chore(api): remove User.prvkey field + thread-through helpers (Q1.2 Option b)

Atomic phase-1 final per design-questions Q1.2 Option (b) and the
2026-05-29T00:30Z architecture-decisions lock-in. Removing the
prvkey?: string field from the User interface flips the type system
into the pressure mechanism that forces phase-2 to start: every
remaining bucket-B sign-site (chat / forum / nostr-feed /
activities-bookmarks/RSVP / market / tasks) now fails vue-tsc until
it migrates to signEventViaLnbits() against POST /api/v1/auth/sign-event
(aiolabs/lnbits PR #29, deployed on aio-demo).

Changes:
- src/lib/api/lnbits.ts:
  - Drop `prvkey?: string` from User interface.
  - getCurrentUser(): /auth/nostr/me used to merge prvkey alongside
    pubkey; post-cascade the endpoint returns only the pubkey.
    Updated the comment + cleaned the merge object.
- src/modules/base/auth/auth-service.ts:
  - updateProfile() no longer threads `prvkey` through the merge.
    Server-side PATCH /auth publishes kind-0 via the signer per
    869f67c3; the webapp doesn't keep prvkey at all.
- src/modules/nostr-feed/components/NostrFeed.vue +
  src/modules/nostr-feed/components/ScheduledEventCard.vue:
  - Repoint the `ScheduledEvent` type import from the deleted
    `../services/ScheduledEventService` to
    `@/modules/tasks/services/TaskService`. Trivial post-#81-merge
    cleanup that fell through the dedup PR; same file exports the
    same interface.

vue-tsc --noEmit fails with 8 errors after this commit, all
TS2339 "Property 'prvkey' does not exist". The failing sites are
exactly the bucket-B targets the design doc enumerates as
phase-2 migration work:

| Failing site                                  | Bucket B kind |
|-----------------------------------------------|---------------|
| activities/composables/useBookmarks.ts:92,113 | kind 10003 (NIP-51 bookmarks) |
| activities/composables/useRSVP.ts:153,187     | kind 31925 (NIP-52 RSVP) |
| base/services/NostrTransportService.ts:100,112| kind 21000 (NIP-44 v2 RPC envelope) |
| market/composables/useMarket.ts:455           | NIP-44 gift-wrap (kind 1059) unwrap |
| nostr-feed/components/NostrFeed.vue:408       | kind 5 (deletion of own post) |

NOT caught by vue-tsc but still bucket-B (BaseService injection
pattern types `this.authService` as `any`, so optional chaining
bypasses the type check):

- chat/services/chat-service.ts:341,511,714
- forum/services/SubmissionService.ts:755,1167
- nostr-feed/services/SubmissionService.ts:769,1226
- nostr-feed/components/NoteComposer.vue:306
- nostr-feed/components/RideshareComposer.vue:423
- tasks/services/TaskService.ts:507,562,616

Those sites will runtime-fail (prvkey is undefined from the API
post-cascade) but won't surface at compile time. Phase 2's
per-module migration (Q5.2) catches them as each module flips.

The webapp WILL NOT BUILD CLEANLY after this PR merges to dev
until phase 2 lands. That's the intended trade-off per Q5.1 +
Q1.2; the broken-build interval is the design-intended pressure
mechanism to start phase 2. server-deploy's webapp-demo flake.lock
bump will fail until phase 2 lands; demo will stay on the
pre-PR-#84 webapp during that interval.

Refs:
- log:2026-05-29T00:30Z (consolidated decisions; Q1.2 Option (b)
  + Q5.1 risk: demo gap acceptable)
- log:2026-05-29T17:30Z (lnbits confirming this PR stays
  atomic-after-the-two-bucket-A PRs)
- ~/dev/coordination/webapp-design-questions.md Q1.2 + Q5.1
- Parent initiative: aiolabs/lnbits#9 (signer abstraction / bunker)
- Sibling PRs (stacked base→head): #82 → #83 → this

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/lib/api/lnbits.ts

@@ -40,8 +40,12 @@ interface User {
   username?: string
   email?: string
   pubkey?: string
-  // pragma: allowlist secret
+  // The `prvkey` field was removed from this interface as the final step of
-  prvkey?: string  // Nostr signing key for user
+  // phase-1 per aiolabs/lnbits#9 / design-questions Q1.2 Option (b). LNbits
+  // signs server-side via the NostrSigner abstraction (PR #26) and exposes
+  // `signer_type` instead of raw key material on /api/v1/auth. Bucket-B
+  // sign-sites (kind 1 / 4 / 5 / 7 / 31925 / 10003 / 1111 etc.) migrate to
+  // POST /api/v1/auth/sign-event (PR #29) in phase 2.
   external_id?: string
   extensions: string[]
   wallets: Wallet[]
@@ -174,20 +178,22 @@ export class LnbitsAPI extends BaseService {
   async getCurrentUser(): Promise<User> {
     // First get basic user info from /auth
     const basicUser = await this.request<User>('/auth')
-    
+
-    // Then get Nostr keys from /auth/nostr/me (this was working in main branch)
+    // /auth/nostr/me used to return the user's prvkey for client-side signing;
+    // post-aiolabs/lnbits#9 phase-1 the server signs and the endpoint returns
+    // only the pubkey. We keep the call to merge the pubkey (which the basic
+    // /auth response also includes on the post-cascade server; this is the
+    // belt-and-suspenders fallback for older lnbits revisions until we ship a
+    // signer_type-aware client).
     try {
       const nostrUser = await this.request<User>('/auth/nostr/me')
-      
+
-      // Merge the data - basic user info + Nostr keys
       return {
         ...basicUser,
         pubkey: nostrUser.pubkey,
-        prvkey: nostrUser.prvkey
       }
     } catch (error) {
-      console.warn('Failed to fetch Nostr keys, returning basic user info:', error)
+      console.warn('Failed to fetch Nostr pubkey from /auth/nostr/me, returning basic user info:', error)
-      // Return basic user info without Nostr keys if the endpoint fails
       return basicUser
     }
   }

src/modules/base/auth/auth-service.ts

@@ -180,17 +180,14 @@ export class AuthService extends BaseService {
       this.isLoading.value = true
       const updatedUser = await this.lnbitsAPI.updateProfile(data)
 
-      // Preserve prvkey and pubkey from existing user since /auth/update doesn't return them
+      // Preserve pubkey from existing user since /auth/update doesn't return it.
+      // Kind-0 metadata is published server-side by lnbits's PATCH /auth handler
+      // (aiolabs/lnbits commit 869f67c3); no webapp-side broadcast path remains.
       this.user.value = {
         ...updatedUser,
         pubkey: this.user.value?.pubkey || updatedUser.pubkey,
-        prvkey: this.user.value?.prvkey || updatedUser.prvkey
       }
 
-      // Kind-0 metadata is published server-side by lnbits's PATCH /auth handler
-      // (aiolabs/lnbits commit 869f67c3) once the cascade is deployed. The webapp
-      // no longer maintains its own broadcast path.
-
     } catch (error) {
       const err = this.handleError(error, 'updateProfile')
       throw err

src/modules/nostr-feed/components/NostrFeed.vue

@@ -18,7 +18,7 @@ import ThreadedPost from './ThreadedPost.vue'
 import ScheduledEventCard from './ScheduledEventCard.vue'
 import appConfig from '@/app.config'
 import type { ContentFilter, FeedPost } from '../services/FeedService'
-import type { ScheduledEvent } from '../services/ScheduledEventService'
+import type { ScheduledEvent } from '@/modules/tasks/services/TaskService'
 import { injectService, SERVICE_TOKENS } from '@/core/di-container'
 import type { AuthService } from '@/modules/base/auth/auth-service'
 import type { RelayHub } from '@/modules/base/nostr/relay-hub'

src/modules/nostr-feed/components/ScheduledEventCard.vue

@@ -17,7 +17,7 @@ import {
   CollapsibleTrigger,
 } from '@/components/ui/collapsible'
 import { Calendar, MapPin, Clock, CheckCircle, PlayCircle, Hand, Trash2 } from 'lucide-vue-next'
-import type { ScheduledEvent, EventCompletion, TaskStatus } from '../services/ScheduledEventService'
+import type { ScheduledEvent, EventCompletion, TaskStatus } from '@/modules/tasks/services/TaskService'
 import { injectService, SERVICE_TOKENS } from '@/core/di-container'
 import type { AuthService } from '@/modules/base/auth/auth-service'