chore: rename project quicnprotochat -> quicproquo (binaries: qpq)

Rename the entire workspace:
- Crate packages: quicnprotochat-{core,proto,server,client,gui,p2p,mobile} -> quicproquo-*
- Binary names: quicnprotochat -> qpq, quicnprotochat-server -> qpq-server,
  quicnprotochat-gui -> qpq-gui
- Default files: *-state.bin -> qpq-state.bin, *-server.toml -> qpq-server.toml,
  *.db -> qpq.db
- Environment variable prefix: QUICNPROTOCHAT_* -> QPQ_*
- App identifier: chat.quicnproto.gui -> chat.quicproquo.gui
- Proto package: quicnprotochat.bench -> quicproquo.bench
- All documentation, Docker, CI, and script references updated

HKDF domain-separation strings and P2P ALPN remain unchanged for
backward compatibility with existing encrypted state and wire protocol.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

crates/quicproquo-client/src/lib.rs

@@ -0,0 +1,68 @@
+//! quicproquo CLI client library.
+//!
+//! # KeyPackage expiry and refresh
+//!
+//! KeyPackages are single-use (consumed when someone fetches them for an invite) and the server
+//! may enforce a TTL (e.g. 24 hours). To stay invitable, run `qpq refresh-keypackage`
+//! periodically (e.g. before the server TTL) or after your KeyPackage was consumed:
+//!
+//! ```bash
+//! qpq refresh-keypackage --state qpq-state.bin --server 127.0.0.1:7000
+//! ```
+//!
+//! Use the same `--access-token` (or `QPQ_ACCESS_TOKEN`) as for other authenticated
+//! commands. See the [running-the-client](https://docs.quicproquo.dev/getting-started/running-the-client)
+//! docs for details.
+
+use std::sync::RwLock;
+
+pub mod client;
+
+pub use client::commands::{
+    cmd_chat, cmd_check_key, cmd_create_group, cmd_demo_group, cmd_fetch_key, cmd_health,
+    cmd_health_json, cmd_invite, cmd_join, cmd_login, cmd_ping, cmd_recv, cmd_register,
+    cmd_register_state, cmd_refresh_keypackage, cmd_register_user, cmd_send, cmd_whoami,
+    receive_pending_plaintexts, whoami_json,
+};
+
+pub use client::repl::run_repl;
+pub use client::rpc::{connect_node, enqueue, fetch_wait};
+
+// Global auth context — RwLock so the REPL can set it after OPAQUE login.
+pub(crate) static AUTH_CONTEXT: RwLock<Option<ClientAuth>> = RwLock::new(None);
+
+#[derive(Clone, Debug)]
+pub struct ClientAuth {
+    pub(crate) version: u16,
+    pub(crate) access_token: Vec<u8>,
+    pub(crate) device_id: Vec<u8>,
+}
+
+impl ClientAuth {
+    /// Build a client auth context from optional token and device id.
+    pub fn from_parts(access_token: String, device_id: Option<String>) -> Self {
+        let token = access_token.into_bytes();
+        let device = device_id.unwrap_or_default().into_bytes();
+        Self {
+            version: 1,
+            access_token: token,
+            device_id: device,
+        }
+    }
+
+    /// Build from raw token bytes (e.g. a 32-byte OPAQUE session token).
+    pub fn from_raw(raw_token: Vec<u8>, device_id: Option<String>) -> Self {
+        let device = device_id.unwrap_or_default().into_bytes();
+        Self {
+            version: 1,
+            access_token: raw_token,
+            device_id: device,
+        }
+    }
+}
+
+/// Set (or replace) the global auth context.
+pub fn init_auth(ctx: ClientAuth) {
+    let mut guard = AUTH_CONTEXT.write().expect("AUTH_CONTEXT poisoned");
+    *guard = Some(ctx);
+}