What is Treeship
Treeship is a portable cryptographic trust layer for human-agent workflows.
Treeship keeps a signed record of every action your agents take, every approval your team issues, and every handoff of work between systems.
The record is self-contained. It verifies offline. It crosses organizational boundaries. It does not depend on Treeship's servers to be valid -- the signatures are the trust.
The problem
When AI agents take consequential actions -- moving money, modifying code, executing contracts -- there is no receipt. Logs show API calls happened. They do not show:
- Who authorized the action
- What scope the authorization covered
- Whether the chain of custody is intact
- Whether the approval was used once or many times
Treeship produces cryptographic receipts that answer all four.
What Treeship is not
Treeship is not a scanner, EDR, SIEM, orchestration framework, or centralized trust authority. It is the evidence layer. Other tools find problems. Treeship signs what happened.
Core properties
Local-first
Every operation works offline. The Hub adds shareability, never trust.
Self-contained
A signed artifact is a JSON file. It verifies without a database, API, or account.
Deterministic
Same content always produces the same artifact ID.
Portable
Works across orgs, clouds, and protocols with no shared infrastructure.
Open
MIT licensed. The verifier is open source. Anyone can verify without trusting Treeship.
How it fits with other tools
| Tool | What it does | Treeship's role |
|---|---|---|
| Trivy | Finds vulnerabilities | Treeship signs the evidence Trivy produces |
| Falco | Detects runtime anomalies | Treeship attests that Falco ran and what it found |
| Langfuse | Traces agent behavior | Treeship signs the authorization chain |
| Sigstore | Signs software artifacts | Treeship applies the same model to agent actions |