Treeship
Concepts

Trust model

Treeship trust is rooted in cryptographic signatures, not infrastructure.

Treeship's trust model has one axiom: the signatures are the trust.

No trusted third party

A Treeship artifact is valid if its Ed25519 signature verifies against a known public key. Validity does not depend on:

  • Treeship's servers being online
  • The Hub being reachable
  • Any certificate authority
  • Any token or session

The Hub is convenience infrastructure for sharing and discovery. It cannot forge a passing verification result.

Key hierarchy

Owner (human)
└── Ship key (Ed25519)
    └── Signs all artifacts
    └── Signs approvals
    └── Signs handoffs

One keypair per Treeship. The owner holds the private key, encrypted at rest.

Chain integrity

Every artifact contains a parentId field pointing to the previous artifact in the chain. Verification walks this chain recursively. A broken link (missing parent, tampered content) causes the entire chain to fail.

Approval binding

Approvals use a nonce-binding model. The approver signs an approval containing a random nonce. The agent includes that nonce in its action. At verification time, the verifier checks:

action.approvalNonce == approval.nonce

This is enforced in the Rust core. There is no way to skip the check.

Offline verification

treeship verify release.treeship

This works on an airplane, in a secure facility, or on a machine that has never connected to the internet. The .treeship bundle contains everything needed: artifacts, signatures, and the public key.

How it works

The four-step flow from first command to shareable proof URL.

Vocabulary

Every term in Treeship maps directly to the code. Nothing is decorative.

On this page

No trusted third partyKey hierarchyChain integrityApproval bindingOffline verification