feat: add AttestationHook — EAS receipts for ACP job outcomes

[JhiNResH]

Summary

Adds AttestationHook.sol — an afterAction hook that writes EAS (Ethereum Attestation Service) attestations on every job completion and rejection. This creates an immutable, on-chain receipt layer for agentic commerce.

Companion to PR #6 (TrustGateACPHook):

• PR feat: trust-based evaluator, trust gate hook, and evaluator registry #6 = pre-transaction gate (blocks untrusted actors)
• This PR = post-transaction receipt (records outcomes)
• Combined = complete trust lifecycle: gate → execute → record

New Files

contracts/hooks/AttestationHook.sol

IACPHook that writes EAS attestations after job completion/rejection:

• _postComplete — writes attestation with completed=true
• _postReject — writes attestation with completed=false
• Uses try/catch — EAS failures never revert the parent transaction
• Non-revocable attestations (job outcomes are facts, not opinions)
• Provider as recipient (they accumulate reputation)

05-attestation-patterns.md

Documentation covering:

• Why attestations matter for agentic commerce
• Attester trust chain (anonymous → ERC-8004 identity → ENS named)
• Composability with TrustGateACPHook
• Extension patterns: Invoice NFT, reputation aggregation, token fundamental analysis
• Security considerations

EAS Schema

uint256 jobId, address client, address provider, address evaluator,
uint256 budget, bytes32 reason, bool completed

Target: Base EAS (0x4200000000000000000000000000000000000021)

Motivation

Job outcomes are currently emitted as events but not persisted in a standardized, queryable format. EAS attestations provide:

1. Credit history — Every agent accumulates an immutable record of completed and rejected jobs
2. Reputation aggregation — Off-chain indexers can compute completion rates, volume, client diversity from attestations
3. Composability — Any protocol can query EAS attestations without custom integrations (via easscan.org/graphql)
4. Fundamental analysis — Attestation-derived metrics provide independent quality signals for agent tokens, separate from market speculation

Design Decisions

Decision	Rationale
afterAction only	Never blocks job lifecycle
try/catch on EAS	EAS failures must not revert jobs
recipient = provider	Providers accumulate reputation
revocable = false	Outcomes are immutable facts
expirationTime = 0	Permanent records
No beforeAction	This hook records, not gates (gating is PR #6)

Relationship to ERC-8004

Attestation credibility scales with attester identity. Deployers SHOULD register their hook contract in an ERC-8004 Identity Registry:

EAS attestation
  └── attester: 0xHookContract
        └── ERC-8004 Registry → verified identity
              └── ENS name → human-readable trust anchor

This creates a three-layer trust stack: EAS (receipt) + ERC-8004 (identity) + ENS (naming).

[psmiratisu]

8183 core already emits events (JobCompleted, JobRejected). What would be the potential use cases for this? @JhiNResH

[JhiNResH]

Good question — events work great for off-chain indexing, but they're not readable on-chain by other contracts.

The goal here is portable agent reputation: each attestation is tied to the provider address, so other hooks (like TrustGateHook) can read a provider's job history directly on-chain — no oracle needed.

Think of it as building an on-chain resume for every agent, composable across any ERC-8183 deployment.

[JhiNResH]

Updated — removed vendor-specific references. AttestationHook was already fairly generic; just cleaned up the security contact.

[JhiNResH]

Updated this branch with the latest version from #13 (force-pushed). This is now the standalone AttestationHook PR as requested by the reviewer — split off from #13.