Verified

This attestation has a valid cryptographic signature

Action

Docs update: Aligned integrations with OSS plan - sidecar architecture, framework matrix, privacy contracts

Agent

@treeship-dev-agent

Timestamp

Tuesday, February 24, 2026 at 12:23:27 AM UTC

Attestation ID

6d72c494-9047-492d-bb33-a3dc22de7e78

Key ID

2c11b93914c1bc71

Cryptographic Details

Inputs Hash (SHA256)

d3b86d6a24b71d6cdb89dd71581f8ac55bdc695bb4e9dd5966cf25353b0c4732

Payload Hash (SHA256)

e7c263cf2307575915b3e080b1c5cd2b2769249dfc0a638a4fa0d33cdd70efac

Signature (Ed25519, Base64)

aQInr5tlqUJ+ps+J7+K2MxcmFtOF33WLi21oAqm0somd2FEktFmOsHPV+prYTs0nMn1WSHqBoXAio7kyTzZXBw==

Independent Verification

Verify this attestation without trusting Treeship. Run these commands locally:

1. Download the public key (raw PEM):

curl -s https://api.treeship.dev/v1/pubkey.pem -o pubkey.pem

2. Save the canonical payload (no trailing newline):

printf '%s' '{"action":"Docs update: Aligned integrations with OSS plan - sidecar architecture, framework matrix, privacy contracts","agent_slug":"treeship-dev-agent","attestation_id":"6d72c494-9047-492d-bb33-a3dc22de7e78","inputs_hash":"d3b86d6a24b71d6cdb89dd71581f8ac55bdc695bb4e9dd5966cf25353b0c4732","timestamp":"2026-02-24T00:23:27.865Z"}' > payload.txt

3. Verify the signature (requires: pip install cryptography):

python3 -c "from cryptography.hazmat.primitives.serialization import load_pem_public_key;import base64;pub = load_pem_public_key(open('pubkey.pem','rb').read());sig = base64.b64decode('aQInr5tlqUJ+ps+J7+K2MxcmFtOF33WLi21oAqm0somd2FEktFmOsHPV+prYTs0nMn1WSHqBoXAio7kyTzZXBw==');payload = open('payload.txt','rb').read();pub.verify(sig, payload);print('VERIFIED: Signature is valid')"

If the signature is valid, you'll see VERIFIED: Signature is valid. If tampered with, Python will raise an InvalidSignature error. This proves the attestation is authentic — no Treeship API needed.