# app.matakite.audit

> Published by [matakite.app](https://lexicon.garden/identity/did:plc:vhycfha6sjn44hxepb5bmjax)

✓ This is the authoritative definition for this NSID.

## Links

- [View on Lexicon Garden](https://lexicon.garden/lexicon/did:plc:vhycfha6sjn44hxepb5bmjax/app.matakite.audit)
- [Documentation](https://lexicon.garden/lexicon/did:plc:vhycfha6sjn44hxepb5bmjax/app.matakite.audit/docs)
- [Examples](https://lexicon.garden/lexicon/did:plc:vhycfha6sjn44hxepb5bmjax/app.matakite.audit/examples)

## Definitions

### `app.matakite.audit`

**Type**: `record`

An append-only attestation that a policy-selected auditor observed an app.matakite.* record create, update, or delete, or intentionally voided an unrepresentable event. The auditor repository establishes observation chronology for clients that trust its DID; source-record createdAt and Jetstream time_us remain provenance rather than trusted time.

**Key**: `any`

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `epoch` | `string` (record-key) | Yes | Auditor-defined chronology epoch. Reference validators prohibit colon because it separates epoch from sequence in the record key. Sequence values are unique and monotonic within one auditor DID and epoch. |
| `record` | `unknown` | No | Exact public app.matakite.* source-record snapshot for create/update, including its $type. Omitted for delete/void. Reference validators require the $type to match the subject URI collection and its canonical DAG-CBOR CID to equal subjectCid. Unknown is used because common Lexicon validators do not currently validate record definitions nested through unions. |
| `source` | `string` | Yes | Observation transport. Provenance only; clients select trust by auditor DID and policy. |
| `sequence` | `integer` | Yes | Auditor-issued total order within the epoch. This breaks observedAt ties and is the authoritative lifecycle order. |
| `voidNote` | `string` | No | Optional public explanation for an operator-authorized void. Must not contain private source material. |
| `operation` | `string` | Yes | Audit lifecycle entry. Create/update/delete mirror the source operation; void intentionally consumes an unrepresentable sequence. Reference validators reject unknown values until their lifecycle semantics are specified. |
| `sourceRev` | `string` (tid) | Yes | Source repository revision reported by the observation transport. It is repository-scoped provenance, not a global ordering key. |
| `observedAt` | `string` (datetime) | Yes | UTC time at which the auditor's durable intake first accepted the source event. Trusted scoring uses this time, not publication time. |
| `subjectCid` | `string` (cid) | No | CID observed for a create or update. Reference validators require the canonical DAG-CBOR CID of a create/update record snapshot to equal this value. For a delete or void, the last CID observed for the URI when known. |
| `subjectUri` | `string` (at-uri) | Yes | URI of the app.matakite.* source record observed by the auditor. |
| `voidReason` | `string` | No | Terminal exclusion reason. Required only for an explicitly operator-authorized void. |
| `previousCid` | `string` (cid) | No | CID previously observed at subjectUri when known. Meaningful only for update. |
| `sourceTimeUs` | `integer` | Yes | Source event time_us in Unix microseconds. Retained for provenance and replay analysis; not used as trusted scoring chronology. |
| `sourceOperation` | `string` | No | Original repository operation. Required only when operation is void. |

## Raw Schema

```json
{
  "id": "app.matakite.audit",
  "defs": {
    "main": {
      "key": "any",
      "type": "record",
      "record": {
        "type": "object",
        "required": [
          "epoch",
          "sequence",
          "subjectUri",
          "operation",
          "observedAt",
          "source",
          "sourceRev",
          "sourceTimeUs"
        ],
        "properties": {
          "epoch": {
            "type": "string",
            "format": "record-key",
            "maxLength": 64,
            "description": "Auditor-defined chronology epoch. Reference validators prohibit colon because it separates epoch from sequence in the record key. Sequence values are unique and monotonic within one auditor DID and epoch."
          },
          "record": {
            "type": "unknown",
            "description": "Exact public app.matakite.* source-record snapshot for create/update, including its $type. Omitted for delete/void. Reference validators require the $type to match the subject URI collection and its canonical DAG-CBOR CID to equal subjectCid. Unknown is used because common Lexicon validators do not currently validate record definitions nested through unions."
          },
          "source": {
            "type": "string",
            "maxLength": 640,
            "description": "Observation transport. Provenance only; clients select trust by auditor DID and policy.",
            "knownValues": [
              "jetstream-legacy"
            ],
            "maxGraphemes": 64
          },
          "sequence": {
            "type": "integer",
            "minimum": 1,
            "description": "Auditor-issued total order within the epoch. This breaks observedAt ties and is the authoritative lifecycle order."
          },
          "voidNote": {
            "type": "string",
            "maxLength": 3000,
            "description": "Optional public explanation for an operator-authorized void. Must not contain private source material.",
            "maxGraphemes": 300
          },
          "operation": {
            "type": "string",
            "description": "Audit lifecycle entry. Create/update/delete mirror the source operation; void intentionally consumes an unrepresentable sequence. Reference validators reject unknown values until their lifecycle semantics are specified.",
            "knownValues": [
              "create",
              "update",
              "delete",
              "void"
            ]
          },
          "sourceRev": {
            "type": "string",
            "format": "tid",
            "description": "Source repository revision reported by the observation transport. It is repository-scoped provenance, not a global ordering key."
          },
          "observedAt": {
            "type": "string",
            "format": "datetime",
            "description": "UTC time at which the auditor's durable intake first accepted the source event. Trusted scoring uses this time, not publication time."
          },
          "subjectCid": {
            "type": "string",
            "format": "cid",
            "description": "CID observed for a create or update. Reference validators require the canonical DAG-CBOR CID of a create/update record snapshot to equal this value. For a delete or void, the last CID observed for the URI when known."
          },
          "subjectUri": {
            "type": "string",
            "format": "at-uri",
            "description": "URI of the app.matakite.* source record observed by the auditor."
          },
          "voidReason": {
            "type": "string",
            "maxLength": 640,
            "description": "Terminal exclusion reason. Required only for an explicitly operator-authorized void.",
            "knownValues": [
              "invalidSourceRecord",
              "unsupportedSourceRecord",
              "recordTooLarge",
              "unrecoverable"
            ],
            "maxGraphemes": 64
          },
          "previousCid": {
            "type": "string",
            "format": "cid",
            "description": "CID previously observed at subjectUri when known. Meaningful only for update."
          },
          "sourceTimeUs": {
            "type": "integer",
            "minimum": 0,
            "description": "Source event time_us in Unix microseconds. Retained for provenance and replay analysis; not used as trusted scoring chronology."
          },
          "sourceOperation": {
            "type": "string",
            "description": "Original repository operation. Required only when operation is void.",
            "knownValues": [
              "create",
              "update",
              "delete"
            ]
          }
        }
      },
      "description": "An append-only attestation that a policy-selected auditor observed an app.matakite.* record create, update, or delete, or intentionally voided an unrepresentable event. The auditor repository establishes observation chronology for clients that trust its DID; source-record createdAt and Jetstream time_us remain provenance rather than trusted time."
    }
  },
  "$type": "com.atproto.lexicon.schema",
  "lexicon": 1
}
```
