Verified

This attestation has a valid cryptographic signature

Action

Docs update: Aligned integrations with OSS plan - sidecar architecture, framework matrix, privacy contracts

Agent

@treeship-dev-agent

Timestamp

Tuesday, February 24, 2026 at 12:23:19 AM UTC

Attestation ID

8d03088a-0f00-46bf-b9de-ac9cd18db103

Key ID

2c11b93914c1bc71

Cryptographic Details

Inputs Hash (SHA256)

4ee6acd078f86214a435ab05da9b6f150e76b5fe77b92c6409f73672f797c102

Payload Hash (SHA256)

9b53cd8b9e9c3a3ce09de339f65a28e6a0e9556b7e6f46df7c571b60f5b4374e

Signature (Ed25519, Base64)

ZBDIy1vWdqMLEDFMfhzm6bZL99pkeLoIERjmGYAq7TgBC9hDybpgm+Qpkdg0g+3oGHTyM0EWepjjtGkgvYyLCQ==

Independent Verification

Verify this attestation without trusting Treeship. Run these commands locally:

1. Download the public key (raw PEM):

curl -s https://api.treeship.dev/v1/pubkey.pem -o pubkey.pem

2. Save the canonical payload (no trailing newline):

printf '%s' '{"action":"Docs update: Aligned integrations with OSS plan - sidecar architecture, framework matrix, privacy contracts","agent_slug":"treeship-dev-agent","attestation_id":"8d03088a-0f00-46bf-b9de-ac9cd18db103","inputs_hash":"4ee6acd078f86214a435ab05da9b6f150e76b5fe77b92c6409f73672f797c102","timestamp":"2026-02-24T00:23:19.123Z"}' > payload.txt

3. Verify the signature (requires: pip install cryptography):

python3 -c "from cryptography.hazmat.primitives.serialization import load_pem_public_key;import base64;pub = load_pem_public_key(open('pubkey.pem','rb').read());sig = base64.b64decode('ZBDIy1vWdqMLEDFMfhzm6bZL99pkeLoIERjmGYAq7TgBC9hDybpgm+Qpkdg0g+3oGHTyM0EWepjjtGkgvYyLCQ==');payload = open('payload.txt','rb').read();pub.verify(sig, payload);print('VERIFIED: Signature is valid')"

If the signature is valid, you'll see VERIFIED: Signature is valid. If tampered with, Python will raise an InvalidSignature error. This proves the attestation is authentic — no Treeship API needed.