ProofCodec
MIT-Licensed Verifier on PyPI

Know Your WAF Rules
Haven't Changed

Cryptographic proof of policy integrity for WAF, CDN, and DNS

ProofCodec compresses policy tables into tiny, verifiable artifacts. Anyone can independently confirm the policies match what you deployed — no trust required. Think RPKI, but for security policy.

320×

WAF compression

ModSecurity CRS

23 KB

replaces 7.3 MB

282 rules, 33.5M states

25/27

beat Huffman

benchmark domains

0

mismatches

lossless verification

How It Works

Analyze your policy table — WAF rules, DNS zones, CDN configs

Compress it into a tiny codec file (e.g. 7.3 MB → 23 KB)

Distribute the codec — it's a self-contained, portable artifact

Anyone can verify: decode + compare against the live policy source

Lossless

Exact reconstruction — zero mismatches after verification

Sub-Entropy

Beats Huffman baseline in 25 of 27 benchmark domains

Proof-Carrying

The codec itself is the proof — no oracle access needed to decode

Domain-Agnostic

Works for WAF rulesets, DNS zones, CDN configs, and more

Benchmarks

View all 27 domains
WAF (ModSecurity CRS)
320×
7.3 MB → 23 KB
Chess (avg. 27 endgames)
8.2×
~8.2× vs Huffman
IP Region Mapping
3×
3.0× vs Huffman
Rate Limit Policy
1.5×
1.5× vs Huffman
CA Reach Analysis
25.5×
25.5× vs Huffman

25 of 27 benchmark domains beat Huffman baseline. 2 trivial all-draw chess endgames (KBvK, KNvK) are excluded from ratio comparison.

Use Cases

WAF Policy Verification

Prove your ModSecurity/Coraza rulesets haven't drifted across CDN edge nodes. 320× compression means audit artifacts fit in a config repo.

DNS Zone Integrity

Compress DNS zone files into verifiable codecs. Prove zone content matches what was deployed — across anycast, across providers.

CDN Config Attestation

Attest that CDN routing policies, rate limits, and cache rules match the golden source. Independent verification, no vendor lock-in.

Compliance & Audit

DORA Article 28, OFAC screening tables, SOC 2 evidence — cryptographic proof that policies are what you say they are.

Verify It Yourself

Install the Verifier

pip install proofcodec-verify

MIT-licensed Python package. Decode any codec file and verify it against a ground-truth source — independently, without our infrastructure.

View on PyPI

Read the Source

The verifier is fully open source. Read the decoding logic, audit the verification protocol, or integrate it into your CI pipeline.

View on GitHub

IP Status

Patent Pending:US Provisional filed — encoding method, residual structure, verification protocol
Encoder:Proprietary — licensed to customers under subscription
Verifier:MIT-licensed, open source on PyPI and GitHub

Full patent details available under NDA.

Get in Touch

See how ProofCodec fits your WAF, CDN, or DNS verification workflow.