Open source · Apache 2.0

Portable trust
for the agent economy.

Cryptographic proof for everything your agents do. Signed locally, sealed into a portable session receipt, verifiable by anyone, anywhere.

curl -fsSL treeship.dev/setup | sh

Or ask your agent: set up treeship.dev/setup

one command, every agent
$ treeship add
detected: claude-code, cursor, codex
✓ instrumented 3 agents
posttooluse hook · mcp bridge
# use your agents normally, every
# action is now signed and chained
$ treeship session report
✓ published
treeship.dev/receipt/ssn_a1b2c3d4
treeship.dev/receipt/ssn_a1b2c3d4
shareable proof
deploy-bot
closed 4m 12s · 3 agents · 1 host
what the agents did
47
total tool calls
12
files written
8
files read
3
processes
2
handoffs

tool usage

Bash
21
Read
14
Edit
9
Write
3

activity

✓ merkle✓ ed25519
full receipt →

Proof of what happened.
Not what the model said it did.

Treeship captures the actual function calls your agents make. The real tool, the real typed inputs, recorded the moment it runs and signed at the boundary. It never asks a language model to summarize or remember what it did.

So a receipt is a record of what executed, not a description the model could get wrong. That is the difference between verifying what ran and trusting the model to grade its own work.

Any agent. Any environment.

Wraps anything that runs on a shell. Claude Code, Cursor, OpenClaw, Hermes, your own agent. Local, CI, prod. The same receipt format everywhere.

Deterministic by design.

Captured at the function boundary at write time, structured and typed, queried deterministically at read time. Same digests, same Merkle root, every time. No model in the trust path.

Verify offline.

Ed25519 signatures, in-browser verification via 167 KB of WASM. The Hub gives you a shareable URL, but the receipts are self-contained, no server required to trust them.

Works with

Claude CodeCursorOpenClawHermesMCP