPS, timestamps, all hashes, AI narrative — ephemeral sandbox. Data destroyed on exit.
Screenshots Available
Real app, real data — GPS redacted for privacy
// what's inside every proof

Every proof contains:

🔏
Ed25519 Digital Signature
Every proof signed with worker's private key. Photo edit, GPS change, metadata tweak — any of it instantly invalidates the signature.
🕐
External TSA Timestamp (RFC 3161)
Anchored to freetsa. Independent third-party proof of when work happened. Not alterable by app, worker, or client.
📍
GPS Verification
Both photos carry GPS with ±meter accuracy. Distance between before/after locations auto-calculated. Proves on-site presence.
🖼️
SHA-256 Hashed Photos
Before/after stored async, hashed before write. Fireflower visual cryptographic fingerprints for quick verification.
🤖
AI Work Narrative
Groq-powered description of what was done, derived from before/after images. Human-readable summary on every proof.
📤
Export: JSON / PDF / Legal
JSON report, PDF, Legal JSON, Legal PDF, full audit trail. Everything for disputes, compliance, or court.
// who uses this and why

Any service work where trust is on the line.

FOR WORKERS
  • Cleaners (residential, commercial, carpet)
  • HVAC, plumbers, electricians
  • Landscapers, lawn care, snow removal
  • Delivery and logistics
  • Contractors and construction
  • Auto detailers and mechanics
  • Painters, pest control, inspectors
  • Property managers
Why: Protection against false claims. Payment proof. Legal defense. Professional credibility.
FOR CLIENTS
  • Anyone hiring gig workers or independent contractors
  • Property owners verifying maintenance
  • Businesses auditing service vendors
  • Anyone who needs proof of what was done
Why: Independent verification without trusting the app or worker. GPS + timestamp proof. Evidence for disputes.
// technical stack

Built on real cryptography.

Digital Signatures Ed25519
Photo Hashing SHA-256
Timestamp Authority freetsa (RFC 3161 compliant)
Backend Go (Golang)
Client Verification local — zero-trust, no backend dependency
Storage async image + cryptographic hash before write
AI Narrative Groq API
Key Versioning immutable key_id-based rotation — old proofs stay verifiable
Code Expiry 24h
Key rotation: every device/reinstall appends a new key (not overwrites). Each proof records the exact key_id used. Old proofs remain verifiable indefinitely — flagged "key rotated" if signing key was later superseded.
// transparency — read before evaluating

Honest disclosures.

Source Code — Private Repo
Maintained in a private GitHub repo. Full source, architecture docs, and access provided on acquisition or under signed NDA. Private by design — commercial asset, not open-source.
Video PoC — Available on Request
Not posted publicly. Recorded sessions contain real GPS coordinates and device identifiers. Full walkthrough — worker flow, client verification, export — available once we're a step further in conversation.
AI-Assisted Development
Built with significant AI assistance. Result is a fully functional working product — not a throwaway prototype. Cryptographic logic, backend, and verification flow are validated and working. Buyer receives a real, working asset.
Known Bugs — UI Only, Not Core
Known bugs exist. None affect the core system. Signing, TSA anchoring, GPS, and proof verification all work correctly. Issues are isolated to UI behavior — fixable, not a compromise to integrity or value.
FOR SALE — FULL IP TRANSFER

This app is for sale.

Full IP transfer. Complete source code: mobile app, Go backend, cryptographic layer, AI integration, audit trail system, all export formats. Everything documented. Everything working.

Looking for a buyer in gig economy, service verification, legal tech, or proptech. The cryptographic model is the moat — not a feature wrapper on someone else's API.

Contact: mozar.t@yahoo.com