Security & verification

Verifiable by design — not “trust us”

Compression you put real data through has to be provably correct and provably safe. Here is exactly how AT-1 earns that — every item below is enforced in the codebase and in continuous integration, and you can check it yourself.

Byte-exact lossless — always

Every archive is decompressed and compared to the original before it is written. If the round-trip is not byte-for-byte identical, the file never ships. Losslessness isn't a claim — it's an enforced gate on every compression.

Embedded SHA-256 integrity trailer

Every .at1 carries a SHA-256 of its original contents. `at1 verify` re-derives it and proves decode == original; a single tampered byte is not just detected — it's located. Each query result is itself a new verified, re-checkable artifact.

Fuzz-hardened decoder

The decoder is fuzzed on every CI run: 3,000 randomized iterations natively plus 8,000 more under AddressSanitizer + UBSan — 11,000 per run, and a single crash or memory error blocks the merge. Decoding untrusted .at1 files is a hardened path, not an afterthought.

Memory-safe by test

The portable C decoder is compiled with AddressSanitizer and UndefinedBehaviorSanitizer in CI and fuzzed under them, so out-of-bounds reads, overflows, and UB fail the build rather than reach a user.

Never-worse (non-inferiority) fallback

If the structure-aware codec can't beat a standard archive on your data, AT-1 falls back to that standard archive automatically. Your output is never larger than a plain `xz` — and always exactly recoverable. No pathological blow-ups.

Tiny, auditable decoder

The reference decoder is ~130–200 KB of portable C — small enough to read end-to-end and vendor into your own build. A WASM build runs the same logic in the browser with nothing uploaded.

Open to decode — no lock-in

Decoding an .at1 is always free and needs no account; the container format and the decoder are open. The compression engine is the product, but your data is never trapped — you can always get every byte back.

Verify it yourself

You don't have to take our word for any of this — the checks are in your hands:

at1 verify    archive.at1     # re-check the SHA-256 trailer (decode == original)
at1 integrity archive.at1     # confirm the embedded integrity trailer, locate any tamper
at1 decompress archive.at1 out && cmp out original   # byte-for-byte, yourself

Read the format spec, the docs, or the open decoder on GitHub.

Want proof on your own data?

Run a pilot — measured savings on a sample of your real data, byte-exact verified, no credit card.

Request a pilot →

Honest scope: AT-1 is a compression engine, not an encryption product — it guarantees correctness, integrity, and tamper-evidence, not confidentiality. For access-controlled sharing, see the Vault / clean-room.