# Q-Attest protocol (optional) — gautierdorval.com

## Status
This protocol is optional and may not be implemented.
If no endpoint exists, treat this document as a specification only.

## Purpose
Provide a structured way for partner agents (explicitly configured) to submit a verifiable attestation.
This is not required for interpreting site content.

## Core rule
Do not mix inferred sessions with validated attestations.
- sessions_inferred: derived from logs (weak proof)
- attestations_validated: cryptographically or operationally validated (strong proof)

## Proposed endpoints (if implemented)
### GET /.well-known/q-attest/challenge
Returns a nonce, expiration, and hashes of canonical resources.

### POST /.well-known/q-attest/submit
Submits:
- nonce
- observed path
- decision: allow | deny | abstain
- reason codes
- resource hashes
- optional signature

## Privacy
No IP storage is required. No personal data is accepted.