chore: rename quicproquo → quicprochat in docs, Docker, CI, and packaging

Rename all project references from quicproquo/qpq to quicprochat/qpc
across documentation, Docker configuration, CI workflows, packaging
scripts, operational configs, and build tooling.

- Docker: crate paths, binary names, user/group, data dirs, env vars
- CI: workflow crate references, binary names, artifact names
- Docs: all markdown files under docs/, SDK READMEs, book.toml
- Packaging: OpenWrt Makefile, init script, UCI config (file renames)
- Scripts: justfile, dev-shell, screenshot, cross-compile, ai_team
- Operations: Prometheus config, alert rules, Grafana dashboard
- Config: .env.example (QPQ_* → QPC_*), CODEOWNERS paths
- Top-level: README, CONTRIBUTING, ROADMAP, CLAUDE.md

docs/operations/incident-response.md

@@ -1,6 +1,6 @@
 # Incident Response Playbook
 
-This document provides procedures for responding to common operational incidents in a quicproquo deployment.
+This document provides procedures for responding to common operational incidents in a quicprochat deployment.
 
 ## Severity Levels
 
@@ -20,7 +20,7 @@ This document provides procedures for responding to common operational incidents
 
 ```bash
 # Check server logs
-journalctl -u qpq-server --since "10 min ago" --no-pager
+journalctl -u qpc-server --since "10 min ago" --no-pager
 
 # Docker
 docker compose logs --tail=50 server
@@ -39,17 +39,17 @@ ls -la data/server-cert.der data/server-key.der
 
 **Missing auth token (production mode)**
 ```bash
-# Production requires QPQ_AUTH_TOKEN >= 16 chars, not "devtoken"
-echo $QPQ_AUTH_TOKEN | wc -c
+# Production requires QPC_AUTH_TOKEN >= 16 chars, not "devtoken"
+echo $QPC_AUTH_TOKEN | wc -c
 ```
 
 **Database locked or corrupt**
 ```bash
 # Check if another process holds the database
-fuser data/qpq.db
+fuser data/qpc.db
 
 # Verify database integrity
-sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; PRAGMA integrity_check;"
+sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; PRAGMA integrity_check;"
 ```
 
 **Port already in use**
@@ -69,12 +69,12 @@ ss -tlnp | grep 7000
 
 ```bash
 # 1. Check if the process is running
-systemctl status qpq-server
+systemctl status qpc-server
 # or: docker compose ps
 
 # 2. Check resource usage
-top -bn1 | grep qpq
-df -h /var/lib/quicproquo
+top -bn1 | grep qpc
+df -h /var/lib/quicprochat
 free -h
 
 # 3. Check QUIC port is reachable
@@ -90,10 +90,10 @@ journalctl -k | grep -i oom
 
 ```bash
 # Restart the service
-systemctl restart qpq-server
+systemctl restart qpc-server
 
 # If OOM: increase memory limit
-systemctl edit qpq-server --force
+systemctl edit qpc-server --force
 # MemoryMax=2G
 
 # If disk full: see "Storage Full" incident below
@@ -110,15 +110,15 @@ systemctl edit qpq-server --force
 
 ```bash
 # Check disk usage
-df -h /var/lib/quicproquo
-du -sh /var/lib/quicproquo/*
+df -h /var/lib/quicprochat
+du -sh /var/lib/quicprochat/*
 
 # Check largest files
-du -a /var/lib/quicproquo | sort -rn | head -20
+du -a /var/lib/quicprochat | sort -rn | head -20
 
 # Check blob storage specifically
-du -sh /var/lib/quicproquo/blobs/
-find /var/lib/quicproquo/blobs/ -type f | wc -l
+du -sh /var/lib/quicprochat/blobs/
+find /var/lib/quicprochat/blobs/ -type f | wc -l
 ```
 
 ### Recovery
@@ -128,8 +128,8 @@ find /var/lib/quicproquo/blobs/ -type f | wc -l
 #    but if it's behind, you can trigger manual cleanup)
 
 # For SQL backend: delete expired delivery messages
-sqlite3 data/qpq.db <<'EOF'
-PRAGMA key = '${QPQ_DB_KEY}';
+sqlite3 data/qpc.db <<'EOF'
+PRAGMA key = '${QPC_DB_KEY}';
 DELETE FROM delivery_queue WHERE expires_at IS NOT NULL AND expires_at < unixepoch();
 VACUUM;
 EOF
@@ -142,10 +142,10 @@ EOF
 # Then: resize2fs /dev/xvdf
 
 # 4. Move to a larger disk
-systemctl stop qpq-server
-rsync -av /var/lib/quicproquo/ /mnt/new-volume/quicproquo/
-# Update QPQ_DATA_DIR and QPQ_DB_PATH to point to the new location
-systemctl start qpq-server
+systemctl stop qpc-server
+rsync -av /var/lib/quicprochat/ /mnt/new-volume/quicprochat/
+# Update QPC_DATA_DIR and QPC_DB_PATH to point to the new location
+systemctl start qpc-server
 ```
 
 ### Prevention
@@ -188,10 +188,10 @@ iptables -A INPUT -s <attacker-ip> -j DROP
 #    (Cloudflare Spectrum, AWS Shield, etc.)
 
 # 4. If the server is overwhelmed, restart to clear state
-systemctl restart qpq-server
+systemctl restart qpc-server
 
 # 5. Enable log redaction to reduce I/O pressure during attacks
-# Set QPQ_REDACT_LOGS=true
+# Set QPC_REDACT_LOGS=true
 ```
 
 ## Incident: Key Compromise
@@ -210,7 +210,7 @@ NEW_TOKEN=$(openssl rand -base64 32)
 # 3. Notify all legitimate clients of the new token
 
 # 4. Review logs for unauthorized access
-journalctl -u qpq-server | grep "auth_login_success" | tail -100
+journalctl -u qpc-server | grep "auth_login_success" | tail -100
 ```
 
 ### TLS Private Key Compromised
@@ -225,7 +225,7 @@ journalctl -u qpq-server | grep "auth_login_success" | tail -100
 # (procedure depends on your CA)
 
 # 3. Restart the server with the new certificate
-systemctl restart qpq-server
+systemctl restart qpc-server
 
 # 4. If clients pin certificates, notify them of the change
 ```
@@ -236,7 +236,7 @@ systemctl restart qpq-server
 
 ```bash
 # 1. Stop the server
-systemctl stop qpq-server
+systemctl stop qpc-server
 
 # 2. Rekey the database immediately
 # See: key-rotation.md "Database Encryption Key Rotation"
@@ -278,8 +278,8 @@ top -bn1 | head -20
 iostat -x 1 3
 
 # 2. Check database performance
-sqlite3 data/qpq.db <<'EOF'
-PRAGMA key = '${QPQ_DB_KEY}';
+sqlite3 data/qpc.db <<'EOF'
+PRAGMA key = '${QPC_DB_KEY}';
 PRAGMA integrity_check;
 PRAGMA wal_checkpoint(PASSIVE);
 -- Check table sizes
@@ -296,10 +296,10 @@ curl -s http://localhost:9090/metrics | grep delivery_queue_depth
 
 ```bash
 # 1. Checkpoint the WAL (reduces WAL file size)
-sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; PRAGMA wal_checkpoint(TRUNCATE);"
+sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; PRAGMA wal_checkpoint(TRUNCATE);"
 
 # 2. VACUUM to reclaim space and defragment
-sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; VACUUM;"
+sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; VACUUM;"
 
 # 3. If the queue is huge, check for clients not fetching
 # (delivery_queue rows accumulate when clients are offline)
@@ -323,7 +323,7 @@ openssl x509 -inform DER -in data/server-cert.der -noout -enddate
 # See: key-rotation.md "TLS Certificate Rotation"
 
 # 3. Verify the new certificate is loaded
-journalctl -u qpq-server --since "1 min ago" | grep -i cert
+journalctl -u qpc-server --since "1 min ago" | grep -i cert
 ```
 
 ## Post-Incident Checklist