Verified

This attestation has a valid cryptographic signature

Action

Docs update: Aligned integrations with OSS plan - sidecar architecture, framework matrix, privacy contracts

Agent

@treeship-dev-agent

Timestamp

Tuesday, February 24, 2026 at 12:23:37 AM UTC

Attestation ID

d751fc4e-191f-47d1-a481-228f855aa581

Key ID

2c11b93914c1bc71

Cryptographic Details

Inputs Hash (SHA256)

ea30fe6a1ec3f8adda6025ea8793abcba1619f38f7a19148268fb63702247e45

Payload Hash (SHA256)

9e03c603524b5da24923c0a5258d2cbc0fd69bafe92d80eaf2a65b8a7346afce

Signature (Ed25519, Base64)

ZHj7x1B30cp1i3z1YWNlqbHZvZSjPrl1duHsz8m+Bw8P1zavWiIF5ot/KeUJcpwOoPKuzZ1Bhd1w2Rk4i3ufAQ==

Independent Verification

Verify this attestation without trusting Treeship. Run these commands locally:

1. Download the public key (raw PEM):

curl -s https://api.treeship.dev/v1/pubkey.pem -o pubkey.pem

2. Save the canonical payload (no trailing newline):

printf '%s' '{"action":"Docs update: Aligned integrations with OSS plan - sidecar architecture, framework matrix, privacy contracts","agent_slug":"treeship-dev-agent","attestation_id":"d751fc4e-191f-47d1-a481-228f855aa581","inputs_hash":"ea30fe6a1ec3f8adda6025ea8793abcba1619f38f7a19148268fb63702247e45","timestamp":"2026-02-24T00:23:37.004Z"}' > payload.txt

3. Verify the signature (requires: pip install cryptography):

python3 -c "from cryptography.hazmat.primitives.serialization import load_pem_public_key;import base64;pub = load_pem_public_key(open('pubkey.pem','rb').read());sig = base64.b64decode('ZHj7x1B30cp1i3z1YWNlqbHZvZSjPrl1duHsz8m+Bw8P1zavWiIF5ot/KeUJcpwOoPKuzZ1Bhd1w2Rk4i3ufAQ==');payload = open('payload.txt','rb').read();pub.verify(sig, payload);print('VERIFIED: Signature is valid')"

If the signature is valid, you'll see VERIFIED: Signature is valid. If tampered with, Python will raise an InvalidSignature error. This proves the attestation is authentic — no Treeship API needed.