Blog
Thinking about agent trust, portable verification, and cryptographic accountability in AI workflows.
LatestTreeship Agent Skills: One Skill, Every Agent
Install Treeship on Kimi Code CLI, Claude Code, Codex, Cursor, OpenClaw, and Hermes. One skill file teaches every agent how to create cryptographically signed trust receipts.
A2A Makes Agents Interoperable. Treeship Makes That Interoperability Trustworthy.
Google's Agent2Agent protocol gives every agent a way to talk to every other agent. It does not give you a way to verify what any of them actually did. Here is how @treeship/a2a closes that gap, with worked examples you can run end-to-end.
Verifiable Intent: how Treeship becomes the agent's proof of work
Agent attestation in Verifiable Intent credentials: how Treeship proves an agent acted correctly, privately, and within scope.
Four layers of proof: how Treeship uses zero-knowledge
Signatures prove authenticity. Merkle proofs prove timing. Circom proves policy. RISC Zero proves the entire chain. Here's how they fit together.
Agentic Commerce with Treeship
How agents can prove they had approval before spending money.
Introducing Trust Templates: Configure Once, Prove Everything
Trust templates give any workflow — a Solidity audit, a clinical AI system, an ML training pipeline — a complete attestation setup in one command. Build your own, share with your team, or publish to the community.
Every MCP Tool Call Your Agent Makes Right Now Has No Receipt
The Model Context Protocol specification is explicit: tool calls are arbitrary code execution and hosts are responsible for authorization. Most MCP implementations have no answer to this. Here's what closing that gap looks like.
The Key Management Nightmare Hiding Inside Agent Attestation
Teams adopting cryptographic attestation for agents keep hitting the same wall: one keypair per agent sounds right until you have forty agents and no coherent governance. Here's the model that actually works.
The Replay Attack Your Authorization System Doesn't Prevent
Most authorization systems for AI agents share a subtle flaw: approvals can be reused. An agent that captures an approval token can replay it. Here's the attack and how approval-based authorization prevents it by construction.
Agent Payments: Lobster.cash + Treeship
Lobster.cash handles wallet and settlement. Treeship proves what happened.
Mastercard Verifiable Intent and Treeship
How Treeship's approval receipts align with Mastercard's open standard for agent commerce.
Chain of Custody for AI Agents: What Software Can Learn from Physical Evidence Handling
Physical evidence handling has solved chain of custody over centuries. AI agent workflows need exactly this.
From Subprocess to WASM: Eliminating the Subprocess Attack Surface
When your TypeScript SDK spawns a Rust binary, you've introduced a $PATH dependency, a binary substitution attack surface, and an IPC channel. All three go away when you compile to WASM.
Why We Chose Rust for the Trust Layer
The ZK proof ecosystem is Rust-first and Rust-only in any production-ready form. Here's the complete case for Rust as the foundation of cryptographic agent infrastructure.
Privacy in Agent Workflows: Attestation Without Exposure
Attestation and privacy aren't opposites. You can prove an agent acted correctly without revealing what it acted on.
DSSE: Dead Simple Signing Explained
DSSE is the signing envelope Treeship uses for every artifact. Here's why we chose it over JWS and what the PAE construction actually does.
Approval Nonces and Why a Single Field Prevents an Entire Attack Class
The approvalNonce field in Treeship's ActionStatement is doing a lot of work. Here's the full attack class it prevents and why the design is correct.
The Case for Portable Trust
Why trust artifacts need to travel with the work, not stay locked in the platform that produced them.
Why Agent Actions Need Receipts
When a human takes an action, there's context: intent, memory, accountability. When an agent takes an action, there's just a log line. That asymmetry is the problem Treeship solves.