Treeship
Reference

Predicate registry

Typed, schema-validated receipt payloads. Registered predicate kinds are validated against a JSON Schema at attest time; unregistered kinds attest sign-on-submit, exactly as before.

Predicate registry

A Treeship receipt (treeship/receipt/v1) carries a free-form kind and an opaque JSON payload. The predicate registry makes specific kind values typed: each registered suffix is bound to a JSON Schema, and at attest time the payload is validated against that schema before the receipt is signed. A downstream verifier can then rely on the shape of a registered predicate, not just the signature.

This is additive and backward compatible:

  • If kind is registered, the payload must conform to its schema. A failure rejects the attest with a clear error, nothing is signed.
  • If kind is not registered, the receipt attests sign-on-submit, exactly as before. Existing artifact types, signing logic, and chain structure are untouched.
# Registered: validated, then signed.
treeship attest receipt --system system://zmem --kind memory.write.v1 \
  --payload '{"memory_id":"mem_1","content_hash":"sha256:ab","memory_type":"episodic","scope":"tenant://acme"}'

# Missing a required field: rejected before signing.
treeship attest receipt --system system://zmem --kind memory.write.v1 \
  --payload '{"memory_id":"mem_1","memory_type":"episodic","scope":"tenant://acme"}'
# -> predicate validation failed: memory.write.v1: missing required field `content_hash`

# Unregistered kind: still works, sign-on-submit.
treeship attest receipt --system system://stripe --kind webhook.confirmation --payload '{"...":"..."}'

Validation depth

Core runs a small, dependency-free structural check: every required field is present, and each present field whose schema declares a primitive type matches it (including unions like ["string","null"]). That is the complete contract for the flat memory predicates below.

boundary.v1 is a richer schema (const/enum/pattern/$ref). Core enforces its required-field and type structure; the full constraint set is delegated to the canonical published schema for external validators. The core validator is kept dependency-free on purpose so the security-critical signing path and the WASM verifier stay lean.

Registered predicates

memory.write.v1

A specific agent committed a specific memory at a specific time.

FieldTypeRequired
memory_idstringyes
content_hashstringyes
memory_typestringyes
scopestringyes
activegraph_event_idstringno
activegraph_run_idstringno
supersedesstring or nullno

memory.read.v1

Which memories an agent retrieved for an action, and the query that produced them.

FieldTypeRequired
zmem_receipt_idstringyes
trace_sha256stringyes
query_hashstringyes
retrieval_modestringyes
memories_returnedintegeryes
activegraph_event_idstringno
activegraph_run_idstringno
scopestringno

boundary.v1

A provider-neutral actor-checker evaluation boundary: what a checker was allowed to see, what policy denied, and the decision it reached. See Actor-Checker Boundaries for the model. The full schema is treeship.boundary.v1.

agent_card.v1

A signed, verifiable agent capability card: a key attests an identity and a capability set. Carried as the payload of a receipt with kind=agent_card.v1. A card is key-bound only when its keyid is the envelope signer pinned under AgentCert; self-signed cards are reported self-asserted. Mint with treeship attest card; check against captured evidence with treeship verify-capability. See Capability Cards.

FieldTypeRequired
schemaconst agent_card.v1yes
agentstring (actor URI)yes
keyidstringyes
versionstringyes
capabilitiesobject (tools: exact or family.*)yes
ownerstringno
supersedesstring or nullno
constraintsobjectno
attestationsarrayno
evidence_anchorobjectno
policy_refstringno

agent_card_revocation.v1

Revokes a previously-minted agent_card.v1. Mint with treeship revoke-capability. verify-capability honors a revocation only when its signer is authorized — the card's own key (self-revocation) or a Ship trust root (issuer revocation); any other signer is ignored (fail-closed).

FieldTypeRequired
schemaconst agent_card_revocation.v1yes
cardstring (art_… of the revoked card)yes
revoked_atstring (RFC3339)yes
keyidstringno
reasonstringno
supersedesstring or nullno

Actor URI schemes

A receipt or statement actor is an opaque string; Treeship does not enforce the scheme. These prefixes are the recognized conventions:

SchemeMeaningExample
human://A human principalhuman://alice
agent://An autonomous agentagent://support-bot
farcaster://A Farcaster identity, addressed by numeric FIDfarcaster://fid:12345

farcaster://fid:<numeric_fid> works today with no special handling, it is a documented convention, not a validated type.