Concepts
Actors
Actors are the humans and agents that operate within a Treeship.
An actor is any human or agent that performs actions within a Treeship trust domain. Every attestation references an actor by URI.
Actor URIs
Every actor is identified by a URI:
| Prefix | Meaning | Example |
|---|---|---|
human:// | A human identity | human://rezo |
agent:// | An AI agent or automation | agent://deployer |
system:// | An external system (used in receipts) | system://stripe-webhook |
URIs are freeform after the prefix. Use whatever naming convention fits your organization.
Actors in attestations
Actors appear in different roles depending on the attestation type:
| Attestation | Flag | Role |
|---|---|---|
| Action | --actor | Who performed the action |
| Approval | --approver | Who authorized the action |
| Handoff | --from / --to | Sender and receiver of work |
| Receipt | --system | External system producing the receipt |
Actors and approvals
Being referenced as an actor does not grant permission to act. To take a sensitive action, an agent still needs an approval from an authorized approver.
Example
# A human approves
treeship attest approval \
--approver human://rezo \
--description "approve deployment"
# An agent acts under that approval
treeship attest action \
--actor agent://deployer \
--action deploy.production \
--approval-nonce nce_abc123
# Another agent receives the result
treeship attest handoff \
--from agent://deployer \
--to agent://monitor \
--artifacts art_deploy_001