Skip to main content

Verification

Treeship attestations can be verified without trusting Treeship’s servers.

How Verification Works

  1. Get the public key from Treeship (or any mirror)
  2. Reconstruct the payload from the attestation data
  3. Verify the signature using standard Ed25519 verification

Using the CLI

treeship verify abc123-def456-ghi789

# ✓ Attestation verified
#   ID        abc123-def456-ghi789
#   Agent     my-agent
#   Action    Approved loan application #12345
#   Time      2024-01-15T10:30:00.000Z

Using the API

curl https://api.treeship.dev/v1/verify/abc123-def456-ghi789
Response: 
{
  "valid": true,
  "attestation_id": "abc123-def456-ghi789",
  "agent_slug": "my-agent",
  "action": "Approved loan application #12345",
  "signature": "base64-signature...",
  "key_id": "abc123",
  "independent_verification": {
    "curl_pubkey": "curl https://api.treeship.dev/v1/pubkey",
    "recreate_payload": "{\"action\":\"...\",\"agent_slug\":\"...\"}",
    "verify_signature": "openssl pkeyutl -verify ..."
  }
}

Independent Verification (No Trust Required)

You can verify without trusting Treeship at all:

1. Get the Public Key

curl https://api.treeship.dev/v1/pubkey > pubkey.json
# Extract the PEM key and save as pubkey.pem

2. Reconstruct the Canonical Payload

# The payload must be reconstructed exactly as signed
echo '{"action":"Approved loan","agent_slug":"my-agent","attestation_id":"abc123","inputs_hash":"sha256...","timestamp":"2024-01-15T10:00:00.000Z"}' > payload.txt

3. Verify with OpenSSL

# Decode the base64 signature
echo 'base64-signature...' | base64 -d > sig.bin

# Verify with Ed25519
openssl pkeyutl -verify -pubin -inkey pubkey.pem -sigfile sig.bin -in payload.txt

Verification Page

Every attestation has a public verification page: 
https://treeship.dev/verify/{agent}/{attestation_id}
This page shows:
  • Verification status (valid/invalid)
  • All attestation details
  • Independent verification commands
  • Cryptographic signature

What Verification Proves

VerifiedNot Verified
The attestation was signed by Treeship’s keyThe action actually happened correctly
The data hasn’t been modifiedThe agent made the right decision
The timestamp is from when it was signedThe inputs hash matches specific data
Attestations prove what was claimed, not what is true. They create an auditable record of agent behavior.