Blog
Technical deep dives from the Treeship team.
Every MCP Tool Call Your Agent Makes Right Now Has No Receipt
The Model Context Protocol specification is explicit: tool calls are arbitrary code execution and hosts are responsible for authorization. Most MCP implementations have no answer to this. Here's what closing that gap looks like.
The Key Management Nightmare Hiding Inside Agent Attestation
Teams adopting cryptographic attestation for agents keep hitting the same wall: one keypair per agent sounds right until you have forty agents and no coherent governance. Here's the model that actually works.
The Replay Attack Your Authorization System Doesn't Prevent
Most authorization systems for AI agents share a subtle flaw: approvals can be reused. An agent that captures an approval token can replay it. Here's the attack and how approval-based authorization prevents it by construction.
Chain of Custody for AI Agents: What Software Can Learn from Physical Evidence Handling
Physical evidence handling has solved chain of custody over centuries. AI agent workflows need exactly this.
From Subprocess to WASM: Eliminating the Subprocess Attack Surface
When your TypeScript SDK spawns a Rust binary, you've introduced a $PATH dependency, a binary substitution attack surface, and an IPC channel. All three go away when you compile to WASM.
Why We Chose Rust for the Trust Layer
The ZK proof ecosystem is Rust-first and Rust-only in any production-ready form. Here's the complete case for Rust as the foundation of cryptographic agent infrastructure.
Privacy in Agent Workflows: Attestation Without Exposure
Attestation and privacy aren't opposites. You can prove an agent acted correctly without revealing what it acted on.
DSSE: Dead Simple Signing Explained
DSSE is the signing envelope Treeship uses for every artifact. Here's why we chose it over JWS and what the PAE construction actually does.
Approval Nonces and Why a Single Field Prevents an Entire Attack Class
The approvalNonce field in Treeship's ActionStatement is doing a lot of work. Here's the full attack class it prevents and why the design is correct.
The Case for Portable Trust
Why trust artifacts need to travel with the work, not stay locked in the platform that produced them.
Why Agent Actions Need Receipts
When a human takes an action, there's context: intent, memory, accountability. When an agent takes an action, there's just a log line. That asymmetry is the problem Treeship solves.