45f4e72f14
## What was done
All task-29 deliverables implemented, tested, and in production.
### Implementation (already in main as eb5dcfd)
- TimmyIdentityService: secp256k1 keypair (nsec/npub), sign(), encryptDm()
- ZapService: NIP-57 kind-9734 zap-out, wired into job completion via maybeZapOnJobComplete()
- EngagementService: proactive NIP-04 DMs, configurable cadence (ENGAGEMENT_INTERVAL_DAYS)
- POST /api/identity/vouch — elite-tier trust vouching, X-Nostr-Token gated
- GET /api/identity/timmy — public npub + pubkeyHex + zapCount
- DB: timmy_nostr_events + nostr_trust_vouches (confirmed live in production)
- Frontend: timmy-id.js identity card widget (click-to-copy npub, 60s refresh)
### Session cleanup (this session)
- PR #47 documented and closed (branch = main HEAD)
- Issue #34 closed with full completion notes
- Gitea backlog scrubbed: 6 stale issues closed, 4 new follow-up issues created (#48-#51)
- Agent labels assigned to all open issues (hermes: 13, kimi: 8, timmy: 4, replit: 4)
- New `timmy` label created (Bitcoin orange #f7931a) for Timmy's autonomy work
- Missing agent labels fixed on #36 and #37 (both now @hermes)
### Smoke tests
- GET /api/identity/timmy → 200 {npub, pubkeyHex, zapCount}
- POST /api/identity/challenge → 200 {nonce, expiresAt}
- POST /api/identity/vouch (no token) → 401 {error: X-Nostr-Token header required}
- DB tables: timmy_nostr_events, nostr_trust_vouches, timmy_config all confirmed present