Tier 3 (on-chain attestation + private key usage) — needs human sign-off.

Blocking issues:

1. scripts/attest-issue.mjs will happily attest any issue even when the GitHub author doesn’t match the identity (hard-coded to loki-cyberstorm). It only logs a warning and proceeds. For an attestation/verifier flow this should hard-fail unless the claimed author is verified (or the identity UID is passed in and tied to the OAuth’d user). Right now anyone with WALLET_PRIVATE_KEY + GITHUB_TOKEN could mint attestations for other users.
2. Both attest-issue.mjs and create-contribution-attestation.mjs ship with hard-coded identity UID, repo, commit hash, and message. That makes them single-user demo scripts, not safe tooling. Please parameterize the inputs (identity UID, repo, commit/issue, author) or move these into an examples directory with clear guards to prevent accidental/mainnet use.
3. No tests or automation validating the new schema encoding. Given we’re registering a new schema and emitting on-chain attestations, we need unit tests that encode/decode data and a dry-run or mocked attestation path. Also there are no CI checks on this PR — we need at least lint/test coverage before merging.

Nice-to-have: getRepoIssues only returns the first 100 issues (no pagination), which may miss older items.

Assigning @allenday for Tier 3 review.

Cannot approve in current state:

• No CI checks are running; we need a passing pipeline before merge.
• No automated tests cover the new issue attestation schema, scripts, or backend additions. Please add coverage for schema encoding/decoding, issue fetch paths, and failure handling.
• The diff includes generated/build artifacts (e.g., numerous asset and lockfile changes); please remove built outputs and keep only source.

Please add tests/CI, drop generated artifacts, and re-request review.