feat(#26): Nostr identity + trust engine

- New nostr_identities DB table (pubkey, trust_score, tier, interaction_count, sats_absorbed_today, last_seen)
- nullable nostr_pubkey FK on sessions + jobs tables; schema pushed
- TrustService: getTier, getOrCreate, recordSuccess/Failure, HMAC token (issue/verify)
- Soft score decay (lazy, on read) when identity absent > N days
- POST /api/identity/challenge + POST /api/identity/verify (NIP-01 sig verification)
- GET /api/identity/me — look up trust profile by X-Nostr-Token
- POST /api/sessions + POST /api/jobs accept optional nostr_token; bind pubkey to row
- GET /sessions/:id + GET /jobs/:id include trust_tier in response
- recordSuccess/Failure called after session request + job work completes
- X-Nostr-Token added to CORS allowedHeaders + exposedHeaders
- TIMMY_TOKEN_SECRET set as persistent shared env var

artifacts/api-server/src/routes/index.ts

@@ -10,6 +10,7 @@ import uiRouter from "./ui.js";
 import nodeDiagnosticsRouter from "./node-diagnostics.js";
 import metricsRouter from "./metrics.js";
 import worldRouter from "./world.js";
+import identityRouter from "./identity.js";
 
 const router: IRouter = Router();
 
@@ -18,6 +19,7 @@ router.use(metricsRouter);
 router.use(jobsRouter);
 router.use(bootstrapRouter);
 router.use(sessionsRouter);
+router.use(identityRouter);
 router.use(demoRouter);
 router.use(testkitRouter);
 router.use(uiRouter);