Add request correlation IDs and Kubernetes deployment manifests.

[Abidoyesimze]

Summary

• [High] Add request correlation IDs and structured tracing across HTTP, agent, and Stellar pipeline #168 — Request correlation IDs: Adds correlationIdMiddleware that accepts X-Request-ID or X-Correlation-ID, generates a UUID when absent, echoes X-Request-ID on every response, and propagates the ID through Winston logs, on-chain transaction submission, Stellar event processing, DLQ payloads, and agent scheduled jobs.
• [High] Add Kubernetes manifests and production deployment runbook #167 — Kubernetes deployment: Adds production-grade manifests under deploy/k8s/ (Deployment, Service, Ingress, ConfigMap, Secret template, migration Job, HPA) plus docs/DEPLOYMENT.md runbook covering rollout, rollback, secrets, and single-replica scaling constraints for the event listener and agent cron.

Closes #168
Closes #167

#168 — Correlation ID details

Area	Change
Middleware	correlationIdMiddleware validates incoming IDs (alphanumeric/hyphen/underscore, max 128 chars), attaches to req.correlationId and res.locals, returns X-Request-ID header
Logging	Winston injects correlationId via AsyncLocalStorage; request and error logs include it
On-chain ops	transaction-controller logs before/after deposit/withdraw submission with correlationId
Stellar events	Per-event correlation ID in handleEvent; failed events retain ID in DLQ payload._metadata
Agent jobs	Job-scoped IDs for rebalance, snapshot, and daily scan; stored in agent_logs.inputData
Errors	500 responses include "requestId" in JSON body
Docs	readme.md documents header convention for client integrators

#167 — Kubernetes details

Manifest	Purpose
deployment.yaml	App container (node dist/index.js), initContainer migration, liveness /health/live, readiness /health/ready
service.yaml	ClusterIP on port 3001
ingress.yaml	TLS termination
configmap.yaml	Non-secret env (CORS, rate limits, RPC URLs, log level)
secret.yaml.example	Template for DATABASE_URL, JWT_SEED, WALLET_ENCRYPTION_KEY, STELLAR_AGENT_SECRET_KEY, ANTHROPIC_API_KEY, ADMIN_API_TOKEN, TWILIO_AUTH_TOKEN
migration-job.yaml	Standalone pre-deploy prisma migrate deploy Job
hpa.yaml	Pinned to 1 replica (event listener + agent cron require single active consumer)

docs/DEPLOYMENT.md covers prerequisites, staging vs production env matrix, rollout/rollback procedures, and the architectural constraint that multiple replicas are unsafe until API/worker split.

Test plan

• npm run lint:types passes
• tests/unit/middleware/correlationId.test.ts — preserves client ID, generates when missing, validates format
• tests/integration/correlationId.integration.test.ts — single request ID across HTTP header, handler, and logs
• tests/unit/stellar/dlq-correlation.test.ts — DLQ retains correlationId in payload metadata
• kubeconform CI workflow validates manifests on merge
• Manual: deploy to staging cluster, verify /health/ready returns 200 after initContainer migration
• Manual: send X-Request-ID on deposit request, confirm header echoed and ID appears in logs