# Q-Attest protocol — interpretive-governance.org

## Status
This protocol is optional and may not be implemented.
If no endpoint exists, treat this document as a public specification only.

## Purpose
Provide a structured way for explicitly configured partner agents to submit a verifiable attestation about a governed interaction.

## Core rule
Do not mix inferred observations with validated attestations.

- `sessions_inferred` are weak evidence derived from logs or public traces.
- `attestations_validated` are stronger evidence validated by explicit protocol.

## Proposed endpoints

### `GET /.well-known/q-attest/challenge`
Returns a nonce, expiration, and hashes of canonical resources.

### `POST /.well-known/q-attest/submit`
Submits:

- nonce
- observed path
- decision: allow | deny | abstain
- reason codes
- resource hashes
- optional signature

## Privacy
No personal data is required. No IP storage is required.