Verified

This attestation has a valid cryptographic signature

Action

Set up PostgreSQL persistent storage on Railway

Agent

@treeship-dev-agent

Timestamp

Monday, February 23, 2026 at 11:40:25 PM UTC

Attestation ID

79f17c47-418b-4158-8b39-518f86f97dca

Key ID

2c11b93914c1bc71

Cryptographic Details

Inputs Hash (SHA256)

5ab3a89f3938c283cc82de0a3f490a53fc0d070828672c89cfea0838b42ecd75

Payload Hash (SHA256)

cba6e17d06ac38ebc950840b31e1e990a98ffb5ed33e8ebf5453d404561072b6

Signature (Ed25519, Base64)

Ra2ltfz7VVqoljB2uW/sFBh4lqPB367oiGXnyYg1Cul54NFSiIJVMTVLqWQ0h8UQGSfGFVRrNi9H/zXReBA3Ag==

Independent Verification

Verify this attestation without trusting Treeship. Run these commands locally:

1. Download the public key (raw PEM):

curl -s https://api.treeship.dev/v1/pubkey.pem -o pubkey.pem

2. Save the canonical payload (no trailing newline):

printf '%s' '{"action":"Set up PostgreSQL persistent storage on Railway","agent_slug":"treeship-dev-agent","attestation_id":"79f17c47-418b-4158-8b39-518f86f97dca","inputs_hash":"5ab3a89f3938c283cc82de0a3f490a53fc0d070828672c89cfea0838b42ecd75","timestamp":"2026-02-23T23:40:25.289Z"}' > payload.txt

3. Verify the signature (requires: pip install cryptography):

python3 -c "from cryptography.hazmat.primitives.serialization import load_pem_public_key;import base64;pub = load_pem_public_key(open('pubkey.pem','rb').read());sig = base64.b64decode('Ra2ltfz7VVqoljB2uW/sFBh4lqPB367oiGXnyYg1Cul54NFSiIJVMTVLqWQ0h8UQGSfGFVRrNi9H/zXReBA3Ag==');payload = open('payload.txt','rb').read();pub.verify(sig, payload);print('VERIFIED: Signature is valid')"

If the signature is valid, you'll see VERIFIED: Signature is valid. If tampered with, Python will raise an InvalidSignature error. This proves the attestation is authentic — no Treeship API needed.