# dev.cocore.compute.exchangeAttestation > Published by [cocore.dev](https://lexicon.garden/identity/did:plc:5quuhkmwe2q4k3azfsgg7kdz) ✓ This is the authoritative definition for this NSID. ## Description An exchange's self-published statement of operating posture: software commit, public signing key fingerprint, fee policy in effect, audit posture. The provider/requester analog of `dev.cocore.compute.attestation` for the exchange role. Settlements MAY strong-ref the active attestation so verifiers can pin which exchange-software / signing-key combination produced the record. ## Links - [View on Lexicon Garden](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.exchangeAttestation) - [Documentation](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.exchangeAttestation/docs) - [Examples](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.compute.exchangeAttestation/examples) ## Definitions ### `dev.cocore.compute.exchangeAttestation` **Type**: `record` **Key**: `tid` | Property | Type | Required | Description | |----------|------|----------|-------------| | `policy` | `ref` → `com.atproto.repo.strongRef` | Yes | Strong-ref to the dev.cocore.compute.exchangePolicy this attestation covers. | | `exchange` | `string` (did) | Yes | Exchange DID. MUST equal the repo this record is published in. | | `createdAt` | `string` (datetime) | Yes | | | `auditPosture` | `string` | No | Human-readable note about how the exchange is run (e.g. 'single-tenant on Railway, no third-party access, source on github.com/cocore/services'). Out-of-band trust signal. | | `softwareVersion` | `string` | Yes | Identifier for the exchange-side software running. Free-form; e.g. 'cocore-services@v0.3.2 (commit a1b2c3d)'. Lets verifiers match settlements to a specific build. | | `signingKeyFingerprint` | `string` | Yes | Fingerprint of the public key the exchange signs settlements with. Should match the verificationMethod publicKeyMultibase in the exchange's did document. | ## Raw Schema ```json { "id": "dev.cocore.compute.exchangeAttestation", "defs": { "main": { "key": "tid", "type": "record", "record": { "type": "object", "required": [ "exchange", "policy", "softwareVersion", "signingKeyFingerprint", "createdAt" ], "properties": { "policy": { "ref": "com.atproto.repo.strongRef", "type": "ref", "description": "Strong-ref to the dev.cocore.compute.exchangePolicy this attestation covers." }, "exchange": { "type": "string", "format": "did", "description": "Exchange DID. MUST equal the repo this record is published in." }, "createdAt": { "type": "string", "format": "datetime" }, "auditPosture": { "type": "string", "maxLength": 256, "description": "Human-readable note about how the exchange is run (e.g. 'single-tenant on Railway, no third-party access, source on github.com/cocore/services'). Out-of-band trust signal." }, "softwareVersion": { "type": "string", "maxLength": 64, "description": "Identifier for the exchange-side software running. Free-form; e.g. 'cocore-services@v0.3.2 (commit a1b2c3d)'. Lets verifiers match settlements to a specific build." }, "signingKeyFingerprint": { "type": "string", "maxLength": 128, "description": "Fingerprint of the public key the exchange signs settlements with. Should match the verificationMethod publicKeyMultibase in the exchange's did document." } } } } }, "$type": "com.atproto.lexicon.schema", "lexicon": 1, "description": "An exchange's self-published statement of operating posture: software commit, public signing key fingerprint, fee policy in effect, audit posture. The provider/requester analog of `dev.cocore.compute.attestation` for the exchange role. Settlements MAY strong-ref the active attestation so verifiers can pin which exchange-software / signing-key combination produced the record." } ```