Trust model

Treeship's trust model has one axiom: the signatures are the trust.

No trusted third party

A Treeship artifact is valid if its Ed25519 signature verifies against a known public key. Validity does not depend on:

• Treeship's servers being online
• The Hub being reachable
• Any certificate authority
• Any token or session

Key hierarchy

A Treeship is the trust domain: one Ed25519 keypair, one local artifact store, one identity boundary. Every artifact signed within a Treeship shares the same root of trust.

Owner (human)
+-- Treeship key (Ed25519)
    |-- Signs all artifacts
    |-- Signs approvals
    +-- Signs handoffs

The owner holds the private key, encrypted at rest. The key never leaves the local machine unless explicitly exported. There is no key escrow or recovery service.

Actors (humans and AI agents) work inside a Treeship but do not hold their own keys. They are identified by URIs like human://alice or agent://coder, and every artifact they create is signed by the Treeship key. The actor URI tells you who acted. The Treeship key tells you the artifact is authentic.

What "verified" means

When you run treeship verify, the verifier checks:

1. Content-addressed ID matches the artifact content (tampered content fails immediately)
2. Ed25519 signature is valid for the claimed key
3. Parent chain is intact (no missing or modified links)
4. Approval nonce binding matches if the action references an approval

Exit 0 means clean chain. Exit 1 means something failed. The verifier is deterministic and runs entirely on your machine.

Cross-Treeship trust

When work moves between organizations, each side has its own Treeship and keys. Trust is established by exchanging public keys, not by sharing infrastructure. Company B verifies Company A's artifacts using Company A's public key directly.

treeship verify art_handoff_xyz --trusted-key ./company-a-public.pem

No shared infrastructure required. The signature is the trust.

Offline verification

treeship verify release.treeship