chore: rename quicproquo → quicprochat in docs, Docker, CI, and packaging

Rename all project references from quicproquo/qpq to quicprochat/qpc
across documentation, Docker configuration, CI workflows, packaging
scripts, operational configs, and build tooling.

- Docker: crate paths, binary names, user/group, data dirs, env vars
- CI: workflow crate references, binary names, artifact names
- Docs: all markdown files under docs/, SDK READMEs, book.toml
- Packaging: OpenWrt Makefile, init script, UCI config (file renames)
- Scripts: justfile, dev-shell, screenshot, cross-compile, ai_team
- Operations: Prometheus config, alert rules, Grafana dashboard
- Config: .env.example (QPQ_* → QPC_*), CODEOWNERS paths
- Top-level: README, CONTRIBUTING, ROADMAP, CLAUDE.md

docs/src/getting-started/docker.md

@@ -1,6 +1,6 @@
 # Docker Deployment
 
-quicproquo includes a multi-stage Dockerfile and a Docker Compose configuration for building and running the server in containers.
+quicprochat includes a multi-stage Dockerfile and a Docker Compose configuration for building and running the server in containers.
 
 ---
 
@@ -40,11 +40,11 @@ services:
       - "7000:7000/udp"
     environment:
       RUST_LOG: "info"
-      QPQ_LISTEN: "0.0.0.0:7000"
-      QPQ_DATA_DIR: "/var/lib/quicproquo"
-      QPQ_PRODUCTION: "true"
+      QPC_LISTEN: "0.0.0.0:7000"
+      QPC_DATA_DIR: "/var/lib/quicprochat"
+      QPC_PRODUCTION: "true"
     volumes:
-      - server-data:/var/lib/quicproquo
+      - server-data:/var/lib/quicprochat
     restart: unless-stopped
 
 volumes:
@@ -74,7 +74,7 @@ WORKDIR /build
 
 # Copy manifests first so dependency layers are cached independently of source.
 COPY Cargo.toml Cargo.lock ./
-COPY crates/quicproquo-core/Cargo.toml       crates/quicproquo-core/Cargo.toml
+COPY crates/quicprochat-core/Cargo.toml       crates/quicprochat-core/Cargo.toml
 # ... (all 9 crate manifests)
 
 # Create dummy source files for dependency caching.
@@ -84,11 +84,11 @@ RUN mkdir -p ... && echo 'fn main() {}' > ...
 COPY schemas/ schemas/
 
 # Build dependencies only (cache layer).
-RUN cargo build --release --bin qpq-server 2>/dev/null || true
+RUN cargo build --release --bin qpc-server 2>/dev/null || true
 
 # Copy real source and build for real.
 COPY crates/ crates/
-RUN cargo build --release --bin qpq-server
+RUN cargo build --release --bin qpc-server
 ```
 
 Key steps:
@@ -96,7 +96,7 @@ Key steps:
 1. **Base image**: `rust:bookworm` (Debian Bookworm with the Rust toolchain pre-installed).
 2. **No system compiler required**: Unlike v1, the builder stage does not install `capnproto`. The v2 Protobuf compiler is vendored by `protobuf-src` and compiled automatically as part of `cargo build`.
 3. **Copy manifests first**: `Cargo.toml` and `Cargo.lock` are copied before source code with dummy stubs so that dependency compilation is cached in a separate Docker layer.
-4. **Copy schemas**: The `schemas/` directory is copied before the dependency build because `quicproquo-proto/build.rs` references it.
+4. **Copy schemas**: The `schemas/` directory is copied before the dependency build because `quicprochat-proto/build.rs` references it.
 5. **Copy real source and build**: After the dependency cache layer, real source files are copied in and `cargo build --release` produces the final binary.
 
 ### Stage 2: Runtime (`debian:bookworm-slim`)
@@ -108,39 +108,39 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /build/target/release/qpq-server /usr/local/bin/qpq-server
+COPY --from=builder /build/target/release/qpc-server /usr/local/bin/qpc-server
 
-RUN groupadd --system qpq \
-    && useradd --system --gid qpq --no-create-home --shell /usr/sbin/nologin qpq \
-    && mkdir -p /var/lib/quicproquo \
-    && chown qpq:qpq /var/lib/quicproquo
+RUN groupadd --system qpc \
+    && useradd --system --gid qpc --no-create-home --shell /usr/sbin/nologin qpc \
+    && mkdir -p /var/lib/quicprochat \
+    && chown qpc:qpc /var/lib/quicprochat
 
 EXPOSE 7000
 
-VOLUME ["/var/lib/quicproquo"]
+VOLUME ["/var/lib/quicprochat"]
 
 ENV RUST_LOG=info \
-    QPQ_LISTEN=0.0.0.0:7000 \
-    QPQ_DATA_DIR=/var/lib/quicproquo \
-    QPQ_TLS_CERT=/var/lib/quicproquo/server-cert.der \
-    QPQ_TLS_KEY=/var/lib/quicproquo/server-key.der \
-    QPQ_PRODUCTION=true
+    QPC_LISTEN=0.0.0.0:7000 \
+    QPC_DATA_DIR=/var/lib/quicprochat \
+    QPC_TLS_CERT=/var/lib/quicprochat/server-cert.der \
+    QPC_TLS_KEY=/var/lib/quicprochat/server-key.der \
+    QPC_PRODUCTION=true
 
 HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
-    CMD test -f /var/lib/quicproquo/server-cert.der || exit 1
+    CMD test -f /var/lib/quicprochat/server-cert.der || exit 1
 
-USER qpq
+USER qpc
 
-CMD ["qpq-server"]
+CMD ["qpc-server"]
 ```
 
 Key characteristics:
 
 - **Minimal image**: No Rust toolchain, no build tools, no `protoc` binary.
 - **`ca-certificates`**: Included for future HTTPS calls (e.g., ACME certificate provisioning).
-- **Dedicated user**: The container runs as the `qpq` system user (not `root`) for defense in depth.
-- **Named volume**: `/var/lib/quicproquo` is declared as a `VOLUME` for data persistence.
-- **`QPQ_PRODUCTION=true`**: The runtime image defaults to production mode, requiring pre-existing TLS certificates and a strong auth token.
+- **Dedicated user**: The container runs as the `qpc` system user (not `root`) for defense in depth.
+- **Named volume**: `/var/lib/quicprochat` is declared as a `VOLUME` for data persistence.
+- **`QPC_PRODUCTION=true`**: The runtime image defaults to production mode, requiring pre-existing TLS certificates and a strong auth token.
 
 ---
 
@@ -153,7 +153,7 @@ services:
   server:
     # ... existing config ...
     volumes:
-      - server-data:/var/lib/quicproquo
+      - server-data:/var/lib/quicprochat
 
 volumes:
   server-data:
@@ -165,13 +165,13 @@ Or use a bind mount for easier inspection:
 mkdir -p ./server-data
 
 docker run -d \
-  --name quicproquo \
+  --name quicprochat \
   -p 7000:7000/udp \
-  -v "$(pwd)/server-data:/var/lib/quicproquo" \
-  -e QPQ_ALLOW_INSECURE_AUTH=true \
-  -e QPQ_PRODUCTION=false \
+  -v "$(pwd)/server-data:/var/lib/quicprochat" \
+  -e QPC_ALLOW_INSECURE_AUTH=true \
+  -e QPC_PRODUCTION=false \
   -e RUST_LOG=info \
-  qpq-server
+  qpc-server
 ```
 
 Without a volume, all server state (including TLS certificates and message queues) is lost when the container is removed. The server will generate a new self-signed certificate on each fresh start, which means clients will need the new certificate to connect.
@@ -183,19 +183,19 @@ Without a volume, all server state (including TLS certificates and message queue
 To build the Docker image without starting a container:
 
 ```bash
-docker build -t qpq-server -f docker/Dockerfile .
+docker build -t qpc-server -f docker/Dockerfile .
 ```
 
 To run it in development mode (without production validation):
 
 ```bash
 docker run -d \
-  --name quicproquo \
+  --name quicprochat \
   -p 7000:7000/udp \
-  -e QPQ_ALLOW_INSECURE_AUTH=true \
-  -e QPQ_PRODUCTION=false \
+  -e QPC_ALLOW_INSECURE_AUTH=true \
+  -e QPC_PRODUCTION=false \
   -e RUST_LOG=info \
-  qpq-server
+  qpc-server
 ```
 
 ---
@@ -206,15 +206,15 @@ When the server runs in Docker with `docker compose up`, the client can connect
 
 ```bash
 # Extract the server's TLS cert from the container volume
-docker compose cp server:/var/lib/quicproquo/server-cert.der ./data/server-cert.der
+docker compose cp server:/var/lib/quicprochat/server-cert.der ./data/server-cert.der
 
 # Connect
-cargo run -p quicproquo-client -- ping \
+cargo run -p quicprochat-client -- ping \
   --ca-cert ./data/server-cert.der \
   --server-name localhost
 ```
 
-If you mounted a bind volume (e.g., `./server-data:/var/lib/quicproquo`), the certificate is directly accessible at `./server-data/server-cert.der`.
+If you mounted a bind volume (e.g., `./server-data:/var/lib/quicprochat`), the certificate is directly accessible at `./server-data/server-cert.der`.
 
 ---