Add OS keychain for persistent nsec sessions (roadmap #1)

- Rust: store_nsec / load_nsec / delete_nsec Tauri commands via keyring crate
  (macOS Keychain, Windows Credential Manager, Linux Secret Service)
- On nsec login: key is stored in OS keychain keyed by hex pubkey
- On startup: restoreSession() auto-loads nsec from keychain and re-establishes
  the NDK signer — no manual re-login required after restart
- On logout: keychain entry is deleted
- Graceful degradation: if keychain is unavailable (e.g. Linux without a Secret
  Service daemon), the app starts logged-out — same UX as before, no crash

Also updates ROADMAP.md with 4 new items from the Windows playtest (multi-account
switcher, NWC wizard, system tray, zap history view) and reorders the list.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

ROADMAP.md

@@ -25,12 +25,21 @@ platform that happens to live on Nostr, not a social feed that happens to suppor
 - nsec sessions don't survive app restart — keychain fixes this permanently
 - Tauri has keychain plugins ready (`tauri-plugin-keychain`)
 
-### 2. SQLite note caching
+### 2. Multi-account / profile switcher
+- Nostr users regularly maintain separate identities (personal, professional, pseudonymous)
+- Near-blocker-level friction discovered during Windows playtest — session re-login every
+  restart is currently the #1 UX pain point
+- Depends on OS keychain (#1) — keys must persist for instant switching
+- UI: small account switcher in sidebar footer; click → list of saved accounts; one click to switch
+- No re-login flow — switching is instant once accounts are stored in keychain
+- v1: stored nsec accounts only; v2 could add NIP-46 remote signer support
+
+### 3. SQLite note caching
 - Notes disappear on every restart — no local persistence
 - Would make the app feel dramatically more solid and fast
 - Rust backend is the right place for this
 
-### 3. About / Funding page
+### 4. About / Funding page
 - Hardcoded in-app page with all support options
 - Bitcoin on-chain address with scannable QR code
 - Lightning address with scannable QR code
@@ -39,39 +48,57 @@ platform that happens to live on Nostr, not a social feed that happens to suppor
 - Lives in the sidebar footer or as a dedicated view — tasteful, never nagging
 - Ties into the zap infrastructure already built
 
-### 4. Mute / ignore user + anti-spam
+### 5. Mute / ignore user + anti-spam
 - "Ignore this user" from profile or note context menu (NIP-51 mute list)
 - Mute list persisted to Nostr so it follows you across clients
 - Settings toggles for basic spam filters (e.g. hide notes from accounts < N days old,
   hide notes with no followers, hide pure bot patterns)
 - Consider: Web of Trust (WOT) score as an optional feed filter — needs design session
 
-### 5. Quote / Repost (NIP-18)
+### 6. Quote / Repost (NIP-18)
 - "Quote" wraps a note in your own post with added commentary
 - "Repost" is a plain re-broadcast (kind 6)
 - Both are standard and expected by Nostr users
 - Quote is more valuable — it drives conversation
 
-### 6. Sidebar: collapsible to icon-only + auto-hide
+### 7. NWC setup UX — guided wizard
+- Plain-text NWC URI field is confusing for non-technical users (confirmed in Windows playtest)
+- Wizard: detect wallet type (Alby Hub, Mutiny, Phoenix), deep-link to the right wallet page,
+  show inline validation + clear error states on connection failure
+- Keep raw URI field as advanced fallback
+
+### 8. System tray / minimize to tray
+- Standard expectation for any messaging/social app on Windows
+- Without it, closing the window exits — unexpected for a persistent social client
+- Research needed for macOS (menu bar?) and Linux (varies by DE) before implementing
+- Tauri 2.0 has a tray API — Windows implementation should be straightforward
+
+### 9. Zap history view
+- Sent and received zaps should be visible in the app
+- Zap infrastructure (NIP-47 + NIP-57) already built — this is display-layer only
+- v1: simple list in a "Zaps" tab on the profile view, or a section in Settings
+- Good demo material for OpenSats reviewers
+
+### 10. Sidebar: collapsible to icon-only + auto-hide
 - Toggle already exists (clicking WRYSTR collapses to w-12 icons), but it's not obvious
 - Make the toggle affordance clearer — a visible ‹ / › button
 - Auto-hide mode: sidebar expands on hover/click, collapses automatically after N seconds
   of activity in the main pane
 - Most important: the icon-only state should be the default or easily reachable
 
-### 7. Profile helpers for newcomers
+### 11. Profile helpers for newcomers
 - **NIP-05**: link to a guide or offer a basic self-hosted verification path
 - **Avatar / banner image upload**: instead of pasting a URL, let users upload directly
   (NIP-96 file storage or a simple Blossom upload via Tauri)
 - Newcomers fill in a URL field and have no idea what to put — this is a friction point
 
-### 8. Search: improve full-text + people
+### 12. Search: improve full-text + people
 - NIP-50 full-text (`bitcoin` query) returns zero results on most relays — the UI
   should detect this and suggest using `#hashtag` instead, or show which relays support it
 - People search only works on NIP-50-capable relays; most don't support it
 - Consider: local people search by scanning follows-of-follows graph
 
-### 9. Direct Messages (NIP-44 / NIP-17)
+### 13. Direct Messages (NIP-44 / NIP-17)
 - Significant complexity (encryption, key handling, inbox model)
 - Major feature gap but non-trivial to implement well
 - NIP-17 (private DMs) is the modern standard; NIP-44 is the encryption layer
@@ -85,6 +112,8 @@ platform that happens to live on Nostr, not a social feed that happens to suppor
 - The current UI is functional but has "amateur web app" feel on some surfaces
 - Target bar remains Telegram Desktop — fast, keyboard-navigable, feels native not webby
 - Specific surfaces to revisit: note cards, thread view, profile header, modals
+- **Windows playtest notes (10 Mar 2026):** install went smoothly, window resize/maximise
+  feels native; full design review still needed
 
 ### Web of Trust (WOT)
 - Nostr has a concept of social graph distance for trust scoring