An append-only attestation that a policy-selected auditor observed an app.matakite.* record create, update, or delete, or intentionally voided an unrepresentable event. The auditor repository establishes observation chronology for clients that trust its DID; source-record createdAt and Jetstream time_us remain provenance rather than trusted time.
any
Any valid record key
Properties
epoch
string
record-key
Required
Auditor-defined chronology epoch. Reference validators prohibit colon because it separates epoch from sequence in the record key. Sequence values are unique and monotonic within one auditor DID and epoch.
maxLength: 64 bytesobservedAt
string
datetime
Required
UTC time at which the auditor's durable intake first accepted the source event. Trusted scoring uses this time, not publication time.
operation
string
Required
Audit lifecycle entry. Create/update/delete mirror the source operation; void intentionally consumes an unrepresentable sequence. Reference validators reject unknown values until their lifecycle semantics are specified.
create, update, delete, voidpreviousCid
string
cid
Optional
CID previously observed at subjectUri when known. Meaningful only for update.
record
unknown
Optional
Exact public app.matakite.* source-record snapshot for create/update, including its $type. Omitted for delete/void. Reference validators require the $type to match the subject URI collection and its canonical DAG-CBOR CID to equal subjectCid. Unknown is used because common Lexicon validators do not currently validate record definitions nested through unions.
sequence
integer
Required
Auditor-issued total order within the epoch. This breaks observedAt ties and is the authoritative lifecycle order.
minimum: 1source
string
Required
Observation transport. Provenance only; clients select trust by auditor DID and policy.
maxLength: 640 bytesmaxGraphemes: 64 graphemesjetstream-legacysourceOperation
string
Optional
Original repository operation. Required only when operation is void.
create, update, deletesourceRev
string
tid
Required
Source repository revision reported by the observation transport. It is repository-scoped provenance, not a global ordering key.
sourceTimeUs
integer
Required
Source event time_us in Unix microseconds. Retained for provenance and replay analysis; not used as trusted scoring chronology.
minimum: 0subjectCid
string
cid
Optional
CID observed for a create or update. Reference validators require the canonical DAG-CBOR CID of a create/update record snapshot to equal this value. For a delete or void, the last CID observed for the URI when known.
subjectUri
string
at-uri
Required
URI of the app.matakite.* source record observed by the auditor.
voidNote
string
Optional
Optional public explanation for an operator-authorized void. Must not contain private source material.
maxLength: 3000 bytesmaxGraphemes: 300 graphemesvoidReason
string
Optional
Terminal exclusion reason. Required only for an explicitly operator-authorized void.
maxLength: 640 bytesmaxGraphemes: 64 graphemesinvalidSourceRecord, unsupportedSourceRecord, recordTooLarge, unrecoverableView raw schema
{
"key": "any",
"type": "record",
"record": {
"type": "object",
"required": [
"epoch",
"sequence",
"subjectUri",
"operation",
"observedAt",
"source",
"sourceRev",
"sourceTimeUs"
],
"properties": {
"epoch": {
"type": "string",
"format": "record-key",
"maxLength": 64,
"description": "Auditor-defined chronology epoch. Reference validators prohibit colon because it separates epoch from sequence in the record key. Sequence values are unique and monotonic within one auditor DID and epoch."
},
"record": {
"type": "unknown",
"description": "Exact public app.matakite.* source-record snapshot for create/update, including its $type. Omitted for delete/void. Reference validators require the $type to match the subject URI collection and its canonical DAG-CBOR CID to equal subjectCid. Unknown is used because common Lexicon validators do not currently validate record definitions nested through unions."
},
"source": {
"type": "string",
"maxLength": 640,
"description": "Observation transport. Provenance only; clients select trust by auditor DID and policy.",
"knownValues": [
"jetstream-legacy"
],
"maxGraphemes": 64
},
"sequence": {
"type": "integer",
"minimum": 1,
"description": "Auditor-issued total order within the epoch. This breaks observedAt ties and is the authoritative lifecycle order."
},
"voidNote": {
"type": "string",
"maxLength": 3000,
"description": "Optional public explanation for an operator-authorized void. Must not contain private source material.",
"maxGraphemes": 300
},
"operation": {
"type": "string",
"description": "Audit lifecycle entry. Create/update/delete mirror the source operation; void intentionally consumes an unrepresentable sequence. Reference validators reject unknown values until their lifecycle semantics are specified.",
"knownValues": [
"create",
"update",
"delete",
"void"
]
},
"sourceRev": {
"type": "string",
"format": "tid",
"description": "Source repository revision reported by the observation transport. It is repository-scoped provenance, not a global ordering key."
},
"observedAt": {
"type": "string",
"format": "datetime",
"description": "UTC time at which the auditor's durable intake first accepted the source event. Trusted scoring uses this time, not publication time."
},
"subjectCid": {
"type": "string",
"format": "cid",
"description": "CID observed for a create or update. Reference validators require the canonical DAG-CBOR CID of a create/update record snapshot to equal this value. For a delete or void, the last CID observed for the URI when known."
},
"subjectUri": {
"type": "string",
"format": "at-uri",
"description": "URI of the app.matakite.* source record observed by the auditor."
},
"voidReason": {
"type": "string",
"maxLength": 640,
"description": "Terminal exclusion reason. Required only for an explicitly operator-authorized void.",
"knownValues": [
"invalidSourceRecord",
"unsupportedSourceRecord",
"recordTooLarge",
"unrecoverable"
],
"maxGraphemes": 64
},
"previousCid": {
"type": "string",
"format": "cid",
"description": "CID previously observed at subjectUri when known. Meaningful only for update."
},
"sourceTimeUs": {
"type": "integer",
"minimum": 0,
"description": "Source event time_us in Unix microseconds. Retained for provenance and replay analysis; not used as trusted scoring chronology."
},
"sourceOperation": {
"type": "string",
"description": "Original repository operation. Required only when operation is void.",
"knownValues": [
"create",
"update",
"delete"
]
}
}
},
"description": "An append-only attestation that a policy-selected auditor observed an app.matakite.* record create, update, or delete, or intentionally voided an unrepresentable event. The auditor repository establishes observation chronology for clients that trust its DID; source-record createdAt and Jetstream time_us remain provenance rather than trusted time."
}