chore: fix all clippy warnings across workspace

crates/quicproquo-client/src/client/commands.rs

@@ -1376,12 +1376,12 @@ pub fn cmd_export(
 ///
 /// Prints a summary. Does not require the encryption password (structural check only).
 pub fn cmd_export_verify(input: &Path) -> anyhow::Result<()> {
-    use quicproquo_core::{verify_transcript_chain, ChainVerdict};
+    use quicproquo_core::{validate_transcript_structure, ChainVerdict};
 
     let data = std::fs::read(input)
         .with_context(|| format!("read transcript file '{}'", input.display()))?;
 
-    match verify_transcript_chain(&data)? {
+    match validate_transcript_structure(&data)? {
         ChainVerdict::Ok { records } => {
             println!(
                 "OK: transcript '{}' is structurally valid. {} record(s) found, hash chain intact.",

crates/quicproquo-client/src/client/conversation.rs

@@ -169,6 +169,7 @@ impl ConversationStore {
 
         let salt = get_or_create_salt(&salt_path)?;
         let key = derive_convdb_key(password, &salt)?;
+        #[allow(clippy::needless_borrows_for_generic_args)]
         let hex_key = Zeroizing::new(hex::encode(&*key));
 
         let conn = Connection::open(db_path).context("open conversation db")?;
@@ -188,6 +189,7 @@ impl ConversationStore {
     ) -> anyhow::Result<()> {
         let salt = get_or_create_salt(salt_path)?;
         let key = derive_convdb_key(password, &salt)?;
+        #[allow(clippy::needless_borrows_for_generic_args)]
         let hex_key = Zeroizing::new(hex::encode(&*key));
 
         let enc_path = db_path.with_extension("convdb-enc");

crates/quicproquo-client/src/client/repl.rs

@@ -914,11 +914,11 @@ fn parse_duration_secs(s: &str) -> Option<u32> {
 
 /// Format a TTL in seconds into a human-friendly string.
 fn format_ttl(secs: u32) -> String {
-    if secs >= 86400 && secs % 86400 == 0 {
+    if secs >= 86400 && secs.is_multiple_of(86400) {
         format!("{} day(s)", secs / 86400)
-    } else if secs >= 3600 && secs % 3600 == 0 {
+    } else if secs >= 3600 && secs.is_multiple_of(3600) {
         format!("{} hour(s)", secs / 3600)
-    } else if secs >= 60 && secs % 60 == 0 {
+    } else if secs >= 60 && secs.is_multiple_of(60) {
         format!("{} minute(s)", secs / 60)
     } else {
         format!("{} second(s)", secs)

crates/quicproquo-client/src/client/retry.rs

@@ -85,6 +85,7 @@ pub fn anyhow_is_retriable(err: &anyhow::Error) -> bool {
 }
 
 #[cfg(test)]
+#[allow(clippy::unwrap_used)]
 mod tests {
     use super::*;
 

crates/quicproquo-client/src/client/rpc.rs

@@ -152,7 +152,7 @@ pub fn set_auth(auth: &mut auth::Builder<'_>) -> anyhow::Result<()> {
         )
     })?;
     auth.set_version(ctx.version);
-    auth.set_access_token(&*ctx.access_token);
+    auth.set_access_token(&ctx.access_token);
     auth.set_device_id(&ctx.device_id);
     Ok(())
 }

crates/quicproquo-client/src/client/state.rs

@@ -217,6 +217,7 @@ pub fn sha256(bytes: &[u8]) -> Vec<u8> {
 }
 
 #[cfg(test)]
+#[allow(clippy::unwrap_used)]
 mod tests {
     use super::*;
 

crates/quicproquo-client/src/client/token_cache.rs

@@ -93,6 +93,7 @@ pub fn clear_cached_session(state_path: &Path) {
 }
 
 #[cfg(test)]
+#[allow(clippy::unwrap_used)]
 mod tests {
     use super::*;
 

crates/quicproquo-client/tests/e2e.rs

@@ -1,5 +1,7 @@
 // cargo_bin! only works for current package's binary; we spawn qpq-server from another package.
 #![allow(deprecated)]
+#![allow(clippy::unwrap_used)]
+#![allow(clippy::await_holding_lock)] // AUTH_LOCK intentionally held across await to serialize tests
 
 use std::{path::PathBuf, process::Command, sync::Mutex, time::Duration};
 
@@ -8,7 +10,6 @@ use portpicker::pick_unused_port;
 use rand::RngCore;
 use tempfile::TempDir;
 use tokio::time::sleep;
-use hex;
 
 // Required by rustls 0.23 when QUIC/TLS is used from this process (e.g. client in test).
 fn ensure_rustls_provider() {
@@ -46,7 +47,7 @@ impl Drop for ChildGuard {
     }
 }
 
-async fn wait_for_health(server: &str, ca_cert: &PathBuf, server_name: &str) -> anyhow::Result<()> {
+async fn wait_for_health(server: &str, ca_cert: &std::path::Path, server_name: &str) -> anyhow::Result<()> {
     let local = tokio::task::LocalSet::new();
     for _ in 0..30 {
         if local
@@ -1090,7 +1091,7 @@ async fn e2e_key_rotation_update_path() -> anyhow::Result<()> {
 
     let alice_seed = bincode::deserialize::<StoredStateCompat>(&std::fs::read(&alice_state)?)?.identity_seed;
     let bob_seed = bincode::deserialize::<StoredStateCompat>(&std::fs::read(&bob_state)?)?.identity_seed;
-    let alice_pk = IdentityKeypair::from_seed(alice_seed).public_key_bytes().to_vec();
+    let _alice_pk = IdentityKeypair::from_seed(alice_seed).public_key_bytes().to_vec();
     let bob_pk = IdentityKeypair::from_seed(bob_seed).public_key_bytes().to_vec();
     let bob_pk_hex = hex_encode(&bob_pk);
 
@@ -1372,7 +1373,7 @@ async fn e2e_file_upload_download() -> anyhow::Result<()> {
 
     // Build 2 KB of known data.
     let pattern = b"hello-world-file-test\n";
-    let repeat_count = (2048 + pattern.len() - 1) / pattern.len();
+    let repeat_count = 2048_usize.div_ceil(pattern.len());
     let file_data: Vec<u8> = pattern.iter().copied().cycle().take(repeat_count * pattern.len()).collect();
     let file_data = &file_data[..2048]; // exactly 2 KB
 
@@ -1472,7 +1473,7 @@ async fn e2e_file_upload_download() -> anyhow::Result<()> {
         .await?;
 
     anyhow::ensure!(
-        partial == &file_data[100..300],
+        partial == file_data[100..300],
         "partial download [100..300] does not match expected slice"
     );