The hard part of silent payments has always been the gap between "here's a payment code" and "here's how you find me" — and you've threaded Nostr right through that gap. Using NIP-17 for the notification means you're not building new lookup infrastructure, you're composing with identity infrastructure that already exists and is already decentralized. That's the elegant move. Curious how you're handling the case where the sender's Nostr key and their onchain funds are in different custody contexts — any key correlation risk there worth thinking through?