feat: Triptyque de la Preuve — 3 levels of watermark

[desiorac]

Summary

• Level 1 — Digital Stamp: injects _arkforge_attestation into JSON response body (after hashing — chain hash unaffected)
• Level 2 — Ghost Stamp: 4 X-ArkForge-* HTTP headers on every proxy response (Proof, Verified, Proof-ID, Trust-Link)
• Level 3 — Visual Stamp: content negotiation on GET /v1/proof/{id} — Accept: text/html serves a self-contained HTML proof page with colored badge (green/orange/red). JSON remains default for backward compat
• Short URL: GET /v/{proof_id} → 302 redirect to full proof endpoint

Files changed

File	Change
trust_layer/templates.py	New — HTML proof page renderer (render_proof_page, _esc anti-XSS)
trust_layer/proxy.py	_inject_digital_stamp() + call in success path
trust_layer/app.py	Ghost Stamp headers, Visual Stamp content negotiation, /v/{id} short URL
tests/conftest.py	Patch TRUST_LAYER_BASE_URL on app module
tests/test_triptyque.py	New — 22 tests (7 L1 + 3 L2 + 8 L3 + 4 escape)

What does NOT change

• Chain hash integrity (attestation injected AFTER hashing)
• verify_proof_integrity() logic
• Existing JSON API contract (additive only)
• X-ArkForge-Proof header (backward compat preserved)

Test plan

• 96/96 tests passing (pytest tests/ -v)
• curl POST /v1/proxy → verify _arkforge_attestation in response body
• Verify 4 X-ArkForge-* headers in proxy response
• Browser → /v1/proof/{id} with Accept: text/html → HTML page with badge
• curl GET /v1/proof/{id} (no Accept) → JSON unchanged
• GET /v/{id} → 302 redirect

🤖 Generated with Claude Code