approve / deny
Review and act on pending approval requests.
treeship pending
List all pending approval requests.
treeship pendingOutput:
Pending approvals (2)
1. kubectl apply -f deploy.yaml
label: deploy to prod | requested 2m ago
hint: treeship approve 1
2. stripe charge --amount 500
label: charge customer acme | requested 5m ago
hint: treeship approve 2Use the numbered index to approve or deny a specific request.
treeship approve
Approve a pending request by number.
treeship approve 1This creates an approval artifact, generates a binding nonce, and passes it back to the requesting agent. The agent then includes the nonce in its action attestation to prove it had authorization.
treeship deny
Deny a pending request by number.
treeship deny 2This creates a denial artifact. The requesting agent receives the denial and should not proceed with the action.
Replay posture (v0.9.6)
Treeship's verifier observes nonce replay only within a single verified package -- two actions in one package that claim the same nonce, the second fails. This is enforced in the Rust core and cannot be bypassed.
Cross-package and cross-machine replay enforcement is not yet shipped. A --max-uses value is signed into the grant for future enforcement; verify reports the replay check posture honestly (replay check: package-local only -- no global ledger consulted) rather than claiming global single-use.
Roadmap: a local Approval Use Journal lands in v0.10 (device/workspace replay), Hub-backed checkpoints in v0.11+ (distributed replay).