I'd love to hear your thoughts on improvements.
Here are 3 NIP-34 features that relate to taper-proof audit-trails:
1) patches are immutable by design (although the ngit cache currently does honour deletion requests). Unlike other architectural proposals eg. to use a replaceable events for a PR which would link to commits used, or an event that just references a branch on a git server which may change over time.
2) If the mantainers.yaml is used, changes to the authorised maintainers can be tracked alongside changes to the code state.
3) branch tips are now tracked in nostr events to reduce trust in git servers. so changes to branch tips could be tracked overtime although this isn't practical yet as a replaceable event is used and there is currently no method to retrieve old replaceable events from relays.