chore: rename quicproquo → quicprochat in docs, Docker, CI, and packaging

Rename all project references from quicproquo/qpq to quicprochat/qpc
across documentation, Docker configuration, CI workflows, packaging
scripts, operational configs, and build tooling.

- Docker: crate paths, binary names, user/group, data dirs, env vars
- CI: workflow crate references, binary names, artifact names
- Docs: all markdown files under docs/, SDK READMEs, book.toml
- Packaging: OpenWrt Makefile, init script, UCI config (file renames)
- Scripts: justfile, dev-shell, screenshot, cross-compile, ai_team
- Operations: Prometheus config, alert rules, Grafana dashboard
- Config: .env.example (QPQ_* → QPC_*), CODEOWNERS paths
- Top-level: README, CONTRIBUTING, ROADMAP, CLAUDE.md

docs/src/protocol-layers/capn-proto.md

@@ -1,6 +1,6 @@
 # Protobuf Framing
 
-quicproquo v2 uses a custom binary framing protocol layered over QUIC bidirectional streams. Message payloads are serialised with Protocol Buffers (Protobuf) via the `prost` crate. The framing layer (implemented in `quicproquo-rpc`) adds a compact fixed-size header that carries the method ID, request correlation ID, and payload length -- enabling zero-copy dispatch without a separate length-delimited codec.
+quicprochat v2 uses a custom binary framing protocol layered over QUIC bidirectional streams. Message payloads are serialised with Protocol Buffers (Protobuf) via the `prost` crate. The framing layer (implemented in `quicprochat-rpc`) adds a compact fixed-size header that carries the method ID, request correlation ID, and payload length -- enabling zero-copy dispatch without a separate length-delimited codec.
 
 This page covers the three frame types, the method ID dispatch table, status codes, push event delivery, and the Protobuf schema organisation.
 
@@ -105,7 +105,7 @@ The `status` byte in a Response frame carries one of the following values:
 
 ## Method IDs
 
-All 44 RPC method IDs are defined in `crates/quicproquo-proto/src/lib.rs` in the `method_ids` module. The numeric ranges group related methods by service category.
+All 44 RPC method IDs are defined in `crates/quicprochat-proto/src/lib.rs` in the `method_ids` module. The numeric ranges group related methods by service category.
 
 ### Auth (100-103)
 
@@ -230,7 +230,7 @@ All 44 RPC method IDs are defined in `crates/quicproquo-proto/src/lib.rs` in the
 
 ## Push Event Types
 
-Server-to-client push events are delivered on QUIC uni-streams using the Push frame format. Event types are defined alongside method IDs in `quicproquo-proto/src/lib.rs`:
+Server-to-client push events are delivered on QUIC uni-streams using the Push frame format. Event types are defined alongside method IDs in `quicprochat-proto/src/lib.rs`:
 
 | Value | Event | Description |
 |-------|-------|-------------|
@@ -261,7 +261,7 @@ This allows many concurrent RPCs on a single QUIC connection without head-of-lin
 
 ## Protobuf Schema Organisation
 
-All message types are defined in `proto/qpq/v1/`:
+All message types are defined in `proto/qpc/v1/`:
 
 | File | Contents |
 |---|---|
@@ -280,22 +280,22 @@ All message types are defined in `proto/qpq/v1/`:
 | `p2p.proto` | P2P endpoints, health |
 | `federation.proto` | Cross-server relay |
 
-All `.proto` files use `package qpq.v1;` and are compiled to Rust at build time using `prost-build` via the `quicproquo-proto` crate's `build.rs`. The `protobuf-src` crate vendors `protoc`, so no system-wide `protoc` installation is required.
+All `.proto` files use `package qpc.v1;` and are compiled to Rust at build time using `prost-build` via the `quicprochat-proto` crate's `build.rs`. The `protobuf-src` crate vendors `protoc`, so no system-wide `protoc` installation is required.
 
 Generated Rust types are accessed via:
 
 ```rust
-use quicproquo_proto::qpq::v1::{EnqueueRequest, FetchResponse, /* ... */};
-use quicproquo_proto::method_ids::{ENQUEUE, FETCH, /* ... */};
+use quicprochat_proto::qpc::v1::{EnqueueRequest, FetchResponse, /* ... */};
+use quicprochat_proto::method_ids::{ENQUEUE, FETCH, /* ... */};
 ```
 
 ---
 
-## Design Constraints of `quicproquo-proto`
+## Design Constraints of `quicprochat-proto`
 
-The `quicproquo-proto` crate enforces three constraints:
+The `quicprochat-proto` crate enforces three constraints:
 
-1. **No crypto**: Key material never enters this crate. All encryption and signing happens in `quicproquo-core`.
+1. **No crypto**: Key material never enters this crate. All encryption and signing happens in `quicprochat-core`.
 2. **No I/O**: Callers own the transport. This crate only converts between bytes and types.
 3. **No async**: Pure synchronous data-layer code. Async is the caller's responsibility.
 

docs/src/protocol-layers/hybrid-kem.md

@@ -1,8 +1,8 @@
 # Hybrid KEM: X25519 + ML-KEM-768
 
-quicproquo implements a hybrid Key Encapsulation Mechanism that combines classical X25519 Diffie-Hellman with post-quantum ML-KEM-768 (FIPS 203). The hybrid construction ensures that the system remains secure even if one of the two components is broken: X25519 protects against failures in ML-KEM, and ML-KEM protects against quantum computers breaking X25519.
+quicprochat implements a hybrid Key Encapsulation Mechanism that combines classical X25519 Diffie-Hellman with post-quantum ML-KEM-768 (FIPS 203). The hybrid construction ensures that the system remains secure even if one of the two components is broken: X25519 protects against failures in ML-KEM, and ML-KEM protects against quantum computers breaking X25519.
 
-The implementation lives in `quicproquo-core/src/hybrid_kem.rs`. It is fully implemented and tested but **not yet integrated into the MLS ciphersuite** -- integration is planned for the M5 milestone. Currently, the module can be used as a standalone envelope encryption layer to wrap MLS payloads in an outer post-quantum-resistant encryption before they transit the network.
+The implementation lives in `quicprochat-core/src/hybrid_kem.rs`. It is fully implemented and tested but **not yet integrated into the MLS ciphersuite** -- integration is planned for the M5 milestone. Currently, the module can be used as a standalone envelope encryption layer to wrap MLS payloads in an outer post-quantum-resistant encryption before they transit the network.
 
 ## Design approach
 
@@ -70,8 +70,8 @@ The two shared secrets are combined via HKDF-SHA256 with domain separation:
 ikm  = X25519_shared_secret(32 bytes) || ML-KEM_shared_secret(32 bytes)
 salt = [] (empty)
 
-key   = HKDF-SHA256(salt, ikm, info="quicproquo-hybrid-v1",       L=32)
-nonce = HKDF-SHA256(salt, ikm, info="quicproquo-hybrid-nonce-v1", L=12)
+key   = HKDF-SHA256(salt, ikm, info="quicprochat-hybrid-v1",       L=32)
+nonce = HKDF-SHA256(salt, ikm, info="quicprochat-hybrid-nonce-v1", L=12)
 ```
 
 The implementation in `derive_aead_material()`:
@@ -85,10 +85,10 @@ fn derive_aead_material(x25519_ss: &[u8], mlkem_ss: &[u8]) -> (Key, Nonce) {
     let hk = Hkdf::<Sha256>::new(None, &ikm);
 
     let mut key_bytes = Zeroizing::new([0u8; 32]);
-    hk.expand(b"quicproquo-hybrid-v1", &mut *key_bytes).unwrap();
+    hk.expand(b"quicprochat-hybrid-v1", &mut *key_bytes).unwrap();
 
     let mut nonce_bytes = [0u8; 12];
-    hk.expand(b"quicproquo-hybrid-nonce-v1", &mut nonce_bytes).unwrap();
+    hk.expand(b"quicprochat-hybrid-nonce-v1", &mut nonce_bytes).unwrap();
 
     (*Key::from_slice(&*key_bytes), *Nonce::from_slice(&nonce_bytes))
 }
@@ -273,7 +273,7 @@ The AEAD nonce is derived deterministically from the shared secrets via HKDF. Si
 
 ## Further reading
 
-- [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md) -- Broader discussion of quicproquo's PQ strategy.
+- [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md) -- Broader discussion of quicprochat's PQ strategy.
 - [MLS (RFC 9420)](mls.md) -- The MLS layer that the hybrid KEM will wrap.
 - [Key Lifecycle and Zeroization](../cryptography/key-lifecycle.md) -- How hybrid key material is managed and cleared.
 - [Threat Model](../cryptography/threat-model.md) -- Where hybrid KEM fits in the overall threat model.

docs/src/protocol-layers/mls.md

@@ -1,8 +1,8 @@
 # MLS (RFC 9420)
 
-The Messaging Layer Security protocol (RFC 9420) is the core cryptographic layer in quicproquo. It provides authenticated group key agreement with forward secrecy and post-compromise security -- properties that distinguish quicproquo from a simple transport-encrypted relay. This is the most detailed page in the Protocol Deep Dives section because MLS is the most complex layer in the stack.
+The Messaging Layer Security protocol (RFC 9420) is the core cryptographic layer in quicprochat. It provides authenticated group key agreement with forward secrecy and post-compromise security -- properties that distinguish quicprochat from a simple transport-encrypted relay. This is the most detailed page in the Protocol Deep Dives section because MLS is the most complex layer in the stack.
 
-The implementation lives in `quicproquo-core/src/group.rs` and `quicproquo-core/src/keystore.rs`, using the `openmls 0.5` crate.
+The implementation lives in `quicprochat-core/src/group.rs` and `quicprochat-core/src/keystore.rs`, using the `openmls 0.5` crate.
 
 ## Background: what problem MLS solves
 
@@ -21,7 +21,7 @@ MLS takes a fundamentally different approach: it uses a **ratchet tree** (a bina
 
 ## Ciphersuite
 
-quicproquo uses:
+quicprochat uses:
 
 ```text
 MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519
@@ -38,7 +38,7 @@ This ciphersuite provides 128-bit classical security. Post-quantum protection is
 
 ## The `GroupMember` state machine
 
-The central type is `GroupMember`, defined in `quicproquo-core/src/group.rs`. It wraps an openmls `MlsGroup`, a persistent crypto backend (`StoreCrypto`), and the user's long-term Ed25519 identity keypair.
+The central type is `GroupMember`, defined in `quicprochat-core/src/group.rs`. It wraps an openmls `MlsGroup`, a persistent crypto backend (`StoreCrypto`), and the user's long-term Ed25519 identity keypair.
 
 ### Lifecycle diagram
 
@@ -135,7 +135,7 @@ pub fn create_group(&mut self, group_id: &[u8]) -> Result<(), CoreError>
 Creates a new MLS group at epoch 0 with the caller as the sole member.
 
 **Parameters:**
-- `group_id`: Any non-empty byte string. By convention, quicproquo uses the SHA-256 digest of a human-readable group name.
+- `group_id`: Any non-empty byte string. By convention, quicprochat uses the SHA-256 digest of a human-readable group name.
 
 **What happens internally:**
 
@@ -259,7 +259,7 @@ Processes an incoming TLS-encoded MLS message.
 
 ## The `StoreCrypto` backend
 
-The `StoreCrypto` struct (in `quicproquo-core/src/keystore.rs`) implements `OpenMlsCryptoProvider`, which openmls requires for all cryptographic operations:
+The `StoreCrypto` struct (in `quicprochat-core/src/keystore.rs`) implements `OpenMlsCryptoProvider`, which openmls requires for all cryptographic operations:
 
 ```rust
 pub struct StoreCrypto {
@@ -318,11 +318,11 @@ KeyPackageIn::tls_deserialize(&mut bytes.as_ref())?
 
 ### Feature-gated methods
 
-Several convenient methods (`into_welcome()`, `into_protocol_message()`) are feature-gated behind openmls feature flags that quicproquo does not enable. The workaround is to use `msg_in.extract()` and pattern-match on the `MlsMessageInBody` enum variants.
+Several convenient methods (`into_welcome()`, `into_protocol_message()`) are feature-gated behind openmls feature flags that quicprochat does not enable. The workaround is to use `msg_in.extract()` and pattern-match on the `MlsMessageInBody` enum variants.
 
 ### MlsGroup is not Send
 
-`MlsGroup` holds internal state that may not be `Send` depending on the crypto backend. In quicproquo, `StoreCrypto` uses `RwLock` (which is `Send + Sync`), so `GroupMember` is `Send`. However, all MLS operations must use the same backend instance, so `GroupMember` should not be cloned across tasks.
+`MlsGroup` holds internal state that may not be `Send` depending on the crypto backend. In quicprochat, `StoreCrypto` uses `RwLock` (which is `Send + Sync`), so `GroupMember` is `Send`. However, all MLS operations must use the same backend instance, so `GroupMember` should not be cloned across tasks.
 
 ## Ratchet tree embedding
 
@@ -335,7 +335,7 @@ The trade-off:
 - **Pro**: No need for a separate tree distribution service or additional round-trips.
 - **Con**: Welcome messages grow with the group size (O(n log n) for a balanced tree of n members).
 
-For quicproquo's target group sizes (2-100 members), this trade-off is acceptable.
+For quicprochat's target group sizes (2-100 members), this trade-off is acceptable.
 
 ## Wire format
 
@@ -386,7 +386,7 @@ The following sequence shows a complete Alice-and-Bob scenario, matching the `tw
 
 ## Credential model
 
-quicproquo uses MLS `Basic` credentials. The credential body is the raw Ed25519 public key bytes (32 bytes), and the `signature_key` is the same public key:
+quicprochat uses MLS `Basic` credentials. The credential body is the raw Ed25519 public key bytes (32 bytes), and the `signature_key` is the same public key:
 
 ```rust
 let credential = Credential::new(

docs/src/protocol-layers/overview.md

@@ -1,6 +1,6 @@
 # Protocol Layers Overview
 
-quicproquo composes four distinct protocol layers into a single security stack. Each layer addresses a specific class of threat and delegates everything else to the layers above or below it. No single layer is sufficient on its own; the composition is what delivers end-to-end confidentiality, server authentication, forward secrecy, post-compromise security, and post-quantum resistance.
+quicprochat composes four distinct protocol layers into a single security stack. Each layer addresses a specific class of threat and delegates everything else to the layers above or below it. No single layer is sufficient on its own; the composition is what delivers end-to-end confidentiality, server authentication, forward secrecy, post-compromise security, and post-quantum resistance.
 
 This page provides a high-level comparison and a suggested reading order. The deep-dive pages that follow contain implementation details drawn directly from the source code.
 
@@ -9,7 +9,7 @@ This page provides a high-level comparison and a suggested reading order. The de
 | Layer | Standard / Spec | Crate(s) | Security Properties |
 |---|---|---|---|
 | **QUIC + TLS 1.3** | RFC 9000, RFC 9001 | `quinn 0.11`, `rustls 0.23` | Transport confidentiality, server authentication, 0-RTT resumption |
-| **Protobuf framing** | Custom binary header + [Protocol Buffers](https://protobuf.dev/) | `quicproquo-rpc`, `prost 0.13` | Typed length-prefixed frames, method dispatch, push events, status codes |
+| **Protobuf framing** | Custom binary header + [Protocol Buffers](https://protobuf.dev/) | `quicprochat-rpc`, `prost 0.13` | Typed length-prefixed frames, method dispatch, push events, status codes |
 | **MLS** | [RFC 9420](https://www.rfc-editor.org/rfc/rfc9420.html) | `openmls 0.5` | Group key agreement, forward secrecy, post-compromise security (PCS) |
 | **Hybrid KEM** | [draft-ietf-tls-hybrid-design](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) | `ml-kem 0.2`, `x25519-dalek 2` | Post-quantum resistance via ML-KEM-768 combined with X25519 |
 
@@ -48,7 +48,7 @@ The pages in this section are ordered to build understanding incrementally:
 
 1. **[QUIC + TLS 1.3](quic-tls.md)** -- Start here. This is the transport layer that every client-server connection uses. Understanding QUIC stream multiplexing and the TLS 1.3 handshake is prerequisite to understanding how the Protobuf framing protocol rides on top.
 
-2. **[MLS (RFC 9420)](mls.md)** -- The core cryptographic innovation. MLS provides the group key agreement that makes quicproquo an E2E encrypted group messenger rather than just a transport-encrypted relay. This is the longest and most detailed page.
+2. **[MLS (RFC 9420)](mls.md)** -- The core cryptographic innovation. MLS provides the group key agreement that makes quicprochat an E2E encrypted group messenger rather than just a transport-encrypted relay. This is the longest and most detailed page.
 
 3. **[Protobuf Framing](capn-proto.md)** -- The framing and RPC layer that bridges MLS application data with the transport. Understanding the three frame types (Request, Response, Push), the method ID dispatch table, and status codes is essential for reading the server and client source code.
 
@@ -71,10 +71,10 @@ Each protocol layer maps to one or more workspace crates:
 
 | Layer | Primary Crate | Source File(s) |
 |---|---|---|
-| QUIC + TLS 1.3 | `quicproquo-server`, `quicproquo-client` | Server and client entry points |
-| Protobuf framing | `quicproquo-rpc` | `src/framing.rs`, `src/server.rs`, `src/client.rs` |
-| Protobuf types + method IDs | `quicproquo-proto` | `src/lib.rs` (method_ids), `proto/qpq/v1/*.proto` |
-| MLS | `quicproquo-core` | `src/group.rs`, `src/keystore.rs` |
-| Hybrid KEM | `quicproquo-core` | `src/hybrid_kem.rs` |
+| QUIC + TLS 1.3 | `quicprochat-server`, `quicprochat-client` | Server and client entry points |
+| Protobuf framing | `quicprochat-rpc` | `src/framing.rs`, `src/server.rs`, `src/client.rs` |
+| Protobuf types + method IDs | `quicprochat-proto` | `src/lib.rs` (method_ids), `proto/qpc/v1/*.proto` |
+| MLS | `quicprochat-core` | `src/group.rs`, `src/keystore.rs` |
+| Hybrid KEM | `quicprochat-core` | `src/hybrid_kem.rs` |
 
 For a full crate responsibility breakdown, see [Crate Responsibilities](../architecture/crate-responsibilities.md).

docs/src/protocol-layers/quic-tls.md

@@ -1,6 +1,6 @@
 # QUIC + TLS 1.3
 
-quicproquo uses QUIC (RFC 9000) with mandatory TLS 1.3 (RFC 9001) as its transport layer. This page explains how the `quinn` and `rustls` crates are integrated and what security properties the transport provides.
+quicprochat uses QUIC (RFC 9000) with mandatory TLS 1.3 (RFC 9001) as its transport layer. This page explains how the `quinn` and `rustls` crates are integrated and what security properties the transport provides.
 
 ## Why QUIC
 
@@ -15,11 +15,11 @@ QUIC provides several advantages over traditional TCP-based transports:
 
 ## Crate integration
 
-quicproquo uses the following crates for QUIC and TLS:
+quicprochat uses the following crates for QUIC and TLS:
 
 - **`quinn 0.11`** -- The async QUIC implementation for Tokio. Provides `Endpoint`, `Connection`, and bidirectional/uni-directional stream types.
 - **`quinn-proto 0.11`** -- The protocol-level types, including `QuicServerConfig` and `QuicClientConfig` wrappers that bridge `rustls` into `quinn`.
-- **`rustls 0.23`** -- The TLS implementation. quicproquo uses it in strict TLS 1.3 mode with no fallback to TLS 1.2.
+- **`rustls 0.23`** -- The TLS implementation. quicprochat uses it in strict TLS 1.3 mode with no fallback to TLS 1.2.
 - **`rcgen 0.13`** -- Self-signed certificate generation for development and testing.
 
 ### Server configuration
@@ -30,7 +30,7 @@ The server builds its QUIC endpoint configuration with:
 let mut tls = rustls::ServerConfig::builder_with_protocol_versions(&[&TLS13])
     .with_no_client_auth()
     .with_single_cert(cert_chain, key)?;
-tls.alpn_protocols = vec![b"qpq".to_vec()];
+tls.alpn_protocols = vec![b"qpc".to_vec()];
 
 let crypto = QuicServerConfig::try_from(tls)?;
 Ok(ServerConfig::with_crypto(Arc::new(crypto)))
@@ -38,11 +38,11 @@ Ok(ServerConfig::with_crypto(Arc::new(crypto)))
 
 Key points:
 
-1. **TLS 1.3 strict mode**: `builder_with_protocol_versions(&[&TLS13])` ensures no TLS 1.2 fallback. This is a hard requirement: TLS 1.2 lacks the 0-RTT and full forward secrecy guarantees that quicproquo relies on.
+1. **TLS 1.3 strict mode**: `builder_with_protocol_versions(&[&TLS13])` ensures no TLS 1.2 fallback. This is a hard requirement: TLS 1.2 lacks the 0-RTT and full forward secrecy guarantees that quicprochat relies on.
 
 2. **No client certificate authentication**: `with_no_client_auth()` means the server does not verify client certificates at the TLS layer. Client authentication is handled at the application layer via OPAQUE password authentication and Ed25519 identity keys. This is a deliberate design choice -- OPAQUE provides stronger authentication properties than TLS client certificates without requiring PKI infrastructure.
 
-3. **ALPN negotiation**: The Application-Layer Protocol Negotiation extension is set to `b"qpq"`, advertising that this endpoint speaks the quicproquo v2 Protobuf framing protocol. Both client and server must agree on this protocol identifier or the TLS handshake fails.
+3. **ALPN negotiation**: The Application-Layer Protocol Negotiation extension is set to `b"qpc"`, advertising that this endpoint speaks the quicprochat v2 Protobuf framing protocol. Both client and server must agree on this protocol identifier or the TLS handshake fails.
 
 4. **`QuicServerConfig` bridge**: The `quinn-proto` crate provides `QuicServerConfig::try_from(tls)` to adapt the `rustls::ServerConfig` for use with QUIC. This handles the QUIC-specific TLS parameters (transport parameters, QUIC header protection keys) automatically.
 
@@ -57,7 +57,7 @@ roots.add(CertificateDer::from(cert_bytes))?;
 let mut tls = rustls::ClientConfig::builder_with_protocol_versions(&[&TLS13])
     .with_root_certificates(roots)
     .with_no_client_auth();
-tls.alpn_protocols = vec![b"qpq".to_vec()];
+tls.alpn_protocols = vec![b"qpc".to_vec()];
 
 let crypto = QuicClientConfig::try_from(tls)?;
 ```
@@ -89,11 +89,11 @@ Unlike the v1 Cap'n Proto RPC (which required `tokio::task::LocalSet` due to
 
 ## Certificate trust model
 
-quicproquo currently uses a **trust-on-first-use (TOFU)** model with self-signed certificates:
+quicprochat currently uses a **trust-on-first-use (TOFU)** model with self-signed certificates:
 
 1. On first start, the server generates a self-signed certificate using `rcgen::generate_simple_self_signed` with SANs for `localhost`, `127.0.0.1`, and `::1`.
 2. The certificate and private key are persisted to disk as DER files (default: `data/server-cert.der` and `data/server-key.der`).
-3. Clients must obtain the server's certificate file out-of-band and reference it via the `--ca-cert` flag or `QPQ_CA_CERT` environment variable.
+3. Clients must obtain the server's certificate file out-of-band and reference it via the `--ca-cert` flag or `QPC_CA_CERT` environment variable.
 
 This model is adequate for development and single-server deployments. The roadmap includes:
 
@@ -143,18 +143,18 @@ The QUIC + TLS 1.3 layer provides:
 
 | Environment Variable | CLI Flag | Default | Description |
 |---|---|---|---|
-| `QPQ_LISTEN` | `--listen` | `0.0.0.0:5001` | QUIC listen address |
-| `QPQ_TLS_CERT` | `--tls-cert` | `data/server-cert.der` | TLS certificate path |
-| `QPQ_TLS_KEY` | `--tls-key` | `data/server-key.der` | TLS private key path |
-| `QPQ_DATA_DIR` | `--data-dir` | `data` | Persistent storage directory |
+| `QPC_LISTEN` | `--listen` | `0.0.0.0:5001` | QUIC listen address |
+| `QPC_TLS_CERT` | `--tls-cert` | `data/server-cert.der` | TLS certificate path |
+| `QPC_TLS_KEY` | `--tls-key` | `data/server-key.der` | TLS private key path |
+| `QPC_DATA_DIR` | `--data-dir` | `data` | Persistent storage directory |
 
 ### Client
 
 | Environment Variable | CLI Flag | Default | Description |
 |---|---|---|---|
-| `QPQ_CA_CERT` | `--ca-cert` | `data/server-cert.der` | Server certificate to trust |
-| `QPQ_SERVER_NAME` | `--server-name` | `localhost` | Expected TLS server name (must match certificate SAN) |
-| `QPQ_SERVER` | `--server` | `127.0.0.1:5001` | Server address (per-subcommand) |
+| `QPC_CA_CERT` | `--ca-cert` | `data/server-cert.der` | Server certificate to trust |
+| `QPC_SERVER_NAME` | `--server-name` | `localhost` | Expected TLS server name (must match certificate SAN) |
+| `QPC_SERVER` | `--server` | `127.0.0.1:5001` | Server address (per-subcommand) |
 
 ## Further reading